Month of Apple Bugs - Exploit for a vulnerability in Finder. Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images. One of two exploits.
b981e4326e87927ea14c54f445d1d8c91ca8bad5b3c606732b39860b492a641a
Month of Apple Bugs - Exploit for the Application Enhancer (APE), which is affected by a local privilege escalation vulnerability that allows local users to gain root privileges.
022ab59da53042f4ad0dadf5efb09eb65b8d7f1c45cfc3279afa1c3afbd66fbf
Month of Apple Bugs - This HTML file is an exploit for OmniWeb. OmniWeb is affected by a format string vulnerability in the handling of Javascript alert() function, which could allow remote arbitrary code execution.
297d0995c250f8cc72592389a406917ac1bf22428361bbff663a27278cf94085
Month of Apple Bugs - Warning, this pdf is an exploit. The current PDF specification is affected by a design flaw, a rogue Pages entry or malicious catalog dictionary could cause a denial of service (memory corruption condition, memory leakage, etc) or potential arbitrary code execution in the reader application.
7befba5152c7b30d54a97e3a52d7ff58a3858ea958dac2460153bce1334d0e22
Month of Apple Bugs - Exploit for a vulnerability in the handling of BOM files by the DiskManagement/diskutil that allows the setting of rogue permissions on the filesystem. This can be used to execute arbitrary code and escalate privileges. One of two exploits.
d23d1ffe7410fc22b798de3144cff78a0f519bb100421ea6abce589bef246321
Month of Apple Bugs - Exploit for a vulnerability in the handling of BOM files by the DiskManagement/diskutil that allows the setting of rogue permissions on the filesystem. This can be used to execute arbitrary code and escalate privileges. One of two exploits.
9ff09c4c31ae71fb68fb87e214f17eb7e955b0cbe68a242d876ba38452f4a223
GForce version 4.5.11 suffers from a cross site scripting vulnerability.
7c397cbc606e6d927b4205174cc6c2b7d0935c5310470ec09dbe783ee5343c04
Critical Security OpenBSD 3.x through 4.0 vga_ioctl() local root exploit.
6645a5c0890cfe318350a5af352787dbb534dccd135c4f235e795d1ab85e7d87
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
7730b4cbc522502f2d12a5b895c6618321b649f03a6a1b3ab8ccc5ec191fc8c6
VisualRoute is a traceroute tool which displays a map of the path to the destination server by looking up the geographical location of each traceroute hop. The network service provider is identified for each hop, and instant domain and network whois information enable quick problem or abuse reporting.
c75ed4536af9bfec5f36acbb94d9366b7e267f2c059309c66b9424e61b53ab90
The US Department of Homeland Security's "Vulnerability Disclosure Framework" document.
582fab10411195352c3c7c264ac43a5fe82a67a539153f9bcdae39edbe51c6f4
Debian Security Advisory 1247-1 - An off-by-one error leading to a heap-based buffer overflow has been identified in libapache-mod-auth-kerb, an Apache module for Kerberos authentication. The error could allow an attacker to trigger an application crash or potentially execute arbitrary code by sending a specially crafted kerberos message.
c9a1f482592964f332005424fd001256d3c72cb2e867cc031624774cfbbc1bdc
Debian Security Advisory 1246-1 - John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOffice.org, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code.
c6505f1b044f3845d4eda54bb6fb486963985da507663c1c77ffdc547b233f51
Packeteer PacketWise version 8.x suffers from a buffer overflow vulnerability.
21a38eb759ec8845f73b1ae7ba4e00f8b49c0fe1deaeef58a74f51fc51c5f061
The Magic Photo Storage website suffers from a remote file inclusion vulnerability.
1f1cacd6e29c1b8d3661d861dfa1fcf11b77247dc9ba0e9af1a5452c23673897
There is a DACL weakness that exists in the HP all-in-one products drivers, which can be exploited by malicious, local users to gain escalated privileges.
4cdf87116b8d9ee3c3f00f60c40288c8b169a7243a24ee7362d44092701f936f
CenterICQ contains support for LiveJournal (http://www.livejournal.com/), such as posting to your own blog, reading other blogs' RSS feeds, and other community-related functions, such as showing whether a user has added or removed your own users to/from the friend list, all via a unified HTTP interface provided by LiveJournal. The latter functionality is vulnerable to a buffer overflow and possible remote code execution. Affected versions range from 4.9.11 through 4.21.0. Proof of concept exploit included.
b6dc98674cfbf8ff44212a63d67c5667ac485c8229d5b0f0f60c18e483be0ad0
Camouflage version 1.2.1 suffers from a vulnerability that allows access to encrypted files.
3616dff73eb9b4c3fa73c077a974cbf60252e6c3f0c60c687ef51d0956eff55a
RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).
9beec004be0133e4f53e2256f580067810718d5277029a17fe8f20990b0b4502
GeoBB Georgian Bulletin Board suffers from a remote file inclusion vulnerability.
ad45fde38c33b04c12b8965c4f7ca67a60f4e0e39c4d961bc1ef0ae3ed56fa77
Dayfox Blog suffers from a remote file inclusion vulnerability.
2a75968f7aefdb5c92527e2061fc91bb005406e41f530614ae277034fe5c754a
Debian Security Advisory 1245-1 - Martin Loewer discovered that the proftpd FTP daemon is vulnerable to denial of service if the addon module for Radius authentication is enabled.
50fcc58bdb5e7e7fdd77b15acebd5b68c5c089cd4d7cb3553c68bfafab2f21cb
NUNE News Script suffers from a remote file inclusion vulnerability in custom_admin_path.
1d27dbbdd194900ae50fa7cd0e39c7b8bb6948f22ece57a1d400f8e2f0d39d56
Uguestbook version 1.0 suffers from a remote password disclosure flaw.
d52a22e994cf06287c3395daaa40cb1adfaaf4ba35796b648c44cd0523a8bd11
Steganography version 1.7.1 and 1.8 suffer from a vulnerability that allows access to encrypted files.
2866bc89f0024863497a19a2f5736883c6b6fa1e4738291d9918b88532f1aa4d