Packet Storm's last 50 added files. Last Updated: Fri Sep 5 20:23:14 EDT 2008 [ MDVSA-2008-188.txt ] fa0a6a8003587117a6311ddf437cc6f1 Mandriva Linux Security Advisory - A number of vulnerabilities have been discovered in the Apache Tomcat server. The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files. A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers. A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter. A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially-crafted request parameter to access protected web resources. A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. The updated packages have been patched to correct these issues. [ glsa-200809-05.txt ] d98aa0bb9eed96877477f69cf21a83c1 Gentoo Linux Security Advisory GLSA 200809-05 - It has been discovered that some input (e.g. the username) passed to the Courier Authentication library are not properly sanitised before being used in SQL queries. Versions less than 0.60.6 are affected. [ freebsd-revcon.txt ] 5f235f3f42ac49433596de4a8bf427b2 90 byte rev connect, recv, jmp, return results shellcode for freebsd/x86. [ webcmsportal-blindsql.txt ] 3e62f2de829c0bf1b68c94d17c98648c webCMS Portal Edition blind SQL injection exploit that leverages index.php. [ esfaq-sql.txt ] ea53bbcf6654db8ca1a49ac0dfd46905 EsFaq version 2.0 suffers from a remote SQL injection vulnerability. [ vastal-itechcosmetics.txt ] 53f1f2c243e4ca3a7465b7b878af6fb0 Vastal I-Tech Cosmetics Zone suffers from a remote SQL injection vulnerability in view_products_cat.php. [ vastal-itechfreelance.txt ] c3050b70a64f3f3524fe720b1fcb64bb Vastal I-Tech Freelance Zone suffers from a remote SQL injection vulnerability in view_cresume.php. [ vastal-itechmag.txt ] ad03d5c61ab7b1764882d04f31a007f1 Vastal I-Tech Mag Zone suffers from a remote SQL injection vulnerability in view_mags.php. [ vastal-itechmmorpg.txt ] e6fafb94727361eb4327476c1ad5f121 Vastal I-Tech MMORPG Zone suffers from a remote SQL injection vulnerability. [ vastal-itechjobs.txt ] d35dde70aa37844953a819214d29ff30 Vastal I-Tech Jobs Zone suffers from a remote SQL injection vulnerability in view_news.php. [ vastal-itechdvd.txt ] 73ed791b817b619b2cae65f5f935670c Vastal I-Tech DVD Zone suffers from a remote SQL injection vulnerability in view_mags.php. [ vastal-itechshare.txt ] b07083700994fa807623dffce0aac446 Vastal I-Tech Share Zone suffers from a remote SQL injection vulnerability in view_news.php. [ vastal-itechtoner.txt ] 6ee1cf0afc26370d06b22ba62dcd7156 Vastal I-Tech Toner Cart suffers from a remote SQL injection vulnerability in show_series_ink.php. [ vastal-itechvisa.txt ] ff1d7f4069afa1ab8a2104311f320e2d Vastal I-Tech Visa Zone suffers from a remote SQL injection vulnerability in view_news.php. [ vastal-itechagent.txt ] 203db934b67f329683f1b32d137acd90 Vastal I-Tech Agent suffers from a remote SQL injection vulnerability in view_ann.php. [ vastal-itechshaadi.txt ] 5c3407bfee59b9dd58df36985f120ff1 Vastal I-Tech Shaadi Zone version 1.0.9 suffers from a remote SQL injection vulnerability. [ google-chrome-dos3.txt ] 62658dd425bb8251d6d3c133c2748eb2 Google Chrome Browser version 0.2.149.27 (1583) silent crash proof of concept exploit. [ samsung-dos.txt ] b9d63562ccf567202d43f490bee3c6cf Proof of concept denial of service exploit for the Samsung DVR SHR-2040. [ insecurityoverview-samsung.pdf ] b885df143355b20ca9ab10e3540514f1 An Insecurity Overview of the Samsung DVR SHR-2040. [ googlechrome-cleartext.txt ] 2fc321543f586f60017f4d03f73ec0ba Google Chrome version 0.2.149.27 stores users credentials in the clear when saving passwords. [ PLSA-2008-36.txt ] 08e25547abae389d971a09a044cf735f Pardus Linux Security Advisory - Multiple memory leaks and buffer overflows have been addressed in ffmpeg. Affected packages are mplayer versions below 0.0_20080825-92-11 and ffmpeg versions below 0.4.9_20080825-46-14. [ wpsimple-xss.txt ] 352dca05a76597134c102fa5f0119f14 WordPress Simple Tagging Widget suffers from a cross site scripting vulnerability. [ googlechrome-pwn.tgz ] 76bc83d0af7a4c1715f162bcddf4c083 Google Chrome Browser version 0.2.149.27 suffers from a SaveAs-related buffer overflow and another denial of service vulnerability. Exploits for both are included in the tarball. PoC-XPSP2.html demonstrates the overflow by launching calc.exe and PoC-Crash.html demonstrates the crash. [ microworld-insecure.txt ] ce8ac3604c3af57abf8400703a98d0e6 Multiple MicroWorld products suffer from insecure directory permissions vulnerabilities that allow for privilege escalation. [ devalcms-xssexec.txt ] db1720fed87cf89e89b28e5e397ee959 devalcms version 1.4a cross site scripting and remote code execution exploit. [ microtik-poc.txt ] 3b065276af46ff576d9a6373c1d277f2 MicroTik RouterOS versions 3.13 and below SNMP write proof of concept exploit. [ xcon2008-cfp.txt ] 6d6d3617daeb94718d64bdef3a52ea12 Call For Papers for XCon 2008. This conference will take place from November 18th through the 19th in Beijing, China. [ awstats-exec2.txt ] c7f6c1a53d73e9b3fc679173c9be5ae7 Remote code execution exploit with an interactive shell for AWStats Totals versions 1.0 through 1.14. Version 2 of this exploit. It now works with magic quotes on or off. [ SSRT080119.txt ] 443e1114b506d1add64aab30e5423482 HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information. [ wordpress-xss.txt ] 87d10fd3e01da8218f1cd5f358994acb Wordpress Forum version 1.7.4 suffers from a cross site scripting vulnerability. [ geocar-sql.txt ] db27bf304857538f4c73e77acf9d86db Geocar CMS suffers from a remote SQL injection vulnerability. [ MDVSA-2008-186.txt ] 153c497151ed5d9641a5eceb1e0840f8 Mandriva Linux Security Advisory - Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2. The Python packages on Corporate 3 have been updated to the latest version 2.3.7, which corrects this issue. [ aslr-bypass.txt ] 69eac3945ce943b762c014d7d22bb2ba Whitepaper discussing an ASLR bypassing methodology on the Linux 2.6.17/20 kernel. [ glsa-200809-04.txt ] f4f0318f961c4b14524fa5983e5bb781 Gentoo Linux Security Advisory GLSA 200809-04 - Sergei Golubchik reported that MySQL imposes no restrictions on the specification of DATA DIRECTORY or INDEX DIRECTORY in SQL CREATE TABLE statements. Versions less than 5.0.60-r1 are affected. [ glsa-200809-03.txt ] 4f3597870ccab8e2f35aaf7c1ac67523 Gentoo Linux Security Advisory GLSA 200809-03 - Dyon Balding of Secunia Research reported an unspecified heap-based buffer overflow in the Shockwave Flash (SWF) frame handling. Versions less than 11.0.0.4028-r1 are affected. [ glsa-200809-02.txt ] f200ed750ca69f71f7f2846f6ee4b218 Gentoo Linux Security Advisory GLSA 200809-02 - Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server. Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash. Versions below 2.45 are affected. [ glsa-200809-01.txt ] b962d5bfed1cd8d721820a20c2d41d07 Gentoo Linux Security Advisory GLSA 200809-01 - Aaron Grattafiori reported a format string vulnerability in the window_error() function in yelp-window.c. Versions less than 2.22.1-r2 are affected. [ zencart138a-sql.txt ] 7093fce21347e1a9db8392feb13b7783 Zen Cart versions 1.3.8a and below suffer from a remote SQL injection vulnerability. [ atheros-overflow.txt ] 7230a63128d6e0c50c7cfdd4a27a0bbb The wireless drivers in some Wi-Fi access points (such as the ATHEROS-based Linksys WRT350N) do not correctly parse the Atheros vendor specific information element included in association requests allowing for denial of service or possible code execution. [ clamav-0.94.tar.gz ] d3f6d5fff2db81950491749166ab0ffa Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. [ qwicsitepro-sqlxss.txt ] 5341b00c6e2afb59c80d5dadafd155fb Qwicsite Pro suffers from remote SQL injection and cross site scripting vulnerabilities. [ awstats-exec.txt ] a547043a45547dde960f9e43614a3b37 Remote code execution exploit with an interactive shell for AWStats Totals versions 1.0 through 1.14. [ clamav-chm.txt ] c8b9acfe29e5a5daeac2e3016acef2b1 A fuzzing test against ClamAV versions below 0.94 discovered that they suffer from a chm file parsing vulnerability which can possibly be exploited. [ marvell-null.txt ] 7b4fbf20ade08e1cd70a32238d9e2ba4 The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from a NULL SSID association request vulnerability that allows for denial of service and possibly code execution. [ marvell-overflow.txt ] e9176cad9b5b34f5fbe34dc7d15e0808 The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from an overflow vulnerability when parsing malformed EAPoL-Key packets. [ google-chrome-dos2.txt ] 0f8d2987472660e03596b9ce11615ee6 Google Chrome Browser version 0.2.149.27 denial of service exploit that uses javascript. [ google-download1.txt ] 92b6bca54154be0ffd5255646a351e3e Google Chrome Browser version 0.2.149.27 automatic file download exploit that uses a meta tag to automatically repeat downloading. [ google-chrome-dos1.txt ] 6152956110692b50a81a49dade0b9e69 Google Chrome Browser version 0.2.149.27 denial of service exploit that uses javascript. [ USN-640-1.txt ] 6db37c29a1720abc184db83b04749719 Ubuntu Security Notice 640-1 - Andreas Solberg discovered that libxml2 did not handle recursive entities safely. If an application linked against libxml2 were made to process a specially crafted XML document, a remote attacker could exhaust the system's CPU resources, leading to a denial of service. [ xrms-sqlxss.txt ] a71487e9d43c109ba82c39085189d4d5 XRMS suffers from multiple cross site scripting and SQL injection vulnerabilities.