AJ-Fork version 1.67 is susceptible to path disclosure, directory listing, backup directory access, and other flaws that allow access to database files. Exploitation provided.
8ec6b8d2a7db3b1b263f522b3d69c5e2539d1001dc807514dad9cd3127bed9d8
A SQL injection vulnerability exists in bBlog 0.7.3 that will allow a remote user administrative privileges.
64e86af99d91124d41d2bb4cc26af33bd805b5f93c64732ee22d1372f9976e05
Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
5ab766170b9b9d398e49ab81943136e90ac10d1790984db741067b66de921e37
There is a vulnerability in ColdFusion MX 6.1 when a user can create a cold fusion template on a ColdFusion server with CreateObject or cfobject tags enabled.
b35cc809e881359da234ac0dce6ce8d8cc7a7743cecbf5078cdcc0b3ca19a324
iDEFENSE Security Advisory 09.30.04 - Remote exploitation of an input validation vulnerability in Samba allows attackers to access files and directories outside of the specified share path.
093d77ea6f8671a498b2960e60a63166e361922696586d3e51dd8af521ab506e
PHP/PostfreSQL front-end to Unicornscan, a new information gathering and correlation engine built for and by members of the security research and testing communities.
cd1ceb8668dae0f4b2c023ae3b2e4a132102417998f76629ebd41e41f00b4ec5
Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license. Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network.
97d75b4b1bd21590631324583e09fa056619d571a68591f1de160d33fad76225
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
3aee0ebc1ebb1971abf7ee42e3186c20328ea94ede74439ea0128393e9851315
Aircrack is an 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered. It implements the standard FMS attack along with some optimizations, thus making the attack much faster compared to other WEP cracking tools.
9b749d98278450b80153c1f82b7e253548a3f03603062dc98cc1320803d791da
Remote proof of concept exploit for Icecast versions 2.0.1 and below on win32 that downloads NCAT from elitehaven.net and spawns a shell on port 9999.
79cf3f920b0cea39a5d66a27f360516678f853ec3ca8c9e63debfaa00a9a1212
Remote root exploit for Icecast 2.0.1 on Windows. Makes use of an overflow that allows for remote command execution and provides a nice reverse shell.
8eb4988ca3de0fc8a5f36b206a8e275c4ca45baf3e95a867c8c789929cc342e6
Secunia Security Advisory - Some vulnerabilities in PHP-Fusion can be exploited by malicious people to conduct SQL injection and script insertion attacks.
3bfc33c8df640d2a6a2de1df47310622b234eec864fc0ace3c37bb10a74c9a55
The Silent Storm Portal versions 2.1 and 2.2 suffer from cross site scripting and unauthorized administrative access vulnerabilities due to a lack of variable sanitization.
66fff379261531b82d643a07be7550936ed43fd65a23dbed702ddf1df0474c02
Samba versions 2.2.11 and below and versions below and equal to 3.0.5 allow a remote attacker that ability to gain access to files that exist outside of the share's defined path. Such files must still be readable by the account used for the connection.
4f9156f25d9d86303f9556eb907601a2fdfd174787601f7b6045e7dc7b476a98
Multiple vulnerabilities were found in the w-agora forum version 4.1.6a. A remote user can conduct SQL injection, HTTP response splitting and Cross site scripting attacks.
252158627116de7a2f7d1b59a8370a428edf3f5dfc0dd28f1f3bb1bcd9bb5e5b
Debian Security Advisory DSA 555-1 - It has been noticed that the freenet6 tspc.conf file is world readable by default, allowing a local attacker to retrieve password information.
17829c003c7011c2698e773a3025aa782967aed5ff55934cd04312689bb163d9
Blackboard Hash Cracker is a bruteforce script, cracking by Blackboard Software encoded passwords via a dictionary attack.
38d51d62f5d24d11311bc81ebcb1c598299a7f74b3e10e642815acf492b7cc30
Remote denial of service exploit for Alpha Black Zero: Intrepid Protocol versions 1.04 and below, which suffer from a denial of service flaw where the server does not limit how many clients can attempt to connect.
52dc7d20f94d6123f3601ec2dacab82d609ae5bb8953ab77436ce3d2710a41c8
Alpha Black Zero: Intrepid Protocol versions 1.04 and below suffer from a denial of service flaw where the server does not limit how many clients can attempt to connect.
4414c547a52fab54a828574d7e1fbf317922a056f062f765be6b4258949199a0
iDEFENSE Security Advisory 09.29.04 - Remote exploitation of a buffer overflow vulnerability in Macromedia's JRun 4 mod_jrun Apache module could allow execution of arbitrary code.
93907fd7f33154250f601c445f3d1a1ee72b302063061e76b9aefecb32be7a2c
Gentoo Linux Security Advisory GLSA 200409-35 - An information leak in mod_authz_svn could allow sensitive metadata of protected areas to be leaked to unauthorized users.
2b072be0bf26cab40d910363fe510e068e23315916607e67bb88cbe04fac2a10
HP Security Bulletin - A potential security vulnerability has been identified in Command View XP for all versions up to and including 1.8B, running on any management stations whereby it is possible to bypass access restrictions.
0421e9c99b21c484f1bee311428abfcf00650deaeacacb5e5cc5eeb4dd1fe4ff
Secunia Security Advisory - A security issue has been reported in Computer Associates Unicenter Common Services, which may disclose sensitive information to malicious, local users.
dc66e166a89f52a8d1f75df952d6ce32453a2687f864f0da1906a5afbf7ad0a3
RealNetworks Inc. has recently been made aware of security vulnerabilities that could potentially allow an attacker to run arbitrary or malicious code on a user's machine. While they have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks Inc. Real has found and fixed the problem.
6271c03d314637ce60285d26839c6ed02232a7c525f81fffb3637673d7cd4358
dbPowerAmp Music Converter 10.0 and Player 2.0 suffer from multiple buffer overflow and denial of service vulnerabilities.
6e960aaf7dcf4d341dce48d56fc7b3987ad56e984d13fae340528a8beb88d129