VNCcrack is a simple, fast offline-mode VNC password cracker. It takes a set of challenge-response pairs of the type passed during a VNC authentication attempt, and attempts to recover the passwords using a dictionary file.
af0a1e85e9d10df8f32439a3c084f613eb295464becf9dd61d93de385277d66b
ScanAlert Security Advisory - Apache Tomcat can be forced to reveal a complete directory listing for any directory by requesting a mapped file extension prepended with a semicolon, a reserved character. The file does not need to exist. 5.x versions below 5.5.17 may be susceptible to this flaw.
5c509d6f93d0ec579d69765fb6e247f4db535df15f491d940af5bd3c9b15e020
BLOG:CMS versions 4.0.0j and below suffer from a cross site scripting flaw.
17be27705d1eaa7ecd8f10cfe3780b65e83e89cc5c28175d84b64c5567db9db6
Debian Security Advisory 1117-1 - It was discovered that the GD graphics library performs insufficient checks of the validity of GIF images, which might lead to denial of service by tricking the application into an infinite loop.
e81fb95fa900581b668dcf9fead91e0168da9983e8fac3e47881bc67e139f182
Debian Security Advisory 1116-1 - Henning Makholm discovered a buffer overflow in the XCF loading code of Gimp, an image editing program. Opening a specially crafted XCF image might cause the application to execute arbitrary code.
3276eb1cf1d81e63f22f1b14a657cbc92b08bb69e6c31914abf2559d1f9f2ac7
Savant2 suffers from a remote file inclusion vulnerability.
68ed8c2d2fd6fca6e83770abe9ecb5ea05eba1895df6098fa69a417b9dc4a2ff
Ubuntu Security Notice 321-1 - Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.
ce2017b26fa4cdc2d0a5a23723b49d77edea863463d88104a17bf2ddde1790d6
Debian Security Advisory 1115-1 - Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID strings.
d8dcb40dc9ebe29b56d2b32b51d8bb85f9c64facc298108981828b8a327b2de5
Advanced Poll version 2.02 suffers from a remote inclusion vulnerability.
416165d4a94f5837e796d9114f3325a14e8160f0c95ef9480ab70d9694d852de
Debian Security Advisory 1114-1 - Andreas Seltenreich discovered a buffer overflow in hashcash, a postage payment scheme for email that is based on hash calculations, which could allow attackers to execute arbitrary code via specially crafted entries.
d593a51788df3f88c31a27dd1c48d6b8184c4e2137b012bc8892cc728091d83c
Mandriva Linux Security Advisory MDKSA-2006-130 - KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.
05f74c5ea94305a4651692b41b90b6951f6a118600d25126dca3386ed10349ba
Chameleon LE versions 1.203 and below suffer from a classic directory traversal flaw.
0b998003d6eca4ee7de46417cbf413e81eb08da3495c0041540c33d65a8e4c84
LoudBlog versions 0.5 and below 'id' SQL injection and administrative credential disclosure exploit.
0f8ecda7665dd0a872e199b07de3d22d808c060e10c44316b9277c9b528ac791
Gentoo Linux Security Advisory GLSA 200607-07 - There is a stack based overflow in the libmms library included with xine-lib which can be triggered by malicious use of the send_command, string_utf16, get_data and get_media_packet functions. Versions less than 1.1.2-r2 are affected.
c03a3981720a46c8109c4d9e5e03534d4d561d2a474e3b74790f4231b0cc33ed
HP Security Bulletin - Oracle(R) has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO).
df422168050ad6024367fc2ee1d2d9096d8031b191a98d6e4406cbfbfdfd5196
Blackboard Academic Suite version 6.2.3.23 is susceptible to a cross site scripting flaw.
179d8738e6a332bad3997d535717af34f1ce8f6240b1373945318501f68dd08e
Simple php script that perform a massive MX look up for a given list of IPs.
4659be37f7b6a979d3ff68238f8016b12e20716d56ea0330b0e55e005254c70e
Com Multibanners suffers from a remote file inclusion vulnerability.
7fdbc748671357d500a156e28af631517ae69cf216a4f8df496faeb82821694f
Mandriva Linux Security Advisory MDKSA-2006-129 - An additional overflow, similar to those corrected by patches for CVE-2006-1861 was found in libfreetype. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user.
7e47a195b9cc7deb5b5f25f14df95194792e1933817dd609d56c07aa622bbdd3
Top XL versions 1.1 and below suffer from cross site scripting and cookie disclosure flaws.
92bd2f190cda19b59b73eec41697b36326f69f0461d40b22b23d603ae54c9846
phpFaber TopSites versions 2.0.9 and below suffers from a SQL injection vulnerability.
01ff06cc02f5f9f5794fe29da689a732d1dfdb11cc84a9bdd22d08004194f795
SiteDepth CMS versions 3.01 and below suffer from a remote file inclusion vulnerability.
e3d5452ea5af247f60c25fd8a1fb436a1c6307220035a4882990f513101fbdb3
planetGallery versions 22.05.2006 and below have a flaw that allows administrators to create new galleries and upload images. Because of a vulnerable regular expression, he may also upload PHP scripts and thereby execute arbitrary commands with the privileges of PHP.
795431e253559938dbfdcc05fcc274590b6bb519ee3ffed30042fc864ea03c6b
iManage CMS versions 4.0.12 and below suffer from a remote file inclusion vulnerability.
327b758c1d7199eced074d86d89f40253994099e235e9826818f78388a763591
Cisco/Protego CS-MARS remote command execution and system compromise exploit that makes use of an insecure JBoss installation in CS-MARS versions below 4.2.1.
54fe66cacd7116d763993ab2281815e624610e13a10347c112c62d30699df620