This archive contains all of the 206 exploits added to Packet Storm in June, 2011.
7b948ed92a8467abcfba1bd2069c53caRemote root exploit for OpenSSH version 3.5p1 on FreeBSD that affects versions 4.9 and 4.11. Other versions may also be affected. The bug appears to reside in auth2-pam-freebsd.c.
bcb61f978d7589233b8201229cbd508fThe INVITE method in use by Asterisk version 1.8.4.4 allows for remote user enumeration.
0c0cc0ae5e1bf59376ac0c7a14079c3dMultiple emulation clients that leverage Kaillera suffer from buffer overflow vulnerabilities.
0f1185cf86bd8bbedee4f8878d80bfafCore Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code. The vulnerability is triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector.
2b607c134d5d1bd9d316d28d48a0077dTagonet Portal suffers from a remote SQL injection vulnerability.
5c8ed50797f002e6c60b98c36b7658f5Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector. The request has several parameters, including an opcode. By sending requests with specially crafted parameters, the different bugs can be triggered.
abd37569821fe8444da64f3385882387PHPnuke MT version 8.3.5 suffers from a ckfinder related shell upload vulnerability.
d44a210e5ef3f10f683e0b5e00b9829aJ Software Solutions suffers from a remote SQL injection vulnerability.
796bcde966856df77a6b979b70168609Valve Steam Client Application version 1.0.968.628 is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice.
a520359ea1a44ddeefdb6d50fcde3fdbNovell ZenWorks Handheld Management versions 7.0.2.61213 and below suffer from an upload directory traversal vulnerability.
0833ad496b024e36a168c3a96ae4f138Sybase Advantage Server versions 10.0.0.3 and below suffer from an off-by-one vulnerability.
2b84c2c12f3feedb589305529fed813eTrixbox versions 2.8.0.4 and below suffer from a remote user enumeration vulnerability via the Flash Operator Panel.
68df12afe27c13e6318a1fcd8fa18ff0This Metasploit module triggers an unauthenticated denial of service condition in Smallftpd server versions 1.0.3-fix and earlier with a few dozen connection requests.
210ded01b7bc9473d908aad1b78d9e97Jira Atlassian 3.x remote file attachment download exploit.
4c09ca2ad20bf44f48dddc57bfdeba49RGBoard version 4.2.1 suffers from a remote SQL injection vulnerability.
7fb700324db70c9a2cda71439344b6f6Douran Portal suffers from local file inclusion, SQL injection, cross site scripting, and various other vulnerabilities.
97516322d7cd898a957804d3f5ec5641The Joomla CSVUploader component suffers from a remote SQL injection vulnerability.
7c47d23a242b5b54f4469026deb24becDrupal versions 6.22 and below suffer from brute forcing and cross site scripting vulnerabilities.
88deba8d28b3ef77cc7b8d50b5110843This Metasploit module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenticated and doesn't remove or block after first access.
a5f7051e07ebfa9e1ff9f95631347b74This Metasploit module exploits a stack buffer overflow in Citrix Provisioning Services 5.6. By sending a specially crafted packet to the Provisioning Services server, a fixed length buffer on the stack can be overflowed and arbitrary code can be executed.
4329d9b1719295ec7c85b9e62d7b352fThe WordPress Pretty Link Like plugin version 1.4.56 suffers from multiple remote SQL injection vulnerabilities.
3447624a745b29a638c049cd74276d83Mambo CMS version 4.6.5 suffers from multiple cross site scripting vulnerabilities.
29267690ed6e9aac11c8c3e571f08ceaThe Joomla Morfeoshow component suffers from a remote SQL injection vulnerability.
5dbec14bdc532d8d9c7e8a2b2fc9dc97This Metasploit module exploits a stack based overflow vulnerability in the handling of the DXF files by Microsoft Visio 2002. Revisions prior to the release of the MS bulletin MS10-028 are vulnerable. The overflow occurs when the application is used to import a specially crafted DXF file, while parsing the HEADER section of the DXF file. To trigger the vulnerability an attacker must convince someone to insert a specially crafted DXF file to a new document, go to Insert -> CAD Drawing.
92be6ebfb8678a09411078e55cbd48eb
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed