http://packetstormsecurity.org/ 20 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/papers/general/browser_insecurity_iceberg_2008.pdf Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the insecurity iceberg . http://packetstormsecurity.org/0807-advisories/SSRT080039.txt HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could by exploited remotely to allow cross site scripting (XSS). http://packetstormsecurity.org/papers/call_for/25C3-CFP.txt The Call For Papers for the 25th Chaos Communication Congress (25C3) has been announced. http://packetstormsecurity.org/0807-advisories/SCANIT-2008-003.txt Wordtrans versions 1.1pre15 and below suffer from a remote command execution vulnerability. http://packetstormsecurity.org/0807-advisories/SCANIT-2008-002.txt Wordtrans versions 1.1pre15 and below suffer from a remote command execution vulnerability. http://packetstormsecurity.org/0807-advisories/SCANIT-2008-001.txt QNX RTOS phgrafx version 6.3.2 and 6.3.0 suffer from a privilege escalation vulnerability. http://packetstormsecurity.org/0807-exploits/usurdat.zip Proof of concept denial of service exploit for SOLDNER - Secret Wars versions 33724 and below which suffer from an endless loop vulnerability. http://packetstormsecurity.org/0807-advisories/usurdat.txt SOLDNER - Secret Wars versions 33724 and below suffer from an endless loop vulnerability. http://packetstormsecurity.org/0807-advisories/glsa-200807-02.txt Gentoo Linux Security Advisory GLSA 200807-02 - Nico Golde reported an off-by-one error within the read_client() function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius (Secunia Research) reported a boundary error within the same function, also leading to a stack-based buffer overflow. Both vulnerabilities require that the HTTP Control interface is enabled. Versions less than 3.2.10.1 are affected. http://packetstormsecurity.org/0807-advisories/glsa-200807-01.txt Gentoo Linux Security Advisory GLSA 200807-01 - Multiple integer overflows may allow for Denial of Service. Versions less than 2.4.4-r13 are affected. http://packetstormsecurity.org/0807-exploits/blogparticle-traverse.txt Blog Particle version 8.0 suffers from directory traversal and database credential disclosure vulnerabilities. http://packetstormsecurity.org/0807-exploits/hbr-rfi.txt HIOX Banner Rotator (HBR) version 1.3 suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0806-exploits/0806-exploits.tgz Packet Storm new exploits for June, 2008. http://packetstormsecurity.org/0807-exploits/mambongal-sql.txt The Mambo n-gallery component suffers from multiple SQL injection vulnerabilities. http://packetstormsecurity.org/0807-exploits/psys070-sql.txt pSys version 0.7.0 suffers from a remote SQL injection vulnerability in chatbox.php. http://packetstormsecurity.org/0807-exploits/pivot-disclosure.txt Pivot version 1.40.5 Dreamwind load_template() credential disclosure exploit. http://packetstormsecurity.org/0807-advisories/USN-617-2.txt Ubuntu Security Notice 617-2 - USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code. http://packetstormsecurity.org/0807-exploits/rcm-sql.txt RCM Revision Web Development suffers from a remote SQL injection vulnerability in products.php. http://packetstormsecurity.org/0807-exploits/barenuked-admin.txt BareNuked CMS version 1.1.0 arbitrary add administrator exploit. http://packetstormsecurity.org/0807-exploits/faname10-xss.txt Fa Name version 1.0 suffers from multiple cross site scripting vulnerabilities.