Packet Storm new exploits for November, 2006.
12bd1d4c0c9dec382e1f0e6ff3b9107689e1deb58d6c9d8dd6bcc8499124fe15
b2evolution versions 1.8.2 through 1.9 beta suffer from a remote file inclusion flaw.
4169b2d7358fb84b0c018e1850121efbec08b9fb329d8881149159a636c94a7c
b2evolution versions 1.8.2 through 1.9 beta suffer from cross site scripting flaws.
dd64c53c404f599876fdb309435d0446250a9cb4cc7a7d7d8535b184ac952054
Evince Document Viewer buffer overflow exploit that makes use of the same vulnerability that exists in gv.
1fb79e9eb5d150efcfb4497f638e6d0c46cbc764797b65d2e4f79da83766e247
A remotely exploitable stack overflow vulnerability has been found in ProFTPD server. The vulnerability allows a remote authenticated attacker to gain root privileges. Versions below 1.3.0a are affected. Exploit included.
44821edac050385c866aa37abb8d208e6502ac703ffe9cb2ac41fc9b5ad38c8b
A vulnerability has been identified in 3CTftpSvc TFTP Server, which could be exploited by attackers to execute arbitrary commands or cause a denial of service.
5d2191c3d67ebb2a9f8dfef3a481c873962d62296aeec5750540eddb79c10827
Click Contact suffers from a SQL injection vulnerability.
28a482ca1819129b3be99d88bd7ffde831c32f22f685760ab1b261cef0284ba1
Click Blog suffers from a SQL injection vulnerability.
e6ffc83a81c534d0a45103f2c176883b966f4fbc6f2f45b00925c5aa0b247ff5
The Mambo jambook component suffers from a HTML injection vulnerability via the Entry field.
5416201197b11fb036e74529be34deb39680fc40184e5dfa1f06b02e21d1069c
A vulnerability has been identified in TFTP server AT-TFTP server version 1.9, which could be exploited by remote or local attackers to execute arbitrary commands or cause a denial of service.
7a9c3ca4782e4a80ae4b38d7eee09dddf9261c91d317985a4f10aed118df81c2
Wisi Portal suffers from SQL injection vulnerabilities in multiple asp files.
35e756005211a27cc80f35076b1e91bd2610fa9eadafae1449d3b3357530ebf9
Siap CMS suffers from a SQL injection vulnerability in login.asp.
60b246807b223663f55cba97fd0f15e9533cf522444dca01a0bfcd87a2b1d574
PHP-Nuke Mermaid module version 1.2 remote file inclusion exploit that makes use of formdisp.php.
9de8b4e27c9936e6db0ca95e8a16c42edf0cee6c46e3d4ad2034345f411cadf9
Cahier de texte version 2.0 remote SQL code execution exploit.
30a747b1f9476c5761a0d7df7fc3730fdfaa6d220cec8b7669f7361fd73f3d1f
WebHost Manager version 3.1.0 suffers from cross site scripting vulnerabilities.
7c6830472aa995fe76c5296982b5a89d450c123c1ca6a1787136c2c9f8f6636c
CPanel 11 Beta suffers from cross site scripting vulnerabilities.
37c0ec5c154b75739e01f107c8db1f5097b0d3287d7383606abc3880e9f057b1
MidiCart ASP Shopping Cart suffers from a SQL injection vulnerability.
d3a56ae6b4de823925a16198e79beadfb509672fc92147013a67fc32e476da69
ASP ListPics version 5.0 suffers from a SQL injection vulnerability.
65a55b13eaeab07d49db1dcd2f3c0b2fed1066b8ec84e5b9bede42bdef02fc3d
iNews News Manager suffers from a cross site scripting vulnerability.
fc831a6ed2394145cda058cd8811051936f5daf31bbd4780d828b8bb4c0c74f3
iDMS Pro Image Gallery suffers from SQL injection and cross site scripting vulnerabilities.
60a7624280856308916d59ada0939353a2c12139f900b18afc1f4cb220318c62
Ultimate Survey Pro suffers from SQL injection vulnerabilities.
2e20e8994f27b2998e9967ca79b632e79adc7ad809c5df5e401f1b400344965a
[N]eo [S]ecurity [T]eam [NST] - Advisory 30 - 2006-11-24: PHP-Nuke versions 7.9 and below suffer from a SQL injection vulnerability in the sid variable of the news module.
e3809d07b16c1577f5be9e7bbf56fef5eb6f12fe8a4ea2c7ae14ba04527e3b90
Active PHP Bookmarks version 1.1.02 suffers from a remote file inclusion flaw in apb.php.
562d5f36a0c1bd8997400a8490dc46e6ab7b2cebdb0163d553a3a8be4304e364
Woltlab Burning Board Lite version 1.0.2 Zend_Hash_Del_Key_Or_Index / blind SQL injection exploit.
e295471bd99cd36e304cd10cd62404b9cf790413f6c6c2cb855454e1081f5dae
mmgallery suffers from a cross site scripting flaw.
9071003c6c8c1532702c2c247b28c4daeac7626488b311cb717aa5891fb9d8e1