Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:56:24 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1750339388&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Arbitrary%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Farbitrary%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1750339388.1338191784.1338191784.1338191784.1%3B%2B__utmz%3D32867617.1338191784.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113068/quickshare_traversal_write.rb.txt http://packetstormsecurity.org/files/113068/quickshare_traversal_write.rb.txt http://packetstormsecurity.org/files/113068/QuickShare-File-Share-1.2.1-Directory-Traversal.html Sun, 27 May 2012 19:06:19 GMT This Metasploit module exploits a vulnerability found in QuickShare File Share's FTP service. By supplying "../" in the file path, it is possible to trigger a directory traversal flaw, allowing the attacker to read a file outside the virtual directory. By default, the "Writable" option is enabled during account creation, therefore this makes it possible to create a file at an arbitrary location, which leads to remote code execution. http://packetstormsecurity.org/files/113044/webid_converter.rb.txt http://packetstormsecurity.org/files/113044/webid_converter.rb.txt http://packetstormsecurity.org/files/113044/WeBid-converter.php-Remote-PHP-Code-Injection.html Fri, 25 May 2012 20:56:35 GMT This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution. http://packetstormsecurity.org/files/113043/rabidhamster_r4_log.rb.txt http://packetstormsecurity.org/files/113043/rabidhamster_r4_log.rb.txt http://packetstormsecurity.org/files/113043/RabidHamster-R4-Log-Entry-sprintf-Buffer-Overflow.html Fri, 25 May 2012 20:56:18 GMT This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user. http://packetstormsecurity.org/files/113039/dorncms-shell.rb.txt http://packetstormsecurity.org/files/113039/dorncms-shell.rb.txt http://packetstormsecurity.org/files/113039/DornCMS-1.4-add_page.php-Arbitrary-File-Upload.html Fri, 25 May 2012 20:29:29 GMT This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution. http://packetstormsecurity.org/files/113037/CSA-12005.txt http://packetstormsecurity.org/files/113037/CSA-12005.txt http://packetstormsecurity.org/files/113037/LogAnalyzer-3.4.2-Cross-Site-Scripting-SQL-Injection-File-Read.html Fri, 25 May 2012 20:26:06 GMT LogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/113013/ESA-2012-020.txt http://packetstormsecurity.org/files/113013/ESA-2012-020.txt http://packetstormsecurity.org/files/113013/EMC-AutoStart-Multiple-Buffer-Overflows.html Thu, 24 May 2012 15:22:39 GMT EMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application. Versions 5.3.x and 5.4.x are affected. http://packetstormsecurity.org/files/113002/openoffice_ole.rb.txt http://packetstormsecurity.org/files/113002/openoffice_ole.rb.txt http://packetstormsecurity.org/files/113002/OpenOffice-OLE-Importer-DocumentSummaryInformation-Stream-Handling-Overflow.html Thu, 24 May 2012 02:44:45 GMT This Metasploit module exploits a vulnerability in OpenOffice 2.3.1 and 2.3.0 on Microsoft Windows XP SP3. By supplying a OLE file with a malformed DocumentSummaryInformation stream, an attacker can gain control of the execution flow, which results arbitrary code execution under the context of the user. http://packetstormsecurity.org/files/113001/apprain_upload_exec.rb.txt http://packetstormsecurity.org/files/113001/apprain_upload_exec.rb.txt http://packetstormsecurity.org/files/113001/appRain-CMF-Arbitrary-PHP-File-Upload-Vulnerability.html Thu, 24 May 2012 02:44:22 GMT This Metasploit module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution. http://packetstormsecurity.org/files/112990/RHSA-2012-0688-01.txt http://packetstormsecurity.org/files/112990/RHSA-2012-0688-01.txt http://packetstormsecurity.org/files/112990/Red-Hat-Security-Advisory-2012-0688-01.html Thu, 24 May 2012 02:22:51 GMT Red Hat Security Advisory 2012-0688-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.19. http://packetstormsecurity.org/files/112989/dsa-2479-1.txt http://packetstormsecurity.org/files/112989/dsa-2479-1.txt http://packetstormsecurity.org/files/112989/Debian-Security-Advisory-2479-1.html Thu, 24 May 2012 02:22:30 GMT Debian Linux Security Advisory 2479-1 - Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code. http://packetstormsecurity.org/files/112918/foxit_reader_launch.rb.txt http://packetstormsecurity.org/files/112918/foxit_reader_launch.rb.txt http://packetstormsecurity.org/files/112918/Foxit-Reader-3.0-Open-Execute-Action-Stack-Based-Buffer-Overflow.html Tue, 22 May 2012 01:39:05 GMT This Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user. http://packetstormsecurity.org/files/112917/hp_vsa_exec.rb.txt http://packetstormsecurity.org/files/112917/hp_vsa_exec.rb.txt http://packetstormsecurity.org/files/112917/HP-StorageWorks-P4000-Virtual-SAN-Appliance-Command-Execution.html Tue, 22 May 2012 01:38:49 GMT This Metasploit module exploits a vulnerability found in HP's StorageWorks P4000 VSA on versions prior to 9.5. By using a default account credential, it is possible to inject arbitrary commands as part of a ping request via port 13838. http://packetstormsecurity.org/files/112916/activecollab_chat.rb.txt http://packetstormsecurity.org/files/112916/activecollab_chat.rb.txt http://packetstormsecurity.org/files/112916/Active-Collab-chat-module-2.3.8-Remote-PHP-Code-Injection.html Tue, 22 May 2012 01:37:25 GMT This Metasploit module exploits an arbitrary code injection vulnerability in the chat module that is part of Active Collab by abusing a preg_replace() using the /e modifier and its replacement string using double quotes. The vulnerable function can be found in activecollab/application/modules/chat/functions/html_to_text.php. http://packetstormsecurity.org/files/112910/USN-1447-1.txt http://packetstormsecurity.org/files/112910/USN-1447-1.txt http://packetstormsecurity.org/files/112910/Ubuntu-Security-Notice-USN-1447-1.html Tue, 22 May 2012 00:25:14 GMT Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. http://packetstormsecurity.org/files/112901/glsa-201205-03.txt http://packetstormsecurity.org/files/112901/glsa-201205-03.txt http://packetstormsecurity.org/files/112901/Gentoo-Linux-Security-Advisory-201205-03.html Tue, 22 May 2012 00:19:36 GMT Gentoo Linux Security Advisory 201205-3 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less than 19.0.1084.46 are affected. http://packetstormsecurity.org/files/112863/batik_svg_java.rb.txt http://packetstormsecurity.org/files/112863/batik_svg_java.rb.txt http://packetstormsecurity.org/files/112863/Squiggle-1.7-SVG-Browser-Java-Code-Execution.html Fri, 18 May 2012 14:58:01 GMT This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms. http://packetstormsecurity.org/files/112862/SA-20120518-0.txt http://packetstormsecurity.org/files/112862/SA-20120518-0.txt http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html Fri, 18 May 2012 14:43:52 GMT OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite. http://packetstormsecurity.org/files/112857/MDVSA-2012-078.txt http://packetstormsecurity.org/files/112857/MDVSA-2012-078.txt http://packetstormsecurity.org/files/112857/Mandriva-Linux-Security-Advisory-2012-078.html Fri, 18 May 2012 14:36:05 GMT Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed. http://packetstormsecurity.org/files/112853/DDIVRT-2012-44.txt http://packetstormsecurity.org/files/112853/DDIVRT-2012-44.txt http://packetstormsecurity.org/files/112853/Epicor-Returns-Management-SOAP-Based-Blind-SQL-Injection.html Fri, 18 May 2012 14:25:10 GMT Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system. http://packetstormsecurity.org/files/112825/MDVSA-2012-077.txt http://packetstormsecurity.org/files/112825/MDVSA-2012-077.txt http://packetstormsecurity.org/files/112825/Mandriva-Linux-Security-Advisory-2012-077.html Thu, 17 May 2012 19:29:35 GMT Mandriva Linux Security Advisory 2012-077 - Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed. http://packetstormsecurity.org/files/112799/dsa-2473-1.txt http://packetstormsecurity.org/files/112799/dsa-2473-1.txt http://packetstormsecurity.org/files/112799/Debian-Security-Advisory-2473-1.html Wed, 16 May 2012 23:53:38 GMT Debian Linux Security Advisory 2473-1 - Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution. http://packetstormsecurity.org/files/112779/glsa-201205-02.txt http://packetstormsecurity.org/files/112779/glsa-201205-02.txt http://packetstormsecurity.org/files/112779/Gentoo-Linux-Security-Advisory-201205-02.html Wed, 16 May 2012 22:02:22 GMT Gentoo Linux Security Advisory 201205-2 - Multiple vulnerabilities have been found in ConnMan, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.0-r1 are affected. http://packetstormsecurity.org/files/112745/MDVSA-2012-076.txt http://packetstormsecurity.org/files/112745/MDVSA-2012-076.txt http://packetstormsecurity.org/files/112745/Mandriva-Linux-Security-Advisory-2012-076.html Tue, 15 May 2012 22:31:42 GMT Mandriva Linux Security Advisory 2012-076 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed. http://packetstormsecurity.org/files/112738/MDVSA-2012-075.txt http://packetstormsecurity.org/files/112738/MDVSA-2012-075.txt http://packetstormsecurity.org/files/112738/Mandriva-Linux-Security-Advisory-2012-075.html Tue, 15 May 2012 22:11:57 GMT Mandriva Linux Security Advisory 2012-075 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues were also addressed. http://packetstormsecurity.org/files/112729/glsa-201205-01.txt http://packetstormsecurity.org/files/112729/glsa-201205-01.txt http://packetstormsecurity.org/files/112729/Gentoo-Linux-Security-Advisory-201205-01.html Tue, 15 May 2012 21:56:35 GMT Gentoo Linux Security Advisory 201205-1 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 18.0.1025.168 are affected.