This archive contains all of the 422 exploits added to Packet Storm in August, 2010.
4e017168fda6b5d2fb6f9a6d5a68c7ddCartXpress suffers from backup related, file disclosure and shell upload vulnerabilities.
d0cde3459bec460f5333b1b809fff27dKeePass Password Safe versions 2.12 and below suffer from a DLL hijacking vulnerability.
4df8443bd6e31f1e8500adef4f594bb2WordPress versions 3.0.1 and below suffer from an URL redirection bug.
e65e12163ee044a64fbf4b4115b4c734Web-Ideas Web Shop Standard suffers from a remote SQL injection vulnerability.
8b0ebafe552baf5accfa95d7cbe31b57This is a proof of concept, self replicating, social network based malware for NING.
5a18d712327fbb7191111ebeddc05e49The Joomla JE FAQ component suffers from a remote blind SQL injection vulnerability.
1197b45ece79014db6580ecc0355c99bThe Joomla PicSell component suffers from a file disclosure vulnerability.
1237cdeb9b8aad75ee580ced114fd4eeRapid7 Security Advisory - FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector in FCKEditor. The vulnerability requires that the remote server be running IIS. This vulnerability has been confirmed on FCKEditor 2.5.1 and 2.6.6.
734bd64d3ff9aa05f3b480e0cd0300ebThis Metasploit module exploits a memory trust issue in Apple QuickTime 7.6.7. When processing a specially-crafted HTML page, the QuickTime ActiveX control will treat a supplied parameter as a trusted pointer. It will then use it as a COM-type pUnknown and lead to arbitrary code execution. This exploit utilizes a combination of heap spraying and the QuickTimeAuthoring.qtx module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions. NOTE: The addresses may need to be adjusted for older versions of QuickTime.
7ad044f928efe468c6ea9c5cb5d51a74Apple QuickTime suffers from a "_Marshaled_pUnk" backdoor parameter client-side arbitrary code execution vulnerability.
e93ace586ff41f998cf0bacbb39e6d88Safari for Windows invalid SGV text style denial of service vulnerability that leverages Webkit.dll.
7ec3fe1793cf146cc5e0d313c9ed5fc4Microsoft Office memory corruption code execution exploit that demonstrates a malformed property vulnerability.
0b8748008d4dae5d86c97975f64bc3c6Seagull version 0.6.7 suffers from remote file inclusion vulnerabilities.
698dcf5ebca0a2a60aa3b33cdc5d5a44CF Image Hosting Script version 1.3 suffers from a database disclosure vulnerability.
7973b8d7314f0256d73262283b3dc3dfVirtual DJ version 6.1.2 DLL hijacking exploit that leverages hdjapi.dll while loading .mp3 content.
6552b5ef24190ba330da50f0888896e5BS Player version 2.56 DLL hijacking exploit.
35c98e79724baf98aa0880e4afedff7cMicrosoft Windows 7 / Vista backup utility sdclt.exe fveapi.dll DLL hijacking exploit.
585e03acfe30337026381ca0d0ab85bcDaemon Tools Lite versions 4.35.6.0091 and below mfc80loc.dll DLL hijacking exploit.
77ef249904bd3ac9c7b90e298e229746GuestBookPlus suffers from comment restriction bypass and html injection vulnerabilities.
03ca280256ec1a44fa5b99d689d410dbQtWeb Browser version 3.3 build 043 DLL hijacking exploit.
a61ba519336b8cb290a240a5a1997066Maxthon Browser version 2.5.15.1000 DLL hijacking exploit that leverages dwmapi.dll.
daebc041ed83ae09d1c932d3fb0c4c61DiY-CMS version 1.0 suffers from multiple remote file inclusion vulnerabilities.
cc1c0d0c533eb654c795580f19e0575dNginx version 0.6.38 heap corruption exploit.
36ed98b3f0337da621ba6ffcaebd7ce9SnackAmp version 3.1.2 malicious .smp file buffer overflow SEH exploit.
6bf157239c630e65eb2271eeb254893e
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed