Packet Storm's last 100 added files. Last Updated: Wed Jan 7 18:31:03 EST 2009 [ FreeBSD-SA-09-01.lukemftpd.txt ] 789204aa23caec29ac8ae20f577becc4 FreeBSD Security Advisory - lukemftpd suffers from a cross site request forgery vulnerability. [ FreeBSD-SA-09-02.openssl.txt ] 2328586310ef4612f8f258d3c8e4f921 FreeBSD Security Advisory - The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. The SSL layer in OpenSSL uses EVP_VerifyFinal(), which in several places checks the return value incorrectly and treats verification errors as a good signature. This is only a problem for DSA and ECDSA keys. [ USN-704-1.txt ] 077790a3f249b28578aa11ebed3c7d63 Ubuntu Security Notice USN-704-1 - It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. [ CA20090107-01.txt ] 29eac4fb82df696ee49b0366799f009d CA Service Metric Analysis and CA Service Level Management contain a vulnerability that can allow a remote attacker to execute arbitrary commands. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient access restrictions associated with the smmsnmpd service. A remote attacker can exploit this vulnerability to execute arbitrary commands in the context of the service. Affected products include CA Service Level Management 3.5, CA Service Metric Analysis r11.0, CA Service Metric Analysis r11.1, and CA Service Metric Analysis r11.1 SP1. [ dsa-1697-1.txt ] ea76c5b29f1d0319d27fce26bab370e7 Debian Security Advisory 1697-1 - Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. [ dsa-1696-1.txt ] 210d8ff45d55800a263974339b0aa0df Debian Security Advisory 1696-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. [ quotebook-disclose.txt ] 334416236b2d1646866c721e1217db07 QuoteBook suffers from a remote configuration file disclosure vulnerability. [ cts2009-cfp.txt ] 0c4e7f9a7eb7cef5b9bdcebe31b1a2f1 Call For Papers for the 2009 International Symposium on Collaborative Technologies and Systems (CTS 2009). It will be held from May 18th through May 22nd, 2009 at the Westin Baltimore Washington International Airport Hotel. [ cisco-sa-20090107-gss.txt ] 111832b44a96a01d091ace59ff081afd Cisco Security Advisory - The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. [ secadv_20090107.txt ] 5ff1f702db3b6ad0f391aaa8dc65fdbb Several functions inside OpenSSL incorrectly checked the result aftercalling the EVP_VerifyFinal function, allowing a malformed signatureto be treated as a good signature rather than as an error. This issueaffected the signature checks on DSA and ECDSA keys used withSSL/TLS.One way to exploit this flaw would be for a remote attacker who is incontrol of a malicious server or who can use a 'man in the middle'attack to present a malformed SSL/TLS signature from a certificate chainto a vulnerable client, bypassing validation. [ oCERT-2008-016.txt ] be0e81721da50c8f104a4d26e99d8d02 Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. The flaw may be exploited by a malicious server or a man-in-the-middle attack that presents a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation. [ SN-2008-04.txt ] ccbebda957603d405fbd09f83635e54b Plunet BusinessManager suffers from stored cross site scripting and information disclosure vulnerabilities. [ msienull-dos.txt ] f739f49d13fa6d3d74c4fc6650a3ff73 A NULL pointer read vulnerability exists in Microsoft Internet Explorer versions 6.0, 7.0, and 8.0 Beta. [ winamp-overflow.txt ] 5824fe2861b742b0866cae3c6aee3970 WinAmp GEN_MSN plugin heap buffer overflow proof of concept exploit that creates a malicious .pls file. [ secunia-sapgui.txt ] f6d854e9387019c1663440299fd11826 Secunia Research has discovered a vulnerability in SAP GUI, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included TabOne ActiveX control (sizerone.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. SAP GUI 6.40 Patch 29 and SAP GUI 7.10 are both affected. [ secunia-tsc2.txt ] 8e5f09145f01b0c4f776688b090702fa Secunia Research has discovered a vulnerability in TSC2 Help Desk, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included CTab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. TSC2 Help Desk version 4.1.8 is affected. [ secunia-componentone.txt ] 8ad3f227012766eb7fe25b07b3b6a9ec Secunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error in the included Tab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding tabs with overly long captions via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. ComponentOne SizerOne version 8.0.20081.140 is affected. [ phpfusionecart-sql.txt ] 10b75350d8ccf4d47ec487d656641dff The PHP-Fusion E-Cart module suffers from a remote SQL injection vulnerability. [ audacity162-crash.txt ] e4e644f47dbb544d96d84f420806f0c2 Audacity version 1.6.2 remote off by one crash exploit that creates a malicious .aup file. [ perceptionliteserve-overflow.txt ] e7c676fe749e9e01fdca731255cba651 Perception LiteServe version 2.0.1 remote buffer overflow proof of concept exploit. [ phpfusionmembers-sql.txt ] dd24bca015dab33e17bdf41a15c4de28 The PHP-Fusion module Members Bewerb suffers from a remote SQL injection vulnerability. [ secunia-hpopenview.txt ] 9c680d6e547825ea20cdc34d517ebe8b Secunia Research has discovered vulnerabilities in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. HP OpenView Network Node Manager 7.51 with NNM_01168 is affected. [ vuplayer249-overflow.txt ] 5d1718187c57260695e6c64f36af49f1 VUPlayer versions 2.49 .PLS file universal buffer overflow exploit that spawns calc.exe. [ joomla-traversal.txt ] e16d90f9e4705bee3f949a6d68642dd5 Joomla versions 1.5.8 and below local directory traversal exploit. [ cainabel4925-overflow.txt ] 383b9f74c5e7aa6b75be200bbc5f5232 Cain and Abel version 4.9.25 that outputs a file that must be imported as a configuration file under Cracker -> Cisco IOS-MD5 Hashes. Spawns calc.exe. [ pollhelper-disclose.txt ] f798eda099d92c6ac35b3265525b87a6 PollHelper suffers from a remote configuration file disclosure vulnerability. [ bloghelper-disclose.txt ] 763c6088d5e5177d9ff9318009738828 BlogHelper suffers from a remote configuration file disclosure vulnerability. [ dsa-1694-2.txt ] 63fc5c0e5f6a119a647f787b6a6b68e9 Debian Security Advisory 1694-2 - The xterm update in DSA-1694-1 disabled font changing as a precaution. However, users reported that they need this feature. The update in this DSA makes font shifting through escape sequences configurable, using a new allowFontOps X resource, and unconditionally enables font changing through keyboard sequences. [ debianxterm-weakness.txt ] 18b82dbdc3db815481360e1c0dc9cc30 Debian GNU/Linux suffers from a XTERM DECRQSS weakness that allows for remote code execution as the user id viewing the content. [ USN-701-2.txt ] 8ee27bf646d62f2d7d36ea846501908d Ubuntu Security Notice USN-701-2 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine. [ USN-701-1.txt ] b633c149416e4d009e56252ffe61c45f Ubuntu Security Notice USN-701-1 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine. [ ip-array_0.05.74c.tar.gz ] ee4fc91d7d50983fa0a1a6c5a3d6e1bb IP-Array is a Linux iptables Firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, Traffic Shaping (creation of custom HTB and SFQ qdiscs, Classes, and Filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP. [ mandos_1.0.3.orig.tar.gz ] 4f0d7b541e6908ca87944a612866cdec The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system. [ playsms093-rfilfi.txt ] d4f70a8f8b1f3d127d45ee803c4a2f08 playSMS version 0.9.3 suffers from multiple remote and local file inclusion vulnerabilities. [ oraclecompress-sql.txt ] d7ca754a730ae0e2096873b3c3a9b961 Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL injection exploit that grants DBA access and creates a new user. [ oraclemergework-sql.txt ] 319993ba756c551ba5ca1e2028880630 Oracle 10g SYS.LT.MERGEWORKSPACE SQL injection exploit that grants DBA access and creates a new user. [ oracleworkspace-sql.txt ] c44444b2a06cfdea1e6d397b435521df Oracle 10g SYS.LT.REMOVEWORKSPACE SQL injection exploit that grants DBA access and creates a new user using the advanced extproc method. [ seamonkey1114-dos.txt ] f10574d061f23f00fb0f136468fd549c SeaMonkey versions 1.1.14 and below denial of service exploit that leverages a vulnerability found in September of 2008 for version 1.1.11. [ itcms-sql.txt ] b17e9705f8f9d405a7ad46aafc311456 IT!CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass. [ ezpack-sqlxss.txt ] c48b8add89a1d951beb8d6f8e31074d4 ezPack version 4.2b2 suffers from cross site scripting and SQL injection vulnerabilities. [ goople-sql.txt ] 9014c0811d591ba2e332e1ee4e208f53 Goople versions 1.8.2 and below blind SQL injection exploit that makes use of frontpage.php. [ vuplayer-dos.txt ] e5b35ddc35541c682132bd87cadf7055 VUPlayer version 2.49 local denial of service proof of concept exploit that creates a malicious file. [ coolplayer_bof.txt ] 05fddae4d28c5d0faa6f35d57712960f CoolPlayer Build 219 PlaylistSkin buffer overflow exploit that binds a shell to tcp port 4444. [ rosoft421-overflow.txt ] a3adb2a184d1c44a31025a39efc92957 Rosoft Media Player version 4.2.1 local buffer overflow exploit that spawns calc.exe. [ riotpix-bypass.txt ] feed4166fb24c9c7b766c16637584d10 RiotPix versions 0.61 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. [ riotpix-sql.txt ] ff407c3eb919afd2d222f7c3e42e9043 RiotPix versions 0.61 and below blind remote SQL injection exploit. [ phpauctionsystem-rfi.txt ] fabe1f02a6e93405c5909c7cda6cb7ed PHP Auction System suffers from multiple remote file inclusion vulnerabilities. [ USN-703-1.txt ] 9352865d1436dc3218db4a78e9ce1d04 Ubuntu Security Notice USN-703-1 - Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges. [ USN-702-1.txt ] 16c06750eef20e3808874ed0c796b230 Ubuntu Security Notice USN-702-1 - Gunter Hockel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting "registry shares = yes", "include = registry", or "config backend = registry", which is not the default. [ phpauctionsystem-insecure.txt ] 40f2f0c3660aee65abfa178d0a395854 PHP Auction System suffers from an insecure cookie handling vulnerability. [ phpauctionsystem-sqlxss.txt ] dff3935d238a050c0de9d81375c92e77 PHP Auction System suffers from cross site scripting and remote SQL injection vulnerabilities. [ joomlaphoca-sql.txt ] a42915d816e3b2ea44e5e52cf5d103fc Joomla Phoca Documentation remote SQL injection exploit that makes use of index.php. [ lfi-rfi2.txt ] a1530ae1679861ae4a4d3387842eac0e Local / Remote file inclusion scanner that attempts to make use of a c99 shell on a vulnerable host. [ theratcms-sql.txt ] 8b4f50f57fc9bd70a0764d5fed2e673c The Rat CMS Alpha 2 remote blind SQL injection exploit that leverages viewarticle.php. [ walusoft-traversal.txt ] 64146b5fc1a21ec677636cddac2a0ac7 Walusoft TFTPServer2000 version 3.6.1 suffers from a directory traversal vulnerability. [ dmp161lst4-overflow.txt ] 950e82dd52b76be3b441537b1c8946d6 Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. [ seacureit-cfp2009.txt ] 28e55afb975a46ebd64652a868002743 SEaCURE.IT is the first international technical conference ever held in Italy on security related topics, aimed at bringing together the leading experts from all over the world, to create a unique setting for networking and discussion among the speakers and the attendees. The 2009 edition will be held from May 19th to the 22nd in Villasimius, Sardinia. [ plxautoreminder-sql.txt ] 0da4a3c15c3933f0b1db0d73d765c906 plxAutoReminder version 3.7 suffers from a remote SQL injection vulnerability. [ safari-heap.txt ] dd9f8f395b56e7be0ccfd2abb77be20d Safari array integer overflow proof of concept exploit. [ dmp161lst3-overflow.txt ] 895b67587da6e19c6b19ca60e24184aa Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. [ tor.uclibc.i686.20090105.iso ] 62155716de0033efdbbbfcd30e7a289e Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. [ solucion-sql.txt ] 76a412aa82f1d4dfa57dac80a5a5d664 SolucionWeb suffers from a remote SQL injection vulnerability in main.php. [ joomlanewsdesc-sql.txt ] dbc07a77c38c8ac03698a09fc8e6ffc4 Joomla NA News Description component remote SQL injection exploit. [ pollpro-xsrf.txt ] c2ab74358b5bd4e0c25d3f8c9080eed2 PollPro version 3.0 appears to suffer from a cross site request forgery vulnerability. [ webspell-edit.txt ] aea9f27babb831af8e900adb5c17f3f4 webSPELL versions 4.01.02 and below suffer from a remote edit topics vulnerability. [ pnphpbb212i-lfi.txt ] 0021ce7144c2aef7db09e77c28f743ea PNphpBB2 versions 1.2i and below suffer from multiple local file inclusion vulnerabilities. [ msfxdc-contest.txt ] 32fe7daf5d86671fd2920b2e4eec0af3 MSFXDC (MetaSploit Framework eXploits Development Contest) is a challenge where the main goal is to code the largest number of new Metasploit Framework exploits modules. MSFXDC is organized by JA-PSI. [ wsnguest123-sql.txt ] 618ac54e798ece3629eafa095ec9a018 WSN Guest version 1.23 suffers from a remote SQL injection vulnerability in search.php. [ phpmesfilms-sql.txt ] 9f2ba3d7b84754a10983c7c779233e38 PhpMesFilms version 1.0 suffers from a remote SQL injection vulnerability in index.php. [ vuplayer-overflow.txt ] e3276064b96817aef53fca9c4948490b VUPlayer version 2.49 .wax file local buffer overflow exploit that spawns calc.exe. [ dmp161lst2-overflow.txt ] d658c66d0826a718399e917d4d3c9603 Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. [ dmp161lst1-overflow.txt ] eb86011c4aa4e7d92c538d034a1faf12 Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe. [ ayemsisemlak-disclose.txt ] f4e9f6c995ace6cd5ed8c280596ad870 Ayemsis Emlak Pro suffers from a remote database disclosure vulnerability. [ ayemsisemlak-sql.txt ] 57085fb9abf4f9c03e9e985ac9bfe337 Ayemsis Emlak Pro suffers from a remote SQL injection vulnerability that allows for authentication bypass. [ cybershadecms-rfi.txt ] 0d89b7c56448d695c0868124e9bdd777 Cybershade CMS version 0.2b remote file inclusion exploit that uses index.php. [ joomlasimplereview-sql.txt ] edf3ffde2162a729d7b842f7147eb467 The Joomla Simple Review component version 1.x suffers from a remote SQL injection vulnerability. [ RFIDIOt-0.1v.tgz ] 066edfb1a202fe2abd20e9c53e7f9c25 RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r). This is the Windows version. [ valsmith_colin_blog_spam.pdf ] fc161f5a3419d8c452af4f66a9287410 Whitepaper called Inside the Malicious World of Blog Comment Spam. [ dquist_valsmith_further_down_the_vm_spiral.pdf ] 35bb70e808912b43b632474926f4e244 Presentation called Further Down the VM Spiral. [ valsmith_dquist_hacking_malware.pdf ] 67b6f26f02ad8b78621a356a312cb4e5 Presentation called Hacking Malware - Offense is the new Defense. [ indianinstitute-sql.txt ] 1e40523527d08b2c7f671843e4b8f5d2 The Indian Institute of Technology in Kharagpur suffers from a remote SQL injection vulnerability. [ litolite-sqlxss.txt ] 13d364bc60d0eb32a0aa45450c336f1d Lito Lite CMS blind SQL injection and cross site scripting exploit. [ destiny161lst-overflow.txt ] 860a37459e6487b825536aba40de8534 Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit. [ webspell4-sql.txt ] 4b21224db9230cc002e5326a09c3a6dd Webspell version 4 suffers from a SQL injection vulnerability that allows for authentication bypass. [ destiny161-overflow.txt ] 94a408c32ef4ff231eed29acb2a8d390 Destiny Media Player version 1.61 .m3u file local stack overflow exploit. [ dsa-1695-1.txt ] a8ee321a95a6272a724768a1fe3bed2e Debian Security Advisory 1695-1 - The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443). [ dsa-1694-1.txt ] aa67e5228c1b8bb3bcc0a928a6a27de9 Debian Security Advisory 1694-1 - Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383). [ destiny-dos.txt ] 1d7be42d4ea9160a98423ca35f4a47e5 Destiny Media Player version 1.61.0 .m3u file local stack overflow proof of concept exploit. [ phpskelsite-rfilfixss.txt ] 03c68859bd89afcea5fbed52f0ee9782 phpSkelSite version 1.4 suffers from remote file inclusion, local file inclusion, and cross site scripting vulnerabilities. [ phpratemyphoto-upload.txt ] d5bd44ec4e4d65a071a7728f7a9e8d95 Built2Go PHP Rate My Photo version 1.46.4 is susceptible to a remote file upload vulnerability. [ phplinkportal-upload.txt ] 426a5cbbd51cdfdc8dcc53daced487c3 Built2Go PHP Link Portal version 1.95.1 is susceptible to a remote file upload vulnerability. [ vmware251-dos.txt ] 918090c873fe391fb0c2e18d414fdba6 VMware versions 2.5.1 and below remote denial of service exploit. [ w3blaborcms-sql.txt ] 3083663fe7d6da880a3614e7869efa40 w3blabor CMS versions 3.3.0 and below suffer from a remote SQL injection vulnerability that allows for administrative bypass. [ ratproxy-1.53.tar.gz ] 515ded853cd489cd894162fcf8e069d9 ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments. [ powerclan-sql.txt ] 2dce363b18838af49b0abda3f42fde75 PowerClan version 1.14a suffers from a remote SQL injection vulnerability that allows for authentication bypass. [ powernews-sql.txt ] 16de97949b15925e5dc28fff6e0e4a11 PowerNews version 2.5.4 suffers from a remote SQL injection vulnerability in news.php. [ eggblog-xsrf.txt ] b3cc6fa253b6e20680523f865d3a3b96 EggBlog version 3.1.10 suffers from a cross site request forgery vulnerability that allows for the changing of the administrative password. [ konqueror-xsscrash.txt ] bdea7d515c7338c2444a651423afc619 Konqueror versions 4.1 and below suffer from cross site scripting and remote crash vulnerabilities. [ audacity-overflow.txt ] a4adbdbd340a778bbc54493abc2c346e Audacity version 1.6.2 .gro file local buffer overflow proof of concept exploit. [ elecard-dos.txt ] b52e8aa09f31f813d091beb0234e9d0f Elecard MPEG Player version 5.5 .m3u file stack buffer overflow denial of service proof of concept exploit.