This archive contains all of the 351 exploits added to Packet Storm in January, 2012.
8b836da23c3e4ed57b80a9dc6b85088cMindjet MindManager 2012 version 10.0.493 suffers from buffer overflow and denial of service vulnerabilities.
c55d3d4ffe78bd34dbd71d5e2960c04eEz Album suffers from a remote blind SQL injection vulnerability.
c5f91018271fd7ea8786f96c79101164Adobe Flash Player MP4 SequenceParameterSetNALUnit remote code execution exploit that works against versions 10.3.181.34 and below on XP SP3.
cf02af1c3dc09483a9ca31549d45ec0bphpShowtime suffers from a directory traversal vulnerability.
72934e978896d896091d871909ee8958EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
e540c339e50eef4b81df0e87bc189135The gmwgroup.harvard.edu site suffers from a remote SQL injection vulnerability.
feb69116a6183c69c6c1500fdabe05aaProof of concept code for a vulnerability in protocol.c from Apache versions 2.2.x through 2.2.21. The issue is that it does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies.
657f1bf4056ef716235936fdcd302d24Agent Zone Vastal I-Tech Real Estate script suffers from a remote blind SQL injection vulnerability.
de7ecf5e1bfc46f8cf8f488f5b7ea9deThe blogs.forbes.com site suffers from a cross site scripting vulnerability.
d4c3d04320610f0d9e9f851658a092444Images version 1.7.10 suffers from a cross site scripting vulnerability in the administrative panel.
e550253f92cd260f211e8370a98631cfCampaign Enterprise version 11.0.421 suffers from a remote SQL injection vulnerability.
ec20548ba9402a347c1329c29fcf022cThis Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php in vBSEO versions 3.6.0 and below. User input passed through 'char_repl' POST parameter is not properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
43db8b7017e615d69d61ee087f3fd0fbThe Joomla CRHotels component suffers from a remote SQL injection vulnerability.
fd9e0442e767095f06dc53556757bdecTWiki suffers from a cross site scripting vulnerability.
dd5aa8c179b2eab2758930be2767f7e8sudo versions 1.8.0 through 1.8.3p1 suffer from a format string vulnerability that allows for privilege escalation.
b2036d45402949553965c07da5b6d34cOSClass version 2.3.4 suffers from cross site scripting, remote file inclusion and remote SQL injection vulnerabilities.
a12abb24c0bcbb63744f41b14614b5bbPostfixadmin version 2.3. 4 suffers from cross site scripting and remote SQL injection vulnerabilities.
dd4d0622a04f9e835b76a657cce1e426Snort Report versions 1.3.2 and below suffer from a remote SQL injection vulnerability.
4c3f584caafc12dbf6d71610a1d2c410The Joomla Propertylab component suffers from a remote SQL injection vulnerability.
234cfbaa2fa7139f42f69411ea24bd80DPI version 1.0 suffers from a cross site scripting vulnerability.
e92965d578bb18262516d6781d4073e0Mibew Messenger version 1.6.4 suffers from multiple cross site scripting vulnerabilities.
f32c2798bd75a6a10e425d0591bc87c3The Joomla BBS component suffers from a remote SQL injection vulnerability.
a3be06ef419abf86154d0accfdf0e70ePhux Download Manager suffers from a remote blind SQL injection vulnerability.
6d22563ebdaaf2cecc143d641f7f7e8eThe Joomla Firmy component suffers from a remote SQL injection vulnerability.
279fb685b3bac33f19ce66a579700475
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed