Packet Storm new exploits for February, 2009.
7e0c04d363db62fa8678e32bcb08c2f1Proof of concept denial of service exploit for the HTC Touch vCard over IP that sends vCards to port UDP/9204.
e972043b77a48f18ab176344407b7900The Drupal Protected Node module version 5.x-1.3 suffers from a cross site scripting vulnerability.
c3477d72b9fca4d975b76e9a2481a941POP Peeper version 3.4.0.0 UIDL command remote buffer overflow SEH overwrite exploit that spawns a win32 bindshell on port 55555.
3017edb87b1f27ccd84b722ac3eadccaDrupal suffers from a local file inclusion when used on Windows.
6d8be985723bf5092b5f4d8e84f56d16SkyPortal Downloads Manager version 1.1 suffers from a contents change vulnerability.
fd71ebf44db5f9aa95ba6303176b4a6fIrokez Blog version 0.7.3.2 suffers from remote blind SQL injection, remote file inclusion, and cross site scripting vulnerabilities.
d36fb32ba7645db78dc712eff8432180Hex Workshop versions 6 and below .hex file local code execution exploit.
c5d8c9b0de321f74ef7db697a47575acOrbit versions 2.4 and below long hostname remote buffer overflow exploit.
8cd2bd5c505262190be95e7ebac9be8dDemium CMS version 0.2.1 Beta suffers from local file inclusion, remote SQL injection, and file disclosure vulnerabilities. Full exploits included that perform local file inclusion and remote command execution leveraging both local file inclusion and SQL injection.
dedbbf1523962b4b8c21b7c057b3cca1BannerManager version 0.81 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5304872671334ac09bb7e330c1eebd9cThe Drupal Taxonomy Theme version 5.x-1.1 suffers from a cross site scripting vulnerability.
99913ad8eec20527866c93a1d3488caeB2C StoreBuilder Designer version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
372104944d2c34f95b2cfcafbb851a76C2C Reverse Auction Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
bc7253a4d901d9b4ebf845079306c9c8Great Shop Creator suffers from a remote SQL injection vulnerability that allows for authentication bypass.
af52b03cee92e3e19185870f22950fa0B2B Reverse Auction Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ac30f822323762921c0ba50620f42a94B2B Forward Auction Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
addac7d9bf08cb23493e8d4910e4a4b7B2B Horizontal Marketplace Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
bcb56145efe40236429e6015a60180a1Webstore Creator version 5.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
202a13780bbc2281b8a975f5a93425eaShop Creator version 4.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ef26a9d33c6fde26f3c76575001190bdThe APC PowerChute Network Shutdown's web interface suffers from http response splitting and cross site scripting vulnerabilities.
13025133f975f6362d14f44d18d32a5fBitDefender Internet Security 2009 suffers from a cross site scripting vulnerability.
547c2b05ba8230930749b00de490063cCoppermine Photo Gallery versions 1.4.20 and below privilege escalation exploit.
f0fcbccc943a0026c8aae4815c4757f1Coppermine Photo Gallery versions 1.4.20 and below suffer from a privilege escalation vulnerability.
311b7468f561fe3576a9e2551aacd0cdDesignerfreeSolutions Newsletter Manager Pro suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c3883ed1cce1b7de748879d77741b5d4
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed