Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:56:42 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2283660203&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Bypass%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fbypass%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2283660203.1338191802.1338191802.1338191802.1%3B%2B__utmz%3D32867617.1338191802.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112994/phpcollab-bypass.txt http://packetstormsecurity.org/files/112994/phpcollab-bypass.txt http://packetstormsecurity.org/files/112994/PHPCollab-2.5-Unauthenticated-Access.html Wed, 23 May 2012 15:22:22 GMT PHPCollab version 2.5 fails to properly block access to data on the system. http://packetstormsecurity.org/files/112782/DRUPAL-SA-CONTRIB-2012-076.txt http://packetstormsecurity.org/files/112782/DRUPAL-SA-CONTRIB-2012-076.txt http://packetstormsecurity.org/files/112782/Drupal-Ubercart-Product-Keys-6.x-Access-Bypass.html Wed, 16 May 2012 23:10:12 GMT Drupal Ubercart Product Keys third party module version 6.x suffers from an access bypass vulnerability. http://packetstormsecurity.org/files/112735/liferay-bypass.tgz http://packetstormsecurity.org/files/112735/liferay-bypass.tgz http://packetstormsecurity.org/files/112735/Liferay-6.1-No-Account-Access-Bypass.html Tue, 15 May 2012 22:06:26 GMT Liferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included. http://packetstormsecurity.org/files/112591/DRUPAL-SA-CONTRIB-2012-074.txt http://packetstormsecurity.org/files/112591/DRUPAL-SA-CONTRIB-2012-074.txt http://packetstormsecurity.org/files/112591/Drupal-Contact-Forms-7.x-Access-Bypass.html Thu, 10 May 2012 04:30:25 GMT Drupal Contact Forms third party module version 7.x suffers from an access bypass vulnerability. http://packetstormsecurity.org/files/112497/jibberbook-bypass.txt http://packetstormsecurity.org/files/112497/jibberbook-bypass.txt http://packetstormsecurity.org/files/112497/Jibberbook-2.3-Administrative-Bypass.html Mon, 07 May 2012 19:59:09 GMT Jibberbook version 2.3 suffers from an administrative bypass vulnerability. http://packetstormsecurity.org/files/112439/torproxy-bypass.txt http://packetstormsecurity.org/files/112439/torproxy-bypass.txt http://packetstormsecurity.org/files/112439/Tor-Proxy-Bypass-Via-Firefox.html Thu, 03 May 2012 22:37:36 GMT A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do. http://packetstormsecurity.org/files/112438/fortiweb-bypass.txt http://packetstormsecurity.org/files/112438/fortiweb-bypass.txt http://packetstormsecurity.org/files/112438/Fortinet-FortiWeb-WAF-Policy-Bypass.html Thu, 03 May 2012 22:34:52 GMT Fortinet FortiWeb Web Application Firewall suffers from a policy bypass vulnerability. http://packetstormsecurity.org/files/112360/NGS00138-1.txt http://packetstormsecurity.org/files/112360/NGS00138-1.txt http://packetstormsecurity.org/files/112360/Websense-Triton-7.6-Authentication-Bypass.html Wed, 02 May 2012 01:07:38 GMT Websense (Triton version 7.6) suffers from an authentication bypass vulnerability in the report management UI. http://packetstormsecurity.org/files/112185/DRUPAL-SA-CONTRIB-2012-067.txt http://packetstormsecurity.org/files/112185/DRUPAL-SA-CONTRIB-2012-067.txt http://packetstormsecurity.org/files/112185/Drupal-Linkit-7.x-Access-Bypass.html Wed, 25 Apr 2012 21:03:31 GMT Drupal Linkit module version 7.x suffers from an access bypass vulnerability. http://packetstormsecurity.org/files/112184/DRUPAL-SA-CONTRIB-2012-066.txt http://packetstormsecurity.org/files/112184/DRUPAL-SA-CONTRIB-2012-066.txt http://packetstormsecurity.org/files/112184/Drupal-Spaces-6.x-Access-Bypass.html Wed, 25 Apr 2012 21:01:22 GMT Drupal Spaces module version 6.x suffers from an access bypass vulnerability. http://packetstormsecurity.org/files/111842/proxy_tools.tar.gz http://packetstormsecurity.org/files/111842/proxy_tools.tar.gz http://packetstormsecurity.org/files/111842/McAfee-Web-Gateway-And-Squid-Proxy-3.1.19-Bypass.html Fri, 13 Apr 2012 21:55:11 GMT McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL. http://packetstormsecurity.org/files/111509/zem560-bypass.txt http://packetstormsecurity.org/files/111509/zem560-bypass.txt http://packetstormsecurity.org/files/111509/Fingerprint-And-Proximity-Access-Control-Bypass.html Wed, 04 Apr 2012 01:22:30 GMT Fingerprint and Proximity Access Control suffers from a direct access bypass vulnerability. http://packetstormsecurity.org/files/111393/php5memlimit-bypass.tgz http://packetstormsecurity.org/files/111393/php5memlimit-bypass.tgz http://packetstormsecurity.org/files/111393/PHP-5.4-5.3-eregi-Memory-Limit-Bypass.html Fri, 30 Mar 2012 22:18:48 GMT PHP versions 5.4 and 5.3 suffer from a deprecated eregi() memory_limit bypass vulnerability. Proof of concepts included. http://packetstormsecurity.org/files/111362/NGS00155.txt http://packetstormsecurity.org/files/111362/NGS00155.txt http://packetstormsecurity.org/files/111362/McAfee-Email-And-Web-Security-Appliance-Access-Bypass.html Fri, 30 Mar 2012 00:06:28 GMT McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from an access bypass vulnerability. http://packetstormsecurity.org/files/111321/DRUPAL-SA-CONTRIB-2012-053.txt http://packetstormsecurity.org/files/111321/DRUPAL-SA-CONTRIB-2012-053.txt http://packetstormsecurity.org/files/111321/Drupal-Organic-Groups-6.x-Access-Bypass.html Thu, 29 Mar 2012 04:50:38 GMT The Drupal Organic Groups module version 6.x suffers from an access bypass vulnerability. http://packetstormsecurity.org/files/111290/DRUPAL-SA-CONTRIB-2012-047.txt http://packetstormsecurity.org/files/111290/DRUPAL-SA-CONTRIB-2012-047.txt http://packetstormsecurity.org/files/111290/Drupal-Ubercart-Views-6.x-Access-Bypass.html Thu, 29 Mar 2012 03:33:34 GMT The Drupal Ubercart Views module version 6.x suffers from an access bypass vulnerability. http://packetstormsecurity.org/files/111277/SA-20120328-1.txt http://packetstormsecurity.org/files/111277/SA-20120328-1.txt http://packetstormsecurity.org/files/111277/Microsoft-ASP.NET-Forms-Authentication-Bypass.html Thu, 29 Mar 2012 02:42:01 GMT Microsoft ASP.NET Forms versions 4.0.30319.237 and below suffer from an authentication bypass vulnerability. http://packetstormsecurity.org/files/111014/novatelmifi-bypass.txt http://packetstormsecurity.org/files/111014/novatelmifi-bypass.txt http://packetstormsecurity.org/files/111014/Novatel-MiFi-2352-Access-Bypass.html Tue, 20 Mar 2012 12:12:12 GMT Novatel MiFi 2352 suffers from a direct access to backup file vulnerability. http://packetstormsecurity.org/files/110996/AID-031912.txt http://packetstormsecurity.org/files/110996/AID-031912.txt http://packetstormsecurity.org/files/110996/Aruba-Networks-Security-Advisory-031912.html Tue, 20 Mar 2012 00:28:14 GMT Aruba Networks Security Advisory - This file encapsulates two different advisories for Aruba. An OS command injection vulnerability has been discovered in the Aruba Remote Access Point's Diagnostic Web Interface. When running the diagnostic web interface, arbitrary system commands can be executed as the root user on the Remote device by an unauthenticated attacker. An EAP-TLS 802.1X user authentication bypass vulnerability was discovered during standard internal bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers with EAP-TLS 802.1X local termination enabled. http://packetstormsecurity.org/files/110800/DRUPAL-SA-CONTRIB-2012-037.txt http://packetstormsecurity.org/files/110800/DRUPAL-SA-CONTRIB-2012-037.txt http://packetstormsecurity.org/files/110800/Drupal-Slidebox-7.x-Access-Bypass.html Wed, 14 Mar 2012 14:45:44 GMT The Drupal Slidebox module version 7.x suffers from an access bypass vulnerability. http://packetstormsecurity.org/files/110752/privawall-bypass.txt http://packetstormsecurity.org/files/110752/privawall-bypass.txt http://packetstormsecurity.org/files/110752/PrivaWall-Antivirus-Office-XML-Format-Evasion-Bypass.html Tue, 13 Mar 2012 17:22:22 GMT PrivaWall Antivirus suffers from an Office XML format evasion / bypass vulnerability. Versions 5.6 and below are affected. http://packetstormsecurity.org/files/110715/onefilecms-bypass.txt http://packetstormsecurity.org/files/110715/onefilecms-bypass.txt http://packetstormsecurity.org/files/110715/OneFileCMS-1.1.4-Access-Bypass.html Tue, 13 Mar 2012 00:57:23 GMT OneFileCMS versions up to 1.1.4 suffers from a direct access bypass vulnerability. http://packetstormsecurity.org/files/110333/coffeecup-bypass.txt http://packetstormsecurity.org/files/110333/coffeecup-bypass.txt http://packetstormsecurity.org/files/110333/CoffeeCup-Mail-Testing-Authentication-Bypass.html Thu, 01 Mar 2012 03:06:11 GMT CoffeeCup Mail Testing suffers from an authentication bypass vulnerability. http://packetstormsecurity.org/files/110328/DRUPAL-SA-CONTRIB-2012-026.txt http://packetstormsecurity.org/files/110328/DRUPAL-SA-CONTRIB-2012-026.txt http://packetstormsecurity.org/files/110328/ZipCart-6.x-Access-Bypass.html Wed, 29 Feb 2012 17:44:55 GMT ZipCart version 6.x suffers from an access bypass vulnerability. http://packetstormsecurity.org/files/110117/dlinkdsl2640b-bypass.txt http://packetstormsecurity.org/files/110117/dlinkdsl2640b-bypass.txt http://packetstormsecurity.org/files/110117/D-Link-DSL-2640B-Authentication-Bypass.html Thu, 23 Feb 2012 05:27:19 GMT The D-Link DSL-2640B ADSL router suffers from a simple authentication bypass vulnerability by spoofing the MAC address of a logged in administrator.