maintain-3.0.0-RC2 suffers from remote file inclusion in example6.php.
4bb51629aefcb73aaa6c17c6470cb351979e556055669955203c55f3dd2cc0c6
Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2: This advisory covers six security issues that have recently been fixed in the Bugzilla code.
4fee028c5a9a72d7c9ac4452a531f1b39e9680e9bba27265fc3a24d0fa91ecf0
PHP Forge 3b2 suffers from a remote file inclusion vulnerability in inc.php.
ccdf758804c073ef26ea4456845129299445bdbe187e80e5f9b476b1a83c2f69
patchlodel-0.7.3 suffers from a remote file inclusion vulnerability in calcul-page.php.
453d857f333311cd436170375a141a6ac60d8d9875a4ea3dfe1f8999f97ff0e0
kmail 1.9.1 table/frameset DOS proof of concept.
667d336a0c82cde8a65570b60b3fb5af3cdfd0c23f4d0d6a7ba48819800ca3ec
Deatils on spoofing the security dialog in Windows object packager.
7acc740ea36cdfd85ab1eb307e3a6424c784a540e5b69f7d48f55824ad0b6912
Jinzora 2.6 and prior suffer from a remote file inclusion vulnerability in mt.php.
8e4ef0fbbda7a1356a0d1656fb8d5c31c3dfa3b17ec3569a91d5396accb89967
EXlor 1.0 suffers from a remote file inclusion vulnerability in /fonctions/template.php
cd7d51d31ef0b5b84acc3d7f854532330ea35dc488499d5bf2e01710d9d4fb5a
A small C program that can brute force gadu-gadu accounts starting from a given number and using a hardcoded list of passwords.
048dcc6171b1c08f6132e372e9ac410d6b68d1e47402d1a2901c9bb8bf5528e7
Armorize-ADV-2006-0005 discloses multiple cross-site scripting vulnerabilities that are found in Gcontact, which is a Web based address book written in Ajax/PHP offering multi-user, multi-contacts (email,phone,icq,msn,...) & multi-address for each person, birthday reminder by email, mailing-list management, Excel export, etc.
8c00d8f70c2d466f2cb4980a4297d1bfbf34ffdf2e3ffa80be27b73a2ed5292f
Armorize-ADV-2006-0003 discloses multiple cross-site scripting vulnerabilities that are found in Zen Cart, which is a PHP +e-commerce shopping program and is Built on a foundation of OScommerce GPL code. It provides an easy-to-setup and run +online store.
b5df486f27e52a1b4f91bc2b83b947e59cfddb83cebec8fca490934c31eed8aa
Armorize-ADV-2006-0003 discloses multiple cross-site scripting vulnerabilities that are found in Zen Cart, which is a PHP e-commerce shopping program and is Built on a foundation of OScommerce GPL code. It provides an easy-to-setup and run online store.
b5df486f27e52a1b4f91bc2b83b947e59cfddb83cebec8fca490934c31eed8aa
@lex Guestbook suffers from a remote file inclusion vulnerability in Mxconf.php.
ad345d07ac7c46a388bf07bc6ddeba5d4c6c366e729c56871766c33812205753
osTicket suffers from a remote file inclusion vulnerability in open_form.php.
1b18ab69688c4a3afdb93a47e347dffb7665bab00ce344e2be69bd2653e3ef5a
POC for a possible integer overflow bug in konqueror 3.5-latest.
00263bb5a228545e88b8e05dee01534319248a7271970aec28977e1612e8fbe9
Symantec Vulnerability Research SYMSA-2006-010: The web server under IronWebMail employs a simple macro language for evaluating pathname references. A loss of confidentiality occurs as a result of faulty pathname evaluation, causing unauthenticated access violation.
70d347b30c2f24ca5298b306b53bddf54e9c34e14f16894f24b825724792f064
raptor_libnspr - Solaris 10 libnspr oldschool local root exploit. Exploits the design error vulnerability in NSPR.
4534f08fb4e5ebcc7329d2d59c1fbdfb5145398877594c9b4e82b067b081c76b
iDefense Security Advisory 10.13.06 - Remote exploitation of a format string vulnerability in the mod_tcl module for the Apache httpd v2.x could allow attackers to execute arbitrary code in the context of the httpd.
aa822f011982ff0d3ccb3b5cfacc8f0a60f500d6df8113792a7954839f072cfc
The second Internet Security Operations and Intelligence (ISOI) DA workshop will take place on the 25th and 26th of January, 2007. It will be hosted by the Microsoft Corporation, in Redmond WA. An after-party dinner will be hosted by Trendmicro. The call for papers is now open to the public. The main subject of interest is vulnerabilities and 0day exploits used in the wild. Secondary subjects are DDoS, phishing and general botnet subjects.
669e54de218bb16532988610c786ca340672bcaae385d66f0953e184c3db008e
Open Conference Systems 1.1.3 and prior suffer from a remote file inclusion vulnerability in theme.inc.php and footer.inc.php.
b134a8d617c8ccafcb8f467e5e15bc5172d2d1df2170e45acd32681f9cf23057
Input passed to the "torrent" field of a GET Request is not properly sanitized before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an users browser session in context of an affected site if a user clicks on a malicious link.
6a6b34ce2afcfa0432decb731a485ffde68dda4a0bce0e1f03541dbea8424bcd
Wyd is a tool for password profiling. The general idea is to personalize or profile the available data about a "target" person or system and generate a wordlist of possible passwords/passphrases out of available information. Instead of just using the command 'strings' to extract all the printable characters out of all type of files, we wanted to eliminate as much false-positives as possible. The goal was to exclude as much "unusable" data as possible to get an effective list of possible passwords/passphrases. It is very effective to get reasonable passwords from websites or filesystems.
3581d74785a5071ea404d0bbe59de4768ac89952f157729de10a21ab0abb2277
POC for a memory corruption vulnerability in the "drmstor.dll" library which is part of the DRM (Digital Rights Management) software supplied with MS Windows.
2cbde388cbdb99ce63dfa813a707d4b197d88ee064f57afa7715e9847ad592ea
Wlandecrypter is a password generator for certain ADSL WIFI routers provided by Telefonica of Spain. Essid named WLAN_XX when XX are two hexadecimal digits.
43dc4ccd6f02b5fb1594641aa245b1db35ea43464e0a053cdecba88c1b4fe23b
Airflood is a modification of aireplay that allows for a DOS in in the AP. This program fills the table of clients of the AP with random MACs doing impossible new connections. Useful external "MAC filter" function can allow only the "attacker" to connect to the AP
1206f824aaaaadcd2ba79d79f61bdfc0456a2aa4ee4834a27e36f30aa01f1424