Publimark is a command line tool to secretly embed text in an audio file. Like cryptography, it uses a pair of keys: the public one can be shared, whereas the private one must be kept secret. Anybody can send a steganographic message, but only the private key owner will be able read it. Marked audio files are still playable.
17577d506ae0ca6f3d1114800cf84b173cf629dc1d1c8991e832a2f18c695054
NinkoBB version 1.35RC5 suffers from a cross site scripting vulnerability.
5f17224c535b3e365f37fcaaef25df946cebc430ee5f7e8408c5691d819be76d
Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the VP6 codec (vp6.w5s) when parsing VP6 video content. This can be exploited to cause a heap-based buffer overflow via a specially crafted media file or stream. Successful exploitation may allow execution of arbitrary code. Version 5.581 is affected.
589a067f3f1289bab05e944bfaf2f2cc31e132d0938bcb4b2965adc396c3972b
Zero Day Initiative Advisory 10-224 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'SummaryReportGroup' an attacker can force the server to load the SummaryReportGroup.lgx definition file. This file contains multiple SQL injections within the following parameters: 'selclause', 'whereTrendTimeClause', 'TrendTypeForReport', 'whereProtocolClause' and 'groupClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
5afe335679de5f033e5e0a1a662607fc21b3e926d2aee1e4691d33b4ad33c86e
Oracle BI Publisher suffers from a HTTP response splitting vulnerability.
a16b4a5d2e42764c015a89ca8d14b3e7d1594fc9ccef544177abbde6f3759df3
phpLiterAdmin version 1.0 RC1 suffers from an authentication bypass vulnerability.
f1d430adf9f4a44baf102108163205360dc773aafc1aa7a2ae8eeecd65e8d038
HP Security Bulletin HPSBMI02582 SSRT100269 - A potential security vulnerability has been identified with the webOS camera application. This vulnerability could be exploited by a local user on the device to overwrite arbitrary files on the filesystem. Revision 1 of this advisory.
857b99783d1e2835a7b00bc42db477b3536fb55b576566b755a1f166bd5bc70d
Alstrasoft E-Friends version 4.96 suffers from local file inclusion, shell upload and remote SQL injection vulnerabilities.
3f7c78cec9a527c7d099e788ad41efa89efbd352edf3f4d1674bf8a4003f378f
MyBB version 1.6 suffers from a path disclosure vulnerability.
fb61889e93832fed75b7cd0efb437c32d5e0103f8c4933dfeab205d1b680e937
DZCP version 1.5.4 suffers from a local file inclusion vulnerability.
6b96d2bb7ae63af23c43a5f8f2a0228c43841ab939560ff58c6915d3a55a4798
Zero Day Initiative Advisory 10-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx and rdPage.aspx pages which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'LoggedInUsers' an attacker can force the server to load the LoggedInUSers.lgx definition file. This file contains multiple SQL injections within the following parameters: 'loginTimeStamp', 'dbo', 'dateDiffParam' and 'whereClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
ceb74fd58c461aa0e284d9ade21196015768b8397e112aefb567c5900c3a68a9
Zero Day Initiative Advisory 10-222 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the default web server port. This page does not properly filter the arguments to the following parameters: 'selclause', 'whereTrendTimeClause', 'TrendTypeForReport', 'whereProtocolClause' and 'groupClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
68f2d97d3e125f5189468d6de7f56e3cb443df79990296aa6526bb203d2d6aef
HP Security Bulletin HPSBMI02580 SSRT100254 - A potential security vulnerability has been identified with a Palm webOS service API. This vulnerability could be exploited by a local user on the device, who already has gained the ability to issue privileged webOS service calls, to execute arbitrary code. Revision 1 of this advisory.
1d17140c3eb6cc1162e5f385abb54a47406a923d9865f2affbf057a7c421b2a9
HP Security Bulletin HPSBMI02573 SSRT100227 - A potential security vulnerability has been identified with Palm webOS Doc Viewer. This vulnerability could be exploited to execute arbitrary code. Revision 1 of this advisory.
dae51172ad538f02153983ec359d699ad737fa8188afd60db9044a70da13a9aa
ACC IMoveis version 4.0 suffers from a remote SQL injection vulnerability.
a5a8363e5190c06712687d4aacd8f94a10f0c2f4834c62d7fd7a214f6f579ef3
ARM shellcode that will bind to port 68 on any local address and plug a UDP shell onto port 67 on 192.168.0.1.
ea55946f1d2135c2f64a2b75dd4d650fe47934b1e2ddaf8df4468700d0dc0010
ARM shellcode that binds a shell to port 0x1337 on any local address and waits for a connection.
221ed20bbd37d60e3897a978ea438c38acd1ee8dfc4ca56f72ee0c746f8870da
Firefox Interleaving document.write and appendChild denial of service exploit.
a43b05010abfc8a21721223d7f181abcebccf2f3c2f17bf1541dcc9a4be55167
DATAC RealWin SCADA version 1.06 buffer overflow exploit.
6818f87a91e009b671fe428a53fdce95774746ae0a3c4d078f33d078501fe807
Novaboard version 1.1.4 suffers from a local file inclusion vulnerability.
ad3152110254e0c465425d7ab2b2b398133f8bc85097d5989f37953b09687241
BloofoxCMS version 0.3.5 suffers from information disclosure vulnerabilities.
410e3d2d80986f2be076e0dc21d60c5d985769e1bb60a9e8999032bfd54e7fb3
BlogBird suffers from multiple cross site scripting vulnerabilities.
69687c4161f06f9b0c5cabc45b8632182d0c7ca95f0dd7a229b4717c7999fb1c
Zomplog version 3.9 suffers from cross site request forgery and cross site scripting vulnerabilities.
5c5fd1b8bbc0a9423a14d73f6c6032b11eaf728c85485b9ebe3a7cfc92de5c79
Energine CMS suffers from a remote SQL injection vulnerability.
9d322793eef93151511e9b868a2729d8c8d3635a89209ec5cccff447faab4997
BloofoxCMS version 0.3.5 suffers from a remote SQL injection vulnerability.
4ccf8e1916bc33bcf1ed20adcdfb80f6ce671f9ff51eec7d0cb626fdad438b6b