White-paper discussing the Rose Attack method and how sending two parts of a fragmented packet can cause various outcomes to network devices, including denial of service problems.
3d7604ffc5be0c9126874bf0b8d3dd64bdcb8b87b90db27a1d52ee96c322c87a
White-paper from Imperva's Application Defense Center discussing the possibility of automated, self-propagating attacks on custom web application code. It shows that such attacks are not only feasible but that their theoretical success rate is far great than worms targeting commercial infrastructure.
749f77d25ab5aed09537e587454e97afc0fb0f15bc5ef11504827972d2ef0d98
PHPKIT version 1.6.03 suffers from a cross site scripting vulnerability.
0e9f13f39f0629b6717e15fd8fd08fd262f7ba7663d8bb985d87444d8acb4245
Snort2Pf is a small Perl daemon which greps Snort's alertfile and blocks the bad hosts for a given amount of time using pfctl.
3d9a0bfee7572f4bfdbabc635748203efd9db23d46369073d9c9bc4549d93caa
Rapid7 Security Advisory - tcpdump versions 3.8.1 and below contain multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, tcpdump will try to read beyond the end of the packet capture buffer and crash.
bf610b65d6dfc6a1e758210dd11a41752fa7ae6f05f82c0910e413398c61725a
SEC-CONSULT Security Advisory - Linbit Linbox is vulnerable to authentication circumvention on its administration portal, password disclosure for all existing users, and using the obtained passwords, any account can be logged into via SSH.
64158a7cf03bea19c8dd9020b9f99b7e6bcf2fe97d86ac1d244377dc6d5c7978
Hard coded login sequence values for Oracle SSO allow for easy man in the middle attacks.
7b8e79653622db46a6b91adc1109b89bba51e9e2a63859147c6505fd5a25220e
MPlayer Security Advisory #002 - A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header (Location:), and trick MPlayer into executing arbitrary code upon parsing that header. Versions affected: MPlayer 0.90pre series, MPlayer 0.90rc series, MPlayer 0.90, MPlayer 0.91, MPlayer 1.0pre1, MPlayer 1.0pre2, MPlayer 1.0pre3.
f5cc85b108a50d1675f96946734a505c74cbf8a7e20335d3382143ea84a4a043
Security comments regarding the way clamav sets up VirusEvent information and how it could be improved. Due to a lack of input sanitizing, the variable taken in on the command line could be used for malicious purposes when put to a system().
c4b9e905084bd1c5af9e8ca8c970424ede8be3a4306833892f7fe3f5f705853b
WinBlox is a command line utility that can record, filter, and prevent file I/O operations. In record mode the WinBlox logs all I/O operation activity. A typical log record includes a date stamp, the operation type, the program name conducting the operation, and the target of I/O operation.
e05e96d6664ad70dda00e55a3b95e7a18f3b7db5c0473f9d3cf6e74e974d8c66
FreeBSD Security Advisory FreeBSD-SA-04:06.ipv6 - Applications may manipulate the behavior of an IPv6 socket using the setsockopt(2) system call. This may allow a local attacker to read portions of kernel memory.
70e1c4c7ccbdf1b90bac831af83ac26a62adca45386ee48ac5f0dfdafab17978
Debian Security Advisory DSA 469-1 - Primoz Bratanic discovered a bug in libpam-psgl, a PAM module to authenticate using a PostgreSQL database. The library does not escape all user-supplied data that are sent to the database. An attacker could exploit this bug to insert SQL statements.
e04e7014ae9789fdab12a457b44dc8b74065eb9f8b174a4afde885751bd74765
A-CART Pro and A-CART 2.0 suffer from input validation holes that allow for SQL injection and cross site scripting attacks. Full exploitation demonstrated.
8f3fb7e46432c3d39ecb946dbebf7c30a6f165544414b8ef971ac87628e8bb6b
Red Hat Security Advisory RHSA-2004:134-01 - A bug was found in the processing of %-encoded characters in a URL in versions of Squid 2.5.STABLE4 and earlier. If a Squid configuration uses Access Control Lists (ACLs), a remote attacker could create URLs that would not be correctly tested against Squid's ACLs, potentially allowing clients to access prohibited URLs.
39303053afa5c4c6ad8257b0ae22265b1b4be246171e3264649c906efbc46a35
WebCT Campus Edition 4.1 suffers from cross site scripting vulnerabilities.
9811273a7d7f6f67502a55786b4bd23a23642644d3f8eaebf2dc404d231626bb
Cloisterblog version 1.2.2 does not perform proper parameter auditing derived from user inputs allowing for multiple cross site scripting issues and also directory traversal attacks.
ad7a65199d44ffe90b5967f13b1fb489c3ed72e4ea746029182cab805dea4ea6
Invision Gallery version 1.0.1 suffers from multiple remote SQL injection vulnerabilities.
d98347f9af4bab53d06e75dd9b5f371ddf4650a1a25b680feefcfc90104fc437
RealSecure / BlackICE iss_pam1.dll remote overflow exploit.
e2fc858b9f9cc7a467f97fb6df2ab7fd3ca8487e650f1c461da6ed12d27856a1
Ethereal IGAP Dissector Message overflow remote root exploit that spawns a shell on port 31337. Makes use of the vulnerability that exists between versions 0.10.0 to 0.10.2. Tested under Gentoo and RedHat 8.
e66736e8f6c88b3f65c10debc6650dc308d86154626ac036dbc5e4f7693e4f95
Rstack Team Security Advisory RSTACK-20040325 - Nstxd has been found vulnerable to a denial of service attack due to a null-pointer-dereference.
d4de4aa22804d1da1775735c057713af54e0dd21b46baab500dfe906cb86973f
Blogger from Google has a cross site scripting flaw.
8a582098eeb59bd8ee61257aed05f705b240695f0136b5bdd5944e557c59a20b
Bblog has a cross site scripting flaw.
32065e8690bb819df575b5e57206a3b622828287600f3749bf4ad343d7161ca6
A SQL injection vulnerability in PHPBB versions 2.0.8 and below allows an attacker the ability to extract the administrator password hash.
79435b6428a517c7a224d8c38bddd4759ed0c9fd6cec34a473af09fcbbf5d078
Multiple SQL injection and cross site scripting vulnerabilities lie in XMB 1.8 Partagium SP3 and 1.9 Nexus Beta. Full exploitation syntax given.
bd4cabcfa43f68af65bfece48818f4435386a8180e4f61c0fdeb6b20508d212d
Invision NetSupport School Pro stores passwords in a manner that allows their encryption to be easily reversed. Exploit written in Pascal is included.
eebc0c7480c35293df0babcb826181b8e49fd1c0911c945d3fcdd53716fc2014