S-CMS versions 2.0 Beta3 and below suffer from multiple local file inclusion vulnerabilities.
4969b9cff3ba4eed139bd55ef52527be04fd89b448a0bc9c9766b207c078bc84
Ubuntu Security Notice USN-785-1 - It was discovered that ipsec-tools did not properly handle certain fragmented packets. A remote attacker could send specially crafted packets to the server and cause a denial of service. It was discovered that ipsec-tools did not properly handle memory usage when verifying certificate signatures or processing nat-traversal keep-alive messages. A remote attacker could send specially crafted packets to the server and exhaust available memory, leading to a denial of service.
208e147ce29e65f7d8f96691927f0fe32948bb42223fd69447cd79efea688f99
HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running SNMP and MIB. The vulnerability could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS).
adbe17937a74e321a838c48aab551631bfb8a84d025587aae81221952cb427a1
Apple Safari versions prior to 4 may permit an evil web page to steal files from the local system by mounting an XXE attack against the parsing of the XSL XML.
e9629230c391f216896d6065eb1e80b55c3825799e35430b12dbef7a474701b8
Zero Day Initiative Advisory 09-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript set elements in WebCore. When an SVG set object is appended to an SVG marker element that is dereferenced, calls to the targetElement attribute will fail to reference count the marker element. When the set element is appended to another object, subsequent calls to the targetElement attribute will result in a heap corruption which can be leveraged to execute arbitrary code under the context of the current user.
cf8604ce72d5c9bd4c727ff12fc63e69f99f8bff0eb3dc75009bbb2e8b48db76
Zero Day Initiative Advisory 09-033 - This vulnerability allows attackers to execute arbitrary code on vulnerable software utilizing the Apple WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when the document.body element contains a specific XML container containing various elements supporting the 'dir' attribute. During the destruction of this element, if the rendering object responsible for the element is being removed, the application will then make a call to a method for an object that doesn't exist which can lead to code execution under the context of the current user.
6e80b5824ae34097d5c28a72f0440e425c552a71e38a28f6b15dbd85405346f4
Zero Day Initiative Advisory 09-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of attr() functions in a CSS content object. When a large numerical value is passed as the argument to the attr() function, a memory corruption will occur which can be leveraged to execute arbitrary coder under the context of the current user.
3406b151f54e4e829c0123b2413427f1c5cbe6bc5c6796e106f73a28b01c6c9e
Zero Day Initiative Advisory 09-031 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.
286f5573fcf8c6351e406eab363184ebc1f7e8a3742b6d01a9ca6c90a0e3992d
When using a RequestDispatcher obtained from the Request in Apache Tomcat, the target path was normalized before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.
c0a0a2a9804149cddfa6d775c7f68367d06311ea65f71bbd9aad52799158a793
This is a utility to generate portbinding shellcode payload for Windows XP/SP1.
bf0f481e32cb257a862904bc89cf4a124df303ab40cc597e1410ca33a91a327b
This is a utility to generate portbinding shellcode payload for Linux/x86.
6c2fc2e2b424d795c8196a3aa502fcb488595071f7752a8e8da3bcb311373a1c
The Joomla Akobook component version 2.3 suffers from a remote SQL injection vulnerability.
d8809fb50ce5c5880bad0069971393eb3e77b949f9b0ae1957feecad59477858
The Joomla Media Library component version 1.5.3 suffers from a remote file inclusion vulnerability.
c4639003c79b29970b9a28af1f88540ea0be51c61f65410069b6b23fb79a7fd6
The Joomla BookLibrary component version 1.5.2.4 suffers from a remote file inclusion vulnerability.
04c4367d1180c9b08d4ee3c368cb234c53cdc21efa25ee1a14bd406d42ea7027
Secunia Security Advisory - A vulnerability has been reported in Online Armor Personal Firewall and Online Armor Personal Firewall AV+, which can be exploited by malicious, local users to gain escalated privileges.
025e45e3bc9fb89e52e97d5d634f12808cf23fd830875dcb606091399382cd25