http://packetstormsecurity.org/ 20 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/0809-exploits/phpauction32-rfi.txt PHP Auction version 3.2 suffers from remote file inclusion and information disclosure vulnerabilities. http://packetstormsecurity.org/0809-exploits/silentum-xss.txt Silentum LoginSys version 1.0.0 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/0809-exploits/iranmc-sql.txt IranMC CMS suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/papers/attack/citectodbc-fivews.txt This is a paper detailing the Five Ws of the Citect ODBC vulnerability that affects Citect versions 5, 6, and 7. http://packetstormsecurity.org/0809-exploits/citect_scada_odbc.rb.txt This Metasploit module exploits a stack overflow in CitectSCADA's ODBC daemon. This has only been tested against Citect versions 5, 6, and 7. http://packetstormsecurity.org/0809-exploits/flockweb-dos.txt Flock Social Web Browser version 1.2.5 looping denial of service exploit. http://packetstormsecurity.org/0809-exploits/google-chrome-dos4.txt Google Chrome Browser version 0.2.149.27 Inspect Element denial of service exploit. http://packetstormsecurity.org/0809-exploits/google-download2.txt Google Chrome Browser version 0.2.149.27 automatic file download exploit that uses window.setTimeout. http://packetstormsecurity.org/0809-advisories/PLSA-2008-41.txt Pardus Linux Security Advisory - Romain Francoise has found a security risk in a feature of GNU Emacs related to how Emacs interacts with Python. http://packetstormsecurity.org/0809-advisories/PLSA-2008-40.txt Pardus Linux Security Advisory - A security issue has been reported in Postfix, which can be exploited by malicious, local users to cause a DoS (Denial of Service). http://packetstormsecurity.org/0809-advisories/PLSA-2008-39.txt Pardus Linux Security Advisory - Multiple vulnerabilities have been discovered in Clamav including a DoS (Denial of Service) vulnerability and memory leaks. http://packetstormsecurity.org/0809-advisories/PLSA-2008-38.txt Pardus Linux Security Advisory - Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/0809-advisories/PLSA-2008-37.txt Pardus Linux Security Advisory - A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site request forgery attacks. http://packetstormsecurity.org/0809-advisories/MDVSA-2008-188.txt Mandriva Linux Security Advisory - A number of vulnerabilities have been discovered in the Apache Tomcat server. The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files. A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers. A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter. A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially-crafted request parameter to access protected web resources. A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. The updated packages have been patched to correct these issues. http://packetstormsecurity.org/0809-advisories/glsa-200809-05.txt Gentoo Linux Security Advisory GLSA 200809-05 - It has been discovered that some input (e.g. the username) passed to the Courier Authentication library are not properly sanitised before being used in SQL queries. Versions less than 0.60.6 are affected. http://packetstormsecurity.org/shellcode/freebsd-revcon.txt 90 byte rev connect, recv, jmp, return results shellcode for freebsd/x86. http://packetstormsecurity.org/0809-exploits/webcmsportal-blindsql.txt webCMS Portal Edition blind SQL injection exploit that leverages index.php. http://packetstormsecurity.org/0809-exploits/esfaq-sql.txt EsFaq version 2.0 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0809-exploits/vastal-itechcosmetics.txt Vastal I-Tech Cosmetics Zone suffers from a remote SQL injection vulnerability in view_products_cat.php. http://packetstormsecurity.org/0809-exploits/vastal-itechfreelance.txt Vastal I-Tech Freelance Zone suffers from a remote SQL injection vulnerability in view_cresume.php.