Limewire versions prior to 4.8.0 suffer from various flaws including arbitrary file access and directory traversal attacks.
cf618d50152470e5049b2ba8b0695b380dadbe6e6d82fb18e342c764068a5cbf
iDEFENSE Security Advisory 03.14.05 - A number of remotely exploitable input validation errors have been found to exist in MySQL MaxDB and SAP DB Web Agent products. The vulnerabilities specifically exist due to insufficient validation of user input data. Confirmed in MySQL MaxDB 7.5.00.
bb012a58556104491c7684151daf10e9ed06a657dbabacf52e44b7b4462e07d4
LuxMan 0.41-19.1 local root exploit that makes use of a buffer overflow.
7b01e49311df22b1e782ddfdbb2ef21a26bd6b3b31f09ee7f544b869544f4e19
LuxMan 0.41-19.1 is susceptible to local root compromise via a buffer overflow.
4ac2d3648cc96facc8f7e2051679d05fbc68b8bf148e46c72e5beaa33cdf2030
Debian Security Advisory 693-1 - Kevin Finisterre discovered a buffer overflow in luxman, an SVGA based PacMan clone, that could lead to the execution of arbitrary commands as root.
cf883efba0f7ce5dd4d559289660cf7cfdbbe52103ead10496dc4b14c3b50095
SUSE Security Announcement - The SUSE Security Team reviewed critical parts of the OpenSLP package, an open source implementation of the Service Location Protocol (SLP). SLP is used by Desktops to locate certain services such as printers and by servers to announce their services. During the audit, various buffer overflows and out of bounds memory access have been fixed which can be triggered by remote attackers by sending malformed SLP packets.
a946410e1d3014c46969700611e178a356dca9dae49b4377af3be0b68429768e
Debian Security Advisory 662-2 - Andrew Archibald discovered that the last update to squirrelmail which was intended to fix several problems caused a regression which got exposed when the user hits a session timeout.
30570cad6d9a79ce284b36f9cf85e7b18ef089817e6634baac61546c0fb4cb6e
Wine versions 2005021 and below are susceptible to an insecure /tmp file creation flaw.
86742930b5f70ab2a1840474db279a3dfdac3bd9bc514d58f39b9d20445df058
Ethereal 0.10.9 and below proof of concept remote root exploit that makes use of the CDMA2000 A11 protocol dissector stack overflow vulnerability.
1ceecb4270201dc750be03c55e86e81cd63d1db6a414c779fa45a09c5e791dd8
Platinum FTP versions 1.0.18 and below remote denial of service exploit.
662527f8a0a1c0feddfba34eac142cc791713fc7163d5cbb2f16e79dfa3f12d3
SilentDoor is a connectionless, PCAP-based backdoor for linux that uses packet sniffing to bypass netfilter. It sniffs for UDP packets on port 53, runs each packet against a decryption scheme, if the packet validates than it runs a command. Can be masked to look like any other process. Remote command utility included.
5665922f8fe8b1dcf7030bfcdecfbb8c13d27e49c02f353d0579071ed562011c
Denial of service exploit for the Active Webcam webserver version 5.5.
43af06f6b9989857961ddbede2f22668b1db4d7847fed577caa4911531fb3b13
PaBox version 2.0 is susceptible to cross site scripting attacks via a variable that gets user defined and later used in an IMG tag.
bb99e378a5bd7a4d9b7e12872dc2af16556ed81e670f86e6f4b5716d85941f76
phpBB versions 2.0.12 and below have a flaw that allows for access to the admin control panel without authorization.
b8a59235613e9e76d6729f2ba7f08567a2ed061dc3fc891e1d0c03668520b2fd
KYE: Tracking Bots. A whitepaper produced by the German Honeynet Project that looks at the individuals and organization that run botnets.
f118a200a641251f36a10be4332c0247a00981a9e41115b7deec042bb0badb38
Winblox is a User-mode WINAPI-level and open-source tool for controlling the behavior of applications running on Windows workstations.
b850313d2dbfbb30337ae7d5d686ca25b1e9fd33f445771d7cf1c56d3e2e0793
SimpGB from Boesch IT-Consulting is susceptible to a SQL injection attack.
6672398fc735ecec82ebea1c82d475162575c55186e262dba184eaabd0692406
Sentinel License Manager version 7.2.0.2 exploit that makes use of stack overflow in the License service on UDP 5093.
a4cfd3100347273b6ad016300dc53e6a5746d8d8ed1b576320b69ea69a4c4f3d
YaBB rc1 is susceptible to a cross site scripting flaw.
f933d516fdbbe1de8a2df8fba1ed5406fb6babe8894960bc9bd9e3bee0395763
Phorum versions 5.0.14 and below are susceptible to multiple cross site scripting bugs.
27877b750246ca31ff8d8fb14fd92cf6f6b17f67dd2d3a26b69a7ccc5040b9cc
hotforum.nl is susceptible to a cross site scripting attack.
2442cd6926c9e545b352426135cbfac899b678fad112e3f07428cdacddeae470
holaCMS version 1.4.9 is susceptible to a file inclusion vulnerability.
9fb8ad67a428efc80f61d1375b1b9a3a5058c9783a098af4c2070f1d1862b10e
Gentoo Linux Security Advisory GLSA 200503-17 - libexif contains a buffer overflow vulnerability in the EXIF tag validation code. When opening an image with a specially crafted EXIF tag, the lack of validation can cause applications linked to libexif to crash. Versions less than 0.5.12-r1 are affected.
691df561580146828ac178df14ef29fbc3fe6f08fcfc5e036bd29671e9b16a2b
paFileDB versions 3.1 and below are susceptible cross site scripting and SQL injection attacks.
9130b1811dc48ef25d6c8560d41c38e072c0e6bba4bafdf7f68cd85c9000ac5f
Summercon XVII Annual Conference on Computer Security call for papers. Summercon will be June 3-5, 2005 in Austin, Texas.
30e0f12b90ac1f67e00fdfc532ecc32d9a239880a40e09777e97a6dd38e98801