Packet Storm's last 50 added files.
Last Updated: Thu Jul 24 12:23:39 EDT 2008


[ fwknop-1.9.6.tar.gz ] 9734c99a1c0b28b1522ce50396405d54 fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. 
[ msaccess-activex.txt ] aff43a4e8259ae6e765d04ccc03f104a Microsoft Access ActiveX related remote exploit that makes use of Snapview.ocx version 10.0.5529.0.  
[ wordpressdm-upload.txt ] ab5a1c03a0efe55d5896dd7fcf629eec WordPress Download Manager plugin version 0.2 arbitrary file upload exploit.  
[ ibase-disclose.txt ] fe43ec1fa0a052b7535851f9cb69cd63 ibase versions 2.03 and below suffer from a remote file disclosure vulnerability in download.php.  
[ atomphotoblog-sql.txt ] 69a36f18579002640832d44da0a6de28 Atom PhotoBlog version 1.1.5b1 suffers from a remote SQL injection vulnerability.  
[ dsa-1616-1.txt ] aedebbf953275b7079e71948199d5566 Debian Security Advisory 1616-1 - Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.  
[ bailiwicked_domain.rb.txt ] 5882e859718d26d63b3bc1167eacb0fd This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious nameserver entry into the target nameserver which replaces the legitimate nameservers for the target domain. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache. This insertion completely replaces the original nameserver records for the target domain.  
[ pkd-1.1.tgz ] 7ff6ab126922499e670b12c1882d5e7d ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent. 
[ bailiwicked_host.rb.txt ] 4def3738d35dc00d760fa023d0106a29 This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.  
[ SDTCleaner-v1.0.zip ] 9123411f2b13fc9ec9a831f7e8a6514d SDT Cleaner is a small laboratory tool that attempts to restore the pointers installed by Anti-Virus and Firewalls in the SSDT (System Service Descriptor Table).  
[ dsa-1615-1.txt ] 814da2c25fb7c7e932ae2c2849d21d29 Debian Security Advisory 1615-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.  
[ dsa-1614-1.txt ] 357a585f8c33728c1e761bc85d365a57 Debian Security Advisory 1614-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.  
[ dsa-1540-3.txt ] cccf48a06495b899a26c83ab12130eb3 Debian Security Advisory 1540-3 - This update fixes a regression in lighttpd introduced in DSA-1540, causing SSL failures.  
[ USN-628-1.txt ] 6cd6d0407e8f8ffd96589e18817d582e Ubuntu Security Notice 628-1 - Over a dozen vulnerabilities in php5 have been addressed in Ubuntu.  
[ vimfiletype-exec.txt ] 525775816c2441f36c404a28644bb87a This advisory discusses the filetype.vim vulnerability in Vim version 7.2b.10 that allows for arbitrary code execution and also notes that the Vim patch 7.1.300 did not fix the vulnerability.  
[ emc-sql.txt ] 535213a9fae7b8708f9e219a84119c62 EMC's Centera Universal Access product version CUA4.0_4735.p4 suffers from a SQL injection vulnerability.  
[ AST-2008-011.txt ] 2185fd4b6b919de751e6fe7c8aab32a1 Asterisk Project Security Advisory - An attacker may request an Asterisk server to send part of a firmware image. However, as this firmware download protocol does not initiate a handshake, the source address may be spoofed. Therefore, an IAX2 FWDOWNL request for a firmware file may consume as little as 40 bytes, yet produces a 1040 byte response. Coupled with multiple geographically diverse Asterisk servers, an attacker may flood an victim site with unwanted firmware packets.  
[ AST-2008-010.txt ] c3e6feb71c399d84d8dc74877ffc992c Asterisk Project Security Advisory - By flooding an Asterisk server with IAX2 'POKE' requests, an attacker may eat up all call numbers associated with the IAX2 protocol on an Asterisk server and prevent other IAX2 calls from getting through. Due to the nature of the protocol, IAX2 POKE calls will expect an ACK packet in response to the PONG packet sent in response to the POKE. While waiting for this ACK packet, this dialog consumes an IAX2 call number, as the ACK packet must contain the same call number as was allocated and sent in the PONG.  
[ MDVSA-2008-154.txt ] 02de82850dc988def1ef4ff9e0c8f68e Mandriva Linux Security Advisory - A vulnerability in xemacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by xemacs. The updated packages have been patched to correct this issue.  
[ MDVSA-2008-153.txt ] 317520423f82ed3a15b919a528d64ba9 Mandriva Linux Security Advisory - A vulnerability in emacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by emacs. The updated packages have been patched to correct this issue.  
[ MDVSA-2008-152.txt ] 9deb077f278a874b21006d319120b3bb Mandriva Linux Security Advisory - A vulnerability was found in Wireshark, that could cause it to crash while processing malicious packets. This update provides Wireshark 1.0.2, which is not vulnerable to that.  
[ joomlamamml-upload.txt ] 0a4d3aebca4602e890770992430bc74c The Joomla Mamml component suffers from a remote file disclosure vulnerability.  
[ mysql_injection.pdf ] bd8ca795f2acde98ec699e5686fdc77f Whitepaper discussing techniques for MySQL related SQL injection. Written in Spanish.  
[ oss-bypass.txt ] 7570d3a72f5096b9588136427c83cebc Outpost Security Suite Pro version 2009 suffers from multiple bypass vulnerabilities when using special characters.  
[ PR08-16.txt ] 3a664b6adfa3d72f4d9f2a8baec3e8ec Moodle versions 1.7.4 and below suffer from a cross site request forgery vulnerability.  
[ PR08-13.txt ] 2c780311bb56dbfd1b088e81afe2297d A cross site scripting vulnerability exists in Moodle versions 1.7.4 and below.  
[ CS-2008-2.txt ] cd06e8756e37818b845ccfa76907f968 SocialEngine versions below 2.83 suffer from an input validation vulnerability that allows for client take over.  
[ FGA-2008-16-3.txt ] 0e4381d6c4e9206769d3e16fded8c491 EMC Dantz Retrospect 7 Backup Server version 7.5.508 suffers from a weak password hash arithmetic vulnerability in the authentication module.  
[ presurveypoll-sql.txt ] 4c8cc48caee75fdfa46bf471483ffa69 Pre Survey Poll suffers from a SQL injection vulnerability in default.asp.  
[ ezwebalbum-cookie.txt ] dd69a0f4eeaba3414e0cf5efa2ed5988 EZWebAlbum suffers from an insecure cookie handling vulnerability that allows anyone to be an administrator.  
[ minix-dos.txt ] a22651fcf1856f9932203452a358dc4e Minix version 3.1.2a suffers from a tty panic local denial of service vulnerability.  
[ intellitamper207-exec.txt ] 74a2288e27182326674ac87efbcd2952 IntelliTamper version 2.07 server header remote code execution exploit.  
[ intellitamper207-overflow.c ] 88adf11e2c77e652031d76ddfa50908f IntelliTamper version 2.0.7 html parser remote buffer overflow exploit.  
[ dns-writeup.txt ] a0d975e9261838a800c2ee206625f579 Interesting write up discussing DNS cache poisoning then and now.  
[ USN-627-1.txt ] 0b11fe1d320f9ebc0ce03f99670eab53 Ubuntu Security Notice 627-1 - Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.  
[ DSECRG-08-032.txt ] f71ed888ac06312f64ea478ffcfbd3f2 Claroline eLearning and eWorking Platform version 1.8.10 suffers from cross site scripting vulnerabilities.  
[ dsa-1613-1.txt ] f8c950a3139d1a9b9ffb7c36183f28f7 Debian Security Advisory 1613-1 - Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following three issues:  
[ MDVSA-2008-151.txt ] 1bcd643704c45767fa68f8d446802e52 Mandriva Linux Security Advisory - A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to the execution of arbitrary code. The updated packages have been patched to correct this issue.  
[ sipwitch-0.2.2.tar.gz ] e9f61984910512e70c5c4f354ebefb9f GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate. 
[ shopcartdx-sql.txt ] f0f09d010d615e954dc6bfdb548ae189 ShopCartDx version 4.30 suffers from a remote SQL injection vulnerability.  
[ youtubeblog-rfisqlxss.txt ] 9c83470e6b3fb9d7f64df17a816bc054 YouTube Blog version 0.1 suffers from remote file inclusion, SQL injection, and cross site scripting vulnerabilities.  
[ intellitamper-overflow.txt ] 768f68895d134f16b4510549cd649793 IntelliTamper version 2.0.7 html parser remote buffer overflow exploit.  
[ modjk1219-overflow.txt ] 53fca1af8a7eee242ef26ee3bac1db44 Apache mod_jk version 1.2.19 remote buffer overflow exploit for win32.  
[ zdaemonull.zip ] 5f9b6541fd39cf4504ce5850fe7e2902 ZDaemon version 1.08.07 denial of service exploit that makes use of a NULL pointer vulnerability.  
[ zdaemonull.txt ] 8c85d8ec22bbb9062cb114f68f5402b1 ZDaemon version 1.08.07 suffers from a NULL pointer vulnerability that allows for a denial of service.  
[ glsa-200807-12.txt ] 8100eca3c7360f4b84b412bf7550fda5 Gentoo Linux Security Advisory GLSA 200807-12 - bannedit reported a boundary error when handling overly long IRC MODE messages (CVE-2007-4584). Nico Golde reported an insecure creation of a temporary file within the e_hostname() function (CVE-2007-5839). Versions less than or equal to 1.1-r4 are affected.  
[ dsa-1612-1.txt ] 94322ba827cc08e04f1334e76bdca51f Debian Security Advisory 1612-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:  
[ DSEGRG-08-31.txt ] ccda3be106036a8fbfe5b9e8eace4a84 Interact E-Learning System version 2.4.1 suffers from a local file inclusion vulnerability in help/help.php.  
[ FGA-2008-16-2.txt ] 812c10b6dc3e756242463147b8c58022 EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a NULL pointer reference denial of service vulnerability.  
[ FGA-2008-16.txt ] cbb194fe670583886c0eed55f04e9339 EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a plaintext password hash disclosure vulnerability.