Secunia Security Advisory - John Leitch has discovered two vulnerabilities in Claroline, which can be exploited by malicious people to conduct script insertion attacks.
f310c7c014856a0c53d970c3b8f59092156d802f6933883564c55e43fae67926
Secunia Security Advisory - Some vulnerabilities have been reported in Froxlor, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
8ca5fc48d3010b6251f58bceb96821b1913284488877ce640ea824995a7e4c5b
Andy's PHP Knowledgebase Project version 0.95.4 suffers from a remote SQL injection vulnerability. In some environments it may be possible to create a PHP shell.
3362f821f69cf7647b8a82382dc84a639aaed20c0562335c522098d52d8a7f39
A persistent cross site scripting vulnerability in Claroline version 1.10 can be exploited to execute arbitrary JavaScript.
90fe6ead030e3c46d84454b0be125a33b560e1c502df04a47f9e57155e7d883e
If the UserID cookie is set all virtual folders become accessible in Easy File Sharing Web Server version 5.8.
21615d4f36d5b7cd45ee4e5f342b744e70077736f0c8d2d3d17689b061ac2454
A directory traversal vulnerability in Easy File Sharing Web Server version 5.8 can be exploited to navigate the local file system and create arbitrary files. A user account is necessary to exploit. If registration is not open, it may be possible to retrieve the credential containing user.sdb file using directory traversal combined with authentication bypass.
ac800ad9948f881dd6a2938280a77e88b9a8160b373a2e7f6101e471a36b3abc
A persistent cross site scripting vulnerability in Easy File Sharing Web Server Version version 5.8 can be exploited to execute arbitrary JavaScript.
ed8b4b92ab766bf1e5557224303153a9fb3dbf3b2868ca81ca1c673f164ed493
A directory traversal vulnerability in jHTTPd version 0.1a can be exploited to read files outside of the web root.
7714d7d0c2b394430f94ade33e5d1ee5451a1d69f42ee28c049bb489a1ee60b5
A local file inclusion vulnerability in osCSS2 version 2.1.0 RC12 can be exploited to include arbitrary files.
ddfabb7fab1601434040280e29cf5bac13c0fe2ac08f6109f11acdc2170ea9d1
A reflected cross site scripting vulnerability in osCSS2 version 2.1.0 RC12 can be exploited to execute arbitrary JavaScript.
f2ece481a0b0c093bc536696d2d1c33801f67b46fd5b6be9344b80d75980e38d
A denial of service vulnerability can be exploited to crash Rumble Mail Server version 0.25.2231.
b0e3c08985a8d72ca7865e9e68c5533e75d35da0fabcf0562d520299c4b27731
Secunia Security Advisory - Red Hat has issued an update for gdm. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
8a2c94e25380b49eb5dcc475493242000e228cb6b186cd3acdbd71c05beea6e9
Secunia Security Advisory - Red Hat has issued an update for libvirt. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
0b32a6748ff47b2689255f3e32eb399ee9d284856c1b081642db2026c323bbc2
Monocle is a local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. Written to work on both Linux and FreeBSD.
25a26dc029a4950b4607b691903551693d1f8588966942b0fc24280a5f345572
Debian Linux Security Advisory 2205-1 - Sebastian Krahmer discovered that the gdm3, the GNOME Desktop Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges.
fd54d56a30cf7567ea53ed3b6cd7635bfef96b45f84c66c859941eb5f71da7a7
Honey Soft suffers from remote SQL injection and cross site scripting vulnerabilities.
8bd7095bc322f26524154e4782051839420bd5523ebbf0a4866dd51452b89641
This Metasploit module exploits remote code execution vulnerabilities in dRuby.
a681602f532ac58f4f6a9e537c9a81e6dec64369d00b6b75f0ed0815a4eb1b33
Turkish Ays Portal version 1.6 suffers from a remote blind SQL injection vulnerability.
18b04c4febc09615167a32d00466382c954f3c32fa911ef43fe56182f011739e
PPP Blog version 0.3.0 suffers from a cross site scripting vulnerability.
a38f2cb311068fd61f1dbd7b1a4746844f9ebea2d843a3d4f9ab569783d81ba6
Zero Day Initiative Advisory 11-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Zend Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Zend Java Bridge v3.1 component of the Zend Server framework. The javamw.jar service accepts TCP requests on port 10001 by default. With nothing more than the knowledge of the proprietary communication protocol used by the Zend Server Java Bridge, it is possible to send arbitrary Java code to javamw.jar service and remotely execute these commands under the context of the user running the web server process.
9ff00ca55c520c19871b67b0652dabe5ef5cf5dc7e91eb8cfb94fcdee37c8fb0
Dpayshop suffers from a remote SQL injection vulnerability.
d7daf343b42f1ff74e3c0a3ca4a2fa688b9078d198e8e022bfc23fa4532e30c4
Toon Boom Studio version 4.9946 DLL hijacking exploit.
3f7d398da69ffbf5378c8e7bc89e79b8316bd3ef57ea36762d0e2dc09f0d6fcc
Ulead COOL 3d version 3.5 DLL hijacking exploit.
7b6d9c64b67b37f404a3b6279873a153a56fa9a512c6f9a9deae473a90e16783
OpenCMS versions 7.5.3 and below suffer from cross site scripting vulnerabilities.
4e75fdecc723a1733d9e6ad8aa18826e0fa6f400e236f263c8da2b39e8e6918f
webEdition CMS version 6.1.0.2 suffers from a local file inclusion vulnerability.
be79d960aa2f174f83cee93937a03c3c737fc0cb11cb2cc0881e230578e63a73