This archive contains all of the 310 exploits added to Packet Storm in July, 2011.
470d0eab00b86ad8f001e9e2528f9e5aThis Metasploit module exploits a stack-based buffer overflow in Actfax FTP Server versions 4.27 and earlier. Actfax fails to check input size when parsing 'USER' command. This vulnerability results in arbitrary code execution. This Metasploit module has been designed to bypass DEP under Windows Server 2003 SP2/R2.
96b332c42a81990ce381082e243afd07Hong Kong Firms Internet Services CMS suffers from multiple remote SQL injection vulnerabilities.
9f5c95e6ef87c00624833c9a88d14e5aDigital Scribe version 1.5 suffers from multiple post cross site scripting vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.
06f72ee6189d18849ce8c40b4cd30f27Rebound suffers from local file inclusion and remote SQL injection vulnerabilities. A SQL injection vulnerability allows for authentication bypass.
ae1ecd057924c7d7ba9e4845a6fd4446Elgg versions 1.7.9 and below suffer from multiple cross site scripting vulnerabilities.
63406cabc3d6dfdbf17b2bc8ae96c723Websites by cgCraft LLC suffer from a cross site scripting vulnerability.
b53c53179b4ce7d7b86c1ba4a5b4ef69Nginx version 0.7.65 suffers from a configuration vulnerability that may allow for a shell upload.
045bd2c8b3368e18fbfcae2069cf84a2The Joomla obSuggest component suffers from a local file inclusion vulnerability.
8db60aa7e2ececdf47c0cd2cc4f495aacFTP versions 0.1 r80 and below suffer from a shell upload vulnerability.
937df870641baeb39fb62a78c5fadc07Link Station Pro suffers from cross site scripting and remote SQL injection vulnerabilities. The SQL injection vulnerability allows for authentication bypass.
0f023397b69990e3bfe359ce87ef6956Sitecore CMS versions 6.4 and below suffer from an open redirect vulnerability.
fae49bc63993af7c724ba11b1a713f74Websites by cgCraft LLC suffer from multiple remote SQL injection vulnerabilities in info.php and news_item.php.
f3a4e241773df61719c25b550904b1d0A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
323189e6294969992f91333bf86e3f58A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.
426ac2c03c6c7e51d370d76153569d7eMyWebServer version 1.0.3 suffers from a remote denial of service vulnerability.
93a7b73e2f73b85b9359c62fe32e0e9bMyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.
632e8526a4ef6868ed6335e066805d6dICQ versions 7.5 and below for Windows remote denial of service exploit.
e7faa01a01811d3b19255cd2a4345961ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.
badf8b14aea76a0dc1fa3211797f4f9fA stack-based buffer overflow has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
dba4d051e569439aee38b39fb932a013Midori Browser version 0.3.2 suffers from a denial of service vulnerability.
dda1ea93605b9d3d049b4d05ddf5ab18Multiple games using the Quake engine suffer from remote shell injection and code execution vulnerabilities.
16023bd2c4a732098e496bd4e083d309Gopal Systems suffers from a remote SQL injection vulnerability.
f284b0a047a9f26ff61a3dd023df749bMinaliC Webserver suffers from a cross site scripting vulnerability in the generated 404 page.
147910b9a0a489270ee46d3a99f138edPHPJunkyard 1.3 suffers from an open redirection vulnerability.
c52d2c937d43cf5c7ffbddf4605c164f
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed