Files ≈ Packet Storm

Files ≈ Packet Storm Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 06:36:33 GMT Packet Storm 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1081893015&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0911-exploits%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1081893015.1338186993.1338186993.1338186993.1%3B%2B__utmz%3D32867617.1338186993.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) Packet Storm New Exploits For November, 2009 http://packetstormsecurity.org/files/83336/0911-exploits.tgz http://packetstormsecurity.org/files/83336/0911-exploits.tgz http://packetstormsecurity.org/files/83336/Packet-Storm-New-Exploits-For-November-2009.html Tue, 01 Dec 2009 20:54:32 GMT This archive contains all of the 448 exploits added to Packet Storm in November, 2009. XOOPS Smart Media 0.85 Cross Site Scripting http://packetstormsecurity.org/files/83318/xoopssmartmedia-xss.txt http://packetstormsecurity.org/files/83318/xoopssmartmedia-xss.txt http://packetstormsecurity.org/files/83318/XOOPS-Smart-Media-0.85-Cross-Site-Scripting.html Tue, 01 Dec 2009 02:24:42 GMT XOOPS Smart Media version 0.85 suffers from a cross site scripting vulnerability. XOOPS 2.0.x Content 0.5 SQL Injection http://packetstormsecurity.org/files/83316/xoopscontent-sql.txt http://packetstormsecurity.org/files/83316/xoopscontent-sql.txt http://packetstormsecurity.org/files/83316/XOOPS-2.0.x-Content-0.5-SQL-Injection.html Tue, 01 Dec 2009 02:20:41 GMT The XOOPS Content module version 0.5 suffers from a remote SQL injection vulnerability. Joomla Quick News SQL Injection http://packetstormsecurity.org/files/83315/joomla-quicknews.txt http://packetstormsecurity.org/files/83315/joomla-quicknews.txt http://packetstormsecurity.org/files/83315/Joomla-Quick-News-SQL-Injection.html Tue, 01 Dec 2009 02:19:08 GMT The Joomla Quick News component suffers from a remote SQL injection vulnerability. Microsoft Technet Cross Site Scripting http://packetstormsecurity.org/files/83314/technet-xss.txt http://packetstormsecurity.org/files/83314/technet-xss.txt http://packetstormsecurity.org/files/83314/Microsoft-Technet-Cross-Site-Scripting.html Tue, 01 Dec 2009 02:17:19 GMT The Microsoft Technet site suffers from a cross site scripting vulnerability. Eshopbuilde CMS SQL Injection http://packetstormsecurity.org/files/83312/eshopbuilde-sql.txt http://packetstormsecurity.org/files/83312/eshopbuilde-sql.txt http://packetstormsecurity.org/files/83312/Eshopbuilde-CMS-SQL-Injection.html Tue, 01 Dec 2009 02:08:30 GMT Eshopbuilde CMS suffers from a remote SQL injection vulnerability. dotDefender 3.8-5 Command Execution http://packetstormsecurity.org/files/83311/dotdefender-exec.txt http://packetstormsecurity.org/files/83311/dotdefender-exec.txt http://packetstormsecurity.org/files/83311/dotDefender-3.8-5-Command-Execution.html Tue, 01 Dec 2009 02:06:38 GMT dotDefender version 3.8-5 suffers from a remote command execution vulnerability. Robert Zimmerman PHP / MYSQL Bypass http://packetstormsecurity.org/files/83310/rzphp-bypass.txt http://packetstormsecurity.org/files/83310/rzphp-bypass.txt http://packetstormsecurity.org/files/83310/Robert-Zimmerman-PHP-MYSQL-Bypass.html Tue, 01 Dec 2009 02:04:48 GMT Robert Zimmerman PHP / MYSQL scripts suffer from an administrative bypass vulnerability. Micronet SP1910 Cross Site Scripting http://packetstormsecurity.org/files/83309/micronet-xss.txt http://packetstormsecurity.org/files/83309/micronet-xss.txt http://packetstormsecurity.org/files/83309/Micronet-SP1910-Cross-Site-Scripting.html Tue, 01 Dec 2009 02:03:22 GMT The Micronet SP1910 Data Access Controller user interface suffers from a cross site scripting vulnerability. Millenium MP3 Studio 2.0 Buffer Overflow http://packetstormsecurity.org/files/83307/milleniummp3-overflow.txt http://packetstormsecurity.org/files/83307/milleniummp3-overflow.txt http://packetstormsecurity.org/files/83307/Millenium-MP3-Studio-2.0-Buffer-Overflow.html Tue, 01 Dec 2009 02:00:01 GMT Millenium MP3 Studio version 2.0 buffer overflow exploit that creates a malicious .pls file. Adapt CMS Lite 1.5 Remote File Inclusion http://packetstormsecurity.org/files/83303/adaptcms-rfi.txt http://packetstormsecurity.org/files/83303/adaptcms-rfi.txt http://packetstormsecurity.org/files/83303/Adapt-CMS-Lite-1.5-Remote-File-Inclusion.html Tue, 01 Dec 2009 01:41:14 GMT Adapt CMS Lite version 1.5 suffers from a remote file inclusion vulnerability. This is the same issue that affected 1.4. SugarCRM SQL Injection / Access / Code Execution http://packetstormsecurity.org/files/83302/waraxe-2009-sugarcrm.txt http://packetstormsecurity.org/files/83302/waraxe-2009-sugarcrm.txt http://packetstormsecurity.org/files/83302/SugarCRM-SQL-Injection-Access-Code-Execution.html Tue, 01 Dec 2009 01:39:47 GMT Sugar CRM versions 5.5.0.RC2 and 5.2.0j suffer from remote SQL injection, unauthorized access, remote file inclusion, and code execution vulnerabilities. FreeBSD rtld Local Root Exploit http://packetstormsecurity.org/files/83301/fbsdrtld-exec.txt http://packetstormsecurity.org/files/83301/fbsdrtld-exec.txt http://packetstormsecurity.org/files/83301/FreeBSD-rtld-Local-Root-Exploit.html Tue, 01 Dec 2009 01:35:03 GMT FreeBSD local root exploit that leverages a bug in the Run-Time Link-Editor (rtld). Versions 7.1 and 8.0 are vulnerable. Xxasp 3.3.2 SQL Injection http://packetstormsecurity.org/files/83298/xxasp-sql.txt http://packetstormsecurity.org/files/83298/xxasp-sql.txt http://packetstormsecurity.org/files/83298/Xxasp-3.3.2-SQL-Injection.html Tue, 01 Dec 2009 01:30:27 GMT Xxasp version 3.3.2 suffers from a remote SQL injection vulnerability. Eureka Mail Client Buffer Overflow http://packetstormsecurity.org/files/83297/eureka-overflow.txt http://packetstormsecurity.org/files/83297/eureka-overflow.txt http://packetstormsecurity.org/files/83297/Eureka-Mail-Client-Buffer-Overflow.html Tue, 01 Dec 2009 01:28:53 GMT Eureka Mail Client remote buffer overflow exploit for XP SP3 English egghunter edition. Joomla Music Gallery SQL Injection http://packetstormsecurity.org/files/83296/joomlamg-sql.txt http://packetstormsecurity.org/files/83296/joomlamg-sql.txt http://packetstormsecurity.org/files/83296/Joomla-Music-Gallery-SQL-Injection.html Tue, 01 Dec 2009 01:27:26 GMT The Joomla Music Gallery component suffers from a remote SQL injection vulnerability. Elxis CMS File Disclosure http://packetstormsecurity.org/files/83283/elxiscms-disclose.txt http://packetstormsecurity.org/files/83283/elxiscms-disclose.txt http://packetstormsecurity.org/files/83283/Elxis-CMS-File-Disclosure.html Mon, 30 Nov 2009 22:06:08 GMT Elxis CMS suffers from a local file disclosure vulnerability. Oracle SYS.LT.MERGEWORKSPACE Exploit http://packetstormsecurity.org/files/83279/sys-lt-mergeworkspaceV2.sql.txt http://packetstormsecurity.org/files/83279/sys-lt-mergeworkspaceV2.sql.txt http://packetstormsecurity.org/files/83279/Oracle-SYS.LT.MERGEWORKSPACE-Exploit.html Mon, 30 Nov 2009 21:58:24 GMT Oracle SYS.LT.MERGEWORKSPACE exploit that grants DBA permissions to an unprivileged user. Oracle SYS.LT.REMOVEWORKSPACE Exploit http://packetstormsecurity.org/files/83278/sys-lt-removeworkspaceV2.sql.txt http://packetstormsecurity.org/files/83278/sys-lt-removeworkspaceV2.sql.txt http://packetstormsecurity.org/files/83278/Oracle-SYS.LT.REMOVEWORKSPACE-Exploit.html Mon, 30 Nov 2009 21:57:28 GMT Oracle SYS.LT.REMOVEWORKSPACE exploit that grants DBA permissions to an unprivileged user. Oracle SYS.LT.COMPRESSWORKSPACETREE Exploit http://packetstormsecurity.org/files/83277/sys-lt-compressworkspacetreeV2.sql.txt http://packetstormsecurity.org/files/83277/sys-lt-compressworkspacetreeV2.sql.txt http://packetstormsecurity.org/files/83277/Oracle-SYS.LT.COMPRESSWORKSPACETREE-Exploit.html Mon, 30 Nov 2009 21:56:13 GMT Oracle SYS.LT.COMPRESSWORKSPACETREE exploit that grants DBA permissions to an unprivileged user. Oracle ctxsys.drvxtabc.create_tables Cursor Exploit http://packetstormsecurity.org/files/83276/ctxsys-drvxtabc-create_tablesV2.sql.txt http://packetstormsecurity.org/files/83276/ctxsys-drvxtabc-create_tablesV2.sql.txt http://packetstormsecurity.org/files/83276/Oracle-ctxsys.drvxtabc.create_tables-Cursor-Exploit.html Mon, 30 Nov 2009 21:53:05 GMT Oracle ctxsys.drvxtabc.create_tables exploit that grants DBA permissions to an unprivileged user. This version uses an evil cursor technique. Oracle ctxsys.drvxtabc.create_tables Exploit http://packetstormsecurity.org/files/83275/ctxsys-drvxtabc-create_tables.sql.txt http://packetstormsecurity.org/files/83275/ctxsys-drvxtabc-create_tables.sql.txt http://packetstormsecurity.org/files/83275/Oracle-ctxsys.drvxtabc.create_tables-Exploit.html Mon, 30 Nov 2009 21:51:28 GMT Oracle ctxsys.drvxtabc.create_tables exploit that grants DBA permissions to an unprivileged user. SweetRice 0.5.3 Remote / Local File Inclusion http://packetstormsecurity.org/files/83274/sweetrice-rfilfi.txt http://packetstormsecurity.org/files/83274/sweetrice-rfilfi.txt http://packetstormsecurity.org/files/83274/SweetRice-0.5.3-Remote-Local-File-Inclusion.html Mon, 30 Nov 2009 21:49:55 GMT SweetRice versions 0.5.3 and below suffer from remote and local file inclusion vulnerabilities. MuPDF / SumatraPDF Buffer Overflow http://packetstormsecurity.org/files/83273/mupdf-overflow.tgz http://packetstormsecurity.org/files/83273/mupdf-overflow.tgz http://packetstormsecurity.org/files/83273/MuPDF-SumatraPDF-Buffer-Overflow.html Mon, 30 Nov 2009 21:48:23 GMT MuPDF and SumatraPDF suffer from a buffer overflow vulnerability. Proof of concept pdf included. SweetRice 0.5.0 Remote File Inclusion http://packetstormsecurity.org/files/83272/sweetrice-rfi.txt http://packetstormsecurity.org/files/83272/sweetrice-rfi.txt http://packetstormsecurity.org/files/83272/SweetRice-0.5.0-Remote-File-Inclusion.html Mon, 30 Nov 2009 21:45:55 GMT SweetRice versions 0.5.0 and below suffer from a remote file inclusion vulnerability.