Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.com/ en-us Thu, 3 Jan 2013 04:22:52 GMT 144400 http://packetstormsecurity.com/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2110772472&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.com&utmr=-&utmp=%2Ffiles%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2110772472.1357186972.1357186972.1357186972.1%3B%2B__utmz%3D32867617.1357186972.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.com/files/119216/AST-2012-015.txt http://packetstormsecurity.com/files/119216/AST-2012-015.txt http://packetstormsecurity.com/files/119216/Asterisk-Project-Security-Advisory-AST-2012-015.html Thu, 03 Jan 2013 00:06:42 GMT Asterisk Project Security Advisory - Asterisk maintains an internal cache for devices. The device state cache holds the state of each device known to Asterisk, such that consumers of device state information can query for the last known state for a particular device, even if it is not part of an active call. The concept of a device in Asterisk can include things that do not have a physical representation. One way that this currently occurs is when anonymous calls are allowed in Asterisk. A device is automatically created and stored in the cache for each anonymous call that occurs; this is possible in the SIP and IAX2 channel drivers and through channel drivers that utilize the res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). Attackers exploiting this vulnerability can attack an Asterisk system configured to allow anonymous calls by varying the source of the anonymous call, continually adding devices to the device state cache and consuming a system's resources. http://packetstormsecurity.com/files/119215/AST-2012-014.txt http://packetstormsecurity.com/files/119215/AST-2012-014.txt http://packetstormsecurity.com/files/119215/Asterisk-Project-Security-Advisory-AST-2012-014.html Thu, 03 Jan 2013 00:05:10 GMT Asterisk Project Security Advisory - Asterisk has several places where messages received over various network transports may be copied in a single stack allocation. In the case of TCP, since multiple packets in a stream may be concatenated together, this can lead to large allocations that overflow the stack. In the case of SIP, it is possible to do this before a session is established. Keep in mind that SIP over UDP is not affected by this vulnerability. With HTTP and XMPP, a session must first be established before the vulnerability may be exploited. The XMPP vulnerability exists both in the res_jabber.so module in Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module in Asterisk 11. http://packetstormsecurity.com/files/119213/MDVSA-2013-001.txt http://packetstormsecurity.com/files/119213/MDVSA-2013-001.txt http://packetstormsecurity.com/files/119213/Mandriva-Linux-Security-Advisory-2013-001.html Thu, 03 Jan 2013 00:04:07 GMT Mandriva Linux Security Advisory 2013-001 - Versions of GnuPG less than or equal to 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults when importing the key. The updated packages have been patched to correct this issue. http://packetstormsecurity.com/files/119203/gnutls-3.1.6.tar.xz http://packetstormsecurity.com/files/119203/gnutls-3.1.6.tar.xz http://packetstormsecurity.com/files/119203/GNU-Transport-Layer-Security-Library-3.1.6.html Wed, 02 Jan 2013 23:48:34 GMT GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. http://packetstormsecurity.com/files/119211/osticket17-disclosesql.txt http://packetstormsecurity.com/files/119211/osticket17-disclosesql.txt http://packetstormsecurity.com/files/119211/osTicket-1.7-DPR3-XSS-Disclosure-Redirect-SQL-Injection.html Wed, 02 Jan 2013 23:03:33 GMT osTicket version 1.7 DPR3 suffers from cross site scripting, path disclosure, open redirection, and remote blind SQL injection vulnerabilities. http://packetstormsecurity.com/files/119210/osticket17-xsrfxss.txt http://packetstormsecurity.com/files/119210/osticket17-xsrfxss.txt http://packetstormsecurity.com/files/119210/osTicket-1.7-RC2-CSRF-Disclosure-XSS-Redirect.html Wed, 02 Jan 2013 23:01:11 GMT osTicket version 1.7 RC2 suffers from cross site request forgery, cross site scripting, path disclosure, and open redirection vulnerabilities. http://packetstormsecurity.com/files/119209/osticket_1.6.0_CSRF_vuln.txt http://packetstormsecurity.com/files/119209/osticket_1.6.0_CSRF_vuln.txt http://packetstormsecurity.com/files/119209/osTicket-1.6-ST-CSRF-SQL-Injection.html Wed, 02 Jan 2013 23:01:11 GMT osTicket version 1.6 stable suffers from cross site request forgery and remote blind SQL injection vulnerabilities. http://packetstormsecurity.com/files/119186/ie_cbutton_uaf.rb.txt http://packetstormsecurity.com/files/119186/ie_cbutton_uaf.rb.txt http://packetstormsecurity.com/files/119186/Microsoft-Internet-Explorer-CButton-Object-Use-After-Free.html Wed, 02 Jan 2013 20:26:32 GMT This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers. http://packetstormsecurity.com/files/119212/remote_system_over_irc.pdf http://packetstormsecurity.com/files/119212/remote_system_over_irc.pdf http://packetstormsecurity.com/files/119212/Remote-System-Over-IRC-And-For-Fun-And-Profit.html Wed, 02 Jan 2013 18:58:55 GMT RSOI, or Remote System over IRC, is a whitepaper about a feature adopted by the MpTcp software. This tool executes this action in order to delegate partial use (or total) of resources of a system to a remote entity. In this document, the action of using RSOI is dependently associated with the use of MpTcp. Therefore, manipulating RSOI here means to use MpTcp directly to implement this action, and nothing more. http://packetstormsecurity.com/files/119173/2012-exploits.tgz http://packetstormsecurity.com/files/119173/2012-exploits.tgz http://packetstormsecurity.com/files/119173/Packet-Storm-New-Exploits-For-2012.html Wed, 02 Jan 2013 16:31:19 GMT Complete comprehensive archive of all 3,418 exploits added to Packet Storm in 2012. http://packetstormsecurity.com/files/119172/1212-exploits.tgz http://packetstormsecurity.com/files/119172/1212-exploits.tgz http://packetstormsecurity.com/files/119172/Packet-Storm-New-Exploits-For-December-2012.html Wed, 02 Jan 2013 16:16:34 GMT This archive contains all of the 190 exploits added to Packet Storm in December, 2012. http://packetstormsecurity.com/files/119198/astium-dos.txt http://packetstormsecurity.com/files/119198/astium-dos.txt http://packetstormsecurity.com/files/119198/Astium-VoIP-PBX-2.1-Denial-Of-Service.html Wed, 02 Jan 2013 13:33:33 GMT Astium VoIP PBX versions 2.1 build 25399 and below remote crash proof of concept exploit that causes astiumd to crash when sent a large buffer. http://packetstormsecurity.com/files/119197/astium-exec.txt http://packetstormsecurity.com/files/119197/astium-exec.txt http://packetstormsecurity.com/files/119197/Astium-VoIP-PBX-2.1-Remote-Root.html Wed, 02 Jan 2013 12:22:22 GMT Astium is prone to multiple vulnerabilities. This exploit uses SQL injection to bypass authentication on the login page and get access as an administrator. After that it uploads and executes a PHP script that will modify the "/usr/local/astium/web/php/config.php" script with a reverse shell and run a "sudo /sbin/service astcfgd reload". Version 2.1 build 25399 is affected. http://packetstormsecurity.com/files/119193/railgun_paper.pdf http://packetstormsecurity.com/files/119193/railgun_paper.pdf http://packetstormsecurity.com/files/119193/Post-Exploitation-With-Railgun.html Wed, 02 Jan 2013 11:11:11 GMT This is a whitepaper that discusses how to use Railgun, the extension for Meterpreter Ruby, in order to further exploitation. http://packetstormsecurity.com/files/119194/drupal-disclose.txt http://packetstormsecurity.com/files/119194/drupal-disclose.txt http://packetstormsecurity.com/files/119194/Drupal-6.x-7.18-Information-Disclosure.html Wed, 02 Jan 2013 10:22:22 GMT Drupal versions 6.x through 7.18 suffer from getimagesize() path and information disclosure vulnerabilities. http://packetstormsecurity.com/files/119201/nfc.pdf http://packetstormsecurity.com/files/119201/nfc.pdf http://packetstormsecurity.com/files/119201/NFC-Near-Field-Communication.html Wed, 02 Jan 2013 10:11:11 GMT This whitepaper discusses NFC, or Near Field Communication, and explains the related security implications. http://packetstormsecurity.com/files/119202/DigitalWhisper38.pdf http://packetstormsecurity.com/files/119202/DigitalWhisper38.pdf http://packetstormsecurity.com/files/119202/Digital-Whisper-Electronic-Magazine-38.html Wed, 02 Jan 2013 03:33:33 GMT Digital Whisper Electronic Magazine issue 38. Written in Hebrew. http://packetstormsecurity.com/files/119190/athcon2013-cfp.txt http://packetstormsecurity.com/files/119190/athcon2013-cfp.txt http://packetstormsecurity.com/files/119190/AthCon-2013-Call-For-Papers.html Tue, 01 Jan 2013 19:22:22 GMT The AthCon 2013 Call For Papers has been announced. It will take place in Athens, Greece on June 6th through the 7th, 2013. http://packetstormsecurity.com/files/119191/wpsahifa-xsrfdisclose.txt http://packetstormsecurity.com/files/119191/wpsahifa-xsrfdisclose.txt http://packetstormsecurity.com/files/119191/WordPress-Sahifa-2.4.0-Cross-Site-Request-Forgery-Path-Disclosure.html Tue, 01 Jan 2013 19:01:11 GMT WordPress Sahifa theme version 2.4.0 suffers from cross site request forgery and path disclosure vulnerabilities. http://packetstormsecurity.com/files/119195/e107101admin-xsrf.txt http://packetstormsecurity.com/files/119195/e107101admin-xsrf.txt http://packetstormsecurity.com/files/119195/e107-1.0.1-Administrator-Cross-Site-Request-Forgery.html Tue, 01 Jan 2013 18:22:22 GMT e107 version 1.0.1 suffers from a cross site request forgery vulnerability that results in arbitrary javascript execution. http://packetstormsecurity.com/files/119189/cubecart5-xss.txt http://packetstormsecurity.com/files/119189/cubecart5-xss.txt http://packetstormsecurity.com/files/119189/CubeCart-5.x-Cross-Site-Scripting.html Tue, 01 Jan 2013 18:22:22 GMT CubeCart version 5.x suffers from a cross site scripting vulnerability. http://packetstormsecurity.com/files/119196/e107102-xsrf.txt http://packetstormsecurity.com/files/119196/e107102-xsrf.txt http://packetstormsecurity.com/files/119196/e107-1.0.2-Administrator-Cross-Site-Request-Forgery.html Tue, 01 Jan 2013 17:22:22 GMT e107 version 1.0.2 suffers from a cross site request forgery vulnerability that results in SQL injection. http://packetstormsecurity.com/files/119192/shakacon2013-cfp.txt http://packetstormsecurity.com/files/119192/shakacon2013-cfp.txt http://packetstormsecurity.com/files/119192/ShakaCon-2013-Call-For-Papers.html Tue, 01 Jan 2013 17:22:22 GMT The Shakacon 2013 Call For Papers has been announced. It will take place June 25th through the 28st, 2013 in Honolulu, Hawaii. http://packetstormsecurity.com/files/119188/cubecart5-xsrf.txt http://packetstormsecurity.com/files/119188/cubecart5-xsrf.txt http://packetstormsecurity.com/files/119188/CubeCart-5.x-Cross-Site-Request-Forgery.html Tue, 01 Jan 2013 17:22:22 GMT CubeCart version 5.x suffers from a cross site request forgery vulnerability. http://packetstormsecurity.com/files/119200/arm-linux-exploitation.pdf http://packetstormsecurity.com/files/119200/arm-linux-exploitation.pdf http://packetstormsecurity.com/files/119200/Introduction-To-ARM-Linux-Exploiting.html Tue, 01 Jan 2013 15:55:55 GMT This is a whitepaper called Introduction to ARM Linux Exploiting. Written in Turkish.