The WordPress Spellchecker plugin suffers from local file inclusion and remote file inclusion vulnerabilities.
ab620182444da6e9e25bbd2ff29473475170a67f0693c1d08670c943b225dd1f
K-Rate Advanced Picture Rating Script suffers from a cross site scripting vulnerability.
5f5a0236cacfa7f1c184fcecc519c08254a5557e2eac51a40ccf9a995b0adbc8
This Metasploit module exploits a stack buffer overflow in Video Spirit versions 1.70 and below. When opening a malicious project file (.visprj), a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP and ASLR, and works on XP, Vista & Windows 7.
9e121784ade83adde0ab90ab8fb328d34f02896d4228c84517683929d42c0b44
Zero Day Initiative Advisory 11-118 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location. This can lead to code execution under the context of the service.
2b577bc17c0f8342ac6e6e9dfd42c71e762efe3b4ae44de771f057f8d5d89ed0
Zero Day Initiative Advisory 11-117 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Firewall Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the code responsible for authenticating users. The GernalUtilities.pm file contains code to validate sessions by parsing cookie values without sanitization. The faulty logic simply checks for the existence of a particular file, without verifying its contents. By using a directory traversal technique an attacker can point the cgisess cookie value to an arbitrary file that exists on the server and thus bypass authentication.
484b7d2966d0efd9dfa5bcfca9f1b1a77fd8ff8ae233db8ccfa43063f51a9198
Elxis CMS eForum component version 1.1 suffers from an arbitrary file upload vulnerability.
58b2a6b909a034aeee02869758ffbf3d70980bbfab04f276db39ed65066e18c7
Linksys WRT54G with firmware version 7.00.1 suffers from an administrative password disclosure vulnerability via ftpd.
29ac89d17267faf8260fc55d0bf0cea35b3acec9de7d42041acbc8aaabc40393
The Gazette Edition (theme for WordPress) versions 2.9.4 and below suffer from cross site scripting, denial of service, path disclosure and abuse of functionality vulnerabilities.
554e2b12eb7acbe0808897d2e279223beeade9555f821b00b156e5c83a058674
oclHashcat-lite Advanced GPU hash cracking utility that includes the World's fastest MD4, MD5, SHA1, and SHA256 cracker. It supports up to 16 GPUs and include binaries for both Linux and Windows.
9a98224224dfe503e6d645740cc8442831f25b3322e6d81534f567fe513eaf91
Mandriva Linux Security Advisory 2011-073 - dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. Additionally for Corporate Server 4 and Enterprise Server 5 ISC DHCP has been upgraded from the 3.0.7 version to the 4.1.2-P1 version which brings many enhancements such as better ipv6 support.
b869f67c871d88945a46206ca3939aac0496a05a47a2e9dc074ec6eff18ec5d4
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
9c76666d0555620329d949aca87571825adb8fcda9cd564e6410e1d2b6228c55
Gloves In A Bottle suffers from a local file inclusion vulnerability.
cd467200613ff7583b1ed7b0adba2fd18ce3030299cdd2a672651ff3aea5fb3b
Debian Linux Security Advisory 2217-1 - Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of dhcp3, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.
54aa128164e1a3fc5b22b43fa81ed44f8d8a2ead59b3172b5843a7ef345ea6e9
Debian Linux Security Advisory 2216-1 - Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.
2a4dbf9a5f44606d2210505da3eabd5ea25e699d58d5b72c9148efe6503df304
tmux versions 1.3 and 1.4 suffer from a -S option incorrect setgid local privilege escalation vulnerability.
cd885fe8e526cc9f25b3d09ae86f267db6f64ccabdcde1494411eddaa61dea49
Vallen Zipper version 2.30 .zip file heap overflow exploit.
80f5e42cf76a05410e9ce3d9c21cf65c61940466b3b716293d2f29a071a7cb3a
MikeyZip version 1.1 .zip file buffer overflow exploit.
98a685e7ab2139acf372fb56c3ec511246fc935f0251e0b360abc101956caa9c
K-Links suffers from a remote SQL injection vulnerability.
4b7997809c7048d1abc47e21eca2e2b6741d956ec4b93ac2456536aa985be135
The Joomla Phocadownload component suffers from a remote blind SQL injection vulnerability.
6365839b756fa703a75d8c92aaf6342c116e9d38fc9a41d5bd88b85008e0f204
The Joomla Gcalendar component suffers from a remote file inclusion vulnerability.
3a4697dced6c484634eb5df0df17e03d44a43b94210253839b9129ba91755a77
Joomla Extensions versions 1.6.0 and below suffer from a remote SQL injection vulnerability.
4118ccb7ca2acf7fd3c00b535a3414838f77d6ddead31773010bd55b4cce2722
Secunia Security Advisory - Multiple vulnerabilities have been reported in PHP-Jokesite, which can be exploited by malicious people to conduct SQL injection attacks.
f08da736095636afd78e3bf3bf8c03b4f45f27bb9a761e82e3726a9749402211
Secunia Security Advisory - A vulnerability has been reported in Softbiz Classified Ads PLUS Script, which can be exploited by malicious people to conduct SQL injection attacks.
efc9d0f6357ebbfc955ef331b1a78e090c44678bc408bec3b2dc8611575f99b3
Secunia Security Advisory - Debian has issued an update for ikiwiki. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.
58db33873302308872eb77c617d317247e95720d5856a5992e3b0ba8b4d518a2
Secunia Security Advisory - IBM has acknowledged a vulnerability with unknown impact in IBM Tivoli Monitoring.
b4d6069e426a25db12c199bb0bbf8aa422382313fa55762cd42c7ef2936d28c6