Files ≈ Packet Storm

Files ≈ Packet Storm Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 05:47:14 GMT Packet Storm 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1578217548&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0901-exploits%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1578217548.1338184034.1338184034.1338184034.1%3B%2B__utmz%3D32867617.1338184034.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) Packet Storm New Exploits For January, 2009 http://packetstormsecurity.org/files/74524/0901-exploits.tgz http://packetstormsecurity.org/files/74524/0901-exploits.tgz http://packetstormsecurity.org/files/74524/Packet-Storm-New-Exploits-For-January-2009.html Sun, 01 Feb 2009 19:48:19 GMT Packet Storm new exploits for January, 2009. E-PHP Scripts B2B Trading Marketplace XSS http://packetstormsecurity.org/files/74522/b2b-xss.txt http://packetstormsecurity.org/files/74522/b2b-xss.txt http://packetstormsecurity.org/files/74522/E-PHP-Scripts-B2B-Trading-Marketplace-XSS.html Sat, 31 Jan 2009 00:32:41 GMT E-PHP Scripts B2B Trading Marketplace suffers from a cross site scripting vulnerability. E-PHP Scripts EShop SQL Injection http://packetstormsecurity.org/files/74521/eshop-sql.txt http://packetstormsecurity.org/files/74521/eshop-sql.txt http://packetstormsecurity.org/files/74521/E-PHP-Scripts-EShop-SQL-Injection.html Sat, 31 Jan 2009 00:28:38 GMT E-PHP Scripts EShop suffers from a remote SQL injection vulnerability in search_results.php. eVision CMS 2.0 Code Execution http://packetstormsecurity.org/files/74510/evisioncms20-exec.txt http://packetstormsecurity.org/files/74510/evisioncms20-exec.txt http://packetstormsecurity.org/files/74510/eVision-CMS-2.0-Code-Execution.html Sat, 31 Jan 2009 00:01:28 GMT eVision CMS version 2.0 remote command execution exploit that uses local file inclusion and a file upload vulnerability in conjunction with each other. eVision CMS 2.0 SQL Injection http://packetstormsecurity.org/files/74509/evisioncms-sql.txt http://packetstormsecurity.org/files/74509/evisioncms-sql.txt http://packetstormsecurity.org/files/74509/eVision-CMS-2.0-SQL-Injection.html Fri, 30 Jan 2009 23:59:06 GMT eVision CMS versions 2.0 and below suffer from a remote SQL injection vulnerability. Spider Player 2.3.9.5 Crash http://packetstormsecurity.org/files/74508/spider-dos.txt http://packetstormsecurity.org/files/74508/spider-dos.txt http://packetstormsecurity.org/files/74508/Spider-Player-2.3.9.5-Crash.html Fri, 30 Jan 2009 23:57:46 GMT Spider Player version 2.3.9.5 off-by-one crash exploit that creates a malicious .asx file. Orca 2.0.2 Cross Site Scripting http://packetstormsecurity.org/files/74507/orca-xss.txt http://packetstormsecurity.org/files/74507/orca-xss.txt http://packetstormsecurity.org/files/74507/Orca-2.0.2-Cross-Site-Scripting.html Fri, 30 Jan 2009 23:56:48 GMT Orca version 2.0.2 suffers from a remote cross site scripting vulnerability. SkaLinks 1.5 SQL Injection http://packetstormsecurity.org/files/74506/skalinks-sql.txt http://packetstormsecurity.org/files/74506/skalinks-sql.txt http://packetstormsecurity.org/files/74506/SkaLinks-1.5-SQL-Injection.html Fri, 30 Jan 2009 22:18:41 GMT SkaLinks version 1.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass. BPAutoSales 1.0.1 SQL Injection / XSS http://packetstormsecurity.org/files/74505/bpautosales-sqlxss.txt http://packetstormsecurity.org/files/74505/bpautosales-sqlxss.txt http://packetstormsecurity.org/files/74505/BPAutoSales-1.0.1-SQL-Injection-XSS.html Fri, 30 Jan 2009 22:17:33 GMT BPAutoSales version 1.0.1 suffers from remote SQL injection and cross site scripting vulnerabilities. ReVou Twitter Clone XSS / SQL Injection http://packetstormsecurity.org/files/74503/revoutwitter-sqlxss.txt http://packetstormsecurity.org/files/74503/revoutwitter-sqlxss.txt http://packetstormsecurity.org/files/74503/ReVou-Twitter-Clone-XSS-SQL-Injection.html Fri, 30 Jan 2009 22:11:36 GMT ReVou Micro Blogging suffers from remote SQL injection and cross site scripting vulnerabilities. Chrome chromehtml: Code Execution http://packetstormsecurity.org/files/74502/chrome-sandbox.txt http://packetstormsecurity.org/files/74502/chrome-sandbox.txt http://packetstormsecurity.org/files/74502/Chrome-chromehtml-Code-Execution.html Fri, 30 Jan 2009 22:09:31 GMT Updated version of the Google Chrome chromehtml: code execution vulnerability that demonstrates disabling of the sandbox. Version 1.0.154.46 is affected. Enomaly ECP/Enomalism Insecure File Creation http://packetstormsecurity.org/files/74504/enomaly-insecure.txt http://packetstormsecurity.org/files/74504/enomaly-insecure.txt http://packetstormsecurity.org/files/74504/Enomaly-ECP-Enomalism-Insecure-File-Creation.html Fri, 30 Jan 2009 22:02:46 GMT Enomaly ECP/Enomalism versions prior to 2.1.1 use temporary files in an insecure manner, allowing for symlink and command injection attacks. Bugs Online 2.14 SQL Injection http://packetstormsecurity.org/files/74498/bugsonline-sql.txt http://packetstormsecurity.org/files/74498/bugsonline-sql.txt http://packetstormsecurity.org/files/74498/Bugs-Online-2.14-SQL-Injection.html Fri, 30 Jan 2009 21:51:22 GMT Bugs Online version 2.14 suffers from a remote SQL injection vulnerability. SalesCart SQL Injection http://packetstormsecurity.org/files/74497/salescart-sql.txt http://packetstormsecurity.org/files/74497/salescart-sql.txt http://packetstormsecurity.org/files/74497/SalesCart-SQL-Injection.html Fri, 30 Jan 2009 21:50:27 GMT SalesCart suffers from a remote SQL injection vulnerability that allows for authentication bypass. Synactic ALL_IN_THE_BOX File Overwrite http://packetstormsecurity.org/files/74496/DSECRG-09-006.txt http://packetstormsecurity.org/files/74496/DSECRG-09-006.txt http://packetstormsecurity.org/files/74496/Synactic-ALL_IN_THE_BOX-File-Overwrite.html Fri, 30 Jan 2009 21:48:50 GMT The Synactis ALL_IN_THE_BOX Active-X control version 3 can be used to overwrite any file on the target system. Amaya Web Editor 11 SEH Overwrite Exploit http://packetstormsecurity.org/files/74489/amaya-seh.txt http://packetstormsecurity.org/files/74489/amaya-seh.txt http://packetstormsecurity.org/files/74489/Amaya-Web-Editor-11-SEH-Overwrite-Exploit.html Fri, 30 Jan 2009 20:00:33 GMT Remote SEH overwrite exploit for the Amaya Web Editor version 11. PerlSoft Gastebuch 1.7b Code Execution http://packetstormsecurity.org/files/74486/gb-exec.txt http://packetstormsecurity.org/files/74486/gb-exec.txt http://packetstormsecurity.org/files/74486/PerlSoft-Gastebuch-1.7b-Code-Execution.html Fri, 30 Jan 2009 19:54:41 GMT PerlSoft Gastebuch version 1.7b bruteforcer and remote code execution exploit. Zoom VoIP Phone Adapter XSRF Exploit http://packetstormsecurity.org/files/74483/zoom-xsrf.txt http://packetstormsecurity.org/files/74483/zoom-xsrf.txt http://packetstormsecurity.org/files/74483/Zoom-VoIP-Phone-Adapter-XSRF-Exploit.html Fri, 30 Jan 2009 19:49:08 GMT Cross site request forgery exploit for the Zoom VoIP Phone Adapter ATA1+1. D-Link VoIP Phone Adapter XSRF / XSS http://packetstormsecurity.org/files/74482/dlink-xsrfxss.txt http://packetstormsecurity.org/files/74482/dlink-xsrfxss.txt http://packetstormsecurity.org/files/74482/D-Link-VoIP-Phone-Adapter-XSRF-XSS.html Fri, 30 Jan 2009 19:48:14 GMT The D-Link VoIP Phone Adapter suffers from cross site request forgery and cross site scripting vulnerabilities. Profense Web Application Firewall XSRF / XSS http://packetstormsecurity.org/files/74481/profense-xsrfxss.txt http://packetstormsecurity.org/files/74481/profense-xsrfxss.txt http://packetstormsecurity.org/files/74481/Profense-Web-Application-Firewall-XSRF-XSS.html Fri, 30 Jan 2009 19:47:05 GMT The Profense Web Application Firewall version 2.6.2 suffers from cross site request forgery and cross site scripting vulnerabilities. ManageEngine Firewall Analyzer 5 XSRF / XSS http://packetstormsecurity.org/files/74480/manageengine-xsrfxss.txt http://packetstormsecurity.org/files/74480/manageengine-xsrfxss.txt http://packetstormsecurity.org/files/74480/ManageEngine-Firewall-Analyzer-5-XSRF-XSS.html Fri, 30 Jan 2009 19:46:03 GMT The ManageEngine Firewall Analyzer version 5 suffers from cross site request forgery and cross site scripting vulnerabilities. Pligg 9.9.5 Cross Site Request Forgery http://packetstormsecurity.org/files/74479/pligg-xsrf.txt http://packetstormsecurity.org/files/74479/pligg-xsrf.txt http://packetstormsecurity.org/files/74479/Pligg-9.9.5-Cross-Site-Request-Forgery.html Fri, 30 Jan 2009 19:44:30 GMT Pligg version 9.9.5 cross site request forgery protection bypass and captcha bypass exploits. GOM Player 2.0.12 Buffer Overflow http://packetstormsecurity.org/files/74454/gom-overflow.txt http://packetstormsecurity.org/files/74454/gom-overflow.txt http://packetstormsecurity.org/files/74454/GOM-Player-2.0.12-Buffer-Overflow.html Fri, 30 Jan 2009 19:09:19 GMT GOM Player version 2.0.12 universal buffer overflow exploit that creates a malicious .pls file. GNUBoard 4.31.04 LFI / SQL Injection http://packetstormsecurity.org/files/74453/gnuboard-lfisql.txt http://packetstormsecurity.org/files/74453/gnuboard-lfisql.txt http://packetstormsecurity.org/files/74453/GNUBoard-4.31.04-LFI-SQL-Injection.html Fri, 30 Jan 2009 19:07:25 GMT GNUBoard version 4.31.04 suffers from local file inclusion, SQL injection, and file name disclosure vulnerabilities. PLE CMS 1.0 Beta 4.2 SQL Injection http://packetstormsecurity.org/files/74452/plecms-sql.txt http://packetstormsecurity.org/files/74452/plecms-sql.txt http://packetstormsecurity.org/files/74452/PLE-CMS-1.0-Beta-4.2-SQL-Injection.html Fri, 30 Jan 2009 19:05:58 GMT PLE CMS version 1.0 Beta 4.2 blind SQL injection exploit that leverages login.php.