This archive contains all of the 212 exploits added to Packet Storm in November, 2011.
76cded7ed0b2d2ec1da748d7ee069d41IBM Lotus Domino versions 8.5.3 and 8.5.2 FP3 suffer from an authentication bypass vulnerability.
76b18fd33ff899004aa14ab654d4beffPHP Inventory version 1.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9c59bd82d0f4926918091ff3bd3c682aThe WordPress flash-album-gallery plugin suffers from a cross site scripting vulnerability.
9871634408b1a66d72762ada87486aefThe WordPress 1-jquery-photo-gallery-slideshow-flash plugin suffers from a cross site scripting vulnerability.
db9129c292e4ebc3122cf472a0e2a445Serv-U FTP server suffers from a remote jail breaking vulnerability.
cac30d15df74a4e42c4b9609cf8772d7Remote root exploit for FreeBSD ftpd and ProFTPd on FreeBSD. It leverages the fact that /etc and /lib can be modified inside of the chroot.
2afb95522b810b098c941ae9c312a402Voxsmart VoxRecord Control Centre version 2.7 suffers from a remote blind SQL injection vulnerability.
d8c8770aff3aae6be7bffe2c185c69feThis Metasploit module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc).
cdf6369de287616478ab5150bd275d56This Metasploit module exploits an unauthenticated remote root vulnerability within CTEK SkyRouter versions 4200 and 4300.
8256b2c8aebbb5d3abf34bfe3148f788WikkaWiki versions 1.3.2 and below suffers from remote SQL injection, unrestricted file upload, arbitrary file download, arbitrary file deletion, remote code execution and cross site request forgery vulnerabilities.
14a9bc2e9391a11cdd4ba3328235c582GOM Player version 2.1.33.5071 unicode stack buffer overflow exploit that creates a malicious .asx file.
e0a140f4833d8a156f07a27f2c7b5659Bugbear FlatOut 2005 buffer overflow exploit that creates a malicious .bed file.
911ee0d32da7ef2d93cb62cf34a1a198MS11-080 privilege escalation exploit that leverages the fact that afd.sys does not properly validate user-mode input passed to kernel-mode.
0834059529bbfef600c3d2569f96973bThe AvidPhoneticIndexer.exe network daemon that ships with Avid Media Composer version 5.5 suffers from a remote stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory and a Metasploit module.
05ba0f866778968b71f98de51b05bb15StoryBoard Quick version 6 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
a2936d026b1079a3ef6f8d76b49e48e5Muster Render Farm Management System version 6.1.6 suffer from an arbitrary file download issue due to a directory traversal vulnerability. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. The advisory in this archive includes exploitation details.
71664b4aded114d1ca22b0fa618e8420Final Draft version 8 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
c0e59b67f15d5777bd6aa600c2deae50Sites created by Schok Creative suffer from a remote SQL injection vulnerability.
690e2ce9b91685ffc6e9cb23b71039d63S CoDeSys versions 3.4 SP4 Patch 2 and below suffer from integer overflow, stack overflow, folder creation and multiple NULL pointer vulnerabilities.
166f8e4b7c7919286d7b292b2dce61deVideo Girls BiZ Video Chat script suffers from cross site scripting and remote SQL injection vulnerabilities.
3237f449ca3ae41d70b20903bc4c93f4ExpressionEngine version 2.2.2 and CodeIgniter version 2.0.3 suffer from filter bypass and cross site scripting vulnerabilities.
9efc5b60e039e81fa3c75461993a0340Ajax Script suffers from cross site scripting and remote SQL injection vulnerabilities.
7f7972771c53fcccd73587d6b054d163Toshiba.com and Compaq.com suffer from cross site scripting vulnerabilities.
114248234009efc70014430e61a40942ModenaCam, the Adult Turnkey Flash Live Chat Software script, suffers from remote SQL injection and cross site scripting vulnerabilities.
c76d63340077834e02f5cfb3622cd318
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed