New Packet Storm exploits for November, 2005.
c97868904344aab96af71f9270a73baePhpX versions 3.5.9 and below are susceptible to SQL injection, login bypass, and remote code execution attacks. Exploit provided.
64c98d9fdbfb23eb6adff6dc60334be8PHP Upload Center is susceptible to directory traversal attacks via the filename parameter in index.php.
a239186e97510988e205365cd4334173N-13 News remote SQL injection exploit that performs a PHP shell injection.
3f276643d6c7430cfe8f0558e7316aa8Xaraya versions 1.0.0. RC4 and below suffer from denial of service and file corruption flaws. Exploitation details provided.
0a56836da136202fc0531cb65cd3a9a4ASP-Rider version 1.6 is susceptible to SQL injection attacks via the REFERER.
1bdb6afa9758e92364f5ac80237fd832Microsoft Windows Distributed Transaction Coordinator remote proof of concept exploit for the flaw listed in MS05-051.
e282b6dc7e4a918aca6f891d45beca90Microsoft Windows Distributed Transaction Coordinator remote proof of concept exploit for the flaw listed in MS05-051.
5767373f484a8f87676ec524c5f66a8dMicrosoft Internet Explorer denial of service metafile exploit. Raises CPU utilization up to 100%.
5c1c28310a0cdee182a606b0c706306fA buffer overflow vulnerability in the utility phgrafx included in the QNX Neutrino Realtime Operating System can potentially be exploited by malicious users to escalate their privileges. Exploit included.
ea16f7998381ea8d6d6f22765720cc90Guppy versions 4.5.9 and below suffer from remote code execution and arbitrary inclusion flaws. Full exploit provided.
83a8d5b3a3aac83c65477271b85ac2a5Cisco IOS exploit that demonstrates how unsanitized input from a user can be injected into dynamically generated web pages.
6f0b3f5bc61b8ef0a1887bebe0696b40Randshop is susceptible to SQL injection attacks.
b5096fb25800ce940b8d9397dd2ce301vBulletin 3.5.1 suffers from a cross site scripting flaw due to the control panel not properly sanitizing variables.
1f755609ff408f9dc279f7f2367305c9Q-News version 2.0 is susceptible to a remote file inclusion flaw.
760ca8a37395dbedd9a714709d8d51a6phpgreetz version 0.1a is susceptible to a remote file inclusion flaw.
9802e16df361a17af3808bfa6114e326Athena version 0.1a is susceptible to a remote file inclusion flaw.
fa8637e22146db7ca7853e385f1bcb2eWebistanbul is susceptible to SQL injection attacks.
66729c603bbb08dfcdb14f44ee49ef61PBLang version 4.65 suffers from a cross site scripting flaw in profile.php and ucp.php.
26cca82906f4bfcee1a9c4821633f3acefiction versions 2.0 and below suffer from remote code execution, SQL injection, login bypass, cross site scripting, and path disclosure flaws. Full exploit and details provided.
7e1b76dddf96cf67aace637260a9cfc6SEC-CONSULT Security Advisory 20051125-0 - vTiger versions 4.2 and below have been found susceptible to SQL injection, cross site scripting, code execution, directory traversal, and arbitrary file upload flaws.
96d3cb698b8ebc4810a5d40fe39f7827Multiple cross site scripting, authentication bypass, SQL injection, file inclusion, and password hash disclosure flaws exist in vTiger versions 4.2 and below. Various details disclosed.
b6c1646b05615c6ef43bfc64c7ad83bcMailEnable Pro version 1.7 and MailEnable Enterprise version 1.1 are susceptible to a remote IMAP related denial of service flaw when a rename request with non existent mailbox names is presented.
12e54d884208e23d488683b508a71535freeFTPd version 1.0.10 is susceptible to a remote denial of service attack. Exploit included.
176fe3a8f002cb7793292507b61b3c21SmartPPC Pro is susceptible to multiple cross site scripting flaws. Details provided.
580e5066cf6ab7d39ab0c4a24b8f7931
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed