RedTeam found a remote command injection flaw in Pico Server (pServ) versions 3.2 and below that allows a remote attacker to issue arbitrary commands on the server.
7276f89acf774ddf2846c91eab14971935e3c12a80ff51ad8e71c1d7c0f2e254
DotNetNuke versions below 3.0.12 suffer from multiple cross site scripting flaws.
c2cd718a3f563a4496cb58b9ce3ec07339462cd89d63d0b53d80e0a555d3b950
GUImd5 was written as a quick and easy way to compute and/or verify MD5 checksums from a nice Windows based GUI. While there are plenty of other tools that do this, GUImd5 is one of the easiest to use.
3397878fe915045a179296e57c048bb3c25d09f56a71faa9c630e9419607593c
Mail Protect was written as a quick and easy way to add an anti-spam version of an email address to web pages. It supports iso 8859 encoding of characters and JavaScript as a means of thwarting automated email harvesting while leaving the email address usable by any modern web browser.
3fb27871a53852f65667e36208e040fdbdc98481c4b301caad4368f72de39941
The Windows Forensic Toolchest (WFT) was written to provide an automated incident response [or even an audit] on a Windows system while collecting security-relevant information from the system. WFT is essentially a forensically enhanced batch processing shell capable of running other security tools and producing HTML based reports in a forensically sound manner.
6813e639f5c3bedb2cf043df9ed01affe042b3c9e8ba04981f48a3c42ad9272f
Woltlab Burning Board versions 2.x and below suffer from SQL injection flaws.
8aaa17b35fe9b9eb7bc37e0e67686aa8655bea20e33ffaf7572daeb02521c7f1
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well. This is the current development version which offers significant performance improvements over the 1.6 release, but no documentation and charset files are provided, and more testing is needed. NOTE: this is the Win32 port from info-sec.ca.
385d38247be41fc9d8c5a636aca8f5b089fb3507bea021889eb4d1fd3606cb35
Gurgens Guest Book 2.1 is susceptible to a password disclosure flaw.
270c2f618b71af60daf1bd5103cbefdb13b7cb682a7f5d2e92dee35be849013b
Ultimate Forum 1.0 is susceptible to a password disclosure flaw.
b4f4f9360a782faa7ccb62149f905a482be9121ee8c960f2f4d0c75d27681aea
Skull-Splitter's Guestbook is susceptible to cross site scripting and html injection flaws.
e4e944abf33ce3ba476a877fdaf09c16b7590b9c9df6ffa733262ddad7bc45c8
PHPMyChat 0.14.5 is susceptible to cross site scripting.
c3143632d44c3ef2b26e19b88b18023aebd892316c4f77ee94098669a9f45a4c