osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.
3107c48a97297e43059422e4412939d4c8573f182c0a92a23911da5610afd136
libneon versions 0.24.5 and below have a date parsing vulnerability that can cause a heap overflow leading to remote code execution.
fd7e17bedc1598a0830757530b0b9b4afe6450f6c87086efb576758a8d95fde2
Subversion versions 1.0.2 and below suffer from a date parsing vulnerability that can be abused to allow remote code execution server-side.
f76bddd9ae508f184655ae5c58ceb47a83f29a5ca92d28792bf23c723330af88
Sun has released an advisory regarding Java Secure Socket Extension. Versions 1.0.3, 1.0.3_01, and 1.0.3_02 of JSEE allow malicious web sites to impersonate trusted web sites.
851e00d7595e3609cd0d8cb1108c79639bd8caa83fc7bef870c762fbbbc6dff7
Zen Cart version 1.1.2d fails to properly validate user-supplied input and in turn allows remote attackers the ability to perform SQL injection attacks.
00045589f8f2e0543da948284faffdb7fa5dc401045ef97d927d197cb023d1bd
Within phpMyFAQ an input validation problem exists which allows an attacker to include arbitrary local files. With known tricks to inject PHP code into log or session files this could lead to remote PHP code execution. Versions affected are 1.3.12 and below for the stable releases, and 1.4.0-alpha1 and below for the developer releases.
cc512101e9d54c9eba31343dacb2a44138d5ce10c2a326dca09787990a61a49c
Remote exploit for OmniHTTPd versions 3.0a and below.
10a187c64b2c3812f3886a960408b6c725c3e5e4e0c7b49ebb7470c071cdf861
Certain system folders on Microsoft Windows XP are created referencing the shellclassinfo in desktop.ini, allowing for executables to be masked as elsewise.
a4456c08095c611bdcec5b288f26f62db8ddb5844e28427b806218b0eb3b2218
Publimark is a command line tool to secretly embed text in an audio file. Like cryptography, it uses a pair of keys: the public one can be shared, whereas the private one must be kept secret. Anybody can send a steganographic message, but only the private key owner will be able read it. Marked audio files are still playable.
70fb233797c4f058955d23a2a1261aec064f893c09dad24191b79f02fd293580
Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.
00c2f250dd0b9f331e85b739415381b86f0e2189bb6869f8fc74364b3f7c03d1
Echoart responds to or drops ICMP echo request packets based on a pre-defined sequence, and could be used to return crude ASCII art in response to pings from a Cisco router. It works by intercepting ICMP echo request packets and consulting a pattern template to determine whether or not to respond to a specific echo request. It then uses libnet to inject responses back into the network as necessary.
10ecf023782f2a0b2403360672782eb23b5733879dc9ec87d5a1637484b8272a
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs may access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
190cb7b10a07b9a096f5aa1c1f9fbac3d764e7213323fe1bdde31b65b2435858