http://packetstormsecurity.org/ 50 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/0805-advisories/ZDI-08-025.txt A vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe service listening by default on TCP port 402. The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of Altiris Deployment Solution to easily decrypt the credentials. http://packetstormsecurity.org/0805-advisories/ZDI-08-024.txt A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack of proper sanitation while parsing requests allows for a remote attacker to inject arbitrary SQL statements into the database. Exploitation of this vulnerability can result in arbitrary code execution under the context of the SYSTEM user. http://packetstormsecurity.org/0805-exploits/sunshop-blindsql.txt SunShop version 3.5.1 remote blind SQL injection exploit. http://packetstormsecurity.org/0805-advisories/aid-051408.asc Aruba Networks Security Advisory - A user authentication vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using TACACS authentication for Controller management users. Cross-site scripting vulnerabilities were discovered during standard bug reporting procedures in the Aruba Mobility Controller. Certain malformed inputs to the web UI allow the injection of cross-site scripting (XSS) components, leading to a potential compromise of client web session integrity. http://packetstormsecurity.org/papers/attack/altiris.pdf Whitepaper discussing privilege escalation vulnerability in the Symantec Altiris Deployment Solution. http://packetstormsecurity.org/0805-exploits/68classifieds-sql.txt 68 Classifieds version 4.0 suffers from a SQL injection vulnerability in category.php. http://packetstormsecurity.org/0805-exploits/newsmanager-rfisql.txt Newsmanager version 2.09 suffers from remote file inclusion, remote file disclosure, SQL injection, and permission bypass vulnerabilities. http://packetstormsecurity.org/0805-exploits/kostenloses-sql.txt Kostenloses Linkmanagementscript suffers from multiple SQL injection vulnerabilities. http://packetstormsecurity.org/0805-exploits/symantec-escalate.txt Symantec Altiris Client Service versions 6.5.248, 6.5.299, and 6.8.378 local privilege escalation exploit. Based on the vulnerability noted in MS04-019. http://packetstormsecurity.org/0805-advisories/cisco-sa-20080514-cup.txt Cisco Security Advisory - Administrators of systems running all Cisco Unified Presence versions can determine the software version by viewing the main page of the Cisco Unified Presence Administration interface. The software version can be determined by running the command show version active via the Command Line Interface (CLI). http://packetstormsecurity.org/0805-advisories/cisco-sa-20080514-cucmdos.txt Cisco Security Advisory - Cisco Unified Communications Manager, formerly Cisco CallManager, contains multiple denial of service (DoS) vulnerabilities that may cause an interruption in voice services, if exploited. These vulnerabilities were discovered internally by Cisco. http://packetstormsecurity.org/0805-advisories/cisco-sa-20080514-csm.txt Cisco Security Advisory - The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection. http://packetstormsecurity.org/0805-exploits/debian-sploit.txt A nice walk through discussing step by step how to brute force ssh logins using the recent Debian OpenSSL random number generator vulnerability. http://packetstormsecurity.org/papers/call_for/EC2ND-2008-CFP.txt Call For Papers for EC2ND. The fourth annual EC2ND conference will take place on December 11th and 12th 2008 in the Faculty of Engineering and Computing at Dublin City University. http://packetstormsecurity.org/fuzzer/sqlfuzzer.py.txt SQL Injector version 1.0 is a fuzzing utility written in Python. http://packetstormsecurity.org/fuzzer/xsschecker.py.txt Cross site scripting fuzzing utility written in Python. http://packetstormsecurity.org/0805-exploits/msie-crosszone.txt Microsoft Internet Explorer is prone to a cross-zone scripting vulnerability in its Print Table of Links feature. http://packetstormsecurity.org/0805-exploits/idautomation-activex.txt The IDAutomation Bar Code ActiveX controller suffers from multiple vulnerabilities. http://packetstormsecurity.org/0805-advisories/AD20080514.txt The Microsoft Malware Protection Engine is susceptible to two denial of service vulnerabilities. http://packetstormsecurity.org/shellcode/win32-generator.txt win32 Download and Execute shellcode generator (browsers edition). http://packetstormsecurity.org/0805-advisories/dsa-1577-1.txt Debian Security Advisory 1577-1 - Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitrary files on the local system. http://packetstormsecurity.org/0805-advisories/dsa-1576-1.txt Debian Security Advisory 1576-1 - The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied. http://packetstormsecurity.org/0805-advisories/glsa-200805-16.txt Gentoo Linux Security Advisory GLSA 200805-16 - Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Versions less than 2.4.0 are affected. http://packetstormsecurity.org/0805-advisories/glsa-200805-15.txt Gentoo Linux Security Advisory GLSA 200805-15 - Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. Versions less than 0.15.1b-r2 are affected. http://packetstormsecurity.org/0805-advisories/USN-612-6.txt Ubuntu Security Notice 612-6 - USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates. It was also found that openssl-vulnkey from openssl-blacklist would fail when stderr was not available. This caused OpenVPN to fail to start when used with applications such as NetworkManager. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. http://packetstormsecurity.org/0805-advisories/USN-612-5.txt Ubuntu Security Notice 612-5 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as no-port-forwarding or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. http://packetstormsecurity.org/0805-advisories/USN-612-4.txt Ubuntu Security Notice 612-4 - USN-612-1 fixed vulnerabilities in openssl. This update provides the corresponding updates for ssl-cert -- potentially compromised snake-oil SSL certificates will be regenerated. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. http://packetstormsecurity.org/0805-exploits/rgboard-rfixss.txt Rgboard versions 3.0.12 and below suffer from remote file inclusion and cross site scripting vulnerabilities. http://packetstormsecurity.org/0805-exploits/hordeturba-xss.txt Horde and Turbo Contact Manager suffers from multiple cross site scripting vulnerabilities. http://packetstormsecurity.org/0805-exploits/feedback-sql.txt Feedback and Rating Script version 1.0 suffers from a SQL injection vulnerability in detail.php. http://packetstormsecurity.org/0805-exploits/freelance-sql.txt Freelance Auction Script version 1.0 suffers from a SQL injection vulnerability in browseproject.php. http://packetstormsecurity.org/0805-exploits/internetphotoshow-cookie.txt Internet Photoshow Special Edition suffers from an insecure cooking handling vulnerability that allows for arbitrary administrative access. http://packetstormsecurity.org/0805-exploits/activekb-cookie.txt ActiveKB versions 1.5 and below suffer from an insecure cooking handling vulnerability that allows for arbitrary administrative access. http://packetstormsecurity.org/0805-exploits/asgastracker-cookie.txt AS-GasTracker version 1.0.0 suffers from an insecure cookie handling vulnerability. http://packetstormsecurity.org/0805-exploits/lanaicms-upload.txt La-Nai CMS versions 1.2.16 and below arbitrary file upload exploit. http://packetstormsecurity.org/papers/web/xsrf-paper.txt Whitepaper regarding cross site request forgery attacks. Written in Spanish. http://packetstormsecurity.org/0805-advisories/officepub-corrupt.txt A memory corruption vulnerability exists in Microsoft Office Publisher when it is parsing a PUB file. An attacker who successfully exploits this vulnerability can execute arbitrary code on the affected system. http://packetstormsecurity.org/0805-exploits/kostenloses-rfi.txt Kostenloses Linkmanagementscript suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0805-exploits/emo-sql.txt EMO Realty Manager suffers from a SQL injection vulnerability in news.php. http://packetstormsecurity.org/0805-exploits/restate-sql.txt The Real Estate Script suffers from a SQL injection vulnerability in dpage.php. http://packetstormsecurity.org/0805-exploits/linkspile-sql.txt Linkspile suffers from a remote SQL injection vulnerability in link.php. http://packetstormsecurity.org/0805-advisories/glsa-200805-14.txt Gentoo Linux Security Advisory GLSA 200805-14 - Alfredo Ortega (Core Security Technologies) reported a boundary error within the Read32s_64() function when processing CDF files. Versions less than 3.2.1 are affected. http://packetstormsecurity.org/0805-exploits/ciscobbsm-xss.txt Cisco BBSM Captive Portal suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/0805-exploits/metoforum-sql.txt Meto Forum version 1.1 suffers from multiple remote SQL injection vulnerabilities. http://packetstormsecurity.org/0805-exploits/calogic-sql.txt CaLogic Calendars version 1.2.2 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0805-exploits/wgcc-sql.txt Web Group Communication Center versions 1.0.3 PreRelease #1 and below suffer from cross site scripting and SQL injection vulnerabilities. http://packetstormsecurity.org/0805-advisories/TA08-134A.txt Technical Cyber Security Alert TA08-134A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Jet Database Engine, Windows Live OneCare, Antigen, Windows Defender, and Forefront Security as part of the Microsoft Security Bulletin Summary for May 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database. http://packetstormsecurity.org/0805-advisories/05.13.08-1.txt iDefense Security Advisory 05.13.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the logged in user. This vulnerability exists in the way Word handles CSS rules in an HTML document. When the number of CSS selectors is above some specific amount, an unspecified object will be corrupted causing Word to access a memory region that has already been freed. iDefense has confirmed fully patched Microsoft Word 2003 SP2, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2003 SP3 and Microsoft Word 2007 do not appear to be affected. Microsoft reports that all supported versions of Word, Word Viewer, and Outlook 2007 are vulnerable. http://packetstormsecurity.org/0805-advisories/ZDI-08-023.txt A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user. http://packetstormsecurity.org/0805-advisories/USN-612-3.txt Ubuntu Security Notice 612-3 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of shared encryption keys and SSL/TLS certificates in OpenVPN. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.