World Association of Newspapers remote SQL injection exploit that leverages articles.php.
5ad5aac0cf3897c1fa2e5d8d967aff981baaf46824b23ad92cdbbffa862d555e
Snippet of code that will supposedly cause Apache 2.2.11 with PHP 5.2.8 to crash due to a possible buffer overflow in com_print_typeinfo.
257e1e5fc8b8be778287c1c7f88ce8ce5cc280c6e7411c54152e72db2532e40b
Mocha is a tool that monitors your network activity and keeps a record of IP / MAC address pairings and firewall logs. It will give a warning when it notices any suspicious activity, like any changes in MAC address or any connection attempt to the firewall. Written in Java.
8d18156a1211358604da4b057ee625f1f9d8b297903784087dcbe64e21a6955e
Microsoft Internet Explorer 7.0.5730.13 Javascript screen[] denial of service exploit.
1788556f864da691e29d281e9f29a58d6ca6b77ac8046ec570596cb6fb81f22e
VUPlayer version 2.49 local buffer overflow exploit that creates a malicious .asx file.
8a8b6d22242f0673fbcd9c4e980b8e04251604b27582bdc85af3fe21b447fc53
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images). Both source and jar releases are in this tarball.
a79b5bb944b28cd3f435e475fb30ef328bf76147168a5710a1a63e0f849e210e
Shakacon II Call For Papers - Shakacon will offer local, national, and international participants a casual, social, learning environment designed to present a "holistic" security view and the opportunity to network with peers and fellow enthusiasts in a relaxed setting. This conference will be held June 11th and 12th, 2009 in Honolulu, HI.
cfccea6ebb30edbd84c9b9e2f663fd70165338c8e14679726c775c18014f762f
Fast FAQs System suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5ef5d90a1af4064c35171657d2b81f54cbb8fad4b4e9dd86ce16946b1985e7d8
Debian Security Advisory 1698-1 - It was discovered that GForge, a collaborative development tool, insufficiently sanitizes some input allowing a remote attacker to perform SQL injection.
a916cb1281407b15575a876148702ec9fb71984174d94370033d3e17160e01c5
Mandriva Linux Security Advisory 2009-001 - A vulnerability was found by the Google Security Team with how OpenSSL checked the verification of certificates. An attacker in control of a malicious server or able to effect a man-in-the-middle attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, which would then bypass the certificate validation. The updated packages have been patched to prevent this issue.
7cb36eb4be3d23af4e2bd6fb95b420edddd09b2ac6e865b634c41f2da5f0add4
VUPlayer version 2.49 local buffer overflow exploit that creates a malicious .asx file.
b0c5560b1d98f7e9c7b00ae89c58c221e8947df9ad7608d5a834035d575d45a6
MP3 TrackMaker version 1.5 local heap overflow proof of concept exploit that creates a malicious .mp3 file.
130ad6cabdb2840fe0d7fa9febfb11106b2d3efb60d7f1aba8ed2aecd416fb2f
Ubuntu Security Notice USN-706-1 - It was discovered that Bind did not properly perform certificate verification. When DNSSEC with DSA certificates are in use, a remote attacker could exploit this to bypass certificate validation to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
b23a84a6d2c4fea39375286b937b3436f0ba4ad561bbfcbc61fbe197d2a045d6
CUPP is the Common User Passwords Profiler. It takes in various user about a given human target and then generates a logical dictionary for password cracking.
d24f7c8ccdff89c52cbc6dabbf113fd3a7cd1c4d1d3090bf2e9fbedceae05a66
Google Chrome appears to suffer from denial of service issues through misuse of the view-source URI.
5d990fc777e6b98148174480d63e8c8f7b2e1dc130def54d59a966677b34a49e
The IBM DataPower XS40 Security Gateway automatically reboots when fed random data to TCP port 443 over SSL allowing for a remote and unauthenticated denial of service.
17aa6440b579293ebfd9b3dce003053e7a25c6accb59329152a7322c87f061d8
Samba versions below 3.0.20 heap overflow exploit. Written for older versions of Debian, Slackware, and Mandrake.
43b87d032641543dcbbc7602729efaa345048ff41a4495d0b750df770c23b850
Asterisk Project Security Advisory - IAX2 provides a different response during authentication when a user does not exist, as compared to when the password is merely wrong. This allows an attacker to scan a host to find specific users on which to concentrate password cracking attempts.
76953e16708f452e52817ab659a4b7c085e7394015faca6b640857c346d8b1de