Small write up called finding sysent on OS X 10.6.1. Good information for Mac OS X rootkit writers.
1a5b60643b2f08891db208c8e184461731b58a2d29562a6b083d3c69964404f4
Piwik Build versions 1357 2009-08-02 and below suffer from a remote file upload vulnerability in ofc_upload_image.php that allows for remote command execution.
1a4ced885e76951f022838dffefc439bad5037fa81f9fc25fb73385a257445ed
TBmnetCMS version 1.0 suffers from a cross site scripting vulnerability.
e0494629c07b60e4e8d7fcc0fc581b41b020b3bc80071aa41901560ac35c3d03
Barcode Generator 1D version 2.0.1 suffers from a cross site scripting vulnerability.
e6733c1f11efe13c1a3f76718096c9981bc1983d69fdbf8e6c102f55428101fc
3Com OfficeConnect routers appear to suffer from password disclosure and remote command execution vulnerabilities.
f4915ebc296bd3603c9e336e18437ac196860ed9675bddab482982e82f9ed5a8
Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
d4a405d3376d100335ac5485840386bffae3b7206c1fe2d6df07c5b9b3885430
Whitepaper called How to find RCE in scripts. This write up provides various examples and discusses remote command execution methods used against poorly written PHP code.
2f2fde57f7982151153355aa3ee97d4515c9dd2fff3b9dada9ae0554cc3a4ea6
Whitepaper called Finding Vulnerabilities in PHP Scripts. This write up comes filled with a large amount of useful examples and even provides fix information.
b66897db584121d2691f15a502d48781c34e1c4bea1a3fe041b00097b17c8307
McKesson Horizon Clinical Infrastructure, also know as McKesson HCI, utilizes hardcoded passwords for Oracle database access. This is very disturbing considering they claim to be installed in 70% of all hospitals in the United States. Versions 7.6, 7.8, 10.0, and 10.1 are all affected.
338f59674a13cc531fcb34045e62ba3a8b370fcd37fd40240002d1a12b51465c
Debian Linux Security Advisory 1913-1 - Max Kanat-Alexander, Bradley Baetz, and Frederic Buclin discovered an SQL injection vulnerability in the Bug.create WebService function in Bugzilla, a web-based bug tracking system, which allows remote attackers to execute arbitrary SQL commands.
c5d137ab50a744411d6e2e95999268eb1d61eeb1d94d9061a8c3862af477653b