Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.com/ en-us Thu, 3 Jan 2013 04:22:52 GMT 144400 http://packetstormsecurity.com/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1313459236&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Exploit%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.com&utmr=-&utmp=%2Ffiles%2Ftags%2Fexploit%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1313459236.1357186972.1357186972.1357186972.1%3B%2B__utmz%3D32867617.1357186972.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.com/files/119211/osticket17-disclosesql.txt http://packetstormsecurity.com/files/119211/osticket17-disclosesql.txt http://packetstormsecurity.com/files/119211/osTicket-1.7-DPR3-XSS-Disclosure-Redirect-SQL-Injection.html Wed, 02 Jan 2013 23:03:33 GMT osTicket version 1.7 DPR3 suffers from cross site scripting, path disclosure, open redirection, and remote blind SQL injection vulnerabilities. http://packetstormsecurity.com/files/119209/osticket_1.6.0_CSRF_vuln.txt http://packetstormsecurity.com/files/119209/osticket_1.6.0_CSRF_vuln.txt http://packetstormsecurity.com/files/119209/osTicket-1.6-ST-CSRF-SQL-Injection.html Wed, 02 Jan 2013 23:01:11 GMT osTicket version 1.6 stable suffers from cross site request forgery and remote blind SQL injection vulnerabilities. http://packetstormsecurity.com/files/119210/osticket17-xsrfxss.txt http://packetstormsecurity.com/files/119210/osticket17-xsrfxss.txt http://packetstormsecurity.com/files/119210/osTicket-1.7-RC2-CSRF-Disclosure-XSS-Redirect.html Wed, 02 Jan 2013 23:01:11 GMT osTicket version 1.7 RC2 suffers from cross site request forgery, cross site scripting, path disclosure, and open redirection vulnerabilities. http://packetstormsecurity.com/files/119186/ie_cbutton_uaf.rb.txt http://packetstormsecurity.com/files/119186/ie_cbutton_uaf.rb.txt http://packetstormsecurity.com/files/119186/Microsoft-Internet-Explorer-CButton-Object-Use-After-Free.html Wed, 02 Jan 2013 20:26:32 GMT This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers. http://packetstormsecurity.com/files/119173/2012-exploits.tgz http://packetstormsecurity.com/files/119173/2012-exploits.tgz http://packetstormsecurity.com/files/119173/Packet-Storm-New-Exploits-For-2012.html Wed, 02 Jan 2013 16:31:19 GMT Complete comprehensive archive of all 3,418 exploits added to Packet Storm in 2012. http://packetstormsecurity.com/files/119172/1212-exploits.tgz http://packetstormsecurity.com/files/119172/1212-exploits.tgz http://packetstormsecurity.com/files/119172/Packet-Storm-New-Exploits-For-December-2012.html Wed, 02 Jan 2013 16:16:34 GMT This archive contains all of the 190 exploits added to Packet Storm in December, 2012. http://packetstormsecurity.com/files/119198/astium-dos.txt http://packetstormsecurity.com/files/119198/astium-dos.txt http://packetstormsecurity.com/files/119198/Astium-VoIP-PBX-2.1-Denial-Of-Service.html Wed, 02 Jan 2013 13:33:33 GMT Astium VoIP PBX versions 2.1 build 25399 and below remote crash proof of concept exploit that causes astiumd to crash when sent a large buffer. http://packetstormsecurity.com/files/119197/astium-exec.txt http://packetstormsecurity.com/files/119197/astium-exec.txt http://packetstormsecurity.com/files/119197/Astium-VoIP-PBX-2.1-Remote-Root.html Wed, 02 Jan 2013 12:22:22 GMT Astium is prone to multiple vulnerabilities. This exploit uses SQL injection to bypass authentication on the login page and get access as an administrator. After that it uploads and executes a PHP script that will modify the "/usr/local/astium/web/php/config.php" script with a reverse shell and run a "sudo /sbin/service astcfgd reload". Version 2.1 build 25399 is affected. http://packetstormsecurity.com/files/119194/drupal-disclose.txt http://packetstormsecurity.com/files/119194/drupal-disclose.txt http://packetstormsecurity.com/files/119194/Drupal-6.x-7.18-Information-Disclosure.html Wed, 02 Jan 2013 10:22:22 GMT Drupal versions 6.x through 7.18 suffer from getimagesize() path and information disclosure vulnerabilities. http://packetstormsecurity.com/files/119191/wpsahifa-xsrfdisclose.txt http://packetstormsecurity.com/files/119191/wpsahifa-xsrfdisclose.txt http://packetstormsecurity.com/files/119191/WordPress-Sahifa-2.4.0-Cross-Site-Request-Forgery-Path-Disclosure.html Tue, 01 Jan 2013 19:01:11 GMT WordPress Sahifa theme version 2.4.0 suffers from cross site request forgery and path disclosure vulnerabilities. http://packetstormsecurity.com/files/119189/cubecart5-xss.txt http://packetstormsecurity.com/files/119189/cubecart5-xss.txt http://packetstormsecurity.com/files/119189/CubeCart-5.x-Cross-Site-Scripting.html Tue, 01 Jan 2013 18:22:22 GMT CubeCart version 5.x suffers from a cross site scripting vulnerability. http://packetstormsecurity.com/files/119195/e107101admin-xsrf.txt http://packetstormsecurity.com/files/119195/e107101admin-xsrf.txt http://packetstormsecurity.com/files/119195/e107-1.0.1-Administrator-Cross-Site-Request-Forgery.html Tue, 01 Jan 2013 18:22:22 GMT e107 version 1.0.1 suffers from a cross site request forgery vulnerability that results in arbitrary javascript execution. http://packetstormsecurity.com/files/119188/cubecart5-xsrf.txt http://packetstormsecurity.com/files/119188/cubecart5-xsrf.txt http://packetstormsecurity.com/files/119188/CubeCart-5.x-Cross-Site-Request-Forgery.html Tue, 01 Jan 2013 17:22:22 GMT CubeCart version 5.x suffers from a cross site request forgery vulnerability. http://packetstormsecurity.com/files/119196/e107102-xsrf.txt http://packetstormsecurity.com/files/119196/e107102-xsrf.txt http://packetstormsecurity.com/files/119196/e107-1.0.2-Administrator-Cross-Site-Request-Forgery.html Tue, 01 Jan 2013 17:22:22 GMT e107 version 1.0.2 suffers from a cross site request forgery vulnerability that results in SQL injection. http://packetstormsecurity.com/files/119199/mybbeditpostposthash-sql.txt http://packetstormsecurity.com/files/119199/mybbeditpostposthash-sql.txt http://packetstormsecurity.com/files/119199/MyBB-editpost.php-SQL-Injection.html Tue, 01 Jan 2013 11:11:11 GMT MyBB suffers from a remote SQL injection vulnerability in editpost.php. http://packetstormsecurity.com/files/119170/grep-overflow.txt http://packetstormsecurity.com/files/119170/grep-overflow.txt http://packetstormsecurity.com/files/119170/Grep-Integer-Overflow.html Mon, 31 Dec 2012 14:44:44 GMT Grep versions prior to 2.11 suffer from an integer overflow vulnerability. http://packetstormsecurity.com/files/119168/ie_cdwnbindinfo_uaf.rb.txt http://packetstormsecurity.com/files/119168/ie_cdwnbindinfo_uaf.rb.txt http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html Mon, 31 Dec 2012 03:17:30 GMT This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers. http://packetstormsecurity.com/files/119167/quickr_qp2_bof.rb.txt http://packetstormsecurity.com/files/119167/quickr_qp2_bof.rb.txt http://packetstormsecurity.com/files/119167/IBM-Lotus-QuickR-qp2-ActiveX-Buffer-Overflow.html Mon, 31 Dec 2012 03:17:09 GMT This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX. http://packetstormsecurity.com/files/119166/inotes_dwa85w_bof.rb.txt http://packetstormsecurity.com/files/119166/inotes_dwa85w_bof.rb.txt http://packetstormsecurity.com/files/119166/IBM-Lotus-iNotes-dwa85W-ActiveX-Buffer-Overflow.html Mon, 31 Dec 2012 03:16:48 GMT This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX. http://packetstormsecurity.com/files/119165/blazedvd-bypass.rb.txt http://packetstormsecurity.com/files/119165/blazedvd-bypass.rb.txt http://packetstormsecurity.com/files/119165/BlazeDVD-6.1-PLF-Exploit-DEP-ASLR-Bypass.html Sun, 30 Dec 2012 17:22:22 GMT This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user. http://packetstormsecurity.com/files/119158/morerockettheme-spoofxss.txt http://packetstormsecurity.com/files/119158/morerockettheme-spoofxss.txt http://packetstormsecurity.com/files/119158/WordPress-RocketTheme-Content-Spoofing-Cross-Site-Scripting.html Sun, 30 Dec 2012 14:44:44 GMT 33 new themes for WordPress that are made by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities. http://packetstormsecurity.com/files/119159/wpsbuploader39-shell.txt http://packetstormsecurity.com/files/119159/wpsbuploader39-shell.txt http://packetstormsecurity.com/files/119159/WordPress-SB-Uploader-3.9-Shell-Upload.html Sun, 30 Dec 2012 14:44:44 GMT WordPress SB Uploader version 3.9 suffers from an arbitrary file upload vulnerability. http://packetstormsecurity.com/files/119152/wpphotoplussearch-xssxsrf.txt http://packetstormsecurity.com/files/119152/wpphotoplussearch-xssxsrf.txt http://packetstormsecurity.com/files/119152/WordPress-Photo-Plus-Photo-Search-XSS-CSRF.html Sun, 30 Dec 2012 11:11:11 GMT WordPress Photo Plus / Photo Search version 4.8.11 suffers from cross site request forgery and cross site scripting vulnerabilities. http://packetstormsecurity.com/files/119157/erp-sql.txt http://packetstormsecurity.com/files/119157/erp-sql.txt http://packetstormsecurity.com/files/119157/Enterprise-Resource-Planning-SQL-Injection.html Sun, 30 Dec 2012 10:11:11 GMT The ERP (Enterprise Resource Planning) system from Sida University System suffers from a remote SQL injection vulnerability. http://packetstormsecurity.com/files/119144/ubiquitiairos-exec.txt http://packetstormsecurity.com/files/119144/ubiquitiairos-exec.txt http://packetstormsecurity.com/files/119144/Ubiquiti-AirOS-5.5.2-Command-Execution.html Sat, 29 Dec 2012 10:11:11 GMT Ubiquiti AirOS versions 5.5.2 and below suffer from a remote post-authentication root-level command execution vulnerability.