Secunia Security Advisory - Russ McRee has discovered some vulnerabilities in DFD Cart, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
265a0aa0813f6095ad614868b03ee89cf9ce45ea9b206f61c4d634a49e0864cb
Secunia Security Advisory - Slackware has issued an update for openssl. This fixes some vulnerabilities, one of which has unknown impacts and others that can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).
78ced51aa28262b64942815dc3cd3ebc01e0f1179a2102673018609715c77424
Secunia Security Advisory - Some vulnerabilities have been reported in Apache HTTP Server, where one has unknown impacts and others can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service).
6ede5d5fcccbbc5c319d6b59b27fbd0092e32ca213cd906d08382168113717b9
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
6173ebb132981a6b9577f4c7fb9a2c6062201f118d17f69e3a0d67f623d50f1d
McAfee LinuxShield versions 1.5.1 and below remote code execution proof of concept exploit.
d06d6fd6943d8a9711649f4fed45d0ff2d2d71cd45f67c4676a3b007c669a219
McAfee LinuxShield suffers from remote and local code execution vulnerabilities. Versions 1.5.1 and below are affected.
6f765889b50a212dd66271f122872290dfb10b802d0b2b02035f85f140f0fa95
Zero Day Initiative Advisory 10-024 - This vulnerability allows remote attackers to deny services on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NDS daemon's SOAP service. When a malformed request is made to the novell.embox.connmgr.serverinfo SOAP action, the daemon makes an illegal reference thereby resulting in a denial of service.
9e8481ec0fa8aa02fc1a3e88f79a85d0e72d57686f7a41a8078b50e00a3b6942
Debian Linux Security Advisory 2006-1 - Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users database server.
704c320f7d43b84e5df70a4b83e40163de1691ddd6dbd158d2607111d35e2b0e
WebRaider is a proof of concept quality tool to get a reverse shell out of SQL injection (MS-SQL) by using One Click Ownage.
745e39d9782621659e4b684fd301e6cd6374a5d4ec94298eadb8e858bdd7080d
Mandriva Linux Security Advisory 2010-053 - mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
501dd74cf2121c19e60067a5829a581690c9cfb911714c4ed201ebe510c83907
ProSSHD version 1.2 buffer overflow exploit with reverse shell shellcode.
984f787b1145abbe84a155bef9ca0d64f8657ddad2c80e451bd2410edaf06144
Uploadify Sample Collection suffers from a shell upload vulnerability.
34c444919293fb7a8c83e6704ea3144264fddacad37359397f1c4f7648d11742
PHP Advanced Transfer Manager version 1.10 suffers from a shell upload vulnerability.
9742ad4352fb10741d428c7610af1a4837e8e113cacb1c5599720134b5faa209
iDefense Security Advisory 03.02.10 - Remote exploitation of a stack-based buffer overflow vulnerability in IBM Corp.'s Lotus Domino Web Access ActiveX control could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerable function takes an attacker-controlled URL, and copies it into a fixed-size stack buffer. No validation checks are performed on the length of the URL. By passing in a long URL string, it is possible to trigger a stack-based buffer overflow, resulting in the execution of arbitrary code.
d7bb11918744f40858388713a6cadb9a010141307cf776efd3f5a90a2856dc85
The Sparta Systems TrackWise TeamAccess module suffers from a cross site scripting vulnerability.
52aeca03b84206b3c2b015722e3fbbb96730fc996397f673d8eb9f960cfe130d
1024 CMS version 2.1.1 suffers from a remote blind SQL injection vulnerability.
9724c67e794c2377a5432c37ce4f57b88f8f80cfd1498dc8df827028799be722
My Little Forum suffers from a remote SQL injection vulnerability.
8acf7a206d4d605e6b4bd19b5c2dd8879545c1b06c933ab2e1464a82b71f1ddb
CYBSEC Security Advisory - The help section in IBM Lotus Domino version 7.0.2 suffers from a reflected cross site scripting vulnerability.
72903ba509e00eb29db00ca12641bb82767735d334ecdb962b8f56a08b2128d6
osCSS version 1.2.1 suffers from a backup disclosure vulnerability.
3ad547824fa1b00b3925e2f0bb98e2db0fee7c0adf95e43500d60933753fef7b
Al Sat Scripti suffers from a database disclosure vulnerability.
158705745a8c0c56b62e527904c3b8161c7df6bb396096802755afb67be05cc8
Opera plenitude string crash exploit.
589bbfe26a6f9424f7d48ca61f77d3d2386707520e5a5d6228440b8d0cb73bec
Mozilla Firefox version 3.6 plenitude string crash exploit.
514f458faede34b4232dc4469ae12e56221e370427f68669c2a3688d3e93397d
Eshbel Priority MarketGate module suffers from a cross site scripting vulnerability.
ba1eb4771be17163701c33bc9cd1834c5df42518f2f7cfe06aaa3c6efd2d9e92
This Metasploit module exploits a buffer overflow in BaoFeng's Storm media Player ActiveX control. Versions of mps.dll including 3.9.4.27 and lower are affected. When passing an overly long string to the method "OnBeforeVideoDownload" an attacker can execute arbitrary code.
95ff9a57dc2d4014a3f0da453c07931f721900ab235ae3a9985a5dcf89bff4dc
This Metasploit module exploits a code execution vulnerability that occurs when a user presses F1 on MessageBox originated from VBscript within a web page. When the user hits F1, the MessageBox help functionality will attempt to load and use a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server. This particular version of the exploit implements a WebDAV server that will serve HLP file as well as a payload EXE. During testing warnings about the payload EXE being unsigned were witnessed. A future version of this module might use other methods that do not create such a warning.
f83f40fb588e34999fbe38619333368187e38c873789888c011448074585069e