This archive contains all of the 195 exploits added to Packet Storm in July, 2012.
d1c4f8bf6e1686f31a09703b8311dcdafdb0325712ffebc264d5aba10c4a798e
This perl script attacks pBot by leveraging a hidden .eval command to delete and kill the bot.
19d0cd2419b1ba8636cb8720f58807484e2cd5fe55c43028edb94c4dfbfc419f
Limny version 3.3.1 suffers from a remote blind SQL injection vulnerability.
afe1728c22b27e47b419699f63dbddefc56b99cc5a392d1aa6cf7d85188cf1ef
Arora version 0.10.0 with Windows Qt 4.5.3 suffers from cross site scripting and denial of service vulnerabilities.
418fbd0402132cfbdaaa90d41a9d3c5238d1cebdaed4fc5ee7aecbc4333d37fa
Temenos T24 R07.03 suffers from an authentication bypass vulnerability as it fails to properly enforce access control on the password reset functionality.
02ff07cc29f837babb592db15e1183a5b60963952716001ea0a431f7960a4a04
Temenos T24 R07.03 suffers from a reflected cross site scripting vulnerability.
5a86a359330048bce578fad4d1e515585ab3ba67c08f61b0f8def7cf9c396e72
Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection vulnerability in deptUploads_data.php.
3979d02fd58b3d8d425160bc812c8985dd4e717d3e8b65cbe4b4ce9d8c41fd1b
DataWatch Monarch Business Intelligence (BI) version 5.1 suffers from a blind XPath injection vulnerability in the administrative section.
3e0ec45c35080aac2af038b91791730e03ba16055058332c47d09bc62aab599e
DataWatch Monarch Business Intelligence (BI) version 5.1 suffers from a reflective cross site scripting vulnerability.
ec32eb30d78cfa43006c0637f0d72afa5a3d43bf5f740ba4eef97842fa1daac5
DataWatch Monarch Business Intelligence (BI) version 5.1 suffers from a cross site scripting vulnerability in the client section.
a56f2b5cc1afeece14c2a41f4faabc96b0f7f9edcef58badecb3fee221ce4bd7
DataWatch Monarch Business Intelligence (BI) version 5.1 suffers from a cross site scripting vulnerability in the administrative section.
ec32eb30d78cfa43006c0637f0d72afa5a3d43bf5f740ba4eef97842fa1daac5
Dr. Web Control Center version 6.00.3.201111300 suffers from a persistent script injection vulnerability.
851dfd59c6d9101c9e8c052a49bf2565ed6031d9562a93e808d4c5f2aacb003b
Spark IM client version 2.6.3 suffers from a cryptography failure where the key for encrypting the passwords is stored statically in Encryptor.java. Tool included that will recover usernames and passwords.
9782253ae9795fa6cba9d6a8e3b03d59608adabe717e35b82a175473cd0bfd36
This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.
7ad8e7d26bc7d8213c68e74fdb77fb2a0f223d16965a4e6425e8d2f9797435cd
Develoweb suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
6a3655c254cff4a03fae3e9155f4657898b1623a1a5fd6720aa5ea21005d67ed
Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.
5bbd69706e38d6f70c41925cdab4681651c0862b6cc58df5c29389f62daf07d3
eNdonesia version 8.5 suffers from a remote SQL injection vulnerability.
54948b906dd600af3a708bf80769f8374d8ced6d49fdaf2b016551b8718fa031
httpdx versions 1.5.4 and below suffer from a heap overflow vulnerability.
418b2d4fcc760866c7a677f04fa2344dd4f3cb2e1e8f863757935f0943065894
Proof of concept denial of service exploit for the zero length client id infinite loop vulnerability in DHCP version 4.1.2.
866407d6a01490397a0a69ab14d8818f3272133757b74cb32940ac7e6d151ada
ocPortal CMS versions 7.1.5 and below are vulnerable to open URL redirection.
353cd4c439e094016caa438e0e165cbccde2fc29c1d867a80b2e7e755c9e4333
Various flash players, such as JWPlayer for MODx, Simple video flash player for Joomla, Poodll for Moodle, RokBox for Joomla, and RokBox for WordPress all suffer from a cross site scripting vulnerability.
260067c1b6a7935399c21b2621857237ac79808b7df319270dbb7fa906648b17
eNdonesia katalog module version 8.5 suffers from a cross site scripting vulnerability.
aa87de6d3861fc8e0e457c276446c4b1de520503f1eaac7f766e6852cb512158
This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.
121e5304fc0c68efcbe91a4bd17f067fad4fef74c609ee089fb5929981de2e57
phpBB3 version 3.0.10 appears to suffer from remote SQL injection vulnerabilities.
9376898c3f8c9323188f7425ea004eae96bc735daba1b4f20ceac24ede2d816c
Transmission BitTorrent client versions prior to 2.61 suffer from a cross site scripting vulnerability.
818ec13f1f8cc75dec858bf1a430235ca3eb87f12cf8abc296ca9d260ec5fb0b