SaphpLesson version 2.0 remote SQL injection exploit.
84880ff4eb056306cb0b82e52812c3947c34a07cf6eccc6a330c88ff1c7c2339
iGENUS WebMail versions 2.0.2 and below remote command execution exploit.
85c7f7a9b770046f5a06b39f98b512e90aada232d07b5f768129ae77bbd6bdff
Local privilege escalation exploit for MySQL 4.x and 5.0 that makes use of UDFs.
259ac0290dd0e3e004ce1a3a8f637fde8c686703359f1c60679c5a45b6988645
This Metasploit module exploits a vulnerability in Safari's "Safe file" feature, which will automatically open any file with one of the allowed extensions. This can be abused by supplying a zip file, containing a shell script, with a metafile indicating that the file should be opened by Terminal.app. This module depends on the 'zip' command-line utility.
d07fb300961da20240be4d01af4bf9ae28d737166fc35716c762ae250e33252f
Microsoft Windows Media Player 10 Plug-In EMBED overflow universal exploit that makes use of the flaw discussed in MS06-006.
2773662b377c0c196a0104ce112087de801337f51b5949420cc9fc8330f312a6
This Metasploit module exploits a vulnerability in the Windows Media Player plugin for non-Microsoft web browsers. This module has been tested with Windows Media Player 9 on Windows 2000 SP4, Windows XP SP2, and Windows 2003 SP0 (Firefox 1.5 and Opera 8.5).
109944d0f0bc94820c9812ca99a3a01766f288fa18315471b7364cf9c0e05b92
Microsoft Windows Media Player BMP handling buffer overflow denial of service exploit.
8f2d41bf1dd64716755ada44360ed3a49914717b8e043672e16b3d2999406bcd
Windows Media Player BMP heap overflow exploit.
822f5c646504ac887852555d8001a9bf10e68172b4532b4596c607174b9241af
eZ publish versions 3.7.3 and below suffer from cross site scripting flaws.
a2e3a0d122a5938311a50fa279d8aaecfdf72b266d633af98ca648075c1b6805
ICQmail.com and Mail2World.com suffer from cross site scripting flaws.
110d6619c74376b652d2594211b95a74a9ca9925caa10924f9d46b4c07940b4e
Pentacle In-Out Board versions 6.03 and below suffer from a SQL injection flaw in newsdetailsview.asp.
c41e3a101311cb8d1397efad265cd2055b641e6671e8d741ab46b7c57ba9771a
Pentacle In-Out Board versions 6.03 and below suffer from a SQL injection flaw in login.asp that allows for authentication bypass.
44e21740ebfcc261a03c72155b1ffc8c45a59dff7a5f146b6633b424340e2e5f
NSA Group Advisory - SPiD version 1.3.1 suffers from a classic directory traversal flaw.
12524908c6c57479cfbc4caef1bf5c49494264797d167ce4596229d847b85cc3
Remote exploit for ArGoSoft FTP server versions 1.4.3.5 and below that makes use of a remote heap overflow in the DELE command.
7254d5e1a22aa5a9bedc2e13bb70cc4b7c74c92e5c1eac37b5611a7eb4360abd
Hotmail/MSN cross site scripting exploit.
7ee723fd6bda6975447f5281a29e4b67559ae75d79a168fe927bfc0c9b56085f
Guestext version 1.0 is susceptible to cross site scripting attacks.
325f9ac22671d90b92992e8b0593fdad85244048bb98ab1a9c7d6ae3d153ecd8
Mandriva Linux Security Advisory - Multiple integer overflows in the new_demux_packet function in demuxer.h and the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value.
54fbfa44bc4ce46c7e7e5a855cf8134006656b7d86c6868f140376e5c7da05a4
NSA Group Advisory - Website Generator version 3.3 suffers from an arbitrary remote PHP file inclusion flaw.
885da198541b682486a9824c51d6e3e1c076266899c8404b0a0cd280901f787f
iDefense Security Advisory 02.24.06 - Local exploitation of an access validation error in SCO Unixware allows attackers to gain root privileges. The vulnerability specifically exists due to a failure to check permissions on traced executables. The ptrace() system call provides an interface for debugging other processes on the system. SCO Unixware's implementation of the ptrace system call fails to check for setuid permissions on binaries before attaching to the process. This results in the complete control of memory and execution for the traced process with root privileges. Attackers can inject data into the running setuid process and execute arbitrary code with root permissions. iDefense has confirmed the existence of this vulnerability in SCO Unixware versions 7.1.3 and 7.1.4. All previous versions of SCO Unixware are suspected to be vulnerable.
6eaaa424b75ac17dcb4ec8cdd9b4609599cfbdd9bbe9aea98a0e116202a59614
SUSE Security Announcement - A new release of Heimdal fixes a file ownership flaw and a bug in the telnet server.
b0218c3a06d64bab844e1669fd6710cd43861365008010a8bab1d843588da063
Mambo versions 4.5.3h and below are susceptible to SQL injection and file inclusion attacks. Full details provided.
32f94f56d297af76886b57f1aaf38f9c0442583eea7d2246d3d29f09d3e5105e
MyPHPNuke versions 1.8.8 and below are susceptible to multiple cross site scripting vulnerabilities. Details provided.
e0c7f805e02b0449c14d070cba3507927c4da8f250e046f53b5066a0cbef8541
Woltlab Burning Board 2.x is susceptible to multiple cross site scripting flaws. Details provided.
6a378f20bcf1a839d6265b48317ce172486aa6ae12a3ec5434d309d5d2318f60
IRM Security Advisory No. 018 - A buffer overflow exists in Winamp's handling of a m3u playlist file. Version 5.13 is affected.
3def06357bbd61ad42bef60b1155880a09482b306cbc4c4de3efe11138eb667c
SpeedCommander version 11.0, ZipStar version 5.1, and Squeez version 5.1 all suffer from directory traversal vulnerabilities when processing malicious JAR and ZIP files.
bb515a90987a52b0bcf6be0d1ee106843efd253c6e4dd84acebf0dd2ddc1b8cd