Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 05:56:40 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1013746207&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0903-exploits%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1013746207.1338184600.1338184600.1338184600.1%3B%2B__utmz%3D32867617.1338184600.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/76266/0903-exploits.tgz http://packetstormsecurity.org/files/76266/0903-exploits.tgz http://packetstormsecurity.org/files/76266/Packet-Storm-New-Exploits-For-March-2009.html Wed, 01 Apr 2009 22:37:40 GMT Packet Storm new exploits for March, 2009. http://packetstormsecurity.org/files/76248/CORE-2009-0108.txt http://packetstormsecurity.org/files/76248/CORE-2009-0108.txt http://packetstormsecurity.org/files/76248/Core-Security-Technologies-Advisory-2009.0108.html Wed, 01 Apr 2009 01:47:39 GMT Core Security Technologies Advisory - The Sun Calendar Express Web Server suffers from remote denial of service and cross site scripting vulnerabilities. http://packetstormsecurity.org/files/76247/DSECRG-09-030.txt http://packetstormsecurity.org/files/76247/DSECRG-09-030.txt http://packetstormsecurity.org/files/76247/PrecisionID-File-Overwrite.html Wed, 01 Apr 2009 01:46:18 GMT The PrecisionID Active-X control suffers from an arbitrary file overwriting vulnerability. http://packetstormsecurity.org/files/76246/DSECRG-09-016.txt http://packetstormsecurity.org/files/76246/DSECRG-09-016.txt http://packetstormsecurity.org/files/76246/SAPDB-Cross-Site-Scripting.html Wed, 01 Apr 2009 01:45:20 GMT SAPDB suffers from multiple cross site scripting vulnerabilities. http://packetstormsecurity.org/files/76245/DSECRG-09-013.txt http://packetstormsecurity.org/files/76245/DSECRG-09-013.txt http://packetstormsecurity.org/files/76245/IBM-WebSphere-Cross-Site-Scripting.html Wed, 01 Apr 2009 01:43:59 GMT IBM WebSphere Application Server versions 7.0 and 6.1 suffer from multiple cross site scripting vulnerabilities. http://packetstormsecurity.org/files/76244/webedition-lfi.txt http://packetstormsecurity.org/files/76244/webedition-lfi.txt http://packetstormsecurity.org/files/76244/webEdition-6.0.0.4-Local-File-Inclusion.html Wed, 01 Apr 2009 01:42:18 GMT webEdition versions 6.0.0.4 and below suffer from a local file inclusion vulnerability. http://packetstormsecurity.org/files/76241/scoutportal-sqlxss.txt http://packetstormsecurity.org/files/76241/scoutportal-sqlxss.txt http://packetstormsecurity.org/files/76241/Scout-Portal-Toolkit-1.4-XSS-SQL-Injection.html Wed, 01 Apr 2009 01:28:43 GMT The Scout Portal Toolkit version 1.4 suffers from cross site scripting and SQL injection vulnerabilities. The SQL injection vulnerability was already previously discovered in May of 2008. http://packetstormsecurity.org/files/76240/turnkeyebook-xss.txt http://packetstormsecurity.org/files/76240/turnkeyebook-xss.txt http://packetstormsecurity.org/files/76240/Turnkey-Ebook-Store-1.1-Cross-Site-Scripting.html Wed, 01 Apr 2009 01:24:53 GMT Turnkey Ebook Store version 1.1 suffers from cross site scripting and redirection vulnerabilities. http://packetstormsecurity.org/files/76234/vspstats-sql.txt http://packetstormsecurity.org/files/76234/vspstats-sql.txt http://packetstormsecurity.org/files/76234/VSP-Stats-Processor-0.45-SQL-Injection.html Wed, 01 Apr 2009 00:50:36 GMT VSP Stats Processor version 0.45 suffers from a remote SQL injection vulnerability in gamestat.php. http://packetstormsecurity.org/files/76233/phprecipebook239-sql.txt http://packetstormsecurity.org/files/76233/phprecipebook239-sql.txt http://packetstormsecurity.org/files/76233/PHPRecipeBook-2.39-SQL-Injection.html Wed, 01 Apr 2009 00:47:22 GMT PHPRecipeBook version 2.39 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/76232/jobhut-passwd.txt http://packetstormsecurity.org/files/76232/jobhut-passwd.txt http://packetstormsecurity.org/files/76232/JobHut-1.2-Password-Change.html Wed, 01 Apr 2009 00:44:43 GMT JobHut versions 1.2 and below suffer from remote password change/delete/active user vulnerabilities. http://packetstormsecurity.org/files/76230/aspwebcalendar-disclose.txt http://packetstormsecurity.org/files/76230/aspwebcalendar-disclose.txt http://packetstormsecurity.org/files/76230/aspWebCalendar-Free-Edition-Database-Disclosure.html Wed, 01 Apr 2009 00:32:05 GMT aspWebCalendar Free Edition suffers from a database disclosure vulnerability. http://packetstormsecurity.org/files/76227/waraxe-2009-SA071.txt http://packetstormsecurity.org/files/76227/waraxe-2009-SA071.txt http://packetstormsecurity.org/files/76227/VirtueMart-1.1.2-SQL-Injection-RFI-LFI-XSS.html Wed, 01 Apr 2009 00:27:38 GMT VirtueMart versions 1.1.2 and below suffer from cross site scripting, SQL injection, remote/local file inclusion, and code execution vulnerabilities. http://packetstormsecurity.org/files/76226/virtuemart-sql.txt http://packetstormsecurity.org/files/76226/virtuemart-sql.txt http://packetstormsecurity.org/files/76226/VirtueMart-1.1.2-SQL-Injection.html Wed, 01 Apr 2009 00:25:34 GMT This Metasploit module exploits a blind SQL injection vulnerability in VirtueMart versions 1.1.2 and below. http://packetstormsecurity.org/files/76225/podcastgen-exec.txt http://packetstormsecurity.org/files/76225/podcastgen-exec.txt http://packetstormsecurity.org/files/76225/Podcast-Generator-1.1-Code-Execution.html Wed, 01 Apr 2009 00:24:03 GMT Podcast Generator versions 1.1 and below remote code execution exploit. http://packetstormsecurity.org/files/76224/safarixml-crash.txt http://packetstormsecurity.org/files/76224/safarixml-crash.txt http://packetstormsecurity.org/files/76224/Safari-3.2.2-XML-Crash-Exploit.html Wed, 01 Apr 2009 00:22:54 GMT Safari versions 3.2.2 and 4 BETA XML parsing remote crash exploit. http://packetstormsecurity.org/files/76231/cisco5520-xss.txt http://packetstormsecurity.org/files/76231/cisco5520-xss.txt http://packetstormsecurity.org/files/76231/Cisco-ASA5520-Web-VPN-Cross-Site-Scripting.html Tue, 31 Mar 2009 16:33:25 GMT The Cisco ASA5520 Web VPN suffers from a cross site scripting vulnerability via the Host: header. http://packetstormsecurity.org/files/76203/operaxml-crash.txt http://packetstormsecurity.org/files/76203/operaxml-crash.txt http://packetstormsecurity.org/files/76203/Opera-9.64-XML-Crash.html Tue, 31 Mar 2009 02:47:51 GMT Opera version 9.64 (7400 nested elements) XML parsing remote crash exploit. http://packetstormsecurity.org/files/76201/NGENUITY-2009-006.txt http://packetstormsecurity.org/files/76201/NGENUITY-2009-006.txt http://packetstormsecurity.org/files/76201/Zabbix-1.6.2-Cross-Site-Request-Forgery.html Tue, 31 Mar 2009 02:44:30 GMT Zabbix version 1.6.2 suffers from multiple cross site request forgery vulnerabilities. http://packetstormsecurity.org/files/76197/communitycms05-sql.txt http://packetstormsecurity.org/files/76197/communitycms05-sql.txt http://packetstormsecurity.org/files/76197/Community-CMS-0.5-SQL-Injection.html Tue, 31 Mar 2009 02:40:53 GMT Community CMS version 0.5 suffers from multiple SQL injection vulnerabilities. http://packetstormsecurity.org/files/76178/checkpointfw1-overflow.txt http://packetstormsecurity.org/files/76178/checkpointfw1-overflow.txt http://packetstormsecurity.org/files/76178/Check-Point-Firewall-1-Overflow.html Mon, 30 Mar 2009 19:57:03 GMT The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client would not allow further analysis and would not provide the full product/version info. Initial testing indicates the 'Authorization' and 'Referer' headers were vulnerable. http://packetstormsecurity.org/files/76175/familyconnection-sql.txt http://packetstormsecurity.org/files/76175/familyconnection-sql.txt http://packetstormsecurity.org/files/76175/Family-Connection-1.8.1-SQL-Injection.html Mon, 30 Mar 2009 19:54:19 GMT Family Connection version 1.8.1 suffers from a create administrative user vulnerability and multiple remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/76174/adv108-K-159-2009.txt http://packetstormsecurity.org/files/76174/adv108-K-159-2009.txt http://packetstormsecurity.org/files/76174/JobHut-1.2-SQL-Injection.html Mon, 30 Mar 2009 19:52:46 GMT JobHut versions 1.2 and below suffer from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/76173/samihttp-dos.txt http://packetstormsecurity.org/files/76173/samihttp-dos.txt http://packetstormsecurity.org/files/76173/Sami-HTTP-Server-2.x-Denial-Of-Service.html Mon, 30 Mar 2009 19:51:48 GMT Sami HTTP Server 2.x remote denial of service with HEAD request exploit. http://packetstormsecurity.org/files/76170/wine-overflow.txt http://packetstormsecurity.org/files/76170/wine-overflow.txt http://packetstormsecurity.org/files/76170/Wine-1.0.1-Buffer-Overflow.html Mon, 30 Mar 2009 19:49:03 GMT Linux Wine version 1.0.1 local buffer overflow proof of concept code.