Secunia Research has discovered a vulnerability in IZArc versions 3.5 beta 3, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.
4d335da133db14bfdc46d66904276a34bbd6e869dd49fd3500636e0bfc58cce1
Secunia Research has discovered a vulnerability in Eazel version 1.0, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in ztvunacev2.dll (UNACEV2.DLL) when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.
6e456760da60d76c4f1ce8d66aef6fa2a1e5bf87c7d8f535aa769d262c1a5584
ow.asp in OpenWiki version 0.78 is susceptible to cross site scripting.
b162a9916f44ca291b9578d8fbd14a2d8df097fd956581be4f020ddff8d03321
Quezza BB versions 1.0 and below suffer from a file inclusion vulnerability.
5e95cc622ccd82fa42ce27440624ba99379e09cb0184b3fbf5d001c3fe5930c8
Boastmachine version 3.1 is susceptible to cross site scripting attacks.
246d5ae2429ee19ff2ff6b0019e1863cda7e63cd927aaa193249a8a5e99da715
DeluxeBB versions 1.06 and below attachment momd_mime exploit.
3f6d4e625dbc29d6156fea701b7208e0f13fd96d3e0bf7aeea56f486323eb740
PHP-Fusion versions 6.00.306 and below "srch_where" SQL injection and administrative credential disclosure exploit.
0297d54fa03c13c829d97e23b9597e0a37532a05248e616af080ce1513ebd33f
Rapid7 Security Advisory - The Caucho Resin web application server for Windows contains a directory traversal vulnerability that allows remote unauthenticated users to download any file from the system. It is possible to download files from any drive on the system. Versions 3.0.18 and 3.0.17 for Windows are vulnerable.
036753be0009b340c6c34e30fe2e5d09b38d1425a2b47a6dd6cf1d7cfbc3352d
ScanAlert Security Advisory - Caucho Resin versions 3.0.17 and 3.0.18 suffer from arbitrary file access and information disclosure vulnerabilities.
50f7b2639fa218567771d09c602263b7347f86854398843e9e649c2a91b6e27b
SAP Web Application Server versions 7.00 and below suffer from a URL manipulation flaw that can allow for cross site scripting.
57b712925cbe4ffea02d0e4e6ff792dbdfd2303a794f6be17bbc80eb6b9fca5f
A code injection vulnerability exists in NewsPortal. Upgrading to 0.37 fixes this flaw.
51dc033133e461b6d8fa03e2fd0cd31c8649f9e626213d40d6cfb5ce3311b46b
IceWarp is susceptible to cross site scripting attacks via the PHPSESSID variable.
1bb341fa52e57e2264f9b7ac098e7c7859cf19f059b9ded04d722cbe4b17385d
Sphider is susceptible to multiple cross site scripting vulnerabilities.
a020c7da8614ed349f91e4c9ea735b80d96f46ce0c5d9de4a0eb2a3344248f9e
PhpRemoteView is susceptible to multiple cross site scripting vulnerabilities.
d2676bdee55836a099078a42099d77db442df5682e9eb7fb691e2de18e8771a9
The tinyurlfucker utility encodes data in base64 chunks and lets it get moved using tinyurl.com as a transit.
417c1144e33a7bc2fd8d53e3fc3c3cc384535f3bf52b3cc8d1da70c772a4cc44
A vulnerability has been found in FrontRange's iHeat product that allows users to gain access to the host machine through a logged on session or execute arbitrary code while using the active-x version of the product.
f49d0f1f9f5f56aa0a0ccd7fe56a2b3ef033e198e7b26a0dc427f85b4afc3bbf
Small tutorial on PHP injection and utilizing it to compromise systems.
d4797768252bf12c3d2ffb8b444f6dafec0dbf84436a35a8f727c946f7555bc3
ezUserManager versions 1.6 and below suffer from a remote file inclusion vulnerability.
283204428b9d04c844c621690daa6e8664c7c75f0254da343e23d718c9bdd343
YapBB versions 1.2 Beta2 and below suffer from a SQL injection vulnerability in find.php.
5eeae5ea0080765acf856d6b9d5cbad74da3bd9026ee1a9ce5d89c96e6592489
DeluxeBB version 1.06 remote SQL injection exploit.
3f6d4e625dbc29d6156fea701b7208e0f13fd96d3e0bf7aeea56f486323eb740
orkut.com is susceptible to a cross site scripting attack via search.aspx.
b63922dbfc99e2b670d977f83e607820c1dedc38be8a4ed673fa8e9b8936fccf
Confixx versions 3.1.2 and below suffer from a cross site scripting flaw.
d63a099eef6b40b50881322547c4e55e3bd65b0c483ae03a46c805cbedd4d8e3
Secunia Research has discovered a vulnerability in Abakt, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when listing the contents of a ZIP archive. This can be exploited to cause a stack-based buffer overflow when a malicious ZIP archive containing a file with an overly long filename is opened. Versions 0.9.2 and 0.9.3-beta1 are affected.
67471673445159616ecc2805692c08221a6e6eceb4b399e199f2b6db8e227996
arpalert uses ARP address monitoring to help prevent unauthorized connections on the local network. If an illegal connection is detected, a program or script is launched, which could be used to send an alert message, for example.
ef0613fbb276eac0c84ac0ecb3c7b84612cf2f327cac76f2ec7e37d85cee5e1e
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit, and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
91ec08b9aeb2f869009b5b099f318c476f75942db64804eb50acde94696f4bf5