Packet Storm new exploits for May, 2005.
7374734da49af9ec0866c77a356bf752MyBB versions 1.00 RC4 and below remote password hash extraction exploit.
7ab1ed3b8e18ed2bad1e3c9e55f4e44bCalendarix Advanced is susceptible to SQL injection attacks. Exploitation provided.
d405f8c8e6b03e85d48574044e1981c7Multiple SQL injection and cross site scripting bugs have been discovered in MyBB 1.00 RC4.
85a3e05013b64edf9abbca6e69bced21x-cart Gold version 4.0.8 suffer from many SQL injection and cross site scripting vulnerabilities.
6d567dd70e7d6f2aefe18b06f74d5b43Exploit for the COM structured storage vulnerability as described in MS05-012. Work on Win2k SP4, WinXP SP2, and Win2k3 SP0.
f1c3fda65a4fd6c37c5c3622fa25e795PowerDownload versions 3.0.2 and 3.0.3 suffer from remote file inclusion and arbitrary code execution flaws.
159b4c127f500730bc9414ca9ac4e6efStronghold 2 versions 1.2 and below remote denial of service exploit.
f22b165f8f3919853ec9586b605305a3Paypal suffers from a price manipulation flaw via buttons.
e2a2603ea9921bd6c99b134bf7f5454eJaws Glossary version 0.4 through 0.5.1 suffer from cross site scripting flaws.
bf422f6a1a2633f0d57847877c7c73bfPostNuke versions 0.750 and below suffer from SQL injection and cross site scripting flaws.
4d287718c2f744c0c1734fe022dc038dSQL injection exploit for myBloggie versions 2.1.1 through 2.1.2.
e8e2d46a8f65e4d55ff93b8524f884bbBEA WebLogic Server versions 7.0 and 8.1 suffer from a cross site scripting vulnerability in their error page.
2e3a38a4ba6aa030ab045b02cb80ed06BEA WebLogic Server versions 7.0 and 8.1 suffer from a cross site scripting vulnerability in their login page.
f78b0187e37593e11f64152a3fb2763aServerscheck Monitoring Software versions 5.9.0 through 5.10.0 suffer from directory traversal bugs.
ad3825807573321e34d43ecc46580de5PHP Stat administrative user authentication bypass exploit. Written in PHP.
26bba7dd7e19ac9bb4c7a3e0ec975afcThe DSL-504T D-Link router allows for user authentication bypass.
c1fde8173df26f4825a68bad081f7d4dC'Nedra versions 0.4.0 and below remote buffer overflow exploit.
2914d889a2eb7d3bc43e33eb880bd8ddTerminator 3: War of the Machines versions 1.16 and below remote proof of concept exploit.
7bfd2e7cb654b805ff839da5d72d7a7fSQL injection exploit for Invision Power Board versions 1.x and 2.x that allows for valid cookie retrieval.
1cdd2bd1f5decde80384fe4d0a2c071cBookReview 1.0 is susceptible to multiple cross site scripting flaws.
67feb73cb1dc4297a9ea856a72222308PHP Poll Creator version 1.01 is susceptible to a remote file inclusion vulnerability.
f188026876e79f14353cfb5a8db70547JavaMail API versions 1.13, 1.2, and 1.3 are susceptible to multiple information disclosure vulnerabilities.
f83066ac60d040d495fd4a75e63a9f48iDEFENSE Security Advisory 05.24.05-4 - Remote exploitation of a directory traversal vulnerability in Ipswitch Inc.'s Imail Web Calendaring server allows attackers to read arbitrary files with System privileges. Version 8.13 is confirmed vulnerable. Earlier versions may be susceptible as well.
eb08239def1bc761858169a23cc6d2c4Local exploit for Exim 4.40.
8f1ff4dca26b7a0fbf123cbe55347d6e
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed