Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 05:32:28 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1557951621&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0701-exploits%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1557951621.1338183148.1338183148.1338183148.1%3B%2B__utmz%3D32867617.1338183148.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/54129/0701-exploits.tgz http://packetstormsecurity.org/files/54129/0701-exploits.tgz http://packetstormsecurity.org/files/54129/0701-exploits.tgz.html Thu, 01 Feb 2007 05:29:26 GMT Packet Storm new exploits for January, 2007. http://packetstormsecurity.org/files/54114/galeria-lfi.txt http://packetstormsecurity.org/files/54114/galeria-lfi.txt http://packetstormsecurity.org/files/54114/galeria-lfi.txt.html Wed, 31 Jan 2007 04:16:04 GMT Local file inclusion exploit for zd_numer.php in Galeria Zdjec versions 3.0 and below. http://packetstormsecurity.org/files/54113/phpfootball16-disclose.txt http://packetstormsecurity.org/files/54113/phpfootball16-disclose.txt http://packetstormsecurity.org/files/54113/phpfootball16-disclose.txt.html Wed, 31 Jan 2007 04:14:30 GMT PHPFootball version 1.6 suffers from a remote database disclosure flaw in show.php. http://packetstormsecurity.org/files/54112/cascadianfaq-sql.txt http://packetstormsecurity.org/files/54112/cascadianfaq-sql.txt http://packetstormsecurity.org/files/54112/cascadianfaq-sql.txt.html Wed, 31 Jan 2007 04:13:15 GMT CascadianFAQ versions 4.1 and below suffer from a remote SQL injection vulnerability in index.php. http://packetstormsecurity.org/files/54111/mynews-rfi.txt http://packetstormsecurity.org/files/54111/mynews-rfi.txt http://packetstormsecurity.org/files/54111/mynews-rfi.txt.html Wed, 31 Jan 2007 04:12:09 GMT MyNews versions 4.2.2 and below suffer from a remote file inclusion vulnerability. http://packetstormsecurity.org/files/54110/phpbb2-rfi.txt http://packetstormsecurity.org/files/54110/phpbb2-rfi.txt http://packetstormsecurity.org/files/54110/phpbb2-rfi.txt.html Wed, 31 Jan 2007 04:10:47 GMT phpBB2 MODificat versions 0.2.0 and below suffer from a remote file inclusion vulnerability. http://packetstormsecurity.org/files/54109/devc4992.py.txt http://packetstormsecurity.org/files/54109/devc4992.py.txt http://packetstormsecurity.org/files/54109/devc4992.py.txt.html Wed, 31 Jan 2007 04:09:05 GMT Dev-C++ version 4.9.9.2 CPP file parsing local stack overflow proof of concept exploit. http://packetstormsecurity.org/files/54108/MOAB-29-01-2007.rb.txt http://packetstormsecurity.org/files/54108/MOAB-29-01-2007.rb.txt http://packetstormsecurity.org/files/54108/MOAB-29-01-2007.rb.txt.html Wed, 31 Jan 2007 04:07:42 GMT Month of Apple Bugs - Apple iChat Bonjour functionality is affected by several remotely exploitable denial of service flaws which can be triggered via advertising presence services over multicast DNS. This is the denial of service proof of concept exploit. http://packetstormsecurity.org/files/54104/phpgenlib-rfi.txt http://packetstormsecurity.org/files/54104/phpgenlib-rfi.txt http://packetstormsecurity.org/files/54104/phpgenlib-rfi.txt.html Wed, 31 Jan 2007 03:54:18 GMT Generic PHP remote file inclusion exploit framework. http://packetstormsecurity.org/files/54103/rblasp-sql.txt http://packetstormsecurity.org/files/54103/rblasp-sql.txt http://packetstormsecurity.org/files/54103/rblasp-sql.txt.html Wed, 31 Jan 2007 03:50:56 GMT RBL ASP suffers from a SQL injection vulnerability in its login/password fields. http://packetstormsecurity.org/files/54083/Universal_printer_provider_exploit.zip http://packetstormsecurity.org/files/54083/Universal_printer_provider_exploit.zip http://packetstormsecurity.org/files/54083/Universal_printer_provider_exploit.zip.html Tue, 30 Jan 2007 01:58:34 GMT Universal exploit for vulnerable EnumPrintersW() calls related to the spooler service. Allows code execution with SYSTEM privileges. Affected includes DiskAccess NFS Client (dapcnfsd.dll version 0.6.4.0), Citrix Metaframe - cpprov.dll, and Novell - nwspool.dll. http://packetstormsecurity.org/files/54082/mdpro-sql.txt http://packetstormsecurity.org/files/54082/mdpro-sql.txt http://packetstormsecurity.org/files/54082/mdpro-sql.txt.html Tue, 30 Jan 2007 01:40:10 GMT MDPro version 1.0.76 suffers from multiple SQL injection vulnerabilities. http://packetstormsecurity.org/files/54077/MOAB-28-01-2007.rb.txt http://packetstormsecurity.org/files/54077/MOAB-28-01-2007.rb.txt http://packetstormsecurity.org/files/54077/MOAB-28-01-2007.rb.txt.html Mon, 29 Jan 2007 16:59:01 GMT Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability. http://packetstormsecurity.org/files/54076/MOAB-27-01-2007.tgz http://packetstormsecurity.org/files/54076/MOAB-27-01-2007.tgz http://packetstormsecurity.org/files/54076/MOAB-27-01-2007.tgz.html Mon, 29 Jan 2007 16:57:21 GMT Month of Apple Bugs - Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution. This tgz holds a malicious .wmv file that demonstrates this vulnerability. http://packetstormsecurity.org/files/54071/MsgEng.py.txt http://packetstormsecurity.org/files/54071/MsgEng.py.txt http://packetstormsecurity.org/files/54071/MsgEng.py.txt.html Mon, 29 Jan 2007 16:35:08 GMT Heap overflow exploit for msgeng.exe in Computer Associates BrightStor ARCserve Backup. http://packetstormsecurity.org/files/54068/lcs11-rfi.txt http://packetstormsecurity.org/files/54068/lcs11-rfi.txt http://packetstormsecurity.org/files/54068/lcs11-rfi.txt.html Mon, 29 Jan 2007 16:29:32 GMT Local Calendar System version 1.1 suffers from a remote file inclusion flaw. http://packetstormsecurity.org/files/54066/admentor-sql.txt http://packetstormsecurity.org/files/54066/admentor-sql.txt http://packetstormsecurity.org/files/54066/admentor-sql.txt.html Mon, 29 Jan 2007 16:27:52 GMT AdMentor suffers from a SQL injection vulnerability that allows for login bypass. http://packetstormsecurity.org/files/54031/MOAB-25-01-2007.rb.txt http://packetstormsecurity.org/files/54031/MOAB-25-01-2007.rb.txt http://packetstormsecurity.org/files/54031/MOAB-25-01-2007.rb.txt.html Sat, 27 Jan 2007 04:28:46 GMT Month of Apple Bugs - Ruby exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition. http://packetstormsecurity.org/files/54030/MOAB-25-01-2007.c http://packetstormsecurity.org/files/54030/MOAB-25-01-2007.c http://packetstormsecurity.org/files/54030/MOAB-25-01-2007.c.html Sat, 27 Jan 2007 04:28:11 GMT Month of Apple Bugs - C exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition. http://packetstormsecurity.org/files/54027/intel-dos.txt http://packetstormsecurity.org/files/54027/intel-dos.txt http://packetstormsecurity.org/files/54027/intel-dos.txt.html Sat, 27 Jan 2007 04:21:50 GMT The Intel wireless mini-pci driver provided with Intel 2200BG cards is vulnerable to a remote memory corruption flaw. Malformed disassociation packets can be used to corrupt internal kernel structures, causing a denial of service (BSOD). Proof of concept exploit included. http://packetstormsecurity.org/files/54021/tmvwall381v3_exp.c http://packetstormsecurity.org/files/54021/tmvwall381v3_exp.c http://packetstormsecurity.org/files/54021/tmvwall381v3_exp.c.html Sat, 27 Jan 2007 04:08:56 GMT Local root exploit for vscan/VSAPI in Trend Micro VirusWall version 3.81 on Linux. http://packetstormsecurity.org/files/54017/siteman1111-disclose.txt http://packetstormsecurity.org/files/54017/siteman1111-disclose.txt http://packetstormsecurity.org/files/54017/siteman1111-disclose.txt.html Sat, 27 Jan 2007 03:33:54 GMT Siteman version 1.1.11 suffers from a remote password disclosure flaw. http://packetstormsecurity.org/files/54015/aztek41-sploit.txt http://packetstormsecurity.org/files/54015/aztek41-sploit.txt http://packetstormsecurity.org/files/54015/aztek41-sploit.txt.html Sat, 27 Jan 2007 03:29:21 GMT Aztek Forum version 4.1 exploit that demonstrates multiple vulnerabilities including SQL injection and filter bypas flaws. http://packetstormsecurity.org/files/54014/siteman-pass.txt http://packetstormsecurity.org/files/54014/siteman-pass.txt http://packetstormsecurity.org/files/54014/siteman-pass.txt.html Sat, 27 Jan 2007 03:27:10 GMT Siteman version 2.0.x2 suffers from a remote password disclosure flaw. http://packetstormsecurity.org/files/54013/uniforum4-sql.txt http://packetstormsecurity.org/files/54013/uniforum4-sql.txt http://packetstormsecurity.org/files/54013/uniforum4-sql.txt.html Sat, 27 Jan 2007 03:26:09 GMT uniForum versions 4 and below suffer from a remote SQL injection vulnerability in wbsearch.aspx.