Packet Storm new exploits for March, 2009.
aa36c33881677c26889fb50e050f70beCore Security Technologies Advisory - The Sun Calendar Express Web Server suffers from remote denial of service and cross site scripting vulnerabilities.
8637e3be53c6f69f9ebb8d051e7eda79The PrecisionID Active-X control suffers from an arbitrary file overwriting vulnerability.
308c22af7057895f54c6f152d5aa5da4SAPDB suffers from multiple cross site scripting vulnerabilities.
0c9da6072358b8254b3e44c98a78b06cIBM WebSphere Application Server versions 7.0 and 6.1 suffer from multiple cross site scripting vulnerabilities.
76ca1d583b9195b4358f616c28548b18webEdition versions 6.0.0.4 and below suffer from a local file inclusion vulnerability.
6b6f247acdd29000d83edb51e2e97d19The Scout Portal Toolkit version 1.4 suffers from cross site scripting and SQL injection vulnerabilities. The SQL injection vulnerability was already previously discovered in May of 2008.
fb83ccfc5a276f42a2850a2c8ecaca3dTurnkey Ebook Store version 1.1 suffers from cross site scripting and redirection vulnerabilities.
20f6b38d2781b11ab59cc3250bdddfa8VSP Stats Processor version 0.45 suffers from a remote SQL injection vulnerability in gamestat.php.
726a7b0c45a1fd912ff50f5b7e1bc7ddPHPRecipeBook version 2.39 suffers from a remote SQL injection vulnerability.
4cd93fd429b3ae7a33eeb9c0c97d9ac5JobHut versions 1.2 and below suffer from remote password change/delete/active user vulnerabilities.
693e88c73ed0856206081bbaf51248dcaspWebCalendar Free Edition suffers from a database disclosure vulnerability.
2174c5fa47aa2ecbba718251812fa84dVirtueMart versions 1.1.2 and below suffer from cross site scripting, SQL injection, remote/local file inclusion, and code execution vulnerabilities.
31d21aedd427529e58a1c1ab3047baf9This Metasploit module exploits a blind SQL injection vulnerability in VirtueMart versions 1.1.2 and below.
156a199eca5cf1f2af4baf66c9dd57d7Podcast Generator versions 1.1 and below remote code execution exploit.
f61bc7bf4349ce0f0ba5deddffb0ac9fSafari versions 3.2.2 and 4 BETA XML parsing remote crash exploit.
39724081ea70622d9ac2f1b1ea37a012The Cisco ASA5520 Web VPN suffers from a cross site scripting vulnerability via the Host: header.
c024bc77c555bfc6873b374eaab98e3aOpera version 9.64 (7400 nested elements) XML parsing remote crash exploit.
5cda03f23eb6c0c9f83826c3af170e66Zabbix version 1.6.2 suffers from multiple cross site request forgery vulnerabilities.
12bfca01e139a9a463df77039104d45eCommunity CMS version 0.5 suffers from multiple SQL injection vulnerabilities.
9b81ef2925bce17559841920ab005460The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client would not allow further analysis and would not provide the full product/version info. Initial testing indicates the 'Authorization' and 'Referer' headers were vulnerable.
a2a9311c6c2cf88904901184d2b57c7aFamily Connection version 1.8.1 suffers from a create administrative user vulnerability and multiple remote SQL injection vulnerabilities.
c7dfa2b15509b61d89b64bf80db9a387JobHut versions 1.2 and below suffer from a remote SQL injection vulnerability.
e45ee718c9927fecf045ba99e0508df5Sami HTTP Server 2.x remote denial of service with HEAD request exploit.
07f9bbd8417cf38cb971d902a039a7d8Linux Wine version 1.0.1 local buffer overflow proof of concept code.
7c41333cfac05d6a61385c29edffbb3a
© 2011 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed