There is an integer overflow in PHP versions 5.2.1 and below in ext/gd/libgd/wbmp.c in the function readwbmp.
aa74b34ae08f9f37b439284153a51e2cc96cf731a3e5258a9d508e00d2e5d7c6
Ubuntu Security Notice 450-1 - A flaw was discovered in the IPSec key exchange server "racoon". Remote attackers could send a specially crafted packet and disrupt established IPSec tunnels, leading to a denial of service.
82168eaf14ea6e9ed2dcfa4ad526db6a8096bf587c21abe4c3dd879e29126809
iDefense Security Advisory 04.09.07 - Remote exploitation of a path-traversal vulnerability in AOL's AIM and ICQ could allow a remote attacker to place arbitrary files on the victim's machine during a file transfer operation. AIM and ICQ allow users to share and transfer files via a custom protocol. During file transfers, the sender is allowed to specify the display name of the file, and the filename used for the transfer. The recipient can only specify the folder in which to save the file. Due to an input validation flaw, the clients do not properly strip "../" traversal characters from the filename the attacker supplies. By specially encoding the path attackers can force the file to be saved to a directory of their choosing when the victim accepts the file transfer. iDefense has confirmed this vulnerability in ICQ version 5.1. Previous versions are suspected vulnerable. Additionally, AOL reported that AIM version 5.9 and prior are vulnerable.
b77678f991015e9042ee8fdf0028477c14990bee80af6a2365dbcc3ee31f9200
nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.
84d172e64a4af1c6d664513642c8f3369d04c1b3c807ecc1f9cde8eb702a2927
The MyBB Hot Editor plugin version 4.0 suffers from a local file inclusion vulnerability in the "sec" variable in keyboard.php.
e14c76898d21a2bb7836c82a1533fd84e33cbe089dfd3e60c8d2c67e653360c8
The MyBB Hot Editor plugin version 4.0 suffers from a local file inclusion vulnerability in the "first" variable in keyboard.php.
4acfe1429e3c6665582ad8a653da47543cf23e72c2de86b14572ade8f99554bd
Song Request System version 1.0b suffers from a remote file inclusion vulnerability.
ef1fe578799163f7631651fecb1ffdfd42e97de21eab2f1e46aa8f560c3470bf
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
6166aa915c0504e6d982748c3fc2413659ab5fa30d8a106de6127abfd17cd107
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
2a11ba05f34b2978af3add623a641e0340d39322b4ca2bd26baae743c78de956
Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.
3602cd07ed6f9668ae0c219a6b224e4047ac9d89499a526eea2932f07ae8d004
.ANI exploit for Microsoft Windows XP SP2 Portuguese version. Binds a shell on TCP port 13579.
34abaf74826ed2f1e14ad544edf4c754f015c5776a06324d7cce9379f5f20ae6
IrfanView version 3.99 .ANI file local buffer overflow exploit. Comes with multiple targets and binds a shell to TCP port 4444.
933ce989fe1ceb743c833f979dcbca872ed0f1e5b8806a536e1d47d5d1bb8b3c
Pathos CMS versions 0.92-2 suffers from a remote file inclusion vulnerability.
773d13e14786e85b5b912be4827003981d6185257065d9b2c814c317d8db11b9
Battle.net Clan Script for PHP version 1.5.1 suffers from a remote SQL injection vulnerability.
b4ae7854f5c318f0510b1c94c05a05bf5952ee0f40a327b23adea6d10fdeb432
PHP121 Instant Messenger version 2.2 suffers from a local file inclusion vulnerability.
ec27accc2ef9b25f3a64e9dfd4a484a34ba0918af51bb9eb925cae2e924260c1
PcP-Guestbook version 3.0 suffers from local file inclusion vulnerabilities.
2021a8f2622770d9bf958afda022a8d033599ec065fc8a6a0443166de9e386db
Whitepaper: Linux Shellcoding Reference.
66b56a2a402353559920e7cc92cbdf62a89aef2b05132f52f60437a01a69c71b
Muts' python fuzzer found several format bugs in Microsoft Word 2007. file789-1.doc causes an unspecified overflow in Word 2007. file798-1.doc causes a CPU exhaustion denial of service in Word 2007. file614-1.doc causes a CPU exhaustion denial of service and ends with a ding in Word 2007. evil.hlp demonstrates a heap overflow in Windows HLP files.
0bf99d28ae1aa96a0bc1342073df4220be09213fe84ae13ec1e089bbb109bd1e
DeskPRO version 2.0.1 suffers from a cross site scripting vulnerability.
0d9a153aa8c83d4b4c69aeac2de1cbc273526c31388dcacdff9b84e15ad7aa67
Lore version 1 suffers from a remote file inclusion vulnerability.
2f90950a7d99facf6892458948b111b32b01dab9891fe802a43e55650c36f021
Scorp Book versions 1.0 and below remote file inclusion exploit for versions 1.0 and below.
6ea802ca1d136dd5b0f8fb7fca2096089c0160c29ea7b995ddbb7d29c8ad295d
Gaylvain35 Portail Web suffers from a remote file inclusion vulnerability.
91c6e3c232486c82c9a37257427dd0aad49e7e8816554f4dc7921b212e3e122d
It appears that xodagallery may be susceptible to a remote command execution vulnerability.
43fbc6f11610c729c9f765d88ff1310fc214b65065e046cde66b29bb071c69c2
UBB.threads versions 6.1.1 and below suffer from a SQL injection vulnerability.
f1cb69d6ae3577ea459edaf39c3a92a47b4a87d42d7c887046e69cab85274b52
QuizShock version 1.6.1 suffers from a cross site scripting vulnerability.
92cc8b2d2047c1927af9717520a62a8670169bb54ed5f15da80c86e02eacb5ad