Mandriva Linux Security Advisory 2011-096 - The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / character at the beginning of the URI. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the file:// URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed.
cfd8400b472c9d81ba72ff0351d1a79213014f8039daa39730e7a98053e3d81e
xtcModified version 1.05 (FCKeditor) arbitrary shell upload exploit.
7392a082a0edb8f2b4b42760293cb1430bf9c388f76faa5272f6541241f87c05
pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped into 8 testing modules.
808d5c8b46bb60eb106cd9b9d64a63bab99beb4e19fd7e71d0675be43b6de705
Tugux CMS version 1.2 suffers from cross site scripting, local file inclusion, url redirection, and remote SQL injection vulnerabilities.
b5b2ff3bd99d5a8b947cc3f1d1e8127651974a13726a26182e02c17102388137
chillyCMS version 1.2.x suffers cross site request forgery and remote file disclosure vulnerabilities.
2545b5c82fa3df40c9d39eab5aa04640564087f43ce46f64517b580d5cb6b972
E-Manage MySchool version 7.02 suffers from a remote SQL injection vulnerability.
b5bb6c54604cff4f0a246ebe39b746423cd07008e7d19206c6460c3a6877089d
NucleusCMS version 3.64 suffers from multiple cross site request forgery vulnerabilities.
61346924420842ad8b2946c9ab35618c5c8de86fb39694bfe29dc895fc03c7c0
Mathew Callingham Associates version 3.x.x suffers from administrative bypass and SQL injection vulnerabilities.
3f99b5a8b3d22db59e6b1cf8632f35237f3fc0f2936164d80e3e287d8f1c4d42