Packet Storm new exploits for October, 2006.
f6ec553c60f72a7491d855aa1b7654761bfa22d6d856afefefd4c942cde38bc2
[ECHO_ADV_53$2006] QnECMS 2.5.6 and prior suffers from a remote file inclusion vulnerability. POC included.
733ebb8377a50199e69b9da0cbb6f3654743bc36eaff2716480b508480449189
PHPEasyData Pro 2.2.1 suffers from a SQL injection vulnerability in index.php.
93957c683fe4d2f5ebd9d040aeaf2dd43dd14767ca78db7d857e54026040c2df
PHPEasyData Pro 1.4.1 suffers from a SQL injection vulnerability in index.php.
7380b97e1b8b001231a50ed112fa550ac5c19bd85582448e13982906fdb18d4c
Simple Website Software v0.99 suffers from a remote file inclusion vulnerability in common.php.
1ac885848dfa405c74f37210d6b6fd713968106daf5c996bda618fa5a8c068eb
easy notes manager (eNM) version 0.0.1 is affected by multiple SQL injection issues. POC included that demonstrates how to bypass authentication.
8bf434113a79d20b0e13eca016af6e6321a692aac41cb63c7a6ec3adf04d23fd
freenews suffers from a remote file inclusion vulnerability in aff_news.php.
43180f66f3412167a1dc5c115a4e1389f16dc7f0e26ab1184101fa6574bcb5d8
Remote exploit for Exporia versions 0.3.0 and prior remote file inclusion vulnerability.
183b507d646cee848ada27494f71e8282579022ef9d72ed92d35c5a851a4805b
CentiPaid 1.4.3 suffers from a remote file inclusion vulnerability in centipaid_class.php.
74d04a6ebac9eedda8901b1302fce530bf665d9a96f321d0f8f2c4de403ae812
Ban v0.1 suffers from a remote file inclusion vulnerability in bannieres.php.
f4dbe3054fbd4c53680517920f642827a7a85b4bd4ac6cf747cacca5e3c388d7
Thepeak File Upload v1.3 suffers from a vulnerability that allows anyone to download arbitrary files.
db1a83ee51bf4f34d0bc53cc287cb75b3dfe587fccc7457d086eb90ebb8b179c
Hosting Controller 6.1 Hotfix less than or equal to 3.2 suffers from multiple vulnerabilities which can allow an unauthenticated user to delete sites and perform SQL injection attacks.
ffc11d2df863ea35c6e64a9f5a38fb2415ce40baf728e21b7e1e6c9cd529599b
phpAdsNew 2.0.8 suffers from a file inclusion vulnerability in adlayer.php.
6dc84f0a6700e071f98a2299db48574c707a98487ad7357dce230185c4842dc9
Nucleus Core v3.23 suffers from a remote file inclusion vulnerability in media.php.
6bb55849806ce5461c68f302f55093a036cc1fbe49d31b88585327ce28d72383
PunBB 1.2.13 suffers from multiple vulnerabilities including SQL injection and local file inclusion.
3652bafc09639322f478bdfbf3bca457d4dc43681175ce33bc857b2fff56d736
GestArt vbeta 1 and prior suffer from a remote file inclusion vulnerability in /gestArt/aide.php.
d5c5b20e02b057928a8151002d3b6ef3b90265dc9cddd6a3645261773fc6b16b
The Joomla extended_registration mod suffers from a remote file inclusion vulnerability.
b5ec95b388d9d4c34f6cc34562cd6884f254b932b29fa0a2f9a145158f4caa30
TorrentFlux 2.1 doesn't properly sanitize user input passed via the "dir" GET variable thus allowing anyone to get a list of files anywhere on the system.
82396ecba330189442653cc67928c3cf56d83a210ab195d99c98ba811df0d958
UNISOR CMS suffers from a SQL injection vulnerability that can be used to gain administrative privileges.
d3ff9edcd325258939ef9797a17e7a279dec7fb8d7087eca520a632d4146be6c
If magic_quotes_gpc is off opendocman 1.2rc3 suffers from an authentication bypass vulnerability.
8f2ad0e6bf6b1cbaf3b99b60430ea6396ad0d977528510c3fcaaf782a043aa4b
Amember suffers from a remote file inclusion vulnerability in /admin/setup.php.
4c810e0b67d79f9f6b3776a9aa00eb162372df0bb8fb4707dcd3143a3198f399
Coppermine 1.4.9 suffers from a SQL injection vulnerability. POC included that grabs the admin hash.
233e110528f5e5c98147d2f55f76bdfe62ed681f6f00fa71343aa8937ac8d85d
phpLedAds 2.0 suffers from multiple remote file inclusion vulnerabilities.
678775e57ffe6f1ba95259b927d3777ebc37be528c3b21419e1966f05f5a4aeb
PLS-Bannieres 1.21 suffers from a remote file inclusion vulnerability in bannieres.php.
f86e43db359a3d1f036951826c4a4008f694f8a60a2ce04c54d78cad0d7633ed
MiniBILL v2006-10-10 suffers from a remote file inclusion vulnerability in config[page_dir].
4497c5bf28738f1a00117966132decb92c65d93f8ec2b5ad5550590bfe003645