This Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.
d1353f15ae7ed9aea8cd6b1644f5fbeada6291338684996bc3b3a388a0f3b2ec
This one is serious.. smoothie makers beware. There's a race condition in KitchenAid blenders that can trigger a denial of service. The device will require a physical shutdown in order to work again. Full details of exploitation provided.
99035039e64067b952af58f3209809e892647771d9123ba06bedf99a51bf960c
Brocase switches can be frozen with a few specially crafted TCP packets. The IP stack becomes unresponsive and remote administration becomes impossible. This attack does not require any authentication and there is no trace in any log file. Versions affected: All Brocade fiber channel switches running pre-3.2 code including Silkworm 3800, Silkworm 3200 and Silkworm 2800.
fd5b1fd96268eb5f48f6af03f5007c9d70d0e73120ab7db2b96f8616abeb1a8e
Storagetek and IBM FastT controllers can be frozen with a few specially crafted TCP packets. The IP stack becomes unresponsive and administration through Santricity/IBM Storage Manager becomes impossible. Under some circumstances, unrecoverable corruption of the stored data will happen. This attack doesn't require any authentication and there is no trace in any log file. The controllers are vulnerable even at installation-time.
9f0a33dcfdb49b6eae3cc05e488bd9881a47508833daf81f508815df58c6fc70
mnoGoSearch versions 3.2.13-15 are vulnerable to a buffer overflow attack when a large document is indexed.
b81572f8e5896c50b3258ba30d2a396e68c049ce518ef8b86832bea9d0ef61b5
Multiple web-based mail systems, when browsed through Internet Explorer, may allow for arbitrary Javascript execution.
a34a778bae5158f0d6f80286e755627144609ff52df498c4a83f33efc899ac8d
Secunia Research Advisory - A vulnerability in MySQL version 4.0.14 and below, due to a boundary error when checking passwords before hashing and storing them in the User table, can be exploited by malicious users to escalate their privileges via supplying a value longer than 16 characters using set password.
b38050cc8622e8b30bee6fe74ad079fbb83abe828e36d3b629f1c530345f520d
An off-by-one overflow in Apache mod_ssl v2.4.9 and below can be used to by local users to execute code with the privileges of the web server.
bc874d50af7de42b9e7892022426567f87b4cec80e88a6470ac08c1097e61b27