http://packetstormsecurity.org/ 50 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/0901-advisories/dsa-1694-2.txt Debian Security Advisory 1694-2 - The xterm update in DSA-1694-1 disabled font changing as a precaution. However, users reported that they need this feature. The update in this DSA makes font shifting through escape sequences configurable, using a new allowFontOps X resource, and unconditionally enables font changing through keyboard sequences. http://packetstormsecurity.org/0901-exploits/debianxterm-weakness.txt Debian GNU/Linux suffers from a XTERM DECRQSS weakness that allows for remote code execution as the user id viewing the content. http://packetstormsecurity.org/0901-advisories/USN-701-2.txt Ubuntu Security Notice USN-701-2 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine. http://packetstormsecurity.org/0901-advisories/USN-701-1.txt Ubuntu Security Notice USN-701-1 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine. http://packetstormsecurity.org/UNIX/security/ip-array_0.05.74c.tar.gz IP-Array is a Linux iptables Firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, Traffic Shaping (creation of custom HTB and SFQ qdiscs, Classes, and Filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP. http://packetstormsecurity.org/linux/admin/mandos_1.0.3.orig.tar.gz The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system. http://packetstormsecurity.org/0901-exploits/playsms093-rfilfi.txt playSMS version 0.9.3 suffers from multiple remote and local file inclusion vulnerabilities. http://packetstormsecurity.org/0901-exploits/oraclecompress-sql.txt Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL injection exploit that grants DBA access and creates a new user. http://packetstormsecurity.org/0901-exploits/oraclemergework-sql.txt Oracle 10g SYS.LT.MERGEWORKSPACE SQL injection exploit that grants DBA access and creates a new user. http://packetstormsecurity.org/0901-exploits/oracleworkspace-sql.txt Oracle 10g SYS.LT.REMOVEWORKSPACE SQL injection exploit that grants DBA access and creates a new user using the advanced extproc method. http://packetstormsecurity.org/0901-exploits/seamonkey1114-dos.txt SeaMonkey versions 1.1.14 and below denial of service exploit that leverages a vulnerability found in September of 2008 for version 1.1.11. http://packetstormsecurity.org/0901-exploits/itcms-sql.txt IT!CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/0901-exploits/ezpack-sqlxss.txt ezPack version 4.2b2 suffers from cross site scripting and SQL injection vulnerabilities. http://packetstormsecurity.org/0901-exploits/goople-sql.txt Goople versions 1.8.2 and below blind SQL injection exploit that makes use of frontpage.php. http://packetstormsecurity.org/0901-exploits/vuplayer-dos.txt VUPlayer version 2.49 local denial of service proof of concept exploit that creates a malicious file. http://packetstormsecurity.org/0901-exploits/coolplayer_bof.txt CoolPlayer Build 219 PlaylistSkin buffer overflow exploit that binds a shell to tcp port 4444. http://packetstormsecurity.org/0901-exploits/rosoft421-overflow.txt Rosoft Media Player version 4.2.1 local buffer overflow exploit that spawns calc.exe. http://packetstormsecurity.org/0901-exploits/riotpix-bypass.txt RiotPix versions 0.61 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/0901-exploits/riotpix-sql.txt RiotPix versions 0.61 and below blind remote SQL injection exploit. http://packetstormsecurity.org/0901-exploits/phpauctionsystem-rfi.txt PHP Auction System suffers from multiple remote file inclusion vulnerabilities. http://packetstormsecurity.org/0901-advisories/USN-703-1.txt Ubuntu Security Notice USN-703-1 - Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges. http://packetstormsecurity.org/0901-advisories/USN-702-1.txt Ubuntu Security Notice USN-702-1 - Gunter Hockel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting registry shares = yes , include = registry , or config backend = registry , which is not the default. http://packetstormsecurity.org/0901-exploits/phpauctionsystem-insecure.txt PHP Auction System suffers from an insecure cookie handling vulnerability. http://packetstormsecurity.org/0901-exploits/phpauctionsystem-sqlxss.txt PHP Auction System suffers from cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/0901-exploits/joomlaphoca-sql.txt Joomla Phoca Documentation remote SQL injection exploit that makes use of index.php. http://packetstormsecurity.org/UNIX/scanners/lfi-rfi2.txt Local / Remote file inclusion scanner that attempts to make use of a c99 shell on a vulnerable host. http://packetstormsecurity.org/0901-exploits/theratcms-sql.txt The Rat CMS Alpha 2 remote blind SQL injection exploit that leverages viewarticle.php. http://packetstormsecurity.org/0901-advisories/walusoft-traversal.txt Walusoft TFTPServer2000 version 3.6.1 suffers from a directory traversal vulnerability. http://packetstormsecurity.org/0901-exploits/dmp161lst4-overflow.txt Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. http://packetstormsecurity.org/papers/call_for/seacureit-cfp2009.txt SEaCURE.IT is the first international technical conference ever held in Italy on security related topics, aimed at bringing together the leading experts from all over the world, to create a unique setting for networking and discussion among the speakers and the attendees. The 2009 edition will be held from May 19th to the 22nd in Villasimius, Sardinia. http://packetstormsecurity.org/0901-exploits/plxautoreminder-sql.txt plxAutoReminder version 3.7 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0901-exploits/safari-heap.txt Safari array integer overflow proof of concept exploit. http://packetstormsecurity.org/0901-exploits/dmp161lst3-overflow.txt Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. http://packetstormsecurity.org/peer2peer/tor.uclibc.i686.20090105.iso Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. http://packetstormsecurity.org/0901-exploits/solucion-sql.txt SolucionWeb suffers from a remote SQL injection vulnerability in main.php. http://packetstormsecurity.org/0901-exploits/joomlanewsdesc-sql.txt Joomla NA News Description component remote SQL injection exploit. http://packetstormsecurity.org/0901-exploits/pollpro-xsrf.txt PollPro version 3.0 appears to suffer from a cross site request forgery vulnerability. http://packetstormsecurity.org/0901-exploits/webspell-edit.txt webSPELL versions 4.01.02 and below suffer from a remote edit topics vulnerability. http://packetstormsecurity.org/0901-exploits/pnphpbb212i-lfi.txt PNphpBB2 versions 1.2i and below suffer from multiple local file inclusion vulnerabilities. http://packetstormsecurity.org/papers/call_for/msfxdc-contest.txt MSFXDC (MetaSploit Framework eXploits Development Contest) is a challenge where the main goal is to code the largest number of new Metasploit Framework exploits modules. MSFXDC is organized by JA-PSI. http://packetstormsecurity.org/0901-exploits/wsnguest123-sql.txt WSN Guest version 1.23 suffers from a remote SQL injection vulnerability in search.php. http://packetstormsecurity.org/0901-exploits/phpmesfilms-sql.txt PhpMesFilms version 1.0 suffers from a remote SQL injection vulnerability in index.php. http://packetstormsecurity.org/0901-exploits/vuplayer-overflow.txt VUPlayer version 2.49 .wax file local buffer overflow exploit that spawns calc.exe. http://packetstormsecurity.org/0901-exploits/dmp161lst2-overflow.txt Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. http://packetstormsecurity.org/0901-exploits/dmp161lst1-overflow.txt Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. http://packetstormsecurity.org/0901-exploits/ayemsisemlak-disclose.txt Ayemsis Emlak Pro suffers from a remote database disclosure vulnerability. http://packetstormsecurity.org/0901-exploits/ayemsisemlak-sql.txt Ayemsis Emlak Pro suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/0901-exploits/cybershadecms-rfi.txt Cybershade CMS version 0.2b remote file inclusion exploit that uses index.php. http://packetstormsecurity.org/0901-exploits/joomlasimplereview-sql.txt The Joomla Simple Review component version 1.x suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/wireless/RFIDIOt-0.1v.tgz RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r). This is the Windows version.