This archive contains all of the 378 exploits added to Packet Storm in July, 2010.
b61b3bf53fa4848584d7142f5716fa51d934847d3631bde4c653a00901bf8bc8
UPlusFTP Server version 1.7.1.01 remote buffer overflow post authentication exploit.
a6a08e41b5947372974aff9b14a2282596f65cf35a007410bc1f76fed9559f49
Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) proof of concept command execution exploit.
bf02e9e1d36238740750081701ce2a3c2b498e0a3532ceabfb5c7b2b1318b948
Jira version 4.0.1 suffers from a cross site scripting vulnerability.
a089b5e197e692751a2c97611b596e258edd5b8b894ebb0ee35d25a94853d538
Zemana AntiLogger with AntiLog32.sys versions 1.5.2.755 and below suffer from a local privilege escalation vulnerability.
c4b5374aef4fafad83d8cf34f59211029acaf54deb05c6b2269c93d7ea737d0a
Cetera eCommerce versions 14.0 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
6f1b7cc690c9fe01ae23a3cdf4588f2d2b60564d3f3c631d51149fa0275d2050
UTF-8 directory traversal /etc/passwd grabbing exploit for Apache Tomcat versions prior to 6.0.18.
976e244165fc9beb273d4e21c954c5135843e2b1fb28d129213c11847fd97471
Joomla PhotoMap Gallery version 1.6.0 suffers from multiple remote blind SQL injection vulnerabilities.
8990931df0ebbd576f3d3b513dc714bdbe844c94639806bdeeb8b03de8fc3d32
AV Arcade version 3 suffers from insecure cookie and SQL injection vulnerabilities.
8e521695e01449c7661f2cb8f90b185012521a3a3fc71c1f2a2a3040bb131b5f
nuBuilder version 10.04.x suffers from a remote file inclusion vulnerability.
50aa0127b4f48063bded2efe72397e46ea8cda4e661102f4751dfdcb7cca99b4
PunBB versions 1.3.x and below with Pun_PM versions 1.2.6 and below remote blind SQL injection exploit.
9ff6ffcaee243fedfd27fe9acfd20939ae8c73d2b9f5a8a337b7111a91f7b1f7
Joomla TTVideo component version 1.0 suffers from a remote SQL injection vulnerability.
75200879a3bd5730366a523077e07e8ed34e61e4529878584f78e8c76dda9e10
Microsoft Visual Studio version 6.0 VCMUTL.dll unicode Active-X buffer overflow exploit.
8bc15f5936594babeb3a856d2c1f4be963657b17322ca8a826e481ded8df5dce
Microsoft Internet Explorer versions 6 and 7 suffers from a denial of service vulnerability.
482425864ec290b53bf411b038cec6945fb29282b027f55a2cc19f295e8c9b55
Social Media version 2.0.0 suffers from a local file inclusion vulnerability.
f9fff05d731f40d512a1f7e45fa71eb675f3ec9200b1ef5c368261c5745bc5b5
PHPKIT WCMS vesion 1.6.5 suffers from a reflected cross site scripting vulnerability.
4e462957f2e106b8bb64e9043371757932788cc4d9d401bc835d3d3f0cd266b0
Theeta CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
abd07e877e033b157bc1097c9a4671046bc160b5e7002cc5cf5778baaf7e4228
The Joomla Appointinator component version 1.0.1 suffers from remote SQL injection vulnerabilities.
66764625f1160b07a89ce69e57e6fb31314fcbb08c69a8daa68654123b6c3816
SyndeoCMS versions 2.9.0 and below suffer from multiple cross site scripting vulnerabilities.
bb36e93b50963e087f01564519716874a1890ed64461f0a11a898d626ef715ed
PHPKIT WCMS version 1.6.5 suffers from multiple cross site scripting vulnerabilities.
ecd55597608e71646904db6946b845c4681b1cddfd49ad04710cd12a26efcbdf
This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing 'MKD' commands, which leads to a stack based buffer overflow. NOTE: EasyFTP allows anonymous access by default. However, in order to access the 'MKD' command, you must have access to an account that can create directories. After version 1.7.0.12, this package was renamed "UplusFtp". This exploit utilizes a small piece of code that I\\'ve referred to as 'fixRet'. This code allows us to inject of payload of ~500 bytes into a 264 byte buffer by 'fixing' the return address post-exploitation. See references for more information.
64b443540fdeb96bc8d215db2cda4309e4f7a47ab91c999760aa2ec1b4c4e8cb
This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11. credit goes to Karn Ganeshan. NOTE: Although, this is likely to exploit the same vulnerability as the 'easyftp_cwd_fixret' exploit, it uses a slightly different vector.
e0ad32d2bd863526c4c30afdbdbb2363ca018d9f92d5dd8adb0cbbb6853e1250
This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing the 'path' parameter supplied to an HTTP GET request, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability. After version 1.7.0.12, this package was renamed "UplusFtp". Due to limited space, as well as difficulties using an egghunter, the use of staged, ORD, and/or shell payloads is recommended.
db54552b60a46cc551e6f2b027066ebce8c0bf14e91553ea190e2a4206a71b5a
This Metasploit module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary code.
e26ab2a5222c307d647627ec82c5fdecaea972d112ff93a4e71a4e9cde863488
QQplayer versions 2.3.696.400p1 and below .smi file processing local buffer overflow exploit.
df8b0e2bb9d5792041154196ddbe98dd0ae2a1df2a0f14877598e8664133de23