Packet Storm new exploits for August, 2007.
a784c6c778615d5f2c005100de89abffA SQL injection vulnerability exists in the Log On page of the web interface for Cisco CallManager AKA Unified Communications Manager. An unauthenticated attacker who is able to access the Log On page could exploit this vulnerability to run arbitrary SQL commands as the logged in database user, usually cm_publisher. By running SQL commands, the attacker could gain information about the CallManager configuration, including call records. Exploitation details provided.
3f7b845f8abbf592305551e6224d261dThe Telemark.com search engine is susceptible to a cross site scripting vulnerability.
c9940b9124caccd7386973aa56d9027aThe ChaCha.com search functionality suffers from a cross site scripting vulnerability.
e9ebdea597e5f10ca9b9c99db9e3cf62PPStream ActiveX remote overflow exploit that makes use of PowerPlayer.dll version 2.0.1.3829.
132a38ce0cc72b3c49ae42b164ffefa1Norman Virus Control local exploit that makes use of nvcoaft51.sys.
f7f06590d69b8657e3cc40e36b8f36f0phpBB Links MOD versions 1.2.2 and below remote SQL injection exploit.
f7c85f4b2a3d84bd57186a373ff8cce4Ourspace version 2.0.9 suffers from an upload vulnerability in uploadmedia.cgi.
49e68f901eb8af65054e494a64870126NMDeluxe version 2.0.0 suffers from a remote SQL injection vulnerability.
7df7ee1cc55190e6e2306680ca06cd41Wireshark versions below 0.99.5 DNP3 dissector infinite loop denial of service exploit.
db40242afee4ecc22686066188808a89Hexamail Server version 3.0.0.001 pop3 pre-auth remote overflow denial of service exploit.
e2ebdee6bf86c4327ab9df16adebf030Proof of concept exploit for Doomsday versions 1.9.0-beta5.1 and below which suffer from buffer overflow and format string vulnerabilities.
8f83cc303809ac52f3c9e81d648f6099Blizzard StarCraft Brood War version 1.15.1 suffers from a remote denial of service vulnerability.
a5789f2382d3d95d12aeb03dc5277771Yahoo! Messenger version 8.1.0.413 webcam remote crash denial of service exploit.
4d8b681186b77f12dd8f8a994917c0c8MSN Messenger 7.x VIDEO remote heap overflow exploit.
5d8ef6a8c46d57f1fc030024fcc7ece6Pakupaku CMS versions 0.4 and below remote file upload exploit.
eb28e47bc15b4183419bd79aff5b9e8dphpBG version 0.9.1 suffers from remote file inclusion vulnerabilities.
116652e271be17a3005faa5a4c319bffPHPNS version 1.1 suffers from a remote SQL injection vulnerability in shownews.php.
6b08efafff0de911f42fb36de79e2c35ABC estore version 3.0 remote blind SQL injection exploit.
4f20498b0ee8a8364d48c6f28ac2b801xGB version 2.0 suffers from a remote permission bypass vulnerability.
f80c5be13198a61a85b89f8de7096270Microsoft Windows denial of service exploit that makes use of GDI32.DLL. This vulnerability is related to MS07-046.
6b8e5d855533f6cd0c76c63947b807e6PHPNuke-Clan versions 4.2.0 and below suffer from a remote file inclusion vulnerability in mvcw_conver.php.
167c9ba6ce495d3de3731e4912a48952VWar versions 1.5.0 R15 and below suffer from a remote file inclusion vulnerability in mvcw.php.
c4f9598a25c7cea312d1038996332249DL PayCart version 1.01 blind SQL injection exploit that makes use of viewitem.php.
d375f870619082511fa6b2c408e6d3bdPostcast Server Pro version 3.0.61 and Quiksoft EasyMail emsmtp.dll version 6.0.1 buffer overflow exploit.
d219f1ac5c8237428552cf151ffe1811
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed