Multi Website version 1.5 suffers from a cross site scripting vulnerability.
a5e6824c181db59e45207fcc21fa480eb67b37db6008fb033a053094361a36e4
Debian Security Advisory 1850-1 - Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug.
81fb930ff96e23d185d8dbaabb5f114ab92989bfd83a85581dbbf7cb9e4a1f7c
OpenNews version 1.0 suffers from SQL injection and command execution vulnerabilities.
69928830aa3899fc302a0071d63fd2b94c20bc604a0fd1bb2b1f14fb8feae246
This is the web UI for the Xplico network forensic analysis tool.
bc90beb54356bd5dc7ed1b1e5d00b6228776e240a62feab26eaf073ff4dd778c
Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
0a3af6d2072476f7a6ebb7cbbf8f2c9a549d43bf4f2629909d37a1776ad823ba
Aftablog suffers from a cross site scripting vulnerability.
5375a26e337cc8e3276e33b3fb51a6edbc1c3561c4880227957d7a9fbcc52d8e
HP Security Bulletin - Potential security vulnerabilities have been identified with HP Serviceguard Manager B8325BA (Stand alone). These vulnerabilities can be exploited remotely to allow execution of arbitrary code and to create a Denial of Service (DoS).
f6d04ff6fcc7ab31c8f7311d599408d1f779e76c5ffe7712a160db23439cc987
Perl$shop E-Commerce Script suffers from an input parameter injection vulnerability.
b0b105f5c579241f90cdc06fa32430cdd7d657ac7d0f7583b6a3099571901b8c
Fiked is a fake IKE daemon that supports just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi-MitM attack. Basically, knowing the pre-shared key, also known as shared secret or group password, the VPN gateway can be impersonated in IKE phase 1, in order to learn XAUTH user credentials in phase 2. The configuration supported by fiked is IKE aggressive mode using pre-shared keys and XAUTH. Supported algorithms are DES, 3DES, AES128, AES192, AES256, MD5, SHA1, and DH groups 1, 2, and 5. Main mode is not supported.
94badfbb545c4f0f4092a937d20a277a5854093417fd93f61c92b4bdea3f03fa
elgg versions 1.5 and below suffer fro a local file inclusion vulnerability.
dc52921cd87d251005156724a5644a59e707f684921d2a4f1e1c88b46ed0b7bc
Payment Processor Script suffers from a blind SQL injection vulnerability.
342f36838608f75caaa04e9e22409cab51e067306991cf42776ec7ef7eece83a
MAXcms version 3.11.20b suffers from remote file inclusion and file disclosure vulnerabilities.
5177336ed8b1b5c1810bbd8e64148b1569d23eae3500f713ff2aef57c25114f0
Blink Blog suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9273d24b63f5363595b57eac4ff67279e1c11f9c54a06bb6cee40678a70ff07a
Discloser version 0.0.4-rc2 suffers from a remote SQL injection vulnerability.
e6b7ca675f005a5bf1e926c4721a2b2383a5762f040fd409538d8f8052e561da
Uploaderr remote arbitrary file upload exploit.
8938105dc52c4f3ed77632d06840917ac648d83ac2384c95e4749d61ee928890
Asterisk Project Security Advisory - An attacker can cause Asterisk to crash remotely by sending malformed RTP text frames. While the attacker can cause Asterisk to crash, he cannot execute arbitrary remote code with this exploit.
7cdb743f4d11e06fb523803f2e6f40f3d378378fd8b9554a26d5efcd6ce48db9
Mandriva Linux Security Advisory 2009-191 - Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information. The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. Buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. This update provides fixes for these vulnerabilities.
dfedef316c0434e4da68e94dd8b4edea8b9272dd21d5404ff868ca260697963e
Arab Portal versions 2.2 and below suffer from a local file inclusion vulnerability in mod.php.
e7d75ccb6f37aba8588c85f27a2b861477b4601c0d7ab215a2830b2b788bb367
Multi Website version 1.5 suffers from a remote SQL injection vulnerability.
87392b984b905648dbd1c969323446248e35b5092f3c4c0835887e5d0dd05612
Questions Answered version 1.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
14b7d3f7cdae6bf364f020117f75ccb65aa8e5915b3c3128576ec72ed3f98348
ProjectButler version 1.5.0 suffers from a remote file inclusion vulnerability in pda_projects.php.
de34fee8a7ea21c1d0e368e62b352c9fa113f03285bf432a69b2a27fdcdb208f
Mandriva Linux Security Advisory 2009-190 - Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information. The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. This update provides fixes for these vulnerabilities.
9fba3f9b676ff2bfb13c7bd429624b68128af6b7dba38ab4df821402a9de46dc
Serveez versions 0.1.7 and below remote buffer overflow proof of concept exploit.
2c7482454cb13cd0ff6733500bdebdee4f6eac46cd907c0579dd13fc4792029e