Packet Storm new exploits for March, 2006.
c93d074fd7c503a48531232ae24dedef5b4056403b03cb68ba8ef46db89614ff
WebAlbum versions 2.02pl and below remote command execution exploit.
cc967506ab6ebacaa7c97e3deac43c0eaba5c5a92e6d7fd8f4dd23d29c67039e
Simple PHP Blog versions 0.4.7.1 and below remote command execution exploit.
425527466e57de01eb41f4922814da1271837a8dcf679fb7defeb1abfa51a2e3
Plogger versions Beta 2.1 and below SQL injection / administrative credential disclosure exploit.
1b7043e6c99c1029bf27a70184fbfa928157e0c9f63fd49608875787163b1d47
php iCalendar versions 2.21 and below remote command execution exploit.
fb9ebb55106305b6c1b25c53a2ea9ccfcde280c86e50806ed875ccb9ecc25a4e
PHPCollab version 2.x sendpassword.php SQL injection exploit.
d8012961f51f93d5d408b342d88930fe575ba9efa53279c4909a5815e18c3e76
PHP-Stats versions 0.1.9.1 and below option overwrite and remote command execution exploit.
5e1df32cb784ea2095f9714c2811df794f7a6ceccdb4d96467d22db47a8e1688
Nodez version 4.6.1.1 Mercury remote exploit that makes use of arbitrary inclusion and authentication bypass flaws.
5d6166ec9ae5d6d089413a57324580495715cccb2a8ff7f5c31f86e7b0497552
Gallery versions 2.0.3 and below stepOrder[] remote command execution exploit.
81b68e37a17e282d111bb8fccf17558b24e3ae0bf1e428ffefb4201d9ee9bb54
Claroline versions 1.7.4 and below scormExport.inc.php remote command execution exploit.
55a177b70aca738c26ac780686ce670138ad5a586047192adb51c3b823f4ef1f
XHP CMS versions 0.5 and below remote command execution exploit.
62549727aeb01656ba3d3a5d5e73937424bcd3276cb0694970800cd270c003c7
Proof of concept code for a buffer overflow in Zdaemon version 1.08.01.
ae1ebac99d8f763cc2af3fd7bad3bbcbb3542978e5f77e570b3c71e83d5b0ad3
Warcraft III Replay Parser version 1.8c is susceptible to remote command execution and cross site scripting flaws.
096b6861fe66d93e4e21945489e505adac8eb9e321b9b55de3b418ac6ffd32ef
DBBS versions 2.0-alpha and below suffer from a SQL injection flaw.
95b0856db4cd5e1ed23e0e58be5b828ac643d2bf89ef14f3b47df22199365e02
Oxygen versions 1.x and below suffer from a SQL injection flaw.
ef3e14a2509956d8d4e51b79c96575aae973a70d70ff1584deea0f3505f5d1ad
MediaSlash is susceptible to a remote file inclusion flaw that allows for code execution.
5bc5f7a0848b199773a7d1bda1a9834a4256b04d24b8e074f6ee767cf56e39a7
X-Changer version 0.2 Demo is susceptible to SQL injection attacks.
b805e873582de0d777b753ce0f7a01a0dbd602f622d7651edcd0d326fec3f284
EzASPSite version 2.0 RC3 and below remote SQL injection exploit.
5f2bae05e76fb3081dd92e059a12052e691a2ffee646ef6f9b9a97efd4caf3b9
Skull-Splitter's PHP Downloadcounter for Wallpapers version 1.0 suffers from SQL injection flaws.
c35f236b1b08f9577dd04d07c8d25b34c2acae462f7e9b485009a9a829eab0f4
Skull-Splitter's PHP Guestbook versions 2.6 and 2.7 suffer from cross site scripting flaws.
d50f7b3a5666f18c71dccd563d2beaed5988c448a8e490ff37a25710dd4d185c
RealPlayer versions 10.5 and below SWF buffer overflow proof of concept exploit.
414e3afcf58e08b1af847b2e480cc14176277187f373317744e60300a876dc45
PhxContacts is susceptible to cross site scripting and SQL injection attacks.
4774b065c8209bc86f66015b175739273d84ea4fff686de76672c30d782b43dc
PHPKIT version 1.6.03 suffers from a cross site scripting flaw.
64fcca7d2034961cc6f6fb5137f9987a08a9c989ffa6035b89bd71fc65b493e2
ArabPortal version 2.0 is susceptible to cross site scripting attacks.
b271bbc43e51cd6545bac7a72d48af082a936be43e8e1143e2e61884bffe6fc9
Microsoft Internet Explorer createTextRang download shellcoded exploit. Second version.
192bb54b48a9f20380a7abdef8d6b39eb738a80b5f5682ee428fe37fe2a51af4