Secunia Security Advisory - PlaySMS SMS Gateway 0.x is susceptible to SQL and Command Injection vulnerabilities due to a lack of input validation.
1cc264e0e4b8a2944a006a41120b90825709572680c28c278ad9eba146e8bd73
Sun Security Advisory - The Solaris Volume Manager (SVM) under Solaris 9 is susceptible to a local denial of service attack.
a8c6ebdaba6f938c0c8029a833bd13a7c8121c64368b4de0fc723ba27981be5a
PHPBB version 2.0.x is susceptible to an HTTP response splitting vulnerability and also a cross site scripting flaw.
9bd2d0b59a945ad92ce18125125d0ac88e7d1a7638e8a47859f05b04619bb36a
TinyCA is a simple GUI written in Perl-Gtk to manage a small certification authority. It works as a frontend to OpenSSL. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them. It also lets you create and manage SubCAs for more complex setups. The most important certificate extensions can be configured with the graphical frontend. English and German translations are included.
01abb155db1e0a3a7a2b3a3cb9678d54dd11f5399475445f0e61e18a0cdf1a19
GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
a9be25513f4bdec9d3c5e27dc95c4794f1cf93cf312a44b60c8a39dba86c2538
Secunia Security Advisory - Cengiz Aykanat has reported two vulnerabilities in eTrust Common Services, allowing malicious people to cause a Denial of Service.
2894708288caaaf6e3b2120fdc52945843409c7496057f455f34da77d567a6d7
The third advisory in a three part series discussing more flaws in PHP Nuke ranging from full patch disclosure and cross site scripting to SQL injection attacks.
09c091f1f233ed1902d0aa74ac5da411fb080ada57495aec27ef66ae17793c0f
Utility that attempts to find whether or not users exist on an SMTP server using the EXPN command against a list of user names.
73346010d346ef624f1a57c55f0aaafd2fb9476ea1e7678b6e797981f5d167fb
Tool for cleaning WTMP, UTMP, and lastlog under Linux.
59aa2101b05225dd0eb7e7b456eb26357540723e3c1d8a10deca83e9715a10fb
Sharutils 4.2.1 local root exploit. Note: shar is NOT setuid by default, so this exploit is completely proof of concept if for some reason the binary was setuid.
edd1020fd999d8177e094173be570e3a68f63ad358f7757f48ef91abc923b842
CuteNews version 1.3.x suffers from an HTML injection flaw in the commentary section.
1bed2be3a7e3553d352ea8e88aeacbb7a7dc51caa12eba604305e417a1450da1
Outblaze email suffers from a cross site scripting flaw.
2e3fb75d7c154d7b6b50aaad88ab9ae8b9d1380f03794f14958361957ee8087c
This pam backdoor allows access to a machine using a backdoor password and arbitrary commands can also be executed without logging in. Logs normal users passwords to a log file. Configurable without recompilation.
7f794ba5e8bc118b85ff262f027ec88781fe67d05316514d8796bbbf098b9f09
glFlow is a pcap-based traffic analysis tool intended for monitoring high speed links. The detection algorithm is based on realtime NetFlow traffic aggregation and analysis. The code is portable across platforms, it should work on every system with working md4/md5 and pcap implementations, with very little modifications.
04f57658bd93580beb4d38f158a69fd06e543e8d2d095e6403fe5360cd7d6a12
Remote test code that verifies buffer overflows in the Medal of Honor games including Allied Assault version 1.11v9 and below, Breakthrough version 2.40b and below, and Spearhead version 2.15 and below.
d9dedeac1cdba39e43966b1bd9cafc503a11804078a6604f32a375fcd32513a2
Medal of Honor games, such as Allied Assault version 1.11v9 and below, Breakthrough version 2.40b and below, and Spearhead version 2.15 and below, all suffer from buffer overflows server-side.
26138defb44c5ccd5bca6847f51453afed6f2ae54af0f0e5fde0b3aba6ceaf32
Local elevation of privileges exploit for the Microsoft Windows 2000 Utility Manager vulnerability. Updated version that can be executed via simple cmd.exe shells using a normal user account. Gives a shell with SYSTEM privileges.
075b9e7810c1d745ad80808bae307f18bd645d2e8f49f32f7a9315895c6f6671
Local elevation of privileges exploit for the Microsoft Windows 2000 Utility Manager vulnerability. Gives a shell with SYSTEM privileges.
6b4c09c3bcb0f4713a12fc777f2245169344041b7020220a150fb035f8202c0f
Web_Store.cgi allows for remote command execution due to a lack of variable sanitization.
a77628094a6127c5e36615486c6060183b4949cad68e0d36d30f9e53dae43249
A format string bug exists in the code that handle the Debugger Messages for OllyDbg version 1.10.
ea3b234c64fa58685fccf9e73ab76034b66c1ae43da07c0540c4599cf53cbb37
Microsoft Internet Explorer gives too much trust to the location variant when it comes to method cache.
dfcc5befe5b4cbb0775285dc6081d07b23ee805c7630f7a4a7e2a864aef1038d
hsh-gen is a script used to create shell wrappers to assist in exploitation of remote execution via directory traversal attacks on cgi scripts.
90c94617f5e3747041709613c0f8ebf5b34dc46ec64896e221aa3e60980ce0f9
mod_ssl 2.8.18 for Apache 1.3.31 suffers from a format string vulnerability.
6bc74708efb719f3dd166615a2295857ff80b86322f5e777eacbf97f0e3496e4
Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
bc7a7e134c35bd3aea3c6fe92c3d44b6cc0d62f964345f46925b5d30825f780a
PHP Nuke versions 6.x through 7.3 suffer from cross site scripting and SQL injection flaws.
70f19d1381815ef51a0a74bdb7a4451ff7d7ed90c0e356680bec2079856ee621