Packet Storm new exploits for May, 2009.
a5588d38f3448a98a81542c11a88a649877e48cd616731ceac7cf6a0489724f2
ICQ 6.5 URL Search Hook / ICQToolBar.dll .URL file processing Windows Explorer remote buffer overflow proof of concept exploit.
7db4ef3b45e02ee4e93761483eb3e15822ea237e62bf8f3e0332ef68373ae5f0
Traidnt Up version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
811a26454d750d535df19340862cea2768f2eaff89a73b59c16a45aee64c2f82
Million Dollar Text Links versions 1.0 and below suffer from a remote SQL injection vulnerability.
980d75c21b2d599c4b8b4e7607aecf48f997b62c49c1506a02e45faadce28bca
ZeusCart versions 2.3 and be low suffer from a remote SQL injection vulnerability.
1796e6b5156981e3d6953e5bb47b2b2b5f66a0ac1ece068d56effd070194a4dd
This is a pdf proof of concept exploit that demonstrates a stack overflow crash in Adobe Acrobat versions 9.1.1 and below. Written to work on Mac OS X and Microsoft Windows.
f3066b1974d2af927fbdf25d80958df5398afe758254f9d87919bfd4f68198e7
Arab Portal version 2.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5cba02556cb5a64ba9ac2e8534a2fcbb59c47a71f9d30e2749d22f945b4ed35b
The SonicWALL SSL-VPN suffers from a format string vulnerability.
d61874b0bac8b2bad842cad6c3610da76702cb7908add80b69b4de89d2f5e1b8
Zen Help Desk version 2.1 suffers from a remote SQL injection that allows for authentication bypass.
492c8b852255eb0dd67685884ad5c3a773fd58337fb20337f723a08bd341dfa7
Webboard versions 2.90 Beta and below suffer from a remote file disclosure vulnerability.
253c6b6252041fbc0646dd55e2154b895427236554d7cccdd3021c9e3b95e3aa
The Joomla JVideo component version 0.3.x suffers from a remote SQL injection vulnerability.
3936407804924d4892d59445c0312a5e2e5b590f6b35c2768e74842db65dad7a
Roxio CinePlayer version 3.2 remote buffer overflow exploit that leverages SonicMediaPlayer.dll.
b0cbfe3aa7abf2a8f3ee38195b93c25a6f7c3b3525d2f34850e8196de9e43ec3
ECShop version 2.6.2 suffers from a remote php code execution vulnerability.
b017ac338a4c4eea455718e0313d298cd1aa7410e9ac0bba87478f95c9adf5d0
Mozilla Firefox 3.x suffers from a remote denial of service vulnerability.
3dc1b9655716e15b6e5baacdba75bde317977a3227906edce4971b5f07d58c57
Small Pirates version 2.1 suffers from SQL injection and cookie stealing vulnerabilities.
d89f7eb8dcde6fc5937f4bd5606bba68783386d6db9dbcfebf4294bb66a10bd1
AdPeeps version 8.5d1 suffers from cross site scripting and HTML injection vulnerabilities.
3093e37ea794ca14328223f576eed8a81a3ff254bc77417ba5b9655951863885
Evernew Free Joke Script version 1.2 suffers from a remote SQL injection vulnerability.
fa7bb2e533a6e3dc591efa6e1d919e69c6ba264a9afbb539847a9ee3e95d2637
SiteX versions 0.7.4.418 and below suffer from local file inclusion vulnerabilities.
e48986405521947037729d3f633d0930c34dacca715f24b4cf684365d483b673
Vanilla version 1.1.7 suffers from a cross site scripting vulnerability.
779b2b4d0010280d013da4219c6ea694286e7de33cef4864456750dc85583352
PHP-Nuke version 8.0 suffers from a REFERER related SQL injection vulnerability.
02acf1698f582c2f5bcb8693ec211caa486de532d640b36c24719dd6188b4ab8
Easy Px 41 CMS version 09.00.00B1 suffers from a local file inclusion vulnerability.
c72faec39b482c8708a660980941446c81114a44d7db3becf2a2c4069b2765f8
The Joomla AgoraGroup component version 0.3.5.3 suffers from a blind SQL injection vulnerability.
46965ff0cd58d5a95acee4e5830eee0b7a31616329c8140503cb61afd32f1b94
Million Dollar Text Links version 1.x suffers from an insecure cookie handling vulnerability.
e567acc8ed6555753c7119fedab15ddef71abc73e73331d74f23d75b0c63a1cd
SEC Consult Security Advisory 20090525-4 - A format string vulnerability exists in the logfile parsing function of SonicOS. An attacker could crash the system or execute arbitrary code by injecting format string metacharacters into the logfile, if an administrator subsequently uses the SonicOS GUI to view the log.
6c7085cdc53507695204c983a9fba14a2a3502a8197d9696636f43a53f125f2b
SEC Consult Security Advisory 20090525-3 - The SonicWALL Global VPN Client versions 4.0.0.835 and below suffer from a local privilege escalation vulnerability.
697d26db1d1f4652470fb4f8020fe9df446a0fa526453fe1e008c228a820ddc3