Yahoo! CD Player (YoPlyCd.dll) remote stack overflow exploit.
8a0d6e287e603a846eafe4d909f0383db7eaf2decf49a019977881ffd8347e27
Viscom Software Movie Player Pro SDK version 6.8 suffers from an Active-X related buffer overflow vulnerability.
b48017e490f339f4951f725955f191ca1b85f6c188585cca4420cb71403509bc
Mandriva Linux Security Advisory 2010-070 - Many security issues have been identified and fixed in Firefox. These range from various memory consumption issues to denial of service vulnerabilities. Since firefox-3.0.19 is the last 3.0.x release Mandriva opted to provide the latest 3.6.3 version for Mandriva Linux 2008.0/2009.0/2009.1/MES5/2010.0. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Additionally, some packages which require so, have been rebuilt and are being provided as updates. Packages for 2009.0 are provided due to the Extended Maintenance Program.
7a38196109ca581687357af57f2b35960ec088b6dde743dc49c6744fb1343a50
MIT krb5 Security Advisory 2010-004 - An authenticated remote attacker can crash the KDC by inducing the KDC to perform a double free. Under some circumstances on some platforms, this could also allow malicious code execution. Successfully inducing code execution by exploiting a double free is believed to be difficult, and no such exploits are known to exist for this vulnerability.
7b328a95b0feb5b66e3e8d9d97e9c430a50cbb70a4a9b3e5635ac7b96fad9238
DBSite w/b CMS suffers from a cross site scripting vulnerability.
f78a973b82eb796633f147fe31329328e732afe2cc33e1ba16d7cae689978298
Southern-Suzuki suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9b3fc373c8a3662278c1e849f5e910c2002c4dae191e31585194b7e06a743ba5
This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.2. EasyFTP fails to check input size when parsing 'CWD' commands, which allows for easy stack based buffer overflow exploitation. EasyFTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability. Later versions may vulnerable, but have not been tested. This exploit utilizes a small piece of code that I've referred to as 'fixRet'. This code allows us to inject of payload of ~500 bytes into a 264 byte buffer by 'fixing' the return address post-exploitation. See references for more information.
7f1bac3d002e1b38ff6a6cb8fac785dccf0e2feb7a142467790a9e2361f77931
Ubuntu Security Notice 929-2 - USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a regression when using irssi with SSL and an IRC proxy. This update fixes the problem. It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.
99d0cce56d85ec609fb48c47608c5524c74a66a18e583574b68e87ee2249a76e
29 bytes small chmod("/etc/shadow", 0777) shellcode.
c5fea9d9abb13284e14c422774840e98a7d4847ebc0c9b4ff64dc8ee8ccdccd9
e107 version 0.7.19 suffers from a cross site request forgery vulnerability.
27b520286f1e9a6ab8b67aed91a0b309ef5f8f525c0e206c4317a9df6f7f70b4
6 bytes small Linux/x86 fork() shellcode.
b8a211d7d9feeb591b92636544683ccac0866e04bc0aec93ad58bbfb95f42377
Acritum Femitter version 1.03 suffers from a directory traversal vulnerability.
cb8dab774dbd16f5f21e1e46e39fcc8cdcd435b629137c0a322feb43385199b1
Mongoose web server version 2.8 suffers from directory traversal vulnerabilities.
c06c9b8a1ab7b64e816927760a9223bd4869afbcc92a31ce1a6fbea862d0a4db
MultiThreaded HTTP Server version 1.1 suffers from a remote source disclosure vulnerability.
987bf6b3565122edfa3d483af245ea664523df3e3e0ad0363fc9b0178c19cb29
MultiThreaded HTTP Server version 1.1 suffers from a directory traversal vulnerability.
9dbf62deaca4914b270f6ad4441fc332589f96ae1e08adb1bc7d678f3824bff1
MusicBox version 3.3 remote SQL injection exploit that leverages genre_artists.php.
99c119fb7e2b1e2af0634299338cceeb0d9f2258659f76496c6ff2b39be74cd8
Linux write() & exit(0) shellcode generator with customizable text.
941fe544cf17011eedcc3db404085a0b37ca85f6ef8f773596185e95a1f9629c
This is a short and descriptive guide about various methods for exploiting local file inclusion vulnerabilities.
9795bf804107400fefe0f8fd5f52c5cbf31a5fc615ca209df91921cc5d9ea8e6
Secunia Security Advisory - A vulnerability has been discovered in the iNetLanka Multiple root component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.
45ae506991fd6744a0a0d9af417c6a90a9842cdeec9fcf342c500fef93b3741d
Secunia Security Advisory - A vulnerability has been reported in Cybozu Office and Cybozu dot Sales, which can be exploited by malicious people to bypass certain security restrictions.
7d5334f1d18fd187a4b7c56d38727e35504685c450b45609605694ceec09542b
SpeedCommander version 13.10 suffers from a memory corruption denial of service vulnerability. Exploit included.
ca3fcff87584ab42c2a2013194c68b8c234aabd62272a8f654f1f54713f24a0a
Mandriva Linux Security Advisory 2010-083 - lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.
cd6c32014e9614e16b6f7c4de36feb10809fa7b82d925ee152775e497ece6a8b
The Joomla Jnewspaper component suffers from a remote SQL injection vulnerability.
c00c6e54b879810eafd7685f8fa0899eb0892a8bc46c173b5b34b4fdb33191e4
Secunia Security Advisory - Two vulnerabilities have been discovered in the Online News Paper Manager component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
82c902434037de2c57f35cfd13051d6ecf62044e21482c3fe61e3bd2bc5c19ec
HP Operations Manager versions 7.5, 8.10 and 8.16 suffer from a remote stack overflow vulnerability. Exploit included.
f6dcb05657875a0c205848a9a614db696f308ed1f94ec31aa62d579c64f81ee0