Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 05:53:33 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1053506959&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0902-exploits%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1053506959.1338184413.1338184413.1338184413.1%3B%2B__utmz%3D32867617.1338184413.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/75307/0902-exploits.tgz http://packetstormsecurity.org/files/75307/0902-exploits.tgz http://packetstormsecurity.org/files/75307/Packet-Storm-New-Exploits-For-February-2009.html Mon, 02 Mar 2009 21:11:47 GMT Packet Storm new exploits for February, 2009. http://packetstormsecurity.org/files/75276/MSL-2008-002-PoC.txt http://packetstormsecurity.org/files/75276/MSL-2008-002-PoC.txt http://packetstormsecurity.org/files/75276/HTC-Touch-vCard-Over-IP-Denial-Of-Service.html Fri, 27 Feb 2009 22:18:09 GMT Proof of concept denial of service exploit for the HTC Touch vCard over IP that sends vCards to port UDP/9204. http://packetstormsecurity.org/files/75275/drupalnode-xss.txt http://packetstormsecurity.org/files/75275/drupalnode-xss.txt http://packetstormsecurity.org/files/75275/Drupal-Protected-Node-Cross-Site-Scripting.html Fri, 27 Feb 2009 22:16:36 GMT The Drupal Protected Node module version 5.x-1.3 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/files/75274/KL0209EXP-poppeeper_uidl-bof.pl.txt http://packetstormsecurity.org/files/75274/KL0209EXP-poppeeper_uidl-bof.pl.txt http://packetstormsecurity.org/files/75274/Pop-Peeper-3.4.0.0-UIDL-Buffer-Overflow-Exploit.html Fri, 27 Feb 2009 21:50:04 GMT POP Peeper version 3.4.0.0 UIDL command remote buffer overflow SEH overwrite exploit that spawns a win32 bindshell on port 55555. http://packetstormsecurity.org/files/75267/drupalq-lfi.txt http://packetstormsecurity.org/files/75267/drupalq-lfi.txt http://packetstormsecurity.org/files/75267/Drupal-Local-File-Inclusion.html Fri, 27 Feb 2009 19:50:32 GMT Drupal suffers from a local file inclusion when used on Windows. http://packetstormsecurity.org/files/75249/skyportaldm-change.txt http://packetstormsecurity.org/files/75249/skyportaldm-change.txt http://packetstormsecurity.org/files/75249/SkyPortal-Downloads-Manager-1.1-Contents-Change.html Fri, 27 Feb 2009 18:54:12 GMT SkyPortal Downloads Manager version 1.1 suffers from a contents change vulnerability. http://packetstormsecurity.org/files/75248/irokez-sqlxss.txt http://packetstormsecurity.org/files/75248/irokez-sqlxss.txt http://packetstormsecurity.org/files/75248/Irokez-Blog-0.7.3.2-XSS-RFI-SQL-Injection.html Fri, 27 Feb 2009 18:50:21 GMT Irokez Blog version 0.7.3.2 suffers from remote blind SQL injection, remote file inclusion, and cross site scripting vulnerabilities. http://packetstormsecurity.org/files/75247/hex-exec.txt http://packetstormsecurity.org/files/75247/hex-exec.txt http://packetstormsecurity.org/files/75247/Hex-Workshop-6-Local-Code-Execution.html Fri, 27 Feb 2009 18:49:17 GMT Hex Workshop versions 6 and below .hex file local code execution exploit. http://packetstormsecurity.org/files/75246/orbit-overflow.txt http://packetstormsecurity.org/files/75246/orbit-overflow.txt http://packetstormsecurity.org/files/75246/Orbit-2.4-Buffer-Overflow.html Fri, 27 Feb 2009 18:47:48 GMT Orbit versions 2.4 and below long hostname remote buffer overflow exploit. http://packetstormsecurity.org/files/75244/demiumcms-lfisqldisclose.txt http://packetstormsecurity.org/files/75244/demiumcms-lfisqldisclose.txt http://packetstormsecurity.org/files/75244/Demium-CMS-0.2.1-Beta-LFI-SQL-Injection-Disclosure.html Fri, 27 Feb 2009 18:32:53 GMT Demium CMS version 0.2.1 Beta suffers from local file inclusion, remote SQL injection, and file disclosure vulnerabilities. Full exploits included that perform local file inclusion and remote command execution leveraging both local file inclusion and SQL injection. http://packetstormsecurity.org/files/75240/bannermanager-sql.txt http://packetstormsecurity.org/files/75240/bannermanager-sql.txt http://packetstormsecurity.org/files/75240/BannerManager-0.81-SQL-Injection.html Thu, 26 Feb 2009 22:55:25 GMT BannerManager version 0.81 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/files/75239/drupaltaxonomy-xss.txt http://packetstormsecurity.org/files/75239/drupaltaxonomy-xss.txt http://packetstormsecurity.org/files/75239/Drupal-Taxonomy-Theme-Cross-Site-Scripting.html Thu, 26 Feb 2009 21:23:18 GMT The Drupal Taxonomy Theme version 5.x-1.1 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/files/75237/b2csbd-sql.txt http://packetstormsecurity.org/files/75237/b2csbd-sql.txt http://packetstormsecurity.org/files/75237/B2C-StoreBuilder-Designer-2.0-SQL-Injection.html Thu, 26 Feb 2009 21:22:25 GMT B2C StoreBuilder Designer version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/files/75236/c2crac-sql.txt http://packetstormsecurity.org/files/75236/c2crac-sql.txt http://packetstormsecurity.org/files/75236/C2C-Reverse-Auction-Creator-2.0-SQL-Injection.html Thu, 26 Feb 2009 21:21:33 GMT C2C Reverse Auction Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/files/75235/gsc-sql.txt http://packetstormsecurity.org/files/75235/gsc-sql.txt http://packetstormsecurity.org/files/75235/Great-Shop-Creator-SQL-Injection.html Thu, 26 Feb 2009 21:20:49 GMT Great Shop Creator suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/files/75233/b2brac-sql.txt http://packetstormsecurity.org/files/75233/b2brac-sql.txt http://packetstormsecurity.org/files/75233/B2B-Reverse-Auction-Creator-2.0-SQL-Injection.html Thu, 26 Feb 2009 21:18:48 GMT B2B Reverse Auction Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/files/75234/b2bfac-sql.txt http://packetstormsecurity.org/files/75234/b2bfac-sql.txt http://packetstormsecurity.org/files/75234/B2B-Forward-Auction-Creator-2.0-SQL-Injection.html Thu, 26 Feb 2009 21:17:59 GMT B2B Forward Auction Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/files/75232/b2bhmc-sql.txt http://packetstormsecurity.org/files/75232/b2bhmc-sql.txt http://packetstormsecurity.org/files/75232/B2B-Horizontal-Marketplace-Creator-2.0-SQL-Injection.html Thu, 26 Feb 2009 21:17:02 GMT B2B Horizontal Marketplace Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/files/75231/webstorecreator-sql.txt http://packetstormsecurity.org/files/75231/webstorecreator-sql.txt http://packetstormsecurity.org/files/75231/Webstore-Creator-5.0-SQL-Injection.html Thu, 26 Feb 2009 21:15:34 GMT Webstore Creator version 5.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/files/75230/shopcreator-sql.txt http://packetstormsecurity.org/files/75230/shopcreator-sql.txt http://packetstormsecurity.org/files/75230/Shop-Creator-4.0-SQL-Injection.html Thu, 26 Feb 2009 21:14:21 GMT Shop Creator version 4.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/files/75229/DSECRG-09-009.txt http://packetstormsecurity.org/files/75229/DSECRG-09-009.txt http://packetstormsecurity.org/files/75229/APC-PowerChute-Network-Shutdown-XSS.html Thu, 26 Feb 2009 21:11:42 GMT The APC PowerChute Network Shutdown's web interface suffers from http response splitting and cross site scripting vulnerabilities. http://packetstormsecurity.org/files/75228/bitdefender-xss.txt http://packetstormsecurity.org/files/75228/bitdefender-xss.txt http://packetstormsecurity.org/files/75228/BitDefender-Cross-Site-Scripting.html Thu, 26 Feb 2009 21:09:59 GMT BitDefender Internet Security 2009 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/files/75227/cpg1420-escalate.txt http://packetstormsecurity.org/files/75227/cpg1420-escalate.txt http://packetstormsecurity.org/files/75227/Coppermine-Photo-Gallery-1.4.20-Privilege-Escalation.html Thu, 26 Feb 2009 21:09:06 GMT Coppermine Photo Gallery versions 1.4.20 and below privilege escalation exploit. http://packetstormsecurity.org/files/75223/copperminepg-escalate.txt http://packetstormsecurity.org/files/75223/copperminepg-escalate.txt http://packetstormsecurity.org/files/75223/Coppermine-Photo-Gallery-1.4.20-Privilege-Escalation.html Thu, 26 Feb 2009 20:17:43 GMT Coppermine Photo Gallery versions 1.4.20 and below suffer from a privilege escalation vulnerability. http://packetstormsecurity.org/files/75220/dfsnm-sql.txt http://packetstormsecurity.org/files/75220/dfsnm-sql.txt http://packetstormsecurity.org/files/75220/DesignerfreeSolutions-Newsletter-Manager-SQL-Injection.html Thu, 26 Feb 2009 20:11:06 GMT DesignerfreeSolutions Newsletter Manager Pro suffers from a remote SQL injection vulnerability that allows for authentication bypass.