This archive contains all of the 195 exploits added to Packet Storm in July, 2012.
d1c4f8bf6e1686f31a09703b8311dcdafdb0325712ffebc264d5aba10c4a798eThis perl script attacks pBot by leveraging a hidden .eval command to delete and kill the bot.
19d0cd2419b1ba8636cb8720f58807484e2cd5fe55c43028edb94c4dfbfc419fLimny version 3.3.1 suffers from a remote blind SQL injection vulnerability.
afe1728c22b27e47b419699f63dbddefc56b99cc5a392d1aa6cf7d85188cf1efArora version 0.10.0 with Windows Qt 4.5.3 suffers from cross site scripting and denial of service vulnerabilities.
418fbd0402132cfbdaaa90d41a9d3c5238d1cebdaed4fc5ee7aecbc4333d37faTemenos T24 R07.03 suffers from an authentication bypass vulnerability as it fails to properly enforce access control on the password reset functionality.
02ff07cc29f837babb592db15e1183a5b60963952716001ea0a431f7960a4a04Temenos T24 R07.03 suffers from a reflected cross site scripting vulnerability.
5a86a359330048bce578fad4d1e515585ab3ba67c08f61b0f8def7cf9c396e72Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection vulnerability in deptUploads_data.php.
3979d02fd58b3d8d425160bc812c8985dd4e717d3e8b65cbe4b4ce9d8c41fd1bDataWatch Monarch Business Intelligence (BI) version 5.1 suffers from a blind XPath injection vulnerability in the administrative section.
3e0ec45c35080aac2af038b91791730e03ba16055058332c47d09bc62aab599eDataWatch Monarch Business Intelligence (BI) version 5.1 suffers from a reflective cross site scripting vulnerability.
ec32eb30d78cfa43006c0637f0d72afa5a3d43bf5f740ba4eef97842fa1daac5DataWatch Monarch Business Intelligence (BI) version 5.1 suffers from a cross site scripting vulnerability in the client section.
a56f2b5cc1afeece14c2a41f4faabc96b0f7f9edcef58badecb3fee221ce4bd7DataWatch Monarch Business Intelligence (BI) version 5.1 suffers from a cross site scripting vulnerability in the administrative section.
ec32eb30d78cfa43006c0637f0d72afa5a3d43bf5f740ba4eef97842fa1daac5Dr. Web Control Center version 6.00.3.201111300 suffers from a persistent script injection vulnerability.
851dfd59c6d9101c9e8c052a49bf2565ed6031d9562a93e808d4c5f2aacb003bSpark IM client version 2.6.3 suffers from a cryptography failure where the key for encrypting the passwords is stored statically in Encryptor.java. Tool included that will recover usernames and passwords.
9782253ae9795fa6cba9d6a8e3b03d59608adabe717e35b82a175473cd0bfd36This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.
7ad8e7d26bc7d8213c68e74fdb77fb2a0f223d16965a4e6425e8d2f9797435cdDeveloweb suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
6a3655c254cff4a03fae3e9155f4657898b1623a1a5fd6720aa5ea21005d67edScrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.
5bbd69706e38d6f70c41925cdab4681651c0862b6cc58df5c29389f62daf07d3eNdonesia version 8.5 suffers from a remote SQL injection vulnerability.
54948b906dd600af3a708bf80769f8374d8ced6d49fdaf2b016551b8718fa031httpdx versions 1.5.4 and below suffer from a heap overflow vulnerability.
418b2d4fcc760866c7a677f04fa2344dd4f3cb2e1e8f863757935f0943065894Proof of concept denial of service exploit for the zero length client id infinite loop vulnerability in DHCP version 4.1.2.
866407d6a01490397a0a69ab14d8818f3272133757b74cb32940ac7e6d151adaocPortal CMS versions 7.1.5 and below are vulnerable to open URL redirection.
353cd4c439e094016caa438e0e165cbccde2fc29c1d867a80b2e7e755c9e4333Various flash players, such as JWPlayer for MODx, Simple video flash player for Joomla, Poodll for Moodle, RokBox for Joomla, and RokBox for WordPress all suffer from a cross site scripting vulnerability.
260067c1b6a7935399c21b2621857237ac79808b7df319270dbb7fa906648b17eNdonesia katalog module version 8.5 suffers from a cross site scripting vulnerability.
aa87de6d3861fc8e0e457c276446c4b1de520503f1eaac7f766e6852cb512158This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.
121e5304fc0c68efcbe91a4bd17f067fad4fef74c609ee089fb5929981de2e57phpBB3 version 3.0.10 appears to suffer from remote SQL injection vulnerabilities.
9376898c3f8c9323188f7425ea004eae96bc735daba1b4f20ceac24ede2d816cTransmission BitTorrent client versions prior to 2.61 suffer from a cross site scripting vulnerability.
818ec13f1f8cc75dec858bf1a430235ca3eb87f12cf8abc296ca9d260ec5fb0b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed