Onapsis Security Advisory - The Message-Driven Bean Example application in the SAP J2EE Engine suffers from a path traversal vulnerability, which may enable remote attackers to access sensitive files in the server filesystem.
56c2759f5a5395466ea0430458e765fc8c5964df18ac2d688fd40e06ead19690
Onapsis Security Advisory - The Authentication mechanism of the SAP J2EE Engine (which is shared by the Enterprise Portal and other solutions) suffers from a phishing vector vulnerability, which may allow a remote attacker to perform different attacks to the organization's SAP users.
1cb2ce7956efa6260341088406256bfdfee382787854d2d01097084af316806b
Onapsis Security Advisory - SAP WebDynPro suffers from a cross site scripting vulnerability.
9d48719f814da197b6bccfd0a7fd3e0631c617593a3bd21587145058a1d90bbf
Radasm local buffer overflow proof of concept exploit that creates a malicious .rap file.
e4c3d722260b66655d90ed7d614dfaa7b189d85b1dcbad2eac228e1811f84483
Cisco Collaboration Server 5 suffers from cross site scripting and source code disclosure vulnerabilities.
d147352c5323a808713a580b492c711f95ae0827dd27940e43e6d98790b13d57
X-Cart Pro version 4.0.13 suffers from a remote SQL injection vulnerability.
f2f9df02ca4d04d0c057e02c779a5c1e1f690fca242a3f57ce3cbc95cc53ac61
Mandriva Linux Security Advisory 2010-035 - This updates provides a new OpenOffice.org version 3.1.1. It provides various security and bug fixes.
15452c2e00718b55e66bf276cc3026e3e54a4cf7060996539f34030036aab8a2
PHP versions 5.2.12 and 5.3.1 suffer from session.save_path safe_mode and open_basedir bypass vulnerabilities.
7dcc838a841856b83315acd73fc8696e95d01d8f2039a17682da581d5a38446a
Omnidocs suffers from a remote SQL injection vulnerability.
b30334ba3e777caf602ae3b41f15638fb89bde06059cf6202df728339db15e56
The Nikiara Fraud Management System suffers from a cross site scripting vulnerability.
a879d89dd457a400639f1f20988e549522696f05b6083abf4da8ac640fdfd2e5
Whitepaper called Exploiting PL/SQL Injection With Only CREATE SESSION Privileges In Oracle 11g.
31157f3cb6f553cf34b6e768826f981a7cca2b5b1cc22b2d008070e67dfeea5a
Whitepaper called Hacking Aurora In Oracle 11g.
0feb80641a5561dcb72d5ac33a246623657479f00c1457155b7e072996ee1aa7
Core Impact version 7.5 denial of service exploit.
09c07a36e9c1b3e69eb3c90d9044cb0b2ccdb6eed9810e9b1f16ae6c4e103a6a
Whitepaper called Phishing on XSS way. Written in Arabic.
9bfa857c10578300a3d0e90b32f3dca05d735640854f0caeb3fa3174acf7d6f1
WSH is a very tiny PHP script backdoor with a python client that implements functionality to download and upload files and provides an interactive shell.
1aa3bc57e09a913a0676c75b4255e479584d5a6ea3100fc434e851193aedce0b
Keimpx is a tool to check the usefulness of credentials across a network over SMB.
cb076ae0382c319ba7868b91e0b87f391f2c0860288321aed4da9e0b1ffb4a76
Debian Linux Security Advisory 1993-1 - It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise input data that is used on SQL queries, which might be used to inject arbitrary SQL to, for example, escalate privileges on a system that uses otrs2.
2d22a2f366d7eef4bd12a512745d5154ebcf506247153d301e137ef70bf6989b
Radasm universal local buffer overflow exploit that creates a malicious .rap file.
64ddd4c64ca6294e0dbb0ba6095908bca0f48abd25b104034b4f03c83a0fab9e
This Metasploit module exploits a vulnerability in the data binding feature of Internet Explorer. In order to execute code reliably, this module uses the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. This method is used to create a fake vtable at a known location with all methods pointing to our payload. Since the .text segment of the .NET DLL is non-writable, a prefixed code stub is used to copy the payload into a new memory segment and continue execution from there.
c7921d15e333daf28b7fef1fddc614a29a08d3a01e4604616b9e695146f13c61
This Metasploit module exploits a command injection vulnerability in PeaZip. All versions prior to 2.6.2 are suspected vulnerable. Testing was conducted with version 2.6.1 on Windows. In order for the command to be executed, an attacker must convince someone to open a specially crafted zip file with PeaZip, and access the specially file via double-clicking it. By doing so, an attacker can execute arbitrary commands as the victim user.
707e4841498bdac3329fa0f7e22bc3d0c9b9a42bba87d345bc291f263c5a5231
Whitepaper called Right To Left Override Unicode Can Be Used In Multiple Spoofing Cases. English version.
0233ec76b184dcfa9bd6cd2763e44fec5a71f08000fb6d6526e2fcdd4fc0d97b