This archive contains all of the 251 exploits added to Packet Storm in May, 2012.
1639c83dffedf40753663cec8ea5ec6591b8356d5d5b0e92b8ae35cf69fc6c96
There is a buffer overflow in the script-fu server component of GIMP (the GNU Image Manipulation Program) in all 2.6 versions (Windows and Linux versions) affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu server overflows a buffer and overwrites several function pointers allowing the attacker to gain control of EIP and potentially execute arbitrary code. Proof of concept code included.
3314be7d12f71ac43757fa38c7b5d582d33d0a31d034dd7a8a87b9037b9edecb
This Metasploit module exploits a vulnerability found in PHP Volunteer Management System, versions 1.0.2 and prior. This application has an upload feature that allows an authenticated user to upload anything to the 'uploads' directory, which is actually reachable by anyone without a credential. An attacker can easily abuse this upload functionality first by logging in with the default credential (admin:volunteer), upload a malicious payload, and then execute it by sending another GET request.
a9247fc86c26d352083bf798cdd011abca8e533b47fe3653ae48f91b1a8c9e3b
StyleDesign suffers from multiple remote SQL injection vulnerabilities.
790e2d4f1f19a59fff61876bdcff9494a8ffd67f8b3ba8b412908182e572d1bf
Snapdeal.com suffers from cross site scripting and URL redirection vulnerabilities.
8341259c808aa3333216afbcade6c36a1cab7644ed9a71b97c912a4891740db4
It is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs. Perhaps more interestingly, you can also navigate third-party documents to resources served with Content-Disposition: attachment, in which case, you get the original contents of the address bar, plus a rogue download prompt attached to an unsuspecting page that never wanted you to download that file. Proof of concept code included.
c8e117983282dd44d231f39a10dc8b0b2bf8c46c42490f1cf78aeb4b75db6be8
Ganesha Digital Library version 4.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
d8229b62a5feacd2bdc8fc7fc622b0bf721f10aa3216a534f2a3423e949cca98
Wireless Manager Sony VAIO version 4.0.0.0 suffers from multiple buffer overflow vulnerabilities.
ae9b322b87e7af2d73ce645f54f6fb7a7ad6ae0e9c2080775aa0d7a7356dec21
Ibaguenet suffers from a remote SQL injection vulnerability.
6ae13613fbd45ce061585ab7cd8cf7a4f82ccc4db69cb9cf70b57d35ba21c5a6
NewsAdd versions 1.0 and below suffer from multiple remote SQL injection vulnerabilities.
a58fefb65e83021a28801ce3afbaa8b0d7be38826dab990ace5fb569c6823fad
WHMCS version5 suffers from cross site request forgery, HTTP parameter pollution, and cross site scripting vulnerabilities.
72669ef400189e06281334a0ae9069ed32964989156dbf3753ba57858d2104de
This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. This plugin is not secured in version 0.9 of VAMCart and allows the upload of files on the remote server. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.
2f631d7a476c9b413ae2de8686ab1f98d4e0e9c4ff4f224e34949b05e6bbf3c0
VANCart-InternetShop version 0.9 suffers from cross site request forgery and shell upload vulnerabilities.
a3d1a0eb4bb484d54b974426fd346ef862dfc26b4788bc1577f86886d324b2b8
This Metasploit module exploits multiple cross site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 to allow for arbitrary file upload / command execution.
f39d87cd2d0ecdc33b13e8ce46c0cbdb325accad08219c2178ea9f86295312c7
This Metasploit module exploits a stack-based buffer overflow found in the handling of SAMI subtitles files in MPlayer SVN Versions before 33471. It currently targets SMPlayer 0.6.8, which is distributed with a vulnerable version of mplayer. The overflow is triggered when an unsuspecting victim opens a movie file first, followed by loading the malicious SAMI subtitles file from the GUI. Or, it can also be done from the console with the mplayer "-sub" option.
ff773c1737c09b314a58cb07dab372f6b99f077dc26dbd42fd59a36e56c907a7
PBBoard version 2.1.4 suffers from multiple remote SQL injection vulnerabilities.
7fe5b20927aaffae29776bb564eeb8a96670bea62bb6fcb45a4fd730c7f8b817
This Metasploit module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.
65a7306dea41b299aa10904fe0da0ef4f8feaaf8b06f2b42c12431d74226ce63
This Metasploit module exploits a vulnerability found in ispVM System 18.0.2. Due to the way ispVM handles .xcf files, it is possible to cause a buffer overflow with a specially crafted file, when a long value is supplied for the version attribute of the ispXCF tag. It results in arbitrary code execution under the context of the user.
dd306ebaa1dbb06e60f50cd822da5c809e6e45d3a3bec14bed35322b5703fd6a
PBBoard version 2.1.4 suffers from a local file inclusion vulnerability.
840dd61912dca2230c93d865025205fb5ad12c9b2ead84a1ac7013ffa24ea103
Topics Viewer version 2.3 suffers from local file inclusion and remote SQL injection vulnerabilities.
240295b4314ae057413639f66d3ca5596b799d870b2492f4e019413946b893f4
LibreOffice version 3.5.3 suffers from a FileOpen crash denial of service condition when handling rtf files.
a71da538901bbc0fa1d8228c151e5f1dd87314a31e0dae91254b0b30fc980d29
PHP Volunteer Management System version 1.0.2 suffers from cross site scripting and shell upload vulnerabilities.
5dda1338ca319b4adddc456481f9f1b5cd07d77f0275192f85b5454e36568928
PHP Volunteer Management System 1.0.2 suffers from multiple remote SQL injection vulnerabilities.
bbef50f00f1004c0c3b40f947efc42c825c2517b868db7747f70bf88487f9451
Yamamah version 1.1.0 suffers from a database backup download vulnerability.
9ba02db21a83e5a8efab01c2d4243ac6d3bea9948f0e4020890e7d14d7469e10
WinRadius 2009 suffers from a denial of service vulnerability.
6d6ac4e2be7fb63e9e680889df21e507bc3a56f9b855b5f2704f8a6297d58047