Packet Storm new exploits for March, 2005.
37c7e897fee30dadfe4c23fcfec85e43eb5f366285951fde904d092af4496174
Ublog versions below 1.0.5 suffer from a cross site scripting flaw.
70d7557f696354ec1bc42dd94c22fbc7b8193e17ead7ee3630b8129574c58576
There is a file inclusion and three SQL injection vulnerabilities in phpCoin versions 1.2.1b and below.
d6579531282b1a8088e4d5550da01401eba64f0a8ff0d86e00542107fdeb91a9
Squirrelcast PHP Shopping Cast is susceptible to SQL injection attacks. Sample exploitation details provided.
9034a1b7791dbb49ea62cba1ba3aa5f0d0c0d09c6551a60c8ca3c2d2764fd09e
PunBB versions 1.2.2 and below remote authentication bypass exploit.
ae265851ac47823f8ae76c95583aa8683a2e45db1ec2b9babba2ec70b81b77e7
Linux kernel versions 2.6.10 and below denial of service exploit.
938cc0299f8a4057e16222de326a4e09e4ce59ed72d62a04d8344ba4c46e8be4
Cyrus IMAPd versions 2.2.4 through 2.2.8 remote exploit. Original flaw discovered by Stefan Esser.
e0f255c75d311de10a643e7710b403966a0b5738defe2ce707e360a1e03945bc
mtftp versions 0.0.3 and below remote root exploit.
498f2cbb403d9f8b15e0a4ef0ec615248865a0c321b8ca6787cd4b8a8b8edb3a
Tripod.com suffers from multiple cross site scripting flaws.
5e26ffe5df8029d71eaf9663f809a5b324b485a87e40fab11d05f233ebdef46e
Invision Power Board version 2.0.3 is susceptible to cross site scripting attacks.
db5664b11a593a45b23e7ca9e1159b41da75111a7eb23b377c6b10b2e17caef8
phpBB versions 2.0.12 and below Change User Rights authentication bypass exploit.
49b95a2b8882c99a45d27963477f2fa9d92b975c42322da9b1635fcc4ee30c68
Multiple SQL injection and cross site scripting vulnerabilities have been discovered in AspApp. Sample exploitation provided.
03e90c2cb4195bc7bc382495197baedd3e0d909a18bcfb755d1062bb38afca07
Multiple SQL injection and cross site scripting vulnerabilities have been discovered in PortalApp. Sample exploitation provided.
ef8774a270f7cf5c3c385dd44115e3f3ab80760745b1a26d5d9c111db428ebee
ACS Blog version 1.1.1 is susceptible to multiple cross site scripting attacks.
0c6942c90bd3e4344142bcb9a42ec2ca5feae9635b10587ede08a046069e3c05
Remote root exploit for the preparse_address_1() heap buffer overflow in Smail versions 3.20.120 and below.
03fa4cf4484ee5197112b1be3896401a73baeca9c53af9ffcfb129454017221e
Photopost PHP Pro Photo Gallery software is susceptible to multiple cross site scripting and SQL injection attacks. Detailed exploitation provided.
37b9312ab67645bf7aa36fdc72203dd12b60bfbd3bfb1f48fa1936e2f2486c61
PTT Security Advisory - Sun Answerbook2 version 1.4.4 is susceptible to cross site scripting and administration attacks. Exploitation provided.
f84f8926bae5020beca593a0122297f5f39ac778c3820f5996098cd6a9e123be
Proof of concept exploit for a remotely exploitable buffer overflow in the Tincat network library used in various games.
59a3b89267c5dd0e34a3c1f1ddfd3867902e562a8c7054b2a8a2a37ea1878f70
THai's Shoutbox is susceptible to a cross site scripting bug.
ed49a7e339d0891d132dc79e327caf12fabaf981cbcaf07676c4f8b3aa3c5658
Vladersoft Shopping Cart version 3.0 is susceptible to multiple cross site scripting and SQL injection vulnerabilities. Sample exploitation provided.
ff883a1159901250b604c992c505e6b30d38334d06fe39e24596c33f727d5e37
Easy Community Management System Forum (E-XOOPS) contains multiple SQL injection and cross-site scripting vulnerabilities. Some of these may not be exploitable depending on how PHP, Apache, and MySQL have been configured. Advisory contains proof-of-concept exploit URLs.
383b99f55a4400a2bec840c614876918516b6901632de122f0ebc7126617cb4f
Timbuktu Pro Remote Control user enumeration program. Wordlist-based bruteforce tool that checks whether a given username exists on the target server or not, which is possible due to a difference in the error message returned when the username is invalid versus when the password is invalid.
c1316cb0a42dbdc8c71076a0435e16160c2cbab2ffe04ba0757c56504e85b033
NukeBookmarks version 6 contains SQL injection, cross site scripting, and path-disclosure vulnerabilities. Advisory contains example exploit URLs.
aa04cadcaf0e6dc00925b0ece1251381dcb2058c48cddd82c5318bc21db41adc
Limewire directory traversal exploit. Exploits bug in versions 4.1.2 - 4.5.6, inclusive.
a0dfa08e39acd486c6491f79f378b661f19d8d1edb4b5a89ab50190a58682691
E-Store Kit-2 PayPal Edition is susceptible to file include and cross site scripting vulnerabilities.
ac872074f1d371f1d96de015fc38c149d3b951e1b6eb8d240882fa2604fa3f38