Website Baker versions 2.6.0 and below suffer from SQL injection, login bypass, and remote code execution flaws. Exploit included.
b49d9398dea8569ec129afc9974e4c07277a1adf4ab648aa0b2b10e4c0cf1866
Airscanner Mobile Security Advisory: Pocket Controller version 5.0 is susceptible to hard reset, data wipe, and denial of service conditions.
1a2768325a0f44d004051b7f5875697174f0732702bfa1d830781eb78b2d3352
iDEFENSE Security Advisory 12.07.05 - Remote exploitation of a design error in Dell Inc.'s TrueMobile 2300 Wireless Router may allow an attacker to reset the authentication credentials.
b501752da707b2ea3ae608527f64eea1f96a76373f3e08b2b90cf33f1d8703d1
KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code. Systems affected are KDE 3.2.0 up to and including KDE 3.5.0 and KOffice 1.3.0 up to and including KOffice 1.4.2.
0cee893dafaf137d0d32568c4d2e63ba6261d97c0a2ff9d758266004c900237b
Gentoo Linux Security Advisory GLSA 200512-02 - Jack Louis discovered that the Webmin and Usermin miniserv.pl web server component is vulnerable to a Perl format string vulnerability. Login with the supplied username is logged via the Perl syslog facility in an unsafe manner. Versions less than 1.250 are affected.
ed5d825e7e8d12391f3c6b46803fa0bcaa2bbda2a4b5ada49efebd88c0517c14
Gentoo Linux Security Advisory GLSA 200512-01 - Jack Louis discovered a new way to exploit format string errors in Perl that could lead to the execution of arbitrary code. This is performed by causing an integer wrap overflow in the efix variable inside the function Perl_sv_vcatpvfn. The proposed fix closes that specific exploitation vector to mitigate the risk of format string programming errors in Perl. This fix does not remove the need to fix such errors in Perl code. Versions less than 5.8.7-r3 are affected.
f1e9a9af29c00af8bdbbf1c700ed8a5008c8809ce4d5a3fd61ca3357ab331f11
eNvolution, the fork of PostNuke, is susceptible to cross site scripting and SQL injection attacks.
865c68bd2e1d4c7b91f6db4fb634ae6b79e22185ec0f60cfad95bdde189f228f
ToendaCMS version 0.6.2.1 is susceptible to cross site scripting attacks.
8f07ad79529cd8415eb4969dee95f03753f42d5c0e8c648f163a57ae4668e4c8
Nodez version 4.6.1.1 is susceptible to multiple cross site scripting flaws.
291282274ca509c8c0f638d02f1712db7f423e1ce1af2c974796bff6dc2c3ea4
FlatCMS version 1.01 is susceptible to multiple cross site scripting flaws.
7b8f8bdcc7e2731c49b3096d3f99ac914f0836d360b46fccd53014f27c4c9975
TML CMS version 0.5 is susceptible to cross site scripting and SQL injection attacks.
0bd8e18d3c0aa50a112ed3e2c08e9c7476f19e8955c80add7a02ff13937ff99e
HP Security Bulletin - A potential security vulnerability has been discovered with HP-UX running IPSec. The vulnerability could be exploited to allow remote unauthorized access.
187d53d66f988887b54f5d8c850e765507d4ea790dc30fe221b718a101d883cb
SimpleBBS versions 1.1 and below remote command execution exploit.
7803041c087492f87adf6167d27ddee161f5b1f9f28bff149d9e7396b9721a17
ThWboard version 3 beta 2.8 is susceptible to HTML injection, cross site scripting, and SQL injection attacks. Details provided.
b6748f11eab63ffe76a6f2b734fd18a8b4a579dc4eeca78ae82b52b960a64150
Appfluent Database IDS version 2.0 suffers from an environment variable overflow that can be manipulated using sudo as an attack vector. Exploit provided.
27bbf57c930750edaa25ffa94bf598ee98a2503f8cb18f967e8422de7d3533a2
SugarSuite Open Source versions 4.0beta and below suffer from remote code execution and file inclusion flaws. Exploit provided.
ebc5a4123b1fbce281924c7e04a5037ab9070017bd8aceeb7663198ae7f16620
Checkpoint SecureClient NGX Security Policy can be easily disabled.
35f23d488b30efd1dce89d0af4b51371e1f2752103ed34866c152ab9ec77b113
Hardened-PHP Project Security Advisory - A quick audit of the variable overwrite protection that was redesigned for phpMyAdmin 2.7.0 revealed an easy to exploit flaw, that leads to total failure of the protection and therefore opens phpMyAdmin to a number of cross site scripting, local and remote file inclusion vulnerabilities.
ca28a2f1c10173da470818fb65d58d6fb8575353776199c4b7a672067438225b
Debian Security Advisory DSA 916-1 - Several vulnerabilities have been discovered in Inkscape, a vector-based drawing program. Joxean Koret discovered a buffer overflow in the SVG parsing routines that can lead to the execution of arbitrary code. Javier Fernandez-Sanguino Pena noticed that the ps2epsi extension shell script uses a hardcoded temporary file making it vulnerable to symlink attacks.
38273c7b5d3c2d0deb14c0e5d98b4a70c307ff98657d2510c45f19fd1d6c8b6a
Hardened-PHP Project Security Advisory - During a quick scan of the URL parsing code within libcurl, it was discovered, that certain malformed URLs trigger an off-by-one(two) buffer overflow. This may lead to unintended arbitrary code execution. Versions 7.15.0 and below are affected.
f3403ec96218c1351bad8de9b0d4762183c5b2ed2469234ad0cca93122636401
C89 implementation of the Vignere cipher compiled and tested on Windows XP, Windows 2000 and FreeBSD 4.11
dfc16eba9f66d1a3bb503120747fe225fc107f0b593f0856ba0845880c5c0eb9
DRZES HMS is susceptible to cross site scripting and SQL injection vulnerabilities.
bcdb5ac100a453d27c725347e333b7fd8eaf2d7bd0d903786aba6e7c6d30306b