GLD 1.4 remote overflow format string exploit that binds a shell to port 36864.
e774ca4a0e106e9ad6a28c0eed3738f3657b001846638e469f61c6091406c537JPortal is susceptible to SQL injection attacks that allows for administrative password retrieval.
7b5b075bd7d4d03b89275d4e491fd7ea635218179793690faadaa7df1787d931Invision board versions 1.3.1 and below are susceptible to SQL injection attacks. Patch included.
c69852c683621b1597fc45775faed3acad28f902b519c805a9e5ee5677696b8eMicrosoft Jet exploit that makes use of an insufficient data validation vulnerability when the parsing of a database file is performed with msjet40.dll. Tested against Windows 2000 SP4, Windows XP SP0 and SP1.
4dae4b7e50491725c307cdd1f876883074a7cc46887580c6ace3bd07a956b421ModernBill versions 4.3.0 and below suffer from file inclusion and cross site scripting vulnerabilities.
8172830d3e3f3a1b826acf07ac2c2a7b87cbce06b47b5f36cc43a041ac135017ACNews 1.0 SQL injection exploit.
fdfe29871db02e59ccaa3adb1eee3e88e4170eaebe8bb401b3ad9a352ae153f4AzDGDatingPlatinum 1.1.0 is susceptible to SQL injection and cross site scripting vulnerabilities.
2d8ffe249b1150e8cf2a3693d5743200ce6e574b5df8de0cd425644fb26f36d5Firefly filetrading software version 1.0 stores proxy passwords, if configured, in a manner that leaves them vulnerable to being discovered by any other local users.
d01fc7dc93ba6ee2249f7b34a5da9cb6556b56356b3fbf0588e916958900176bAnother remote command execution exploit for The Includer CGI versions 1.0 and below.
9f98456648c2ae632d747f376f326d22fff1ab92e2cab230b07f594e7faf3bb6The Includer CGI versions 1.0 and below remote command execution exploit.
b83fec761e5a9324a6511510e46ef2088b4889b6f74b10d6cf3f7e9e5423319cLocal proof of concept exploit for a buffer overflow in sash 3.7.
f89cf1c62b9ce8d8306e87bfb937c11e970a017004f263078df0583a5194119bP2P Share Spy 2.2 local password exploit.
311bb24a5fabd8cd666e8dbbcb95d4fcaefad2e96efd92bb87582dd7e583fb10RadBids Gold version 2 is susceptible to directory traversal, SQL injection, and cross site scripting vulnerabilities.
f9eec75ae476b0900b96947bbae0437f19c9ec7a69d17ee59288245dd0df16b3Local root exploit for the Linux kernel code that has the Bluetooth related flaw.
4a8d3385026264b0d9c530ed4943c63ac284e7a2e54d4eb0f283eec2b83b2aa5paFileDB 3.1 is susceptible to a cross site scripting flaw in its action parameter.
1767e2ed03a827a8406dd40be17f6cc4f9b67f5a48cf22287641beec5a85a62eDouble Choco Latte versions 0.9.4.3 and below are vulnerable to a remote code execution due to unsafe eval() calls.
a6f3c4c7579830d982c789e45c0e507f819449ebd4898caf751de5bfd0a96616Maxthon arbitrary-file read/write exploit example.
83e15a14c4ca1f73136d1a24e593806b928158a0e285203e908ede1f7670d146PunBB forum software contains a vulnerability where SQL injection can be performed by first entering an email address containing exploitation data into the change_email function, and then redisplaying the email address. This is due to PunBB trusting data it gets from its own database.
5fd7b7dfa4f40fbb3979dda469c1018c6a5f5a970b23430b090c05f3a14e5f41PostNuke 0.760-RC3 is susceptible to SQL injection and cross site scripting attacks.
1980dd4e2e92bf4117657e6d579f8f7c916706f0ee78009ae756ab764277c296The up.php script in phpBB 2.0.x allows malicious remote attackers to upload files and execute them with the permissions of the webserver uid.
0fab773d0a914d66e982e894e653b4e19ce9feddd6c3fa068f1bcec3d715f8edPHPNuke 7.6 is susceptible to multiple SQL injection vulnerabilities in the Web_Links module cXIb803.14.
60d72dd7277f7f18f9bc11e7c141afad2bbe83ef23916ed5d81d6bac84512910PHPNuke 7.6 is susceptible to multiple SQL injection vulnerabilities in the Downloads module cXIb803.13.
edd182cbf088c1e3d61aad3bb195dc0aee217341ddd31ba25ce407e364dbf7e8Nokia MMS "Terminal Gateway" software is vulnerable to a login-bypass issue where attackers can gain access to MMSs as long as they know the phone number to which the MMS was originally sent. Exploit URLs included in advisory.
e1f0ffaa814f6513033680b7df4ba3b31386d4650d33bd549da8e3d4c2eb6538The Cisco Linksys WET11 is vulnerable to having the password reset simply by going to a known URL on the administrative interface recently after the systems administrator has logged in. It is not necessary to know the current password.
41a5685548d9372b766fdd212e2e121b1473c1fcba0c32e03733c9355f3cea6dFTP Now version 2.6.14 local password disclosure exploit.
db4d5cd625c186f85857254d493858696e6c85cf751477950de385fcbead84ff
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed