The Netgear DG632 router suffers from a remote denial of service vulnerability.
9a8958aabaf48784b84218497d65d53cbbb47505c242c143bbbd7ec98c035307
The Netgear DG632 router suffers from a remote authentication bypass vulnerability.
1818feb50968cf0776a3746ebe2f0f7b13166a30328356c4b83002d2e9df1e9b
phpCollegeExchange version 0.1.5c suffers from a remote SQL injection vulnerability in listing_view.php.
c58ad0cfb7c0c94d8a5f4d360488dacd934c24ef0963d31a64c763ee6bbee7e9
Blind remote SQL injection exploit for the Joomla iJoomla RSS component.
121bdda0ee89ef2f6f6d5b486157850580201ad037e5bea6076ad541895912e8
The Zoki Catalog is susceptible to a remote SQL injection vulnerability in the search form.
99906b09a99128cdb4be9548688bf6b09df220667c8bd9fe373bbb19ae65873b
Apple QuickTime CRGN Atom stack overflow exploit that creates a malicious .mov file.
fb8e543a1b14d05da7d1eaf72adb2dc68be619562fc03383b54d35808421f260
The vBulletin Radio and TV Player add-on suffers from cross site scripting, iframe injection, and redirect vulnerabilities.
2a658ed82ade2cbe65d85e97696da855037c00a04db06e087702785efc20ec33
Ubuntu Security Notice USN-788-1 - Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files.
03c46ab8e039d95b3d68d8fff432ef9ad26a6c0edc896dd0c164b176129017f4
TorrentTrader Classic version 1.09 suffers from information leakage, forced database backup, and multiple remote SQL injection vulnerabilities.
e8769d9da4b097523f74971e6c76bddfba18b6af3bdc4de9d5059363ee58d5d2
The WordPress Photoracer plugin version 1.0 suffers from a remote SQL injection vulnerability.
79d64286fdeb1c3c428240c4f0ef515ae6d370c9864776e13470184dcdd133cb
Debian Security Advisory 1815-1 - It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files.
ad63608a9520d0d064fda0d70c6160937238a9bb33814e1fb611af3e163f35cd
SugarCRM versions 5.2.0e and below suffer from a remote code execution vulnerability.
b46bbb1752deb1c9295ffea5807d2e474bb3c4c6de135549995c2c9d75270085
Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.
6d97fadeca01d2e5ee203525b223ac4cd679980f47e622d67703c64b5711e36d
AdaptWeb version 0.9.2 suffers from local file inclusion and remote SQL injection vulnerabilities.
d4add75fa25385d92452041623a88df0efa077f1ed23a576e5d434b05ae11008
Elvin BTS version 1.2.0 suffers from remote SQL injection, cross site scripting, cross site request forgery, and local file inclusion vulnerabilities.
191399e1fec220534cbe41495d53b0c6358f217c80972cab1524de35fa59f90d
DB Top Sites version 1.0 suffers from a local file inclusion vulnerability in index.php.
71352bf1853bab4b83bdfafa46d1b078a606412620ed42cf0d1956f5ae43e6eb
DB Top Sites version 1.0 remote command execution exploit.
93d8a06caaf5690de2bb7c27089cc5e73ea3b9d8d141da2eba7acf6d96f1afd4
Impleo Music Collection version 2.0 suffers from remote SQL injection and cross site scripting vulnerabilities.
8f6e16161583651c0a985b99937c04928d00eeaacc2ff6d35eec8d075fc758a7
Evernew Free Joke Script version 1.2 remote change password exploit.
da90bddae0b91d23a85262ef92a35e133173075a5ca21eb3e480de7ef9160630
Debian Security Advisory 1814-1 - Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data.
1251a085719d046c220358316daf5f8f362b05eb479e9c0d4ad744ff518c15b4
Calling a CSS attr attribute with a large number leads to memory corruption in Apple Safari.
8696c6faba5a8300579b75b6979bea48b7c31cb18483efb7802cc5c6b277d26c
Apple Safari and QuickTime programs suffer from a denial of service vulnerability.
afebe5688f42de20f215c74637ba9a8e5c736d7c2a3f411f2ba4e22b0910b105
The F-prot parsing engine can be bypassed by a specially crafted and formatted TAR archive.
dfbeadbf4429aedb4b3293e8587c35d54104a2ec76c6f28051b8946cbab51a94
Norman with decompression engine versions below 5.99.07 suffer from a RAR related bypass vulnerability.
2752bd6cbaf45a3d245c65d2ae96d8968b3aaa13fc4e7e50d8bb6ee07d35ab7e
The Ikarus parsing engine versions below 1.1.58 suffer from CAB, RAR, and ZIP related bypass vulnerabilities.
358d51815c888893939a997bfb094d5961c12e6b4660b3012c271b5bda414c4b