New Packet Storm exploits for September, 2005.
673fd938217e57d9b0a2f59c0ba2e5479e186dea5456eb1f4f54ca72e86f95d1
Mantis Bugtracker exploit scanner that looks for versions less than 1.0.0RC2 and greater than 0.18.3 which are vulnerable to XSS and variable poisoning attacks if register_globals is enabled.
846b7601bdc63c621b48e9ed66d2964760dbc83607dfabd16ba2ee2080eb9cd3
Exploit for PHP-Fusion v6.00.109 SQL Injection and admin credentials disclosure vulnerability.
daf2583ef13b92c146b5f2ec2482196fb716fd13f45b7ee8a9e83eba71b8a70a
CubeCart 3.0.3 contains a flaw that allows a remote cross site scripting attack. Exploitation provided.
daf62f753ab5e93ca8f1a204b23c6ef865d68a6375b29cb6ef28102bbb6e7c60
Mantis Bugtracker versions less than 1.0.0RC2 and greater than 0.18.3 are vulnerable to XSS and variable poisoning attacks if register_globals is enabled.
85dcfcb51f4250c4f8e9ac0aa699db2ed494373073674e22eaf7e532476d42ed
GNU Mailutils version 0.6 imap4d 'search' format string exploit. Written to be used against FreeBSD.
c56f13dd3e34ba53a2979730289d6e02fa4353b3feb9e642b5f3252d13dfd18a
lucidCMS version 1.0.11 is susceptible to a cross site scripting flaw. Exploitation details provided.
8e4f3ee107c1ac2457e5280d808f7db457b257b66a1ce1d10e54e391c9d57732
RealPlayer and Helix Player remote format string exploit. This flaw makes use of the .rp and .rt file formats. Code tested on Debian 3.1 against RealPlayer 10 Gold's latest version.
6328db676f993820bc2666d3bb3ed814c0ad55dcc1af7e473c92f8ec2ae10ef6
Proof of concept exploit for MultiTheftAuto versions 0.5 patch 1 and below. This causes Windows to crash.
7e8041ad033eae6cd20f4d216e558d443dba998b302a4bdf4c6b46835fdf9ece
The ContentServ CMS allows for remote file disclosure. Exploitation details provided.
7f023ffca1207787da7967c8d5fbee488ab07f7b2629827e0b3f0fd32b87fb26
Linux Qpopper poppassd latest version local root exploit.
359257daa77f9f0e2c89be1a887fb0aee80f2b97f3cb11af5a5f3c2e3e21073d
FreeBSD Qpopper poppassd latest version local root exploit. Tested on FreeBSD 5.4-RELEASE.
ec9e82155213753b712f0aa73de5fe9e2ef20be39dbc88b2b8f9c0fc19bed853
WzdFTPd versions 0.5.4 and below remote command execution exploit.
f7f9963844c4f4bd7d1a8a49da8c384e861ff2cf0f68aaf1cb006cec8543227d
GeSHi version 1.0.72 is susceptible to a local file inclusion vulnerability.
1b769d2ceebbe29458133f77b4b4f3c635e125a1a866a8a371bdfc04f5cfe7df
CMS Made Simple 0.10 is susceptible to a cross site scripting attack.
ef63f404102edc1137d3a52efae22ba5c90c46ae26e8aab7cf1e6a21d42a4e3e
MailGust 1.9 is vulnerable to a SQL injection attack that allows for board takeover. Exploit provided.
28ab60a0500bfc5e64b00a09e3e5cfc960c5842cc91fd51bd3f9c015be26ab73
AlstraSoft E-Friends is susceptible to a remote command execution flaw. Details provided.
04558972c962230e473329bbe394de586e275912854405ac5f3ace9b2e51a9bd
Riverdark RSS Syndicator version 2.17 is susceptible to cross site scripting attacks.
6088a27b40b8d5a5418660901ae75e2e548a229ca66a4042b59480a19e67bc68
jPortal versions 2.2.1 through 2.3.1 suffer from a SQL injection vulnerability. Exploitation details provided.
0ba299252a5279ea725d0580269305521c10ef80d327e966584571381b79bb1f
PhpMyFaq version 1.5.1 is susceptible to SQL injection, board takeover, user information disclosure, and remote code execution flaws. Detailed exploitation provided. Earlier versions are also possibly vulnerable.
ff2c0eb1e5ce104f2bbf34ecf0fad2a1b0def7e5f349f3033ec8cf1329d34db7
PwnZilla 5 - Exploit for the IDN host name heap buffer overrun in Mozilla browsers such as Firefox, Mozilla, and Netscape.
5fd84b75e862d1b3f6cac437ba7e571a8da0bd7fe4f45638c172f865b261d320
Mall23 is vulnerable to a SQL injection attack in AddItem.asp. Versions below 4.11 are susceptible.
fcacdb9af24ecc55c9cc26e48a19e53f97a1a239b9986890b7f7cdab5ecf1c30
My Little Forum 1.5 SQL injection exploit that retrieves an md5 password hash.
b4b7674ec734bf8cf70343be51c54991e686bd863a170ca009fa39a32578a784
Perldiver versions 1.x and 2.x suffer from cross site scripting flaws.
c119c3422a6ce54a1acc8dfdade412bb0bdd52b52a6876f319a899bcea72823c
Mercury Mail IMAP server versions 4.01a and below remote buffer overflow exploit.
6de1fce527298bff499ad54b23ba97800c58408ee63b9cf72ef653e5f389efe2