This archive contains all of the 284 exploits added to Packet Storm in October, 2010.
109c7f81b0e2739d5ebe2f11c94eee497c45746c5c5de1adbd277418fd305e40
Linux kernel arbitrary write memory write via v4l1 compat ioctl exploit.
0fb3fe6114ef493e4fab7053e8a06ac577d72940a2bdde07d3c8602f119bf555
Free Adult Script version 2 suffers from a remote SQL injection vulnerability.
81fac11dffeb02afbb8b0750c18da13d04fd1eb4279664c0e05eb7e7e54980c8
The Joomla Jcars component suffers from a remote SQL injection vulnerability.
65c3bc4dc09d59cb0feb75ac4a731007657b09eb9a143ff1fa451bc83d47ffb6
This is a simplified memory corruption proof of concept exploit for Firefox.
84f1b73f392b7d5cac24e6fbbd2c87adfae94e7b77462a12739e5959d7c4e4e3
mygamingladder MGL Combo System versions 7.5 and below remote SQL injection exploit that leverages game.php.
692212f64021295c87957567cdc84aeef8aedd138fe9c25560ff5921bfc6d989
PHPKit versions 1.6.1 R2 and below remote SQL injection exploit that leverages overview.php.
60f29fc5837355fd5ef838e4225260e314c73abe5d8f82833f62aba28fcff37f
Feindura CMS versions 1.0rc and below suffer from cross site scripting and local file inclusion vulnerabilities.
364e10b51df7e626af9e31c02f0fd1b74762c2df9327f0e6c321824c0b173d53
Home FTP Server versions 1.10.3 (build 144) and 1.11.1 (build 149) both suffer from a directory traversal vulnerability.
9d81ecb61b5e435a53bf11a418f751e73163b649c341f2fb52a0397841218a0e
XBMC version 9.04.1r20672 soap_action_name post upnp sscanf buffer overflow exploit with windows bindshell code.
216d6860483a52a2efb4bf88bcd4db93daea540f99880b822a68ceaf94f00786
Firefox Interleaving document.write and appendChild denial of service exploit.
4727d96639dd01ea7d34a8043ef6ba030fec88e8c059e0c06387cafeff334b33
Pub-Me CMS suffers from a remote blind SQL injection vulnerability.
c69038e6e913874877ba93de02fbb84a7c1c5266124d084c884ce4519a295083
TFTgallery version 0.13.1 suffers from a local file inclusion vulnerability.
f09b64e225e3c5868a573117b7677aa62586f97a4423d22572b6da257862ec9b
Firefox versions 3.6.8 through 3.6.11 Interleaving document.write and appendChild exploit from the wild.
68ab654a50c12d46b98a4ef24765f97eb2f6199811379c01b9d09ee60f3de211
Whitepaper discussing how to go from having a webshell to getting remote root using the GNU dynamic linker DSO vulnerability on Debian versions 5.0.6 and below and Ubuntu versions 10.04 and below.
ae6f799792df2bc63f6efc669e1ba990189cb2b0e37eae9470cd60171c0c72ba
W-Agora version 4.2.1 suffers from cross site scripting and local file inclusion vulnerabilities.
f09e2101de46d7518db6f13e155068cd8d2ff4818c7dac303925148c547871c7
MyCart version 2.0 suffers from cross site scripting, remote SQL injection and code execution vulnerabilities.
643dc205d08e124429bd249200227cf4bbd7bf161761b5cb5bfe7223bc7f4e64
Spring Security does not consider URL path parameters when processing security constraints. By adding an URL path parameter to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification (see below). Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed.
429e4cf5e844ee3703c922909bb8c267c6740efb53e7fb37de08a3f14ccacd09
Oracle BPEL Console version 10.1.3.3.0 suffers from a cross site scripting vulnerability.
8b80837fd9c12c060f51e80f3ef5cf3cb1543ef6936db9fd039e3765f60d152d
DBHcms version 1.1.4 suffers from a remote SQL injection vulnerability.
d2dd6e9058c56ff1c12384d40daeb049e5b1faa996a5d530244f174b5ae927a4
MinaliC Webserver 1.0 suffers from remote source disclosure and file download vulnerabilities.
8057d058681edb872b0ede38d6a1581786fdc2fcf4af38d0137bf955075c6321
NinkoBB version 1.35RC5 suffers from a cross site scripting vulnerability.
5f17224c535b3e365f37fcaaef25df946cebc430ee5f7e8408c5691d819be76d
Oracle BI Publisher suffers from a HTTP response splitting vulnerability.
a16b4a5d2e42764c015a89ca8d14b3e7d1594fc9ccef544177abbde6f3759df3
phpLiterAdmin version 1.0 RC1 suffers from an authentication bypass vulnerability.
f1d430adf9f4a44baf102108163205360dc773aafc1aa7a2ae8eeecd65e8d038
Alstrasoft E-Friends version 4.96 suffers from local file inclusion, shell upload and remote SQL injection vulnerabilities.
3f7c78cec9a527c7d099e788ad41efa89efbd352edf3f4d1674bf8a4003f378f