Acc PHP eMail version 1.1 suffers from a cross site request forgery vulnerability.
4581b3ccb8d64f6255f9996650a5bd65a510942012ece4b44f8874f82378819a
WBBlog suffers from a remote file inclusion vulnerability.
f2a6735dabf275055d3a25a0184dc4849d25f16374750ce5ec63e4825f3e9052
Piwigo version 2.0.6 suffers from remote SQL injection, cross site request forgery and cross site scripting vulnerabilities.
7c72c76c16aa2ff272df3138d054b4fa79cd33247ef20496da1fc0296c5d2d0b
Ele Medios CMS suffers from a remote SQL injection vulnerability.
49bcc9237c752ebb9a649805e0dc412c3b97de160f4b02a36796c3e11442a4e0
This Metasploit module exploits a stack-based buffer overflow in the Millenium MP3 Studio 2.0. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extention is registered to Millenium MP3 Studio. This functionality has not been tested in this module.
4a1e117ec7a07c9369020bc7ebc32cb7a03208c810258087037afadadb98fa5d
This Metasploit module exploits a stack overflow in Xenorate 2.50. By creating a specially crafted xpl playlist file, an attacker may be able to execute arbitrary code.
ad0b6f04e4f71bee6bd71a38599a3b4587487cadbda7bb7cf60e018dc123d11e
Xenorate version 2.50 universal local buffer overflow exploit that creates a malicious .xpl file.
753f9d0b80827515eccc9e2846f7764cb82c02d4cad8f4b8b4098ab59bf0b3af
SAP GUI for Windows sapirrfc.dll Active-X overflow exploit.
fb087f2477c856e8815f8b0952df2ba073d8a422225953ad69fc32b0a388ffcb
HP NNM version 7.53 ovalarm.exe CGI pre-authentication remote buffer overflow exploit.
c3254e5bce844de2beae7b43c17e8ca6a8e7cc2e902e7f875b73fd47ddbfe34d
Debian Linux Security Advisory 1950-1 - Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+.
cb6106ed509c73b812d4c51fc7788d4c959ede34e11383c49d52c9bb1f64fcce
Debian Linux Security Advisory 1949-1 - It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments (no CVE yet) or execute arbitrary commands (CVE-2009-4024) on a system that uses php-net-ping.
bdc7b81a44b21ccf791c69f5151721ef005a43fa61e21e1cf386af20ea9abc31
ArticleMS version 2.0 suffers from a cross site scripting vulnerability.
8a0bb64b998a0a09683e7a77acd854fd568342dd11a596e6b95ea1b206d28bf9
Chipmunk Board Script 1.x suffers from multiple cross site request forgery vulnerabilities.
d27c65a434e67dfcbec050b79dea0f074b1c3b9cde65d4bec2fda849d558083c
Mandriva Linux Security Advisory 2009-259 - preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. The updated packages have been patched to prevent this. Additionally there were problems with two rules in the snort-rules package for 2008.0 that is also fixed with this update. Packages for 2008.0 are being provided due to extended support for Corporate products.
ee5fec922445fc73e30d9ef005c7991028e684036a55c43cce10e70dfe8a3b98
Chipmunk Newsletter suffers from cross site request forgery vulnerabilities.
c10e82617177a868ba0813d1c04e90e97a9388e2a7980a62bc041e761fe9f55f
Model Agency Manager suffers from a cross site scripting vulnerability.
8ea501fd62b4294aabcd1c910a5dfef8ae2cf9c6e4be00571350605369851aaf
Arctic Issue Tracker suffers from a cross site scripting vulnerability.
a2c36bc55723121d07d216436961734edb3389a48674475081287b37838c438d
Mandriva Linux Security Advisory 2009-296 - Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.
8a424be972edd20a5efd8fdfd4170719f59c4e38346adbd173702deb1f7539f6
Safer-networking.org (Spybot) suffers from a blind SQL injection vulnerability.
746583321ca61eb6849608650333d8669ecf9aefddb3dcc33b69f840008422e8
phpCollegeExchange version 0.1.5c suffers from a remote SQL injection vulnerability that allows for authentication bypass.
67e84a12c1e1972d77ab6b80d76a12107a496e347fad485c8542b7bdf15742c4
phpCollegeExchange version 0.1.5c suffers from a remote SQL injection vulnerability.
6b1b6ea3f643fbfb347dc878ece8be1636f2f3a195a232eb5bbb187fb833d804
Mandriva Linux Security Advisory 2009-332 - Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. Additionally the patch for in MDVSA-2009:296 was incomplete, this update corrects this as well. This update provides a solution to this vulnerability.
a17d6153f5063f0ff22cb23f02d1a912a4bfd94c9b0d868d6b8cfcfba044824a
Digital Scribe version 1.4.1 suffers from multiple remote SQL injection vulnerabilities.
ebbf4c9858b41d0bcd50257f84f3b396fe036c02646b8c5496e44b515fa54527
The Next Generation of Genealogy Sitebuilding version 7.1.2 suffers from a cross site scripting vulnerability.
ceea14507d556caa6af031be03e20b6049d62d9bf686e4089b8b3f6754b3662f