Packet Storm new exploits for May, 2008.
90c801640d75d2187908941a71e3ed31de21752f68a3a69ba06f3b4cdef34ebc
Social Site Generator suffers from a remote file inclusion vulnerability.
068a18ecce2a07623b24cecb8233beca3bcf7a5bf4711e3170e6247d469cd0cb
The Joomla component Prayercenter versions 1.4.9 and below suffer from a remote SQL injection vulnerability.
4b15be7fbed6c59154e53a9e35fc69c7e876f68b9cbd848cbbe3f1fb6411ee66
PassWiki versions 0.9.16 RC3 and below suffer from a local file inclusion vulnerability.
fb21db4eed1cc6a1f5a77d37b050a6f99d48fbcff85895bc9f45134036593a2a
EasyWay CMS remote SQL injection exploit that takes advantage of index.php.
5ec8cbbe815badf339f3686ec3929f8452173838b9bb8a3a139435935a35bba1
PHP Visit Counter versions 0.4 and below suffer from a SQL injection vulnerability.
2fb7b9f418f5b2cc4a03537db6103e25b831704e56d227ce2df1bf04b4d83eeb
AzureSites CMS suffers from insecure cookie handling and SQL injection vulnerabilities.
6225ce3cc939135da97775fe78631e956f768e6b51f9688f375ac39d79aebc75
BP Blog version 6.0 suffers from a remote blind SQL injection vulnerability in template_permalink.asp.
00175d8fb1b52a1edfc35030565e2a84f42ac321220582f055d828e61aa2e167
Social Site Generator suffers from a remote SQL injection vulnerability.
3a8eefe0a45b6725327afec68f3e22e0e5267e17f47b2a7b5e448d64e0652aee
CMSimple version 3.1 local file inclusion and arbitrary file upload exploit.
45b1963cfae234a03e78886aab89f751e855c365c23147d8cb011ec950340f57
PsychoStats versions 2.3.3 and below suffer from remote SQL injection vulnerabilities.
882a6c6e8def737118f4653a02ccfff5230eff60ebdbe2c40b70c27e967b3727
Now SMS/MMS Gateway version 5.5 remote buffer overflow exploit that binds a shell to port 4444.
fb10833a3ceda64288a1c504ea3f32181e19fd5494a383d7ac1447d494118766
Remote SQL injection exploit for the Mambo mambads component version 1.0 RC1 Beta and 1.0 RC1.
1371c22c9ff1adf3da246d12be00f789787487914587e621e5db10042902baf5
HiveMaker Professional versions 1.0.2 and below suffer from a remote SQL injection vulnerability.
edecf2cabc9140694b7fe0545b10328ec7fe6f5e9483e279b9184bae6e318ab9
Apple Mail versions 3.1 and 3.2 suffer from a denial of service vulnerability when reading a specially crafted e-mail.
ee6c6052c1a8464b7f929eea3c3351ac59de5b64c5f6f924225eee4a43f255de
Dot Net Nuke versions 4.8.3 and below suffer from a cross site scripting vulnerability.
86cd5f32cd7cd1c3674ce7d617eff9c9047049a44b5d05f092d43848ff71e81a
PHP Booking Calendar version 10d arbitrary file upload exploit.
933684b5cca85e8930bf073739a60881ae9474d8a0eca85e813a587ee77c5b2b
CMS from Scratch versions 1.1.3 and below suffer from a directory traversal vulnerability in image.php.
3f4831f4fdb0ddc7de6a97e23e86dec24c92e7b468890d059ed9452891c221d8
PHP Booking Calendar version 10d remote SQL injection exploit that retrieves the administrator login and password hash.
262259f83a4516baf4c9357afa3f71292f7b19b03e75adcd312d3bc801df029a
ASUS DPC proxy versions 2.0.0.16 and 2.0.0.19 remote buffer overflow exploit that binds a shell to port 4444.
95ad9e971e97b7a96c4d56b03b003adcba794f0811d9d05a78b73dd5d0e1c8ef
XEROX DocuShare versions 6 and below suffer from a cross site scripting vulnerability.
4cba5101d83028f6e81dba72d1b73397aeced0287b02b2f3d13bc8b40f86ef2f
CMS from Scratch versions 1.1.3 and below remote shell upload exploit.
990e8e19623db6c4c795620d299a9772169986130f08147e04c8c1585728d2a9
dvbbs version 8.2 is vulnerable to remote SQL injection attacks via login.asp.
4a6c09aaec3ba57fb79e838c5be800192febb9125858707ec46aa55b5f6ea7f1
FlashBlog beta version 0.31 suffers from a remote file upload vulnerability.
d3dadbe81dbd99fc7a194fbf1394504ccfc797c45cf144be6f510b37d6c5bc0b
PicoFlat CMS version 0.5.9 suffers from a local file inclusion vulnerability in index.php. This uses the same variable that had a remote file inclusion vulnerability back in October of 2007.
2c10e7ccf5e8093e189b8ea95b4a6be0c6d6ebaf61737cd4024a8481c1a945ff