WebTrends Reporting Center is administrated via a web interface that has a flaw which would allow a remote attacker to disclose the physical path to the application.
ceeeb73740ef5d6595ffe3b3bcfebbaa1bd0e01644d2b67237781bafd0e4eec4
2Wire-Gateway is a router that has a webserver for maintenance. The CGI interface lacks input validation when returning an error with its return variable allowing for a directory traversal attack.
7d327c33155ca85a9c8ffbe857abf59b58c2dd8d41a1f071dd99da63cc51605a
OwnServer, a web server used for watching security cameras remotely, is susceptible to a directory traversal bug that allows a remote attacker to gain access to files outside of the webroot.
b32b6045df134cd7484a3ae7c2e8bfa669777d8d1b0a5b081d9961a173b87d02
When using the SNEWS protocol, Internet Explorer lacks its filtering engine and can trigger Outlook Express to be hit by a buffer overrun resulting in possible code execution.
b1c8758f7ae810befb59be9d3679bb31b88d48ffc8d5d5c14e2ef342f8769de7
vBulletin Bulletin Board derivatives contain a security bug that may lead to disclosure of private information via cross site scripting attacks. This vulnerability may also enable an attacker to transmit sensitive information such as encrypted passwords, user identification numbers, or forum passwords to another server.
648da248485971d719402b2948f41a186eff85e43a7ac497adcf75b8977cbf58
NETCam webserver running NETCam Viewers 1.0.0.28 and below have a directory traversal bug that allows remote attackers to gain access to files outside of the webroot.
3033ef31ebe260b918d9f1e9177da16b936b0caa1f3b1065986e5ccaa17a5f85
Various init related script in SuSE 9.0 are susceptible to symlink attacks.
558fe9c77b84013499f18e08a176fcedcda8445c9e6304fead1629d649ed6cc9
WebCam Live and Photohost are 2 shareware programs used to share webcam streams and photo albums through the web. WebCam Live versions 2.01 and below and Photohost versions 4.0 and below are all susceptible to a denial of service attack when the Content-Length parameter is set to a negative number during a transaction.
f1e754c06a56a62a8a54d2c97ef2aec69f3c5c8cb9126843431d8d1bf463efca
The Goahead webserver, version 2.1.8 and below, is an embedded webserver used by many products. The server has an internal problem where it will accept improper HTTP requests that allow a remote attacker to view source for CGI related files.
86b6965a79475e6b076b8955dfe03320b7908780179972962671b165a32736ba
The Goahead webserver, version 2.1.8 and below, is an embedded webserver used by many products. A flaw exists where an attacker can get the webserver to consume all of the server's resources by using the POST method with a specific number set for the Content-Length parameter.
750d26c05ba6a4c19bb67be0988c544aa47ff4b7bd00c46f35b28f0378c6877a
YaBB SE versions 1.54 and 1.53 have the functions welcome and recentTopics which are vulnerable to SQL injection because the parameter ID_MEMBER is not checked against malicious input.
95e89384d3a5e60f55043d680923bf50f3a2d727d428ca8993e211fcbfc77dda
A plausible symlink attack exists in networker version 6.0 in the shutdown script.
f71446ef6211d128c354e2004097b4569b81064c3ae7c06613e3f72160b90019
Attached is an exploit that crashes the Pointbase 4.6 database server that comes with the J2EE reference implementation. It is caused by fact that the Pointbase installation coming with j2ee/ri 1.4. is not equipped with an appropriate security manager, thus giving all jars implicitly all permissions. These unlimited permissions can be exploited by an attacker using jdbc to crash the jvm running the pointbase server. Further exploitations possible are information disclosure and remote command injection.
dce14b7ba6ef63416061596683c967a3e51ca10f2c1f0204a348921ccdd803ca
Georgi Guninski security advisory #65, 2004 - Qmail version 1.03 is susceptible to a couple attacks. A crash in qmail-smtpd occurs with a long SMTP session. The crash is not global, it affects only the current SMTP session. It is also possible to trigger a segmentation violation (SEGV) from the network.
10dae39fc506d25c870163518f0077627ecaf939966caa0aad04678186ced065
Pablo FTP server version 1.77 allows for information disclosure by detecting whether or not a file exists outside of the FTP root directory, allow a remote attack to peruse the system at will.
30472f2da0279acae8a308c9b219bd017b1c9a745f39a30ef1595f0e3ec6872e
The Mambo Open Source web content management system allows for remote command execution as the webserver user id due to a lack of input validation.
da6f8e308f6903ca98dc9383805abc68a8004be17d4c4787d292645cd9e1a4cb
Secure Network Operations Advisory SRT2004-01-17-0628 - Outpost Firewall versions 1.0 and 2.0 run with SYSTEM access, allowing a local user to escalate privileges.
e49c627bab85454145a426c7095bea20f3c2fa3995513f89ae6b5529a37a335b
elfpgp signs an ELF binary by using standard PGP/GnuPG keys. It also allows for verification of said signatures. The signature is stored in the binary in an ELF record.
c72305a22e7ace63cfd05154d33e383e750ba58c7cec03ad65c3754c61d2550d
SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all server related files.
d419aab79ceec1e55a50e7ae6b0e4ada556fd8172af713cf6c32b95f4c04f953
ya-wipe is a tool that effectively degausses the surface of a hard disk, making it virtually impossible to retrieve the data that was stored on it. This tool is designed to make sure that sensitive data is completely erased from magnetic media.
ea8956c31538b43f04ec3c4999a567a61f34fff0faf6ea02090c860b7f391be6
Promisc is a sniffer based on the AF_PACKET domain socket. It parses the IP, TCP, UDP, ICMP, and ARP protocols. A GTK graphical user interface has been written in order to simplify its use.
1b1b29e9e6227c46126f3b1948eaf0a26ab77c7ce834c3c93e5f63a30ce41221
phpShop Project versions 0.6.1-b and earlier are prone to SQL injection attacks, script injection, cross site scripting, and user information disclosure vulnerabilities.
adc0386ff64991975f3cef1848e988a682f780a5a19f78fb561e980f819177e2
MetaDot Portal versions 5.6.5.4b5 and below are susceptible to SQL injection vulnerabilities, Cross Site Scripting, and information disclosure attacks.
2f18758617babfb1684f97c043b085cc1427dc8ed63c02c6f2033bd498c2ebce
Xtreme ASP Photo Gallery Version 2.0 is prone to a common SQL injection vulnerability. The problem occurs when handling user-supplied username and password data supplied to authentication procedures.
18196c49e782ab6139923566eb59889974ae0a3c962a2c04583975e95eea74fa
The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access. Updated version of the original release of this document.
0a4e3c81dc818181f880893f3f4e1c339b5517ada7d7b0d09c8ac1ddf34cbe95