Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 06:08:39 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1851217468&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0909-exploits%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1851217468.1338185319.1338185319.1338185319.1%3B%2B__utmz%3D32867617.1338185319.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/81774/0909-exploits.tgz http://packetstormsecurity.org/files/81774/0909-exploits.tgz http://packetstormsecurity.org/files/81774/Packet-Storm-New-Exploits-For-September-2009.html Fri, 02 Oct 2009 01:58:33 GMT This archive contains all of the 313 exploits added to Packet Storm in September, 2009. http://packetstormsecurity.org/files/81730/gameforge-xsscookie.txt http://packetstormsecurity.org/files/81730/gameforge-xsscookie.txt http://packetstormsecurity.org/files/81730/Gameforge.de-Insecure-Cookie-XSS.html Wed, 30 Sep 2009 19:48:59 GMT Gameforge.de suffers from an insecure cookie and cross site scripting vulnerabilities. http://packetstormsecurity.org/files/81723/smb2_negotiate_func_index.rb.txt http://packetstormsecurity.org/files/81723/smb2_negotiate_func_index.rb.txt http://packetstormsecurity.org/files/81723/Microsoft-SRV2.SYS-SMB-Negotiate-ProcessID-Function-Table-Dereference.html Tue, 29 Sep 2009 21:36:39 GMT This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw. http://packetstormsecurity.org/files/81722/flatpress-exec.txt http://packetstormsecurity.org/files/81722/flatpress-exec.txt http://packetstormsecurity.org/files/81722/FlatPress-Local-File-Inclusion-Command-Execution.html Tue, 29 Sep 2009 21:21:02 GMT FlatPress versions 0.804 through 0.812.1 are vulnerable to a local file inclusion vulnerability that allows for remote command execution. http://packetstormsecurity.org/files/81720/9sg_ibm_uri.txt http://packetstormsecurity.org/files/81720/9sg_ibm_uri.txt http://packetstormsecurity.org/files/81720/IBM-Installation-Manager-1.3.0-Code-Execution.html Tue, 29 Sep 2009 21:12:24 GMT IBM Installation Manager version 1.3.0 and below iim:// URI handler remote code execution exploit. http://packetstormsecurity.org/files/81719/9sg_emc_keyhelp.txt http://packetstormsecurity.org/files/81719/9sg_emc_keyhelp.txt http://packetstormsecurity.org/files/81719/EMC-KeyWorks-KeyHelp-Buffer-Overflow.html Tue, 29 Sep 2009 21:11:08 GMT Multiple EMC products remote buffer overflow exploit that takes advantage of keyhelp.ocx version 1.2.312. http://packetstormsecurity.org/files/81718/9sg_oracle_devmode_i.txt http://packetstormsecurity.org/files/81718/9sg_oracle_devmode_i.txt http://packetstormsecurity.org/files/81718/Oracle-Document-Capture-BlackIce-Stack-Buffer-Overflow.html Tue, 29 Sep 2009 21:09:53 GMT Oracle Document Capture BlackIce DEVMODE Active-X related remote stack-based buffer overflow exploit. http://packetstormsecurity.org/files/81717/9sg_hp_loadrunner.txt http://packetstormsecurity.org/files/81717/9sg_hp_loadrunner.txt http://packetstormsecurity.org/files/81717/HP-LoadRunner-9.5-File-Creation.html Tue, 29 Sep 2009 21:08:31 GMT HP LoadRunner version 9.5 Persits.XUpload.2 control (XUpload.ocx) MakeHttpRequest() remote file creation proof of concept exploit. http://packetstormsecurity.org/files/81716/9sg_oracle_devmode_ii.txt http://packetstormsecurity.org/files/81716/9sg_oracle_devmode_ii.txt http://packetstormsecurity.org/files/81716/Oracle-Document-Capture-BlackIce-Command-Execution.html Tue, 29 Sep 2009 21:07:13 GMT Oracle Document Capture BlackIce DEVMODE Active-X related remote command execution exploit. http://packetstormsecurity.org/files/81715/9sg_adobe_pe_local.txt http://packetstormsecurity.org/files/81715/9sg_adobe_pe_local.txt http://packetstormsecurity.org/files/81715/Adobe-Photoshop-Elements-8.0-Privilege-Escalation.html Tue, 29 Sep 2009 21:04:49 GMT Adobe Photoshop Elements 8.0 Active File Monitor Service suffers from a bad security descriptor local elevation of privileges vulnerability. http://packetstormsecurity.org/files/81709/ecaptcha-xss.txt http://packetstormsecurity.org/files/81709/ecaptcha-xss.txt http://packetstormsecurity.org/files/81709/E107-eCaptcha-Cross-Site-Scripting.html Tue, 29 Sep 2009 03:01:17 GMT The E107 eCaptcha plugin suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/files/81701/heat-sql.txt http://packetstormsecurity.org/files/81701/heat-sql.txt http://packetstormsecurity.org/files/81701/HEAT-Call-Logging-8.01-SQL-Injection.html Tue, 29 Sep 2009 02:31:59 GMT HEAT Call Logging version 8.01 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/81700/DSECRG-09-044.txt http://packetstormsecurity.org/files/81700/DSECRG-09-044.txt http://packetstormsecurity.org/files/81700/EnjoySAP-Arbitrary-File-Overwrite.html Tue, 29 Sep 2009 02:28:51 GMT EnjoySAP, SAP GUI for Windows versions 6.4 and 7.1 suffer an arbitrary file overwrite vulnerability. http://packetstormsecurity.org/files/81693/core_ftp_server_DoS.py.txt http://packetstormsecurity.org/files/81693/core_ftp_server_DoS.py.txt http://packetstormsecurity.org/files/81693/Core-FTP-Server-1.0-Denial-Of-Service.html Tue, 29 Sep 2009 02:09:08 GMT Core FTP Server version 1.0 build 304 remote denial of service exploit. http://packetstormsecurity.org/files/81692/joomlaircmbasic-sql.txt http://packetstormsecurity.org/files/81692/joomlaircmbasic-sql.txt http://packetstormsecurity.org/files/81692/Joomla-com_ircmbasic-SQL-Injection.html Tue, 29 Sep 2009 02:06:10 GMT The Joomla IRCm Basic component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/81691/facebookurl-xss.txt http://packetstormsecurity.org/files/81691/facebookurl-xss.txt http://packetstormsecurity.org/files/81691/Facebook-URL-Cross-Site-Scripting.html Tue, 29 Sep 2009 02:04:30 GMT Facebook suffers from a URL string evasion cross site scripting vulnerability. http://packetstormsecurity.org/files/81690/easymailqsemimap-dos.txt http://packetstormsecurity.org/files/81690/easymailqsemimap-dos.txt http://packetstormsecurity.org/files/81690/EasyMail-Quicksoft-6.0.2.0-Denial-Of-Service.html Tue, 29 Sep 2009 01:59:25 GMT EasyMail Quicksoft version 6.0.2.0 suffers from a remote denial of service vulnerability in emimap4.dll. http://packetstormsecurity.org/files/81689/novellgw-dos.txt http://packetstormsecurity.org/files/81689/novellgw-dos.txt http://packetstormsecurity.org/files/81689/Novell-Groupwise-Client-7.0.3.1294-Denial-Of-Service.html Tue, 29 Sep 2009 01:58:38 GMT Novell Groupwise Client version 7.0.3.1294 suffers from a remote denial of service vulnerability. http://packetstormsecurity.org/files/81688/adobesp-overflow.txt http://packetstormsecurity.org/files/81688/adobesp-overflow.txt http://packetstormsecurity.org/files/81688/Adobe-ShockWave-Player-11.5.1.601-Stack-Overflow.html Tue, 29 Sep 2009 01:57:30 GMT Adobe ShockWave Player version 11.5.1.601 suffers from an Active-X related stack overflow vulnerability. http://packetstormsecurity.org/files/81669/mereo_disclosure.txt http://packetstormsecurity.org/files/81669/mereo_disclosure.txt http://packetstormsecurity.org/files/81669/Mereo-1.8.0-File-Disclosure.html Sat, 26 Sep 2009 02:27:32 GMT Mereo web server version 1.8 suffers from a remote source code disclosure vulnerability. http://packetstormsecurity.org/files/81668/bigant_local1.py.txt http://packetstormsecurity.org/files/81668/bigant_local1.py.txt http://packetstormsecurity.org/files/81668/BigAnt-Server-2.50-Buffer-Overflow-PoC-1.html Sat, 26 Sep 2009 02:26:30 GMT BigAnt server versions 2.50 SP6 and below local buffer overflow exploit that creates a malicious .zip file. http://packetstormsecurity.org/files/81667/bigant_local2.py.txt http://packetstormsecurity.org/files/81667/bigant_local2.py.txt http://packetstormsecurity.org/files/81667/BigAnt-Server-2.50-Buffer-Overflow-PoC-2.html Sat, 26 Sep 2009 02:25:00 GMT BigAnt server versions 2.50 SP6 and below local buffer overflow exploit that creates a malicious .zip file. http://packetstormsecurity.org/files/81666/cdburnerXP.py.txt http://packetstormsecurity.org/files/81666/cdburnerXP.py.txt http://packetstormsecurity.org/files/81666/CDBurnerXP-4.2.4.1351-Crash.html Sat, 26 Sep 2009 02:24:23 GMT CDBurnerXP version 4.2.4.1351 local crash proof of concept exploit. http://packetstormsecurity.org/files/81665/coreftp_local.py.txt http://packetstormsecurity.org/files/81665/coreftp_local.py.txt http://packetstormsecurity.org/files/81665/Core-FTP-LE-2.1-Buffer-Overflow.html Sat, 26 Sep 2009 02:23:43 GMT Core FTP LE version 2.1 build 1612 local buffer overflow proof of concept exploit. http://packetstormsecurity.org/files/81664/Dr_IDE_VLC.1.0.2.py.txt http://packetstormsecurity.org/files/81664/Dr_IDE_VLC.1.0.2.py.txt http://packetstormsecurity.org/files/81664/VLC-Media-Player-1.0.2-smb-Stack-Overflow.html Sat, 26 Sep 2009 02:22:36 GMT VLC Media Player version 1.0.2 smb:// URI handling remote stack overflow proof of concept exploit.