Comersus Shopping Cart versions 6 and below remote user password exploit.
85811285b1b4093109d8e4e05f1be5765126afdb74df6e742c9f6c53bb7dd482
The Netgear WG102 has the SNMP write community (password) accessible in cleartext via the MIB which is readable via the SNMP read community.
3c51a78420a0df8febc79c022317d8f0c0dc20bcc300e24c5d2b80e393e67407
Amarok contains several integer overflows and unchecked allocation vulnerabilities while parsing malformed audible digital audio files. The vulnerabilities may be exploited by a (remote) attacker to execute arbitrary code in the context of Amarok.
b94ef4ce7d1b2e477a85e81fe7d6abeaf756a2d58b5544818985f2c20cb90bb6
Sun Solaris suffers from an aio_suspend() kernel integer overflow vulnerability.
cf4e53dd00147f6634c2f3e122968aec17988d62f758b49a1e1ca73472516ca8
BKWorks ProPHP version 0.50b1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
b6bbb0e66ae2e75ec0215b724b061c743b547b2f5011beb78fdfca6831296b80
Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc.
2c7281e26af9f4375f1fba80d772b37b730c87d38141e6995bc2ead45f2ef103
Gentoo Linux Security Advisory GLSA 200901-06 - A buffer overflow vulnerability has been discovered in Tremulous. It has been reported that Tremulous includes a vulnerable version of the ioQuake3 engine (GLSA 200605-12, CVE-2006-2236). Versions less than 1.1.0-r2 are affected.
283ce7d4a6859f05b0f7055117edc77e5200ad422ef1eb33032e181fc0156290
Gentoo Linux Security Advisory GLSA 200901-05 - Multiple buffer overflows have been discovered in Streamripper, allowing for user-assisted execution of arbitrary code. Stefan Cornelius from Secunia Research reported multiple buffer overflows in the http_parse_sc_header(), http_get_pls() and http_get_m3u() functions in lib/http.c when parsing overly long HTTP headers, or pls and m3u playlists with overly long entries. Versions less than 1.64.0 are affected.
06710cdf85609b49b9e02c8b791e5ed9458ce96767d0fc3900a9ba20f466791e
Gentoo Linux Security Advisory GLSA 200901-04 - An error condition can cause D-Bus to crash. schelte reported that the dbus_signature_validate() function can trigger a failed assertion when processing a message containing a malformed signature. Versions less than 1.2.3-r1 are affected.
e86dda15dbd223756769eb5a6cb0db3ff174fdfad0f95fb3aed50a8d3969a8c4
Gentoo Linux Security Advisory GLSA 200901-03 - Two errors in pdnsd allow for Denial of Service and cache poisoning. Versions less than 1.2.7 are affected.
4b5ce9962aef3dfe259bf205679bc9936d66a6ddc9dacad36e520a30b4d74ece
Gentoo Linux Security Advisory GLSA 200901-02 - Multiple vulnerabilities in JHead might lead to the execution of arbitrary code or data loss. Versions less than 2.84-r1 are affected.
69352640345ae81ab7981ab3b11c54588fc1cefd02630aad6d89b1768afc9683
Gentoo Linux Security Advisory GLSA 200901-01 - Multiple buffer overflows might lead to remote execution of arbitrary code with root privileges. Anders Kaseorg reported multiple buffer overflows related to long ESSIDs. Versions less than 1.53-r1 are affected.
87b26f86c4dbef558e268f86b44703fd0b09ecee788d360dbf8898c733914faf
Fast Guest Book suffers from a remote SQL injection vulnerability that allows for authentication bypass.
14c3690ed933bc52831e5ab1f0ff2a9092eea09d9f5ec96d3a9f52e6c125b408
Weight Loss Recipe Book versions 3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
78b9d5e916666145255e4d539942673293977d62dfe3c79de13e8b3593f33e4b
DZcms version 3.1 suffers from a remote SQL injection vulnerability in products.php.
3625a663d32f09d2bbaeb82eb5bf7087c73519bd5a02e5b64a62410ad0443e82
Debian Security Advisory 1700-1 - It was discovered that Lasso, a library for Liberty Alliance and SAML protocols performs incorrect validation of the return value of OpenSSL's DSA_verify() function.
48e98cae2f44369a048191e19c766e168a60c960f19a7195602408e8f45b9e5f
Debian Security Advisory 1699-1 - An array index error in zaptel, a set of drivers for telephony hardware, could allow users to crash the system or escalate their privileges by overwriting kernel memory.
41809d3fbd0f8ef9ec0b5f913140c8648d4d4ef0f00416c132443f96bf9575bd
fttss versions 2.0 and below suffer from a remote command execution vulnerability.
f9dceb86f7d799e014489962bfe0f7f4d9c1b8bcd5b27aa4bed6d2986270c8dd
Social Engine suffers from a remote SQL injection vulnerability in browse_classifieds.php.
df900bc6ceba5c468fe4b4a16a21fc2e62a64a2c8620a293c827ded68872628b
Proof of concept code that causes Apache version 2.2.11 to crash when leveraging a buffer overflow found in popen from PHP version 5.2.8.
69cd17b5829ffa6527992c1503dcd45d99c32941edab0451a004965ef6fad5fc
The PHP-Fusion module the_kroax suffers from a remote SQL injection vulnerability.
52126f916308a0ef7fd3781c9acdbcc830556847649522a62aef59dd1e0dca06
phpMDJ versions 1.0.3 and below remote blind SQL injection exploit.
71043bfd3e8f83fc8a1b7f4929e7c082135abd42023ca0557440c555c3e2a6f6
Mandriva Linux Security Advisory 2009-005 - A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into displaying a malicious text file containing a specially crafted escape sequence via the more command in xterm. The updated packages have been patched to prevent this.
2493748ea4d2a9b36180e68cee133d311ce65680b96da22fdf380057be4be1d0
Mandriva Linux Security Advisory 2009-004 - passwdehd script in pam_mount would allow local users to overwrite arbitrary files via a symlink attack on a temporary file. The updated packages have been patched to prevent this.
995db9d8e704d137acc94adf36b40d3c21069603dadd49461a20f850d20d6687
Mandriva Linux Security Advisory 2009-003 - Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow. Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. The updated Python packages have been patched to correct these issues.
28d63a5f76ce1c5a97ac6618dfcd9bf320b89e89ddb038a765988adc6e0b6471