Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:56:55 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1339388622&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Code%20Execution%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fcode_execution%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1339388622.1338191815.1338191815.1338191815.1%3B%2B__utmz%3D32867617.1338191815.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113068/quickshare_traversal_write.rb.txt http://packetstormsecurity.org/files/113068/quickshare_traversal_write.rb.txt http://packetstormsecurity.org/files/113068/QuickShare-File-Share-1.2.1-Directory-Traversal.html Sun, 27 May 2012 19:06:19 GMT This Metasploit module exploits a vulnerability found in QuickShare File Share's FTP service. By supplying "../" in the file path, it is possible to trigger a directory traversal flaw, allowing the attacker to read a file outside the virtual directory. By default, the "Writable" option is enabled during account creation, therefore this makes it possible to create a file at an arbitrary location, which leads to remote code execution. http://packetstormsecurity.org/files/113061/azdgdatingmedium-xssxsrfexec.txt http://packetstormsecurity.org/files/113061/azdgdatingmedium-xssxsrfexec.txt http://packetstormsecurity.org/files/113061/AzDGDatingMedium-1.9.3-XSS-CSRF-SQL-Injection-Directory-Traversal.html Sun, 27 May 2012 18:48:31 GMT AzDGDatingMedium version 1.9.3 suffers from cross site request forgery, cross site scripting, php code execution, remote SQL injection, and directory traversal vulnerabilities. http://packetstormsecurity.org/files/113044/webid_converter.rb.txt http://packetstormsecurity.org/files/113044/webid_converter.rb.txt http://packetstormsecurity.org/files/113044/WeBid-converter.php-Remote-PHP-Code-Injection.html Fri, 25 May 2012 20:56:35 GMT This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution. http://packetstormsecurity.org/files/113043/rabidhamster_r4_log.rb.txt http://packetstormsecurity.org/files/113043/rabidhamster_r4_log.rb.txt http://packetstormsecurity.org/files/113043/RabidHamster-R4-Log-Entry-sprintf-Buffer-Overflow.html Fri, 25 May 2012 20:56:18 GMT This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user. http://packetstormsecurity.org/files/113039/dorncms-shell.rb.txt http://packetstormsecurity.org/files/113039/dorncms-shell.rb.txt http://packetstormsecurity.org/files/113039/DornCMS-1.4-add_page.php-Arbitrary-File-Upload.html Fri, 25 May 2012 20:29:29 GMT This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution. http://packetstormsecurity.org/files/113002/openoffice_ole.rb.txt http://packetstormsecurity.org/files/113002/openoffice_ole.rb.txt http://packetstormsecurity.org/files/113002/OpenOffice-OLE-Importer-DocumentSummaryInformation-Stream-Handling-Overflow.html Thu, 24 May 2012 02:44:45 GMT This Metasploit module exploits a vulnerability in OpenOffice 2.3.1 and 2.3.0 on Microsoft Windows XP SP3. By supplying a OLE file with a malformed DocumentSummaryInformation stream, an attacker can gain control of the execution flow, which results arbitrary code execution under the context of the user. http://packetstormsecurity.org/files/113001/apprain_upload_exec.rb.txt http://packetstormsecurity.org/files/113001/apprain_upload_exec.rb.txt http://packetstormsecurity.org/files/113001/appRain-CMF-Arbitrary-PHP-File-Upload-Vulnerability.html Thu, 24 May 2012 02:44:22 GMT This Metasploit module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution. http://packetstormsecurity.org/files/113004/symantecendpoint-exec.txt http://packetstormsecurity.org/files/113004/symantecendpoint-exec.txt http://packetstormsecurity.org/files/113004/Symantec-End-Point-Protection-Network-Access-Control-11.x-Code-Execution.html Wed, 23 May 2012 13:33:33 GMT Symantec End Point Protection version 11.x and Symantec Network Access Control version 11.x local code execution proof of concept exploit. http://packetstormsecurity.org/files/112918/foxit_reader_launch.rb.txt http://packetstormsecurity.org/files/112918/foxit_reader_launch.rb.txt http://packetstormsecurity.org/files/112918/Foxit-Reader-3.0-Open-Execute-Action-Stack-Based-Buffer-Overflow.html Tue, 22 May 2012 01:39:05 GMT This Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user. http://packetstormsecurity.org/files/112863/batik_svg_java.rb.txt http://packetstormsecurity.org/files/112863/batik_svg_java.rb.txt http://packetstormsecurity.org/files/112863/Squiggle-1.7-SVG-Browser-Java-Code-Execution.html Fri, 18 May 2012 14:58:01 GMT This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms. http://packetstormsecurity.org/files/112862/SA-20120518-0.txt http://packetstormsecurity.org/files/112862/SA-20120518-0.txt http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html Fri, 18 May 2012 14:43:52 GMT OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite. http://packetstormsecurity.org/files/112851/php54-exec.txt http://packetstormsecurity.org/files/112851/php54-exec.txt http://packetstormsecurity.org/files/112851/PHP-5.4-Win32-Code-Execution.html Fri, 18 May 2012 14:21:42 GMT PHP version 5.4.3 code execution exploit for Win32. http://packetstormsecurity.org/files/112799/dsa-2473-1.txt http://packetstormsecurity.org/files/112799/dsa-2473-1.txt http://packetstormsecurity.org/files/112799/Debian-Security-Advisory-2473-1.html Wed, 16 May 2012 23:53:38 GMT Debian Linux Security Advisory 2473-1 - Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution. http://packetstormsecurity.org/files/112791/PRE-SA-2012-03.txt http://packetstormsecurity.org/files/112791/PRE-SA-2012-03.txt http://packetstormsecurity.org/files/112791/Linux-Kernel-HFS-Plus-Buffer-Overflow.html Wed, 16 May 2012 23:25:02 GMT PRE-CERT Security Advisory - The Linux kernel contains a vulnerability in the driver for HFS plus file systems that may be exploited for code execution or privilege escalation. A specially-crafted HFS plus filesystem can cause a buffer overflow via the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c). http://packetstormsecurity.org/files/112741/svg-trigger.tgz http://packetstormsecurity.org/files/112741/svg-trigger.tgz http://packetstormsecurity.org/files/112741/SVG-Java-Execution-Trigger.html Tue, 15 May 2012 22:21:05 GMT Some SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included. http://packetstormsecurity.org/files/112664/mozilla_attribchildremoved.rb.txt http://packetstormsecurity.org/files/112664/mozilla_attribchildremoved.rb.txt http://packetstormsecurity.org/files/112664/Firefox-8-9-AttributeChildRemoved-Use-After-Free.html Mon, 14 May 2012 05:37:11 GMT This Metasploit module exploits a use-after-free vulnerability in Firefox 8/8.0.1 and 9/9.0.1. Removal of child nodes from the nsDOMAttribute can allow for a child to still be accessible after removal due to a premature notification of AttributeChildRemoved. Since mFirstChild is not set to NULL until after this call is made, this means the removed child will be accessible after it has been removed. By carefully manipulating the memory layout, this can lead to arbitrary code execution. http://packetstormsecurity.org/files/112634/distinct_tftp_traversal.rb.txt http://packetstormsecurity.org/files/112634/distinct_tftp_traversal.rb.txt http://packetstormsecurity.org/files/112634/Distinct-TFTP-3.01-Writable-Directory-Traversal-Execution.html Fri, 11 May 2012 21:59:49 GMT This Metasploit module exploits a vulnerability found in Distinct TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of 'SYSTEM'. http://packetstormsecurity.org/files/112631/RHSA-2012-0570-01.txt http://packetstormsecurity.org/files/112631/RHSA-2012-0570-01.txt http://packetstormsecurity.org/files/112631/Red-Hat-Security-Advisory-2012-0570-01.html Fri, 11 May 2012 21:47:37 GMT Red Hat Security Advisory 2012-0570-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts. http://packetstormsecurity.org/files/112620/elearning4g-sqlrfi.txt http://packetstormsecurity.org/files/112620/elearning4g-sqlrfi.txt http://packetstormsecurity.org/files/112620/eLearning-Server-4G-Remote-File-Inclusion-SQL-Injection.html Fri, 11 May 2012 02:38:24 GMT eLearning Server version 4G suffers from remote file inclusion and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/112606/RHSA-2012-0569-01.txt http://packetstormsecurity.org/files/112606/RHSA-2012-0569-01.txt http://packetstormsecurity.org/files/112606/Red-Hat-Security-Advisory-2012-0569-01.html Thu, 10 May 2012 21:02:26 GMT Red Hat Security Advisory 2012-0569-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts. http://packetstormsecurity.org/files/112605/RHSA-2012-0568-01.txt http://packetstormsecurity.org/files/112605/RHSA-2012-0568-01.txt http://packetstormsecurity.org/files/112605/Red-Hat-Security-Advisory-2012-0568-01.html Thu, 10 May 2012 21:02:10 GMT Red Hat Security Advisory 2012-0568-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts. http://packetstormsecurity.org/files/112544/mozilla_nssvgvalue.rb.txt http://packetstormsecurity.org/files/112544/mozilla_nssvgvalue.rb.txt http://packetstormsecurity.org/files/112544/Mozilla-Firefox-7-8-Out-Of-Bounds-Access.html Tue, 08 May 2012 22:22:22 GMT This Metasploit module exploits an out-of-bounds access flaw in Firefox 7 and 8 (versions 8.0.1 and below). The notification of nsSVGValue observers via nsSVGValue::NotifyObservers(x,y) uses a loop which can result in an out-of-bounds access to attacker-controlled memory. The mObserver ElementAt() function (which picks up pointers), does not validate if a given index is out of bound. If a custom observer of nsSVGValue is created, which removes elements from the original observer, and memory layout is manipulated properly, the ElementAt() function might pick up an attacker provided pointer, which can be leveraged to gain remote arbitrary code execution. http://packetstormsecurity.org/files/112536/phpenter-exec.txt http://packetstormsecurity.org/files/112536/phpenter-exec.txt http://packetstormsecurity.org/files/112536/PHP-Enter-Code-Injection.html Tue, 08 May 2012 13:13:13 GMT PHP Enter suffers from a code execution vulnerability. http://packetstormsecurity.org/files/112508/RHSA-2012-0547-01.txt http://packetstormsecurity.org/files/112508/RHSA-2012-0547-01.txt http://packetstormsecurity.org/files/112508/Red-Hat-Security-Advisory-2012-0547-01.html Mon, 07 May 2012 20:04:50 GMT Red Hat Security Advisory 2012-0547-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts. http://packetstormsecurity.org/files/112507/RHSA-2012-0546-01.txt http://packetstormsecurity.org/files/112507/RHSA-2012-0546-01.txt http://packetstormsecurity.org/files/112507/Red-Hat-Security-Advisory-2012-0546-01.html Mon, 07 May 2012 20:04:24 GMT Red Hat Security Advisory 2012-0546-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.