VNCcrack is a simple, fast offline-mode VNC password cracker. It takes a set of challenge-response pairs of the type passed during a VNC authentication attempt, and attempts to recover the passwords using a dictionary file.
af0a1e85e9d10df8f32439a3c084f613eb295464becf9dd61d93de385277d66bScanAlert Security Advisory - Apache Tomcat can be forced to reveal a complete directory listing for any directory by requesting a mapped file extension prepended with a semicolon, a reserved character. The file does not need to exist. 5.x versions below 5.5.17 may be susceptible to this flaw.
5c509d6f93d0ec579d69765fb6e247f4db535df15f491d940af5bd3c9b15e020BLOG:CMS versions 4.0.0j and below suffer from a cross site scripting flaw.
17be27705d1eaa7ecd8f10cfe3780b65e83e89cc5c28175d84b64c5567db9db6Debian Security Advisory 1117-1 - It was discovered that the GD graphics library performs insufficient checks of the validity of GIF images, which might lead to denial of service by tricking the application into an infinite loop.
e81fb95fa900581b668dcf9fead91e0168da9983e8fac3e47881bc67e139f182Debian Security Advisory 1116-1 - Henning Makholm discovered a buffer overflow in the XCF loading code of Gimp, an image editing program. Opening a specially crafted XCF image might cause the application to execute arbitrary code.
3276eb1cf1d81e63f22f1b14a657cbc92b08bb69e6c31914abf2559d1f9f2ac7Savant2 suffers from a remote file inclusion vulnerability.
68ed8c2d2fd6fca6e83770abe9ecb5ea05eba1895df6098fa69a417b9dc4a2ffUbuntu Security Notice 321-1 - Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.
ce2017b26fa4cdc2d0a5a23723b49d77edea863463d88104a17bf2ddde1790d6Debian Security Advisory 1115-1 - Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID strings.
d8dcb40dc9ebe29b56d2b32b51d8bb85f9c64facc298108981828b8a327b2de5Advanced Poll version 2.02 suffers from a remote inclusion vulnerability.
416165d4a94f5837e796d9114f3325a14e8160f0c95ef9480ab70d9694d852deDebian Security Advisory 1114-1 - Andreas Seltenreich discovered a buffer overflow in hashcash, a postage payment scheme for email that is based on hash calculations, which could allow attackers to execute arbitrary code via specially crafted entries.
d593a51788df3f88c31a27dd1c48d6b8184c4e2137b012bc8892cc728091d83cMandriva Linux Security Advisory MDKSA-2006-130 - KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.
05f74c5ea94305a4651692b41b90b6951f6a118600d25126dca3386ed10349baChameleon LE versions 1.203 and below suffer from a classic directory traversal flaw.
0b998003d6eca4ee7de46417cbf413e81eb08da3495c0041540c33d65a8e4c84LoudBlog versions 0.5 and below 'id' SQL injection and administrative credential disclosure exploit.
0f8ecda7665dd0a872e199b07de3d22d808c060e10c44316b9277c9b528ac791Gentoo Linux Security Advisory GLSA 200607-07 - There is a stack based overflow in the libmms library included with xine-lib which can be triggered by malicious use of the send_command, string_utf16, get_data and get_media_packet functions. Versions less than 1.1.2-r2 are affected.
c03a3981720a46c8109c4d9e5e03534d4d561d2a474e3b74790f4231b0cc33edHP Security Bulletin - Oracle(R) has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO).
df422168050ad6024367fc2ee1d2d9096d8031b191a98d6e4406cbfbfdfd5196Blackboard Academic Suite version 6.2.3.23 is susceptible to a cross site scripting flaw.
179d8738e6a332bad3997d535717af34f1ce8f6240b1373945318501f68dd08eSimple php script that perform a massive MX look up for a given list of IPs.
4659be37f7b6a979d3ff68238f8016b12e20716d56ea0330b0e55e005254c70eCom Multibanners suffers from a remote file inclusion vulnerability.
7fdbc748671357d500a156e28af631517ae69cf216a4f8df496faeb82821694fMandriva Linux Security Advisory MDKSA-2006-129 - An additional overflow, similar to those corrected by patches for CVE-2006-1861 was found in libfreetype. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user.
7e47a195b9cc7deb5b5f25f14df95194792e1933817dd609d56c07aa622bbdd3Top XL versions 1.1 and below suffer from cross site scripting and cookie disclosure flaws.
92bd2f190cda19b59b73eec41697b36326f69f0461d40b22b23d603ae54c9846phpFaber TopSites versions 2.0.9 and below suffers from a SQL injection vulnerability.
01ff06cc02f5f9f5794fe29da689a732d1dfdb11cc84a9bdd22d08004194f795SiteDepth CMS versions 3.01 and below suffer from a remote file inclusion vulnerability.
e3d5452ea5af247f60c25fd8a1fb436a1c6307220035a4882990f513101fbdb3planetGallery versions 22.05.2006 and below have a flaw that allows administrators to create new galleries and upload images. Because of a vulnerable regular expression, he may also upload PHP scripts and thereby execute arbitrary commands with the privileges of PHP.
795431e253559938dbfdcc05fcc274590b6bb519ee3ffed30042fc864ea03c6biManage CMS versions 4.0.12 and below suffer from a remote file inclusion vulnerability.
327b758c1d7199eced074d86d89f40253994099e235e9826818f78388a763591Cisco/Protego CS-MARS remote command execution and system compromise exploit that makes use of an insecure JBoss installation in CS-MARS versions below 4.2.1.
54fe66cacd7116d763993ab2281815e624610e13a10347c112c62d30699df620
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed