aspWebLinks 2.0 Remote Admin Pass Change Exploit
448666752f4efb09310e53037604c704325e5182e968d400d394dbc1c5b3b122
Versions of Redaxo CMS less than or equal to 3.2 suffer from a remote file inclusion vulnerability.
6e831b5811d3790ead422a4348fd8253eea5e827311a20d3cd6196e28813aad9
Bytehoard 2.1 Epsilon/Delta suffers from a remote file inclusion vulnerability.
785ca1adc4cb287f5e4546e5c06bddc5de3f5ed137c5ff8deef53c884493a17a
PHP ManualMaker v1.0 suffers from XSS.
6fdad6c757aaea25e684d9b2a700e0c7a44870f16ab564f703a6f64c63003df5
Weblog Oggi v1.0 suffers from XSS.
a599fd6f47c01fe240ce74661b71b2e18005c694786730262816a7a8331cb171
simplemachines SMF versions 1.0.7 and prior plus 1.1rc2 and prior suffer from a IP spoofing vulnerability.
5b442e579745aa435c282326af3b60033b0f834ca98e46ace0c736a9a56e47d6
CAForum 1.0 suffers from a SQL injection vulnerability allowing anyone to log in as admin.
e299bd93dcd999f3b4614efb95c9da7092ad71335bf46dddb6f6c268d08ab47d
TAL RateMyPic v1.0 suffers from XSS in index.php
6761887e06cb1514b94dc439c74482333493865be7b6d563f3e43d349e8e89d1
Drupal security advisory DRUPAL-SA-2006-005: A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer.
19af6d2e9e201f9bae66069a24d63bb1936da2526fa2a043cf13cfa495353f27
Drupal security advisory DRUPAL-SA-2006-008: Bart Jansens reported that it is possible for a malicious user to insert and execute XSS into free tagging terms, due to lack of validation on output of the page title. The fix wraps the display of terms in check_plain().
b0584638f5b9adbb1149a2a0377ce9f140df6fe298f84e5f8c229862801bc629
Drupal security advisory DRUPAL-SA-2006-007: Recently, the Drupal security team was informed of a potential exploit that would allow untrusted code to be executed upon a successful request by a malicious user. If a dynamic script with multiple extensions such as file.php.pps or file.sh.txt is uploaded and then accessed from a web browser under certain common Apache configurations, it will cause the script inside to be executed. We deemed this exploit critical and released Drupal 4.6.7 and 4.7.1 six hours after the report was filed. The fix was to create a .htaccess file to remove all dynamic script handlers, such as PHP, from the "files" directory.
80255e976ff4dd047478820972ff5b573191bdf31f9141104f3845d0753acd3b
Drupal security advisory DRUPAL-SA-2006-006: Certain -- alas, typical -- configurations of Apache allow execution of carefully named arbitrary scripts in the files directory. Drupal now will attempt to automatically create a .htaccess file in your "files" directory to protect you.
912163027c6bb36941cf7da0ba234a074978f1fa7d6a9468b1006f98299d31b5
rPath Security Advisory: 2006-0091-1 Previous versions of the firefox browser and thunderbird mail user agent have multiple vulnerabilities, some of which allow remote servers to compromise user accounts. The firefox browser is the default browser on rPath Linux, and all users are strongly recommended to update firefox and thunderbird as soon as possible.
27bd7d8714b37e6a0e3d04f904095e130aa210389f06defad89fc008600a4f9b
VMware Security Advisory VMSA-2006-0002 - VMware Server sensitive information lifetime issue.
9416d428754ffc0b448019d32ca7dc292291475a2ce00dba7c1f89d1be10eda9
VMware Security Advisory VMSA-2006-0001: VMware ESX Server Cross Site Scripting issue
726f9d276952b2f62ad214bd01f6b5a9ad22236f887256e9dee21bdc2411de2e
Mandriva Linux Security Advisory MDKSA-2006-094: Evolution, as shipped in Mandriva Linux 2006.0, can crash displaying certain carefully crafted images, if the "Load images if sender is in address book" option in enabled in Edit | Preferences | Mail Preferences | HTML.
26abadc4e025c77cdff5319db48bcbdb3d3a0b397b42d9545ed0637a47806512
Mandriva Linux Security Advisory MDKSA-2006-094: Evolution, as shipped in Mandriva Linux 2006.0, can crash displaying certain carefully crafted images, if the "Load images if sender is in address book" option in enabled in Edit | Preferences | Mail Preferences | HTML.
26abadc4e025c77cdff5319db48bcbdb3d3a0b397b42d9545ed0637a47806512
Debian Security Advisory 1086-1: The xmcdconfig creates directories world-writeable allowing local users to fill the /usr and /var partition and hence cause a denial of service. This problem has been half-fixed since version 2.3-1.
6c651630037fb5a3d3e0c09a5a7566cd2e210e7396cd7553174d3d3cea923642
Debian Security Advisory 1085-1: Several vulnerabilities have been discovered in lynx, the popular text-mode WWW browser.
04757ea7b1bd42204648df0712cb6de2c2fe06c16478845a86ec741f644e3e74
Debian Security Advisory 1085-1: Several vulnerabilities have been discoverd in lynx, the popular text-mode WWW browser.
04757ea7b1bd42204648df0712cb6de2c2fe06c16478845a86ec741f644e3e74
National Cyber Alert System Technical Cyber Security Alert TA06-153A: Mozilla Products Contain Multiple Vulnerabilities.
4b7a351b592f163172aae4ced003fc3ab814494e58efb8c56b84a230ab6a9252
ishopcart.cgi suffers from a buffer overflow in the vGetPost() function. POC included.
f4b07660ad5a348c1dbafdfd6cc4b4787cab9c62bf3ca8f7b05872ffe58d50e8
ovidentia v5.8.0 suffers from many remote file inclusion vulnerabilities.
c1952c1957950337388447ca299dcf74407f3e3a44f4c9dc8c76223d8c6a2fdf
If register_globals is on Squirrelmail 1.4.x suffers from a local file inclusion vulnerability.
4329b0cabb98685d5a81ebad25ec3592fbed415d18453ada886e7f5e24e43fca
Unix log cleaner that has all kinds of interesting features like a ptrace_attach of syslogd to stop the log writing when it happens in real time.
62caeb82dad755104b11703320f817e6f3d78c796dd786523517ac9bdf619580