PacketStormSecurity - PacketStorm

PacketStorm
Packet Storm Security Last 100
100 Most Recent Packet Storm File Additions
TA10-068A.txt Technical Cyber Security Alert 2010-68A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office. tor.uclibc.i686.20100309.iso Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. CORE-2009-1103.txt Core Security Technologies Advisory - A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file. CORE-2009-0813.txt Core Security Technologies Advisory - A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution. rivercms-sql.txt River CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. MDVSA-2010-058.txt Mandriva Linux Security Advisory 2010-058 - Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. nusnewssystem-sql.txt NUs Newssystem version 1.02 suffers from a remote SQL injection vulnerability. jevci-disclose.txt Jevci Siparis Formu Scripti suffers from a remote database disclosure vulnerability. ZDI-10-026.txt Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials. mhproducts-sql.txt Mhproducts Kleinanzeigenmarkt suffers from a remote SQL injection vulnerability. easyftp.rb.txt This Metasploit module exploits a stack overflow in the CWD verb in Easy~FTP Server. You must have valid credentials to trigger this vulnerability. HPSBMA02489-SSRT090065.txt HP Security Bulletin - A potential vulnerability has been identified with HP Performance Insight. The vulnerability could be exploited remotely to execute arbitrary commands. energizer_duo_payload.rb.txt This Metasploit module will execute an arbitrary payload against any system infected with the Arugizer trojan horse. This backdoor was shipped with the software package accompanying the Energizer Duo USB battery charger. orbital_viewer_orb.rb.txt This Metasploit module exploits a stack-based buffer overflow in David Manthey's Orbital Viewer. When processing .ORB files, data is read from file into a fixed-size stack buffer using the fscanf function. Since no bounds checking is done, a buffer overflow can occur. Attackers can execute arbitrary code by convincing their victim to open an ORB file. rsstatic-sql.txt Rsstatic suffers from a remote SQL injection vulnerability. uebimiauwebmail-disclose.txt Uebimiau Webmail version 3.2.0-2.0 suffers from a remote email disclosure vulnerability. aef-xss.txt AEF version 1.0.8 suffers from a cross site scripting vulnerability. ibmenovia-xss.txt IBM ENOVIA SmarTeam version 5 suffers from a cross site scripting vulnerability. wildcms-sql.txt WILD CMS suffers from a remote SQL injection vulnerability. eleanorcms-xss.txt Eleanor CMS version Rc5.1 suffers from a cross site scripting vulnerability. ddlcms-xss.txt DDL CMS version 2.1 suffers from a cross site scripting vulnerability. ZDI-10-025.txt Zero Day Initiative Advisory 10-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. The XLSX file is a ZIP archive of the associated content making up the new Open XML Document. Due to the lack of validation on the ZIP header when decompressing certain XML elements it is possible to execute uninitialized memory. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user. joomlahezacontent-sql.txt The Joomla HezaContent component version 1.0 suffers from a remote SQL injection vulnerability. reverberation.c Reverberation is a proof of concept denial of service tool that makes use of UDP echo servers. exploit-writing-tutorial-part-9-win32-shellcoding.pdf Introduction to Win32 shellcoding. Part 9 in a series of tutorials. exploit-writing-tutorial-part-8-win32-egg-hunt.pdf Win32 Egg Hunting. Part 8 in a series of tutorials. Ravage.zip Ravage is a rogue DHCP server written in PHP. phpfss-traversalxssupload.txt PHP File Sharing System version 1.5.1 suffers from cross site scripting, directory traversal and shell upload vulnerabilities. jadclass-dos.txt JAD java decompiler .class file stack overflow denial of service exploit. jadarg-crash.txt JAD java decompiler version 1.5.8g argument crash exploit. reglookup-0.12.0.tar.gz RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later. chaton-lfi.txt Chaton versions 1.5.2 and below suffer from a local file inclusion vulnerability. quickzip.py.txt QuickZip version 4.60 local buffer overflow proof of concept exploit that creates a malicious .zip file. This version does not have the egghunter. dsa-2008-1.txt Debian Linux Security Advisory 2008-1 - Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. quickzip0day.py.txt QuickZip version 4.60 local universal buffer overflow proof of concept exploit that creates a malicious .zip file. dzauktionshaus-sql.txt DZ Auktionshaus V4.rgo suffers from a remote SQL injection vulnerability in news.php. codegate2010.txt The CodeGate 2010 Capture The Flag contest has been announced. It will take place from March 13th through the 14th. dev4u-sql.txt Dev4U CMS Personenseiten suffers from a remote SQL injection vulnerability. opencart-sql.txt OpenCart version 1.3.2 suffers from a remote SQL injection vulnerability. khc_0.2.tar.gz Known Host Cracker (khc) is a small tool designed to recover hashed known_host files back to their plain-text equivalents. geoipgen-0.4.tar.gz GeoIPgen is a country-to-IPs generator. It's a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database. Geoipgen is the first published use of a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country. Features: Random or sorted order, unique or repeating IPs, skips broadcast addresses, one, many or all countries. nessus-xmlrpc-0.3.tar.gz nessus-xmlrpc is a Ruby library for the Nessus XML-RPC interface. It comes with an example command line program that shows how easy it is to interact with the Nessus scanner. lenovo-escalate.txt Lenovo laptops running the Hotkey Driver and Access Connections software versions 5.33 and below suffer from a privilege escalation vulnerability. Full exploitation details provided. openssh-5.4p1.tar.gz This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. USN-907-1.txt Ubuntu Security Notice 907-1 - It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10. tribisur-lfi.txt Tribisur versions 2.0 and below suffer from a local file inclusion vulnerability. spamassassin-remoteroot.txt The Spamassassin Milter plugin suffers from a remote root command execution vulnerability. Full exploit details provided. bigforum-sql.txt BigForum version 4.5 remote SQL injection exploit that dumps user table information. bildflirt-sql.txt Bild Flirt System version 2.0 suffers from a remote SQL injection vulnerability. dvbbs830-xss.txt DvBBS versions 7.1.x through 8.2.x suffer from a cross site scripting vulnerability. This is a variation of the flaw that affected versions prior to 7.1.0. croogocms-xss.txt Croogo CMS versions 1.2 and below suffer from cross site scripting vulnerabilities. MDVSA-2010-057.txt Mandriva Linux Security Advisory 2010-057 - The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. jitednotepad-shellcode.txt JITed exec notepad shellcode. jitedstage0-shellcode.txt JITed Stage-0 Shellcode. This JIT shellcode finds VirtualProtect, restores the address of the shellcode, makes mem exec and jumps to it. Writing-JIT-Spray-Shellcode.pdf Whitepaper called Writing JIT-Spray Shellcode For Fun And Profit. QuikSoft-reverse.zip Oracle Document Capture (EasyMail Objects EMSMTP.DLL version 6.0.1) Active-X control buffer overflow JIT-Spray exploit. SAP-Logon7-System.zip SAP GUI version 7.10 WebViewer3D Active-X JIT-Spray exploit. bbsmax-xss.txt BBSMAX versions 3.0, 4.1, and 4.2 suffer from a cross site scripting vulnerability. etopbizlinkads-sql.txt E-Topbiz Link Ads 1 PHP script suffers from a remote SQL injection vulnerability. topdownloadmp3-dos.txt TopDownloads MP3 Player version 1.0 crash exploit that creates a malicious .m3u file. flare-dos.txt Flare versions 0.6 and below local heap overflow denial of service exploit. gc40249-dos.tgz Google Chrome version 4.0.249 XML denial of service proof of concept exploit. pwn-isapi.cpp.txt Apache version 2.2.14 mod_isapi remote SYSTEM exploit. Due to the nature of the vulnerability, and exploitation method, DEP should be limited to essential Windows programs and services. At worst, if DEP is enabled for the Apache process, you could cause a constant DoS by looping this (since apache will automatically restart). SOS-10-002.txt By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache 2.2.14 mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. Successful exploitation results in the execution of arbitrary code with SYSTEM privileges. MDVSA-2010-056.txt Mandriva Linux Security Advisory 2010-056 - This update provides the OpenOffice.org 3.0 major version and holds multiple security updates relating to integer and heap buffer overflows. crucontent-disclose.txt Cru Content CMS suffers from a remote file disclosure vulnerability. ncpfs-race.txt The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs package, contain race conditions, information disclosures, and denial of service vulnerabilities. junipersa-xss.txt Juniper Secure Access suffers from a cross site scripting vulnerability. SA Appliances running Juniper IVE OS 6.0 or higher are affected. MDVSA-2010-055.txt Mandriva Linux Security Advisory 2010-055 - Denial of service, buffer overflows, integer overflows and other issues have been addressed in Poppler. AdvancedWinServiceManager.zip AdvancedWinServiceManager is a smart tool to remove hidden rootkit services. It makes it easy to eliminate such malicious services by separating out third party services from Windows services. By default it shows only third party services along with more details such as Company Name, Description, Install Date, File Path etc at one place which helps in quickly differentiating between legitimate and malicious services. It comes with rich features such as detecting hidden rootkit services, exporting the service list to html based log file, displaying only third party services etc. 03.04.10-1.txt iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition. sagem-bypass.txt Sagem Routers remote authentication bypass exploit. natychmiast-sqlxss.txt Natychmiast CMS suffers from cross site scripting and remote SQL injection vulnerabilities. bsplayerml-overflow.txt BS.Player version 2.51 build 1022 (Media Library) suffers from a remote buffer overflow vulnerability. vlcmediaplayer-overflow.txt VLC Media Player version 1.0.5 Goldeneye suffers from a remote buffer overflow vulnerability. jriver-overflow.txt J. River Media Jukebox 12 suffers from a MP3 file handling remote heap overflow vulnerability. phpauctions-xss.txt PHP Auctions suffers from a cross site scripting vulnerability. aac_parser_int_div_by_0_orb.zip Orb versions 2.0.01.0049 through 2.54.0018 DirectShow filter integer division by zero denial of service exploit. phpnukecms-sql.txt The survey and poll modules of PHP-Nuke CMS suffer from a remote SQL injection vulnerability. NSOPOC-2010-006.zip Proof of concept exploit that demonstrates a buffer overflow in the Authentium Command On Demand Online scanner service. NSOADV-2010-006.txt Remote exploitation of a buffer overflow vulnerability in Authentium Command On Demand Online scanner service could allow an attacker to execute arbitrary code within the security context of the targeted user. onecmsv25-sql.txt ONECMS version 2.5 remote SQL injection exploit. kolang-bypass.txt Kolang is a php script that can be leveraged in local and remote file inclusion attacks and performs safe mode bypass for PHP versions 4.3.10 through 5.3.10. preelearningportal-sql.txt Pre E-Learning Portal suffers from a remote SQL injection vulnerability. execve-md.c 64 bytes small Linux/x86 disable modsecurity shellcode. joomlablog-lfi.txt The Joomla Blog component suffers from a local file inclusion vulnerability. bbsxp2008-xss.txt BBSXP 2008 suffers from a cross site scripting vulnerability. joomla-rfis.txt This paper documents approximately 50 remote file inclusion vulnerabilities in Joomla and related components. fcrontab-race.txt fcrontab, part of the fcron scheduler, is vulnerable to several race conditions that allow a local attacker to use symbolic links to read unauthorized files.Â Versions before 3.0.5 are affected. opennhrp-0.11.3.tar.bz2 OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible. CA20100304-01.txt CA's support is alerting customers to a security risk with CA SiteMinder. Multiple cross site scripting (XSS) vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability. MDVSA-2010-054.txt Mandriva Linux Security Advisory 2010-054 - Pam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. This update provides the version 2.3.5 of pam_krb5, which is not vulnerable to this issue. sagem-reset.txt Sagem routers remote reset exploit. It affects F@ST router models 1200/1240/1400/1400W/1500/1500-WG/2404. chilkat_crypt_writefile.rb.txt This Metasploit module allows attackers to execute code via the 'WriteFile' unsafe method of Chilkat Software Inc's Crypt ActiveX control. This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to execute our payload immediately. However, this method requires that the victim user be browsing with Administrator. Additionally, this method will not work on newer versions of Windows. NOTE: This vulnerability is still unpatched. The latest version of Chilkat Crypt at the time of this writing includes ChilkatCrypt2.DLL version 4.4.4.0. ultraoffice_httpupload.rb.txt This Metasploit module exploits a stack-based buffer overflow in Ultra Shareware's Office Control. When processing the 'HttpUpload' method, the arguments are concatenated together to form a command line to run a bundled version of cURL. If the command fails to run, a stack-based buffer overflow occurs when building the error message. This is due to the use of sprintf() without proper bounds checking. NOTE: Due to input restrictions, this exploit uses a heap-spray to get the payload into memory unmodified. VMSA-2010-0004.txt VMware Security Advisory - Updates have been issues for ESX Service Console newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages have also been issued. dsa-2007-1.txt Debian Linux Security Advisory 2007-1 - Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf(). This works as the lppasswd binary happens to be installed with setuid 0 permissions. webex_ucf_newobject.rb.txt This Metasploit module exploits a stack-based buffer overflow in WebEx's WebexUCFObject ActiveX Control. If an long string is passed to the 'NewObject' method, a stack- based buffer overflow will occur when copying attacker-supplied data using the sprintf function. It is noteworthy that this vulnerability was discovered and reported by multiple independent researchers. ZSL-2010-4929.txt Deimos Kasa versions 2.58 and below suffer from a local integer overflow vulnerability. opera1050-overflow.txt Opera versions 10.10 through 10.50 integer overflow exploit.

Intel Security

Intel Product Security Advisories and Notices

CoreCommandos.Com