Packet Storm's last 100 added files. Last Updated: Mon Dec 1 17:51:54 EST 2008 [ pacpoll-disclose.txt ] d99a14ceeaa24e01d9ce9805c3832314 PacPoll version 4.0 suffers from a remote database disclosure vulnerability. [ USN-682-1.txt ] 1560ab2afeeb34aeff6acc170b7a1d4a Ubuntu Security Notice USN-682-1 - It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. [ USN-681-1.txt ] ab83603b48fb33d8beb11a1c24b415c3 Ubuntu Security Notice USN-681-1 - It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. [ BMSA-2008-09.txt ] 509568fd9e424180b690bb987e5349ec Rumpus version 6.0 contains two buffer overflow vulnerabilities in its HTTP and FTP modules. Exploitation details provided. [ webhub-bypass.txt ] 10c6c9b665c6704377eeb8047448ba47 Web Hub CMS has a default administrator login/password pair left in the system. [ infinite-bypass.txt ] 485257bb148591199e988fc1a3b94d0a Infinite IT Solutions CMS has a default administrator login/password pair left in the system. [ VA_VD_87_08_XRDP.pdf ] 65d5e2f4f1dbf66e66c013e9d7dd85d8 Multiple buffer overflow vulnerabilities exist in xrdp which can be leveraged to execute arbitrary code. [ TKADV2008-013.txt ] 53dd0932afc1be3807df1da75a8a9fd0 VLC media players versions below 0.9.7 suffer from a RealMedia processing integer overflow vulnerability. [ sqlinj-insouts.txt ] c035c0f0774632e35207ea604687ee56 Whitepaper discussing the ins and outs of SQL injection vulnerabilities and exploitation. [ bcoos1013-sql.txt ] 8e8d99f3b5eb8254bc857c176abd665f bcoos version 1.0.13 remote SQL injection exploit that makes use of viewcat.php. [ preonline-cmsqlxss.txt ] d220b7f0a800b11aee1906db80f88892 Pre Online Tests Generator suffers from cookie manipulation, cross site scripting, and remote SQL injection vulnerabilities. [ preclass-sqlxss.txt ] 7bb1766c3df1bdeca1568590dcba35bc Pre Classifieds Listings suffers from cross site scripting and remote SQL injection vulnerabilities. [ aspportal-disclose.txt ] 3658ee46705e8b78b1a5c9c51861b27f ASPPortal version 3.2.5 suffers from a remote database disclosure vulnerability. [ preshoppingmall-cmsqlxss.txt ] d30d9596ccd72e430a3c8f145aad1edd Pre Shopping Mall suffers from cookie manipulation, cross site scripting, and remote SQL injection vulnerabilities. [ ezpoll-sql.txt ] de8608bfc66215dd26e56648ecaf6816 E.Z. Poll version 2 suffers from a SQL injection vulnerability that allows for authentication bypass. [ prejobboard-cmsqlxss.txt ] ca06654c7d884a6a743f3b301373e8f7 Pre Job Board suffers from cookie manipulation, cross site scripting, and remote SQL injection vulnerabilities. [ preaspjob-xsscm.txt ] 44f2098cb336a892c01df3187a98ea4a Pre ASP Job Board suffers from cookie manipulation and cross site scripting vulnerabilities. [ classifieds-xss.txt ] e8f7d798c7b330ddd84f2745227804ed SoftBiz Classifieds Script suffers from multiple cross site scripting vulnerabilities. [ phpjobwebsite-cmsqlxss.txt ] a4e54a472ead8eeb3cf3cda5135d486f PHP JobWebSite Pro suffers from cookie manipulation, cross site scripting, and remote SQL injection vulnerabilities. [ toast-disclose.txt ] e0f02d3f6cf8bb922d8217dc8e9d40e9 Toast Forums suffers from a database disclosure vulnerability. [ aspshoppingcart-xss.txt ] 27466adef74707d6ddc6d1a0729dd195 ASP Shopping Cart suffers from a cross site scripting vulnerability. [ aspforum-cmsqlxss.txt ] 54ab851fd69d982362168e408e3c63d5 ASP Forum Script suffers from cookie manipulation, cross site scripting, and remote SQL injection vulnerabilities. [ vncrush.txt ] ed58c3b9631ccc841557d59510f429b5 VNCrush is a VNC server fuzzing utility. [ rshatter.txt ] 057a05cbc1366b70aebb1f23a8f8c2ab RSHatter is a rsh protocol fuzzing utility. [ ewb-overflow.txt ] bd98a61213a2a434a4f72d7ae5fa43e1 Electronics Workbench .EWB file stack buffer overflow proof of concept exploit. [ debian-symlink.txt ] bdbc9435e85a7cc7a8765104b6499e9e Debian GNU/Linux symbolic link attack arbitrary file ownership proof of concept exploit. [ 0811-exploits.tgz ] 4c82f1f29e6626dc54ea80675384f8e2 Packet Storm new exploits for November, 2008. [ dsa-1675-1.txt ] a270ad8083dd0956b7681b12bb56bebb Debian Security Advisory 1675-1 - Masako Oono discovered that phpMyAdmin, a web-based administration interface for MySQL, insufficiently sanitises input allowing a remote attacker to gather sensitive data through cross site scripting, provided that the user uses the Internet Explorer web browser. [ andysphpkb-upload.txt ] 57f2258ea6b5bdd482a9ba5c64e16be0 Andy's PHP Knowledgebase version 0.92.9 suffers from an arbitrary file upload vulnerability. [ z1exchange-sql.txt ] 83a6043efa9393088dcd9a9a616db09f z1exchange versions 1.0 suffers from a remote SQL injection vulnerability in edit.php. [ broadcast-rfi.txt ] 8198cfbd1086bbe4e2f09a3b8a923f06 Broadcast Machine version 0.1 suffers from multiple remote file inclusion vulnerabilities. [ cpcommerce-bypass.txt ] 8a67c6d9744fadb9a83cc798169b41a3 cpCommerce version 1.2.6 suffers from input variable overwrite and authentication bypass vulnerabilities. [ minimalablog-sqlfubypass.txt ] 9ec5f0536ae171d5ba3242bf27d501f8 Minimal Ablog version 0.4 suffers from file upload, administrative bypass, and remote SQL injection vulnerabilities. [ ktpccd-sql.txt ] ad0a2f2f16fa3b1a3ffc081ac17ba2c3 KTP Computer Customer Database CMS suffers from a blind SQL injection vulnerability. [ ktpccd-lfi.txt ] 908db80332718321ad09a1a444a66cd4 KTP Computer Customer Database CMS local file inclusion exploit. [ activebizdir-sql.txt ] 2bc454ed304fa0e9367deb91d9af4985 Active Business Directory version 2 suffers from a remote blind SQL injection vulnerability. [ activetimebilling-sql.txt ] c969118f9f2d1e530e81adc693c8667f Active Time Billing version 3.2 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activeprice-blindsql.txt ] 7e96990233ac30d798122a7bd89e8a31 Active Price Comparison version 4 suffers from a blind SQL injection vulnerability. [ activephotogal-sql.txt ] aa0269a9d4eefd9afa57a26c735328b5 Active Photo Gallery version 6.2 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activewebhelpdesk-sql.txt ] e27528ffd28fca522f5a23d5206433b8 Active Web Helpdesk version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass. [ activewebmail-blindsql.txt ] 9673d6c429848b0389b0267dae62b031 Active Web Mail version 4 suffers from a blind SQL injection vulnerability. [ dsa-1674-1.txt ] cf1c348f9336982c7bfdb41148f11a58 Debian Security Advisory 1674-1 - Javier Fernandez-Sanguino Pena discovered that updatejail, a component of the chroot maintenance tool Jailer, creates a predictable temporary file name, which may lead to local denial of service through a symlink attack. [ dsa-1673-1.txt ] 6b172a6ccabb4c48e19d3abb7f02dd15 Debian Security Advisory 1673-1 - Several remote vulnerabilities have been discovered network traffic analyzer Wireshark. [ activebids-sql.txt ] e951d6ce10698f269567ffffa5991644 Active Bids version 3.5 suffers from a blind SQL injection vulnerability. [ activetest21-sql.txt ] 777dc043442c70ccc8f1678ed52ef493 Active Test version 2.1 suffers from a blind SQL injection vulnerability. [ activewebmail4-sql.txt ] 5598c51144c84d9bb9c2904247b31dbf Active Web Mail version 4 suffers from a blind SQL injection vulnerability. [ activevotes22-sql.txt ] 4c15393b3f1c524c9598b5e245667ceb Active Votes version 2.2 suffers from a blind SQL injection vulnerability. [ oramon-disclose.txt ] 5219239d7b4f352e07fe99b998823402 OraMon version 2.0.1 suffers from a remote configuration file disclosure vulnerability. [ aspthai-disclose.txt ] 37cc7d80a9c3d5f89e3a4887580eb457 ASPThai.NET Forum version 8.5 suffers from a remote database disclosure vulnerability. [ openforum-password.txt ] f9f98107c5d6c44bd400b28443984d22 OpenForum version 0.66 Beta remote administrator password reset exploit. [ litolite-sql.txt ] 100fe695f03fd188610bf6dc8dad05ab Lito Lite CMS remote SQL injection exploit that makes use of cate.php. [ quicktree-disclose.txt ] 9419fdf8c7f31d4676dcd182d0dcfbb2 Quick Tree View .NET version 3.1 suffers from a qtv.mdg database disclosure vulnerability. [ cmsmadesimple-lfi.txt ] 54add7e34d48f6a0e37e638fd84fd29b CMS Made Simple version 1.4.1 suffers from a local file inclusion vulnerability. [ cainabel.py.txt ] d98563b8a2db8788880b84876c0c7930 Cain and Abel version 4.9.23 RDP file buffer overflow proof of concept exploit. [ itune-overflow.txt ] 6a0351cb21c3fe6bbb146e7356691997 iTunes version 8.0.2.20 and QuickTime 7.5.5 overflow proof of concept exploit that leverages .mov files. [ phptvportal-sql.txt ] cd201d53bb060b8eff42eff370fe74dc PHP TV Portal version 2.0 suffers from a remote SQL injection vulnerability in index.php. [ ewebquiz-sql.txt ] b4e403eebb098b3b1a84d90d9eec4dc3 eWebquiz version 8 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activewebmail-sql.txt ] c1ad581bef37b94fbb28347539ae5196 Active Web Mail version 4 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activenewsletter-sql.txt ] e5950296a0e3a027daa5a8fa8ad62df5 Active Newsletter version 4.3 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activeprice-sql.txt ] abcc0d26b02cdc3d3e7256ee7f25f2ff Active Price Comparison version 4 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activetrade-sql.txt ] 50b8c9b050b51cb8bd1209577f483185 Active Trade version 2 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activemembership-sql.txt ] 39c54a340d8a830af571a0cea96fe67e Active Membership version 2 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activewebsurvey-sql.txt ] a2a22beafef927411592abb0641e9b6f Active Websurvey version 9.1 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activetest-sql.txt ] 1a55665f05bb53f2c365e084d1a8a315 Active Test version 2.1 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activevotes-sql.txt ] 19faf6a13c95a2ca7734910bb96e4581 Active Votes version 2.2 suffers from a SQL injection vulnerability that allows for authentication bypass. [ activeforce-sql.txt ] 1753f9d302aa068cd784e4c9abd04347 Active Force Matrix version 2 suffers from a SQL injection vulnerability that allows for authentication bypass. [ aspreferral-sql.txt ] 57070cb97ad91974e49f7fb60ed74bed ASPReferral version 5.3 suffers from a blind SQL injection vulnerability. [ dsa-1672-1.txt ] 2fa8b95db4c1de901b203e34086204b2 Debian Security Advisory 1672-1 - Julien Danjou and Peter De Wachter discovered that a buffer overflow in the XPM loader of Imlib2, a powerful image loading and rendering library, might lead to arbitrary code execution. [ Exomind-v0.2.tar.gz ] 243ddeac2722235a9aeb12da81925aec Exomind is an experimental Python console and programmatic framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on social network services, search engines and instant messaging. [ format-string-linux.txt ] 48fa55a434806e7832db19e7e7533809 Whitepaper entitled Format String Exploitation Demonstration [LINUX]. [ frame-pointer-overwrite-linux.txt ] fc704d927582552c2c7eac1a3609ca83 Whitepaper entitled Frame Pointer Overwrite Demonstration [LINUX]. [ revou-sql.txt ] bf85304f9a8c8e0561de957e1e27d701 ReVou Twitter Clone suffers from a SQL injection vulnerability that allows for authentication bypass. [ cmslittle-sql.txt ] 6864a2d2bad1bb91146ef84f43685c21 CMS little remote SQL injection exploit that makes use of index.php. [ booking-sqlxss.txt ] 67e40ff44b396861f92c55450cad92fb Booking System suffers from cross site scripting and remote SQL injection vulnerabilities. [ basiccms-xss.txt ] f30467071f0e75516805f8e442b87de6 Basic CMS suffers from a cross site scripting vulnerability. [ comersuscart-xss.txt ] d30e77d8a37dfb03052fe53285f4927e Comersus ASP Shopping Cart suffers from a cross site scripting vulnerability. [ turnkeyarcade-xss.txt ] 37fecf66e2325da7156ee0b7533fe9ac Turnkey Arcade Script suffers from a cross site scripting vulnerability. [ php526-destroy.txt ] 30e8372e5478019f95a66440a625e754 PHP version 5.2.6 suffers from a dba_replace() file destroying vulnerability. Details provided. [ bluocms-sql.txt ] 0d44ca5d2ebe7865139d389cdaa69e28 Bluo CMS version 1.2 suffers from a blind SQL injection vulnerability in index.php. [ basicphpcms-sql.txt ] c09e30f922096a619078561980cdc00f Basis PHP CMS suffers from a blind SQL injection vulnerability in index.php. [ rakhi-sqlxssfpd.txt ] 208a5e1ac433e4fb6481f1c3b958155e RakhiSoftware Shopping Cart suffers from remote SQL injection, cross site scripting, and full path disclosure vulnerabilities. [ ocean12mlmg-sql.txt ] 266c1eca067483856903af64b65853a6 Ocean12 Mailing List Manager Gold suffers from a remote SQL injection vulnerability. [ ocean12poll-sql.txt ] c025753aabee045a43d29b8625f29f40 Ocean12 Poll Manager Pro suffers from a remote SQL injection vulnerability. [ ocean12faq-sqlxss.txt ] b5b8c7e6484e569e6b0adb95839f61fe Ocean12 FAQ Manager Pro suffers from remote SQL injection and cross site scripting vulnerabilities. [ astrospaces-sqlxss.txt ] a16eb9ed415ba3f735a4d87dc5ed79c6 AstroSPACES suffers from cross site scripting and remote SQL injection vulnerabilities. [ bookingcentre201-sql.txt ] 62e92350d5149171f312487cf025efb1 Booking Centre version 2.01 suffers from a remote SQL injection vulnerability that allows for authentication bypass. [ USN-679-1.txt ] 3179de2b2ce723c848fd67cf6a9ed0b7 Ubuntu Security Notice USN-679-1 - The Linux 2.6 kernel has had various security vulnerabilities addressed. These range from bypass issues to denial of service and improper validation. [ USN-680-1.txt ] f667d3f9952fb1b52bf26451ed9cba41 Ubuntu Security Notice USN-680-1 - It was discovered that Samba did not properly perform bounds checking in certain operations. A remote attacker could possibly exploit this to read arbitrary memory contents of the smb process, which could contain sensitive information or possibly have other impacts, such as a denial of service. [ sailplanner-sql.txt ] 3a09211922669bb7d348028ff53e212e SailPlanner version 0.3a suffers from a remote SQL injection vulnerability that allows for authentication bypass. [ btas-sql.txt ] fcc76d11f8a29dae42a068dbe90edcbe Turnkey Arcade Script suffers from a remote SQL injection vulnerability. [ allclubcms-dbretrieve.txt ] c183f907166e5948296375518dc0f65b All Club CMS versions 0.0.2 and below remote database configuration retrieval exploit. [ pagetreecms-rfi.txt ] d1360ea3359fff272831e5bc2f31f3d7 PageTree CMS version 0.0.2 BETA 0001 suffers from a remote file inclusion vulnerability. [ impresscms-fixation.txt ] dd0b176a00427a22573b0535d3f8506f Social Impress CMS version 1.1 suffers from a session fixation vulnerability. [ webcalsys340-sqlxss.txt ] fd0393b0932b6d59f0eb08231b2e1776 Web Calendar System versions 3.40 and below suffer from cross site scripting and remote SQL injection vulnerabilities. [ comersus-disclosexss.txt ] bfd56fbd13553cc995113806df8b1648 Comersus ASP Shopping Cart suffers from cross site scripting and database disclosure vulnerabilities. [ basiccms-disclose.txt ] 52ec815ff2f674ae5423c444e352c814 BaSiC-CMS suffers from a database disclosure vulnerability. [ ocean12faq-disclose.txt ] 5b958198055bb17cf739b8b1a91e48b8 Ocean12 FAQ Manager Pro suffers from a database disclosure vulnerability. [ ocean12faq-blindsql.txt ] ec94cca7d68325e0b95c83e3564f1886 Ocean12 FAQ Manager Pro suffers from a blind SQL injection vulnerability. [ ocean12cm-sqlxss.txt ] bcc1bf1da8bb033160cb56ca58beb838 Ocean12 Contact Manager Pro version 1.02 suffers from cross site scripting and SQL injection vulnerabilities. [ associated-xss.txt ] 4d2aa639a14865ad40a83dbff456c8f6 AssoCIateD version 1.4.4 suffers from a cross site scripting vulnerability.