New Packet Storm exploits for September, 2005.
c80e08cbbf88fb228a911a8ab30005b2Mantis Bugtracker exploit scanner that looks for versions less than 1.0.0RC2 and greater than 0.18.3 which are vulnerable to XSS and variable poisoning attacks if register_globals is enabled.
0f28dffbd3d89ef328aab25d1033fb7bExploit for PHP-Fusion v6.00.109 SQL Injection and admin credentials disclosure vulnerability.
fb1f0fefc75ecddc016cd57da6a28642CubeCart 3.0.3 contains a flaw that allows a remote cross site scripting attack. Exploitation provided.
d724af0688649985edd7703faad60ed9Mantis Bugtracker versions less than 1.0.0RC2 and greater than 0.18.3 are vulnerable to XSS and variable poisoning attacks if register_globals is enabled.
d3137f93b98019ab086082b975926888GNU Mailutils version 0.6 imap4d 'search' format string exploit. Written to be used against FreeBSD.
642b5fb9f407325048f6e9666e719172lucidCMS version 1.0.11 is susceptible to a cross site scripting flaw. Exploitation details provided.
f332478664fc332178c3e9ebd169085bRealPlayer and Helix Player remote format string exploit. This flaw makes use of the .rp and .rt file formats. Code tested on Debian 3.1 against RealPlayer 10 Gold's latest version.
b753c5e729eb9c6216cb72df318e125cProof of concept exploit for MultiTheftAuto versions 0.5 patch 1 and below. This causes Windows to crash.
99976b5912749ccd7466e53d66e16d27The ContentServ CMS allows for remote file disclosure. Exploitation details provided.
932b8ac4713feab27795b6e0420a24f4Linux Qpopper poppassd latest version local root exploit.
880ae69daa8a80e3e1fce451afcb85f6FreeBSD Qpopper poppassd latest version local root exploit. Tested on FreeBSD 5.4-RELEASE.
162efe574682e6d657e6b9d1c60362f7WzdFTPd versions 0.5.4 and below remote command execution exploit.
053667191211ded156b69fabd6c0f93cGeSHi version 1.0.72 is susceptible to a local file inclusion vulnerability.
f1aa4004e9b285d93d41b03809a4bab1CMS Made Simple 0.10 is susceptible to a cross site scripting attack.
af9cd509dd4e0c9de4f5b49ce90ecd54MailGust 1.9 is vulnerable to a SQL injection attack that allows for board takeover. Exploit provided.
2af5368ea3e4eb646f7368060ac87c62AlstraSoft E-Friends is susceptible to a remote command execution flaw. Details provided.
c44bd751fc3d504fe3d73034311b7badRiverdark RSS Syndicator version 2.17 is susceptible to cross site scripting attacks.
a943737ac116052361033701e00a232ajPortal versions 2.2.1 through 2.3.1 suffer from a SQL injection vulnerability. Exploitation details provided.
7e6fd7142e87e934196bf671c73c2b53PhpMyFaq version 1.5.1 is susceptible to SQL injection, board takeover, user information disclosure, and remote code execution flaws. Detailed exploitation provided. Earlier versions are also possibly vulnerable.
7e4688c40fe3f1047e4d60351226021dPwnZilla 5 - Exploit for the IDN host name heap buffer overrun in Mozilla browsers such as Firefox, Mozilla, and Netscape.
eef9337ee7cdaceb446572f6a20a0ea6Mall23 is vulnerable to a SQL injection attack in AddItem.asp. Versions below 4.11 are susceptible.
b5930d3085f3fa34e7ba1f5e486a1080My Little Forum 1.5 SQL injection exploit that retrieves an md5 password hash.
c59af767c4a1416bec0a1e0907d82cb4Perldiver versions 1.x and 2.x suffer from cross site scripting flaws.
f972471c8c7a2fe83c55efcb0fab0724Mercury Mail IMAP server versions 4.01a and below remote buffer overflow exploit.
071e805167e5cc006d1d151ea6d12887
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed