wget versions 1.8 and below allow for arbitrary overwriting, creating, and appending to files on the underlying system with the permissions of the user executing the binary. The files to be written to can be anywhere regardless of what the end user has requested. The primary flaw is a failure to sanitize redirection data.
1be8cddd71aff948bf1e3a1902aa0ce2fa4a77c5d800966d1b956c4a162900a8
Secunia Security Advisory - A vulnerability has been reported in Netscape, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
427e373adbd85dfa1d0b69050e0e10be3aea10a18b8d14f15fb63e338554c59b
Secunia Security Advisory - A security issue has been reported in Codestriker, which can be exploited by malicious users to bypass certain security restrictions.
2a4ae324585573e97d5ea7329dca965e578becc6da28c396b295e421788feac8
Sun Security Advisory - A security vulnerability in the in.rwhod daemon may allow a remote privileged user to execute arbitrary code with root privileges when the in.rwhod daemon is enabled on the system.
bc43fac1472b7b58b6e7d46b7c1cc7ccb2d871ebf725027324c89d9d1ebad9f0
Secunia Security Advisory - Secunia Research has reported a vulnerability in Safari, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
bf4d29206a94b7cfe8ded32b34e99bebbca2bb6471fa8d49aa683f6ca7dd3232
Secunia Security Advisory - Secunia Research has reported a vulnerability in Mozilla / Mozilla Firefox, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
e09fcdf5a8e7130b29fe0ecbb7e985984f11b56c179f4d677c79b3a24855e84c
Secunia Security Advisory - Secunia Research has reported a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
6d8308c518733c7776cb510cc0ea5d6ef37999dffc64664778046c4697324cea
Secunia Security Advisory - Secunia Research has reported a vulnerability in Opera, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
b40166db4b8355c80cba9f21b479952933e2b36b6d081067806ffa384e0225b0
WebLibs 1.0 is susceptible to arbitrary file access due to a lack of input validation for a hidden variable. Exploitation details included.
ee5d12510eaa234114305cd2d559efb5ef1c345f0631a684bbb76be21dcfe7dd
MaxDB WebTools versions 7.5.00.18 and below suffer from a denial of service flaw and a WebDav stack overflow.
c20f2fce6b880245de398b94db42eb5c621021013f6b5edf715a90dea9a81f62
Denial of service exploit for Battlefield 1942 versions 1.6.19 and below and Battlefield Vietnam versions 1.2 and below.
0b896592570cc8b630a314aa69d661629c0c403170b2bc8075e88a3b258450d9
Battlefield 1942 versions 1.6.19 and below and Battlefield Vietnam versions 1.2 and below suffer from a client side denial of service flaw.
7c1ccfd9631dc341f6c7024b49fbac8a74263c1fd741fa3ba79e08c8ad539969
Gentoo Linux Security Advisory GLSA 200412-05 - mirrorselect is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
d529ce009cef0f8a909805b51d672ec8f6d56209c11b2ba7b174b7885a6db86b
A security vulnerability in Internet Explorer allows remote attackers to discover what software is installed on the remote computer by testing for the existence of certain files.
a81b0921a0baf46ab59d80d080a461e860a06714e7836a306ff2fec429cc6662
A whole slew of cross site scripting flaws have been discovered and are listed here.
4bb02301bf39b0ef15290570e5a3d6eac0d983938e975028ff517cb527404030
Secunia Security Advisory - A vulnerability has been reported in Unicenter Remote Control (URC), which can be exploited by malicious users to access arbitrary URC Management Servers.
25e65ba2e5e8c8f69656546d99af6002b6b7e89f906495b9a6709c15174ec833
paFileDB 3.1 has a couple vulnerabilities that allow for admin password hash retrieval and full path disclosure.
7941c69e2c5585e3dd631051168d891a80082570eee9864842499d58fad048a2
Gentoo Linux Security Advisory GLSA 200412-04 - Some Perl modules create temporary files in world-writable directories with predictable names. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a Perl script is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.
58dc346cebba1a2a78b4111b013564b50ef1c6b714365306ca04861eebb37fe4
The Internet Explorer web browser fails to properly filter FTP requests to disallow for local command execution. Versions 6.0.2800.1106 and newer are affected.
4204b344fb38bcaef3992deef8a2e2dfdde1c0bcea3959ff10fdd4b8ef94226b
Mandrake Linux Security Update Advisory - SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the SIGPIPE signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely.
d6ee8ca8fd5762c70e690ea33f4421867002ac1714835bcf445645c863e83597
Adobe Version Cue, which is setuid root on Mac OS X, allows for local compromise due to using an insecure PATH. Exploitation included.
3cb6be383e69be45d1602b5139833f64a9bcd6c1d8c6d04d8f4ad443c2c3663f
Absinthe is a gui-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. This is the same tool that was released as SQueaL at Defcon 12 and Blackhat USA 2004.
8f146cfecd14c0ce57b34a33e8ce1df5d91feebb3e8bd19a345e66b239bc9df6
Gentoo Linux Security Advisory GLSA 200412-03 - Multiple overflows have been found in the imlib library image decoding routines, potentially allowing execution of arbitrary code.
cf7dd292c03cbd4694963feaa806c0bbd50164f52c1459c5700ea6afb538843b
Secunia Security Advisory - A security issue has been reported in NetMail, which can be exploited by malicious people to access the mail store.
74cc1789e97e49ec400f70acdf3bb5d142701d99cf2c5d06cdcaded4ee4f3933
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in Ansel, which can be exploited by malicious people to conduct SQL injection and script insertion attacks. The vulnerabilities have been confirmed on version 2.1. Prior versions may also be affected.
cf385a230867243ab9d0cc926c40bc54c67b91a352c21e0fc5e9c06f6860d4f0