Rayzz Photoz suffers from a remote shell upload vulnerability.
382cc41a22b7d66207f7cc50e5656e535e1a17724fcb951a364e7c7e2310258e
ArpON (Arp handler inspectiON) is a portable ARP handler. It detects and blocks all ARP poisoning/spoofing attacks with the Static Arp Inspection (SARPI) and Dynamic Arp Inspection (DARPI) approaches on switched/hubbed LAN with/without DHCP protocol.
2bd50d936e2028d62d4d9688c20e3c73638187531d013b7e027c652b1dc14ee6
SureThing CD Labeler .m3u / .pls unicode stack overflow proof of concept exploit.
aa13b35c3e9c5a5d370d4cbe2bdcaa8c6f66436d4e74ec8797e1c1715673df67
Hotel / Resort Site Script with OnLine Reservation System suffers from a remote SQL injection vulnerability.
bf42d49a0ec0e263a990787a924dfc29f3c7edc24af5deba130dd88e8966c3ac
Paessler PRTG Traffic Grapher version 6.2.1.945 suffers from a cross site scripting vulnerability.
9928e64f93990e4430c1392f78428745b7beef46d2ffe1131f889e1ac13a103d
Best Real Estate Script suffers from a remote SQL injection vulnerability.
836b8288543643d84c6ca9cd7259b2896a9d0c650f403337e93ebac4689170d6
Zero Day Initiative Advisory 10-100 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application duplicates event listeners in .svg documents. Upon creating an AnimateTransform object, the library will create a timer to handle the transformation and duplicate the object's event listener into Webkit's "shadow tree" of the image. Upon destruction of the shadow tree and the original tree, the application will destroy the Element containing the event listener twice. This can lead to code execution under the context of the application.
7d0809e72c60007e344db72c24187f922e778eaf606c4c95a6c3a5200e7911aa
Zero Day Initiative Advisory 10-099 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with how WebKit inserts error messages into documents utilizing the SVG namespace. Upon a parsing error the library will attempt to access an element before repairing the XML. This will cause the library to access uninitialized memory which can lead to code execution under the context of the application.
c20cb2abc01288159002fd8573e829bcf9ef476e30bf40c52bfb1c94e6ff04e6
Zero Day Initiative Advisory 10-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must visit a website or open a malicious document. The specific flaw exists within the way Webkit implements the 'first-letter' css style. If a container with the first-color style has it's contents replaced with a particular element, the library will create a dual reference of the style in order to apply to its contents. Later when the element is freed, the dangling reference will still be applied to the style. Upon navigating the document's styles for either repainting or style recalculation, the application will access the freed memory which can lead to code execution under the context of the application.
f007afa348d79d097ee6a70aaf89ab0017c258dea3b9d8b4a50830fb69915052
Zero Day Initiative Advisory 10-097 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must be coerced into visiting a malicious website. The specific flaw exists within the way Webkit inserts an element into an editable container. Immediately before the actual insertion the library will manipulate the contents of the field in order to insert the new node. Upon traversal of the tree by the library, the application will attempt to access an uninitialized element that was created prior to the insertion. Successful exploitation can lead to code execution under the context of the application.
63fe84bb7a608f3bd41748f56f6322d810453567f8aa4fcdc50e92769d177925
Zero Day Initiative Advisory 10-096 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the WebKit library handles recursively defined Use elements. Upon expanding the target of the use element within the tree, the application will create a dual-reference of a Use element. Upon page deconstruction the application will destroy the single reference and then attempt to destroy the second one that is currently occupying the recently freed memory. Successful exploitation can lead to code execution under the context of the application.
595b83060053efbb62ecec02378368332fc637e60bbcbfa576b4b80ab5ce27cf
Pre Web Host suffers from a remote SQL injection vulnerability.
4d258c05bccfc8021b020189e7800f73c6bc74f130fb2333f1e694d13da54aeb
Castripper version 2.50.70 .pls stack buffer overflow with DEP bypass exploit.
63f91da200ad01420a2dd356383697b73da42ae6b7788b473b6a33252406b0df
Apple Safari WebKit suffers from a HTML button use-after-free vulnerability.
f36dcd883ac6b8ae5841337712b2ab864df2d80bbd1ba2cf60dff0d5f9bd52b2
Mandriva Linux Security Advisory 2010-111 - Multiple vulnerabilities was discovered and fixed in glibc. The updated packages have been patched to correct these issues.
b67df34d081ca3c40a950f5fc06c07bbc5bc25a1e0a4984f6007c19901456d83
EMO Realty Manager suffers from a remote SQL injection vulnerability.
b50e55ce7fa206d6662b760fc7a7469b4320d34bbbcec31cdac55eec725f1180
Holiday Travel Portal suffers from a remote shell upload vulnerability.
206b1787088097e6f4e4d4c886a2bd2ddb4082b2dc9f7b91b27a4cf5bfe28f1b
Motorola SB5101 Hax0rware event reset remote overflow exploit.
532fb9884b7cc9cda3a400d902285594780f8388a8a9e422be8e5b934d9f7dfb
Motorola SB5101 Hax0rware Rajko HTTPd remote proof of concept denial of service exploit.
f11e4c8e042ceb2366c5e971c759cb7848d1150fcf836c96cb932f831a22d2e8
Zero Day Initiative Advisory 10-095 - This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way that Apple's Webkit handles the DOCUMENT_POSITION_DISCONNECTED attribute when a container is removed. This attribute is responsible for ensuring that a node is disconnected from it's container and is implementation specific regarding the order of each node. If the disconnected element is removed from a particular type of container, the next time the application attempts to reference that container, the application will access memory that has been free which can lead to code execution under the context of the application.
d9bdd0e4350682858ef5d04c4e0a7960393fc99fb82028448b9ce41f1926fe49
Zero Day Initiative Advisory 10-094 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must be coerced into viewing a website. The specific flaw exists within the way the library handles selections. If a particular element is selected by the application, an event can be triggered in order to interrupt execution handling a component of the selection. By modification of the elements contained in the selection by the interruption, an attacker can substitute contents of their own choosing in their place. This type switch can lead to code execution under the context of the application.
05da9f11778e7d70686cb92b4fae597e9a07cfcd9c5f6f7000e6bb97ae2b6573
Zero Day Initiative Advisory 10-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's support of character sets. If the IBM1147 character set is applied to a particular element and that element has a text transformation applied to it, the application will attempt to access an object that doesn't exist in order to perform the transformation. Successful exploitation will lead to code execution under the context of the web-browser.
b8a274bc834495fd445173568c8f4b064aaf5f3189cf90061c14a5f304501f2c
Zero Day Initiative Advisory 10-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apples Webkit. User interaction is required in that the user must coerced into visiting a website or opening a malicious document. The specific flaw exists within how the library removes a particular container element containing another element holding the contentEditable attribute. Upon removal of the container during a particular event, the library will traverse the tree and access the contentEditable element that was freed. This can lead to code execution under the context of the application.
cbeec2ee36d4519812f27d727c23bd06313077dcf47f7a611196a4f46f9399fd
Zero Day Initiative Advisory 10-091 - This vulnerability allows remote attackers to execute remote code on vulnerable installations of Apple Webkit. User interaction is required in that a target must be coerced into visiting a malicious page. The specific flaw exists within Webkit's process for destructing attribute objects via the removeChild method. If an attribute's child object is accessed after the attribute was removed from the document, an invalid pointer is referenced. This can be exploited by an attacker to execute remote code under the context of the user running the browser.
f4afa92d20e5763b95c6abf19991774d188549e0017aeb5a33c8eb1db271a7b8