Packet Storm new exploits for January, 2007.
b6eaa47a9e3232720a1866fd9bb709e19225ef854d9fc29c0f8316bdef7f3e8a
Local file inclusion exploit for zd_numer.php in Galeria Zdjec versions 3.0 and below.
233eef24ace755b6d40232c5d21acaf2dea351dc013d3c4d6bcd8f25c75e5c17
PHPFootball version 1.6 suffers from a remote database disclosure flaw in show.php.
68c9191d314276c612d3df3550d52fcd30b7338b83488dfa3f55b7f1330f2d84
CascadianFAQ versions 4.1 and below suffer from a remote SQL injection vulnerability in index.php.
eeb4107042aa92111be2e841b59f539609f6962f86fe255f70d0300e7744bc8c
MyNews versions 4.2.2 and below suffer from a remote file inclusion vulnerability.
8a0ea1ec168c9e9ea46610431408cbe277b55cd4129c7b96ddd3ce0966782d4d
phpBB2 MODificat versions 0.2.0 and below suffer from a remote file inclusion vulnerability.
2c300417c082eb3d14a7b9f21ded412bce15372c9f8ca6f156dd94a709f3d6b9
Dev-C++ version 4.9.9.2 CPP file parsing local stack overflow proof of concept exploit.
936dc77c9870093ff53883f8c968b120f57b7b59be1327adf0f091501e660557
Month of Apple Bugs - Apple iChat Bonjour functionality is affected by several remotely exploitable denial of service flaws which can be triggered via advertising presence services over multicast DNS. This is the denial of service proof of concept exploit.
a256f4a5ef48238266e678eab766d0cb63eb44cfd99e5782f4b5fff8e5aed773
Generic PHP remote file inclusion exploit framework.
78923d2e34d68550a18c32c767a108afe4008aa55ba10d8fedaf3f7536b479dc
RBL ASP suffers from a SQL injection vulnerability in its login/password fields.
94614eedde2fbeecdce895b3842c83d37a6d5eef8cf867b8ccf97c93c2d80c38
Universal exploit for vulnerable EnumPrintersW() calls related to the spooler service. Allows code execution with SYSTEM privileges. Affected includes DiskAccess NFS Client (dapcnfsd.dll version 0.6.4.0), Citrix Metaframe - cpprov.dll, and Novell - nwspool.dll.
2b62efa9f7692468c57fd5ccfb6faa392631ea515d577bee9c4b44042069ea68
MDPro version 1.0.76 suffers from multiple SQL injection vulnerabilities.
67b93c40bf535eae6b65f8d736d5676b8f99e6ee8e43003bae1bc46428309adb
Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.
a2f484f050a3539545bc04527aebfb7718411d5e564498448fa7024d15700ebe
Month of Apple Bugs - Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution. This tgz holds a malicious .wmv file that demonstrates this vulnerability.
5b0f7f222237672bd530a2f1c52368b0a593f5907f49c47913ca01b2f7900a50
Heap overflow exploit for msgeng.exe in Computer Associates BrightStor ARCserve Backup.
a973115577880be9cb7f40039a629b7c8037ece864581b839544fb8c6ac71cb9
Local Calendar System version 1.1 suffers from a remote file inclusion flaw.
c50edb7132dd5b2668271546d7f7ae83b5d0845c3dac08229c7671e138c9c4cd
AdMentor suffers from a SQL injection vulnerability that allows for login bypass.
963c580bc9e516ab4a0a77b6412697f0b757200ddd54f6e66e93392c639e7af7
Month of Apple Bugs - Ruby exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.
f7406daaadebb8a416333b8bedaa7f1ba60dc4e0d60fe455f34deb18ee74e296
Month of Apple Bugs - C exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.
3199da9edd031aaa3b4b089d6910159ef30dde29e74ba47226c79241f26f3d3f
The Intel wireless mini-pci driver provided with Intel 2200BG cards is vulnerable to a remote memory corruption flaw. Malformed disassociation packets can be used to corrupt internal kernel structures, causing a denial of service (BSOD). Proof of concept exploit included.
96c1c5bf7fd32a53f660b0d112ab257bb65b17df4bb6322e76691519e7c61735
Local root exploit for vscan/VSAPI in Trend Micro VirusWall version 3.81 on Linux.
9d755b5bafb1a729d747106a19b5bdf4cf329021970131996e1098b977f41310
Siteman version 1.1.11 suffers from a remote password disclosure flaw.
9c34460266ceba58da69e99b79c232f3c39a1cc84eb51b847fc0de7f563f296a
Aztek Forum version 4.1 exploit that demonstrates multiple vulnerabilities including SQL injection and filter bypas flaws.
981c779961031b5c76898596d2e11fac06d836924f262d6e6ce915897ad516eb
Siteman version 2.0.x2 suffers from a remote password disclosure flaw.
a0d7d79440348673ae6422980fe047110b731c64082359ca4df99be982eddc89
uniForum versions 4 and below suffer from a remote SQL injection vulnerability in wbsearch.aspx.
23c084a4125a16749509ba6ca1d0cf5d4ea29a32d0580a2a8cf6a9088e60e593