PacketStorm Security

20 Most Recent Packet Storm File Additions



blindmysql.pdf

April 25, 2008, 8:18 pm   [ link da copiare ]
Blind MySQL Injection - Techniques for injection without any information regarding MySQL. Written in Spanish.

lotus-exec.txt

April 25, 2008, 8:18 pm   [ link da copiare ]
Lotus Symphony Expeditor suffers from an arbitrary code execution vulnerability via the handling of URIs with rcplauncher.

lateral-sql-injection.pdf

April 25, 2008, 8:18 pm   [ link da copiare ]
Lateral SQL Injection: A New Class of Vulnerability in Oracle.

glsa-200804-28.txt

April 25, 2008, 8:18 pm   [ link da copiare ]
Gentoo Linux Security Advisory GLSA 200804-28 - Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Versions less than 1.5.0.14 are affected.

glsa-200804-27.txt

April 25, 2008, 8:18 pm   [ link da copiare ]
Gentoo Linux Security Advisory GLSA 200804-27 - Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow. Versions less than 1.1.7 are affected.

DDIVRT-2008-11.txt

April 25, 2008, 8:18 pm   [ link da copiare ]
BadBlue is a web server used for peer-to-peer file sharing. By default, several executable files are stored in the web root: badblue.exe, uninst.exe, and dyndns.exe. Executable files stored in the web root of BadBlue can be launched remotely by any user. This can be leveraged to create a DoS condition by repeatedly invoking the uninst.exe executable. Due to the fact that BadBlue has not released a patch for the previously documented directory traversal vulnerability, an attacker may utilize these two flaws in conjunction to place a malicious executable in the web root and compromise a vulnerable server.

T208-CFP.txt

April 25, 2008, 8:18 pm   [ link da copiare ]
T2'08 Call For Papers - Announcing the annual T2'08 conference, which will take place in Helsinki, Finland, from October 16 to 17, 2008. They are looking for original technical presentations in the fields of information security. Presentations should last a minimum of 60 minutes and a maximum of two hours and be presented in English.

joomlajpad-sql.txt

April 25, 2008, 8:18 pm   [ link da copiare ]
The Joomla Jpad component version 1.0 suffers from a SQL injection vulnerability.

wordpress-cookie-integrity.txt

April 25, 2008, 8:15 pm   [ link da copiare ]
An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts. This is not good.

MDVSA-2008-091.txt

April 25, 2008, 8:15 pm   [ link da copiare ]
Mandriva Linux Security Advisory - A few vulnerabilities were found in Wireshark, that could cause it to crash or hang under certain conditions.

ruby-nmap-parser-0.3.tgz

April 25, 2008, 8:15 pm   [ link da copiare ]
This library provides a Ruby interface to Nmap's scan data. It can run Nmap and parse its XML output directly from the scan, parse a file containing the XML data from a separate scan, parse a String of XML data from a scan, or parse XML data from an object via its read() method. This information is presented in an easy-to-use and intuitive fashion for storing and manipulating.

minibb-xsssql.txt

April 25, 2008, 8:15 pm   [ link da copiare ]
miniBB version 2.2 suffers from cross site scripting and SQL injection vulnerabilities.

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15]