This archive contains all of the 284 exploits added to Packet Storm in October, 2010.
5242452c69eadf41342d2690d76a683cLinux kernel arbitrary write memory write via v4l1 compat ioctl exploit.
e4406c49407ec6da26657b3fa7bbd5a9Free Adult Script version 2 suffers from a remote SQL injection vulnerability.
8fdb30f112bf9bdc83784fb66bdcfcbaThe Joomla Jcars component suffers from a remote SQL injection vulnerability.
168f1175402ee4df1cb11329bc1dc27fThis is a simplified memory corruption proof of concept exploit for Firefox.
8b26f4512456a230d56e2d6f845a78a2mygamingladder MGL Combo System versions 7.5 and below remote SQL injection exploit that leverages game.php.
61579276895b10192aca384a888d59c3PHPKit versions 1.6.1 R2 and below remote SQL injection exploit that leverages overview.php.
673d8c4b911aed9e80fd11dee182db63Feindura CMS versions 1.0rc and below suffer from cross site scripting and local file inclusion vulnerabilities.
5c6228b397defd3c0cac80c8df009bc4Home FTP Server versions 1.10.3 (build 144) and 1.11.1 (build 149) both suffer from a directory traversal vulnerability.
a873431ae17f48835410c655973b0fa4XBMC version 9.04.1r20672 soap_action_name post upnp sscanf buffer overflow exploit with windows bindshell code.
121b43429b5d96e72da25f8f0482bb29Firefox Interleaving document.write and appendChild denial of service exploit.
2bd5f2e7f0a067800337755ce6bb788aPub-Me CMS suffers from a remote blind SQL injection vulnerability.
83247e1ea3ced509fe7b2dc5a1c951c5TFTgallery version 0.13.1 suffers from a local file inclusion vulnerability.
42e1e7280019945a59dccf3bc170af86Firefox versions 3.6.8 through 3.6.11 Interleaving document.write and appendChild exploit from the wild.
95414e688d0d0e46201e2cc1053dd2ffWhitepaper discussing how to go from having a webshell to getting remote root using the GNU dynamic linker DSO vulnerability on Debian versions 5.0.6 and below and Ubuntu versions 10.04 and below.
b5d2edb70a3955504df2b49334ec19bfW-Agora version 4.2.1 suffers from cross site scripting and local file inclusion vulnerabilities.
157e2bdc6bbcef7db61c3d5521db6dd0MyCart version 2.0 suffers from cross site scripting, remote SQL injection and code execution vulnerabilities.
ed079679309869e074e643a520437e7dSpring Security does not consider URL path parameters when processing security constraints. By adding an URL path parameter to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification (see below). Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed.
39d52137898c5484e3318915ce5f0839Oracle BPEL Console version 10.1.3.3.0 suffers from a cross site scripting vulnerability.
d4b0e75bfbffdb2ae1a457793c3f4e08DBHcms version 1.1.4 suffers from a remote SQL injection vulnerability.
2b084f313e03054528d4c912bbbd99f3MinaliC Webserver 1.0 suffers from remote source disclosure and file download vulnerabilities.
0f936d16876ea0c5e0f76ac9db1cfb3fNinkoBB version 1.35RC5 suffers from a cross site scripting vulnerability.
cf14c1fa80946b5ee48f6e6f5d841186Oracle BI Publisher suffers from a HTTP response splitting vulnerability.
91d3c190354d6032783de15d8392c521phpLiterAdmin version 1.0 RC1 suffers from an authentication bypass vulnerability.
7dc835a573eae02fc119b0d19072e668Alstrasoft E-Friends version 4.96 suffers from local file inclusion, shell upload and remote SQL injection vulnerabilities.
f6dc046cc48d2419bb8a8ae6819ec7be
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed