Packet Storm new exploits for July, 2005.
b244db6b75485b65184830adfd1dfe38A buffer overflow in BusinessMail email server system 4.60.00 allows for a denial of service attack. Proof of concept exploit included.
f3fa06fa76a7d8c2d9706b6e4b130403A SQL injection flaw exists in phpList. Proper exploitation requires that a user be authenticated.
3587bfcc5b9052d5e35e53e784f6e583MySQL AB Eventum versions 1.5.5 and below proof of concept SQL injection exploit.
e5b1ffe7254aad864d06c87eebd15e8fMySQL AB Eventum versions 1.5.5 and below suffer from cross site scripting and SQL injection attacks.
c8b779ab6b2e1864f7cb003b1be9e023Phpeasynews version 1.13 RC2 is susceptible to cross site scripting, path disclosure, and user check bypass vulnerabilities.
88d33b4f87015b77fdc764fd3c416ee1Kayako liveResponse versions 2.x suffer from cross site scripting, SQL injection, script insertion, and other vulnerabilities.
d12783db84eb4ba42f09805d1c50be4bEasyxp41 suffers from multiple cross site scripting and data disclosure flaws. An excessive amount of detailed exploitation is provided.
2895b06398aa7518a481acc5a04b9899Plugged-Blog 0.4.8 suffers from multiple cross site scripting, SQL injection, and other flaws. Detailed exploitation provided.
561b5c650671ccdc4cc6e3e0fd4d5556Kshout versions 2.x and 3.x allow for direct file access to their configuration files.
fd54c77c253ed96ef9fbab2190066717qliteNews arbitrary database manipulation and cross site scripting proof of concept exploit.
2c8ef5b4e893b6077a239dae97667d55Kent's Guestbook allows for direct database file access.
67b78be508320b88e0c2e27981286f9dWeb Content Management News System administrative account creation and cross site scripting proof of concept exploit.
8c384ffa562818b79786f14e70f0140bPHPFreeNews versions 1.32 and below are susceptible to SQL injection, login bypass, and cross site scripting attacks.
48c666e16e02b14265a50e344fa2a745PHP News Manager versions 1.45 through 1.47 are susceptible to login bypass, SQL injection, cross site scripting and path disclosure flaws.
f6ac2b10357b4417f4691d349a47b070PHPList is susceptible to SQL injection and path disclosure flaws.
2f065a958972a18f02d3f7de846612a4GForge version 4.5 is susceptible to multiple cross site scripting vulnerabilities.
7c50c2216c8acfa27145c82dee23fc73Product Cart 2.6 is susceptible to a SQL injection attack.
cef1d8f6a210a35f96070664dacd3f5e@Mail 4.03 WebMail for Windows and 4.11 for Unix variants suffers from multiple cross site scripting flaws. Detailed exploitation provided.
3cd06324574d1aef55b883431ef25f49NGSSoftware Insight Security Research Advisory - HP OpenView Radia Management Portal versions 2.x and 1.x running the Radia Management Agent suffer from a remote command execution flaw via a directory traversal. By connecting to the TCP port and sending a crafted packet, it is possible to traverse out of C:\Program Files\Novadigm and run any executable that is located on the same logical disk partition.
746992e1a974b65a8b4f2abc6eab9a03GNU Mailutils imap4d version 0.6 remote format string exploit. Tested on Slackware Linux versions 9.0, 10.0, and 10.1.
da0de44e2242607117540ff5e260dca5Clever Copy suffers from multiple cross site scripting and path disclosure flaws. Versions 2.0 and 2.0a are affected.
7e31b64773a60d4db45f35bab4fa8e73BMForum Datium! 3.0 RC1-4, Plus! 3.0 RC1-4, Plus! 2.6.1, and PlusMX 3.0.0.5 all suffer from multiple cross site scripting flaws.
ea70bf5ccd6f398a6c4cdb84fdca4c28CartWIZ suffers from a cross site scripting vulnerability.
641fccc90e9b9e36e4f04c678a73a290Simplicity OF Upload 1.3 allows for remote code execution and cross site scripting attacks.
c1c29ac201c7889dd7f93fb2b306a1e1
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed