The StuffIt and ZipMagic family of products are susceptible to directory traversal attacks when fed malicious ZIP or TAR files.
c215ce4b2050fda487a6104a94326d192aa07123f49c0b623e011bedb6bebc27
WinAce Archiver versions 2.6 and below are susceptible to a directory traversal attack when fed a malicious RAR or TAR file.
ac1620c545b765e381ee1711f9bad0b294b6f1193c8e749431f4df0125cbca8b
Archive_Zipr is susceptible to a directory traversal attack when fed a malicious ZIP file. Version 1.1 has been found vulnerable.
280500752b6fde37f790414e1ab015b3a73d55ec4a39e136d19dc4b299d57e9a
Guestext version 1.0 suffers from a remote command execution flaw. Exploitation details provided.
ad8e22d4bd67bd67d25b0053845cdf9707c8101d9110eb03b8f3bb75193c470b
NSA Group Advisory - The ArGoSoft Mail Server Pro version 1.8 IMAP server suffers from improper input validation when RENAME is being used.
a8fbb124c9cbf0c98d038f5736cffd5dd2d87b2abc163e54d36fede7fa42a809
NSA Group Advisory - The ArGoSoft Mail Server Pro version 1.8 POP server discloses system information to removed users.
30a01494f264c29a1bd6db824e48f1a8dd545e435b9fb0fdd9c5f0340f5e72d0
Crypt::CBC versions 2.16 and below suffer from a ciphertext weakness when using certain block algorithms.
f911e6164e240e4f4fde21d27cd692bd4c1b77cdb690b5af3dc882147bb16a64
NSA Group Advisory - The Bat version 3.60.07 is susceptible to a buffer overflow.
53f832a283f56cfbff68c6402cc8fabd33f8d209921d19e1231bd45409611b88
NSA Group Advisory - A flaw in CubeCart versions 3.0.0 through 3.0.6 allows for removed users to load arbitrary files onto the system.
f83ee850b2b7385929f1eb0a99c94cac82878316551fa19dba8e05c055910182
NSA Group Advisory - FCKeditor version 2.2 allows for arbitrary file creation.
69bf745a0c3c9d5868bc2f1cde167d0a63687d4a89274111f181bd786d8bcfcd
NSA Group Advisory - FCKeditor version 2.0 FC is susceptible to a directory creation and browsing flaw.
653ae1535de881d418e3377cdceec377cb1d45ffffa6063c368b3140da2fd503
Simple perl exploit that makes use of a flaw in VU Site Engine version 2.0 that allows for unauthenticated addition of administrative users.
751a8d15d2ce78414266b46272df811caa502e9ce0cffa142b10fdaf54664d81
HYSA-2006-003 h4cky0u.org Advisory 012 - Oi! Email Marketing version 3.0 is susceptible to SQL injection attacks.
687949ee71b86619f46edf41d2bb5753195131785008c76db7b75768dbbfaaea
Adobe Macromedia Shockwave is susceptible to a remote code execution flaw. This specific flaw exists within the ActiveX control with CLSID 166B1BCA-3F9C-11CF-8075-444553540000. Specifying large values for two specific parameters to this control results in an exploitable stack based buffer overflow. Due to the nature of this vulnerability, the target user is not required to have fully completed an installation of Shockwave to be vulnerable.
5cfaec539f1b7ff761308b0fdf9486321ec0325ee3f51ac51d4e9913b27e0688
Teca Diary PE version 1.0 is susceptible to SQL injection attacks. Exploitation details provided.
8eb6e205d3a2aacdf35639c2acb12f3308e47da9037f9c177e4824bd4fe395f7
Secunia Research has discovered a vulnerability in WinACE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when reading an overly large ARJ header block into a fixed-sized heap buffer. This can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code when a malicious ARJ archive is opened. WinACE version 2.60 is affected. Earlier versions may also be susceptible.
2bc58b470920ea0971ae09b25bd4b75948eee79271c3c6fe7f2cc91ae220dc28
All versions of DownloadingBirds software have been found susceptible to a remote file inclusion flaw.
fc848f3c2282cf6a5d322bfaa9d1bf6b5b65a5bb7cd9500996f571622639b05d
Ubuntu Security Notice USN-257-1 - Jim Meyering discovered that tar did not properly verify the validity of certain header fields in a GNU tar archive. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user.
f278b8de3efefa0e1abe7ac7bc7a1a3cdc508ea219eb209035d7748efdac5d67
Secunia Research has discovered a vulnerability in the Visnetic AntiVirus Plug-in for MailServer, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Visnetic AntiVirus Plug-in (DKAVUpSch.exe) not dropping its privileges before invoking other programs. This can be exploited to invoke arbitrary programs on the system with SYSTEM privileges. Versions affected are Visnetic AntiVirus Plug-in for MailServer 4.6.0.4 and 4.6.1.1.
e6abf29609df3b464f194c697b9d4dcf039a87ca86548e384289852d847d8cb8
NOCC Webmail versions 1.0 and below suffer from arbitrary local file inclusion, PHP injection, remote code execution, and cross site scripting flaws. Exploit included.
5cce9d8b726cfb32b227e81702d729501afb194318a8e97a65c6263f51a55d55
NSFOCUS Security Advisory - The NSFocus Security Team has discovered a buffer overflow vulnerability when Winamp processes .m3u files, which might cause Winamp to crash or even execute arbitrary code when a user loads a malicious .m3u file and plays it. Affected software includes Nullsoft Winamp version 5.12 and 5.13.
8dadda208c99cdc53be72be04a2cd2d0749f14f94461308a501d946622836140
When feeding zoo a specially crafted archive, an attacker may be able to trigger a stack overflow and seize control of the program.
9422982e39289d304e78eb097b387485df9810f1e7aa80c2b08a8bf23dce1d39
Mandriva Linux Security Advisory - Ulf Harnhammar discovered a buffer overflow vulnerability in the way that metamail handles certain mail messages. An attacker could create a carefully-crafted message that, when parsed via metamail, could execute arbitrary code with the privileges of the user running metamail.
66586910de893ad381f105ced19dbb725b10b417fed83d7b0ced7c14a5c1f7a3
www.rubronegro.net is susceptible to cross site scripting and SQL injection attacks.
af8a3cdb259c8c5ea4af85c6a1dfb576f9e27889fea8feb19f02be285b156d65
Technical Cyber Security Alert TA06-053A - A file type determination vulnerability in Apple Safari could allow a remote attacker to execute arbitrary commands on a vulnerable system.
e78af957993380eb8d34d7bed3c1bf745e97d177298bd9e1219a921d7c7c119e