http://packetstormsecurity.org/ 100 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/papers/govt/OIG_10-111_Aug10.pdf Office of Inspector General report OIG-10-1111 - DHS Needs to Improve the Security Posture of Its Cybersecurity Program Systems. http://packetstormsecurity.org/1009-advisories/USN-978-1.txt Ubuntu Security Notice 978-1 - Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. http://packetstormsecurity.org/1009-advisories/USN-975-1.txt Ubuntu Security Notice 975-1 - Several dangling pointer vulnerabilities were discovered in Firefox. Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Firefox when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. http://packetstormsecurity.org/1009-advisories/USN-985-1.txt Ubuntu Security Notice 985-1 - Alasdair MacGregor discovered that mountall created a udev rule file with world-writable permissions. A local attacker could exploit this under certain conditions to cause udev to execute arbitrary commands as the root user. http://packetstormsecurity.org/1009-advisories/ESA-2010-016.txt RSA Access Manager Agent version 4.7.1 with RSA Adaptive Authentication Integration contains a potential vulnerability that could be exploited by malicious people to bypass authentication restrictions. http://packetstormsecurity.org/1009-advisories/ESA-2010-015.txt A vulnerability exists in EMC Celerra which can be exploited to gain unauthorized access to root NFS export on EMC Celerra NAS. NAS Code versions 5.6.50 and below are affected. http://packetstormsecurity.org/1009-advisories/ESA-2010-014.txt RSA Access Manager Server contains a potential vulnerability that could be exploited to bypass certain security restrictions, potentially enabling unauthorized access to protected resources. http://packetstormsecurity.org/1009-advisories/dsa-2106-1.txt Debian Linux Security Advisory 2106-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. http://packetstormsecurity.org/1009-advisories/fbsdpseudofs-nullpointer.txt FreeBSD versions 7.0 through 7.2 suffer from a pseudofs NULL pointer dereference vulnerability. Due to a spurious call to pfs_unlock() in pfs_getattr() (as defined in sys/fs/pseudofs/pseudofs_vnops.c), a null pointer is dereferenced after calling extattr_get_attribute() on pseudofs vnode. By allocating a page at address 0x0, an attacker can overwrite an arbitrarily chosen portion of kernel memory, leading to a crash or local root escalation. http://packetstormsecurity.org/1009-advisories/cisco-sa-20100908-wlc.txt Cisco Security Advisory - The Cisco Wireless LAN Controller (WLC) product family is affected by two denial of service, three privilege escalation and two access control list vulnerabilities. http://packetstormsecurity.org/1009-advisories/HPSBMA02574-SSRT100038.txt HP Security Bulletin - A potential security vulnerability has been identified with HP ProLiant G6 Lights-Out 100 Remote Management. This vulnerability could be exploited remotely to create a Denial of Service (DoS) in the Lights-Out 100. http://packetstormsecurity.org/1009-advisories/dsa-2105-1.txt Debian Linux Security Advisory 2105-1 - Several vulnerabilities have been discovered in the FreeType font library. http://packetstormsecurity.org/1009-advisories/etax-sslignore.txt ETax 2010 fails to properly verify SSL certificates. http://packetstormsecurity.org/papers/general/ieee-1394-forensics.pdf Whitepaper called Memory Forensics over the IEEE 1394 Interface. http://packetstormsecurity.org/UNIX/utilities/DnsSpoofer.zip DnsFucker is a DNS spoofing tool. It can be used effectively in both packet switched and hubbed networks. Written in Python. http://packetstormsecurity.org/1009-advisories/dsa-2098-2.txt Debian Linux Security Advisory 2098-2 - The update for TYPO3 in DSA 2098 introduced a regression which could make the backend functionality unusable. This update corrects the problem. http://packetstormsecurity.org/1009-advisories/moaub08-msoffice.pdf Month Of Abysssec Undisclosed Bugs - Microsoft Office Visio suffers from a DXF file stack based overflow vulnerability. http://packetstormsecurity.org/1009-exploits/moaub-msoffice.txt Month Of Abysssec Undisclosed Bugs - Microsoft Office Visio suffers from a DXF file stack based overflow vulnerability. http://packetstormsecurity.org/1009-advisories/moaub08-sirang.pdf Month Of Abysssec Undisclosed Bugs - Sirang web-based D-Control versions 6.0 and below suffer from remote SQL injection and upload restriction bypass vulnerabilities. http://packetstormsecurity.org/1009-exploits/moaub-sirang.txt Month Of Abysssec Undisclosed Bugs - Sirang web-based D-Control versions 6.0 and below suffer from remote SQL injection and upload restriction bypass vulnerabilities. http://packetstormsecurity.org/1009-exploits/adobe_cooltype_sing.rb.txt This Metasploit module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior version are assumed to be vulnerable as well. http://packetstormsecurity.org/1009-exploits/java_rmi_connection_impl.rb.txt This Metasploit module exploits a vulnerability in the Java Runtime Environment that allows to deserialize a MarshalledObject containing a custom classloader under a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23. http://packetstormsecurity.org/1009-exploits/fbsdpmap-racecondition.txt FreeBSD versions 7.3 and 8.1 suffer from a vm.pmap kernel local race condition denial of service vulnerability. http://packetstormsecurity.org/1009-advisories/glsa-201009-06.txt Gentoo Linux Security Advisory 201009-6 - Multiple vulnerabilities have been reported in Clam AntiVirus. Versions less than 0.96.1 are affected. http://packetstormsecurity.org/1009-advisories/glsa-201009-05.txt Gentoo Linux Security Advisory 201009-5 - Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code or other attacks. Multiple vulnerabilities were discovered in Adobe Reader. Versions less than 9.3.4 are affected. http://packetstormsecurity.org/1009-advisories/glsa-201009-04.txt Gentoo Linux Security Advisory 201009-4 - Multiple stack-based buffer overflow vulnerabilities were discovered in SARG allowing for remote code execution. Multiple vulnerabilities were discovered in SARG. Versions less than 2.2.5-r5 are affected. http://packetstormsecurity.org/1009-exploits/ZSL-2010-4963.txt Textpattern CMS version 4.2.0 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/1009-advisories/USN-984-1.txt Ubuntu Security Notice 984-1 - It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run arbitrary code. http://packetstormsecurity.org/1009-advisories/USN-983-1.txt Ubuntu Security Notice 983-1 - Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group. http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt Zenphoto version 1.3 suffers from remote SQL injection and cross site scripting vulnerabilities. http://packetstormsecurity.org/1009-exploits/openjournalsystem-xss.txt OpenJournalSystem suffers from stored cross site scripting vulnerabilities. http://packetstormsecurity.org/1009-exploits/fcms-sql.txt FCMS version 2.3 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1009-exploits/enanocms-sql.txt EnanoCMS version 1.1.7pl1 suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/1009-exploits/luckysploit-exec.txt LuckySploit Exploit Pack suffers from a remote php code execution vulnerability. http://packetstormsecurity.org/1009-exploits/chrome-extensiondetection.txt Google Chrome suffers from an installed extensions arbitrary detection vulnerability. http://packetstormsecurity.org/1009-exploits/coldusergroup-sql.txt ColdUserGroup version 1.06 suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/1009-exploits/coldofficeview-sql.txt ColdOfficeView version 2.04 suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/1009-exploits/micronetsoftrvdealer-sql.txt Micronetsoft RV Dealer Website suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1009-advisories/glsa-201009-03.txt Gentoo Linux Security Advisory 201009-3 - The secure path feature and group handling in sudo allow local attackers to escalate privileges. Versions less than 1.7.4_p3-r1 are affected. http://packetstormsecurity.org/1009-advisories/moaub07-novell.pdf Month Of Abysssec Undisclosed Bugs - Novell Netware NWFTPD suffers from a RMD/RNFR/DELE argument parsing buffer overflow. http://packetstormsecurity.org/1009-exploits/moaub-novell.txt Month Of Abysssec Undisclosed Bugs - Novell Netware NWFTPD suffers from a RMD/RNFR/DELE argument parsing buffer overflow. http://packetstormsecurity.org/1009-exploits/beehiveforum091-xssxsrf.txt BeehiveForum version 0.9.1 suffers from cross site request forgery and cross site scripting vulnerabilities. http://packetstormsecurity.org/UNIX/penetration/rootkits/itsecteam_shell.zip This is a backdoor PHP shell from ITSecTeam. http://packetstormsecurity.org/1009-exploits/hordeaf-xss.txt Horde Application Framework versions 3.3.8 and below suffer from a cross site scripting vulnerability. http://packetstormsecurity.org/UNIX/utilities/netrecon-1.78.tgz Netreconn is a collection of network scan/recon tools that are relatively small compared to their larger cousins. These include nstrobe, ipdump, and ndecode. http://packetstormsecurity.org/1009-advisories/glsa-201009-02.txt Gentoo Linux Security Advisory 201009-2 - Insecure permission handling in maildrop might allow local attackers to elevate their privileges. Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root. Versions less than 2.4.2 are affected. http://packetstormsecurity.org/1009-advisories/dsa-2104-1.txt Debian Linux Security Advisory 2104-1 - Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon. http://packetstormsecurity.org/1009-exploits/joomlaaardvertiser-sql.txt The Joomla Aardvertiser component version 2.1 suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt MySource Matrix version 3.28.3 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/1009-advisories/MDVSA-2010-171.txt Mandriva Linux Security Advisory 2010-171 - The cluster logical volume manager daemon in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted control commands. The updated packages have been patched to correct this issue. http://packetstormsecurity.org/1009-exploits/aar-corrupt.tgz Adobe Acrobat Reader suffers from an acroform_PlugInMain memory corruption vulnerability. http://packetstormsecurity.org/1009-exploits/micronetsoftrpm-sql.txt Micronetsoft Rental Property Management Script suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1009-advisories/moaub07-dynpage.pdf Month Of Abysssec Undisclosed Bugs - DynPage versions 1.0 and below suffer from local file disclosure and administrative hash disclosure vulnerabilities. http://packetstormsecurity.org/1009-exploits/moaub-dynpage.txt Month Of Abysssec Undisclosed Bugs - DynPage versions 1.0 and below suffer from local file disclosure and administrative hash disclosure vulnerabilities. http://packetstormsecurity.org/1009-exploits/ida-overflow.txt Internet Download Accelerator version 5.8 remote buffer overflow proof of concept exploit. http://packetstormsecurity.org/1009-exploits/dmxreadymam-xss.txt DMXReady Members Area Manager suffers from a persistent cross site scripting vulnerability. http://packetstormsecurity.org/1009-exploits/joomlagantry-sql.txt The Joomla Gantry Framework component version 3.0.10 suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/web/iexploder-1.7.tgz iExploder is like a fire hydrant full of bad HTML and CSS code to test the stability and security of web browsers. Available as a standalone webserver or CGI script, it continuously feeds browsers bad data in the hope that they will eventually crash. It is designed to run for hours, or even days until the browser crashes. namebench was initially written as a QA tool for the Mozilla Project to test the Firefox 1.0 release, and is now included and used by Apple's Webkit project. http://packetstormsecurity.org/crypt/linux/encfs-1.7.2.tgz EncFS is an encrypted pass-through filesystem which runs in userspace on Linux (using the FUSE kernel module). Similar in design to CFS and other pass-through filesystems, all data is encrypted and stored in the underlying filesystem. Unlike loopback filesystems, there is no predetermined or pre-allocated filesystem size. http://packetstormsecurity.org/1009-exploits/softbizad-sql.txt Softbiz Article Directory Script suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/1009-exploits/integardhomepro-overflow.rb.txt This is a Metasploit module that exploits a remote buffer overflow in Integard Home and Pro version 2. http://packetstormsecurity.org/1009-advisories/moaub06-hpopenview.pdf Month Of Abysssec Undisclosed Bugs - HP OpenView NNM suffers from a remote code execution vulnerability in webappmon.exe. http://packetstormsecurity.org/1009-exploits/moaub-hpopenview.txt Month Of Abysssec Undisclosed Bugs - HP OpenView NNM suffers from a remote code execution vulnerability in webappmon.exe. http://packetstormsecurity.org/1009-advisories/moaub06-interphoto.pdf Month Of Abysssec Undisclosed Bugs - InterPhoto Gallery versions 2.4.0 and below suffer from shell upload, cross site request forgery, cross site scripting and disclosure vulnerabilities. http://packetstormsecurity.org/1009-exploits/moaub-interphoto.txt Month Of Abysssec Undisclosed Bugs - InterPhoto Gallery versions 2.4.0 and below suffer from shell upload, cross site request forgery, cross site scripting and disclosure vulnerabilities. http://packetstormsecurity.org/papers/general/pbania-jit-mitigations2010.pdf Whitepaper called JIT Spraying and Mitigations. http://packetstormsecurity.org/1009-exploits/qqplayer-dos.txt QQPlayer version 2.3.696.400p1 suffers from a denial of service vulnerability. http://packetstormsecurity.org/1009-exploits/weborf-traversal.txt Weborf version 0.12.2 suffers from a directory traversal vulnerability. http://packetstormsecurity.org/1009-exploits/coldbookmarks-sql.txt ColdBookmarks version 1.22 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1009-exploits/coldcalendar-sql.txt ColdCalendar version 2.06 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1009-exploits/javabridge-traversal.txt Java Bridge version 5.5 suffers from a directory traversal vulnerability. http://packetstormsecurity.org/1009-exploits/wordpressem-xss.txt WordPress Events Manager version 3.1.2 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/1009-advisories/dsa-2103-1.txt Debian Linux Security Advisory 2103-1 - It was discovered that smbind, a PHP-based tool for managing DNS zones for BIND, does not properly validating input. An unauthenticated remote attacker could execute arbitrary SQL commands or gain access to the admin account. http://packetstormsecurity.org/1009-advisories/nmap521-dllhijack.txt Nmap version 5.21 on Microsoft Windows suffers from a DLL hijacking vulnerability. http://packetstormsecurity.org/crypt/openca-tools-1.3.0.tar.gz The OpenCA Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. OpenCA is based on many Open-Source Projects. Among the supported software is OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl. http://packetstormsecurity.org/1009-advisories/moaub05-ifnuke.pdf Month Of Abysssec Undisclosed Bugs - IfNuke version 4.0.0 suffers from cross site scripting and shell upload vulnerabilities. http://packetstormsecurity.org/1009-advisories/moaub05-msmpeg.pdf Month Of Abysssec Undisclosed Bugs - Microsoft MPEG Layer-3 remote command execution exploit. http://packetstormsecurity.org/1009-advisories/moaub04-moviemaker.pdf Month Of Abysssec Undisclosed Bugs - Movie Maker version 2.1 suffers from a remote code execution vulnerability as described in MS10-016. http://packetstormsecurity.org/1009-advisories/moaub04-syndeocms.pdf Month Of Abysssec Undisclosed Bugs - Syndeo CMS version 2.8.02 suffers from cross site request forgery, cross site scripting and local file inclusion vulnerabilities. http://packetstormsecurity.org/UNIX/scanners/malware_check_tool-1.2.zip Malware Check Tool is a python script that detects malicious files via checking md5 hashes from an offline set or via the virustotal site. It has http proxy support and an update feature. http://packetstormsecurity.org/1009-exploits/dmxreadypbm-sql.txt DMXready Polling Booth Manager suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/linux/modules/pam_shield-0.9.4.tar.gz pam_shield is a PAM module that uses null-routing or iptables to lock out script kiddies that probe your computer for open logins or easy guessable passwords. pam_shield is meant as an aid to protect public computers on the Internet. http://packetstormsecurity.org/UNIX/scanners/hyenae-0.35-2.tar.gz Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks. http://packetstormsecurity.org/1009-exploits/joomlaclantools15-sql.txt The Joomla Clantools component version 1.5 suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/UNIX/scanners/joomlascan.tgz Joomla web scanning perl script that gets the version, components and shows possible bugs. http://packetstormsecurity.org/1009-exploits/moaub-ifnuke.txt Month Of Abysssec Undisclosed Bugs - IfNuke version 4.0.0 suffers from cross site scripting and shell upload vulnerabilities. http://packetstormsecurity.org/1009-exploits/mblogger-xss.txt mBlogger version 1.0.04 addcomment.php persistent cross site scripting exploit. http://packetstormsecurity.org/libraries/openscap-0.6.2.tar.gz The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS. http://packetstormsecurity.org/1009-exploits/moaub-syndeocms.txt Month Of Abysssec Undisclosed Bugs - Syndeo CMS version 2.8.02 suffers from cross site request forgery, cross site scripting and local file inclusion vulnerabilities. http://packetstormsecurity.org/1009-exploits/joomlaclantools-sql.txt The Joomla Clantools component version 1.2.3 suffers from blind SQL injection vulnerabilities. http://packetstormsecurity.org/1009-exploits/phpclassifiedsads-sql.txt PHP Classifieds ADS suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/1009-exploits/fcrackzip-overflow.txt FCrackZip version 1.0 local buffer overflow proof of concept exploit. http://packetstormsecurity.org/1009-exploits/chillycms-sqlxss.txt chillyCMS version 1.1.3 suffers from cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/1009-exploits/ijoomlamagazine-rfi.txt iJoomla Magazine version 3.0.1 suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/shellcode/armbinsh-shellcode.txt 27 bytes small Linux/ARM execve( /bin/sh ,[0],[0],[0 vars]) shellcode. http://packetstormsecurity.org/1009-exploits/virtualdjtrial-overflow.txt Virtual DJ Trial version 6.1.2 SEH buffer overflow crash proof of concept exploit. http://packetstormsecurity.org/1009-exploits/ablog-sql.txt A-Blog version 2.0 remote SQL injection exploit that leverages sources/search.php. http://packetstormsecurity.org/1009-exploits/phpclassifieds-rfi.txt PHP Classifieds version 7.3 suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/1009-exploits/vlcmpsmb-overflow.txt VLC Media Player versions prior to 1.1.4 smb::// URI handling remote stack overflow proof of concept exploit that creates a malicious .xspf file. http://packetstormsecurity.org/1009-exploits/moaub-msmpeg.txt Month Of Abysssec Undisclosed Bugs - Microsoft MPEG Layer-3 remote command execution exploit.