Postnuke versions 0.760RC3 and below suffer from cross site scripting and path disclosure flaws.
66ddf9e4e255853e95f73457bdca13fd14f34ad15d3055d1961499c6d00b4af7
Proof of concept exploit that demonstrates how TCP does not adequately validate segments before updating the timestamp value.
32005b241d79383d20bcfb944afee8bab4677fb4534d2d5550992df217b24ad6
Microsoft ASP.NET Web Services have an unhandled exception that leads to file system disclosure and SQL injection attacks.
236c5cf9bbf6b70888b54d9a9318d4f0f4cfc9764531136f0d161c981e0f7f8c
Postnuke versions 0.750 and below suffer from SQL injection flaws.
8fc3d61af2f62298fa9053aa283fdf4a3d664c16d3dc97510075482c7e0df365
picasm versions 1.12b and below suffer from a stack overflow. Exploit included.
4e2bb0c1435036569704215e743f9a5af4217a7e08548fa30a74bdd2bb04b027
Wordpress versions 1.5 and below suffer from SQL injection and cross site scripting flaws.
c78936df310c89823fe91245ff652966933770cd26a7521e811a517d78570e18
TOPo 2.2 is susceptible to various cross site scripting attacks.
b531d44a617f4f2b75630324ec8316af9de83507ea117031096a99c978abc086
A Unicode buffer overflow exists in the handling of .mcw files in Microsoft Word.
bd6af65a00560736f607e17816c217de9f27ad59f1769adbd5fa1f8de4ff8e02
phpATM 1.21 suffers from a remote file inclusion flaw.
0e5b62872d146f7735ef089e111df85eab8030fbbedda417cc73816366d8c88c
Debian Security Advisory DSA 725-1 - Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.
01dafcc1bc58909222ef4156137e400a52a279ca84e2d0c3ed11f3cd0a056652
D-Link DSL routers suffer from an authentication bypass flaw.
01030e48e04783c5d62e6e5be6312ae735d07e23c4c8fdc75e726bbb3a6acd8d
Exploit for the race condition vulnerability in /usr/bin/bellmail on AIX5.
4bf7ab1c7a83ef8fe6b1d6028574b0f88be711065ea4b137070453d9063d0a2c
Whitepaper describing how to write buffer overflow exploits with any programming language.
acf42802dedaaa4bd1e2e3e4b81dbcd23bda2924cb38e0fb35d6be28d1fed55a
The Apple OSX 10.4 Dashboard widgets allow system commands to be executed, which is normally not considered a vulnerability in itself as they run with the user's permissions. If the user has recently authenticated to perform a super-user function, however, Dashboard widgets can hijack these credentials by calling the system's built-in sudo command and execute arbitrary functions with full administrative privileges.
a50c6951f75d23dfbeceb299ee744c63c29ccd29bc3eed02301998c3ff432d0d
Successful exploitation of Novell ZENworks allows attackers unauthorized control of related data and privileges on the machine and network.
675bd95a6c61ec70ddbfeed484b02dfcfb969f70e96bb8ec044f07d61ce04d33
Debian Security Advisory DSA 724-1 - Maksymilian Arciemowicz discoverd several cross site scripting issues in phpsysinfo, a PHP based host information application.
65767afbf78d91bb37e2f35693b18b7120ff31d2ee8fe26cc12bd5542b8611c3
Pandora is a distributed system to monitor processes, performance, status, application or operating parameters of almost any system (AIX, Solaris, Linux, Windows, BSD and Nokia's IPSO). It has a decentralized management system, based in flexible user profiles, that allows generation of graphical reports, defined alarms, and a full incident management system to operate a 24x7 monitoring team.
035d150cdeb3f1c623a7848c5399880684faabe349452205a7b3ae0b0da6ae11
Help Center Live is susceptible to cross site scripting, SQL injection, and various other flaws.
5f34a97325fe4b78d932896ad144aa6ff6ce89819cd0a4ca9d8b68fe0a103712
MySQL contains a security flaw that can allow a local attacker the ability to commit SQL injection attacks.
a6162c7a6873c2af86c56725d216d20b2735c99db4b74692c0a079b627ea6131
White paper called Domain Footprint for Web Applications and Web Services.
334c5dacdca8cb229f4e6fcd4408159edff35ea5eb82f949449c0fe623215485
Two locally exploitable flaws have been found in the Linux rawdevice and pktcdvd block device ioctl handler that allows local users to gain root privileges and also execute arbitrary code at kernel privilege level. Proof of concept denial of service exploit included.
33b39531a43d55f0dc418fb73ffc620a6d8cc85f7b867a90fcb937881c9999ba
Technical Cyber Security Alert TA05-136A - Apple has released Security Update 2005-005 to address multiple vulnerabilities affecting Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities addressed by the update include disclosure of information and denial of service.
d3edf956afdc27eebd1ae3de94c8634a013a3e81aae7f454ddf34b6c3db5ec00
JGS-Portal versions 3.0.2 and below suffer from a ton of SQL injection, cross site scripting, and path disclosure vulnerabilities.
6718c9099a40c76b119be71f090ef240b44e8104c7f73f94d30a5525724a96c5
RedTeam found a information disclosure vulnerability in Pico Server (pServ) which results in a local user reading all files on the server with pServ's permissions. Versions 3.2 and below are susceptible.
f95c57741fe0234a42b40fb3fded920f5c8e99258cac8f0a9b18f8db9085cf63
RedTeam found a information disclosure vulnerability in Pico Server (pServ) which gives an attacker the ability to read all files from cgi-bin. Versions 3.2 and below are susceptible.
0b3132bc22e7a126e31b2d42efcd4ba13fee494df56a60e3b7670b757d4bc289