This archive contains all of the 212 exploits added to Packet Storm in November, 2011.
4ce4dae14067c705b24f6a65f2b6a121fc4cc0c48d373b45b008d48685e82e05
IBM Lotus Domino versions 8.5.3 and 8.5.2 FP3 suffer from an authentication bypass vulnerability.
a2ec180c7015b665a8c09c5c87f819d86fe11a21748572b331a213d5403e5704
PHP Inventory version 1.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8ebe11c2190eb6eb4bb69b19db6d857a31629633ee830ea142db005190e42979
The WordPress flash-album-gallery plugin suffers from a cross site scripting vulnerability.
c688bb0b8f202c7a6bc310458f0bf58c3de2ea24bb5ddaaaa3c66c574d93f542
The WordPress 1-jquery-photo-gallery-slideshow-flash plugin suffers from a cross site scripting vulnerability.
2558a4d7ede8efa08cbd2de4b5277d0eb7759f89ded4b6086846dece6ddfac02
Serv-U FTP server suffers from a remote jail breaking vulnerability.
69f0832074081c550ccae5d7f3afc1b4046cc0632090e235f13b3fc2d70e5155
Remote root exploit for FreeBSD ftpd and ProFTPd on FreeBSD. It leverages the fact that /etc and /lib can be modified inside of the chroot.
f59b24d7a9bf8446fb65b25ad7046e1b91fd2198e39bf16f0a7f6d2431d9e848
Voxsmart VoxRecord Control Centre version 2.7 suffers from a remote blind SQL injection vulnerability.
b233d577e2af4bd51137e11dd2e49abfffaaecec046f5ee3bb29090373476e66
This Metasploit module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc).
d91e779ec520d6b5000796fbb5510410cdd34ecb929017aa6bdbbf0c838eed04
This Metasploit module exploits an unauthenticated remote root vulnerability within CTEK SkyRouter versions 4200 and 4300.
5e44a6afb2c0c358e26b3780e96612702111f90fcd3b8cfd6335fb6f309d516d
WikkaWiki versions 1.3.2 and below suffers from remote SQL injection, unrestricted file upload, arbitrary file download, arbitrary file deletion, remote code execution and cross site request forgery vulnerabilities.
f5f16ff3f59901b3991fb94563c0b39bd9eee2fd825e6f8c81aec203ea470e7a
GOM Player version 2.1.33.5071 unicode stack buffer overflow exploit that creates a malicious .asx file.
971fa225476af793630fed50acafc906d65f2a06c6b21985a2ea4f591586bbfe
Bugbear FlatOut 2005 buffer overflow exploit that creates a malicious .bed file.
bc3c99f35356951f3633ebafa0c89c0c906268e205967ca4a6f14d98b4168b1e
MS11-080 privilege escalation exploit that leverages the fact that afd.sys does not properly validate user-mode input passed to kernel-mode.
050ef4e20cffa5096df95d3a92d67ec15bef3ea3848cd5b8824bbec9e2cb4338
The AvidPhoneticIndexer.exe network daemon that ships with Avid Media Composer version 5.5 suffers from a remote stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory and a Metasploit module.
a6100e77da08ab7504d889909384925c152f4a923056b91aef442070ec7d5eeb
StoryBoard Quick version 6 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
a58071791bae0e9b02ab74ae8bc27fb0a782edd806f7f95a6330d6c8d53fb41c
Muster Render Farm Management System version 6.1.6 suffer from an arbitrary file download issue due to a directory traversal vulnerability. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. The advisory in this archive includes exploitation details.
4c7c5caf872d4ace08b11d687019c73a366d5da96d3cb3fa5d8590c61b7d691a
Final Draft version 8 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
ac3e47d5874fd1d4daad7534970506cf6afc9f213d1d90f20086b45e813dcbbd
Sites created by Schok Creative suffer from a remote SQL injection vulnerability.
7dc0055c5274ec7437bf95c76e36a43b0359c3cbaf719121cde6e20ed1e6a1f9
3S CoDeSys versions 3.4 SP4 Patch 2 and below suffer from integer overflow, stack overflow, folder creation and multiple NULL pointer vulnerabilities.
9f18a5df23671b7b00bdf05e10758b4e56ae625a309b1451df702bc5cf7e4932
Video Girls BiZ Video Chat script suffers from cross site scripting and remote SQL injection vulnerabilities.
f08affdc5afc926fe3dc84284f7bab1c69b9a826f7b4c5b18d73b619062ce184
ExpressionEngine version 2.2.2 and CodeIgniter version 2.0.3 suffer from filter bypass and cross site scripting vulnerabilities.
fdab17029ae48b80689e4ddd515edc23100d07a8f55741743dc18b289e5b7a22
Ajax Script suffers from cross site scripting and remote SQL injection vulnerabilities.
4b9b807cf31978b23900da02089db7c0593e9b3d9d8818e73b8619fa6d5324e1
Toshiba.com and Compaq.com suffer from cross site scripting vulnerabilities.
d20994a6ef3ff7ce5d7076c9ff08e0cb8eff2bb0a686c23fd54a38d799d17bc5
ModenaCam, the Adult Turnkey Flash Live Chat Software script, suffers from remote SQL injection and cross site scripting vulnerabilities.
effbed27188e2b0a4ceac3cf54c68aac13e6f3a4b929f812bc21ab058843771d