It is possible to remotely spoof the Microsoft Internet Information Server 5.0, 5.1 and 6.0 SERVER_NAME variable by doing a modified HTTP request. This allows for the revealing of sensitive ASP code through the IIS 500-100.asp error page.
9265062b769c12c9797d72a61a3d47995803db86c2d1079cb92eaf33f0bc6113
Traceroute and ping suffer from buffer overflows and a user spoofing vulnerability exists in Mac OS X versions up to 10.3.9 and 10.4.2.
ee042c25fc12d8e97cbd7e655a28d07129f44192331cb3d7682b49791c571b91
Proof of concept exploit for Elm versions 2.5.8 and below that makes use of a buffer overflow during the parsing of the Expires field.
7d429b07d470bef21a26afbf52a3adc8652582d94c91f0bcd8762925ec57fc01
Debian Security Advisory DSA 780-1 - A bug has been discovered in the font handling code in xpdf, which is also present in kpdf, the PDF viewer for KDE. A specially crafted PDF file could cause infinite resource consumption, in terms of both CPU and disk space.
ce6384e72221bfe424ed552304717cf159ac00f8e1405d6926e72bc9d892ac06
Nephp Publisher 3.04 is susceptible to a cross site scripting flaw.
1d081010ca3a84ead988217f1cca903619d59c9dc585ead46ae2ebeeb302d95f
Proof of concept information for a flaw in BBCode that works against vBulletin and phpBB.
94843d7ff0778e8c4170306b6848ce07f2ab594e70024f618f1bfa2e3c1ad680
Netquery 3.11 remote command execution proof of concept exploit.
ebbd45f6a4eb2be2c2e2cba30ff4b25caf26e00264de978fcd9a96b770df8427
The Web Wiz Forum software is susceptible to a cross site scripting flaw.
a1ff655dbb70889b76ebd5f5636abef9f1d93f4d88856f87d09225d8149e1840
Some small 31 byte shellcode.
0be833ffce21105355d8d9f357f70f0bfddba9ccce3dfd035700075afe211f00
SaveWebPortal 3.4 suffers from remote code execution, admin check bypass, remote file inclusion, and cross site scripting flaws. Full exploitation details provided.
b98042d8d7316b6509cb8bf9e5842312514a4a50080cc4f92a232919b0164f25
Debian Security Advisory DSA 779-1 - Several problems have been discovered in Mozilla Firefox, a lightweight web browser based on Mozilla.
509c3a848c567a6d3fa6ef5cceee0837f1aca869dc269e3704521d3917a85261
Woltlab Burning Board versions 2.3.3 and below suffer from SQL injection flaws in modcp.php.
882abd39c581ea18c1569c4b56b85424dda2014055c7bf18ae2d0d0014779c4e
Elm versions 2.5 PL5 through PL7 suffer from a remotely exploitable buffer overflow when parsing the Expires header of an e-mail message. Patch Included.
a0048706263ba22986c98fc1ac407ea2c9fe958fe2e09c38222c4cd1ea0a4505
Bugs Land Down Under version 800 is susceptible to multiple SQL injection and cross site scripting bugs.
6c75f1ae4a55a77ff9fe557ba2062a755752ffbc1d69f4df4e53e63b9988f661
MyBulletinBoard (MyBB) versions 1.00 RC1 through RC4 suffer from SQL injection flaws. Perl exploit included.
fe2fc9ea1a9d3ca26e36ececae8ea5a4828ff84288af709d8aa6c453755cdd16
Local exploitation of a buffer overflow vulnerability in WinAce 2.6.0.5 allows attackers to execute arbitrary code. Exploit included.
bdad9505e8ee75c208b54f83a3cc991e44dd27b94d4cdb241c613c9529979990
45 Byte /bin/sh sysenter Opcode Array Payload.
f97806cb20a9213227e7d015f8eaebd94a89db8e8add8024473fade051245bfd
End users can bypass the mandatory installation of the Cisco Clean Access Agent by changing the User-Agent string of their browser. This allows them to connect to the network without the host-based checks being run. If configured, remote checks are still run. Versions affected: This works in at least 3.5.3.1 and 3.5.4.
dfbfb8c209ba68e8a2cde2af75fd0af1b5df01de4618948be2c9d2437020a94b
Ubuntu Security Notice USN-170-1 - Serge Mister and Robert Zuccherato discovered a weakness of the symmetrical encryption algorithm of gnupg. When decrypting a message, gnupg uses a feature called 'quick scan'; this can quickly check whether the key that is used for decryption is (probably) the right one, so that wrong keys can be determined quickly without decrypting the whole message.
316285c5e7f8da83ca9ff2f4241d200e0ee398d878390031e94125fecbe5ba34
Debian Security Advisory DSA 778-1 - Two security related problems have been discovered in Mantis, a web-based bug tracking system. The bugs related to arbitrary HTML and SQL injection flaws.
66399fa36baef0dcd20bb6617eaab029be6ba7317c605800b6806bbc09cceee5
Secunia Research has discovered a vulnerability in various HAURI anti-virus products, which can be exploited by malicious people to write files to arbitrary directories. Affected versions: ViRobot Expert 4.0, ViRobot Advanced Server, ViRobot Linux Server 2.0, HAURI LiveCall.
54f7332ae5674ac7c9ad8cc8d1584cf53cec751854734aab799ee6e2323ba4e3
Gentoo Linux Security Advisory GLSA 200508-11 - A buffer overflow has been reported within a core application plug-in, which is part of Adobe Reader. Versions less than 7.0.1.1 are affected.
800cdc7844284ff08d581c460b2eb7a0d29fe49cbfecaface8aca3efbd6d6a37
Ubuntu Security Notice USN-169-1 - Ubuntu has released a kernel update for over a half dozen vulnerabilities in linux-source-2.6.10.
5cd2d578e4b7d2e227646dbfc111a595499f5221319dc24028ffa0c15ec23991
Gentoo Linux Security Advisory GLSA 200508-10 - Kismet is vulnerable to a heap overflow when handling pcap captures and to an integer underflow in the CDP protocol dissector. Versions less than 2005.08.1 are affected.
0e3fa2762fdbc60f882db944357ae0a917d405f887d5a1d29def503aefb9f148
Operator Shell (osh) 1.7-12 local root exploit. New version of an old exploit. This version has the shellcode trimmed down to 9 bytes thanks to Andrewg.
93c7051b9b8e5fc758a98373d2984054e773f1047fd7a891921e608d15228270