Packet Storm new exploits for January, 2006.
143c7b63986b54e2d2cd119f3b6a17a7f5071fd80a9b05272d8cc4c37e413c34
Winamp versions 5.12 and below remote buffer overflow universal exploit that makes use of the PLS file handing buffer overflow flaw.
da39fb74316372b26791276c6d55da9f1eb0f5ea23213bbbf6a3cf15301ee5db
Cisco Aironet wireless access point ARP replies remote denial of service exploit. Takes advantage of the flaw originally discovered by Eric Smith.
b17826ff1372241f7c5dd19ac37d536c1e6b60c8feb6a1cbd15c76477bfd0310
The file hosting company rapidshare.de suffers from cross site scripting vulnerabilities.
bd92187f385cdf9689b10bb4b8e8bea8324006a843561d8b1fd5cc608f5d4001
VP-ASP Shopping Cart version 5.50 is susceptible to SQL injection attacks.
332f445af6a6c5c47f068cb8d8c03ed007441924b9c1604249e696ad8d996b1f
ASPThai Forums version 8.0 and below suffer from a SQL injection vulnerability.
93276453d3b2b676be84804ca850ae7bc84529e3932139ea4d06dc2ecdb516da
Oracle 10g Release 1 exploit for the GENERATESCHEMA buffer overflow with shellcode that creates a file named Unbreakable.txt.
8dcd96b32a3ae1a3fe4c1eab28829ac25e5c1eadd36797cb4a889d49c78de7f6
Windows DOS emulation allows dumping of the first 1 Mo of RAM with no particular privileges needed. asm code that demonstrates this is included.
aceb62ce144c71dd62228f743981f71247e409a1a283eb1c7c67042ed629b498
mIRC /font exploit that spawns a cmd.exe.
6bba1bfaa52ce010f24d124f672f209484623b97f3b5f54de63c58d741cbff1d
The WorldsEnd.NET Free Ping script is susceptible to a restriction bypass condition.
6d29d8f9f8da03aeba6ea1433f4351f9657d1209e01d0797f765715eb7f426b0
Pixelpost version 1.4.3 is susceptible to cross site scripting attacks.
7348d6772006dbb9c4e9e232c87483f487fd980dbc8f6b11a8a7ec24c01a19dc
Azbb versions 1.1.00 and below suffer from cross site scripting vulnerabilities. NASL plugin to test for this included.
e46562189f15c20dbe453280bb61f21d177294498714aaf8c0eaf491c5f84eca
Eterm LibAST exploit for Ubuntu. Yields utmp GID.
368fbf62bd1bd1c27f952c1154970ef9c400e0b7dae8aa841163e6e10ef4ebb6
Vis.pl is a perl script which manages files as part of e-cms. It suffers from a directory transversal vulnerability.
9fdc7050f5b45aecc2181212ddce45de932feeee80a7d300792bc90d14fede25
MyBB v1.0.2 updated suffers from XSS via search.php
116d4114a3fb7272c653f7d5c5cfb9e02b998d25d0472457be86e3552be1fa79
CheesyBlog v1.0 suffers from XSS POC included.
3fd4b2989d5054ff8d72e4f3c1575b5be04a57c50e2f2bd380fe097a6665e0da
Sami FTP 2.0.1 Stack based buffer overflow exploit.
e922ab7c11cb52efd90f7621f905abb5f57668faa3fd428f54a4fadf7afa77bf
MYBB 1.x does not properly sanitize user supplied input leading to a XSS vulnerability.
49fc1d88d10eba01d4fbb0fc35e2604c60f21a490adc1e502b9a7a0247f2e0f9
A vulnerability in BitComet allows remote attackers to construct a special .torrent file and put it on any BitTorrent publishing web site. When a user downloads the .torrent file and clicks on publishers name, BitComet will crash. An attacker can run arbitrary code on victims' host by specially crafted .torrent file.
4b077d331615c0b65e9f04f8ad621d424f9bac4b7f0011f69dc70fd696800984
CheesyBlog v1.0 does not properly sanitize user input leading to script injection bugs in archive.php
27701de69f54beecdd05d2987d3c9db8fdcc102c1720906f4ca09f65979ee422
ExpressionEngine 1.4.1 does not sanatize the HTTP_REFERER variable. This can be used to post HTTP query with fake Referrer value which may contain arbitrary html or script code. This code will be executed when administrator(or any user) will open Referrer Statistics.
269640d9a1082ed07f4dc3684cbd7cf0264bdf5992ad0cf57f58bf4c5ed91008
HYSA-2006-002 h4cky0u.org Advisory 011 - Phpclanwebsite 1.23.1 Multiple Vulnerabilities
939c46940920ae4e59b49c8d850070fa0945fb8c9fd9f41fd69d8bb607cf30d5
HYSA-2006-001 h4cky0u.org Advisory 010 - phpBB 2.0.19 search.php and profile.php DOS Vulnerability
3ff86ddc78738cb6203a1749d74844dc8cc8d4f63c681163705f301849960318
Note-A-Day v2.1 does not password protect a sensitive directory leading to information disclosure.
9d9d12c063b7d418eac5256e7618635a978326aa7490bf76910a6e74638b40e6
e-moBLOG v1.3 suffers from SQL injection bugs leading to login bypass and information disclosure.
6155530b7e5ebcbae507cd31de1dd530d17ad0bd6dac37be8e345c4c579e3161