Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.
144d89e555b859344c96a178d2e801d84b6fd6e8093a73373959bb3e613f6d3b
The Joomla Noticia component suffers from a cross site scripting vulnerability.
999004b8fcfb25c02147ab0218b9407025331872c9b2ac10fef79b402b7e105c
Mandriva Linux Security Advisory 2009-345 - The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack. This update provides a fix for this vulnerability.
19f470ee17791ac109a1255ca226370d567f85e36fde4a87dae2c59dcd792426
eStore version 1.0.2 suffers from a remote SQL injection vulnerability.
fff03c16dc9b0141b52c4f35e247a2d7e65ff4f1e46867aed868a03aee54b0cb
Mandriva Linux Security Advisory 2009-146 - Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit.
7d4cf5f5853a965d4cb5684b8a5cd31bb2f6df434ea4e84c2a8c04a5925e5280
Quick Player version 1.2 unicode buffer overflow exploit that creates a malicious .m3u file and binds a shell to port 4444.
2644115892e7617f45b3af34bbca173e85cb216c51a8666c991785577ba5af9f
Mini-Stream Ripper version 3.0.1.1 universal buffer overflow exploit. Written in Python.
fe18ecda779763101c96667165f5b3ff90dd51da4847cb5a88196f64e89f558b
Soritong version 1.0 universal buffer overflow exploit. Written in Python.
fb1f6b6dd51b3b99f911a7bde8d3340607b5b540c67bd3bb4c4a8342e7f7faa7
This exploit is a simple malicious file creator that will help the users to create jpg images with metasploit shellcode. The file created must be browsed and then a shell will be bound to tcp/31337.
3951e4d38ce2fbd2a74fe1c2298d117fcdff1053e5434ddda7f24fd0890d02b5
BigAnt Server version 2.52 SEH overflow exploit that binds a shell to port 4444.
b77adcc621ad15f1ab95c3ee91f3eaa526a5f33005c6ce85504b8e740b7e4f89
Mandriva Linux Security Advisory 2009-189 - SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for unspecified input. This update provides fixes for this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
317773726398782e7f4264dc97c5b1722f8601814a2f8ced01acc6edfe1030a1
23 bytes small Win32/XP SP2 (EN + AR) cmd.exe shellcode.
03a66fa62d8143703c139e3ea3cacafd2402f6bde842533736d9c1d3416059d1
Mini-Stream Ripper versions 3.0.1.1 and below local universal buffer overflow exploit that creates a malicious .pls file.
263b75cac2b3b8c44601fecaf6ac77ec606e586a9e6a9caa4c5ebf44c3aabbe2
Mini-Stream buffer overflow exploit that creates a malicious .pls file.
ced73ba9c1d02b9f9366aa17c0311aefce09dd31876e61f25fbe2192fded9451
M.J.M. Quick Player version 1.2 stack buffer overflow exploit that creates a malicious .m3u file.
85d1dfa1e061e767ced38cff60f6e57cc0f9f53e044e47d7c5d19097a437a8bb
MIT krb5 Security Advisory 2009-003 - A null pointer dereference can occur in an error condition in the KDC cross-realm referral processing code in MIT krb5-1.7. This can cause the KDC to crash. This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol.
492697d164ff8839715b475976bfa5ce3d9f4e7467ed101685ba6316dbd549a1
This code was released to mitigate the Microsoft IIS semi-colon vulnerability. It's intended for IIS 4.0, 5.x, and 6.0.
258979f3104b310429262a5ee76831642e3256b938d895463e1848938fa31d00
Mandriva Linux Security Advisory 2009-344 - Heap-based buffer overflow in the DBD::Pg module for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for these vulnerabilities.
a463c62713330f38a115bd343b5b7308c9d6b0617aa8908f335b48f18dd7ef6e
Sunbyte e-Flower suffers from a remote SQL injection vulnerability.
a474d4af33977175c243d7411e2894fcb147d0888451a308a9c9ece997aa4376
Mandriva Linux Security Advisory 2009-244 - Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. This update provides a solution to this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
e86ce2890fe703719128ff05880d8f431bb0ce9ada6da393046a78c514e14ab3
The Joomla If Nexus component suffers from a local file inclusion vulnerability.
e3d658354d5941fc56169833db8e64866ee5d3fe642a5f0e2c893a0d3600efd2
Joomla version 1.5.x suffers from a local file inclusion vulnerability in index.php.
cdbeee8109124d4a304c782f1b6dc5ca2551180432a91e3b175d460cd9d70003
Debian Linux Security Advisory 1957-1 - It was discovered that aria2, a high speed download utility, is prone to a buffer overflow in the DHT routing code, which might lead to the execution of arbitrary code.
5391543f064f2428f6fc00cb15ada4d317f03d96a2ebdd6cf69e0e5f713a34b8
Yonja suffers from a remote shell upload vulnerability.
b3b63a750b7f539e0dfa19314584f3b681c0ca253ca4a9cfb6ff3c1a90b368bd
Calendar Express version 2.0 suffers from a remote SQL injection vulnerability.
be278c384d2d3f0342a841a4f2385baf72e24d8a1383a51e916a603bd2506405