Packet Storm new exploits for March, 2005.
24168bc14d84a4ab06a56a2778d222ecUblog versions below 1.0.5 suffer from a cross site scripting flaw.
ed934839be2ce48b491000051e9d7fb2There is a file inclusion and three SQL injection vulnerabilities in phpCoin versions 1.2.1b and below.
8eb196d960961c4d2af5d20984a065bdSquirrelcast PHP Shopping Cast is susceptible to SQL injection attacks. Sample exploitation details provided.
568ffebf08ecc4d9abd2b3b1a6c4b296PunBB versions 1.2.2 and below remote authentication bypass exploit.
14ac58d49c7c030c98bb28f9d9ed98c4Linux kernel versions 2.6.10 and below denial of service exploit.
f8d6bef5011ac4b4c14927182effb090Cyrus IMAPd versions 2.2.4 through 2.2.8 remote exploit. Original flaw discovered by Stefan Esser.
b925255b5f9ec763597486c1d7614a73mtftp versions 0.0.3 and below remote root exploit.
3157bcd0790a55cc79fa53c28ebd5220Tripod.com suffers from multiple cross site scripting flaws.
871f583080aca0b5d0f100628625877bInvision Power Board version 2.0.3 is susceptible to cross site scripting attacks.
50b26457115de6ae46e31dd967810418phpBB versions 2.0.12 and below Change User Rights authentication bypass exploit.
87b1a7d3b64fc21371f9332c95baf906Multiple SQL injection and cross site scripting vulnerabilities have been discovered in AspApp. Sample exploitation provided.
ae23a77026d9b3bedf11cebcfb6cda1dMultiple SQL injection and cross site scripting vulnerabilities have been discovered in PortalApp. Sample exploitation provided.
bceb796bebe444666bac3de88067f3e6ACS Blog version 1.1.1 is susceptible to multiple cross site scripting attacks.
57849662df466151336be8e56f7b2d01Remote root exploit for the preparse_address_1() heap buffer overflow in Smail versions 3.20.120 and below.
07ebc36eaafbfaba94becbce88dcec6bPhotopost PHP Pro Photo Gallery software is susceptible to multiple cross site scripting and SQL injection attacks. Detailed exploitation provided.
2ca859abb7fbc89929c944b1a579a590PTT Security Advisory - Sun Answerbook2 version 1.4.4 is susceptible to cross site scripting and administration attacks. Exploitation provided.
8ee1ec524755884a03990353dce0043cProof of concept exploit for a remotely exploitable buffer overflow in the Tincat network library used in various games.
e35a68e27f1cc93387ac11089310ac07THai's Shoutbox is susceptible to a cross site scripting bug.
29757cec0a44beb39486c0c2b8f7c0c8Vladersoft Shopping Cart version 3.0 is susceptible to multiple cross site scripting and SQL injection vulnerabilities. Sample exploitation provided.
f838d6bd02ba2a9e0fa1f27daf3cda88Easy Community Management System Forum (E-XOOPS) contains multiple SQL injection and cross-site scripting vulnerabilities. Some of these may not be exploitable depending on how PHP, Apache, and MySQL have been configured. Advisory contains proof-of-concept exploit URLs.
c403d0741fe94de0e0392d54e9113057Timbuktu Pro Remote Control user enumeration program. Wordlist-based bruteforce tool that checks whether a given username exists on the target server or not, which is possible due to a difference in the error message returned when the username is invalid versus when the password is invalid.
160f3e45e55a5354c371fafb59082f05NukeBookmarks version 6 contains SQL injection, cross site scripting, and path-disclosure vulnerabilities. Advisory contains example exploit URLs.
64e1892c99959780e13d89efbbe7ba94Limewire directory traversal exploit. Exploits bug in versions 4.1.2 - 4.5.6, inclusive.
dfa8a4ee0a01e7310d4c9ee1e46e77c3E-Store Kit-2 PayPal Edition is susceptible to file include and cross site scripting vulnerabilities.
fedf099104a5e7b7f2ff5b77d763ee35
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed