http://packetstormsecurity.org/ 50 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/0905-exploits/flashquiz-sql.txt Flash Quiz Beta 2 suffers from multiple remote SQL injection vulnerabilities. http://packetstormsecurity.org/0905-exploits/groupwise-xss.txt Novell Groupwise Web Access suffers from multiple cross site scripting vulnerabilities. http://packetstormsecurity.org/0905-exploits/zaocms-disclose.txt ZaoCMS suffers from a remote file disclosure vulnerability in download.php. http://packetstormsecurity.org/0905-exploits/zaocms-insecure.txt ZaoCMS suffers from an insecure cookie handling vulnerability. http://packetstormsecurity.org/0905-exploits/articledir-blindsql.txt Article Directory suffers from a remote blind SQL injection vulnerability in page.php. http://packetstormsecurity.org/0905-advisories/MDVSA-2009-121.txt Mandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little CMS. A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel. A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file. This update provides fixes for these issues. http://packetstormsecurity.org/0905-advisories/MDVSA-2009-120.txt Mandriva Linux Security Advisory 2009-120 - Multiple security vulnerabilities has been identified and fixed in OpenSSL. The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. The updated packages have been patched to prevent this. http://packetstormsecurity.org/0905-exploits/articledirectory-sql.txt Article Directory suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/0905-exploits/jobscript-upload.txt Job Script version 2.0 suffers from an arbitrary shell upload vulnerability. http://packetstormsecurity.org/papers/bypass/Reverse_Engineering.pdf Whitepaper called Bypassing Authentication with Reverse Engineering in Linux x86. Written in French. http://packetstormsecurity.org/0905-exploits/aspinlinecc-sqlxss.txt ASP Inline Corporate Calendar suffers from cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/0905-exploits/vicidial-sql.txt Vicidial Call Center Suite suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/0905-advisories/DDIVRT-2009-25.txt The web interface on tcp port 8090 of IPsession suffers from a SQL injection vulnerability. http://packetstormsecurity.org/0905-exploits/chinagames-exec.txt ChinaGames Active-X related remote code execution exploit. http://packetstormsecurity.org/0905-exploits/baofeng-exec.txt BaoFeng Active-X related remote code execution exploit. http://packetstormsecurity.org/0905-exploits/msiiswebdav-bypass.txt Remote authentication bypass exploit for the WebDAV vulnerability in Microsoft IIS 6.0. http://packetstormsecurity.org/0905-advisories/05.19.09-1.txt iDefense Security Advisory 05.19.09 - Local exploitation of a file overwrite vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to overwrite arbitrary files and execute arbitrary code. The AIX libc implementation of malloc includes a debugging mechanism that is initiated by setting the MALLOCTYPE and MALLOCDEBUG environment variables. This debugging feature writes to a user-specified log file under certain conditions. There is a gap in time between the checks to see if the file is a symbolic link and the process of opening the file. If an attacker can change the file to be a symbolic link to another file within this time frame, it is possible to cause a set-uid binary to write to files owned by privileged users. iDefense confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3. Other versions may also be affected. http://packetstormsecurity.org/0905-exploits/CORE-2009-0109.txt Core Security Technologies Advisory - Several cross site scripting vulnerabilities were found in the following files/urls of the Sun Java System Communications Express system. http://packetstormsecurity.org/0905-advisories/cisco-sa-20090520-cw.txt Cisco Security Advisory - CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files. http://packetstormsecurity.org/0905-advisories/dsa-1804-1.txt Debian Security Advisory 1804-1 - Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures project identified the http://packetstormsecurity.org/0905-advisories/dsa-1803-1.txt Debian Security Advisory 1803-1 - Ilja van Sprundel discovered that a buffer overflow in NSD, an authoritative name service daemon, allowed to crash the server by sending a crafted packet, creating a denial of service. http://packetstormsecurity.org/0905-exploits/jorp-remove.txt Jorp version 1.3.05.09 suffers from an arbitrary removal of projects and tasks vulnerabilities. http://packetstormsecurity.org/0905-exploits/bspeak-sql.txt bSpeak version 1.10 suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/0905-exploits/javax.tgz Mac OS X Java applet deserialization proof of concept exploit. http://packetstormsecurity.org/0905-advisories/macosxjava-poc.txt Mac OS X suffers from a remote command execution vulnerability via a Java applet. http://packetstormsecurity.org/0905-exploits/phpap-bypass.txt PHP Article Publisher suffers from an arbitrary authentication bypass vulnerability. http://packetstormsecurity.org/0905-exploits/realtywebbase10-sql.txt Realty Web-Base version 1.0 suffers from a remote SQL injection vulnerability in list_list.php. http://packetstormsecurity.org/0905-exploits/nclinklist-exec.txt NC LinkList version 1.3.1 remote command injection exploit. http://packetstormsecurity.org/0905-exploits/ncgbook-exec.txt NC GBook version 1.0 remote command injection exploit. http://packetstormsecurity.org/0905-exploits/catviz-lfixss.txt Catviz 0.4.0b1 suffers from local file inclusion and cross site scripting vulnerabilities. http://packetstormsecurity.org/0905-exploits/exjune-reconfigure.txt exJune Officer Message System version 1 suffers from a direct access reconfiguration vulnerability. http://packetstormsecurity.org/0905-exploits/joomlacasino-sql.txt The Joomla Casino component version 0.3.1 suffers from multiple SQL injection vulnerabilities. http://packetstormsecurity.org/forensics/pdfresurrect-v0_5.tar.gz PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also scrub or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read. http://packetstormsecurity.org/0905-exploits/dmxregman-upload.txt DMXReady Registration Manager version 1.1 suffers from a remote shell upload vulnerability. http://packetstormsecurity.org/0905-exploits/galeri-sql.txt Galeri 1 suffers from a remote SQL injection vulnerability in galeri1.asp. http://packetstormsecurity.org/0905-advisories/USN-777-1.txt Ubuntu Security Notice USN-777-1 - A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. Chris Ries discovered a stack-based overflow in ntp. If ntp was configured to use autokey, a remote attacker could send a crafted packet to cause a denial of service, or possible execute arbitrary code. http://packetstormsecurity.org/0905-exploits/drupalrole-xss.txt The Drupal version 6.12 suffers from a cross site scripting vulnerability. This is to be taken with a grain of salt as administrative privileges are needed. http://packetstormsecurity.org/0905-advisories/ZDI-09-023.txt Zero Day Initiative Advisory 09-023 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw appears to exist in the ATSServer font server upon parsing of malicious Compact Font Format files. A boundary condition exists in the parsing of internal dictionaries that can lead to a memory corruption allowing the execution of arbitrary code. http://packetstormsecurity.org/0905-advisories/ZDI-09-022.txt Zero Day Initiative Advisory 09-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of malformed SVGLists via the SVGPathList data structure, the following lists are affected: SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, SVGLengthList. When a negative index argument is suppled to the insertItemBefore() method, a memory corruption occurs resulting in the ability to execute arbitrary code. http://packetstormsecurity.org/0905-exploits/dogpedigree-sql.txt Dog Pedigree Online Database version 1.0.1-Beta suffers from a blind SQL injection vulnerability. http://packetstormsecurity.org/0905-exploits/dogpedigree-insecure.txt Dog Pedigree Online Database version 1.0.1-Beta suffers from a SQL injection vulnerability in the way it handles cookies. http://packetstormsecurity.org/0905-exploits/mycolex-sqlxss.txt my-colex version 1.4.2 suffers from authentication bypass, remote SQL injection, and cross site scripting vulnerabilities. http://packetstormsecurity.org/0905-advisories/HPSBMA02427-SSRT090069.txt HP Security Bulletin - A potential security vulnerability has been identified with HP Remote Graphics Software (RGS) Sender running Easy Login. The vulnerability could be exploited remotely to gain unauthorized access. http://packetstormsecurity.org/0905-advisories/MDVSA-2009-119.txt Mandriva Linux Security Advisory 2009-119 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from an integer overflow to information leakage issues. http://packetstormsecurity.org/0905-advisories/MDVSA-2009-118.txt Mandriva Linux Security Advisory 2009-118 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from arbitrary signals, bypass flaws, and denial of service vulnerabilities. http://packetstormsecurity.org/0905-advisories/MDVSA-2009-117.txt Mandriva Linux Security Advisory 2009-117 - A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd. The updated packages have been patched to prevent this. http://packetstormsecurity.org/0905-advisories/HPSBMA02426-SSRT090053.txt HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows running PHP and OpenSSL. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and unauthorized access. http://packetstormsecurity.org/0905-exploits/dmfilemanager-sql.txt DM FileManager version 3.9.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/0905-exploits/kingsoftws-xssexec.txt KingSoft Web Shield versions 1.1.0.62 and below suffer from cross site scripting and code execution vulnerabilities. http://packetstormsecurity.org/0905-advisories/dsa-1802-1.txt Debian Security Advisory 1802-1 - Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application.