Packet Storm new exploits for February, 2008.
3ba4dbd253831a3ead28d4cfebe30c69859a57eaa5294d1f939c472e10bb55a6
A brief example describing a method of bypassing the Myspace.com Phishing blocker.
63a506d5a7a91873cc1194768926d9b134e79a63e64bbe0120d31403d226e798
Centreon versions 1.4.2.3 and below suffer from multiple remote file disclosure vulnerabilities.
43d6acdf4bcbc8408ae19854468a1006dd4c8129b860c1472db9cd2ad250d67f
netOffice Dwins versions 1.3 suffers from remote code execution vulnerabilities.
fc125157b2c371ba7a34636991eaafc36b164493e2f9cbcf3587803933c9f421
PHPMyTourney suffers from a remote file inclusion vulnerability in index.php.
8e4fae918262720a679ee27f816b327973c489f177e741676ddfc4d5c5c2abd3
Proof of concept exploit that demonstrates a buffer overflow vulnerability in Ghostscript versions 8.61 and below.
329b211825119b859b126237f16f381c87e49a08986f152ccb8e75538f684239
Symantec BackupExec Calendar Control (PVCalendar.ocx) buffer overflow exploit. and spawns calc.exe or a shell on tcp/4444.
7cc83a1c05db405770519c88f6e3ec43de346367d2eeba3e528271a2e98f74c8
Koobi CMS versions 4.3.0 through 4.2.3 suffer from a remote SQL injection vulnerability in index.php.
7258fff53a27d3d69c96db20d4f50ca1771b5e264e78067709ff0a99c040133f
Juniper Networks Secure Access 2000 versions prior to 5.5R3 are vulnerable to a cross site scripting vulnerability. Full details provided.
f42c809cfe2e32f3528767ab5078337b58ae581f485a1cab7ce48646dba417c3
The 123 Flash Chat module for phpBB suffers from a remote file inclusion vulnerability.
59663f994af87d43c4e67b9dce37464841bb0129f8175173761e4d97534a2c89
Centreon versions 1.4.2.3 and below suffer from a remote file disclosure vulnerability in get_image.php.
c40bef646d5aae14bdaa404ce6d67a6ccba71de2d1b4259fe195ca7886f92253
The PHP-Nuke module My_eGallery versions 2.7.9 and below suffer from a remote SQL injection vulnerability.
42da4db627b7084c8aa900c7295d6dff1527385171807cda0037f18af7dda93f
Barryvan Compo Manager version 0.3 suffers from a remote file inclusion vulnerability.
01d5227af43b47ef5136e12deb5baea1a4cb84fdbdb8fba8bed7aab7f4772a41
The Podcast Generator versions 1.0 BETA 2 and below suffer from remote file inclusion and file disclosure vulnerabilities.
372d3b8dfc7804befeb9148283d1e20d4545ffda1b3dd6f1725f518fda58f8b2
SiteBuilderElite version 1.2 suffers from multiple remote file inclusion vulnerabilities.
fa22e530243f7486ad29608605ecf9fdda434ad2feaf488ea96138be72e14f9d
Koobi Pro version 5.7 suffers from a remote SQL injection vulnerability in index.php.
a68f3b35363545852ef061a033a7c44ad15c38795f52a5ceb093375ec23ef982
Crysis versions 1.1.1.5879 and below suffer from a remote format string denial of service vulnerability.
3332ca15fe0d3bfaacd61ee3fb5b4a7518a21bebf09fde86e66f769c7aa2270d
GROUP-E version 1.6.41 suffers from a remote file inclusion vulnerability.
eb7bf5d5e80f926872c14eca1c683b154cf2d631099a453c5623619672fba319
Core Security Technologies Advisory - The VideoLAN (VLC) media player package is vulnerable to an arbitrary memory corruption vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. VLC versions 0.8.6d and below and Miro Player versions 1.1 and below are vulnerable. Proof of concept code included.
4256730c62805a313b1a0048df1338eafe6f939bf47a7756297bc4fe01f54383
Proof of concept exploits for Trend Micro OfficeScan Corporate Edition versions 8.0 Patch 2 and below and versions 7.3 Patch 3 and below which suffer from buffer overflow and dead process vulnerabilities. To use the exploits, nc SERVER 8080 -v -v here.
25ccd183031e24acbcceb49d266b298d239e4f3ecbbcdff85ad7b062b2624195
The AuthentiX administration page suffers from cross site scripting vulnerabilities.
7d8fa37d7cb076695440c797bd02094678a934bb0f76a79ec0d585fc7c81e343
EazyPortal versions 1.0 and below cookie-related remote SQL injection exploit.
6c1046f678e67358e818a20cf2f23d9ebebf4cf0185a4648c9571f3c08e52507
Mambo Simpleboard Forum component version 1.0.3 Stable suffers from a remote SQL injection vulnerability.
cf0729f4486cf2ae79736a48ccaabe1315523c07a7dcb356e27b317b0fadeab4
ezyEdit 2007 is susceptible to cross site scripting vulnerabilities.
860e1842c61a45d0a8b47cda33fed0b6634476579ebb0493d0f49c77c9b4e20d
Nukedit version 4.9.x remote create admin SQL injection exploit.
37da16eabfedd521bf8000f0f70dba246620d81a33adc8bf7459d87ba03db379