Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:01:16 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1805614873&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Remote%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fremote%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1805614873.1338192076.1338192076.1338192076.1%3B%2B__utmz%3D32867617.1338192076.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113068/quickshare_traversal_write.rb.txt http://packetstormsecurity.org/files/113068/quickshare_traversal_write.rb.txt http://packetstormsecurity.org/files/113068/QuickShare-File-Share-1.2.1-Directory-Traversal.html Sun, 27 May 2012 19:06:19 GMT This Metasploit module exploits a vulnerability found in QuickShare File Share's FTP service. By supplying "../" in the file path, it is possible to trigger a directory traversal flaw, allowing the attacker to read a file outside the virtual directory. By default, the "Writable" option is enabled during account creation, therefore this makes it possible to create a file at an arbitrary location, which leads to remote code execution. http://packetstormsecurity.org/files/113064/b2epms10-sql.txt http://packetstormsecurity.org/files/113064/b2epms10-sql.txt http://packetstormsecurity.org/files/113064/b2ePMS-1.0-SQL-Injection.html Sun, 27 May 2012 18:56:18 GMT b2ePMS version 1.0 suffers from multiple remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/113063/whyweb-sql.txt http://packetstormsecurity.org/files/113063/whyweb-sql.txt http://packetstormsecurity.org/files/113063/WhyWeb-SQL-Injection.html Sun, 27 May 2012 18:51:47 GMT WhyWeb suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/113062/santilga-sqlxsrf.txt http://packetstormsecurity.org/files/113062/santilga-sqlxsrf.txt http://packetstormsecurity.org/files/113062/Santilga-CMS-1.2.6.3-Cross-Site-Request-Forgery-SQL-Injection.html Sun, 27 May 2012 18:50:12 GMT Santilga CMS version 1.2.6.3 suffers from cross site request forgery and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/113061/azdgdatingmedium-xssxsrfexec.txt http://packetstormsecurity.org/files/113061/azdgdatingmedium-xssxsrfexec.txt http://packetstormsecurity.org/files/113061/AzDGDatingMedium-1.9.3-XSS-CSRF-SQL-Injection-Directory-Traversal.html Sun, 27 May 2012 18:48:31 GMT AzDGDatingMedium version 1.9.3 suffers from cross site request forgery, cross site scripting, php code execution, remote SQL injection, and directory traversal vulnerabilities. http://packetstormsecurity.org/files/113058/phplist-inject.txt http://packetstormsecurity.org/files/113058/phplist-inject.txt http://packetstormsecurity.org/files/113058/PHP-List-2.10.9-PHP-Code-Injection.html Sat, 26 May 2012 15:07:28 GMT PHP List version 2.10.9 suffers from a remote PHP code injection vulnerability. http://packetstormsecurity.org/files/113051/smallcms-inject.txt http://packetstormsecurity.org/files/113051/smallcms-inject.txt http://packetstormsecurity.org/files/113051/Small-CMS-PHP-Code-Injection.html Sat, 26 May 2012 15:06:31 GMT Small CMS suffers from a remote PHP code injection vulnerability. http://packetstormsecurity.org/files/113050/symantecwg-lfi.txt http://packetstormsecurity.org/files/113050/symantecwg-lfi.txt http://packetstormsecurity.org/files/113050/Symantec-Web-Gateway-5.0.2-Local-File-Inclusion.html Sat, 26 May 2012 15:04:17 GMT Symantec Web Gateway version 5.0.2 remote local file inclusion root exploit. http://packetstormsecurity.org/files/113037/CSA-12005.txt http://packetstormsecurity.org/files/113037/CSA-12005.txt http://packetstormsecurity.org/files/113037/LogAnalyzer-3.4.2-Cross-Site-Scripting-SQL-Injection-File-Read.html Fri, 25 May 2012 20:26:06 GMT LogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/113032/USN-1451-1.txt http://packetstormsecurity.org/files/113032/USN-1451-1.txt http://packetstormsecurity.org/files/113032/Ubuntu-Security-Notice-USN-1451-1.html Fri, 25 May 2012 19:52:12 GMT Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed. http://packetstormsecurity.org/files/113007/jaow-sql.txt http://packetstormsecurity.org/files/113007/jaow-sql.txt http://packetstormsecurity.org/files/113007/Jaow-2.4.5-Blind-SQL-Injection.html Thu, 24 May 2012 14:47:04 GMT Jaow versions 2.4.5 and below suffer from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/files/112987/USN-1450-1.txt http://packetstormsecurity.org/files/112987/USN-1450-1.txt http://packetstormsecurity.org/files/112987/Ubuntu-Security-Notice-USN-1450-1.html Thu, 24 May 2012 02:21:13 GMT Ubuntu Security Notice 1450-1 - It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service. http://packetstormsecurity.org/files/112966/supernews261-sql.txt http://packetstormsecurity.org/files/112966/supernews261-sql.txt http://packetstormsecurity.org/files/112966/Supernews-2.6.1-SQL-Injection.html Wed, 23 May 2012 02:44:00 GMT Supernews versions 2.6.1 and below remote SQL injection exploit. http://packetstormsecurity.org/files/112956/USN-1449-1.txt http://packetstormsecurity.org/files/112956/USN-1449-1.txt http://packetstormsecurity.org/files/112956/Ubuntu-Security-Notice-USN-1449-1.html Tue, 22 May 2012 20:37:23 GMT Ubuntu Security Notice 1449-1 - It was discovered that feedparser did not properly sanitize ENTITY declarations in encoded fields. A remote attacker could exploit this to cause a denial of service via memory exhaustion. http://packetstormsecurity.org/files/112971/phpcgi-exploit.txt http://packetstormsecurity.org/files/112971/phpcgi-exploit.txt http://packetstormsecurity.org/files/112971/PHP-CGI-Argument-Injection.html Tue, 22 May 2012 11:11:11 GMT PHP CGI argument injection remote exploit version 0.3. Works on versions up to 5.3.12 and 5.4.2. http://packetstormsecurity.org/files/112951/nmap-6.00.tgz http://packetstormsecurity.org/files/112951/nmap-6.00.tgz http://packetstormsecurity.org/files/112951/Nmap-Port-Scanner-6.00.html Tue, 22 May 2012 04:00:28 GMT Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. http://packetstormsecurity.org/files/112909/RHSA-2012-0683-01.txt http://packetstormsecurity.org/files/112909/RHSA-2012-0683-01.txt http://packetstormsecurity.org/files/112909/Red-Hat-Security-Advisory-2012-0683-01.html Tue, 22 May 2012 00:24:55 GMT Red Hat Security Advisory 2012-0683-01 - The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacker were able to send DNS queries to a named server that is configured to use bind-dyndb-ldap, they could trigger such an error with a DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP base DN. This would result in an invalid LDAP query that named would retry in a loop, preventing it from responding to other DNS queries. With this update, bind-dyndb-ldap only attempts to retry one time when an LDAP search returns an unexpected error. http://packetstormsecurity.org/files/112908/RHSA-2012-0681-01.txt http://packetstormsecurity.org/files/112908/RHSA-2012-0681-01.txt http://packetstormsecurity.org/files/112908/Red-Hat-Security-Advisory-2012-0681-01.html Tue, 22 May 2012 00:23:56 GMT Red Hat Security Advisory 2012-0681-01 - Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves multiple flaws that weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. http://packetstormsecurity.org/files/112906/RHSA-2012-0682-01.txt http://packetstormsecurity.org/files/112906/RHSA-2012-0682-01.txt http://packetstormsecurity.org/files/112906/Red-Hat-Security-Advisory-2012-0682-01.html Tue, 22 May 2012 00:21:41 GMT Red Hat Security Advisory 2012-0682-01 - Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also addresses multiple flaws that weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. http://packetstormsecurity.org/files/112940/mandos_1.5.4.orig.tar.gz http://packetstormsecurity.org/files/112940/mandos_1.5.4.orig.tar.gz http://packetstormsecurity.org/files/112940/Mandos-Encrypted-File-System-Unattended-Reboot-Utility-1.5.4.html Sun, 20 May 2012 19:11:11 GMT The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system. http://packetstormsecurity.org/files/112941/Odaym-Cura-1.0.zip http://packetstormsecurity.org/files/112941/Odaym-Cura-1.0.zip http://packetstormsecurity.org/files/112941/Cura-1.0.html Sun, 20 May 2012 18:22:22 GMT Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address). http://packetstormsecurity.org/files/112924/chiccosnoopyclub-sqlxss.txt http://packetstormsecurity.org/files/112924/chiccosnoopyclub-sqlxss.txt http://packetstormsecurity.org/files/112924/CHICCO-SnoopyClub-Cross-Site-Scripting-SQL-Injection.html Sun, 20 May 2012 15:22:11 GMT CHICCO SnoopyClub suffers from cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/112942/doubletakedesign-sql.txt http://packetstormsecurity.org/files/112942/doubletakedesign-sql.txt http://packetstormsecurity.org/files/112942/Double-Take-Design-SQL-Injection.html Sun, 20 May 2012 11:11:11 GMT Double Take Design CMS suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/112923/nogod-sql.txt http://packetstormsecurity.org/files/112923/nogod-sql.txt http://packetstormsecurity.org/files/112923/Nogod-SQL-Injection.html Sun, 20 May 2012 11:11:11 GMT Nogod suffers from multiple remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/112920/attractwebcms-sql.txt http://packetstormsecurity.org/files/112920/attractwebcms-sql.txt http://packetstormsecurity.org/files/112920/Attractweb-SQL-Injection.html Sat, 19 May 2012 04:33:33 GMT Attractweb CMS suffers from a remote SQL injection vulnerability.