This archive contains all of the 310 exploits added to Packet Storm in July, 2011.
603da13e29087f16eead2abb5d3b216db7588910271d72cb568d7923563dde87
This Metasploit module exploits a stack-based buffer overflow in Actfax FTP Server versions 4.27 and earlier. Actfax fails to check input size when parsing 'USER' command. This vulnerability results in arbitrary code execution. This Metasploit module has been designed to bypass DEP under Windows Server 2003 SP2/R2.
4130d9d9091328eaf7da7f5eb01c8fa922c77d44b6eab4ba976a6220a96c83af
Hong Kong Firms Internet Services CMS suffers from multiple remote SQL injection vulnerabilities.
3ab724ad908688fddf2ca51ad820a96af8f83d1356ae5ee146b9be10829a400f
Digital Scribe version 1.5 suffers from multiple post cross site scripting vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.
b4e758e765d3c3f1dd3bae0aeac26f05237bd21334ea75852e11273d369ff975
Rebound suffers from local file inclusion and remote SQL injection vulnerabilities. A SQL injection vulnerability allows for authentication bypass.
a377c01037681e98ab7ab6d62067f5e635f5febc66e5a4c5bb90efaf05725b17
Elgg versions 1.7.9 and below suffer from multiple cross site scripting vulnerabilities.
7d3524447fb644b9d0060ad234e6ad25c76acf7d2c752d60db219a95d7ecf093
Websites by cgCraft LLC suffer from a cross site scripting vulnerability.
1517d86049c58f1c4d9c7db31424922bfa393e675fd31f27e8c2e4366a715374
Nginx version 0.7.65 suffers from a configuration vulnerability that may allow for a shell upload.
80551d22725746b690efed90e1d3702a31f4692d83292d2ce060118f47299c32
The Joomla obSuggest component suffers from a local file inclusion vulnerability.
a3232db962571de27e7cae06d4a6f6e731eb0b61319509b28a4c7f982fef30a3
cFTP versions 0.1 r80 and below suffer from a shell upload vulnerability.
14de6b079c3f2f8eb5fca135eed93128745b81db4e2395aef033773807a3b325
Link Station Pro suffers from cross site scripting and remote SQL injection vulnerabilities. The SQL injection vulnerability allows for authentication bypass.
af6a8e253f03e46cdce73f0204bfe883d6c68700b467b7d4fa19ab3006bd297b
Sitecore CMS versions 6.4 and below suffer from an open redirect vulnerability.
9962970fa866dd226abf661c2548f403325c7a3abdbd02722672dba1179291af
Websites by cgCraft LLC suffer from multiple remote SQL injection vulnerabilities in info.php and news_item.php.
4178b3d22155a363499855382b60348d43fcb513e01b7967a54a438dacc460e4
A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7e
A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.
77bb79231bbb028fe492542d9e61d644cb065950ffe0899ea78eccb932223ecb
MyWebServer version 1.0.3 suffers from a remote denial of service vulnerability.
673ed7cfec26749b14ec4996ad07fbed7d17e304de1e91825849f7949f92e9ba
MyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.
d4996c4c733d4a5b035b5aae5c50a79599b51430fd59a050497f73d8eeff330f
ICQ versions 7.5 and below for Windows remote denial of service exploit.
3a6a1153fe46b2a5d8f478cd4dbaf2afc905b2e7008deeedbe8ac9a11442f4d1
ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.
4307cd7c0b9620083e36f686fe14e007f7ca64884c5ceaa83beff75b77a767ac
A stack-based buffer overflow has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
8c2aad516fccebdeefca7b40556e1cfb18e6b22108f839a744c124db43130d39
Midori Browser version 0.3.2 suffers from a denial of service vulnerability.
deb589c219ec48802776ce4086a3f468b0a54ffa47bd8d8841912deec989fbad
Multiple games using the Quake engine suffer from remote shell injection and code execution vulnerabilities.
40d5a0eda94f7c3b08a03211b96c36f7794a9900ae0eccda97964850b880b469
Gopal Systems suffers from a remote SQL injection vulnerability.
c4c45321e921a3f9a6d7f459ed04131b5d68962b1b6a3b5ec4b64dda6e583ad9
MinaliC Webserver suffers from a cross site scripting vulnerability in the generated 404 page.
900ea491b5a59093ad12a47315ce52d24123e044ab6e62772d3b13759ddaa82d
PHPJunkyard 1.3 suffers from an open redirection vulnerability.
d235ad3a7ba3f0c743348f449d622badf370df041465698bce0d3d51132d2012