Burden version 1.8 has an authentication flaw that can be exploited by a remote non-authenticated attacker to gain administrative access.
37b074fcfd1268b4c2a6f2caa51871c515255ca4a95d417dbb255ba1040e51e3
WordPress WP-Members plugin version 2.8.9 suffers from persistent and reflective cross site scripting vulnerabilities.
385a5905db87d16b541ccca93a3f6fdc33d755988788c62aba7d2398acab7e99
Debian Linux Security Advisory 2839-1 - Multiple vulnerabilities have been found in spice, a SPICE protocol client and server library.
21bc9e2ca850fc53e08f2773db25c48890c4758a2dd389792d6e0026bac78030
Horizon QCMS version 4.0 suffers from remote SQL injection and directory traversal vulnerabilities.
c4a8ec5246cde659f575cae4546093150061579f6c6c6713fe4b0a2f20435884
Eyou Mail System suffers from a remote command execution vulnerability.
9eb2afa048f0423a66d6d70e5d349f8ff7afc7986f519cce410651a890eb14ce
EZGenerator suffers from cross site request forgery and file disclosure vulnerabilities.
0105ea969629a0b67c5dee553ed0d9e82c41961d40576436de6c749be569fa15
CSP MySQL User Manager version 2.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
657bbaa377192ebc2eef6b897b2b4fcd8ece308cf0861143d569a083eff2e675
Built2Go PHP Shopping version 1.x suffers from a cross site request forgery vulnerability.
c88f0c657889d78d03a3fe805274b562dc61938b49f2435de9ec600fbd7d9f55
UAEPD Shopping Script suffers from multiple remote SQL injection vulnerabilities.
e6d58afc0a7ccc372d19bba4b96af7e5bca4d4f6d3b3a9bc0d6cb35b8f1f58ed
This whitepaper details some novel methods of exploiting blind XPath 2.0 injection flaws that can be used to retrieve the whole document being queried (and others on the filesystem) without needing a large number of requests. It also covers exploiting some common XML databases.
bb958f4f5dc663b2b29dda1a486d1e5c6aaa2c1a738838917678623686d2a543
dnsenum is a perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. It has been completely revamped.
c2583590e7431b48cb755b13575728b862ffe0778fc9ab445785f32899455590
Ubuntu Security Notice 2078-1 - It was discovered that libXfont incorrectly handled certain malformed BDF fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
a8d0fb9603d0b8ef1da182c41344b99320766a5306d3400fae58961c67e46a31
Red Hat Security Advisory 2014-0011-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.
12c9104c0b2fe908c6e82ce93a50c82825eff34ed3fc177c32b9625f20a33380
Debian Linux Security Advisory 2838-1 - It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts (BDF) could result in the execution of arbitrary code.
0d0ec3a588776ba817f0148e8f3f841283ae79915fa2a75381e8a8ab716e2251
Debian Linux Security Advisory 2837-1 - Anton Johannson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference.
6994946e9b9d496cd4cb38e8153d382c718c783522f5a47212b7c7e15cdef6c6