The CMS system from brainsquad-team suffers from a cross site scripting vulnerability in the user profile section and also may be susceptible to SQL injection attacks.
d05089085e8f207a1ee537c3b1cb920f972155981b8f275b8b6fab95ebd32e62Microsoft Windows Kernel APC Data-Free local privilege escalation vulnerability exploit.
43bc5bb31b73cc77b6818dad4290654a2d4f93a03c0f6e4f0757671e7109db41WinRAR local buffer overflow exploit for versions 3.3.0 and below.
74b04fbbeb8322c1240670f0d444c12756eb79f8d215e2ac599f516d07215d52NavBoard BBcode version 16 Stable (2.6.0) is susceptible to cross site scripting attacks. Exploitation details provided.
a9bfc24fea36040757fc7e73d54276a13d72f20e2cff57584ea10ae7dc9dbf30TheWebForum version 1.2.1 is susceptible to cross site scripting and SQL injection attacks. Exploitation details provided.
7433cfc2456901c6fde3b48113b54eb1cf1af326eff0490c1dda45b5c96a230dProyecto Domus version 2.10 is susceptible to a cross site scripting vulnerability. Exploitation details provided.
9abf7f2bddccf5403b40e1ff62a0ef381ccccfdb010020ef64f6c34b62fb0504ADNForum version 1.0b is susceptible to SQL injection and cross site scripting vulnerabilities. Exploitation details provided.
2a12355a12abebd0831bb41c80516a4e976ebc037d357e708a1d3278258d5fe2CyberShop is susceptible to SQL injection attacks via the login sequence.
100fe015380b7511cd7556102561cdcacf7cb6edb13cf01f7a1db46d86881ce6TinyPHPForum versions 3.6 and below suffer from directory traversal, cross site scripting, and information disclosure flaws. Exploitation details provided.
c2b40e95d689d6b11d4e31d7ff926505f8e034eacd9e0aae6ee22f2684b94675A file inclusion vulnerability exists in WebFTP version 1.2.6 in webftp.php.
5be93b7e1c3861a44e8fd2e42aaf49adbbcf18c9cfd4ded89e929284fa6939f2PHP 4.3.10 and 4.4.0 Windows remote stack overflow exploit which works on certain systems by overflowing the mysql_connect function. Includes an advisory and workaround information.
41491759f49a7ccda8c1083bd67b32078d239237138d5edb185670bedfc7ff7dMS05-055 local privilege escalation exploit tested on Windows2000 pro sp4 with and without rollup 1 - Chinese and English versions. Takes advantage of a vulnerability in the Windows Kernel APC Data-Free. Includes C source.
420fb67743576a9332e2c185e1b549ead375c1397b4ee4674307ed70dfd50548The Lizard Cart CMS version 1.04 suffers from an SQL injection vulnerability in the "id" variable.
d868491ffcff74085c4a3ab4d1c959a1a654c565b2d45b9ab8ce2a47543a2a2aPerl module which exploits the WMF SetAbortProc in the Windows Picture and Fax Viewer found in Windows XP and 2003. This vulnerability uses a corrupt Windows Metafile to execute arbitrary code and was reported to the Bugtraq mailing list after being discovered in the wild at the following URL: http://unionseek[DOT]com/d/t1/wmf_exp.htm. Unofficial patch here.
5bce51d9c67bc4ff25072cff79bdbc9d236fe8bb95c51f54208ac06e31d1bddbMicrosoft Windows Metafile (WMF) SetAbortProc remote code execution exploit which takes advantage of a vulnerability in the GDI library by using the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. Tested against Windows XP and 2003.
bdfd116bc6a03d8c1124c067854578e4ef5e1ef88b7c3bd05c6e6f83179f797cWinRAR version 3.30 suffers from a buffer overflow vulnerability when processing a long file name. Proof of concept exploit provided.
15e8264363d5f7bd7a12704f3585a6269bf2946347c178acf4a069b9e9a7ae1dValdersoft Shopping Cart versions 3.0 and below remote command execution exploit.
e527deb3eb987e4baffbf7c1b7aac78abf9f89afd9bfeee77d9319631e61a158SCO Openserver 5.0.7 termsh local privilege escalation exploit.
f7a3d4a66d5029784ec01e7c244577689ed677bf1011df6147694236519b212bScozBook version BETA 1.1 is susceptible to SQL injection attacks. Exploitation details provided.
da4d1cc5a46c5dff385f4e303beef21af5adba50bd95bfe1a007467af6052325B-net Software version 1.0 is susceptible to cross site scripting attacks. Exploitation details provided.
6d7eb3dceb4488c5b449d29c7e3abe86b8194505b213bda8b02274f513dd2b1bPHPjournaler version 1.0 is susceptible to SQL injection attacks via index.php. Exploitation details provided.
2cccf720985f175be9d2914db2d99db3e3b524cd8ab172a0e627b8c53853893cinTouch 0.5.1 Alpha is susceptible to SQL injection attacks via the login page. Exploitation details provided.
00a20dd1ba146e1a3514736c9781175d9171f70e743290e75fb31387999227a3Chimera Web Portal System version 0.2 is susceptible to SQL injection and cross site scripting attacks. Exploitation details provided.
bd7eda5945d7337e9d512eede3391f5de72d052a3c66eb165a201bb6fb6ee70ephpBook versions 1.3.2 and below suffer from a php code execution flaw due to an unsanitized variable. Exploitation details provided.
1daf972e33787535cdb4cd688f01d75a897c28e9d064ad6dc6bd2bc284106bd2PHPenpals version 310704 suffers from a SQL injection flaw in profile.php. Exploitation details provided.
537f9cb86f0fdfc27350b8cea6da3791eb77f39ca43febcd407c5798f822d1c2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed