This archive contains all of the 310 exploits added to Packet Storm in July, 2011.
603da13e29087f16eead2abb5d3b216db7588910271d72cb568d7923563dde87This Metasploit module exploits a stack-based buffer overflow in Actfax FTP Server versions 4.27 and earlier. Actfax fails to check input size when parsing 'USER' command. This vulnerability results in arbitrary code execution. This Metasploit module has been designed to bypass DEP under Windows Server 2003 SP2/R2.
4130d9d9091328eaf7da7f5eb01c8fa922c77d44b6eab4ba976a6220a96c83afHong Kong Firms Internet Services CMS suffers from multiple remote SQL injection vulnerabilities.
3ab724ad908688fddf2ca51ad820a96af8f83d1356ae5ee146b9be10829a400fDigital Scribe version 1.5 suffers from multiple post cross site scripting vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.
b4e758e765d3c3f1dd3bae0aeac26f05237bd21334ea75852e11273d369ff975Rebound suffers from local file inclusion and remote SQL injection vulnerabilities. A SQL injection vulnerability allows for authentication bypass.
a377c01037681e98ab7ab6d62067f5e635f5febc66e5a4c5bb90efaf05725b17Elgg versions 1.7.9 and below suffer from multiple cross site scripting vulnerabilities.
7d3524447fb644b9d0060ad234e6ad25c76acf7d2c752d60db219a95d7ecf093Websites by cgCraft LLC suffer from a cross site scripting vulnerability.
1517d86049c58f1c4d9c7db31424922bfa393e675fd31f27e8c2e4366a715374Nginx version 0.7.65 suffers from a configuration vulnerability that may allow for a shell upload.
80551d22725746b690efed90e1d3702a31f4692d83292d2ce060118f47299c32The Joomla obSuggest component suffers from a local file inclusion vulnerability.
a3232db962571de27e7cae06d4a6f6e731eb0b61319509b28a4c7f982fef30a3cFTP versions 0.1 r80 and below suffer from a shell upload vulnerability.
14de6b079c3f2f8eb5fca135eed93128745b81db4e2395aef033773807a3b325Link Station Pro suffers from cross site scripting and remote SQL injection vulnerabilities. The SQL injection vulnerability allows for authentication bypass.
af6a8e253f03e46cdce73f0204bfe883d6c68700b467b7d4fa19ab3006bd297bSitecore CMS versions 6.4 and below suffer from an open redirect vulnerability.
9962970fa866dd226abf661c2548f403325c7a3abdbd02722672dba1179291afWebsites by cgCraft LLC suffer from multiple remote SQL injection vulnerabilities in info.php and news_item.php.
4178b3d22155a363499855382b60348d43fcb513e01b7967a54a438dacc460e4A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7eA vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.
77bb79231bbb028fe492542d9e61d644cb065950ffe0899ea78eccb932223ecbMyWebServer version 1.0.3 suffers from a remote denial of service vulnerability.
673ed7cfec26749b14ec4996ad07fbed7d17e304de1e91825849f7949f92e9baMyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.
d4996c4c733d4a5b035b5aae5c50a79599b51430fd59a050497f73d8eeff330fICQ versions 7.5 and below for Windows remote denial of service exploit.
3a6a1153fe46b2a5d8f478cd4dbaf2afc905b2e7008deeedbe8ac9a11442f4d1ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.
4307cd7c0b9620083e36f686fe14e007f7ca64884c5ceaa83beff75b77a767acA stack-based buffer overflow has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
8c2aad516fccebdeefca7b40556e1cfb18e6b22108f839a744c124db43130d39Midori Browser version 0.3.2 suffers from a denial of service vulnerability.
deb589c219ec48802776ce4086a3f468b0a54ffa47bd8d8841912deec989fbadMultiple games using the Quake engine suffer from remote shell injection and code execution vulnerabilities.
40d5a0eda94f7c3b08a03211b96c36f7794a9900ae0eccda97964850b880b469Gopal Systems suffers from a remote SQL injection vulnerability.
c4c45321e921a3f9a6d7f459ed04131b5d68962b1b6a3b5ec4b64dda6e583ad9MinaliC Webserver suffers from a cross site scripting vulnerability in the generated 404 page.
900ea491b5a59093ad12a47315ce52d24123e044ab6e62772d3b13759ddaa82dPHPJunkyard 1.3 suffers from an open redirection vulnerability.
d235ad3a7ba3f0c743348f449d622badf370df041465698bce0d3d51132d2012
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed