A poorly implemented feature of PunBB's template system can lead to execution of arbitrary PHP code. Versions 1.2.5 and below are affected.
bf008f3b79e34eaaecc1f82ba01fb769de6f07b844f0b7f4dd8378b54d52f33e
Jaws versions 0.5.2 and below are susceptible to the XML_RPC vulnerability.
dbbd5a4c9d50ba77f7b84fb0b0c6f6de1046a55a0a7e85335f74e2e902f7b30c
Geeklog versions 1.3.11 and below suffer from a SQL injection vulnerability.
a7ca782761e0a409376d36cda0394ae4d439ee0ee330b8036371ab950806d143
Cacti versions 0.8.6e and below suffer from a bypass vulnerability.
37222644fbba63cb60c1d66e20630458bb9114e3b3461b0895e9c3de90a9d540
Cacti versions 0.8.6e and below suffer from a remote command execution vulnerability.
b0c145d8ac8ca565a651191f53e65514cc46cb9bc24d1a177b8add989ab8cac3
Cacti versions 0.8.6e and below suffer from multiple SQL injection vulnerabilities.
e80c8ae4856a741ff26de5874481b3d65512de972f859e5a63a3007a466db410
During an evaluation of Trac, an input validation vulnerability was discovered which can lead to arbitrary uploading and downloading of files with the permission of the web server.
f3d29acb6264e7e52acb1152dda2f9156a367be10f0e8013ba0df3ffb4203fd1
Hardened-PHP Project Security Advisory - Several vulnerabilities within PHP allow local and remote execution of arbitrary code. PHP4 versions 4.3.9 and below and PHP5 version 5.0.2 and below are affected.
ed1ef90ff012b77b27997a86a514190dac77644dc99eaeeab47035e716b3d0cf
Cyrus IMAP server versions 2.2.8 and below suffer from several vulnerabilities that allow for remote code execution.
7d272318585dcd23335de60a53dfe23852040f2eb2bfe3c21f847207fdd71ba2
Cryus v2.2.8 and below contains four remote vulnerabilities, including one which is pre-authentication. Fix available here.
54d472e1537f333c599a3d7c14b3c297aa87884e8449678168feafb1d6d5a268
During an audit of the smb filesystem implementation within Linux several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. The 2.4 series up to 2.4.27 is affected and the 2.6 series up to 2.6.9 is affected.
b7b977ebbeedcfaf0b2c7258fb9da5b47131762e6dff111d09944b9387963f4d
Samba versions 3 through 3.0.7 suffer from a buffer overflow inside the QFILEPATHINFO request handler. This vulnerability allows for remote code execution.
19cd039a672527a6b47d2c45a1745de3a774b639ca25e062a5e1932683d23767
PHP memory_limit remote vulnerability allows for remote code execution on PHP servers with activated memory_limit.
a2764c250202043b5e2fbcc945ecc7953565f046d5aa69d07e2cf18d05dc5ee3
PHP strip_tags() bypass vulnerability may allow for Cross-site scripting attacks launched via websites that run PHP and depend on strip_tags() for security. The attack requires a vulnerable browser such as IE, Safari, or Mozilla in order to work.
d66c97661142fe3d557417694547c784d192d272603cbc2f590fd731fd0ddf21
A vulnerability within Chora version 1.2.1 and below allows remote shell command injection.
a41aa4d39af2f221d39ccc9dc16ac042c25b39642f4b0f038fe3a4a1f40a2cfd
A team audit of the CVS codebase has revealed more security related problems. The vulnerabilities discovered include exploitable, potentially exploitable and simple crash bugs. Vulnerable versions are CVS feature releases up to 1.12.8 and stable release up to 1.11.16.
155d8c19e5073cd3b1c60af1ba16f4d76266640aeb9a5c4f91e717dbed6b651a
libneon versions 0.24.5 and below have a date parsing vulnerability that can cause a heap overflow leading to remote code execution.
fd7e17bedc1598a0830757530b0b9b4afe6450f6c87086efb576758a8d95fde2
Subversion versions 1.0.2 and below suffer from a date parsing vulnerability that can be abused to allow remote code execution server-side.
f76bddd9ae508f184655ae5c58ceb47a83f29a5ca92d28792bf23c723330af88
Within phpMyFAQ an input validation problem exists which allows an attacker to include arbitrary local files. With known tricks to inject PHP code into log or session files this could lead to remote PHP code execution. Versions affected are 1.3.12 and below for the stable releases, and 1.4.0-alpha1 and below for the developer releases.
cc512101e9d54c9eba31343dacb2a44138d5ce10c2a326dca09787990a61a49c
Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.
00c2f250dd0b9f331e85b739415381b86f0e2189bb6869f8fc74364b3f7c03d1
Privilege escalation is possible for users with access to the systrace device on Net-BSD and Free-BSD.
5055b81404726430cf6bf4f0924753685d120e9b3cabd9c41fc131e5cd09cfb0
Ethereal versions 0.8.14 through 0.10.2 were found to be vulnerable to thirteen remote stack overflows during a code audit. The vulnerable dissectors in question are namely: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP and UCP. Ten of the overflows allow for arbitrary code execution.
381080b5ef005f71331d2984b019292db1046026552c446cfec0adc047875699
Trillian versions 0.71 through 0.74 and Pro versions 1.0 through 2.01 have two vulnerabilities that allow for remote compromise.
644a67bf065bdd9369181f79afb3191465a69dcc5c87f7d823e73f8dfeee5add
GAIM versions 0.75 and below are vulnerable to twelve overflows that allow for remote compromise.
69198b878df83c96f86ad50feb5e689f19d7e2d127dade49757b71dc6062227c
A vulnerability within the XBOX Dashboard allows a complete compromise of the security features. The problem lies in the handling of font files when the dashboard loads and allows a person with local access the ability to do anything they want on an XBox without having to open, solder, or swap a hard drive.
1ba78f7ab3b8b8fec30b9ed4589338a62969e572c52acd5bd24baf88365b6875