Packet Storm new exploits for February, 2009.
d9e012424f8c22f55e33e8d8710e47dd322c50d3ee90db3e3d21dba05d3927a0
Proof of concept denial of service exploit for the HTC Touch vCard over IP that sends vCards to port UDP/9204.
c765fa0e718759e83c56f58ce3ea7a9a7b76a3590eecefea18f32a537ef6cbe7
The Drupal Protected Node module version 5.x-1.3 suffers from a cross site scripting vulnerability.
dcd44c3b5242e68b940cdd1302aa3dbd16f87c2e5b6c95fd3fca6549fc1e4e3a
POP Peeper version 3.4.0.0 UIDL command remote buffer overflow SEH overwrite exploit that spawns a win32 bindshell on port 55555.
5e1096ecb0bce0b064f117ba74b2a5a09ddcb5529a2b555bff5980f790a314d9
Drupal suffers from a local file inclusion when used on Windows.
9cd8ddc53a2fc1d8ef6a9b1fa8eaf39c6f24a1d28ccd8585ce811951ee8eda6f
SkyPortal Downloads Manager version 1.1 suffers from a contents change vulnerability.
2a03e81da18dbc7cba3445084e2fdc48056791f934b463f0b52121af312e1b17
Irokez Blog version 0.7.3.2 suffers from remote blind SQL injection, remote file inclusion, and cross site scripting vulnerabilities.
1ea8ca215106691168dea202db81f3f56afaa1e2eab04ad773942883417344db
Hex Workshop versions 6 and below .hex file local code execution exploit.
3c7173ddd241e394771edeb7a79afaf725f7dfc676e84e70b541e915bbaa6834
Orbit versions 2.4 and below long hostname remote buffer overflow exploit.
19a23b7fac23f4df28d99579e4770093121a516e730191f0f07c93a2b07b394a
Demium CMS version 0.2.1 Beta suffers from local file inclusion, remote SQL injection, and file disclosure vulnerabilities. Full exploits included that perform local file inclusion and remote command execution leveraging both local file inclusion and SQL injection.
b101c63b28fd04922859e97761abeb7fbf14793b22ee253afcde294a8f958e80
BannerManager version 0.81 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
aea6aa4dbb8994ea8477bf08ddab55051770c51d15f5af0d6918a996054dab87
The Drupal Taxonomy Theme version 5.x-1.1 suffers from a cross site scripting vulnerability.
910abd62192a62f24e88bd8e0a24cfaaf8cb8214622ef3b378fdbaa2fffeb0a0
B2C StoreBuilder Designer version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fa51b4993bde6586ddefb27d30d2cd895ad052d6a9e1abee9c1f110fa42f1964
C2C Reverse Auction Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
26c54383f3359cebee5e2a313b183a67c9c3492997e2950912c749a5d0eb6e88
Great Shop Creator suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6de3dc3153d6f24cdc6ecf4a7979b0c6593849cd36cde3061b7abe03eeafc077
B2B Reverse Auction Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c9558805f2dd77dba028f5f7daaa98860b465cbfb2edcc949b959c0bd7674d9d
B2B Forward Auction Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
4b22cd31fed84cc02f65397e8d44416253922aeb8e0be99aa45ea61a76764129
B2B Horizontal Marketplace Creator version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
4c9c43857cd8efdf4b5f9c0984291c17ab0ca9db33e62441a170cf4fd1e7a6e5
Webstore Creator version 5.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2725201b30dbf4082166f382ee2431a341093a1ed963482217f7be8b26e1c2ce
Shop Creator version 4.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8058e49c016031a8374c47e76138711ac489a9f67b3e9de6aae19fbb385366d5
The APC PowerChute Network Shutdown's web interface suffers from http response splitting and cross site scripting vulnerabilities.
0fe9b1c32be53fbaec5ec4b23eed1349673ecc3e1904b1eaa4ab65dae5480510
BitDefender Internet Security 2009 suffers from a cross site scripting vulnerability.
cbc5a5ad08caad0126f74533bccd87cddb09e4964c446d6f9c7869926c30f560
Coppermine Photo Gallery versions 1.4.20 and below privilege escalation exploit.
664c5dbfa4fa3bb018a571cf6aa4af6da853a09391cc118249632075e558ea51
Coppermine Photo Gallery versions 1.4.20 and below suffer from a privilege escalation vulnerability.
739ecd858f579860104ca119c8d8c4fc99f31707ac5a0d4f398f0440af9cc82c
DesignerfreeSolutions Newsletter Manager Pro suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e4723a76542ee109cb1e2f7517e975257e8b71b0ee468dd3957e3d26cce42ca1