Printable Version of .: Packet Storm Security Exploits :. Packet Storm Last 10 Exploits, RSS Feeds Aggregator, RSS Directory, RSS Feeds Reader, XML, RDF, Atom, RSS 0.91, RSS 0.92, RSS 2.0, RSS 1.0

Packet Storm Last 10 Exploits

.::indexscript30-sql.txt::.

IndexScript version 3.0 suffers from a remote SQL injection vulnerability in sug_cat.php.

.::globsy-rewrite.txt::.

Globsy versions 1.0 and below remote file rewriting exploit.

.::createdirectory2sysdba.sql::.

Proof of concept code that demonstrates how an Oracle DB user which has been granted CREATE ANY DIRECTORY can use that system privilege to grant themselves the SYSDBA system privilege by creating a DIRECTORY pointing to the password file location on the OS and then overwriting it with a previously prepared known binary password file using UTL_FILE.PUT_RAW from within the DB.

.::lokicms034-exec.txt::.

LokiCMS versions 0.3.4 and below remote command execution exploit.

.::lokicms-lfi.txt::.

Loki CMS version 0.3.4 create local file inclusion exploit that uses admin.php.

.::lokicms-check.txt::.

Loki CMS versions 0.3.4 and below arbitrary check file exploit that uses index.php.

.::myphpindexer-download.txt::.

My PHP Indexer version 1.0 suffers from a local file download vulnerability in index.php.

.::res-sql.txt::.

Real Estate Scripts 2008 suffers from a remote SQL injection vulnerability in index.php.

.::zomplog39-xss.txt::.

Zomplog version 3.9 suffers from a cross site scripting vulnerability.

.::phprs-sql.txt::.

phpRS version 2.8.0 suffers from a remote SQL injection vulnerability in kforum.php.