Various cross-site scripting and (possible) SQL injection vulnerabilities exist in ESMIstudio's PayPal storefront scripts. It may not always be possible to exploit some of these depending on how PHP, Apache, and MySQL have been configured, however.
d03061ea7d5a7ea3eb1416dbdfa817a53389af20ae542ec03be5886d095afffa
phpMyDirectory version 10.1.3-rel is susceptible to a classic cross site scripting bug.
dc609682ea0be436f489714c736c23bb00e7ae0fb17eecc25ac54f603a31c330
OpenMosixView versions 1.5 and below are susceptible to multiple race conditions that allow for local filesystem compromise. Exploit provided.
b9c1093a21e505261adc128c3e17eed614abec30a08d7efe5bf1b6a323815f5a
phpBB versions 2.0.13 and below remote user level exploit that makes use of an input validation flaw.
6063d27332d5f3503823051e6854c39f3a25d9019b23bebc49234540903a583f
This is a very simple exploit for a very stupid bug in Nokia/Symbian Series60 bluetooth device-name handling: basically, if your bluetooth device name contains a single newline character, a Nokia Series60 device which sees it will be extremely unhappy and go on strike. The attached "exploit" creates a file with a newline. Which you must then copy to your own device manually. All in only around 60 lines of Perl. However, securityfocus added this "exploit" to their archives, so why shouldn't we add it to ours as well?
546545508f77c1958b9ce1735612498007f1a7aa8fba1ec6093d8ace69c649dc
This is a simple script automating the equally simple exploitation of a trusted path bug in AIX. The problem lies in the invscout program.
f0c7b9b062abe8e53cf8f740bd579319dbb3ba0354d5f8b596e731d4cf5dce32
The Oracle Reports Server 10.g (9.0.4.3.3) is susceptible to cross site scripting attacks in an example jsp.
4b42999c29687556552c450533c4cd10dfda867c0918e33b2b82699661235c9e
Codebug Labs Advisory 08 - Topic Calendar 1.0.1 for phpBB is susceptible to cross site scripting attacks.
bc64b25734b4ce0cf4bc9f5202bb8cfb37448fc4e3c557f8b9dc7905a6e9b617
phpSysInfo 2.3 is susceptible to cross site scripting flaws.
997c6e061bcef28ef540a639cef2a7fa6dfc3996de479cb79ba942a528a7f54f
Attacking PC based 5250 terminal emulations from an iSeries server. Paper describing how insertion of commands inside an AS/400 application allows them to be executed as a command on the connected PC.
217d0c1b9f177df1e380748a230cda90e51eeffaca5ecf0c5331199b95d7e20e
The Vortex Portal is susceptible to a remote file inclusion vulnerability.
254cd3b147b49663725f0bae937ddccf0adb7a9945c2bc82bcfb690ef8823214
A vulnerability was found in SurgeMail's Webmail file attachment upload feature. This vulnerability may be exploited by a malicious Webmail user to upload files to certain locations on the server, obtain file listings of certain directories, and/or send certain files on the server to him/herself. Two XSS vulnerabilities were also found.
bc8b30081d411a63cbb46392a69ad71e4bd6cf541f5daa935b7d38c891ea4700
osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot. Besides using the download action, the read action is also usable.
9255249c2dea8f5cc5f61abe23ffc78055c3336e0b338f722ef32a8fb85d6493
Input passed to the Location parameter in Phorum version 5.0.14a is not properly sanitized. This can be exploited to inject malicious characters into HTTP headers and may allow execution of arbitrary HTML and script code in a user's browser session in context of an affected site.
717c3533128917404f046aa6d2d00c0f269bac8b897ff6f47041d8595c04742a
Kayako eSupport version 2.3 is susceptible to multiple cross site scripting attacks.
433bd9398ed07d24408452d9263c4e07d0a1558eff3bb4650a7e42616ed4146e
Local root exploit for /usr/bin/su on Mac OS X that makes use of the buffer overflow vulnerability discovered by iDefense using the CF_CHARSET_PATH environment variable.
3d4f65ef5c5787a4e22d1adaf440941026368d42080a9637123986b999b4dcbf
Local sys_uselib root exploit for the Linux 2.4 and 2.6 kernel series.
e95832127ef41cadddcf73aab42cbb0168d07344395d3aa6b43c4b4a5ffb0fdc
Proof of concept exploit for PostScript utility psnup from the psutils-p17 package.
0b506f07a5d1f0a237c5075cf1c8fd8938692639618c6508c4c64f7b34f0c8f4
EXPL-A-2005-002 exploitlabs.com Advisory 031 - The Samsung ADSL Modem ships with default root, admin, and user accounts and also allows for arbitrary file access on the underlying filesystem.
8781cdcc8a0e6d219a4402867b7c5194121711e509530df3a557353ae00e8bfe
phpMyFamily version 1.4.0 is susceptible to SQL injection attacks. Proof of concept included.
6b7e36f14583eff443efbb039fd5c131bfd667623eae3a9ac7d812b68b3db2f7
BetaParticle fails to have any access control against the downloading of the database or the upload and deleting of files on the system. Versions greater than and equal to 3.0 are affected.
8dfe3b55d9baf120b4a9fe1dda65b32ec8b9e70745065887257f9465005f11d0
The setuser.php script from Digitanium for PHP-Fusion version 5.01 is vulnerable to cross site scripting attacks.
2e2238f60ca0a068c9136b5dfba5f019aa1a7deeec6e8997d524769b07b35c54
phpBB versions 2.0.12 and below remote session autologin exploit that gives a user administrative rights.
d197111cb90e22b3ba8f641b155d0f678fa4f74ee2bc9ece6319ec3fe239fb79
Subdreamer's failure to properly filter user input allows for SQL injection attacks.
57e8bec6eca6091ee88d5345825158f7e17d49f8c70748e2a0289a68b9370597
Using alternate characters, it is possible to spoof a user identity in PHP-Post.
e51b0103582e4d9ccb554e4e8e701319f0a3fab7e9dab9e001850b5d433519ff