Mozilla, Firefox, and Opera appear to allow access to the content from one frame from another, allowing for disclosure of the local directory structure. Tested versions include Firefox 1.0, Mozilla 1.7, and Opera 7.51 through 7.54.
0a0393dbbab84fc2cd6e30254f4fb3548969fc925b9176a7777b5533c92e4d2a
Exaprobe Security Advisory - The w3who.dll in Windows 2000 is susceptible to multiple cross site scripting attacks and a buffer overflow.
8ece849689003d2f57457e84d45b0e4e644b9bb92da86652b968cbe2ed278a03
Debian Security Advisory 605-1 - Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honored enough.
e1113dfaa9f8a3711d839647dfc8dce5504937d8589a4e299b1a42b85d251260
Remote Execute version 2.30 is susceptible to denial of service after receiving seven connections.
49ee6e5ceb0bc99d32ba6587548c39a6ffe58de8d31d3b37d1503dc17b3dea83
Hosting Controller web automation tools suffer from a lack of input validation, allowing any remote attacker the ability to browse the hard drive. Versions 6.1 and below are susceptible.
c0d107347bcf5ec5394845d3530fb7786cbe47b5f0829639f87d951f3a4d4d14
The Konqueror web browser fails to properly filter FTP requests to disallow for local command execution. Versions 3.3.1 and newer are affected.
7f77bd00ca2b228448b93ab3f8771df0a2ca1907aa31108cc3cb5080cd5e42e7
Gentoo Linux Security Advisory GLSA 200412-02 - PDFlib is vulnerable to multiple overflows, which can potentially lead to the execution of arbitrary code.
ce5aba7a88d95b1ba5547120cd22dd568152353632e25d5f814c5825d326bb38
iDEFENSE Security Advisory 12.03.2004 - Remote exploitation of an input validation vulnerability in Apple Computer Inc.'s Darwin Streaming Server allows attackers to cause a denial of service condition. The vulnerability specifically occurs due to insufficient sanity checking on arguments to DESCRIBE requests.
fd4e9485e21ca1fc86ddcb0713b7e139129b4be0e8e4ab6a1a5a995d932c8777
Secunia Security Advisory - A security issue has been reported in IBM WebSphere Commerce, which potentially may disclose customer information. The problem reportedly exists if store views update the database or directly invoke commands that perform the database update, which may result in customer information being stored under the default user. The security issue has been reported in versions 5.1, 5.4, 5.5, and 5.6.
205b1263a5954aa82c0f119b39d2337cf00c243b3feb4b11c7b67f9bbfb595f8
WoolChat IRC client is susceptible to a buffer overflow when a DCC send query is sent with more than 260 bytes.
a6d1f6823641006525e6c0878dfea4547cacc36a01aca5c25c1b55a0cb0a6157
Secunia Security Advisory - A vulnerability has been reported in AIX, which can be exploited by malicious, local users to inject arbitrary data into the ODM (Object Data Manager) or cause a vulnerable system to hang during boot. The vulnerability is caused due to an unspecified error within the system startup scripts. The vulnerability affects versions 5.1, 5.2, and 5.3.
71d6bcd63f75730eca45361ee07cb655ee630f50747147c4b9f8048f09dfb4f0
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
b993059e3d7a30e4aad74f2c951652b7892040587b3399b36afe64e5a3916f9b
YAVR, or Yet Another antiVirus Recipe, is a procmail recipe that helps filter out many of the common e-mail worms and viruses.
7e6984fccde306c2f649f0627392e68c07a024c68890ca592cab12d581e626a8
Secunia Security Advisory - A vulnerability has been reported in Jakarta Lucene, which can be exploited by malicious people to conduct cross-site scripting attacks.
eec561db753d6c2d9acf8ad2b39d00f8e8d21f9362d8d034b0f5f0ff5fa12ba6
AIRT (Advanced incident response tool) is a set of incident response assistance tools for Linux. Tools allow you to look for hidden modules, processes, and ports. Additionally, two tools will dump and analyze hidden modules.
ed1fa893e032cfcfddf136f0d364fd8b082fa2baf0a415d57f50997a57cfece6
Debian Security Advisory 604-1 - infamous41md discovered a buffer overflow condition in hpsockd, the socks server written at Hewlett-Packard. An exploit could cause the program to crash or may have worse effect.
490c2704074528bfb746fdcbb2b9760154b1f983724b93ef34d05d8dfaec80c8
Kreed versions 1.05 and below suffer from format string error, denial of service, and server freeze flaws.
6d87cdd229726295598ba1f4ef4eeeedf85338e5929e4c471be31f028aee14de
Remote exploit for Kreed versions 1.05 and below that suffer from format string error, denial of service, and server freeze flaws.
2c1ad57a838694f28a0578b571f486e9794175f13eab0b0421ad03831649f766
A cross site scripting bug is in Advanced Guestbook 2.3.1.
dce7d0ea6dd8de19f262940b639f0c5ae75e447674cc4343a08a0910123ede20
Cisco Security Advisory - The Cisco CNS Network Registrar Domain Name Service /Dynamic Host Configuration Protocol (DNS/DHCP) server for the Windows Server platforms is vulnerable to a Denial of Service attack when a certain crafted packet sequence is directed to the server.
af3e6e4f9babe8629e6c98c73cac56bd6f3e68096111d92b416e44a984d29baa
Blogtorrent, a collection of PHP scripts written to be used in conjunction with bittorrent, fails to properly sanitize input on a variable allowing for directory traversal attacks.
017a5d79b29f33ef76f8e8cedacca83517d4d984176356c304f2dad74ce4e2e2
Although rssh and scponly were designed to limit the use of a shell on a remote host, various underlying programs that they are allowed to use may allow for arbitrary command execution.
221d90a3802c19d25ff31131746e485e622f1afce6b8ffef9f1934ead0f4784b
Secunia Security Advisory - A vulnerability has been reported in Big Medium, which potentially can be exploited by malicious users to compromise a vulnerable system.
9955ecec6f14e2354a1ab4159f6e3f4d524f4c24852fce0d1b7b3ca326b1161e
Secunia Security Advisory - Stefan Esser has reported a vulnerability in Serendipity, which can be exploited by malicious people to conduct cross-site scripting attacks.
2683c861d08a6a432958e3a04ddf5bf49287e97385703c0fab011d10cad6276a
FreeBSD Security Advisory FreeBSD-SA-04:17.procfs - The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process' argument vector from the process address space. During this operation, a pointer was dereferenced directly without the necessary validation steps being performed.
9172f91c6b027b6f7c743ba70a7c8f2026e861b105f1b6f5125ce2249481c20b