New Packet Storm exploits for November, 2005.
a07924e3741cb3d7a0ddc9b2ba7672776c9401ad9e34214d734f4ea9ae3d186ePhpX versions 3.5.9 and below are susceptible to SQL injection, login bypass, and remote code execution attacks. Exploit provided.
e3e0206fe6bd630a03c89eeccad2963f16998061ce8e422d58fa49e7c257ffd9PHP Upload Center is susceptible to directory traversal attacks via the filename parameter in index.php.
b0c58e722732597e6a71434966b4d4d5e25157a6f853ef7c8c347fdebf9f598eN-13 News remote SQL injection exploit that performs a PHP shell injection.
a3f4c73c38a1644429c5bff832149cfee9d0326230528a3ecb052e5ecddf52e9Xaraya versions 1.0.0. RC4 and below suffer from denial of service and file corruption flaws. Exploitation details provided.
390be9f2e8b90da0f96431615e5d6cf3e947051728bfe42fad1bf35bd626befcASP-Rider version 1.6 is susceptible to SQL injection attacks via the REFERER.
00108f6af124296b9e8af6d348a8919a77e66e8f5417a34d0573a906655eb7a3Microsoft Windows Distributed Transaction Coordinator remote proof of concept exploit for the flaw listed in MS05-051.
5a516d222a183472ce165846622b1deb7443c5cc0b80551438fb933e3bac6c4dMicrosoft Windows Distributed Transaction Coordinator remote proof of concept exploit for the flaw listed in MS05-051.
ffaeef19db3c4daa82885e504f38a1055423d7b036404e4e4a8f846eccf60364Microsoft Internet Explorer denial of service metafile exploit. Raises CPU utilization up to 100%.
48fd7350f572c62e78b0b5618eba85ff145865f9260ae631a6875341622b4523A buffer overflow vulnerability in the utility phgrafx included in the QNX Neutrino Realtime Operating System can potentially be exploited by malicious users to escalate their privileges. Exploit included.
59ea4aa5c272f08159cf44506744ef6f78fd70d1feb59c535e77bf1afa84aea9Guppy versions 4.5.9 and below suffer from remote code execution and arbitrary inclusion flaws. Full exploit provided.
968ffef02bac67138cf981ec650bc3a7d33b94c0c0c8eb860f158874ad6f9ca9Cisco IOS exploit that demonstrates how unsanitized input from a user can be injected into dynamically generated web pages.
4d70c45a942ad697419897fb1a6037e8fa9a37acf43cbbe1c805f31581738d5bRandshop is susceptible to SQL injection attacks.
1a59e41d524a0c0075464b3e6e4f4bd5df6198c644af1105c7c17ed7ce2102bdvBulletin 3.5.1 suffers from a cross site scripting flaw due to the control panel not properly sanitizing variables.
15fa84271d93c8c72194b016c8d96de0fdf4e2671cf81aee98f9b6ab56b913caQ-News version 2.0 is susceptible to a remote file inclusion flaw.
65bdbd60ddbf1ed96db87260f3048da1788201fc1122a655cb0702a2fcd307dfphpgreetz version 0.1a is susceptible to a remote file inclusion flaw.
0c471f2fd4499db27d625c0956e3ee5b023b9f309aa57dbc0abb691c025580fbAthena version 0.1a is susceptible to a remote file inclusion flaw.
a5d94ad292f08cc31e2078317b7440fcf0f7e53e9574ef663d0b2d7c250e4352Webistanbul is susceptible to SQL injection attacks.
4fc8ee5339f5950cfbe6e0e838a61f598a45568d8b7a9a76d2f75fa238c0f1c8PBLang version 4.65 suffers from a cross site scripting flaw in profile.php and ucp.php.
cf4782e0e03201f7fc46871933ede13324110a804079ccd1d47d4708502a29afefiction versions 2.0 and below suffer from remote code execution, SQL injection, login bypass, cross site scripting, and path disclosure flaws. Full exploit and details provided.
b6ee828afdcfdc0db17b52645c9dd264df2736df6e3028fc460d3c7405837afeSEC-CONSULT Security Advisory 20051125-0 - vTiger versions 4.2 and below have been found susceptible to SQL injection, cross site scripting, code execution, directory traversal, and arbitrary file upload flaws.
c40cfc60da4956c1504de1864fab0f8bc8c5873f798f96b78f0c2755e01d5af9Multiple cross site scripting, authentication bypass, SQL injection, file inclusion, and password hash disclosure flaws exist in vTiger versions 4.2 and below. Various details disclosed.
5cebea0b280288ffbeb4e2854a40c056858c7c6bd6909cddb3b0988a9a8c0f45MailEnable Pro version 1.7 and MailEnable Enterprise version 1.1 are susceptible to a remote IMAP related denial of service flaw when a rename request with non existent mailbox names is presented.
3198f10d176771fde3a587491b924d65f7750f614ebf2bc7c1e2d7cabc92d4f9freeFTPd version 1.0.10 is susceptible to a remote denial of service attack. Exploit included.
2138a8818ceed92c5f02b77429a32caf9fc3719509b0fff67d444fb585e34eb4SmartPPC Pro is susceptible to multiple cross site scripting flaws. Details provided.
2a1dfc606427de60d8c28ce32641f67fe30c15ce158badee9e505ba57887f164
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed