New Packet Storm exploits for October, 2005.
698e4f77033a3e807e82317dd0e4d7c7ba22daae9e6cda2b09f4f01044396696
The MG2 Image Gallery system suffers from a password bypass flaw that allows remote viewing of any images.
7df04dc5ac65d5cefdee724dc80dfed919b5cb1a1b200892f08d09976dee6376
Swisscom EuroSpot wireless service suffers from multiple cross site scripting vulnerabilities. Details provided.
12ac9a5eaae2ce4ca5f76f2b9eed2d4b8311c75ab8487c21f985d6cf1d5e64ff
Ethereal SLIMP3 protocol dissector remote buffer overflow proof of concept exploit that crashes the program. Tested with Ethereal 0.10.12, WinPcap 3.1 beta4, WinXP SP2.
4040c8f6a0687370d485ce7020c65239db8950551fc47099f8dc2c15e9977dfb
VERITAS Netbackup remote format string exploit for Mac OS-X.
40b19b405339547ac14c58e1de679ac1b08b64282cb47cc79e27e76f6c37eef0
VERITAS Netbackup remote format string exploit for Win32.
e2096b1eb9ba99343b4455d73ecb4e8d9884c541e9cf863e8877ae37da43c17b
VERITAS Netbackup remote format string exploit for Linux.
5ffffc3997e8bb1ec7434b97c95d74bb2103cc01e15991b4779df4cabaf30ce5
Mirabilis ICQ 2003a buffer overflow download shellcoded exploit. Affected versions: Mirabilis ICQ Pro versions 2003a and below.
01676ac1acef6ab5d516ee90542dec43fea9c4accbc3df9c2c03d2a059fe0351
Updated and improved version of the local root exploit for the Linux kernel code that has the Bluetooth related flaw.
41cf67b44ead5be4a7bf304315be0c442ff77ad14a01b9d00c0f87d107b198e5
During an audit of a client, Security-Assessment.com discovered multiple critical vulnerabilities within the RockLiffe MailSite Express WebMail software. The vulnerabilities include the retrieval of arbitrary files from the web server, and bypassing attachment validation routines allowing for remote code execution. Exploitation details included. All versions of RockLiffe MailSite Express WebMail prior to version 6.1.22 are affected.
620b1bc3c58fa84fa86dd64e75b2c243efc3431f8bb6eb7c5bd361422269be97
Exploit for a remote denial of service flaw for HTTP GET in Hasbani-WindWeb version 2.0.
e7ea5226541a9e30177def6562f8d6efcb06aad03e47001f1f145555549dc8b9
Remote denial of service exploit that makes of a length checking issue in the Microsoft UMPNPMGR PNP_GetDeviceList. This code crashes services.exe.
4c414db62f8080df8cfa4b3c934df6fe1b7ac73cf2921817e10cd4373baf9f07
Secunia Research has discovered some vulnerabilities in ATutor, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system. The vulnerabilities have been confirmed in version 1.5.1-pl1. Other versions may also be affected.
ea4981890b687d4caff07c6b7157202c331ffe371d5cb42efe41a196ad0226d2
The Novell ZENworks Patch Management Server version 6.0.0.52 is vulnerable to SQL injection attacks in the management console. Details provided.
433dd55fe01eda54cebd993ccd449398457f8bc1cc0d256a5b77221b267c9724
PBLang versions 4.65 and below suffer from file inclusion and cross site scripting flaws. Details provided.
9c67a5099937795f1f627d81c47071fb10063ae4b20ab0a75f2c7709a2340d5f
vCard 2.9 is susceptible to a remote file inclusion vulnerability. Details provided.
f8910920dda6615647cd0118794d1884f1bf33d873a6448b6725a54edd512f0d
The latest version of cPanel comes with a blank remote MySQL user password.
136b01f8cf20ccb3c5294d848d2e7bf7c6a4b6454b8905cb7548235f558bc9ce
Various Techno Dreams scripts are susceptible to sql injection flaws. Proof of concept examples provided.
366fb83d32315f71627422a527b6480b8afc654f0ebe44f9173576308a730e15
Secunia Research has discovered a vulnerability in Mantis, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the t_core_path parameter in bug_sponsorship_list_view_inc.php is not properly verified before it used to include files. This can be exploited to include arbitrary files from external and local resources. Affected versions: Mantis 0.19.2 and 1.0.0rc2. Other versions may also be affected.
9bffa4eac73d1c9558283150c0455ab3a80cf530a7ad18fdfa75a7a20f03f5d7
Woltlab Burning Board info_db.php is susceptible to multiple sql injection flaws. Versions 2.7 and below are affected.
56555ebbf2731c32a918087c5f649bb3bf7d5b0cf6337ae6f829abf8cf554618
MyBB Preview Release 2 sql injection proof of concept exploit.
803c051a1a45e4ab44b58c7c24729ab0b562c9cc412b25125e210bed72c2dc19
PHP-Nuke is susceptible to cross site scripting attacks.
7d26a61ef6f2ad7823422e467d0666ed5a5618f7a4980bb9f719510f18948a95
Flyspray versions 0.9.7, 0.9.8, and 0.9.8-devel are susceptible to cross site scripting. Exploitation details included.
0bab5f01b7c758426334bbe468c48da3450971005b0015fe8140d3acfbc45c89
SEC-CONSULT Security Advisory 20051025-1 - RSA Authentication Agent for Web 5.1 is prone to a cross site scripting vulnerability. Please note that this is issue is different from CVE-2003-0389. Affected versions: This flaw was discovered in version 5.1 of RSA Agent for Web. No other versions were available for testing. Web Agents greater than 5.1 may also be vulnerable.
2d40e47e26366a81608e58eb701e131d921abb75ec18f1bc0763fd4b69a57ad9
SEC-CONSULT Security Advisory 20051025-0 - The Snoop PHP web client is susceptible to a remote command execution vulnerability when a specially crafted URL is supplied. Versions 1.2 and earlier are affected.
3d4b8192b526f1b4f047163bef662b30bca31b99670048e5fedfcec7d1e728d6