SEC-CONSULT Security Advisory 20081219-0 - Fujitsu-Siemens WebTransactions is vulnerable to remote command injection due to insufficient input validation. Under certain conditions, WBPublish.exe passes unvalidated user input to the system() function when cleaning up temporary session data. This vulnerability allows an attacker to execute arbitrary commands on the affected system. The vulnerability does not require prior authentication and can be exploited from a web browser.
4fcccde253345cf5e3f0f4106c7f74d8b15fb08e20a6c514630001cb3f299309
JA-SNMP-Reader is a simple Windows executable that reads values from an OID of a given SNMP Agent.
f79868f69d225f4308f36d526a18a2d328f8c100707c806272d882961a3d5feb
New script that exploits the very, very, very old phf vulnerability.
019371e115ef1e5f7c22f50f06a0b178a7b66d03de1c24b4361814c83f8f415f
Ksplice is practical technology for updating the Linux kernel without rebooting. It enables you to avoid the disruptive process of rebooting for kernel security updates and bugfixes. By making it easy to keep your systems up to date, Ksplice helps you avoid the security and stability risks of running out-of-date software.
6c2345b2737e7efe38db87ef4da9d5a9b582ced20141bb8ea97215118970bf87
dietsniff is a tiny tool for analyzing traffic on a network. It is not intended to replace well-known tools like tcpdump or ethereal. It is intended for the case when a small and especially static sniffer is required. Accordingly, it is also by far not that powerful, and is also bound to Linux as a platform.
3e7c2c47da2d48008a1433d1f22cc5872cb178b7fdbad557b0f5e47ec2732eb3
Constructr CMS versions 3.02.5 and below suffer from directory traversal, database configuration disclosure, and SQL injection vulnerabilities.
8908b832dd7e2db1b424f4b9917043856c22abaee2f5b23ac11aab5ffa5bc102
FreeLyrics version 1.0 suffers from a remote file disclosure vulnerability in source.php.
f1541579debf5757b4f11c9594466e8377d21a68420f8e87920d73bbfc0845f2
Extract Website suffers from a local file inclusion vulnerability in download.php.
7408a2b8415be0d4829898d7e23adc262d21eaea9c368b98351780b53db5355b
Online Keyword Research Tool suffers from a file disclosure vulnerability in download.php.
f26f222bb6d29381eff01b3bcd67f0257d8e7a2c8dc9c0c0c96d4890f9430f39
Gobbl CMS version 1.0 suffers from an insecure cookie handling vulnerability that allows for administrative access.
2a7cc21cdd7afbae98f73da97637186e73f07262ecd3d465d722804050e40c99
Gentoo Linux Security Advisory GLSA 200812-19 - Two vulnerabilities have been discovered in PowerDNS, possibly leading to a Denial of Service and easing cache poisoning attacks. Daniel Drown reported an error when receiving a HINFO CH query (CVE-2008-5277). Brian J. Dowling of Simplicity Communications discovered a previously unknown security implication of the PowerDNS behavior to not respond to certain queries it considers malformed (CVE-2008-3337). Versions less than 2.9.21.2 are affected.
b32ba72341374ae1aaf8bbe760d230f8539182bc7d93feb0dc89b4807dcf3baa
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
060a4c69b772c5dbbe93812a8abd274eb7234e26034b2a9e635c88b055b0e945
Multiple sites on Sourceforge.net suffer from local file inclusion vulnerabilities.
d5d7639990f19a6cdb90802b8b4c6cbc3303e7d07277527d231b990b19462570
Realtek Sound Manager buffer overflow exploit that leverages rtlrack.exe version 1.15.0.0.
134faf3432cd881dea3a0ee215beb947a5c4de7a19d014bafdbd98aa209de733
Ubuntu Security Notice USN-696-1 - Emanuele Aina discovered that Avahi did not properly validate it's input when processing data over D-Bus. A local attacker could send an empty TXT message via D-Bus and cause a denial of service (failed assertion). This issue only affected Ubuntu 6.06 LTS. Hugo Dias discovered that Avahi did not properly verify it's input when processing mDNS packets. A remote attacker could send a crafted mDNS packet and cause a denial of service (assertion failure).
4ed8338613bd90bd9db4370e94dd72fdf7c7aeb5538276764c37e414ec7895f3
OneOrZero Helpdesk version 1.6.x remote shell upload exploit.
780c96fbf034819075a9a3cb2dc05aeab8c58c211a6cb6c2f02d589d69069320
MyPBS remote SQL injection exploit that leverages index.php.
19e4a423cd72942e5ab709588e3f87869f16e3355583f54c909ec7ab1c417d43
MyPHPsite suffers from a local file inclusion vulnerability in index.php.
2ee794daf137781320ca735673c2a215b995317e48931e20e0cda93dec97c7fa
myPHPscripts Login Session version 2.0 suffers from cross site scripting and database disclosure vulnerabilities.
c974a27f358ad5825e23a363f6e732b521bf7b04da139805c8d1167c4adb6d02
ReVou Twitter Clone administrative password changing exploit.
09a92eefcf18c327fafb1fd705b5c7acf080fe8f62e95dda962ef16b8023a95f
Injader CMS version 2.1.1 suffers from a remote SQL injection vulnerability.
2b8e91e3d21f060d0479c319f74259381a056ccd90b8fbf2e48753541e99f869
PHP Clan Website CMS versions 1.23.3 and below suffer from local file inclusion, remote SQL injection, and cross site scripting vulnerabilities.
d45c28aab7c91960a39308081bf1c245f4be13a82331f5b6534a6fdbfaf0d2f8
Secunia Security Advisory - A vulnerability has been reported in SPIP, which can be exploited by malicious people to conduct SQL injection attacks. Two additional vulnerabilities with unknown impacts have also been reported.
7fddda19489d535b75f4499b4127fdc1d609073d789b649eddbc564a999b0f8c
Secunia Security Advisory - Some vulnerabilities have been reported in PHP-Fusion, which can be exploited by malicious people to conduct cross-site scripting attacks, and malicious people to conduct SQL injection attacks.
b96207480c0508272f82ee664e13926b941e2c857b9fb52349993a6c8ededca8
Secunia Security Advisory - siurek22 has discovered a vulnerability in ThePortal2, which can be exploited by malicious users to compromise a vulnerable system.
eaced42a4cdf5691918488068186b09d9f58efa7c434ab78ed4f843660c479cc