Packet Storm's last 50 added files. Last Updated: Thu Aug 21 20:41:12 EDT 2008 [ ieatm4v.c ] 5f3a67a56374c35d6fb9afb38c114d5f Internet Explorer version 6, 7, and 8 m4v file parsing remote zero day exploit. [ sapnotsafe.txt ] c739934da289a3ec3d82a4943c1f9729 SAPgui version 6.40 Exec() exploit. [ MDVSA-2008-180.txt ] d020ce82b78a55691be3b77a8258749f Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The updated packages have been patched to prevent this issue. [ MDVSA-2008-179.txt ] 7fa23a387b9a6aa48f33a17134658e9b Mandriva Linux Security Advisory - An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. The Metisse program is likewise affected by these issues; the updated packages have been patched to prevent them. [ MDVSA-2008-178.txt ] f81b67007a37ee028b814f93f17b95cb Mandriva Linux Security Advisory - Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue. [ dsa-1630-1.txt ] 367b80017310ff6cee24b30977a80f99 Debian Security Advisory 1630-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. [ dxshopcart-xss.txt ] 7e9c53e8165778b7432a27fcaa2cfb2d DXShopCart version 4.30mc suffers from a cross site scripting vulnerability in the product search functionality. [ tinycms-lfi.txt ] 0598b8185b84b91e434f2ed18e03dd3a tinyCMS version 1.1.2 suffers from a local file inclusion vulnerability in templater.php. [ easysite-lfi.txt ] d78a8ea434b161e2d33d4b43fbfd4b97 EasySite version 2.3 suffers from local file inclusion and arbitrary folder viewing vulnerabilities. [ bandsitecms-xss.txt ] 63828352780d59d232deb17c76088e50 BandSite CMS version 1.1.4 suffers from arbitrary database download, cross site scripting, and cross site request forgery vulnerabilities. [ glsa-200804-22-03.txt ] ebb72f271795a16c7a89e0cc3a25ae70 Gentoo Linux Security Advisory [UPDATE] GLSA 200804-22:03 - Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to resolve this issue was incomplete, as it did not always enable the stronger random number generator for source port selection (CVE-2008-3217). Versions less than 3.1.6 are affected. [ timetrex-xss.txt ] 4166e9c811d2f2a8287e2979d15dbe50 TimeTrex suffers from multiple cross site scripting vulnerabilities. [ freebsd-setexec.txt ] aa3b76332db49f1067debd3ecb21121b 56 byte setuid(0); execve(ipf -Fa); FreeBSD/x86 shellcode. [ freebsd-reverse.txt ] e7493694f7a1458ba9a1b3cfd1e972d9 89 byte /bin/sh reverse portbind FreeBSD/x86 shellcode. [ photocart-sql.txt ] 5a9dbd8e9e47b2a200dc1806ba20dbc8 PhotoCart versions 3.9 and below suffer from multiple remote SQL injection vulnerabilities. [ ccms40-sql.txt ] 931257c66ebab0de1e9f1fb22cab0d8b CustomCMS version 4.0 suffers from a remote SQL injection vulnerability in print.php. [ fujitsu-traverse.txt ] d292e25ca7da21d159363fd9d18ffa4d Fujitsu Web-Based Admin View version 2.1.2 suffers from a directory traversal vulnerability. [ ios-shellcode.txt ] e1c47f849c52f04847cf196c0503859f Version-independent IOS shellcode that does not require hard-coded IOS addresses. [ farphp-lfi.txt ] 47485a57f8875e02884953f766bc1178 FAR - PHP Project version 1.0 suffers from a local file inclusion vulnerability. [ MDVSA-2008-177.txt ] be91fa3452d00d25310bbe167ebe5038 Mandriva Linux Security Advisory - Guido Landi found a stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue. [ MDVSA-2008-176.txt ] 0ea1927644dee386902a2c15ae603cee Mandriva Linux Security Advisory - A stack-based buffer overflow was found in mtr prior to version 0.73 that allowed remote attackers to execute arbitrary code via a crafted DNS PTR record, when called with the --split option. The updated packages provide mtr 0.73 which corrects this issue. [ MDVSA-2008-175.txt ] 68a89521e8a4ebd2c2bd15623294278c Mandriva Linux Security Advisory - A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs. The updated packages have been patched to correct this issue. [ surveywizard-sql.txt ] cacb73096c2edaddbee299ac77e704cc Survey Wizard suffers from a remote SQL injection vulnerability. [ dxshopcart-sql.txt ] 0ebaa74b52af5459325ad4f89945b8a9 DXShopCart version 4.30mc suffers from a remote SQL injection vulnerability. [ faqman-sql.txt ] 49598f02a44081082398397d335a5366 FAQ Management suffers from a remote SQL injection vulnerability. [ CORE-2008-0813.txt ] 762ace67edbf513d11ef873fdb4e0b14 Core Security Technologies Advisory - vBulletin versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 suffer from a cross site scripting vulnerability. [ CORE-2008-0624.txt ] 2f9bb16efa2c023574ae39cd5fde147b Core Security Technologies Advisory - Anzio Web Print Object (WePO) is a Windows ActiveX web page component that suffers from a buffer overflow vulnerability. [ simasycms-sql.txt ] a277e4fa26164f5b819b1363fa490368 Simasy CMS suffers from a remote SQL injection vulnerability. [ sipwitch-0.3.0.tar.gz ] 14fba7ddb12d875384793e0ae9fd735b GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate. [ webeditioncms-sql.txt ] 1aeed080a29c8ae3624a19ea16cb4685 WebEdition CMS remote blind SQL injection exploit. [ phpbazar-sql.txt ] 76341cf8ce6e1bd0391402c200cd1242 phpBazar version 2.0.2 suffers from a remote SQL injection vulnerability. [ DirBuster-0.11-src.tar.bz2 ] 829cb18af920f4a293077825d2f94cb8 DirBuster is a multi-threaded java application designed to brute force directories and files names on web/application servers. [ toorconCFP2008.txt ] f7b7a2e3973f03e4b47bafce5665a1be ToorCon X Call For Papers - Papers and presentations are being accepted for ToorCon X to be held at the Convention Center in San Diego, CA from September 24th through the 25th. [ folderlock-disclose.txt ] f1ddb1fbf905abd30b63f04de4e5674f Folder Lock versions 5.9.5 and below suffer from a local password information disclosure vulnerability. [ pars4u-sqlxss.txt ] 5f1dc00c87a257a0135f97d159e97ca0 Pars4U Videosharing version 1 cross site scripting and remote blind SQL injection exploit. [ collabreate-defcon.tgz ] d205984bf3188797c6e56f224938cda7 CollabREate is an IDA Pro plugin with a server backend that allows multiple people to collaborate on a single RE (reverse engineering) project. This is the Defcon demo bundle. [ Grendel-Scan-v1.0-src.zip ] 15ad913facfcb8075b5b038f9cc19358 Grendel-Scan is an open-source web application security testing tool. It has an automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. [ voiper-0.06.tar.gz ] 81517b583ef0700efc3b5cff047518f0 VoIPER is a VoIP security testing toolkit incorporating several VoIP fuzzers and auxiliary tools to assist the auditor. It can currently generate over 200,000 SIP tests and H.323/IAX modules are in development. [ modscan.py.txt ] a884da5a3df280eab12fd998cf7dbf8b ModScan is a new tool designed to map a SCADA MODBUS TCP based network. The tool is written in python for portability and can be used on virtually any system with few required libraries. [ bh-0.8.6.tgz ] 65eaed3776355063d4cd9131f1515a07 Beholder is a wireless intrusion detection tool that looks for anomalies in a wifi environment. [ bookmarks-sql.txt ] 6b0b701af098af60ef85174f2ee06888 Active PHP Bookmarks version 1.1.02 suffers from a remote SQL injection vulnerability. [ vsclam-0.9.1.tar.gz ] 71b2ba265316850c0c2b557e0d9f154c ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example. [ USN-636-1.txt ] cce112ac7583d275595f69c51a839d9d Ubuntu Security Notice 636-1 - Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable. [ MDVSA-2008-174.txt ] 00d8eaccddf52548564ee8c6e0a43883 Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. [ MDVSA-2008-173.txt ] a4ecb934a32e106110b9ab5649af376c Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected older versions of kpdf, so the updated packages have been patched to correct this issue. [ forcedmatrix-sql.txt ] b06c68e34751d22960cfaa815a8693ed Forced Matrix Script suffers from a remote SQL injection vulnerability in tr1.php. [ prograte-sql.txt ] cda25d3f905fff731903c2922794afab Programs Rating suffers from a remote SQL injection vulnerability in details.php. [ jokessite-sql.txt ] 1163803e2427039d47c62c117306a423 Jokes Site suffers from a remote SQL injection vulnerability in jokes.php. [ classifieds-sql.txt ] 1aee893c0ea4371cb9266c592408cc14 Classifieds suffers from a remote SQL injection vulnerability in view.php. [ adexchange-sql.txt ] bcac4b151289c89497fd87780248ddce Ad-Exchange suffers from a remote SQL injection vulnerability in tr.php.