New Packet Storm exploits for August, 2005.
737daa99baadbd33fa0079ca279b5b2fde17b2f7baa25312812167df7bab73cfFlatNuke version 2.5.6 suffers from remote command execution, cross site scripting, and path disclosure flaws. Detailed exploitation provided.
acd8a3dbf0ed55c669e06c2ab4803e49531560cd1dbf89d73564346bb8eee69fRemote code execution exploit for FUD Forum versions 2.7 and below.
68a63805a860c1ee120af420819c0ab4d12a5942b56e21c9e07b5373a6c5856eRemote command execution exploit for HP OpenView Network Node Manager versions 6.2, 6.4, 7.01, and 7.50.
35f6fb2bbbf9a319cca337f6e91aa2660874027de25e497f6c79ccace01bedc0BNBT EasyTracker is susceptible to a remote denial of service vulnerability when accepting a malformed HTTP request. Demonstration exploit provided. Versions 7.7r3.2004.10.27 and below are affected.
f9291b23377db55f3b2c53e515326c7b8ac550f848e8a637eecb137eee6a7662phpLDAPadmin versions 0.9.6 through 0.9.7/alpha5 suffer from directory traversal, remote code execution and cross site scripting vulnerabilities. Detailed exploitation provided.
72a0a1106d2ca25cc4bbd9000f4fc9071da5e7057f2e5999d828b382dd4ebcc1Proof of concept exploit for the flaws relating to BFCC versions 1.22_A and below and BFVCC versions 2.14_B and below.
70ecdd7e1df36c0385865b76a03635b0e68125f1fd65081f4b00062b965a23bdLand Down Under versions 801 and below suffer from multiple SQL injection vulnerabilities. Full details provided.
d2b508373b14a63e311f6bd4f062bb809fa0835d4ab70151cad0ae5ebf03a0edExploit that demonstrates a vulnerability in the comment_delete_cgi.php from SimplePHPBlog. The PHP script allows for the arbitrary deletion of files. This vulnerability, in combination with the fact that the installation scripts are left on the server after installation, allows an arbitrary user to reset the admin password to one of the attacker's choosing.
0709918fda79c675a96d4652e41493a81d31f543e718af8b4e99466278e268a4Secunia Security Advisory - Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to SqWebMail failing to properly sanitize HTML emails. This can be exploited to include arbitrary script code in HTML emails, which will be executed in context of the SqWebMail server, as soon as the user views a received email. Version 5.0.4 is affected.
9f8815d1479722e3a79864780a1f90bda89aae671d21b3d259241bad31b87763PunBB 1.2.6 suffers from a script injection flaw in its use of IMG tags.
76a92ae5e6fde10cb9ced424297930667ae0f73758379c6a6d9c3cb5473d861cCosmoshop versions 8.10.78 and below suffer from SQL injection flaws, clear text passwords, and directory traversal flaws.
7afc580e4915d241635c89dec9a0e70603c257327ef5b3095f6601a40f25460bPHP-Fusion versions 6.00.107 and below are susceptible to cross site scripting attacks.
3f15c2e7208df48104b823b6d206252cac343bd4b84152f7a763ad185f2e8c4aAutoLinks Pro 2.1 suffers from a remote file inclusion vulnerability.
fdf8ad358727d559b58a4bf28b0a1d5750cbce6c5965413ec5179d2c16ba2c95Land Down Under suffers from cross site scripting vulnerabilities in the signature and topic payloads.
d4b8c0632ce9ee367d669aaa4e499bd98d6d5b4df9f966eaa3ddfa694ee9fe45MyBulletinBoard (MyBB) member.php SQL injection exploit.
d9970d3e92d9a79fdbe50423107349fe1d2b90158ed70add7b503ebe9e897a30Multiple vulnerabilities have been discovered in various CMS and forum software. e107 suffers from a cross site scripting flaw, Wordpress suffers from a SQL injection flaw, PHPNews suffers from a remote inclusion flaw, phpBB suffers from a SQL injection flaw, Google suffers from a SQL injection flaw, and myspace.com suffers from a user profile defacement flaw. Oh.. and UBB 6.3.2 suffers from a remote code execution flaw.
9a74fd1c631bb86cd84d03df760f1891aba24c8535b0f1c98d23a917eb38b163phpWebNotes version 2.0.0-pr1 suffers from a remote inclusion vulnerability that may allow for cross site scripting attacks.
305efca0c53e377409bcd7d06003f6d77b5a94ae19296ef7451ada0be3f9b790The Nokia Affix Bluetooth btsrv makes poor use of a popen() that in turn allows for privileged code execution as root.
cc94edfe1b5429594863603c23d573003e4beca70953ed64e8954d0aeb65b705Exploit for Looking Glass v20040427 arbitrary command execution / cross site scripting vulnerabilities
8f5fb33d029bafe8e08176b93e07427a3c7036be4d15a313a1c05a0c1088e651QNX inputtrap from QNX RTOS versions 6.3 and 6.1.0 suffers from an arbitrary file read vulnerability.
f5bb3f5978c5bf87593d30ca3d98a914fef593639b7c16be2d448698febb7bf0Foojan PHP Weblog suffers from an injection flaw when trusting an unsanitized HTTP_REFERER payload.
75439af3343c01b0d18d2043b57904f86045439a6c31fb9d2d7216e6b5ffbe31PaFileDB 3.1 is susceptible to a SQL injection attack that allows for login bypass.
ef6f4c85332a3b1190a1116ffdb1882091049ad5a815ffc0dd451fce975d20bfBEA WebLogic versions 8.1 SP4 and below suffer from a cross site scripting flaw in the Administration console.
cc1ead976d71ba856423d2033f5c4d1c22ae5b972914ad6a077d117cc08fd030In nearly all browsers you can overwrite the window location in the 'onunload' event. This has been tested against Firefox, Opera, and Internet Explorer.
d481cdf32ce6a1395ff88f928628dc082bc153bb84ec099a432703fb7b5344ce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed