Mistress in an 'Application Sadism Environment' and can also be called a fuzzer. It is written in Python and was created for probing file formats on the fly and protocols with malformed data, based on pre-defined patterns. It is recommended that the project site be visited for further documentation and use cases.
8f1644949d6e28abd23dcd7e39f1895f3db11b73a3c7f690dd3821b1bf423415
PerlBlog versions 1.09b, 1.09, and 1.08 have been discovered as being susceptible to arbitrary file creation, directory traversal, and cross site scripting flaws. Exploit details provided.
72ed92e21a0f91bb5af613c13b654c8efae4c552a39aac79386469c49866df5b
DirectContact version 0.3b is susceptible to a classic directory traversal attack.
34922012bb4c31ade3163c42cd6ddfec78315b1faa3a02f8841fd373069632e5
PixelArtKingdom TopSites version 0.x is susceptible to remote command execution.
e8b456151b2369ba09b7281f5492fa0c27ff67140c46a38addfe3977a382bc19
Debian Security Advisory DSA 982-1 - Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in gpdf, the Portable Document Format (PDF) viewer with Gtk bindings.
ecd04898dd71c08f61d72c31e004846a9a592b7c8cd180724889713453b5eb88
Secunia Research has discovered a vulnerability in ArGoSoft Mail Server Pro, which can be exploited by malicious people to conduct script insertion attacks. ArGoSoft Mail Server Pro version 1.8.8.5 is affected. Earlier versions may also be affected.
455394478eab464bfee5faea35ff3a9da617d60b91b89c9b5632c2ba4fcde5f7
Wifitap is a proof of concept for communication over WiFi networks using traffic injection. It basically allows one to communicate over an open or WEP 802.11 network without being associated, thus bypassing any AP side restriction such as MAC address filtering or station isolation.
ba64f56e98f411583e3330a8e61ee4778678003e2ddf9723138ea6467b0653bb
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
6801eb0df55196e2c4807af09568ef5b684d59350473784830e74869c32e861a
Ubuntu Security Notice USN-258-1 - Akio Ishida discovered that the SET SESSION AUTHORIZATION command did not properly verify the validity of its argument. An authenticated PostgreSQL user could exploit this to crash the server.
57873ab7e9b478058d4c6aca095ab68a34bec2d9b3a33db4203726210b27371b
SquirrelMail versions 1.4.5 and below suffer from an IMAP injection flaw. Versions 1.2.7 and below suffer from a SMTP injection flaw. Details provided.
14cc0b04e833bc5ee62ab6fe916d63fc4a302e2b75777de081e7a43462ff2d3f
Linux /bin/sh 68 byte shellcode.
727886c14674a5ae03305d4c8c892b63383ba08ebaa572f4c99650eb00adf801
CGI Calendar version 2.7 is susceptible to cross site scripting attacks.
3402e18974a01457ecd614d70c7c1c223bfea1a5e76ee4a485091b540dcff0ba
D3Jeeb Pro 3 is susceptible to multiple SQL injection attacks.
7cd43cd2c0678f9c77a386f75f71e594fca7936f57dfefbcfd009a77c4c089f2
Fantastic News version 2.1.1 is susceptible to multiple SQL injection attacks.
6707cf4bf5c2ba3e4bf1ee1d8ed83e06a68668df00faace1cdaf9b15546e4fc6
ArGoSoft FTP server versions 1.4.3.5 and below remote denial of service exploit.
37840dc5e7614f6dacb3b057a5b527ff414a8f2e14adad675f4f68481ade620c
bttlxeForum version 2.x is susceptible to cross site scripting attacks.
9e24d3a0d1ad1855b159b0e1444523e64bb18a2d60009d402bcb4db6bd617053
phpRPC versions 0.7 and below suffer from a remote code execution flaw.
2cc289b5a0eae7208104836c1d8e959923fbaa86da1ac47f8b9d19538d5d159c
Gentoo Linux Security Advisory GLSA 200602-14 - Javier Fernandez-Sanguino has discovered that the lib/toascii.nw and shell/roff.mm scripts insecurely create temporary files with predictable filenames. Versions less than 2.9-r5 are affected.
f46989656ef293f2ca91f08034d55098c0c3d69853cdd3187ac29a52a8eb3e8f
Gentoo Linux Security Advisory GLSA 200602-13 - The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of %-escaped sequences in filenames passed to the function is inadequate in ImageMagick GLSA 200602-06 and the same vulnerability exists in GraphicsMagick. Versions less than 1.1.7 are affected.
11ad5ff113fd8c5cfb97d5483b8cd2e97068161e9ed96cbbc75acba015d7cafc
Quirex versions 2.0 and below suffer from an arbitrary file disclosure vulnerability.
745945ff8b2e17ebefc0ad107dc6634c129580f50bcc5661a7db44bd9ed11fca
Archangel Weblog version 0.90.02 is susceptible administrator authentication bypass and remote file inclusion flaws.
ba2edc1bffcb38f03d488ab68d47e753aaf0cf1301a1eb4685b54f633cdba663
The Thomson SpeedTouch 500 series modem is susceptible to cross site scripting attacks.
37a9a8a8e2c68208a87c0184eb240279c5d337c9fb2a7826f1d68f6ec54ff34c
The Netgear WG602 wireless router contains a default administrative account.
e7c1364173223fd99edfa42f7091a92a0cc16cd779ffe3e2a28aa0d09eaf1683
MySQL versions 5.0.18 and below suffer from a query logging bypass flaw.
7e1967516440d73fa1a3f10d68c0811102cd228516f451ad259cb74d246b3c24
Mail Transport System Professional is susceptible to an open relay vulnerability.
f1849261532e58795eb1d382872e14eb93fc6f2991ce37d09c315d9b1b15025b