Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:57:59 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1129897655&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Info%20Disclosure%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Finfo_disclosure%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1129897655.1338191879.1338191879.1338191879.1%3B%2B__utmz%3D32867617.1338191879.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113045/gekkocms-disclose.txt http://packetstormsecurity.org/files/113045/gekkocms-disclose.txt http://packetstormsecurity.org/files/113045/Gekko-CMS-File-Disclosure.html Fri, 25 May 2012 20:57:55 GMT Gekko CMS appears to suffer from a file disclosure vulnerability. http://packetstormsecurity.org/files/112998/ydframework-disclose.txt http://packetstormsecurity.org/files/112998/ydframework-disclose.txt http://packetstormsecurity.org/files/112998/YDFramework-2.0-Beta1-File-Disclosure.html Wed, 23 May 2012 15:22:22 GMT YDFramework version 2.0-Beta1 suffers from a local file disclosure vulnerability. http://packetstormsecurity.org/files/112969/ruubik111-xssdisclosetraversal.txt http://packetstormsecurity.org/files/112969/ruubik111-xssdisclosetraversal.txt http://packetstormsecurity.org/files/112969/RuubikCMS-1.1.0-Beta-XSS-Disclosure-Directory-Traversal.html Wed, 23 May 2012 02:50:41 GMT RuubikCMS version 1.1.0 Beta suffers from cross site scripting, information disclosure, and directory traversal vulnerabilities. http://packetstormsecurity.org/files/112964/phpcollab-disclose.txt http://packetstormsecurity.org/files/112964/phpcollab-disclose.txt http://packetstormsecurity.org/files/112964/PHPCollab-2.5-Database-Backup-Disclosure.html Wed, 23 May 2012 02:29:01 GMT PHPCollab version 2.5 suffers from an unauthenticated database backup download vulnerability. http://packetstormsecurity.org/files/112783/DRUPAL-SA-CONTRIB-2012-077.txt http://packetstormsecurity.org/files/112783/DRUPAL-SA-CONTRIB-2012-077.txt http://packetstormsecurity.org/files/112783/Drupal-Advertisement-6.x-Cross-Site-Scripting.html Wed, 16 May 2012 23:11:48 GMT Drupal Advertisement third party module version 6.x suffers from cross site scripting and information disclosure vulnerabilities. http://packetstormsecurity.org/files/112740/liferay-disclose.tgz http://packetstormsecurity.org/files/112740/liferay-disclose.tgz http://packetstormsecurity.org/files/112740/Liferay-6.1-Name-Email-Address-Disclosure.html Tue, 15 May 2012 22:16:54 GMT Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included. http://packetstormsecurity.org/files/112621/kerio-disclose.txt http://packetstormsecurity.org/files/112621/kerio-disclose.txt http://packetstormsecurity.org/files/112621/Kerio-WinRoute-Firewall-Source-Code-Disclosure.html Fri, 11 May 2012 02:39:24 GMT Kerio WinRoute Firewall Embedded Web Server version prior to 6 suffer from a source code disclosure vulnerability. http://packetstormsecurity.org/files/112448/androidsqlite-disclose.txt http://packetstormsecurity.org/files/112448/androidsqlite-disclose.txt http://packetstormsecurity.org/files/112448/Android-2.3.7-SQLite-Disclosure.html Thu, 03 May 2012 23:00:24 GMT SQLite databases stored on Android suffer from an insecure permission vulnerability. Version 2.3.7 is affected. http://packetstormsecurity.org/files/112248/25.03.2012-vs-Yaqas-CMS-Alpha1-release-multiple.txt http://packetstormsecurity.org/files/112248/25.03.2012-vs-Yaqas-CMS-Alpha1-release-multiple.txt http://packetstormsecurity.org/files/112248/Yaqas-CMS-Alpha1-Information-Disclosure.html Thu, 26 Apr 2012 23:33:55 GMT Yaqas CMS version Alpha1 suffers from an information disclosure vulnerability. http://packetstormsecurity.org/files/112244/22.04.2012-vs-Concrete5.5.2.1.CMS.infoz.txt http://packetstormsecurity.org/files/112244/22.04.2012-vs-Concrete5.5.2.1.CMS.infoz.txt http://packetstormsecurity.org/files/112244/Concrete-CMS-5.5.2.1-Information-Disclosure.html Thu, 26 Apr 2012 23:25:37 GMT Concrete CMS version 5.5.2.1 suffers from an information disclosure vulnerability. http://packetstormsecurity.org/files/112242/18.03.2012-vs-Quick.Cart_v5.0-information-disclosure.txt http://packetstormsecurity.org/files/112242/18.03.2012-vs-Quick.Cart_v5.0-information-disclosure.txt http://packetstormsecurity.org/files/112242/Quick.Cart-5.0-Information-Disclosure.html Thu, 26 Apr 2012 23:23:33 GMT Quick.Cart version 5.0 suffers from an information disclosure vulnerability. http://packetstormsecurity.org/files/112236/11.04.2012-vs-eFront.3.6.10.CMS.information.disclosure.txt http://packetstormsecurity.org/files/112236/11.04.2012-vs-eFront.3.6.10.CMS.information.disclosure.txt http://packetstormsecurity.org/files/112236/eFront-CMS-3.6.10-Information-Disclosure.html Thu, 26 Apr 2012 23:17:53 GMT eFront CMS version 3.6.10 suffers from an information disclosure vulnerability. http://packetstormsecurity.org/files/112234/07.04.2012-vs-VirtueMart-2.0.2-Information.disclosure.txt http://packetstormsecurity.org/files/112234/07.04.2012-vs-VirtueMart-2.0.2-Information.disclosure.txt http://packetstormsecurity.org/files/112234/Joomla-Virtuemart-2.0.2-Information-Disclosure.html Thu, 26 Apr 2012 23:16:17 GMT The Joomla Virtuemart component version 2.0.2 suffers from an information disclosure vulnerability. http://packetstormsecurity.org/files/112233/07.04.2012-vs-jNews-information.disclosure.txt http://packetstormsecurity.org/files/112233/07.04.2012-vs-jNews-information.disclosure.txt http://packetstormsecurity.org/files/112233/jNews-7.5.1-Information-Disclosure.html Thu, 26 Apr 2012 23:15:05 GMT jNews version 7.5.1 suffers from an information disclosure vulnerability. http://packetstormsecurity.org/files/112232/06.04.2012-vs-VirtueMart.2.0.2-information.disclosure.txt http://packetstormsecurity.org/files/112232/06.04.2012-vs-VirtueMart.2.0.2-information.disclosure.txt http://packetstormsecurity.org/files/112232/VirtueMart-2.0.2-Information-Disclosure.html Thu, 26 Apr 2012 23:14:21 GMT VirtueMart version 2.0.2 suffers from an information disclosure vulnerability. http://packetstormsecurity.org/files/112230/01.04.2012-vs-Joomla-2.5.3-information.disclosure.txt http://packetstormsecurity.org/files/112230/01.04.2012-vs-Joomla-2.5.3-information.disclosure.txt http://packetstormsecurity.org/files/112230/Joomla-2.5.3-Information-Disclosure.html Thu, 26 Apr 2012 23:10:51 GMT Joomla version 2.5.3 suffers from an information disclosure vulnerability. http://packetstormsecurity.org/files/112183/DRUPAL-SA-CONTRIB-2012-065.txt http://packetstormsecurity.org/files/112183/DRUPAL-SA-CONTRIB-2012-065.txt http://packetstormsecurity.org/files/112183/Drupal-Site-Documentation-6.x-Information-Disclosure.html Wed, 25 Apr 2012 20:59:38 GMT Drupal Site Documentation version 6.x suffers from an information disclosure vulnerability. http://packetstormsecurity.org/files/112086/wporganizer-xssdisclose.txt http://packetstormsecurity.org/files/112086/wporganizer-xssdisclose.txt http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html Mon, 23 Apr 2012 18:47:46 GMT WordPress Organizer version 1.2.1 suffers from cross site scripting and path disclosure vulnerabilities. http://packetstormsecurity.org/files/111904/wpzingiritickets-disclose.txt http://packetstormsecurity.org/files/111904/wpzingiritickets-disclose.txt http://packetstormsecurity.org/files/111904/WordPress-Zingiri-Tickets-File-Disclosure.html Mon, 16 Apr 2012 17:22:22 GMT The WordPress Zingiri Tickets plugin suffers from a file disclosure vulnerability that holds administrative username and password hashes. http://packetstormsecurity.org/files/111709/CVE-2012-0769.tgz http://packetstormsecurity.org/files/111709/CVE-2012-0769.tgz http://packetstormsecurity.org/files/111709/Adobe-Flash-Player-Information-Leak.html Tue, 10 Apr 2012 04:25:14 GMT Adobe Flash Player versions prior to 10.3.183.16 and 11.x before 11.1.102.63 suffer from an information disclosure vulnerability. This archive has research related to this issue, proof of concept source code, and a swf that demonstrates the issue. http://packetstormsecurity.org/files/111704/secunia-rnhelixdisclose.txt http://packetstormsecurity.org/files/111704/secunia-rnhelixdisclose.txt http://packetstormsecurity.org/files/111704/RealNetworks-Helix-Server-Credentials-Disclosure.html Tue, 10 Apr 2012 04:08:53 GMT Secunia Research has discovered a security issue in RealNetworks Helix Server, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the user and administrative credentials being insecurely stored in the flat file database (\Program Files\Real\Helix Server\adm_b_db\users\). This can be exploited by local users to disclose the clear text passwords. RealNetworks Helix Server version 14.2.0.212 is affected. http://packetstormsecurity.org/files/111650/wcms-disclosexssxsrf.txt http://packetstormsecurity.org/files/111650/wcms-disclosexssxsrf.txt http://packetstormsecurity.org/files/111650/w-CMS-2.0.1-CSRF-XSS-File-Disclosure-Shell-Upload.html Sat, 07 Apr 2012 01:07:44 GMT w-CMS version 2.0.1 suffers from cross site request forgery, cross site scripting, file disclosure and shell upload vulnerabilities. http://packetstormsecurity.org/files/111583/HPSBMU02759-SSRT100817.txt http://packetstormsecurity.org/files/111583/HPSBMU02759-SSRT100817.txt http://packetstormsecurity.org/files/111583/HP-Security-Bulletin-HPSBMU02759-SSRT100817.html Thu, 05 Apr 2012 00:45:56 GMT HP Security Bulletin HPSBMU02759 SSRT100817 - Potential security vulnerabilities have been identified with HP Onboard Administrator (OA). The vulnerabilities could be exploited remotely resulting in unauthorized access, unauthorized information disclosure, Denial of Service (DoS), and URL redirection. Revision 1 of this advisory. http://packetstormsecurity.org/files/111360/ptk-xssdisclose.txt http://packetstormsecurity.org/files/111360/ptk-xssdisclose.txt http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html Fri, 30 Mar 2012 00:03:56 GMT PTK version 1.0.5 suffers from cross site scripting and direct access bypass vulnerabilities. http://packetstormsecurity.org/files/111358/havalite-shelldisclosesql.txt http://packetstormsecurity.org/files/111358/havalite-shelldisclosesql.txt http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html Fri, 30 Mar 2012 00:01:34 GMT Havalite CMS suffers from database disclosure, shell upload, and remote SQL injection vulnerabilities.