Packet Storm's last 20 added files. Last Updated: Wed Sep 8 23:33:13 EDT 2010 [ OIG_10-111_Aug10.pdf ] dd4096ea2a734a38f6e979e20eb541ae Office of Inspector General report OIG-10-1111 - DHS Needs to Improve the Security Posture of Its Cybersecurity Program Systems. [ USN-978-1.txt ] 2d45db4f2a4e1a2ed7f7af3dab4a9117 Ubuntu Security Notice 978-1 - Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the [ USN-975-1.txt ] 24ce7eef0734edef2ca67538df5ea039 Ubuntu Security Notice 975-1 - Several dangling pointer vulnerabilities were discovered in Firefox. Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the [ USN-985-1.txt ] bb3926c07160a32052adfd01b62c5720 Ubuntu Security Notice 985-1 - Alasdair MacGregor discovered that mountall created a udev rule file with world-writable permissions. A local attacker could exploit this under certain conditions to cause udev to execute arbitrary commands as the root user. [ ESA-2010-016.txt ] c01dd22225f6ad7b8e08c3f3829f52db RSA Access Manager Agent version 4.7.1 with RSA Adaptive Authentication Integration contains a potential vulnerability that could be exploited by malicious people to bypass authentication restrictions. [ ESA-2010-015.txt ] 0d20584fa2c2e349df2557ee817c7135 A vulnerability exists in EMC Celerra which can be exploited to gain unauthorized access to root NFS export on EMC Celerra NAS. NAS Code versions 5.6.50 and below are affected. [ ESA-2010-014.txt ] f8073f09a399af51958b70e95fe5531e RSA Access Manager Server contains a potential vulnerability that could be exploited to bypass certain security restrictions, potentially enabling unauthorized access to protected resources. [ dsa-2106-1.txt ] 2b68600653e970188ba3edbc6553146e Debian Linux Security Advisory 2106-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. [ fbsdpseudofs-nullpointer.txt ] ae95fee8dbe809a26ee1bc0179eb8bf6 FreeBSD versions 7.0 through 7.2 suffer from a pseudofs NULL pointer dereference vulnerability. Due to a spurious call to pfs_unlock() in pfs_getattr() (as defined in sys/fs/pseudofs/pseudofs_vnops.c), a null pointer is dereferenced after calling extattr_get_attribute() on pseudofs vnode. By allocating a page at address 0x0, an attacker can overwrite an arbitrarily chosen portion of kernel memory, leading to a crash or local root escalation. [ cisco-sa-20100908-wlc.txt ] 0c7a12cef77e7d44423ff149e9138987 Cisco Security Advisory - The Cisco Wireless LAN Controller (WLC) product family is affected by two denial of service, three privilege escalation and two access control list vulnerabilities. [ HPSBMA02574-SSRT100038.txt ] e24d4c8689985ba2f39360f73a01b522 HP Security Bulletin - A potential security vulnerability has been identified with HP ProLiant G6 Lights-Out 100 Remote Management. This vulnerability could be exploited remotely to create a Denial of Service (DoS) in the Lights-Out 100. [ dsa-2105-1.txt ] 82a24be2f5dc1de0acc06988c20d36a2 Debian Linux Security Advisory 2105-1 - Several vulnerabilities have been discovered in the FreeType font library. [ etax-sslignore.txt ] b82c928e7eb0c82a63cec05025da3290 ETax 2010 fails to properly verify SSL certificates. [ ieee-1394-forensics.pdf ] 6c30525e4592c46d658535b4e6dc37c9 Whitepaper called Memory Forensics over the IEEE 1394 Interface. [ DnsSpoofer.zip ] 543e3d741fdc733381f72ce0b0b19d34 DnsFucker is a DNS spoofing tool. It can be used effectively in both packet switched and hubbed networks. Written in Python. [ dsa-2098-2.txt ] 44dd729ccaacc13a4abe105424f1b08a Debian Linux Security Advisory 2098-2 - The update for TYPO3 in DSA 2098 introduced a regression which could make the backend functionality unusable. This update corrects the problem. [ moaub08-msoffice.pdf ] 99610b1dcc2abcd8868e4dca5513a96a Month Of Abysssec Undisclosed Bugs - Microsoft Office Visio suffers from a DXF file stack based overflow vulnerability. [ moaub-msoffice.txt ] 4d5699375ade33244cdbeab5f9ceb0bf Month Of Abysssec Undisclosed Bugs - Microsoft Office Visio suffers from a DXF file stack based overflow vulnerability. [ moaub08-sirang.pdf ] 30cbbacf844099f3e395a4e0aba08697 Month Of Abysssec Undisclosed Bugs - Sirang web-based D-Control versions 6.0 and below suffer from remote SQL injection and upload restriction bypass vulnerabilities. [ moaub-sirang.txt ] f7e4618f29d3562418a81caf04404d07 Month Of Abysssec Undisclosed Bugs - Sirang web-based D-Control versions 6.0 and below suffer from remote SQL injection and upload restriction bypass vulnerabilities.