NetClassifieds Premium Edition suffers from SQL injection and cross site scripting vulnerabilities.
b43100677b926fd9903b46e2e018b8d07d1e0852e00ca8bd3e5568e825432892
Mandriva Linux Security Advisory - The 802.11 network stack in MadWifi prior to 0.9.3.1 would allow remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. The ath_beacon_config function in MadWifi prior to 0.9.3.1 would allow a remote attacker to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggered a divide-by-zero error. An array index error in MadWifi prior to 0.9.3.1 would allow a local user to cause a denial of service (system crash) and possibly obtain kerenl memory contents, as well as possibly allowing for the execution of arbitrary code via a large negative array index value.
e3151b1a8b7c3b4faba9dcc5cca7cea93eb4811e33e429f43521e7260dd6f38c
VLC 0.8.6.b is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized variable, and one integer overflow in sampling frequency calculations.
9d50d0d593eec1f8c572771506616244c776d2031e6bf643f1e971280a0aa262
Debian Security Advisory 1316-1 - It has been discovered that emacs, the GNU Emacs editor, will crash when processing certain types of images.
4ad6325e42b3ee76a6ef9587dfc8fd9fd9aac9aceb61f36ca2364f3dea711bf6
MyServer version 0.8.9 suffers from a cross site scripting vulnerability in post.mscgi.
6935e24d4052fa148c1f5bc5c2e00468fb5f4b877628d08dd4dd131e4c794c4c
MyServer version 0.8.9 suffers from a source code disclosure when a file's extension is capitalized.
208915fd4367e7c32cb5098d03ad184ddf1665f2886fe2d784c705f76d90c4db
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.4.
2ae6428185a83a199fc21f5a307823d348f3b7c79bcacfa5610dac600f89cfcf
Mandriva Linux Security Advisory - The Auth API in ProFTPD, when multiple simultaneous authentication modules are configured, did not require that the module that checks authentication is the same module that retrieves authentication data, which could possibly be used to allow remote attackers to bypass authentication. The updated packages have been patched to prevent this issue. As well, this update provides proper PAM configuration files for ProFTPD on Corporate Server 4 that had prevented any mod_auth_pam-based connections from succeeding authentication.
ad147280c64e52fd7ef4848541a3149f3cee31c56e0ab7c29920dbc42e6e83be
51 byte Linux/x86 execve shellcode.
7148261b65d2c2d2dc75054e64cd5b5ab73e3dacbed95ec8d4ca1e2f765a06c9
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
2d0bfd6b12713502b9793d4c806fc5fe7acbe51d1b0c2df739190196f6509c16
BitchX version 1.1-final remote command execution exploit.
39236b6f34aa43098be96a197d2a1fd67f7dbe49a90ce86bfe5f6d6b4bd2d92b
SerWeb version 0.9.4 remote file inclusion exploit that takes advantage of load_lang.php.
df1e5f62e3ca9f4ed6f6538244f593f78f88d1582d5f3abdbc6b71ae3e9f54b7
HP Security Bulletin - A potential security vulnerability has been identified in HP Help and Support Center running on HP Notebook Computers running with Windows XP. The vulnerability could be remotely exploited to allow unauthorized access to the system.
001e54c3893cfcbb0cfa635bfa9495de4a83561d0fc79701389790541b29437b
HTTP SERVER (httpsv) version 1.6.2 remote denial of service exploit that makes use of a 404 error.
3d9cd2b6641a08df05e9e48119a0785c46ea878a27644269770669010d904411
sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
d018a3c450f2814616d6e10df371981fd19d86b0ea6ec4a05bb5734096679281
The CISSP web site is susceptible to a SQL injection vulnerability.
c0ba7d4f6b0c35ccde41a80a894e52f88473c0f530a29d4f1446f7c27eec8fc1
vBulletin version 3.x suffers from a persistent cross site scripting bug due to a file inclusion vulnerability related to new topics.
e3fe34aa550e0f2f7d8c107bcf0b54ab463ac041adcd27f50911f56cd41efbd1
vBulletin version 3.x suffers from a persistent cross site scripting bug due to a file inclusion vulnerability.
124cb4ff6f114f48f07ed87a69cd0995d57142a60c8e9fdc60831d2609800e0d
Fusetalk suffers from cross site scripting vulnerabilities in comfinish.cfm.
7cb8de6071c6b054856a55e4c81df2dfec3872f414bf4833c0610fe5074f3ff3
Pixy is an open source vulnerability scanner that audits PHP applications for SQL injection and cross site scripting vulnerabilities. It is written in Java and also performs automatic resolution of file inclusions.
50824432cbbb0d2d08b83b3f850b36829dbcd2cb0e67f5b30bea566423e3c709
Comersus Shop Cart version 7.07 suffers from SQL injection and cross site scripting vulnerabilities.
58ba2fa8052fb0819670006c7bdfa1d55906e1a7c84ecc9a82070d3947e29cc5
Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.
49e35eea195f9ef8ba10b6f706e71bf6d035c1334146bf2abb1b501007b5e26f
Mandriva Linux Security Advisory - Another integer overflow was found in the way libexif parses EXIF image tags. An individual who opened a carefully-crafted EXIF image file could cause the application linked against libexif to crash or possibly execute arbitrary code.
1356f53c0be093f1e0bd3b4ef2b058cda07f258e1718e73fc47d12c584b5cfac
Apache suffers from some prefork MPM vulnerabilities.
4d61c28e91dc8056ee3f72cb7c70d86c713c92a2e12bcc5cb0afada3a83c3933
Mandriva Linux Security Advisory - The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users.
2c58e81c7fdbf47fc1aff0fb58209c44403b34e89fa427097bb7f681267e7a30