Packet Storm's last 50 added files.
Last Updated: Fri Aug 29 12:08:02 EDT 2008


[ phpemlak-sql.txt ] 0d78a18e819716d1f441a5ad3024be3e Full PHP Emlak Script suffers from a remote SQL injection vulnerability in landsee.php.  
[ scip-dreambox.txt ] 249afecfcb2122f8d5df9de75eb67421 An input validation error within the web interface of Dreambox model DM500C allows for a denial of service condition.  
[ logmein-activex.txt ] e12c30e8f96bf5c07afba2181139dc26 LogMeIn remote access utility Active-X memory consumption denial of service exploit.  
[ najdisi-overflow.txt ] 4a245592d331db41db8244311ef61d31 Najdi.si Toolbar Active-X remote buffer overflow proof of concept exploit.  
[ ipb235-multi.txt ] a4f25aaae79e8aa14fd8d1ea7af1c1d9 Invision Power Board versions 2.3.5 and below remote exploit that brute forces, attempts IDS evasion, and more.  
[ hoagie_snoop.c ] 808193e9a074d86648b31609b4886635 Sun Solaris 8/9/10 and OpenSolaris versions below snv_96 snoop utility remote exploit.  
[ ZDI-08-054.txt ] d76ab9bcd5ffc3e70e7f81027f487560 A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.  
[ MDVSA-2008-181.txt ] 2d7f6108eed9a9dc420bf8b8ca56cdb7 Mandriva Linux Security Advisory - Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory. The updated packages have been patched to prevent these issues.  
[ kisgearth-0.01f.tar.bz2 ] b90a6b1724452a768c81af392dcff196 Kisgearth is a small perl script that gives you the ability to convert your Kismet xml logfiles to GoogleEarth kml files. You can apply a lot of filters and use sorting/ordering functions in order to get the best results.  
[ firefox301-exec.txt ] e5305be99ab1f77ca6497f785fd1274e Firefox version 3.0.1 (final release) suffers from an unspecified remote code execution vulnerability.  
[ OpenSSH-4.4p1-backdoored.tar.gz ] 192f15fe0fcea062231c3f66884c8f81 OpenSSH version 4.4p1 backdoor that logs all incoming and outgoing logins and password via the client and the daemon, adds a magic password for sshd, store passwords to an encrypted logfile, and disables logging if the magic password is used. Based on the Aion 3.8p1 patch.  
[ dotproject-sqlxss.txt ] 1b9c35808b2257054fb9d7ccb5a78d0c dotProject version 2.1.2 suffers from cross site scripting and SQL injection vulnerabilities.  
[ lynis-1.2.0.tar.gz ] 7b66c5c9f4febd9441c0cc63ded8c345 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. 
[ SSRT080118.txt ] 50243815f59ecafcedf99163c1ad9ff7 HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache. These vulnerabilities could be exploited remotely resulting in Cross Site Scripting (XSS) or Denial of Service (DoS).  
[ mercadolibre-xssrfi.txt ] 26ab2008a67c3c1880359d16155ec80f Mercadolibre.com suffers from cross site scripting and remote javascript insertion vulnerabilities.  
[ strongswan-4.2.6.tar.gz ] 918fa35839013b14bd4b972853aeedb4 strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships. 
[ friendly-exec.txt ] 4ca334d8cb11512389b2598b255c2e16 Friendly Technologies Active-X related remote command execution exploit that leverages fwRemoteCfg.dll.  
[ friendly-fwremotecfg.txt ] 89e10b34b9b9cc0ea532944e20fc1f6f Friendly Technologies Active-X remote buffer overflow exploit that leverages fwRemoteCfg.dll.  
[ acoustica-overflow.txt ] 88d4635a1cb1ff5e03e8fe080c837dd4 Acoustica Mixcraft versions 4.2 Build 98 and below mx4 file local buffer overflow exploit.  
[ USN-638-1.txt ] c3002bba563957c93b2edfad569c7c01 Ubuntu Security Notice 638-1 - Aaron Grattafiori discovered that the Gnome Help Viewer did not handle format strings correctly when displaying certain error messages. If a user were tricked into opening a specially crafted URI, a remote attacker could execute arbitrary code with user privileges.  
[ kyocera-traversal.txt ] b1469751eb65919a9b8435ad1055dc09 Kyocera Command Center suffers from a directory traversal vulnerability.  
[ searchengine-sql.txt ] 63fc260d89bd02c73d5d2647cb1356d3 Search Engine suffers from a remote SQL injection vulnerability in viewcat.php.  
[ igshopdisp-sql.txt ] e73b22fbec473ddd5750c3cbf0d66b60 iG Shop suffers from a remote SQL injection vulnerability in display_review.php.  
[ SSRT080106.txt ] a84ae83f38e250d72f3b90696e44be96 HP Security Bulletin - A potential security vulnerability has been identified in the HP Enterprise Discovery. The vulnerability could be exploited remotely by an authorized user to gain extended privileges.  
[ advchk-2.10.tar.gz ] 03bd5578fd6b1795710a9c67225040c3 Advchk (Advisory Check) reads security advisories so you do not have to. Advchk gathers security advisories using RSS feeds, compares them to a list of known services, and alerts you if you are vulnerable. Since adding hosts and services by hand would be quite a boring task, advchk leverages nmap for automatic service and version discovery.  
[ yourownbux-sql.txt ] 7e146c229cd2cc0ccbe6f6b868c695f2 YourOwnBux versions 3.1 and 3.2 Beta suffer from a remote SQL injection vulnerability.  
[ PLSA-2008-31.txt ] 89fde6963eee81805e587266f74bbffa Pardus Linux Security Advisory - A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.   
[ phpmyrealty109-sql.txt ] c5c0581e59881b0c55bafb406bc61e32 phpMyRealty versions 1.0.9 and below suffer from a remote SQL injection vulnerability in pages.php.  
[ ultra-overflow.txt ] 8efda1569b663b030992e1d6768813f9 Ultra Office Active-X Control remote buffer overflow exploit.  
[ ultra-corrupt.txt ] 3c538957caf9590d5e856cd27bf0f824 Ultra Office Active-X Control remote arbitrary file corruption exploit.  
[ MDVSA-2008-180-1.txt ] cee89e63538737ae53aedf3ab3fd7410 Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The original fix used to correct this issue caused some applications that used the libxml2 library to crash. These new updated packages use a different fix that does not cause certain linked applications to crash as the old packages did.  
[ fileutility.txt ] b9cc2a9b04bb9971365bc2eb05b812f3 This Metasploit exploit attacks multiple file manipulation vulnerabilities in the Kyocera Mita Scanner File Utility version 3.3.0.1.  
[ kyocera-upload.txt ] c188a08ce39e9da8719c911ff27e4178 The Kyocera Mita Scanner File Utility version 3.3.0.1 suffers from multiple file manipulation vulnerabilities.  
[ EMORY-2008-01.txt ] 46742f7d6234df7fa0b6c185fb2e534a Telartis's AWStats Totals versions 1.0 through 1.14 suffer from a remote code execution vulnerability.  
[ mybb1211-sql.txt ] 2b8c0145ecb2c5255a32519df1daeffe MyBulletinBoard (MyBB) versions 1.2.11 and below SQL injection exploit that leverages private.php.  
[ ifdate-sql.txt ] ea21be161b9c61655d9d93c6bb733611 iFdate versions 2.0.3 and below suffer from a SQL injection vulnerability.  
[ dsa-1631-2.txt ] f024501160502cc01f3a8a6951c7c361 Debian Security Advisory 1631-2 - The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported security problem.  
[ dsa-1632-1.txt ] 0e6569a1ce6eb08995b0101c1d463469 Debian Security Advisory 1632-1 - Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.  
[ thickboxgallery-disclose.txt ] 742dcf93f43279e1ee08f057327abcee Thickbox Gallery version 2 suffers from an administrative data disclosure vulnerability in admins.php.  
[ cmme-lfixsscsrf.txt ] a46f6ae035b9cb1477736efe43b4ed9a CMME version 1.12 suffers from local file inclusion, cross site scripting, cross site request forgery, and other vulnerabilities.  
[ simpgal-sql.txt ] c402f3afaca614ffeb393f9b84477b59 Simple Gallery ASP Script suffers from a remote SQL injection vulnerability.  
[ zoneminder-multi.txt ] d8bb2d877419e579e9d76b0f207b8425 ZoneMinder versions 1.23.3 and below suffer from command injection, SQL injection, and cross site scripting vulnerabilities.  
[ mvs-activex.txt ] 181f169f345f46154d1d9000c16aed1e Microsoft Visual Studio Active-X remote buffer overflow exploit that leverages Msmask32.ocx.  
[ hpsnh-xss.txt ] 10441eb7ff70f0b1f1b38bdfe4afb273 Further analysis regarding the HP System Management Homepage (SMH) cross site scripting vulnerability.  
[ zbreaknews-sql.txt ] a7eb6a2643b88223f58f0185eb07384d z-breaknews version 2.0 suffers from a remote SQL injection vulnerability in single.php.  
[ mininuke23-sql.txt ] 8e01430892a688f963f403b76a239c9a MiniNuke version 2.3 Freehost suffers from multiple remote SQL injection vulnerabilities.  
[ USN-637-1.txt ] 4ff77f698b3af8e2303260d5110f0d63 Ubuntu Security Notice 637-1 - It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service.  
[ krate-sqlxss.txt ] d26ac1ccd455e8908f757fa505552e5d K-Rate suffers from SQL injection and cross site scripting vulnerabilities.  
[ sphpblog-exec.txt ] f98e850f53affbab3ddff8216779f279 Simple PHP Blog (SPHPBlog) versions 0.5.1 and below code execution exploit.  
[ kolifadownload-sql.txt ] ef095920edf3cf084b22795e4d5e48f6 Kolifa.Net Download Script version 1.2 suffers from a remote SQL injection vulnerability.