Almond Classifieds has a validation flaw that allows remote attacks to edit classifieds of other users.
c2ea57c499f9b5d4f1dfc11fed136b3d188aacf69abec3c897afadb9253456ba
ExoPHPDesk version 1.2 is susceptible to remote code execution attacks. Exploitation details provided.
0fe620751940edd520eb7465d4674eb9fc92ce0c1f7953ab546c197a9ae44898
DigSig kernel load module checks the signature of a binary before running it. It inserts digital signatures inside the ELF binary and verifies this signature before loading the binary. It is based on the Linux Security Module hooks (standard in main stream Linux kernel 2.5.66 and higher). Therefore, it improves the security of the system by avoiding a wide range of malicious binaries like viruses, worms, Trojan programs, and backdoors from running on the system.
71a9882698f37ed54e72a04fb21ecad41b68f381a335ddc601301d49c752b135
ZDI-05-003: Novell Netmail IMAPD suffers from buffer overflows. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netmail. Authentication is required to exploit this vulnerability. Affected Products: Novell Netmail 3.5.2.
a6c8579fcaac421e0684e535024d5416f00bfb87093bdcb05e5735e03d9dc6c9
setreuid shellcode for Sparc.
42591800e90683eb955c1c9063bf0c81608a3300cbb47bf07e83c59b0d6c3e75
Portbinding shellcode for Sparc.
82f4f156896f731a0acc2503673d75aa915445af4d59607f8244d69eb87717a9
A Mambo 0-day exploit is rumored to be circulating in the wild.
cddd67bbfed322c41fef067924a91b2f6ce69a0d53da19518439872f487591d5
"Snagging Security Tokens to Elevate Privileges" is a brief that details how a database server running as a low privileged user on Windows can still provide an attacker with the ability to gain elevated privileges on the network and suggests a change in security policy to mitigate the risk. As a side note, this affects all network servers that offer OS based authentication - not just database servers.
ddf0367b0ae123b501921160d18f52c089a3c85c8d21251937bf98c7eee6c567
Gentoo Linux Security Advisory GLSA 200511-15 - A vulnerability leading to unauthorized file access has been found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile will cause Smb4k to write the contents of these files to the target of the symlink, as Smb4k does not check for the existence of these files before writing to them. Versions less than 0.6.4 are affected.
641275e390b4dd2721852271e0bd97168fb9641590f315376eaf4e1a2e253cab
e-Quick Cart is susceptible to multiple cross site scripting and SQL injection flaws. Exploitation details provided.
c0917d9be89c6bc5d4582e3cd2501515dc90fef1c4bbd7dc0cd3d650bec70897
PHP-Fusion versions 6.00.206 and below suffer from SQL injection attacks.
5c759a854ef640ac086d20a4e6915f62b1f78fc833f667effd143990303e0ff0
Secunia Research has discovered some vulnerabilities in Mail Enable Professional/Enterprise, which can be exploited by malicious users to cause a DoS (Denial of Service) and to compromise a vulnerable system. Affected Software: MailEnable Professional version 1.6 with Hotfix MEIMAPS-UPD0511010000.zip applied. MailEnable Enterprise version 1.1 with Hotfix MEIMAPS-UPD0511010000.zip applied. Prior versions may also be affected.
a41e13f40a8136993edd20a8f6b3d9a6e59403bff26a194c137c66898da4cf47
Secunia Research has discovered some vulnerabilities in Winmail Server, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks, and overwrite arbitrary files. Affected Software: Winmail Server 4.2 (build 0824). Other versions may also be affected.
483903aafaf97c68ef194aea91ed9e74286d55d7bb3ddf39ea0d000823b9aeb5
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
144abbc7055b4f059404ac3e9a380f83138ffb714ba24dec2e674c9adf980287
RFC (Remote Filesystem Checker) is a set of scripts that aims to help system administrators run a filesystem checker (like tripwire, aide, etc.) from a master-node to several slave-nodes using ssh, scp, sudo, and few other common shell commands.
dbabd1edfd938cd01ffaa094c7698d70d516922009dc18072bbb7990956da8d8
Nixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source zip file.
e7c030ea1072f4f0f3960a7cb5495355fa653243b392ee43aea388fac5bd7b0d
Debian Security Advisory DSA 900-1 - Thomas Wolff discovered that the fetchmailconfig program which is provided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, creates the new configuration in an insecure fashion that can lead to leaking passwords for mail accounts to local users.
1fab93074bcf0d6c1ff84696b4f9e765f5d00b58003a806527e17411b3e97f72
iDEFENSE Security Advisory 11.17.05 - Remote exploitation of a directory transversal vulnerability in Qualcomm WorldMail IMAP Server allows attackers to read any email stored on the system. Exploitation details provided. Tested against Qualcomm Worldmail server version 3.0. Other versions may be vulnerable.
01a2547672aa0a6bf533fe4063a9e2b47e5039c817eda96685045473de319554
Debian Security Advisory DSA 899-1 - Several vulnerabilities have been discovered in egroupware, a web-based groupware suite.
ce5dc61b6ab7f174ffd0578f4d7b299207ee622bfdae9b8fd35c151559cf6fca
A vulnerability leading to unauthorized cancellation requests in WHM AutoPilot versions 2.5.20 and below has been discovered.
2ad2b040e6222ebcf0eab5e45ad775907734a840167b49cdfdcc6a95a13c1585
This Metasploit module exploits a buffer overflow in the W3C logging functionality of the MailEnable IMAPD service. Logging is not enabled by default and this exploit requires a valid username and password to exploit the flaw. MailEnable Professional version 1.6 and prior and MailEnable Enterprise version 1.1 and prior are affected.
7094ed083e302ef685862bc36e8a4e257722a626bc842428e2cb88d10634019d
This Metasploit module exploits a feature in the Saxon XSLT parser used by the Google Search Appliance. This feature allows for arbitrary java methods to be called. Google released a patch and advisory to their client base in August of 2005 (GA-2005-08-m). The target appliance must be able to connect back to your machine for this exploit to work.
82f85d75854b75afe8ab87082e0ea3e4d896a30bc0feaa556d1fd14f8dfcfc5e
Proof of concept exploit that generates a flash file able to produce a denial of service condition. Relates to Flash.ocx.
01789d31ef803e09d39f628f47de0dae1c6fc6b70fc2a37c64a85527961cbe23
FreeFTPd remote USER buffer overflow exploit for versions 1.0.8 and below.
8da2a5f3da96fa0cafbeead497312b5e06fcdbd17ce4badd50add24f1c732a7c
EKINboard version 1.0.3 suffers from SQL injection and remote command execution flaws. Exploit provided.
37aa21917625c66e3b965ff58b2a35944062c2cd2172cb40043662cf6e8ec5ae