The Miva store has a flaw where tax calculation can be bypassed.
1d01c13dc921e88b57fdf3d00029318da56b748446d547d8daef6d751bd9f727
iDEFENSE Security Advisory 05.24.05-5 - Remote exploitation of a denial of service vulnerability in Ipswitch Inc.'s Imail IMAP server allows attackers to crash the target service thereby preventing legitimate usage. Version 8.13 and 8.12 are confirmed vulnerable. Earlier versions may be susceptible as well.
d455c61f41de713d78f506feae80b9cdb938e88634bbc2cb59c35860836cbccf
iDEFENSE Security Advisory 05.24.05-3 - Remote exploitation of several buffer overflow vulnerabilities in Ipswitch Inc.'s Imail 8.13 IMAP server allows attackers to execute arbitrary code with System privileges. The first vulnerability specifically exists in the handling of a long username to the LOGIN command. A long username argument of approximately 2,000 bytes will cause a stack based unicode string buffer overflow providing the attacker with partial control over EIP. As this vulnerability is in the LOGIN command itself, valid credentials are not required. Version 8.12 is confirmed vulnerable. Earlier versions may be susceptible as well.
9f4c8c937937e246b73f6c5f56b49c2fa4b93c73ae1086201553c84363cd706d
iDEFENSE Security Advisory 05.24.05-2 - Remote exploitation of a denial of service (DoS) vulnerability in Ipswitch Inc.'s 8.13 IMail IMAP daemon allows attackers to cause 100 percent CPU use on the server, thereby preventing legitimate users from retrieving e-mail.
a5edfc0b27df6ff1737295a9fee8adc88a51d14e0d51929410345acc43a5b540
iDEFENSE Security Advisory 05.24.05-1 - Remote exploitation of a buffer overflow vulnerability in Ipswitch Inc.'s Imail 8.13 IMAP server allows attackers to execute arbitrary code with System privileges. The vulnerability specifically exists in the handling of a long mailbox name to the STATUS command. A long mailbox name argument will cause a stack based buffer overflow, providing the attacker with full control over the saved return address on the stack.
b52c4eafcf24128417eb48204d02e859bd572c5f3adf53efcaf617cddcf64290
A vulnerability in Halo: Combat Evolved versions 1.06 and below and Custom Edition 1.00 can be exploited by malicious people to cause a DoS (Denial of Service).
3bac6e930e7192cb2524eed969e3949d1fcc3673e20aaafdb5adefd1f157937f
WebLogic Server and WebLogic Express, Service Pack 4, are susceptible to cross site scripting flaws.
2619b3310f3c47e89eec1626a229bb5d830f5decc8011308daf41b04d6db1c6a
WebLogic Server and WebLogic Express, Service Pack 4, suffer from an HTML injection vulnerability.
4e1a06fc9b94d88a2cec7ac59f0f8068f2d468c16b54bafaf9f0330407427003
net-snmp fixproc contains a security flaw that allows a malicious local attacker the ability to execute arbitrary commands with root privileges.
e45fb19f19ec442e148803aa640b440b3b0b5470ff6e7fbd34aec296f42a3019
Warrior Kings 1.3 and below and Warrior Kings: Battles 1.23 and below suffer from format string vulnerabilities.
f404dcbc41bc0647bdb271e3dc2e805c773c4f7afe035d0b957a73eae9ffdafd
Computer Associates Vet library provides antivirus scan engine capabilities. Vet scan engines allow products to analyze various streams for malware. Vet is vulnerable to an integer wrap during the analysis of an OLE stream. The integer wrap causes an arbitrary heap overflow with no character restrictions allowing remote attackers control of the system(s) Vet is protecting.
c4e6ac4f3f3118a3c7dcd8f30132e256ee811e86703d139084b225e408b0b4fc
Cookie Cart Shopping is susceptible to remote password hash extraction.
0ce1029e80556b205972414f257b404113a48da5ea46e74dc6f33b41af192ce7
This proof of concept explains how Microsoft WGA validation check can be defeated and any Microsoft product with the WGA validation feature can be run and installed on machines running a pirated copy of Windows XP.
f0ce619089e25cac5ce67e00f1bbdd6bcafd35a9367e9e68693cf0d792c122b2
Microsoft ASP.NET Web Services have an unhandled exception that leads to file system disclosure and SQL injection attacks.
236c5cf9bbf6b70888b54d9a9318d4f0f4cfc9764531136f0d161c981e0f7f8c
A Unicode buffer overflow exists in the handling of .mcw files in Microsoft Word.
bd6af65a00560736f607e17816c217de9f27ad59f1769adbd5fa1f8de4ff8e02
Debian Security Advisory DSA 725-1 - Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.
01dafcc1bc58909222ef4156137e400a52a279ca84e2d0c3ed11f3cd0a056652
D-Link DSL routers suffer from an authentication bypass flaw.
01030e48e04783c5d62e6e5be6312ae735d07e23c4c8fdc75e726bbb3a6acd8d
The Apple OSX 10.4 Dashboard widgets allow system commands to be executed, which is normally not considered a vulnerability in itself as they run with the user's permissions. If the user has recently authenticated to perform a super-user function, however, Dashboard widgets can hijack these credentials by calling the system's built-in sudo command and execute arbitrary functions with full administrative privileges.
a50c6951f75d23dfbeceb299ee744c63c29ccd29bc3eed02301998c3ff432d0d
Successful exploitation of Novell ZENworks allows attackers unauthorized control of related data and privileges on the machine and network.
675bd95a6c61ec70ddbfeed484b02dfcfb969f70e96bb8ec044f07d61ce04d33
Debian Security Advisory DSA 724-1 - Maksymilian Arciemowicz discoverd several cross site scripting issues in phpsysinfo, a PHP based host information application.
65767afbf78d91bb37e2f35693b18b7120ff31d2ee8fe26cc12bd5542b8611c3
MySQL contains a security flaw that can allow a local attacker the ability to commit SQL injection attacks.
a6162c7a6873c2af86c56725d216d20b2735c99db4b74692c0a079b627ea6131
Technical Cyber Security Alert TA05-136A - Apple has released Security Update 2005-005 to address multiple vulnerabilities affecting Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities addressed by the update include disclosure of information and denial of service.
d3edf956afdc27eebd1ae3de94c8634a013a3e81aae7f454ddf34b6c3db5ec00
DotNetNuke versions below 3.0.12 suffer from multiple cross site scripting flaws.
c2cd718a3f563a4496cb58b9ce3ec07339462cd89d63d0b53d80e0a555d3b950
Woltlab Burning Board versions 2.x and below suffer from SQL injection flaws.
8aaa17b35fe9b9eb7bc37e0e67686aa8655bea20e33ffaf7572daeb02521c7f1
OllyDbg INT3 AT format string vulnerability advisory. Version 1.10 is affected.
4e248085ea289108462324432c3a447b216daa32ef90603b528efb433b1b757d