A vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files.
461e165b1293cc00e1d6b9380680b3251d008e466d4d8f0a77303e8d91c15fbd
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_CTGTRANS requests the process copies packet data into a fixed length stack buffer. Exploitation allows for arbitrary code execution under the context of the SYSTEM user.
aee6d5e4517fc845d2a37d58942b8f8d9b515170a768e9ea0179b3cafcc43942
ToursManager suffers from a blind SQL injection vulnerability in tourview.php.
4d0862ac35c71f59549f8a0f7be83099dd4f645b32ac2abbf8e1b5cf37c106c9
phpRS versions 2.6.x and 2.8.x suffer from a remote SQL injection vulnerability in gallery.php.
cd37a62705b90092cec6ee3361131b1700931e182692ee03102eb885c5ef7e27
Mandriva Linux Security Advisory 2008-233 - A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code. In addition, the fixes for were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues.
2dce704b30c5057d574019fc7d3911b1a7e1917657a49ce71f95f9a0d9af8dda
Whitepaper entitled Java 2 Micro Edition (J2ME or Java ME) Based Computer Malware Propagation Technique.
33dd9cf75d17e73d0b9c873025e3dd464002ef35b74dc38578987a00ee29000d
Oracle Database Vault runtime disabler that uses ptrace.
0d48b8ebbd50899212a445327c014e7d2065b85348b30ced6cef07c51a106a34
Natterchat versions 1.12 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
fdaca1a9c305161e92f99409bc5f23f72a342ea384bd5b361a547e3fa2b96b45
PHP version 5.2.6 suffers from an error_log related safe_mode bypass vulnerability.
dfa81ee9fe5ed6e1ece110d40fa867c9d3ca32a9a65c0a1f95afb57512cb484d
PHP-Fusion version 7.00.1 remote SQL injection exploit that makes use of messages.php.
77817606cf5e9fed61740e8e7fda85ce50b412c3ee6fc324930edec411a37b22
Social Engine versions 2.7 and below suffer from remote SQL injection and cookie manipulation vulnerabilities.
cc404081ed843b5c909a79b12ce67ff7d853b70cf072abefb61a297df95cc82c
The Visitor Messages add-on for vBulletin version 3.7.3 suffers from cross site scripting and cross site request forgery vulnerabilities. This is a worm exploit that takes advantage of these issues.
5752206c5691ff705d128ca2dc77666331538a0b7d3d082cd48a913b6c4d2723
AskPert suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a790ed10037506515e1cb4fa8df7b0b9165b6d1742e7081b58afa65f98c028e2
Brief whitepaper discussing return to LIBC exploitation on Linux.
60df69f9613a7068834b59cadfa21bfe78b5e1a540709800c8da40b9243c2620
Brief whitepaper discussing stack overflow exploit on Linux.
213beb0caf6939f7b983962882c19d76cf2d7c40ce84befefe5a6c4310688863
The BackLinkSpider Exchange Links script suffers from remote SQL injection vulnerabilities in links.asp and links.php.
95bd3ddaba52709a0a2ff97a065ee4fb33c150b34551544104ec30c5b5dca58c
Exodus version 0.10 suffers from an URI handler arbitrary parameter injection vulnerability.
a264639d87455f56875a23401f59036d3f82d8733d2fa690f11e8e6f50ec84e0
wPortfolio versions 0.3 and below remote arbitrary file upload exploit.
77857473a16edc35e3846dde8b47e890e7346e7a1246ca3ed301a780b8622f1f
26 byte (the smaller) GNU/Linux x86 setuid/execve shellcode without NULLs.
87786ce6282d8885f0a55ff4452c4588f5c2aaa59e5b5c89e649507cc012443b
BoastMachine version 3.1 suffers from a remote SQL injection vulnerability.
3188017b37ab4a98aa44caa9771b4a4443c0211c97b37cc476885a070dc0110e
HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM).The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).
b8c9fe6d25660a81a6f06aae5f7fa118b9a41d276c0d7b7e813c689357f06725
PunPortal PunBB module version 0.1 local file inclusion exploit.
63e5162517b423113437d76ce37e4881551e54e731e0b89b6f220564e426d437
Pre Job Board suffers from a SQL injection vulnerability that allows for authentication bypass.
767f3b7b80905d4af74a7319352b4d649488147010ed6235478fe8c051e7c9fb
Secunia Security Advisory - A security issue has been reported in SystemImager, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
b86a2ff45f2aee8400b99722dcda1cae022399f4bc56b827c5b235f3c249d084
Secunia Security Advisory - HP has acknowledged some vulnerabilities in OpenView Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
c878986f26c644625cbed0d7794101f606d09164f75f812d506ee2556b57c81c