After issuing fixes and an advisory regarding cross site scripting vulnerabilities in Cisco IOS, user input sanitization vulnerabilities still allow for more cross site scripting attacks. Proof of concept provided. Version 12.4(23) is affected.
4b8e1bda492dbd916cff67902a9c08759123ecbc5e870b2d27afc13135780d0e
Amaya 11 remote stack overflow exploit for Windows Vista that makes use of the bdo tag.
e2a2d533c2ccd8fa575f2f8d933e131e2dc3f30b3543574bb3fb034ec5394986
Amaya 11 remote stack overflow exploit for Windows XP that makes use of the bdo tag.
e49b4605d5ab57c5620fb675381e5a3726690a4cd9edc98d7bd070a91e4f751d
LCPlayer proof of concept denial of service exploit that creates a malicious .qt file.
322d32d084c67fcef842b81ba6bfaf3d3e1270b57f006d85a60eb7afc17165bf
GR Blog versions 1.1.4 suffers from remote file upload and authentication bypass vulnerabilities.
86b378c7ae8c58c73524e90124620acde3c589ae6a2fac9156118a503ef8c8a3
Free Download Manager versions 2.5 and 3.0 stack buffer overflow proof of concept exploit.
39777be1f85065badba6635c5367e461cc771629596f5bf25851de9606d5ee2c
Novell GroupWise versions 8.0 and below malformed RCPT command off-by-one exploit. Affects versions 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0.
cda22220d5d85f8227845ba12b4f38ab62b6cf123eb8fa3b922c51bdb0f2b0f1
StreamDown version 6.4.3 local buffer overflow proof of concept exploit.
b8aea8bdd36d45bd058b105157c1a2525baf68768598c6f67b4570d5deb30151
YapBB versions 1.2 and below remote blind SQL injection exploit.
4f1c5776d73f7cba4a9de65aac18bd8f9ac08ec74e969296c6cffe6991b5cedd
MetaBBS version 0.11 change administrative password exploit.
0750ac5f62d737bb542f040c016f81681900634bfb0a0e5a00c6f579bcb3db66
sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
deea059d31091c2d800c35dbd47b454d15ccca8ffbad0c5ba4ba9e1b58746265
QIP 2005 suffers from a remote denial of service vulnerability when receiving malformed RTF messages.
41563e1ce48d96ff203dbafc88910b7ea6513ec9f9389ab195e5adbe6f93681f
Power System of Article Management version 3.0 suffers from database disclosure and cross site scripting vulnerabilities.
b9d0605fee5a8cc6c0f24014ea62c5527c65e94feab93643d63121ece1d8c0d9
Team Board suffers from database disclosure and cross site scripting vulnerabilities.
fdb547a4f03315b5a1e23fb354a1bdc5522298d29d6f6a276c0dfd8906db3703
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers. These include denial of service and privilege escalation flaws.
ceeba2fd08c41e8b3afe769edb0d1cb6c2f14f86ba37b2bae80efbb6831d3d2b
The HP-ChaiSOE/1.0 embedded web server on certain HP JetDirect printers allows a potential attacker to gain read only access to directories and files outside of the web root. An attacker can leverage this flaw to read arbitrary system configuration files, cached documents, etc. Information obtained from an affected host may facilitate further attacks against the host. Exploitation of this flaw is trivial using common web server directory traversal techniques. Verified vulnerable systems include the HP JetDirect 2420 and the HP JetDirect 4250.
be8fa162c08d4f572bcb2aef847e724d081ab534467549eef582a0eda6be899e
GRBoard version 1.8 suffers from multiple remote file inclusion vulnerabilities.
54abd89d34714a2e954322e8b4ec21366e847400a2e4f97f6a510ac0b5e1c86a
rgboard version 4 5p1 (07.07.27) suffers from cross site scripting, local file inclusion, and remote file inclusion vulnerabilities.
93f504f7406bef112d1c1b7cc575c5573fd377a9adf15cefe6a20ab71aff0ece
Mandriva Linux Security Advisory 2009-033 - A vulnerability has been identified in sudo which allowed a sudo-user to execute arbitrary shell commands as root. The updated packages have been patched to prevent this.
8844a007e1da129307fc0f7a7968ee532a16627ca30d81c29c81ace79c872b79
Syntax Desktop version 2.7 suffers from a local file inclusion vulnerability.
0ff1a5099d31773b093269acb0731b50c0cae25e299ed3ce56d7568d6e584849
HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
98b02b39e8efb68d6c260ae6b528aaa0975fbbdee2d8d7324a63f20b0db19b90
PHPbbBook version 1.3 local file inclusion exploit that leverages bbcode.php.
91442a85468196228259433d5c88831f522791e40bccaf649cd84e9e36240704
Squid Proxy Cache Security Update Advisory SQUID-2009:1 - Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. Versions 2.7 up through STABLE5, 3.0 up through STABLE12, and 3.1.0.4 are affected.
35ff4b2f0ec1ca6a40c33d294aa23914b6f2ac816fc88f8652ef3a659b5fa52a
Euphonics Audio Player version 1.0 buffer overflow exploit that creates a malicious .pls file and was written for Windows XP SP3.
1198ed8737a1ce7eccd302dbad114193b8d99483fba33e29c2a6c4e559486651
Euphonics Audio Player version 1.0 universal buffer overflow exploit that creates a malicious .pls file and spawns calc.exe.
279931929b097b80444d5b8d9a7488114f73454042ea5eb36f60e643ca6ff669