Jamroom versions 3.3.8 and below from Talldude Networks, LLC suffers from an authentication bypass vulnerability.
0edf8afd7e9b2e3de2494cd401c1b994310121456fe06ad1d4bc1602e49444f1
Secunia Security Advisory - A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct cross-site scripting attacks.
2fb300e3d8c715ccd9ddbf0bf7dde6b674555ce574b66cf1163ae528afa9c820
ISR-evilgrade is a module framework that allows you to take advantage of poor upgrade implementations by injecting fake updates. This tool is especially useful for DNS cache poisoning attacks.
e76335e42f8a96170e521a354e344acbe972302a445d7803a8159c90337ad9c3
Pixelpost PhotoBlog version 1.7.1 suffers from a local file inclusion vulnerability.
005aeac44994ed5d89df09371670cda8a4f56ea9bbfbf9fe5d3872d4c3f043dc
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16. This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.
dbca2c291e326b6ba9c90f4a0212519e0799cfb0cfa010fc788bf50a34fa8c40
TalkBack version 2.3.5 suffers from a local file inclusion vulnerability.
bc2609204edd1cffc0db98243e3bfc764c015a03841e10e5f061f606d688110c
Youtuber Clone suffers from a remote SQL injection vulnerability in ugroups.php.
7f9929412be1c6c74d88d2477ec27307b41fa1cb9e3f088f6ca89121c249eaf7
Pligg CMS version 9.9.0 suffers from a remote SQL injection vulnerability in story.php.
20f2f8683f6a290d30517db7edf0707bb7bd88dcbac491dfd39914bb833e0c2f
Debian Security Advisory 1621-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.
d9e9b17ae430792b3892c2e8cc7aba7e6dc8661a98936f7ac20724829756f2a5
Debian Security Advisory 1620-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.
6e3e15e9e8b3836df02d4373a1b2c87302d63c013578893c8e1e739ccfe98812
Debian Security Advisory 1619-1 - Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery.
ebe12a113c6df6c042ef47a1dba8bec4c568a74767c16910863035f96e4a9dbf
Debian Security Advisory 1618-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code.
18280e047380ecb31bcbcbd6d8fe8de6559af0e4692a69fa5ec3ea2352e79e79
Debian Security Advisory 1616-2 - This update corrects a packaging and build error in the packages released in DSA-1616-1. Those packages, while functional, did not actually apply the fix intended. This update restores the fix to the package build; no other changes are introduced. Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.
51275dc8498a1260ec4a99764c2986c3d3164b4dc36a15ff51cec45f58d14d6a
Die Eier Von Satan is a quick and dirty rewrite of the old ADMnog00d code. This version exploits the DNS cache poisoning vulnerability and discovered by Dan Kaminsky. This proof of concept makes use of a MX RR to spread its poisonous payload, a A RR, but can easily be adapted for other flavors.
10620955e93ad4e6de3b0a1a937dfcfaa4e383b2965a6eb178c2bfd654baf6da
SiteAdmin CMS suffers from a remote SQL injection vulnerability.
7cf273c08cd8ea451b102dd33b56aabb491887b4a265433aa24947081cf99ae9
Whitepaper discussing simple web hacking techniques.
0a432eb4f3a3bc68716128668d568024808926dd6b1509597f9ccf88b1ba8924
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
8e5717d47b32ff84d089138cb7aa088fdd833d6a1b780b01ed2a4afe902453a3
GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
363726c40c8927cab74a666bef67082ee0b16740c41ea9c98c0838dc6ab2c799
GC Auction Platinum suffers from a remote SQL injection vulnerability.
70470b5c82e294b05b26b8ee1c9fcee74805121b5f9c5d29336f701f94ad488c
The Getacoder clone script suffers from a remote SQL injection vulnerability.
3396c7573fcfb059df20bfaed9ffb3734ffe690774fe4dc7b2d550712dcd82ec
CMScout version 2.05 suffers from a local file inclusion vulnerability.
4a780a1186439aed71db3da375a208850161d4682f1ca12bd596b8bba22264d9
EPShop versions below 3.0 suffer from a remote SQL injection vulnerability.
7d19228538373db262e62d6a4ae6162091a6527c4e9cb718824619720ab64e5c
Mobius versions 1.4.4.1 and below suffer from a remote SQL injection vulnerability in browse.php.
c9cb308f9ff4aa89f94878b3314ddbc6ba11944e1c52e22d3f6f858914bf3620
TriO versions 2.1 and below suffer from a remote SQL injection vulnerability in browse.php.
39ebad0b570430729345b00e2e83bb3169424e5785876aa9927c6d5bfc1c41da
phpLinkat version 0.1 suffers from insecure cookie handling and SQL injection vulnerabilities.
d0526916899c6eee806daad44e111d33b5674d899151e9f68410eee85c0e7141