.:[ packet storm ]:.
                         
know your enemy
know your enemy

 Section:  .. / Last 50 Files /

 ///  File Name:ie8-forcedtweet.txt
Description:
Microsoft Internet Explorer 8 suffers from a vulnerability that allows an arbitrary web site the ability to force a victim to make tweets.
Author:Chris Evans
File Size:1131
Last Modified:Sep 3 19:25:48 2010
MD5 Checksum:51e26942b1d61bf8696ece2a57b00b66

 ///  File Name:smbind-sql.txt
Description:
SMBind versions 0.4.7 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
Author:IHTeam
File Size:1711
Last Modified:Sep 3 19:21:31 2010
MD5 Checksum:c49af99187546a30749f3a3a4ba5cc44

 ///  File Name:pligg104-sql.txt
Description:
Pligg version 1.0.4 suffers from additional remote SQL injection vulnerabilities outside of the previously discovered findings.
Author:Bogdan Calin
Homepage:http://www.acunetix.com/
Related Exploit:pliggcms104-sql.txt
File Size:3371
Last Modified:Sep 3 19:19:28 2010
MD5 Checksum:3162841c2d8bfcfec785cce729b0412b

 ///  File Name:moaub03-trendmicro.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Trend Micro Internet Security Pro 2010 suffers from an Active-X extSetOwner remote code execution vulnerability.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-trendmicro.txt
File Size:359668
Last Modified:Sep 3 19:17:17 2010
MD5 Checksum:81b892dac8eb292ac0b50174b0d75657

 ///  File Name:moaub03-visinia.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Visinia version 1.3 suffers from cross site request forgery and local file inclusion vulnerabilities.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-visinia.txt
File Size:362975
Last Modified:Sep 3 19:15:33 2010
MD5 Checksum:619881b402da33983acd8bed63e7fe1d

 ///  File Name:googlechrome-corruption.txt
Description:
VUPEN Vulnerability Research Team discovered a high risk vulnerability affecting Google Chrome. The vulnerability is caused by a memory corruption error when processing focus events, which could be exploited by remote attackers to potentially execute arbitrary code by tricking a user into visiting a specially crafted web page. Google Chrome versions prior to 6.0.472.53 are affected.
Author:Matthieu Bonetti
Homepage:http://www.vupen.com/
File Size:2371
Last Modified:Sep 3 19:12:55 2010
MD5 Checksum:d7bb1c9543aec34baff17e3f886116fb

 ///  File Name:moaub-visinia.txt
Description:
Month Of Abysssec Undisclosed Bugs - Visinia version 1.3 suffers from cross site request forgery and local file inclusion vulnerabilities.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
File Size:4359
Last Modified:Sep 3 19:10:46 2010
MD5 Checksum:4f2cdbb83c685adb6510a897eaeaaf25

 ///  File Name:moaub-trendmicro.txt
Description:
Month Of Abysssec Undisclosed Bugs - Trend Micro Internet Security Pro 2010 suffers from an Active-X extSetOwner remote code execution vulnerability.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
File Size:2172
Last Modified:Sep 3 19:10:11 2010
MD5 Checksum:bc9e1d9b0e93b3baf3ad0e4ace4f8ce6

 ///  File Name:dsa-2102-1.txt
Description:
Debian Linux Security Advisory 2102-1 - It has been discovered that in barnowl, a curses-based instant-messaging client, the return codes of calls to the ZPending and ZReceiveNotice functions in libzephyr were not checked, allowing attackers to cause a denial of service (crash of the application), and possibly execute arbitrary code.
Author:Debian
Homepage:http://www.debian.org/security
File Size:5479
Related CVE(s):CVE-2010-2725
Last Modified:Sep 3 19:08:51 2010
MD5 Checksum:de4af2887f97b53bbc11ac63308a1a5c

 ///  File Name:HPSBMA02572-SSRT100082.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified with HP Operations Agent running on Windows. The vulnerabilities could be exploited locally resulting in an elevation of privileges and remotely allowing execution of arbitrary code.
Homepage:http://www.hp.com/
File Size:6011
Related CVE(s):CVE-2010-3004, CVE-2010-3005
Last Modified:Sep 3 19:04:55 2010
MD5 Checksum:3a249f396673948dfc9c54350c90b961

 ///  File Name:MDVSA-2010-170.txt
Description:
Mandriva Linux Security Advisory 2010-170 - GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a.wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:5600
Related CVE(s):CVE-2010-2252
Last Modified:Sep 2 23:47:14 2010
MD5 Checksum:1d5d76c35a7524b8752e4dfab043cf0f

 ///  File Name:glsa-201009-01.txt
Description:
Gentoo Linux Security Advisory 201009-1 - An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Versions less than 2.8.10.1-r1 are affected.
Author:Gentoo
Homepage:http://security.gentoo.org
File Size:3040
Related CVE(s):CVE-2009-2369
Last Modified:Sep 2 23:46:38 2010
MD5 Checksum:fdf7e822a65781e0b83fcc9be4491798

 ///  File Name:onecms-xss.txt
Description:
OneCMS version 2.6.1 suffers from a cross site scripting vulnerability.
Author:anT!-Tr0J4n
File Size:897
Last Modified:Sep 2 23:45:56 2010
MD5 Checksum:740f705d0901e689fd0d4c44af86aedf

 ///  File Name:path-attacks.txt
Description:
Whitepaper called PATH Attacks. Written in German.
Author:fred777
File Size:4731
Last Modified:Sep 2 23:43:29 2010
MD5 Checksum:7933cf7d3dc0e60c44aa420b47a80c47

 ///  File Name:moaub02-apple.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-quicktime.txt
File Size:154759
Related CVE(s):CVE-2010-0519
Last Modified:Sep 2 23:37:47 2010
MD5 Checksum:e1e2b6f4c40321ac93c73434a39dc229

 ///  File Name:moaub02-rainbow.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Rainbow Portal version 2.0 suffers from login weakness, cross site scripting and remote SQL injection vulnerabilities.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-rainbowportal.txt
File Size:142764
Last Modified:Sep 2 23:33:55 2010
MD5 Checksum:12d02297541fb5e8b80004196ffb9094

 ///  File Name:webmanagerpro-sql.txt
Description:
CMS WebManager-Pro suffers from a remote SQL injection vulnerability.
Author:MustLive
File Size:1025
Last Modified:Sep 2 23:21:13 2010
MD5 Checksum:e5db11a98db2675d2b09d59fb6743fc3

 ///  File Name:suricata-1.0.2.tar.gz
Description:
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
Homepage:http://www.openinfosecfoundation.org/index.php/download-suricata
Changes:An SSH module was added. Several TCP evasions were fixed. Language compatibility was improved. HTTP detection accuracy was improved. Inline mode was improved.
File Size:1630936
Last Modified:Sep 2 23:18:47 2010
MD5 Checksum:57c93a22602ecc9bbe5857beeb79cb5d

 ///  File Name:checksum-shellcode.txt
Description:
This shellcode is an egg hunter checksum routine.
Author:Ron Henry
File Size:2395
Last Modified:Sep 2 23:15:53 2010
MD5 Checksum:86a11690f9577c5dbe008bd3b2a7d903

 ///  File Name:USN-982-1.txt
Description:
Ubuntu Security Notice 982-1 - It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:11134
Related CVE(s):CVE-2010-2252
Last Modified:Sep 2 23:15:02 2010
MD5 Checksum:772e3ecddbb0e78f9ad1482e49e5c2b0

 ///  File Name:PRL-2010-07.txt
Description:
A flaw exists within SSHD.NLM of Novell Netware version 6.5. When the application attempts to resolve an absolute path on the server, a 512 byte destination buffer is used without bounds checking. By providing a large enough value, an attacker can cause a buffer to be overflowed. Successful exploitation results in remote code execution under the context of the server.
Author:Francis Provencher
File Size:3448
Last Modified:Sep 2 23:12:50 2010
MD5 Checksum:0f072e2d9e7ec5d12c5cefae31d95aeb

 ///  File Name:MDVSA-2010-169.txt
Description:
Mandriva Linux Security Advisory 2010-169 - dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Mozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. Various other Mozilla related vulnerabilities have been addressed.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:74322
Related CVE(s):CVE-2010-2754, CVE-2010-0654, CVE-2010-1213, CVE-2010-2753, CVE-2010-1211
Last Modified:Sep 2 23:08:28 2010
MD5 Checksum:0f02f3eda393e2a0d929deb75ea471a5

 ///  File Name:moovida-dllhijack.tgz
Description:
Moovida Media Player versions 2.0.0.15 and below DLL hijacking exploit.
Author:Aung Khant
Homepage:http://yehg.net/
File Size:11434
Last Modified:Sep 2 23:06:50 2010
MD5 Checksum:a822bb5288d37ba5b82362025654c4e9

 ///  File Name:cvechecker-0.5.tar.gz
Description:
cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
Author:Sven Vermeulen
Homepage:http://cvechecker.sourceforge.net/
Changes:The tool should now build properly on NetBSD and FreeBSD (although more user experience here is still welcome). This release introduces a cvereport command (example output can be found at the project site), and has lowered its initial dependency requirements. pullcves now only loads the CVE XML changes in the database, rather than iterating across all CVE XML entries.
File Size:132624
Last Modified:Sep 2 23:01:40 2010
MD5 Checksum:d6c5e5538ebcc6e87a24a1ff70d38942

 ///  File Name:moaub-quicktime.txt
Description:
Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
File Size:34415
Related CVE(s):CVE-2010-0519
Last Modified:Sep 2 22:57:48 2010
MD5 Checksum:3b8e0f535bf0ba3739f15044c0249d16

 ///  File Name:vbshout-rfilfi.txt
Description:
vbShout version 5.2.2 suffers from remote and local file inclusion vulnerabilities.
Author:fred777
File Size:1653
Last Modified:Sep 2 22:56:07 2010
MD5 Checksum:5cb9fe845a66a395c3d63fa172edaaba

 ///  File Name:moaub-rainbowportal.txt
Description:
Month Of Abysssec Undisclosed Bugs - Rainbow Portal version 2.0 suffers from login weakness, cross site scripting and remote SQL injection vulnerabilities.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
File Size:7143
Last Modified:Sep 2 22:54:57 2010
MD5 Checksum:8ae0ef410cda573b1cdcf2b600096f27

 ///  File Name:shopalacart-sqlxss.txt
Description:
Shop A La Cart suffers from cross site scripting and remote SQL injection vulnerabilities.
Author:Ariko-Security
File Size:2532
Last Modified:Sep 2 22:47:44 2010
MD5 Checksum:9e41de6d42151e83c7437d485141d13a

 ///  File Name:accton-backdoor.txt
Description:
Accton-based switches which are commonly rebranded as 3Com, Dell, SMC, Foundry and EdgeCore suffer from a backdoor password vulnerability.
Author:Edwin Eefting,Erik Smit,Erwin Drent
File Size:6586
Last Modified:Sep 2 22:46:06 2010
MD5 Checksum:24a33d38be40a5f54dc4a7cea823c455

 ///  File Name:nullconGoa2011-CFP.txt
Description:
The Call For Papers for nullcon Dwitiya 2.0 is now open. It takes place February 25th through the 26th, 2011 in Goa, India.
Homepage:http://nullcon.net/
File Size:2908
Last Modified:Sep 1 16:40:25 2010
MD5 Checksum:ef8b994b84ef1796e447f7f903b43bfd

 ///  File Name:amirocmsfaq-xss.txt
Description:
Amiro.CMS version 5.8.4.0 suffers from a stored cross site scripting vulnerability.
Author:High-Tech Bridge SA
Homepage:http://www.htbridge.ch/
File Size:3771
Last Modified:Sep 1 16:39:03 2010
MD5 Checksum:fcde2057993cb2b829ddb53e50b7a2db

 ///  File Name:advanced-xss.pdf
Description:
Whitepaper called Advanced XSS. Written in Arabic.
Author:BorN To K!LL
File Size:110621
Last Modified:Sep 1 16:36:19 2010
MD5 Checksum:0bc888db03f90237ae4c029ade20fe9e

 ///  File Name:moaub01-cpanel.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Cpanel suffers from a PHP restriction bypass vulnerability. Versions 11.25 and below are affected.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-cpanel.txt
File Size:111765
Last Modified:Sep 1 16:33:24 2010
MD5 Checksum:742e27e87f22754fb5fce6e831b68d44

 ///  File Name:moaub01-adobe.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash Player suffer from a "newclass" invalid pointer vulnerability.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-adobenewclass.txt
File Size:141640
Related CVE(s):CVE-2010-1297
Last Modified:Sep 1 16:29:42 2010
MD5 Checksum:fdb5c4d67a6da028140181593899cb19

 ///  File Name:MDVSA-2010-168.txt
Description:
Mandriva Linux Security Advisory 2010-168 - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service and possibly execute some sources refer to this as a use-after-free issue. The updated packages have been patched to correct this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:3636
Related CVE(s):CVE-2010-2939
Last Modified:Sep 1 16:28:29 2010
MD5 Checksum:f0c6c2f4720853cfe16f3b61747fe479

 ///  File Name:ZSL-2010-4961.txt
Description:
LEADTOOLS version 16.5.0.2 suffers from buffer overflow, integer overflow and denial of service vulnerabilities related to Active-X Common Dialogs.
Author:LiquidWorm
Homepage:http://www.zeroscience.mk/
File Size:5242
Last Modified:Sep 1 16:24:41 2010
MD5 Checksum:a859c3a0f188bdc6e2d5f0c5329cd58f

 ///  File Name:cpanelcp-xss.txt
Description:
cPanel Customer Portal suffers from a cross site scripting vulnerability.
Author:Inj3ct0r
File Size:2163
Last Modified:Sep 1 16:22:47 2010
MD5 Checksum:a21b61d647c5ac039c00c3fc7e05e2c1

 ///  File Name:tftpddesktop-traversal.txt
Description:
TFTP Desktop version 2.5 suffers from a directory traversal vulnerability.
Author:chr1x
File Size:3682
Last Modified:Sep 1 16:20:39 2010
MD5 Checksum:898e5d989da95c2440eeba3e54c34fc6

 ///  File Name:tftpdwin-traversal.txt
Description:
TFTPDWIN version 0.4.2 suffers from a directory traversal vulnerability.
Author:chr1x
File Size:6884
Last Modified:Sep 1 16:18:58 2010
MD5 Checksum:f656003b3289d7a806b0ae3a44cd7add

 ///  File Name:macosxparental-bypass.txt
Description:
The parental controls built into the Mac OS X Mail client can be easily bypassed by anyone who knows the email address of the child and his/her parent.
Author:Jonathan Kamens
File Size:4344
Last Modified:Sep 1 16:14:38 2010
MD5 Checksum:a9781fd5642b187fa7ed3b0e9f72ac7f

 ///  File Name:autodeskmapguide-overflow.txt
Description:
Autodesk MapGuide Viewer version 6.5 suffers from an Active-X related overflow vulnerability in MGAXCTRL.DLL.
Author:d3b4g
File Size:1940
Last Modified:Sep 1 16:10:30 2010
MD5 Checksum:882756dc9fce01e1d0e666a1cd8c0cf2

 ///  File Name:moaub-adobenewclass.txt
Description:
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash Player suffer from a "newclass" invalid pointer vulnerability.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
File Size:13937
Related CVE(s):CVE-2010-1297
Last Modified:Sep 1 16:08:18 2010
MD5 Checksum:e44475e68ca437d68b131cf63c343d95

 ///  File Name:moaub-cpanel.txt
Description:
Month Of Abysssec Undisclosed Bugs - Cpanel suffers from a PHP restriction bypass vulnerability. Versions 11.25 and below are affected.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
File Size:3736
Last Modified:Sep 1 16:06:39 2010
MD5 Checksum:3dfa74787ba6fd6279c79324649a56a1

 ///  File Name:phpjokesitesbjoke-sql.txt
Description:
PHP Joke Site Software suffers from a remote SQL injection vulnerability.
Author:BorN To K!LL
Related Exploit:phpjokesite-sql.txt
File Size:565
Last Modified:Sep 1 15:59:51 2010
MD5 Checksum:172eb0f98e841ca014559f7898702736

 ///  File Name:dompdf-rfi.txt
Description:
Dompdf version 0.6.0 Beta 1 suffers from a remote file inclusion vulnerability.
Author:Andre Corleone
File Size:1499
Last Modified:Sep 1 14:13:33 2010
MD5 Checksum:65ce155bec2ac26b202f7b878a5116a3

 ///  File Name:mblogger-sql.txt
Description:
mBlogger version 1.0.04 remote SQL injection exploit that leverages viewpost.php.
Author:Ptrace Security
File Size:2424
Last Modified:Sep 1 14:12:28 2010
MD5 Checksum:51517c5cb1c09c3c9e2adf071970e9e9

 ///  File Name:1008-exploits.tgz
Description:
This archive contains all of the 422 exploits added to Packet Storm in August, 2010.
Homepage:http://packetstormsecurity.org/
File Size:6821139
Last Modified:Sep 1 14:05:29 2010
MD5 Checksum:4e017168fda6b5d2fb6f9a6d5a68c7dd

 ///  File Name:dbpoweramplocal-overflow.txt
Description:
dBpowerAMP Audio Player local buffer overflow exploit (EDI overwrite method used).
Author:41.w4r10r,FB1H2S
File Size:5731
Related CVE(s):CVE-2008-0661
Last Modified:Sep 1 14:04:10 2010
MD5 Checksum:de24165a60d1f4dda6138d883a70a3cd

 ///  File Name:artgk-xss.txt
Description:
ArtGK CMS suffers from cross site scripting vulnerabilities.
Author:High-Tech Bridge SA
Homepage:http://www.htbridge.ch/
File Size:3169
Last Modified:Sep 1 13:55:05 2010
MD5 Checksum:de278d4918ab9ef7821bdfba70f7a6ac

 ///  File Name:rooted2011-cfp.txt
Description:
Rooted CON 2011 Call For Papers - Rooted CON is a security congress which will be held in Madrid (Spain) from 3 to 5 March 2011, whose spectrum of participants ranging from students to state forces and secret services, through professionals of the security market, lawyers, or even technology enthusiasts (and others).
Homepage:http://www.rootedcon.es/
File Size:3153
Last Modified:Sep 1 13:53:18 2010
MD5 Checksum:70c5eb05ee62e47b227ab137a36a3e29