The Wordpress Page Flip Image Gallery plugin versions 0.2.2 and below suffer from a remote file disclosure vulnerability.
283261ff7da9ea8859483cb7af3007b56b40dadff53197dce81539c8d4a75463
Mozilla Firefox version 3.0.5 location.hash remote crash exploit.
eebb83ab5074c9afe2b57616ec84944c9695df373c957e4d44dbbfc493853029
FreeSSHd version 1.2.1 suffers from multiple remote stack overflow vulnerabilities. Proof of concept denial of service code included.
e1b2ce0109abe0bae36698e0f978538eaa5a35f9027ffd213a79b0eb0fe9f0ef
CoolPlayer version 2.19 local buffer overflow exploit that spawns calc.exe.
6a326e08914670dd6afbe441fc15378710139422b2dd25185d144997be8f65b0
Debian Security Advisory 1691-1 - Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution.
157ae4c1f93c80363f5da2039e5008842435f365223797ef677fa7894c54dcf7
Debian Security Advisory 1690-1 - Two denial of service conditions were discovered in avahi, a Multicast DNS implementation.
ef1a5df07104978bb17173fe99f506005c7a6bbe6cf093b6fdec41e6a73983b8
Text Lines Rearrange Script suffers from a remote file disclosure vulnerability in download.php.
c59e98d22160dd351c9c1933f211f6afc7e57ca40eddfd103573f93141b93dcf
PHP Autorooter that encodes exploits in Base64 and then decodes them and compiles them with gcc.
dad858b67667d67dc91c0c6bb8aa6779134347d2029f21d5bec096a6b7bcf35d
The Joomla Top Hotel Module version 1.0 suffers from a blind SQL injection vulnerability.
6f22ebc140137da819b0f286f48bf924d93ac16b393af93f8b83ab53fb137ef4
The Joomla HBS Search component version 1.0 suffers from a blind SQL injection vulnerability.
1cae474c508258abb31cb78738cba027c919fc77e9e9f1fba431d2eeb086d03f
Gentoo Linux Security Advisory GLSA 200812-20 - Multiple vulnerabilities have been discovered in phpCollab allowing for remote injection of shell commands, PHP code and SQL statements. Versions less than or equal to 2.5_rc3 are affected.
b64c3015b2c58dad5271775cfc8ac2573f3bd171282bd8f6f9014bacea41ac41
Secunia Research has discovered a vulnerability in Trend Micro HouseCall, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a use-after-free error in the HouseCall ActiveX control (Housecall_ActiveX.dll). This can be exploited to dereference previously freed memory by tricking the user into opening a web page containing a specially crafted "notifyOnLoadNative()" callback function. Successful exploitation allows execution of arbitrary code. Trend Micro HouseCall ActiveX Control versions 6.51.0.1028 and 6.6.0.1278 are affected.
f7d4170d51380b50b3229bbdfbfd97b6500d5154c69263a2bc8fd599516ec324
PHP versions 5.2.7 and below suffer from a mbstring buffer overflow vulnerability.
37409b5b7371a744b1320cc0009af571db7064e7ad18669697f3b62fd7f1c554
IP-Array is a Linux iptables Firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, Traffic Shaping (creation of custom HTB and SFQ qdiscs, Classes, and Filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP.
f1e7a41179e6ca09832589705d422c58693e434faa931221bf9f2ea7591f2e6d
ReVou Twitter Clone suffers from a remote file upload vulnerability.
5152b6d6335829c4eb7ba31b927b895cc19e93ebaca56d742e33a6c630d157e2
BLOG version 1.55B suffers from an arbitrary file upload vulnerability in image_upload.php.
5166ee1e4ac3e08f3590cd372cfd2494601485705b85e26ea50cac54d8acf269
Emefa Guestbook version 3.0 suffers from a remote database disclosure vulnerability.
dcb6f7303bb98a8da64202ec2bc3c5f103bef1bba28dded2b9f006bc537c6f8c
PHPg version 1.6 suffers from cross site scripting, path disclosure, and denial of service vulnerabilities.
2266199981966fdd6ce2f1888616d9b1eec12414c6f09f4033e757ec091640e3
Userlocator version 3.0 remote blind SQL injection exploit.
d598c900988e96844d8ce2942d0abeafffbcfcbb2581cef2b7a9fbe00e1431d5
Debian Security Advisory DSA 1689-1 - Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
0de29b8fab2fefaeabb052720b162b9a757b181550eb52d0a9b16f8641460152
Debian Security Advisory 1678-2 - The perl update in DSA-1678-1 contains a regression which is triggered by some Perl scripts which have changed into the directory tree removed by File::Path::rmtree. In particular, this happens if File::Temp::tempdir is used. This new update corrects this regression.
7a6ee91b53e6aa6c99a93729bd44c00a32faf2e6b49baa69e2c88266c1e40521
Debian Security Advisory 1688 - Two SQL injection vulnerabilities have beein found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database interface (CVE-2008-2667).
9dc7b0b9ca92f9e1f59c4c6542e5d806f993baedd0e6072fa1262af0d44fbd0d
chicomas versions 2.0.4 and below suffer from cross site scripting and database disclosure vulnerabilities.
1b8f18a6119696049fa61d70058a2a3e5bd969f4ce3c9ad0e262db1258a56d73
Cain and Abel versions 4.9.25 and below suffer from a denial of service condition.
cc0f2c00adaa4b10e6aab7f5ebb814d51f23ec4edc068c91330fa64c88fce7a0
PHP APC versions 3.1.1, 3.0.19, and probably earlier releases all suffer from a cross site scripting vulnerability.
c66690481d643d9fbf46653f31c83ab29640eb3464a300d6fe92f7230590d5d5