Packet Storm's last 50 added files.
Last Updated: Wed Jul 28 18:42:38 EDT 2010


[ MDVSA-2010-142.txt ] 7c99ef64bfc0338ec6f317c16f73ff04 Mandriva Linux Security Advisory 2010-142 - The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.  
[ uplusftp-overflow.txt ] 60a3b2b94f3545e1846005844320d4f2 UPlusFTP Server version 1.7.1.01 remote buffer overflow post authentication exploit.  
[ symantecams-flaw.txt ] 99af1c5cdd484a0a3d2744bc9ee6a38d Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) proof of concept command execution exploit.  
[ jira-xss.txt ] bd54a2222350829abde01d653c24d6a4 Jira version 4.0.1 suffers from a cross site scripting vulnerability.  
[ secunia-autonomykvrp.txt ] 1e07e58e799d937de79f9a8685c827aa Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ secunia-autonomykvindex.txt ] 3d559dc765a3666312900d97ec293124 Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ zemana-escalate.txt ] 3c52a66eb2c31dd73df27b7a44faf0b1 Zemana AntiLogger with AntiLog32.sys versions 1.5.2.755 and below suffer from a local privilege escalation vulnerability.  
[ ceteraecommerce-sqlxss.txt ] 2eaa26eb1f22884df3d3167bc069e4b0 Cetera eCommerce versions 14.0 and below suffer from cross site scripting and remote SQL injection vulnerabilities.  
[ secunia-wkssriu.txt ] 50abca786543ffdc74a394e0ff72c086 Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ secunia-autonomywosr.txt ] 54f75386e8a64e96a4a8814d3df82ed6 Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ secunia-autonomyrtfsigned.txt ] 051da84386777387a8d490662fbcab7b Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the "\\ls" keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ secunia-autonomywkssr.txt ] b86bf4c0e20e58cec482e0807c9fbb94 Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ secunia-autonomycfp.txt ] 51d0af3f78c93a798c10dd606371c9df Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ apachetomcat-traversal.txt ] be0f85711288d99a26465aac5493aec3 UTF-8 directory traversal /etc/passwd grabbing exploit for Apache Tomcat versions prior to 6.0.18.   
[ joomlaphotomapgallery-sql.txt ] 929ef26fbab0a2d1e5aa1b95348554d7 Joomla PhotoMap Gallery version 1.6.0 suffers from multiple remote blind SQL injection vulnerabilities.  
[ avarcade-insecure.txt ] e24295757afa6e9f6b4a25d30a5fe4e7 AV Arcade version 3 suffers from insecure cookie and SQL injection vulnerabilities.  
[ nubuilder-rfi.txt ] d451eae5886197e24dccb93485ece7ea nuBuilder version 10.04.x suffers from a remote file inclusion vulnerability.  
[ dsa-2076-1.txt ] 9e20355dee50b90ffcce599a243fd717 Debian Linux Security Advisory 2076-1 - It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.  
[ dsa-2075-1.txt ] c85c7e83e978f83a8eb180e1d8a1ec32 Debian Linux Security Advisory 2075-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.  
[ MDVSA-2010-141.txt ] 61476c47e396c1762c6244eb9488a6f5 Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues.  
[ MDVSA-2010-140.txt ] 9728cbfda6ca6f7ff1a4ca0bc367b17c Mandriva Linux Security Advisory 2010-140 - This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version.  
[ punbbpunpm-sql.txt ] 6e2c0f3eee120f9b20dfae1d6ecb8956 PunBB versions 1.3.x and below with Pun_PM versions 1.2.6 and below remote blind SQL injection exploit.  
[ joomlattvideo-sql.txt ] 804159f3c6ff44c128962d760a3b3e00 Joomla TTVideo component version 1.0 suffers from a remote SQL injection vulnerability.  
[ msvisualstudio-overflow ] d97606695742264600bae5e755755fa4 Microsoft Visual Studio version 6.0 VCMUTL.dll unicode Active-X buffer overflow exploit.  
[ AdminLoginFinder.tar.gz ] 83f3d29ff6d9af527a0c9c9f5ded5d8c AdminLoginFnder is a perl script that scans webservers for administrative login / control panel sections.  
[ fbruteforcer.py.txt ] c1a881c74c55ae82b40e646268cab519 This is a simple Facebook bruteforcing script that makes use of the Python Mechanize module and a wordlist.  
[ ie67-dos.txt ] 2752a461ecb310dd0db37c67b478c81e Microsoft Internet Explorer versions 6 and 7 suffers from a denial of service vulnerability.  
[ NocON2010-CFP.txt ] c2aa734ac66dfe214966445e7bd4f875 Call For Papers for the No cON Name 2010 Congress. This conference will be held in Barcelona, Spain, from October 18th through the 19th.  
[ socialmedia-lfi.txt ] cfecac432433c100c61e1b5bd2b280fd Social Media version 2.0.0 suffers from a local file inclusion vulnerability.  
[ stackbf.c ] 68c6e59edcec5721f37a7e5d4572546a Stack bruteforcing utility against buffer overflow programs with ASLR. Provides polymorphic shellcode for /bin/sh.  
[ theetacms-sqlxss.txt ] dbfc07930d0e37e7ee46e6f86ff96744 Theeta CMS suffers from cross site scripting and remote SQL injection vulnerabilities.  
[ joomlaappointinator-sql.txt ] f3ba06cfcb83632d05900d500338dc58 The Joomla Appointinator component version 1.0.1 suffers from remote SQL injection vulnerabilities.  
[ syndeocms-xss.txt ] 7968a477727cac0314791654ba903d9f SyndeoCMS versions 2.9.0 and below suffer from multiple cross site scripting vulnerabilities.  
[ MDVSA-2010-139.txt ] 2b75ea5f7908e8b6b979d2ee7f9b6e02 Mandriva Linux Security Advisory 2010-139 - This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible interruption array leak in strrchr(). Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). Fixed a possible memory corruption in substr_replace(). Fixed SplObjectStorage unserialization problems. Fixed a possible stack exhaustion inside fnmatch(). Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed handling of session variable serialization on certain prefix characters. Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Additionally some of the third party extensions has been upgraded and/or rebuilt for the new php version.  
[ major_rls79.txt ] 0703add159aebb090826a24794228dde PHPKIT WCMS version 1.6.5 suffers from multiple cross site scripting vulnerabilities.  
[ easyftp_mkd_fixret.rb.txt ] a31ab6edcdb29318cc3ec1bcff1a522d This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing 'MKD' commands, which leads to a stack based buffer overflow. NOTE: EasyFTP allows anonymous access by default. However, in order to access the 'MKD' command, you must have access to an account that can create directories. After version 1.7.0.12, this package was renamed "UplusFtp". This exploit utilizes a small piece of code that I\\'ve referred to as 'fixRet'. This code allows us to inject of payload of ~500 bytes into a 264 byte buffer by 'fixing' the return address post-exploitation. See references for more information.   
[ easyftp_list_fixret.rb.txt ] dd1158c4d3c385cf313352a66803a9f8 This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11. credit goes to Karn Ganeshan. NOTE: Although, this is likely to exploit the same vulnerability as the 'easyftp_cwd_fixret' exploit, it uses a slightly different vector.   
[ hyleos_chemviewx_activex.rb.txt ] ba64d10e2eab24164863d5807b3b8829 This Metasploit module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary code.  
[ easyftp_list.rb.txt ] e8e1ba35a15a4cce0d46cd0b3dd34996 This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing the 'path' parameter supplied to an HTTP GET request, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability. After version 1.7.0.12, this package was renamed "UplusFtp". Due to limited space, as well as difficulties using an egghunter, the use of staged, ORD, and/or shell payloads is recommended.   
[ USN-964-1.txt ] 3111259b30c67166c3ac294216b6aa2f Ubuntu Security Notice 964-1 - Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to.  
[ USN-930-6.txt ] 324692d14b04636308087c2f0b7a0216 Ubuntu Security Notice 930-6 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem.  
[ USN-957-2.txt ] 3ac0be5b6b188eb8f7028ff06ce196a5 Ubuntu Security Notice 957-2 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem.  
[ LWSA-2010-011.txt ] e3445faede7a32cf2db6c82cd7257311 Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired.  
[ nessus-xssdisclose.txt ] df40b917caf2683326df86131ff08b44 The Nessus nessusd_www_server.nbin file suffers from cross site scripting and version disclosure vulnerabilities.  
[ macosxwebdav-dos.txt ] 435b710d622d103c5cd3285c6c725f47 The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.   
[ foofus-20100726.txt ] e3cc0c7592f38c3b6586dee82cf27d3e The Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response capabilities to AMS2. A design error in Symantec's implementation of this function allows an attacker who can establish a TCP connection to port 38292, on a vulnerable host to execute commands at system level on that host. Versions 10.1.8.8000 and below are affected.  
[ fuzzdiff.py.txt ] ec3d8e64642e2cc6539902f9ff72fd1f FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.  
[ transparent-medical-devices.pdf ] 5fcfc55317dc9197494fe74df312b5b1 Whitepaper called Killed by Code: Software Transparency in Implantable Medical Devices.  
[ qqplayersmi-overflow.txt ] 406fce05161dd97728004e5127e74900 QQplayer versions 2.3.696.400p1 and below .smi file processing local buffer overflow exploit.  
[ oscommercemax-backup.txt ] cc921370448d96ff05e985cba88687e9 Oscommerce Max version 2.0.25 suffers from a backup creation and download vulnerability.