Packet Storm new exploits for September, 2006.
f8578a2f475ce08af04784b4f8a45787c471d1a39ea39f91c53cefca2b76d727
the 0004_init_urls.php file included with syntaxCMS allows for remote file inclusion.
f60e91f5798f418f4b70a005f8b7e516a35f38a23bda6721499ea1a67d0b5e88
GW Script 250 versions 2.1.4 and prior suffer from a remote file inclusion vulnerability if register_globals = on.
9aee1b519bcaff61b251430ec41909d3d4c29ffcc629c1f8bba101a0574ae38e
phpstak suffers from a remote file inclusion vulnerability.
323f164649dd4e8186dc751947b8f7a3dae1656c0e6f63c5748b289314b291c5
Kietu suffers from a local file inclusion vulnerability.
b9c033c3b0ec356b27dbafe07437d2f5302e9b28be1d8726190148cc057decd1
ZoomStats suffers from a remote file inclusion vulnerability.
bd26ca36d15c1ddce78d401c9761bdb70376f9fb7faff06eed5ee90699321428
WebNews suffers from a remote file inclusion vulnerability.
41f69a57cb07ccee040b09640853db06f309883a0343e5bf9c74880324c63db7
FlushCMS suffers from a remote file inclusion vulnerability.
2b0606d734c45bd395d9f889953d68f22ebb8b8157a92361f802561e66cf02d4
Pie Cart Pro suffers from a remote file inclusion vulnerability in the Home_Path variable.
7a4ecb1e02c979364450299da14442bd5fe538b9e1daea068d190366b4cf8bd9
Mambo's script mambo_hotornot versions 1.2.2 and below allow malicious users to upload and execute arbitrary php files.
e1db3ac6f8a8f905f67e50e753efd1049b3e7ad69cb0aff0b5644aff6c8c9bc8
PhotoPost PHP 4.6 - 4.5 remote file inclusion vulnerability.
4017bf6d0707a213d1e1668261ee285786f994f2d0f1c83f9f667f1d23e36c4b
PNphpBB suffers from a remote file inclusion flaw in functions_admin.php.
b3b9efc8dd69fd3136a65cf35f5c6be2438a8aa5638793604e190cc64258faf5
Techno Dreams Articles and Papers Package versions 2.0 and prior suffer from a SQL injection vulnerability.
10c191951b629a4ef676a092be40c6258e3f6d8efdc34887ebc8bf3e9506d756
ECardPro v2.0 suffers from a SQL injection vulnerability
47e1a3da96391f379384df8d10b7b9703b75ceea46951637183fb0af7b821c20
PHPQuiz versions less than or equal 1.2 remote SQL injection exploit.
cc00d20894ec963b7a7b4fc0753f725c8a1c20fe67c2d7bc22cacd57706eee68
Plume CMS 1.1.10 suffers from a remote file inclusion vulnerability.
83570734e0074fe652424bc5712d1d89dcf971c4f099f79a87994eb1e6d5048e
HitWeb v3.0 suffers from several remote file inclusion vulnerabilities.
1db8e70d9e9a641a2cbced9ca9aea7d1adb970b2717ef2a3697baf8259d792af
Site@School 2.4.02 and below suffers from multiple remote command execution vulnerabilities.
ff6a0d11614613f5191f0ad6e4b0439e5b8d31e19d7623056d32f3db781a3e0f
xweblog versions 2.1 and below suffer from a remote SQL injection vulnerability in kategori.asp.
afb172960c8251dacdc1e4df1fbdc91184ffdf31f92c179866c53aed242c65c3
Charon Cart v3 suffers from a SQL injection vulnerability in Review.asp.
dddcf0a902c17ec3eb19edb7e07e1dac2bda6e9ecc56fbc570a7318ea7ab9834
Q-Shop v3.5 suffers from a SQL injection flaw in browse.asp. POC included.
8c23378e0ce75805ee4c62c2e8c82d7d45e44394428bbc3916b034e3f239706b
EShoppingPro v1.0 is vulnerable to SQL injection in search_run.asp. POC provided.
7288ea21dbacee2980221e96a53b479ed25f8c4799b7ed12405f1c15f5a65bd4
Haberx version 1.1 suffers from a SQL injection vulnerability.
41125b7c38881d9dbe9e0cf3a5a3afd4d8bbb28667326904d4c52cc4599a81e6
PHP DocWriter versions 0.3 and below remote file inclusion exploit.
8c9cdefd0810252b3fb6bcc265fefa95f6273dfa2ac74a6392b479565052320a
ReviewPost version 2.5 suffers from a remote file inclusion flaw in RP_PATH.
6bea4ea57f84a8a2b6494117f06a72fbd9484a7d5258cf3eed7a5317bea2aa81