Packet Storm new exploits for April, 2006.
05e1a90b369dee8f64f8be5cef75e9a5cfb7c51d9030bb98acbe2aa47a04d277
Libxine versions 1.14 and below MPEG stream buffer overflow proof of concept exploit.
fa127a09ac103ec94c4584c9e08b579fb36e2974499b89d2d1ba44ad44327a3d
TopList versions 1.3.8 and below are susceptible to a remote file inclusion flaw.
7569c6728074698bda67ceb0ef021cf979e4489d5179a2a719d6da944900668c
DirectAdmin HMS is susceptible to cross site scripting attacks.
c0d1d4a4b8cb3984a4a8ced88b9703897b886bd793d51d6b6a4587d56cf6283d
poll.pl in ronpoll is susceptible to a remote command execution flaw.
6832d6e4ffc0ee139031ba90c89791567b81f7db9bbf3110ee8ccd7b000fd390
A remote file inclusion vulnerability exists in OpenPHPNuke versions 2.3.3 and below.
4d1bc9c955b37b7ef7da49129e9a4a637b44d0d0164edabd3ca79875815dd2fc
A remote file inclusion vulnerability exists in Knowledge Base Mod versions 2.0.2 and below.
cdae4f08f6a0858c8ab3c1d28a62a68c2db4d365f5eb7285f32eec6d6471033c
A remote file inclusion vulnerability exists in sql.php from Limbo CMS versions 1.0.4.2 and below.
a8f1be771e3a0e8d7be2119bad091cb9f7b276ac3b385312087a65f774a29f23
MyBB 1.1.1 suffers from several SQL injections in the administration panel.
a2edc1d4a52274f379fe151e7ac805f3fb0250208c58c30d0da4eb7c7fa4d15c
BL4s SMTP server versions less than 0.1.5 suffers from a flaw that can allow remote attacker to cause a denial of service or execute arbitrary code due to a buffer overflow in the SMTP service.
99261d09b996c6e2db11f243f986cb42f1fa42ed71d2b262cada4e5389f00d47
Invision Power Board 2.1.4 SQL injection in func_msg.php exploit.
b35e8803e4ad5242d872d623728a37554dd4632c7e35bb4ec895a48a77d65f67
CoolMenus Event suffers from a remote file inclusion vulnerability. POC included.
c9d67d9b0ea47e1c5f547120ec105f0df4485bb5140b7528685506acadf3fe00
Artmedic Event suffers from a remote file inclusion vulnerability. POC included.
077c4928d96b80ba46e9d5413980945c81c426c4a61a1b4da83bcf6f1311bf80
I-RATER Platinum suffers from a remote file inclusion vulnerability. POC included.
66d7dc8c07f4455c9d40751cb297d9e5094805ceccde0090e27fa08be5a80805
An example of a return into libc exploit that possibly works though grsecurity patch protection.
3d52d2bc3578ca63d91d157654640485e25d9bb02f962aa6d3f5f5cfb99a6f01
FlexBB 0.5.5 remote SQL login bypass exploit.
8ec957f077965343b237cb624658ab727dbed83ca28cd9460e3a4489e4d2e1b8
Neon Responder 5.4 for Windows suffers from a DOS - sending it a specially crafted "Clock Synchronization" packet causes it to crash. POC included.
00308f6b50521d1c774a89502ee9de291b104713e6c78d55efed7ad64f9478bd
phpMyAgenda 3.0 Final suffers from a Remote File Include Vulnerability in agenda.php3.
0127ffa3f68c50522dd1e30f8420f3e869bbb31c79e98814dd7ee96be5025be1
exploit for Oracle 10g 10.2.0.2.0.
5bdd48609fbc48eaa4e5f651c41fd237a9522c5bd339aa23e7688596c66c5426
A perl script to bypass the OCR Shop XTR vvlicense validation scheme.
c421e21e1e3ad1e1c704a942563a1fcee8fa3f7a4e02ebabb0989d3873c8b188
exploit for SQL injection vulnerability in confixx professional 3.1.2
0f7c30067f53156ac8c8bb9c803ece79d8a8dd95127c20da80a71200f0c0ebd9
FlexBB 0.5.5 function/showprofile.php remote SQL injection exploit. Grabs admin password hash.
b0945bda11f774741fe19c1158b6cd1ce09807ae39a3e239d69a09db83f317e8
Invision Power Board 2.1.5 remote code execution exploit.
3314ab197b38625e7111961ab93bcd29a93a4a8eb7dc59b92e70f0d782127031
POC for the Internet Explorer Modal Dialog Issue: A malicious user could create content that would request the user to click an object or press a sequence of keys. By delivering a security prompt during this process, the site could subvert the prompting and obtain permission for actions that were not necessarily authorized.
37b851304649abe9415c7b7d8d0de6665b6c40ea7e57d02ef76eb6162b600e0a
axoverzicht.cgi is vulnerable to remote file inclusion.
97aaa30e8d0e7d90221bd87dab749fb43e63651d590fe692e5b9f875bf93b9c0