Ger Versluis 2000 version 5.5 24 suffers from a remote SQL injection vulnerability in SITE_fiche.php.
f1bd591c48448148fd348f7f0227644059f1c2c6a4306824267783b2e6a8d331
Battle Blog version 1.25 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
faaa6c0707364c1b20aec7895084419f30188ae1662bbdfefe1345f0773ca028
Super Simple Blog Script version 2.5.4 suffers from a remote SQL injection vulnerability.
2eaf78f0259db4226e81b5847645bc8773165a6abee749b4d5675396c8055510
AJOX Poll suffers from an authentication bypass vulnerability.
468b81bb47c7541464a43fee4a02f03bcd6be3130560edff0cb36970890793b7
This paper describes a practical attack against the protocol used by SAP for client server communication. The purpose of this paper is to clarify the fact that the protocol does not sufficiently protect sensitive information like user names and passwords.
f6435814e3afad6ebb4262a9c614cacd418277717cf925da94343a17ae06aa57
Gentoo Linux Security Advisory GLSA 200907-14 - A directory traversal vulnerability in Rasterbar libtorrent might allow a remote attacker to overwrite arbitrary files. census reported a directory traversal vulnerability in src/torrent_info.cpp that can be triggered via .torrent files. Versions less than 0.13-r1 are affected.
2e799ebd355637e542c267e8331df9e50b6992123a5c166740bf71f8ea5e2b8e
Super Simple Blog Script version 2.5.4 suffers from a local file inclusion vulnerability.
366768ae70b606de0d7bb00223af59b1fc919d438c466bf9f3b0ee254fcbc30d
PHPLive versions 3.2.1 and 3.2.2 suffer from a remote blind SQL injection vulnerability.
19f6ac6b2c16407931d51161f7b1340078dfbd0f6f21782112ec19793cd93b2c
VS Panel version 7.5.5 suffers from a remote SQL injection vulnerability.
7839ca6fc4dba932d7af30ad329307b23f38f2a2d632705ad899c57b60423e56
Linux 2.6.30+/SELinux/RHEL5 local root exploit. Works on both 32bit and 64bit kernels.
3709a659201e1e4914bcbd137c9f08224a39b712f0e57cf22a9cbec5957de619
Ubuntu Security Notice USN-804-1 - Tavis Ormandy and Yorick Koster discovered that PulseAudio did not safely re-execute itself. A local attacker could exploit this to gain root privileges.
b8beb3fe604ec782db3bd384c85199c455906f54b4b92e94931ef02d23954d69
American Airlines' sites suffer from a local file inclusion vulnerability. The author was ignored when contacting them so this is being published.
fda78076c0e5b1cc9ca87be6898c56ce10b32556cded3690d40d24dba883f27e
ZenPhoto Gallery version 1.2.5 administrator password reset exploit using cross site request forgery.
1a2d15c4041d20cefe60ca298054f060cd86c3a57e3568f9c13a0d676329c67b
Oracle BEA Weblogic version 10.3 suffers from a cross site scripting vulnerability.
9a650695810614f4973ffb7f573662e9896423657f31d2bd9a505ef52184447a
Oracle Secure Enterprise Search (SES) version 10.1.8.2.0 suffers from a cross site scripting vulnerability.
94834e7f4609e3dadfba3ea1aae38f276c43166e3d130a1e1273d767615609e3
Android, an open source mobile phone platform, improperly checks permissions when applications access the camera and audio resources. All 1.5 GRBxx versions are affected.
4b7c6f448acecc2ccbd344ea7c61afdac0b498f3432e5044a92d1cb41fd80890
WebLeague version 2.2.0 remote SQL injection exploit that performs authentication bypass.
56b80450b2e49f96bb4663e79307fcd502f54b0769bdafc927f32604532ca8de
WebLeague version 2.2.0 remote change password exploit that leverages install.php.
3fb5da098010897a942a82ef5b38853ffffb816299b2b2dcd1eaab4ba881e30f
WebLeague version 2.2.0 suffers from a remote SQL injection vulnerability in profile.php.
31375ea467033249c5fefe4dcfc75e0793b59e42aba3f44914bbbb9f5d6ebb4b
Infinity versions 2.0.5 and below arbitrary create administrator exploit.
1474e48bd198bb26943a78a4ab23baca7ad396e18632ca7d374d013fcce3e1b5
Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python.
a2dd70511dc23d8b1a5e3c9c0c58ad172b1d2b69b541733b29c44ff752626bbe
Gentoo Linux Security Advisory GLSA 200907-13 - A vulnerability in PulseAudio may allow a local user to execute code with escalated privileges. Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster. Versions less than 0.9.9-r54 are affected.
0845b919b201ac150850dea798592c3e2d37064dc4f6d888379d713a2eda6d3d
Debian Security Advisory 1836-1 - Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code.
8aca73d4db5e9a83ca752db9f342ac157518676f56efb95cb2c291cfe066ef03
OnePound Shop version 1.x suffers from blind SQL injection and cross site scripting vulnerabilities.
f02ec4164088a06aa297e0f32460d74139b7180ff68c5f86d50a6be94eea8f03
Audio Editor Pro version 2.91 suffers from a memory corruption vulnerability.
64622995076d75dbace9f66f378ed9f87ac2c88ce07f202f1987657ee9ec774e