Packet Storm new exploits for January, 2009.
417a10039321bb6a0b2a8915297c63a735c470e8c8a02318b2366d21891ae3e6
E-PHP Scripts B2B Trading Marketplace suffers from a cross site scripting vulnerability.
3d602575daa8cb3bf0f9ff684034260a8f8027062629e15c895b4b7942d8f67b
E-PHP Scripts EShop suffers from a remote SQL injection vulnerability in search_results.php.
d40a6acc470ec79dd101a042cd4aaa86affba51806cc25a180e3a5fadc7c1b24
eVision CMS version 2.0 remote command execution exploit that uses local file inclusion and a file upload vulnerability in conjunction with each other.
f9a8fccad280f0d64592303d24c81a1cc3b57fa2f3616cb068b9baf555483d26
eVision CMS versions 2.0 and below suffer from a remote SQL injection vulnerability.
9c8d713c7c35a06064f7bf6581fe29cc3b13eb24149ab46c58068d0d87aa92a0
Spider Player version 2.3.9.5 off-by-one crash exploit that creates a malicious .asx file.
b37924ca969231857597c6d80c70325c1e5ce9445a881ee2eb632255500c7376
Orca version 2.0.2 suffers from a remote cross site scripting vulnerability.
916cc9d1b3596aac9e10d1096cfb1304c660a986a0ca4b448435203756a4c7b3
SkaLinks version 1.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
85cf8611765eb9db0d0df17c831ed0d0ef03a9724505f23eeea2a0a553e75317
BPAutoSales version 1.0.1 suffers from remote SQL injection and cross site scripting vulnerabilities.
c023e0c309be5317be25973826c74be4242842fb27f5c736b0797e8db4d772ed
ReVou Micro Blogging suffers from remote SQL injection and cross site scripting vulnerabilities.
3c5169d763298c5231c8f2d1d773b6e643d7a8d1aa9e1ce5795a96318c8f8c00
Updated version of the Google Chrome chromehtml: code execution vulnerability that demonstrates disabling of the sandbox. Version 1.0.154.46 is affected.
51fc96a054aa0a16bfb637685259cda45d65bdab9ef532392919c35d2dc90cd4
Enomaly ECP/Enomalism versions prior to 2.1.1 use temporary files in an insecure manner, allowing for symlink and command injection attacks.
c2f83d754ab9d6bdb0af2e41fc5bf6c46034f1807d705f25738a759685b5720d
Bugs Online version 2.14 suffers from a remote SQL injection vulnerability.
0a88d3b55f28b0a4f82f0dce8c3bbc62c5a92db5018bc1800885eceaafb87f28
SalesCart suffers from a remote SQL injection vulnerability that allows for authentication bypass.
272e003df6bc0f8bfd7425c36a392cf8f9a03239d5d94771f9f1a8d8b7c38288
The Synactis ALL_IN_THE_BOX Active-X control version 3 can be used to overwrite any file on the target system.
4afaabb56023a25add6063e9ec59e28b576018aa311b37d57b0e39e863ead25c
Remote SEH overwrite exploit for the Amaya Web Editor version 11.
2c0b2d54999c4dfb93c0f9554c5cdb8eca499a61d6e95636691122746b9f35b5
PerlSoft Gastebuch version 1.7b bruteforcer and remote code execution exploit.
b5868e023a69e0ce31dbec8579a2cfec5d5c25a32f25f07c9f3aafb5365e85ef
Cross site request forgery exploit for the Zoom VoIP Phone Adapter ATA1+1.
b7a879af0e63dfc674bbe105d6e012812a973586e3a3408e57c389415d5f7ed3
The D-Link VoIP Phone Adapter suffers from cross site request forgery and cross site scripting vulnerabilities.
c4e3b913ff8a3c1893e65e9fa06fdd4a1a81f7006e219e1c4da73116200e008e
The Profense Web Application Firewall version 2.6.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
e2a80022e6d97b0ffaba3c466cf310edea2d3ed7f1509bfd3a56e0f4ec83d8d6
The ManageEngine Firewall Analyzer version 5 suffers from cross site request forgery and cross site scripting vulnerabilities.
7897aa4279f91b85b886624aad78a74b4f657e1ac4d19971e1fa69bcc7279628
Pligg version 9.9.5 cross site request forgery protection bypass and captcha bypass exploits.
05b604f400a79dfbb253f411cc153b0e6fcbbe1b7f206be771ad35f433e998a6
GOM Player version 2.0.12 universal buffer overflow exploit that creates a malicious .pls file.
9561a1ab65077dca00bda982c7c1d41fad0e819afabbf0d121f6cec13d55c7ad
GNUBoard version 4.31.04 suffers from local file inclusion, SQL injection, and file name disclosure vulnerabilities.
0f1b176d8a3e612267df49498f0446c0c14ebffa3933bf6c931460fd0ca32d9a
PLE CMS version 1.0 Beta 4.2 blind SQL injection exploit that leverages login.php.
c8823c4908e757b20f66dffa39709d33cf790b992e83a64f060be3ed4cbf224c