Fuzzgrind is a fully automatic fuzzing tool, generating test files with the purpose of discovering new execution paths likely to trigger bugs and potentially vulnerabilities. It is based on the concept of symbolic execution. Thus, the tool starts from a file considered valid by the software under test, and analyses the execution path to extract any constraints tied to branch instructions followed by this software. By resolving constraints one by one, Fuzzgrind will alter the valid file to explore possible new branches of the software under test, in order to discover new vulnerabilities.
1647ac2ac494e2a8033936f8ac52d252a482907419e181e11a74a9df3fc61c22
Online Guestbook Pro version 5.1 suffers from a cross site scripting vulnerability.
316a7de722244a1fef251ad9b11895d95e9e08cea3261c3bfed2ed472ca791f3
JNM Guestbook version 3.0 suffers from a cross site scripting vulnerability.
30d52832e26f1e63d77278530421a4b863521029fa4fe90f4284354a609c8af9
DB Top Sites version 1.0 suffers from a cross site scripting vulnerability.
849204a499bf4692e8e04dd204e1b86936c82dfbe74a215c1aff20d909cb4e36
MySQL version 5.0.45 suffers from a format string vulnerability. Proof of concept demonstration code is provided.
2d52aab1c12be86bae2773c2634920d09db2b48caae9a13142cc7e61c1976c38
Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests. This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code. Arbitrary native code may be run by a malicious attacker if the blog administrator runs injected JavasScript code that edits blog PHP code.
43efc5605f03f9b6b8bc960812c20a8df3e0ad4ba585ad37e94105a2c1f2b536
Core Security Technologies Advisory - Awakening's Winds3D Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website. Versions 3.5.0.0 and 3.0.0.5 are vulnerable.
9678ea739c83991289267c1a44276a19199e2657a49fbf488df9eccc5dd96d31
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
9633e104c519fade1c9fce5843d1f70439b156bcc446aa270ea8192d461d9cce
This whitepaper discusses the use of cross site scripting and iframe injection when performing phishing attempts.
92d2e388e627a22176d3cf95df9244027d7a33e2a5ee6c88c835f004ce97179e
Calendar Express version 2 suffers from a cross site scripting vulnerability.
b79ec2d73f9ad3fce0bc1b68c7d0b62002bd71d09f720776ed6c718aea6ee069
The Remote Web Workplace Attack tool will perform a dictionary attack against a live Microsoft Windows Small Business Server's "Remote Web Workplace" portal. It currently supports both SBS 2003 and SBS 2008 and includes features to avoid account lock out. It is written in Python and requires pycurl.
2b844771a4db3be8199e0c71c40dbca2fe50db3fa961396f158b36beae81c99b
Month of Twitter Bugs - Twitterfall suffers from a cross site scripting vulnerability.
65fb9c299abb8b929979fad6222bed58930a27ee64999561b72cba49ccc48252
Month of Twitter Bugs - The yfrog application suffered from a reflected cross site scripting vulnerability.
283cf7e1ae7038770924277e991ca2898b86c2b7153af6cd01f0d9b8a79318e5
Month of Twitter Bugs - The TwitPic application suffered from cross site request forgery and cross site scripting vulnerabilities.
ac99bf0f99e3d52cee2f2163612083138e5101fe349bda2bad006174ab6c2e36
Month of Twitter Bugs - The TwitSnaps application is susceptible to a reflect cross site scripting vulnerability.
1aa2f141901738d38bfae80def5fd9ab666dedfd8d188000f20b7e448e099472
Month of Twitter Bugs - The BigTweet bookmarklet tool suffered from a cross site request forgery vulnerability.
0b17f72c1dc2da7cf4f3ff5dff5cc5f6a402f6b6e6707938de5e4e5b56ba5e54
Month of Twitter Bugs - The TwitWall application suffers from a persistent cross site scripting vulnerability.
a58a9c6d750d535f4ccee264e486a17f7058af99920ca033e156007ce493340c
Month of Twitter Bugs - The HootSuite Twitter toolbox suffered from a reflected cross site scripting vulnerability.
f28506907cd78635c4ac90b9095db2b20246930dc6c5c11faee949ae3b552812
Month of Twitter Bugs - The bit.ly service suffered from multiple cross site scripting vulnerabilities.
31ec4a5275c9326490446d0db51bcc2382ae41ebdae9b9e899f219a573d60baa
The RTL8169 NIC driver in the Linux kernel versions prior to 2.6.30 allows remote attacks to cause a denial of service.
82796f6f344eec34a490a3fd53394663a4bec37a7e4511cbe63707a3e3e021e9
Whitepaper called Spector: Automatically Analyzing Shell Code.
48ece968a47b6a78a543ac11868c445687fd0d92b816b6b54404c203b8529fcd
Sosblog suffers from a persistent cross site scripting vulnerability in the article commenting section.
f8b3729228555cb80129b445b9232179c50181885d8d8e57e953e4ae23d87702
Rentventory PHP suffers from cross site scripting vulnerabilities.
7187e4053bb9f1cf4c33c883fb5aff6d5c632b96e2cb644be3059ef55c03ed27
Big Sister File Exchange Server version 0.03 suffers from a database configuration disclosure vulnerability.
426f9187c143c614a52d6c4e9875d9dc99cfee623b7fecbc906893a5611b234b
Linea 21 version 1.2.1 suffers from cross site scripting, iframe injection, and redirection vulnerabilities.
ce066d1bad9f58d3a6f4e66dc7edd935a57af3726c13fce5b2b4ee186c8a897e