This archive contains all of the 351 exploits added to Packet Storm in January, 2012.
8b836da23c3e4ed57b80a9dc6b85088c
Mindjet MindManager 2012 version 10.0.493 suffers from buffer overflow and denial of service vulnerabilities.
c55d3d4ffe78bd34dbd71d5e2960c04e
Ez Album suffers from a remote blind SQL injection vulnerability.
c5f91018271fd7ea8786f96c79101164
Adobe Flash Player MP4 SequenceParameterSetNALUnit remote code execution exploit that works against versions 10.3.181.34 and below on XP SP3.
cf02af1c3dc09483a9ca31549d45ec0b
phpShowtime suffers from a directory traversal vulnerability.
72934e978896d896091d871909ee8958
EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
e540c339e50eef4b81df0e87bc189135
The gmwgroup.harvard.edu site suffers from a remote SQL injection vulnerability.
feb69116a6183c69c6c1500fdabe05aa
Proof of concept code for a vulnerability in protocol.c from Apache versions 2.2.x through 2.2.21. The issue is that it does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies.
657f1bf4056ef716235936fdcd302d24
Agent Zone Vastal I-Tech Real Estate script suffers from a remote blind SQL injection vulnerability.
de7ecf5e1bfc46f8cf8f488f5b7ea9de
The blogs.forbes.com site suffers from a cross site scripting vulnerability.
d4c3d04320610f0d9e9f851658a09244
4Images version 1.7.10 suffers from a cross site scripting vulnerability in the administrative panel.
e550253f92cd260f211e8370a98631cf
Campaign Enterprise version 11.0.421 suffers from a remote SQL injection vulnerability.
ec20548ba9402a347c1329c29fcf022c
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php in vBSEO versions 3.6.0 and below. User input passed through 'char_repl' POST parameter is not properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
43db8b7017e615d69d61ee087f3fd0fb
The Joomla CRHotels component suffers from a remote SQL injection vulnerability.
fd9e0442e767095f06dc53556757bdec
TWiki suffers from a cross site scripting vulnerability.
dd5aa8c179b2eab2758930be2767f7e8
sudo versions 1.8.0 through 1.8.3p1 suffer from a format string vulnerability that allows for privilege escalation.
b2036d45402949553965c07da5b6d34c
OSClass version 2.3.4 suffers from cross site scripting, remote file inclusion and remote SQL injection vulnerabilities.
a12abb24c0bcbb63744f41b14614b5bb
Postfixadmin version 2.3. 4 suffers from cross site scripting and remote SQL injection vulnerabilities.
dd4d0622a04f9e835b76a657cce1e426
Snort Report versions 1.3.2 and below suffer from a remote SQL injection vulnerability.
4c3f584caafc12dbf6d71610a1d2c410
The Joomla Propertylab component suffers from a remote SQL injection vulnerability.
234cfbaa2fa7139f42f69411ea24bd80
DPI version 1.0 suffers from a cross site scripting vulnerability.
e92965d578bb18262516d6781d4073e0
Mibew Messenger version 1.6.4 suffers from multiple cross site scripting vulnerabilities.
f32c2798bd75a6a10e425d0591bc87c3
The Joomla BBS component suffers from a remote SQL injection vulnerability.
a3be06ef419abf86154d0accfdf0e70e
Phux Download Manager suffers from a remote blind SQL injection vulnerability.
6d22563ebdaaf2cecc143d641f7f7e8e
The Joomla Firmy component suffers from a remote SQL injection vulnerability.
279fb685b3bac33f19ce66a579700475