Packet Storm new exploits for March, 2009.
e9f153b2931d639cb5badec0f38cdae04b6d25fab8707fc696b5deb4cad118a8
Core Security Technologies Advisory - The Sun Calendar Express Web Server suffers from remote denial of service and cross site scripting vulnerabilities.
70c47cf0c1217dfc126f835834bf3fbffb2e26ed040905c0691ea08d84050823
The PrecisionID Active-X control suffers from an arbitrary file overwriting vulnerability.
9593b464bae7b6dd5e4e3bb54e346c6d85741d2a877d6f62aa080e82180eb56f
SAPDB suffers from multiple cross site scripting vulnerabilities.
20480cc38d05637406aaeaa81ff51bd746e7dc4ecc4867b684633b225b0e20ac
IBM WebSphere Application Server versions 7.0 and 6.1 suffer from multiple cross site scripting vulnerabilities.
4f4b7ea5a34c878402954e35424b0b14d0baca8469f28c98a9d163b1684dc0ae
webEdition versions 6.0.0.4 and below suffer from a local file inclusion vulnerability.
58834c656aea83f86f4cd13324ad05f1cb9c4be232cb61dbebb8a926cce18b24
The Scout Portal Toolkit version 1.4 suffers from cross site scripting and SQL injection vulnerabilities. The SQL injection vulnerability was already previously discovered in May of 2008.
14f901b8058e4c69671750adba1d4df98618baa6973d8c4082742eb36b4d3b76
Turnkey Ebook Store version 1.1 suffers from cross site scripting and redirection vulnerabilities.
0ff858011fd581f1e4c9ee6d8b6321636d4e387d18de3a82b24c22ac51e6f2d0
VSP Stats Processor version 0.45 suffers from a remote SQL injection vulnerability in gamestat.php.
556117c98db69cf220005749c47a92a273dd63c8fd78e2d4ea4c34c996e6ede7
PHPRecipeBook version 2.39 suffers from a remote SQL injection vulnerability.
044602fcdcf98db5aea16ac5cfdeefafa0ae0d7e4c373f0074d1e393841c5864
JobHut versions 1.2 and below suffer from remote password change/delete/active user vulnerabilities.
1b5b781cf06654262f84fbfc10cfcbae8d8b76cb05e83761bf3bf9f0e95eb79f
aspWebCalendar Free Edition suffers from a database disclosure vulnerability.
c0ecbfa4fee7f3411e7ee2cdd21f32a54ae3649c1aa8949f20bc9794f0167af2
VirtueMart versions 1.1.2 and below suffer from cross site scripting, SQL injection, remote/local file inclusion, and code execution vulnerabilities.
c1b8b1b104c5cb8ad97f285c6bcdb1512e50ac13adc92396ee282e41ac8a0bed
This Metasploit module exploits a blind SQL injection vulnerability in VirtueMart versions 1.1.2 and below.
ee0b781624a9fe618d7bcb74a678739c7905f9010ed773f93804bcce0cfa5691
Podcast Generator versions 1.1 and below remote code execution exploit.
6fcaa065b9750fbbfb84c5b163e0d93cfe3cbfe592f8de88559b6a43924a4901
Safari versions 3.2.2 and 4 BETA XML parsing remote crash exploit.
852a421bb70a29fdf052a50ad18d7cd650646ff3c342250c0b187b2d239c663b
The Cisco ASA5520 Web VPN suffers from a cross site scripting vulnerability via the Host: header.
4ff57039791f5959f116b2e5454f4cda838eebf40e62b8707bae7398e561d8a1
Opera version 9.64 (7400 nested elements) XML parsing remote crash exploit.
5cb5b9f155d8943d137b3ca3dc40cdf8fd7267a79da07db420881ea0bb0d5b96
Zabbix version 1.6.2 suffers from multiple cross site request forgery vulnerabilities.
8ee865f64b5fc17f842d58dc0c0d58f823ba5646c8e910c5bf3f2f0715f41ee8
Community CMS version 0.5 suffers from multiple SQL injection vulnerabilities.
73fbe3292e9e458e7884a31a8156020bcbd6ced7946fc0f38efc248f58d2a2c4
The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client would not allow further analysis and would not provide the full product/version info. Initial testing indicates the 'Authorization' and 'Referer' headers were vulnerable.
ea492653b5ddebab2e708e8a2df04435b7732133b138456f88f95f23c8ba7185
Family Connection version 1.8.1 suffers from a create administrative user vulnerability and multiple remote SQL injection vulnerabilities.
01a4307f57757f12e3f098abed9abaf0ec8655ca93b42e400fdaa7e4618dfebf
JobHut versions 1.2 and below suffer from a remote SQL injection vulnerability.
350407369ebdca498e2c12a2c3d959956fa3ed4ca776eb55a8be91c00d55db10
Sami HTTP Server 2.x remote denial of service with HEAD request exploit.
3491b722a328db818b14cf139bde10245e73c3741e29b8e0d33bbbc37717be57
Linux Wine version 1.0.1 local buffer overflow proof of concept code.
686cf5036fb7321dce4cddb7d8f0953a31f042cef03c513ca0aeaab2afbf7757