The Bubbling Library version 1.32 suffers from multiple local file inclusion vulnerabilities.
69765615987118a20ea833a5b5af9cbff352a4acfd80efa2e16e3afc161c87bf
Simple Forum version 3.2 suffers from file disclosure and cross site scripting vulnerabilities.
c519964329b114e8d760a77e6a685612e9b12ead3d55187f74e177968841bad4
Mambo version 4.6.3 suffers from path disclosure, cross site scripting, cross site request forgery, and denial of service vulnerabilities.
11fd34395ce14c48e3d329b487a2ffb8e5f8d0ce02bab9147296b7bf6926edd3
Secunia Security Advisory - nnposter has reported a vulnerability in F5 BIG-IP Application Security Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
debc1d44ad71170d2fba979b4a0714a585304778a24ac410eb1d780deeedc7d6
Secunia Security Advisory - Some vulnerabilities have been reported in CandyPress Store, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
3887f96914facdba972ec08deff6ad37812041b31bea294386285f5bc6fc802a
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
dda9009180f2f6c72446afb6c8e1a755810698fee39e22d94bd033d712b69f84
ClanSphere version 2007.4.4 suffers from a remote file disclosure vulnerability.
a7b24c05d9b1513e2fb809a2ba8b468ada1abdb15005daa3a9e8fa01cd5d3711
nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. This is the Windows version.
47520bff7fb56027f4f9be5624fe8b097c9f7584e592d2c4d88351bae023e747
nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.
1e09de2e8206bd86d6775b0b4c4a7fe4dcfe636dcb0821c1f5584fe4157b4e1d
eTicket version 1.5.6-RC4 suffers from a cross site scripting vulnerability.
5c28a89d9866f0b6b900fbca6c5f86e59645564048de68cb55ce474a307852ea
phpIP version 4.3.2 suffers from numerous SQL injection vulnerabilities.
6c1a3c40f46f705114b15018c36dcbb0c5b9ff5e18e3124f43189359ffd1dfdc
ASPired2Protect suffers from a login bypass vulnerability via SQL injection.
ca2eea31b502c72b6b8565b81bdc647fe49fddb0bb704fe7e5e21a056c7585f8
Statcounter.com was susceptible to a remote credential disclosure vulnerability.
f78aa90af0b889ce27d5934a0084dc1edccdd2fee270b731cde7ef3e73249276
Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_drop SQL injection exploit that changes the system password.
09f212700f03bbc061c6451881af6f4f48e1044a3d2ee32a479c24063ef6a259
Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_truncate SQL injection exploit that grabs password hashes.
86f4d3757762e79f037895d1489b92f16c57f753e5979972b0d765d12247fbfb
Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_drop SQL injection exploit that grabs password hashes.
4a5e9c7385fc08b30bdeda08fb53856cad444bdd11e613f300b8767e710c033c
Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_truncate buffer overflow proof of concept exploit.
54d9ffbf19acfdb085440aa8eb8e8e04745be17094a93099bae803beefd4ff64
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
9c097761644f7cbf79a72b6aadd95384ab2965187bb8d9f8346c7de9905db08d
PhPress version 0.3.0 leaks SQL information via allowing direct arbitrary access to the data.
0de7f6f8f0c7bdeceeb71a7a3c81f7bf6bb278635b03bc4b5aa46d06d3c3010d
The F5 BIG-IP ASM web management interface contains a cross site scripting vulnerability in the Security Report function.
be5853d6c1feb0d2d28a99d8dd2b940172e7ed485a42fccadfab738de35c73b8
Debian Security Advisory 1477-1 - Duncan Gilmore discovered that yarssr, an RSS aggregator and reader, performs insufficient input sanitizing, which could result in the execution of arbitrary shell commands if a malformed feed is read.
c43ba6d88dec4cd237a726c4ec9dd961d8a693dc9d079c1357058080341568a7
Debian Security Advisory 1476-1 - Marcus Meissner discovered that the PulseAudio sound server performed insufficient checks when dropping privileges, which could lead to local privilege escalation.
79f4f6a4708e4996f23285eb55ae4f15bf089d97e6f67ead00f9b8de74101c61
Debian Security Advisory 1475-1 - Jose Ramon Palanco discovered th a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session.
71eb66ebb10d21f250807147e7a4b9e0c3d06d4897aaabf0e6fcef2cb4767b13
Gentoo Linux Security Advisory GLSA 200801-14 - The /usr/bin/blam script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) being included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 1.8.4 are affected.
3f5369e615881d85093c15e888233ac85ef3a385dfde99e2e089ccce89737027
Gentoo Linux Security Advisory GLSA 200801-13:02 - The IRC_PART() function in the file irc-channel.c does not properly check the number of parameters, referencing an invalid pointer if no channel is supplied. Versions less than 0.10.4 are affected.
c30de200d3fc302afeb9c46883102addc98d5e3a7abf99bc1526c5a5b546cf4c