Packet Storm new exploits for July, 2006.
d7668749bea4492043760c7281574495ad942216a132f5325f62290a5fa61780
The mambatstaff Mambo component is susceptible to a remote file inclusion flaw.
fa7b9aaa25bac2fdfebbe0f529ca7304edb279aaa506c90a60448255b99bda6e
Colophon versions 1.2 and below suffer from a remote file inclusion vulnerability.
870c50c1955358cd09c6815fc5ed147288272f145dce06f2bf4a80dbcac1b21f
Coppermine Photo Gallery version 1.2.2b-Nuke suffers from remote file inclusion vulnerabilities.
841a02d8c14bf56f354bf35cf941793561f0cfa85e8f48d3c46ae11eaf798f7d
Mambo Gallery Manager version 095.r3 suffers from remote file inclusion vulnerabilities.
2e97397e359cd7cdb11dc44b91eade8442528731a5d3ac075dc9669073fe1fb7
Gidplus.dll division by 0 proof of concept exploit.
e34790ee7ca7e923136b18150c98e6b36106bb11d8baf1c3bfbef95889ee672c
Exploit for Mozilla Firefox versions 1.5.0.4 and below. The demonstration exploit below will attempt to launch "calc.exe" on Windows systems, execute "touch /tmp/METASPLOIT" on Linux systems, and bind a command shell to port 4444 for Mac OS X Intel and PowerPC systems. An anonymous researcher for TippingPoint and the Zero Day Initiative showed that when used in a web page Java would reference properties of the window.navigator object as it started up. If the page replaced the navigator object before starting Java then the browser would crash in a way that could be exploited to run native code supplied by the attacker.
9e096b35f0514a051a6f1a202b7742ec4b356a48415a7e37748c715e85cf7500
Dr.Jr7 Gallery version 3.2 RC1 suffers from a remote file inclusion flaw.
61bf03c5bc2bfedaeb1de0d3b9814420169cfda1b3eff3e4a7e2735abe4568ad
Portail PHP version 1.7 suffers from a remote file inclusion vulnerability.
075f391c35623dda2d5d48a6eee2eb5e8ce6569dd08523a1428252eacf2a2210
Guestbook Mambo Module versions 1.3.0 and below suffer from a remote file inclusion vulnerability.
30f8667ef29fb8872e71730d3e8b9aaf8c165d18a5d0b8196435b73dba301b57
PHP-Nuke INP is susceptible to cross site scripting.
1b0f5896e76364a4d2e25fe5cde01518a4c80a8079c5cb728737164570fed8d7
PrinceClan Chess Mambo Com versions 0.8 and below suffer from a remote file inclusion flaw.
6373cd538545bb2474dbec4a5e708deaee424a8b2b066656d51965604e1df979
JD-WordPress suffers from a remote file inclusion vulnerability.
a29fa9ad87d09b2126c672ee2423cf18ff231120339b690d140ca6e263135baf
Heartbeat versions below 2.0.6 insecure shared memory local denial of service exploit.
042d63f05a32cabe28243556ac05eef1189e08fbe3e1d1baa9934d4c7333678f
Phorum version 5.1.14 is susceptible to cross site scripting and local file inclusion attacks.
9c72077583d824261da03a364967e6f7aac0f9330b3bbdb08b9bca4689408220
GeoClassifieds Enterprise version 2.0.5.2 is susceptible to cross site scripting attacks.
b8221d279fb36db5d12e100e503a7dc2d6e86db89e31f5be786c2a153273bd65
Remote exploit for the Syslog server by eIQnetworks that has a vulnerability when processing long strings transmitted to its TCP port.
60bffcf1a26deeb9ebda5eb75a657c002ee82720c1ef7a36d68131a01a17d94d
Remote exploit for the buffer overflow found in the LICMGR_ADDLICENSE Field of EIQ networks network analyzer.
2fd385aaecbd319e45011cb0297961bc7072184913dd3828fc4dc4b0331f3984
This Metasploit module exploits the buffer overflow found in the LICMGR_ADDLICENSE Field of EIQ networks network analyzer. This module exploits buffers of 1262 bytes in size. This module should work on all rebranded eiq analyzers. Exploitation assistance from KF of digital munition.
e4ce3e36553a518104ebf7e58cf8a9dd52695a1715d37a0ba3161d6ab879f3ed
This Metasploit module exploits the buffer overflow found in the LICMGR_ADDLICENSE Field of EIQ networks network analyzer. This module exploits buffers of 494 bytes in size. This module should work on all EIQ branded analyzers. Exploitation assistance from KF.
88bc70754e26114c4ff252085966059a0af29b9d43f03db6984fbde54d0ad30a
Etomite CMS versions 0.6.1 and below 'username' SQL injection and administrative credential disclosure exploit.
620bdf667e0fa3f353fc138d5dfe20509298865beffecfea4b15e781ea7a4210
WMNews suffers from a remote file inclusion vulnerability.
98b7bae8e8dffa9da5136497722726c556ef8d4cde3d3d0dce85fb2630f2989a
A remote file inclusion flaw exists in the a6mambohelpdesk Mambo component versions 18RC1 and below.
26d95654d6ebc3032cb7df52f555cd568cad30aa468d559004087e80c4d461be
Triton version 1.0.4 remote exploit for the sipxtapi vulnerability.
f93b23609f2b1ea7d2fa0921eaab18bffbff4d1f638e4c6b7dad4792aca8f31a
MttKe-php version 2.6 suffers from a cross site scripting flaw.
acb4fa8dc82c4238ba81970d67aea5492f38fd1851e06cd86f85f1d24926c94a