phpMyAdmin 2.6.4-pl1 is susceptible to a local file inclusion vulnerability.
7e9e234acd7dc588242bf4e36dd317e113de0f0f7dcc551856ae9eaa3ebac46b
EGuest PRO guestbook version 4.0 is susceptible to SQL injection and cross site scripting attacks.
da9102bf55a4eb5d94e8f4d3e770d4c807d5783ede3e6dba032c0523ca0842bd
xueBook guestbook version 1.0 is susceptible to SQL injection attacks.
4891c977ef261794e46acefca0cf324c3bd7969475a8b494b51f8dfa4584a2fa
BaalASP Free Bulletin Board is susceptible to SQL injection attacks.
4af8f91e97264d90528b3e43c4441a1bac958896529d9480f2b9d023e5f26e80
PHP Counter is susceptible to cross site scripting and SQL injection vulnerabilities. Exploitation details provided.
fe6f83fddf807501ff863ae0df830e71a2e3dffac6cbb41176b5e850d230df7e
Proof of concept exploit for the remote format string vulnerability discovered in the xine/gxine CD player. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0. Patch available here.
ae1c511af9c5fd4967684e6f3287c7f4fca6594afee4b7ff717ad17350d3071f
Cyphor version 0.19 suffers from SQL injection and cross site scripting flaws. Full proof of concept exploit provided.
e2024c715e0493e8c0fc2ac8ef88c0b249a80be26526a4ab811731ab42839272
An Anti-Virus bypass flaw has been discovered that slightly varies from CVE-2004-0932 and CVE-2004-0937. It makes use of a specially crafted archive. Full exploitation details provided. Appears to possibly affect all anti-virus products.
f92e703b893d5f4977d69da5d703d39b71d420ebaa92636377f76293e213638c
The XMLDB in Oracle Database 9i Release 2 is susceptible to cross site scripting attacks.
f60d5590bc2279e0eb2f276fa15e511bb23e3ee2dfdb2f652d24eead062a25fd
Oracle Database 9.0.2.4 with iSQLPlus is susceptible to a cross site scripting flaw.
4e46dcca1545f3b988b96e9d9519b788e4170a780349fceb576370c8407df3be
The Oracle HTMLDB contains some cross site scripting vulnerabilities.
d2f371949cb27d269d5b9249b1197ca0e6160b0e34383d38e2056e71438de8db
Aenovo is susceptible to multiple SQL injection and cross site scripting vulnerabilities. Details provided.
43a29a44230d7d18568c832c99fa41dce36ae895792641634b5197bb81828619
MailEnable proof of concept exploit for the W3C logging vulnerability. The shellcode used actually renames the vulnerable binary to disable the system from being vulnerable.
c9cdae7c9b4feeea86406fb868c994266fb649ece1b3e7eccb2bbcc0360a1efa
Utopia News Pro version 1.1.3 is susceptible to SQL Injection and cross site scripting attacks. Proof of concept administrative credential disclosure exploit included.
1bfe3ff4fe4899a41e89bb53bfbffba8245a42c7855d636f351a8a7b5506ee2e
aspReady FAQ suffers from a SQL injection flaw that allows for administrator access to change and delete the underlying database.
b1d1d7fbaf17f4f8c6f7a5f97ca7f4e53de34ff6201601347482ba436ad1cf5c
The Planet Technology Corp FGSW2402RS switch has a backdoor hardwired into the firmware when using a default password.
8f126b9a23ef77e2628e95e48967da8c70f189f39dde9a38b155b05bdf6cacc3
Three buffer overflows have been discovered in xloadimage during the handling of the image title name. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. At that point, it will also copy the title from the old image to the newly created image. The 'zoom', 'reduce', and 'rotate' functions are using a fixed length buffer to construct the new title name when an image processing is done. Since the title name in a NIFF format is of varying length, and there are insufficient buffer size validations, the buffer can be overflowed. Proof of concept files included.
d6405d0250103efa153a79199d053e8ec209db2107cbb6bbed5155b986e00757
ProZilla versions 1.3.7.4 and below ftpsearch results handling client-side buffer overflow exploit.
38a4ad22cee290ee9af6ec0eb1a39417ce825b8b8606b04d60e0ab093c3a4c8e
TellMe versions 1.2 and below are susceptible to cross site scripting attacks.
e0d8d19326916e2fc873564e971c288d15bf3ace0da18692fdb232e9bac8d1fb
A vulnerability in Citrix Metaframe Presentation Server versions 3.0 and 4.0 allows for users to bypass policy restrictions.
6b9a55689bfeff034be1de217d8057adaeb0238030aeb793f03081eea1819363
Guppy versions less than 4.5.6a suffer from a directory traversal flaw.
0c4d9e03b254b7559762e6468588ce209b31b09e1710113e432ea53258356eb2
Merak Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 is susceptible to cross site scripting and directory traversal attacks.
a0a49a496636848c11c3e27df73bf5ffba8ac7698a0b882fac40d3b214bcb41e
Exploit for PHP-Fusion v6.00.109 SQL Injection / credentials disclosure vulnerability. Written in php.
bd3aef7c582f933cb07807fd2b37a611a8128def59f3d3ae90a0b8534ed0dfdf
www.friendsreunited.co.uk suffers from a XSS vulnerability in the lost password section.
a85ff1a125b3942fe05765e508b818857b721d857c377c7a3625b6898197d84a
Exploit for MyBloggie 2.1.3beta Login Bypass vulnerability.
9d511fd1312d6df426c24578f7ac6bd4d498638cafe3b1d9994feda5f7b307d1