This archive contains all of the 448 exploits added to Packet Storm in November, 2009.
5b13c8bc19b3db3fc21fc6e124e7aeb76b50f942d724427dff7b2a8d27cdcde6
XOOPS Smart Media version 0.85 suffers from a cross site scripting vulnerability.
00a4fd8b408b9b70eec892d43f5da1954be274c02f09aeb8a69337f9d0815e86
The XOOPS Content module version 0.5 suffers from a remote SQL injection vulnerability.
6a3c780e5b15c44056830f86ea4916c3f0b771ff609d59977a4a92ac0e43aa83
The Joomla Quick News component suffers from a remote SQL injection vulnerability.
94977fd302be8430e7859418de9bb67452a6cc29aa6c8956ac606b61ef60e574
The Microsoft Technet site suffers from a cross site scripting vulnerability.
d61673fd02d0875267fc7592faee93f0a7f9c3cd8d3dcfa9858b0dc274aae5d5
Eshopbuilde CMS suffers from a remote SQL injection vulnerability.
27b2848106f13ff7ea954f9050f364ebfc31aadfd109c859364af9796ab15707
dotDefender version 3.8-5 suffers from a remote command execution vulnerability.
b2caedab654ce37fb62c98601f2d827db89737d65074e93793a5959a729977b9
Robert Zimmerman PHP / MYSQL scripts suffer from an administrative bypass vulnerability.
f97e8b6d7bd606394614f991e7664683e84a7164e22ac24e33ad050e5d9624a0
The Micronet SP1910 Data Access Controller user interface suffers from a cross site scripting vulnerability.
d9a503a1a44bc6820fc8f86e8b2b7ae1e36618ab80bf1fa010e025b5d6b5f8aa
Millenium MP3 Studio version 2.0 buffer overflow exploit that creates a malicious .pls file.
e777809927f07ccd2f0c5846a11163475182240e4045503e5029a91ecad6140a
Adapt CMS Lite version 1.5 suffers from a remote file inclusion vulnerability. This is the same issue that affected 1.4.
e384170c61a5c1eed2a7f02d3005c5fd7504a982219eea0e849ff276da4a1704
Sugar CRM versions 5.5.0.RC2 and 5.2.0j suffer from remote SQL injection, unauthorized access, remote file inclusion, and code execution vulnerabilities.
c370b50f7ecb557a73820f6d5a6ebce4eff9879ae4443b4683dfaf0d5cfee27b
FreeBSD local root exploit that leverages a bug in the Run-Time Link-Editor (rtld). Versions 7.1 and 8.0 are vulnerable.
c639b539f4d450f65f034fcd0680e0b37942ecea3d7cae2277874a72cce2fc46
Xxasp version 3.3.2 suffers from a remote SQL injection vulnerability.
b19a2612c35d127e9a99e3bea5c570b4ff29c9b108f5b73307978c878cdfe48f
Eureka Mail Client remote buffer overflow exploit for XP SP3 English egghunter edition.
f29a7454bf1ff8c2e715f10967b9b3be3095c1e362abe2ecff73097a43f8e06b
The Joomla Music Gallery component suffers from a remote SQL injection vulnerability.
3123b7ba2865804af90bdd4dbd2c079925eace6fef71cb571fa0416473af9929
Elxis CMS suffers from a local file disclosure vulnerability.
487987ab0b7cc4735c71bb9329c7870c89a23ef7e01c401143372c084829a48c
Oracle SYS.LT.MERGEWORKSPACE exploit that grants DBA permissions to an unprivileged user.
b5f65c3b64621f1fbfa980d979a3128fdf9f7c890ed9639577adc336e76c847b
Oracle SYS.LT.REMOVEWORKSPACE exploit that grants DBA permissions to an unprivileged user.
07b2d913a409e84fed4e6008b1954a5cbc7ab0c5010d444cca67e58f320bb38e
Oracle SYS.LT.COMPRESSWORKSPACETREE exploit that grants DBA permissions to an unprivileged user.
c4934ec56ac73f45c009b54ec261c44817e099a901e8085b4d1459cdc1924e9b
Oracle ctxsys.drvxtabc.create_tables exploit that grants DBA permissions to an unprivileged user. This version uses an evil cursor technique.
8d39a9c0f8690e63871668b6fd563b4fdbd4f753c9719adb00a3640742109bd3
Oracle ctxsys.drvxtabc.create_tables exploit that grants DBA permissions to an unprivileged user.
e21120b8e89846075db130caf29552833db3e64fe9ee8b455ea2ba6ace4336df
SweetRice versions 0.5.3 and below suffer from remote and local file inclusion vulnerabilities.
529a5da49d0b6735fd6024195c512d6d1c1fe7308164187db46fa70472b8ee78
MuPDF and SumatraPDF suffer from a buffer overflow vulnerability. Proof of concept pdf included.
d1b2e1f9b65330d9953cb0fb733379c0749b72d89292a81f9cfa895e81086553
SweetRice versions 0.5.0 and below suffer from a remote file inclusion vulnerability.
99bab9000ea3b8689459c7dfa2626db2668846a038c55a42f502f4bbdcda7f2e