2^6 TCP control bit fuzzer (no ECN or CWR).
acfc236162c8e9847ca2d395fb48be29cbbc9dc349fb97ccdf40724996d73882
Mandriva Linux Security Advisory 2009-241 - The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. This update provides a solution to this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
359a6ed0952583c3522734705aa8adefa5ddc6a19111b88b259ec4d12fd8f36c
Active Calendar version 1.2.0 suffers from a cross site scripting vulnerability.
22b45e544fd05c068437c2e96a47768aa9fe4bb3cbef216acb4e06ce2b7e0327
Mandriva Linux Security Advisory 2009-293 - Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to emergency mode. Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional upstream security and bug fixes patches applied. This update fixes these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
4136321399907bc27e64746ae43e0f3db81f16e01b27c8114f06d8ed2998ba88
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities.
ca929167a6a430b66650857a093ae76e47f6db643eb8bafffa59b6ebc10896d0
This is a brief whitepaper discussing TCP session hijacking.
29ad65fefcde17cae95eb16aa1b853b78890e0c39b7905adca97de024a792b97
Mozilla Firefox version 3.5.7 remote crash exploit.
0ee8c1b77978f10aa3bb91fbd53df9ea66760430b290072c3eb2f0d7a763ca49
Safari version 4 remote crash exploit.
8b5b84302b19ed6951e03060c869c34fe06f9e5e32f07adf654a44f1848a62de
Mandriva Linux Security Advisory 2009-316 - The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than and CVE-2009-3720. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The previous (MDVSA-2009:316-2) updates provided packages for 2008.0/2009.0/2009.1/2010.0/mes5 that did not have an increased release number which prevented the packages from hitting the mirrors.
65a319ba6e69c9835b128c925cf1694bfae7fe20c0b9a69df9bd5a8c82228cc1
HP StorageWorks 1/8 G2 Tape Autoloader suffers from denial of service and privilege escalation vulnerabilities.
1796e1effd5dcca9f3b5760999cef870ea8e8cc8bf86fbd5442cd59e0b319642
Whitepaper called SSL Sniffing. It discusses the basic use of SSL and what types of attack tools and methodologies exist.
de3b2e24d4c45610d923e09653831838fc578281e0df75ef9fab4c92d3ab4e77
HTMLDOC version 1.9.x-r1629 local .html buffer overflow exploit for Win32.
095175a7d02b2fe4657634cc64a4193d580ca5d0b32384de942458135879443f
Tincan LTD suffers from a remote SQL injection vulnerability.
fec0ae445e50e798e33a2cd81299849658d864990587e84346e1b562a2cde925
This registry code allows any terminal client access to a Terminal Server. It bypasses the Microsoft "Terminal Server License" and allows the client to create a session on the server without a CAL (Client Access License) or MS Open License. It works on WinNT, Win2000, Win2003 server and Win2008 server.
9cec54ca3bf48377115aba5d8a681eeb8b070d26a3b7949518b42ec39e09b6cb
The Joomla Dashboard component suffers from a directory traversal vulnerability.
c8dc4afa32db2c7fff9538abedf0a82b39026af0143e94a5ff17421ea64f5b54
Mandriva Linux Security Advisory 2009-227 - The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967. This update provides a solution to this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
b9e443db5e40a60f2453ff51932c75cc3434451f8eaece99ee58302b7f954628
Image Hosting Script suffers from a shell upload vulnerability.
d6d3adf51db6e7b299b1f8c419f01679a7a6b16c0b735b570ec7f7ef6950fad4
ALPHA3 is an alphanumeric shellcode encoder.
ce340cf911a3c7c4b4d3e13db65c19e98a5ba76465416bba9e7ded0b446353e5
CMScontrol version 7.x suffers from an arbitrary file upload vulnerability.
ef3f8d17c66f71b88c5efa2af8a406c9dd74eea1b0c695c976f46886dc96b11e
Approximately 34 million tagcloud.swf files on the Internet suffer from a cross site scripting vulnerability.
a08201662495412c103ae59c8fb8e98c443eed4b23c61bb8f3041cb0b3eaf03e
vBulletin adminCP version 3.8.4 suffers from a cross site scripting vulnerability.
d4e3644091f7c2cc7eafc68997c66ed25f03e37287f5dc7b72bc3b5a95c94aba
Surge-FTP suffers from an administrative web interface cross site scripting vulnerability.
3647c9dbf6a9fe304ceceda29eece4259647eb66d41dcee1ea92100a3f07a88d
JunOS malformed TCP options remote denial of service exploit.
4a02ff0a157e6b665f0d093d25f8dbc8bcdc06da82a4c13c576b752c9a18a7fb
easyAdmin2Pro suffers from a cross site scripting vulnerability.
ba74bafb4196e0b1a769cca4fedf7fec8e5ee97f9da06d6b0be472c2e6ab6ab4
Mandriva Linux Security Advisory 2010-000 - The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
938d074ddb448c4a301e309d29f8b3bd05108a8a5b85998c158cd629fa6afcd1