CheesyBlog v1.0 does not properly sanitize user input leading to script injection bugs in archive.php
27701de69f54beecdd05d2987d3c9db8fdcc102c1720906f4ca09f65979ee422
ExpressionEngine 1.4.1 does not sanatize the HTTP_REFERER variable. This can be used to post HTTP query with fake Referrer value which may contain arbitrary html or script code. This code will be executed when administrator(or any user) will open Referrer Statistics.
269640d9a1082ed07f4dc3684cbd7cf0264bdf5992ad0cf57f58bf4c5ed91008
HYSA-2006-002 h4cky0u.org Advisory 011 - Phpclanwebsite 1.23.1 Multiple Vulnerabilities
939c46940920ae4e59b49c8d850070fa0945fb8c9fd9f41fd69d8bb607cf30d5
HYSA-2006-001 h4cky0u.org Advisory 010 - phpBB 2.0.19 search.php and profile.php DOS Vulnerability
3ff86ddc78738cb6203a1749d74844dc8cc8d4f63c681163705f301849960318
Secunia Security Advisory - Avaya has acknowledged a vulnerability in Predictive Dialing System (PDS), which can be exploited by malicious, local users to gain escalated privileges.
ba80531e1baa2a3650339af864b27829a7a0f91a4670a870bae30109b641fcc6
Secunia Security Advisory - matrix_killer has discovered two vulnerabilities in Phpclanwebsite, which can be exploited by malicious people to conduct SQL injection attacks.
dd1d200cd2ff4f130e3ace67044fdfd561780019ddb7b6fc7a30d3c3e4712fd9
Secunia Security Advisory - Aliaksandr Hartsuyeu has discovered a vulnerability in ExpressionEngine, which can be exploited by malicious people to conduct script insertion attacks.
7eaa406d353432135d7f40a3cae7fbc0b616ea494498ff6e4bb8c1ad16b7706c
Secunia Security Advisory - Debian has issued an update for mailman. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
7e582180978d73ca93dac035839154664414b00ac8cca721ebc875fac1fd1240
Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious, local users to bypass certain security restrictions.
4f3d2d892ab573f2b168fa844660c8c21fa8c432fa9b5bc698cda93d207f95c7
Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Sun StorEdge Enterprise Backup and Solstice Backup, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1b65c640b35486accb2600354377ce397ee0ef1618d857eb6e7ffc2ac4707ce0
Secunia Security Advisory - Mandriva has issued an update for ipsec-tools. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
ed116a6f6df49e3a0a632db4010f49ba64db295bdb92b49651088b0594e66309
Using custom Microsoft Agent characters it is possible to cover any kind of windows, including security or download dialogs. This is an expected feature of the Microsoft Agent control. Because custom characters are fully scriptable, can have any kind of shape and are downloaded automatically, this can be used as a flexible tool to cover and/or spoof any kind of window and lure the user to execute arbitrary code by performing one or two clicks (depending on security zone configuration and Windows version).
039b06b0507512df1ffd004234a3787a21cf7ec3fdaad643a094cb8696e17771
Note-A-Day v2.1 does not password protect a sensitive directory leading to information disclosure.
9d9d12c063b7d418eac5256e7618635a978326aa7490bf76910a6e74638b40e6
e-moBLOG v1.3 suffers from SQL injection bugs leading to login bypass and information disclosure.
6155530b7e5ebcbae507cd31de1dd530d17ad0bd6dac37be8e345c4c579e3161
Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in Red Hat Directory Server and Red Hat Certificate Server. It is possible that under certain circumstances these flaws could permit an unauthenticated attacker to remotely compromise the Directory or Certificate server, in other circumstances this flaw could facilitate local privilege escalation to root.
6e9342c78e61c28a0dbc7c60186a0b107227cc4b377e5f1073f17c7eda93c630
Xmame 0.102 and below local root exploit for Linux.
2c6822915bdcdbefc6d4a8813d3e194cbb6038994934e02de11d2bd3f319d395
A simple lightweight threaded portscanner. Version 1.1
016fe412f7e19872b98981da557d161c4e796dd774935614f03e247112aff64f
A simple lightweight threaded portscanner. Version 1.1
016fe412f7e19872b98981da557d161c4e796dd774935614f03e247112aff64f
RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability
8aff353399cd70e494ccd17f68e2fda160bdabc46209288131fb167e560b0511
RCBlog v1.0.3 suffers from several vulnerabilities which can be used to open arbitrary files and compromise the admin's md5 password hash.
9a5a943ec06cac59377d32cc75369eeea009157b6051a9fe080aa6c64a9651d4
TSNG is another excellent release from THC. It is just your normal plain text mode wardialer without a GUI, but with the ability to scan with as many modems as you want. The only limits are your bandwidth, RAM and CPU power. So in theory, up to 65000 modems can be used in parallel to scan a large range of numbers. The modems can be in any area of the world, as long as you have network connectivity to the systems to which the modems are connected.
507bafc71c2cda7abc5b5ef9e08d09c37dbfcfb1829b0270db30b21988eef784
Advisory ID: NS-012006-ASPNET-LDAP - IIS running with .Net Framework - Web Services running on the ASP.NET framework may disclose an internal LDAP filter query, if an exception is not handled properly in the source code.
ec6248ef459de61a425371c1fc96b7fbbc2b00bd8dfab9a89c71ab083cdc6d40
POC Exploit for the MSVC 6.0 run file bug.
8dc1ea0a87aeaf315faada5f0a3e56449a6ecd38e65005ebcc862f8b10894989
MSVC 6.0 run file bug - Generally authors offer code as a project with source, headers, and msvc project files if it is a fairly big project. Most users will simply open up the project.dsw file, ( especialy if it says to do so in a readme.txt or other compiler instructions ) which in turn loads the project.dsp files, which provides the compiler directives. A malicious attacker could embed commands to be executed in the project files, and execute any local code of his choosing.
6a5009f0e4aebe69416725cbeacce66fef04e21047c8e1e2cc4db50de6dbc0ff
SysChk is a tool to aid in monitoring file system integrity. Monitored changes include: User Ownership. Group Ownership. File Permissions. Modified Time. Md5 Hash.
8ea43a8ad579b3a6784a08d37afa13ede6500c73177fda62fca08121d3cbc32e