Packet Storm's last 20 added files. Last Updated: Thu Nov 20 15:30:34 EST 2008 [ return-to-libc-linux.txt ] acf1023db639cd181a4dceb740a63236 Brief whitepaper discussing return to LIBC exploitation on Linux. [ stack-overflow-linux.txt ] 543012dabf952e42181c2d4cb8c71714 Brief whitepaper discussing stack overflow exploit on Linux. [ backlinkspider-sql.txt ] 4a61726e2c223e482fc8c834067d96b7 The BackLinkSpider Exchange Links script suffers from remote SQL injection vulnerabilities in links.asp and links.php. [ exodus-injection.txt ] c0c091b687a3e2eccfb4d3201993ab31 Exodus version 0.10 suffers from an URI handler arbitrary parameter injection vulnerability. [ smallest_setuid_execve_sc.c ] 555182da9a4a0a07f261cc1b9a164f39 26 byte (the smaller) GNU/Linux x86 setuid/execve shellcode without NULLs. [ wportfolio-upload.txt ] a6d0b79dc4160fd1a42267f9f46dbf37 wPortfolio versions 0.3 and below remote arbitrary file upload exploit. [ boastmachine-sql.txt ] a68e3a773a51a05f93575744cf367a59 BoastMachine version 3.1 suffers from a remote SQL injection vulnerability. [ SSRT080059.txt ] 95772fbd64f5296b53746839ca3c082f HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM).The vulnerabilities could be exploited remotely to allow cross site scripting (XSS). [ punportal-lfi.txt ] c74197b9cc2ffa66839c60e8759a6b6a PunPortal PunBB module version 0.1 local file inclusion exploit. [ prejobboard-sql.txt ] cce036725cb757bbdfeadad1f0e18b75 Pre Job Board suffers from a SQL injection vulnerability that allows for authentication bypass. [ MDVSA-2008-220-1.txt ] d32925083aefe39798a9b266a8cf683e Mandriva Linux Security Advisory 2008-220-1 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The issues include insecure misconfigurations, an integer overflow, and more. [ MDVSA-2008-232.txt ] 74d6e20e2de494366564f42bf606f8cb Mandriva Linux Security Advisory 2008-232 - The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions. The ACL plugin in dovecot prior to version 1.1.6 allowed attackers to bypass intended access restrictions by using the 'k' right to create unauthorized 'parent/child/child' mailboxes. [ USN-674-1.txt ] 40785ad48c0633533c0dbc0debeac5a5 Ubuntu Security Notice USN-674-1 - It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behavior by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service. [ dsa-1667-1.txt ] fdd93fd43d34cbb3a7fa480d18402fca Debian Security Advisory 1667-1 - Several vulnerabilities have been discovered in the interpreter for the Python language. [ revsense-sql.txt ] 6aa053d65dd314b32171368e6bf84ae6 RevSense suffers from a remote SQL injection vulnerability that allows for authentication bypass. [ maurycms-upload.txt ] 63cc458d0d8e69152b1c8c27b36a2bf7 MauryCMS versions 0.53.2 and below remote shell upload exploit. [ linksautomation-sql.txt ] 0ff9ea758f37cbf93c812e824cb8af98 LinksAutomation Script suffers from a remote SQL injection vulnerability. [ linksxs-sql.txt ] 165976435e2cf54668de8896135ccc8e Linksxs Script suffers from a remote SQL injection vulnerability. [ ethiclinks-sql.txt ] 840182c3b5760545c2554f36f44507c5 Ethiclinks suffers from a remote SQL injection vulnerability. [ easyeditcms-sql.txt ] ddd126108668940b95b0c3f58edc0366 Easyedit CMS suffers from multiple remote SQL injection vulnerabilities.