New Packet Storm exploits for August, 2005.
02ccdc9a05ba0798d3558b6f698c0350FlatNuke version 2.5.6 suffers from remote command execution, cross site scripting, and path disclosure flaws. Detailed exploitation provided.
11acdd9d2ced8d0e8654998fccb7e62bRemote code execution exploit for FUD Forum versions 2.7 and below.
0a6890ae0ddec4b2fbf9dafb1a53e299Remote command execution exploit for HP OpenView Network Node Manager versions 6.2, 6.4, 7.01, and 7.50.
f52cf58231344c9d88f6eb0cd01adc82BNBT EasyTracker is susceptible to a remote denial of service vulnerability when accepting a malformed HTTP request. Demonstration exploit provided. Versions 7.7r3.2004.10.27 and below are affected.
2ac337d4908927ed071926acbb6d4270phpLDAPadmin versions 0.9.6 through 0.9.7/alpha5 suffer from directory traversal, remote code execution and cross site scripting vulnerabilities. Detailed exploitation provided.
3a75a213f873a5a71289eba8299c2757Proof of concept exploit for the flaws relating to BFCC versions 1.22_A and below and BFVCC versions 2.14_B and below.
0918b1298c512f28393bf9f2d5603a9bLand Down Under versions 801 and below suffer from multiple SQL injection vulnerabilities. Full details provided.
eb9df365250444e4b536d1fb2e55e3aaExploit that demonstrates a vulnerability in the comment_delete_cgi.php from SimplePHPBlog. The PHP script allows for the arbitrary deletion of files. This vulnerability, in combination with the fact that the installation scripts are left on the server after installation, allows an arbitrary user to reset the admin password to one of the attacker's choosing.
d5a02f6fa42800a232858d4f054b1541Secunia Security Advisory - Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to SqWebMail failing to properly sanitize HTML emails. This can be exploited to include arbitrary script code in HTML emails, which will be executed in context of the SqWebMail server, as soon as the user views a received email. Version 5.0.4 is affected.
57470dc10cef0798ea3aec873b6095ddPunBB 1.2.6 suffers from a script injection flaw in its use of IMG tags.
e745714402a160c0bbd36c5fd17862feCosmoshop versions 8.10.78 and below suffer from SQL injection flaws, clear text passwords, and directory traversal flaws.
43eb2a684a72cba7453b395b76af5865PHP-Fusion versions 6.00.107 and below are susceptible to cross site scripting attacks.
899b8a9751b5a4ffdc795c68056c4f44AutoLinks Pro 2.1 suffers from a remote file inclusion vulnerability.
a9273540bd7022124f6c8cb05c02da63Land Down Under suffers from cross site scripting vulnerabilities in the signature and topic payloads.
38e1144d56f1c9a6cdeb36bb6a7a7238MyBulletinBoard (MyBB) member.php SQL injection exploit.
9274e58ef338ce1541974c525480a669Multiple vulnerabilities have been discovered in various CMS and forum software. e107 suffers from a cross site scripting flaw, Wordpress suffers from a SQL injection flaw, PHPNews suffers from a remote inclusion flaw, phpBB suffers from a SQL injection flaw, Google suffers from a SQL injection flaw, and myspace.com suffers from a user profile defacement flaw. Oh.. and UBB 6.3.2 suffers from a remote code execution flaw.
0b3cc1bdf7c9bc094938f2cf671a24b5phpWebNotes version 2.0.0-pr1 suffers from a remote inclusion vulnerability that may allow for cross site scripting attacks.
6771a439057aac9e9acef007389b8f28The Nokia Affix Bluetooth btsrv makes poor use of a popen() that in turn allows for privileged code execution as root.
61e981f322c2f459330e5ada5d8ff244Exploit for Looking Glass v20040427 arbitrary command execution / cross site scripting vulnerabilities
fc4b3d001799b92df265dce9d88d0b2aQNX inputtrap from QNX RTOS versions 6.3 and 6.1.0 suffers from an arbitrary file read vulnerability.
6485b7c7501a5b7eee39fd1c2b6d013cFoojan PHP Weblog suffers from an injection flaw when trusting an unsanitized HTTP_REFERER payload.
8d7c5ecdfa9b64b6f5372f8fa0e32db2PaFileDB 3.1 is susceptible to a SQL injection attack that allows for login bypass.
5ebb7571066d1cee27025c2990ccbf0eBEA WebLogic versions 8.1 SP4 and below suffer from a cross site scripting flaw in the Administration console.
75cb275908dde195433f902633155e90In nearly all browsers you can overwrite the window location in the 'onunload' event. This has been tested against Firefox, Opera, and Internet Explorer.
cb19d56d011a3ec5af3696705135f266
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed