Ad Muncher versions 4.81 and below suffer from cross site scripting vulnerabilities.
0fa1d8513b69bc1fc286ae4ef31437ee0f3760917a95bc68f2da8de87aa0bf1bDiscovery TorrentTrader version 2.6 suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
ad0688c78f2e66e900baeb06f4dc8cbab87853b449b7279500080c27319ce64cCoppermine version 1.5.10 suffers from reflective cross site scripting vulnerabilities.
be8b73580a130da9b082972278f6af1869440c879e56b3306245c47f80cea697Digital Music Pad version 8.2.3.4.8 SEH overflow exploit.
13c61e7a043d3a036cdb75753e6390a6e098f6948d02b4ae20043fd0da07cd8aKaiBB version 1.0.1 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
3609575d4a9376abeae2a1b81bd498e5d35875d4a5a031c3a59cf96a1a9e7511This Metasploit module exploits a stack-based buffer overflow in the handling of the 'pFragments' shape property within the Microsoft Word RTF parser. All versions of Microsoft Office prior to the release of the MS10-087 bulletin are vulnerable. This Metasploit module does not attempt to exploit the vulnerability via Microsoft Outlook. The Microsoft Word RTF parser was only used by default in versions of Microsoft Word itself prior to Office 2007. With the release of Office 2007, Microsoft began using the Word RTF parser, by default, to handle rich-text messages within Outlook as well. It was possible to configure Outlook 2003 and earlier to use the Microsoft Word engine too, but it was not a default setting.
c781a6b1c954888d98e9d2d99bf09fd7064aa318d76af4eac5e983b427860a6bDzTube suffers from a remote SQL injection vulnerability.
4c6c169a20a99a67a287274f5dd5a14708780f335abd860180e7f9922bdc9b50LoveCMS version 1.6.2 suffers from a cross site request forgery vulnerability.
726e20be981d56722f8df943a67f52902b69be74f0a714802ce0a86b8c03495fChaosmap is an information gathering tool and dns / whois / web server scanner written in Python. It can be used to lookup DNS names with a dictionary with or without using a salt. Salting for DNS means it will append numbers from 1-9 to the name in the dictionary with or without a - and _ or a leading 0. Salting for Web stuff will try double slashes and some directory traversal tricks. You can do reverse dns lookups of a whole ip range (with optional whois lookup) or make a dictionary scan for hidden paths on one webserver or a range of ip addresses. Optionally you can encode the path with url encoding and with google dict lookup mode chaosmap will first try to find the path on Google and only query the webserver if google has no search result. Last but not least it can be used to extract email addresses from domains using a Google search.
bf73d4cb1d32e0df0ecccd0cbb285bf3ff4d17b0920ed02e9651f4a9caf7ef69This tool helps discover local file inclusion vulnerabilities. It creates a random user agent for the connection, supports nullbytes, supports common Unix systems, and more.
0c1637f07029317c9015b1f6d44d3a4c08567372e22ad7436e02997621345c13Yektaweb CMS suffers from a cross site scripting vulnerability.
4c52f3fb3a8ad5ab5e504bf25d55286e9607ff57b3a92665a332d0b7dc4c03dfPHP-AddressBook version 6.2.4 suffers from a remote SQL injection vulnerability.
699461b0386c5ae9684e0d4dd201f5c9e12adc221d1fe75c3b3dfb2c36c35b83Wordpress version 3.0.3 suffers from a stored cross site scripting vulnerability.
9fb14b53fbb56ffa5270d4dc71d95690a5e6bd33f24cd8dc2302f6ab6ab05158TYPSoft FTP Server version 1.10 RETR CMD denial of service exploit.
b1a032c7a23e25e191a8ec4affeb06545de872512fdf8c538cfd46edf16d5960QuickTime Picture Viewer version 7.6.6 JP2000 denial of service exploit.
1b272c90310e2f697d556cc594f9158912fdda2d7ccfccb110c11915e8ced017IrfanView version 4.27 JP2000.dll plugin denial of service exploit.
e83acc426333f3d230a7b331ef523b100443545f6d3d6007fb5dd3fc15364a7aSiteframe version 3.2.3 suffers from a remote SQL injection vulnerability.
eee08bed75cbe86dde01afdaad3ef91e331e05032966436d4bc12b0f96961df3DGNews version 2.1 suffers from a remote SQL injection vulnerability.
d3895df37fd062e432d4d44936591ef08cc8afe61fbc5be2b9b52c37270a9092TYPO3 unauthenticated arbitrary file retrieval exploit. Affects versions 4.2.15, 4.3.7, and 4.4.4.
2a2b3e4555ad13f58b384edbe8d46660c60151646bfc4b76dba4acdbbd9df710ardeaCore version 2.2.5 PHP Framework suffers from multiple remote file inclusion vulnerabilities.
457a2767d371d2321b79482da1102c4c91ec0c06d59c00b1bdca19b338355bd6News Script PHP Pro suffers from a shell upload vulnerability.
65efe74876147eb4b57a978db4c006848440b1f9511eafeca100ee49f8afd22bHotWeb Rentals suffers from a remote SQL injection vulnerability.
8cb39327a8568ed7be92b8abe0f4a184346e1c420f665f031f8a779ffd5ccc6bSecunia Security Advisory - rgod has discovered some vulnerabilities in the Chilkat FTP-2 ActiveX component, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
6a6cc501f44e2948515e4b065294a68ae319eb5943009e21d7eceaeb9b91891aSecunia Security Advisory - John Leitch has discovered a vulnerability in Techphoebe QuickShare File Server, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.
ef45afaf047982f1f343294b198714e64f15a4e8fdb6a3ff4cfa10965f8b2785Secunia Security Advisory - A vulnerability has been reported in LiveZilla, which can be exploited by malicious people to conduct cross-site scripting attacks.
2f27e8af78f3061fe899fc6684ed9260832ccfd233440f97f42031a862d53760
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed