Tor version 0.0.9.9 is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
713359cf4b620afe1f75e84150e2c49ebc76f35dedc8af3639866b5a6747d536
Codebug Labs Advisory 09 - myBloggie 2.1.1 multiple vulnerabilities. Full path disclosure, Cross-Site Scripting, content deletion, and SQL injection vulnerabilities exist in myBloggie 2.1.1.
f7f7644eba42b3961a50a761d17b98dae395eb1f1dd97d656f8504adfac6d9e5
Google adsense is vulnerable to remote cross-site scripting attacks. This is due to several name and message fields not being properly validated.
1d9f0a3ba37186bf2960e4947afdb38a5e9e8dd89100de61267b3f9ac65f6db1
Simple tool that transmits ICMP type 3 code 4 messages to a given destination, sometimes resulting in the connection being terminated or severely hampered. Reported to work against Linux boxes.
327269e6429f86a37a10156ec5f7a14d6f138ea0bc11b2c79d9124fdd7136cbe
ActiveFax, a network-enabled fax transmission/reception system, contains a FTP server which can be used to perform FTP bounce attacks (which are useful for conducting nmap portscans in an anonymous way, among other things).
e4d4d31f65ce645a4e34763f56c51382066db599977952385ad53de79902fa48
phpCoin versions 1.2.2 and lower contain multiple SQL injection vulnerabilities. Example exploit URL included in advisory.
601b133e8301c87eb6eb9fdba49d5cdb091bf6e55921dd461f447ae6272cb8f7
TRIPP is a utility to rewrite outgoing IP packets. Since it can rewrite both header and payload data, it combines functionality found in iptables as well as netsed. This can be useful for performing replay attacks, altering your own OS fingerprint, or for bypassing remote firewalls.
dd20c3a4d3957262197fe88667340ecfabf33650727217079e673d6d2796ef11
PHPcart allows for user-manipulation of the price's of items in the shopping cart.
2e0e2cbc123be6aaf5914c8b302c535b34de75fd2bf0edc6cc0b96e3075b00d7
Metacart e-Shop V-8 contains multiple SQL injection vulnerabilities. Advisory contains example exploit URLs.
9f5aa360ae5554856b5d462c2a9e439d199ae15eb11293343101e44e186f6a82
Metacart2 for PayPal contains multiple SQL injection vulnerabilities. Example exploit URLs included in advisory.
27e51a9ee256de129e003e64d058376aba570d399ba96db38f27e400c3e08c68
MetaCart2 for SQL Server, Special Edition U.K. contains multiple SQL injection vulnerabilities. Example exploit URL included in advisory.
bf27a85a45c5105011343f17098e773a5519727cebe0ae2776fee8fe16544a19
Multiple SQL injection vulnerabilities in metacart2 for payflow. Example exploit URL included in advisory.
91a62b15583088eafdf55e57ac53a4580189ef41a7ca845c6184ff7996ea6447
Metabid contains multiple SQL injection vulnerabilities. Username / Password verification can be bypassed via SQL injection, and more issues exist. Advisory contains example exploit URL.
67ee02e0b5694b14f0011efc0a8cb3134f865a21e9fd86180e92abd4be94ca7a
SQWebMail is vulnerable to Cross-site scripting / HTTP Response Splitting.
b1598238af35468ae7390ddb40c1325dab2802e792487ba37010e46dfab6bc58
Yet Another "Why CSS Is Bad" Paper.
0c887d986ae284f7c70a519bdfe8487982c28a01419f992b0641e7cd3f0249f4
Sniffer for "Gadu Gadu", which is a chat program in the style of MS Messenger/Yahoo Messenger, but aimed at Poland / Polish-speaking people.
7c2e84981d0bb5e809d320011bedd1558b1ac36cc5630e16f804106cb6f592bd
Snmppd format string vulnerability. Snmppd (used by / with Nagios) may contain a format-string vulnerability in unsafe syslog() calls.
530283249b60e4f090b7e6f5b2df86eca244287192c133b0dfe453b3eb4a9996
Novell Nsure Audit contains a Denial of Service vulnerability. The webadmin.exe module, which listens on TCP port 449, becomes unresponsive when a bruteforce attack is conducted against it.
c90a01df5fa37c3a125d238fc52b66d73fbca467084ba0b86ad17914941ef7c7
Nokia Affix Bluetooth Integer Underflow. Affix is a Bluetooth Protocol Stack for Linux that was developed by the Nokia Research Center, and implements Bluetooth protocols. This may lead to a local root compromise.
0b3e9bf80b6a9d1c3d8e5193b6e58cdca58f84d5a3afe253d5f89b22b04f820d
E-Cart remote command execution exploit. Executes a reverse shell using a buggy open() call in E-Cart.
b2784c5e78f48cc00ab73c0398351c0cf34b604571531aef72a64696d3973f62
Store Portal 2.63 is vulnerable to SQL injection. Example exploit URL included in advisory.
36069a8bc200f7e07a82f9d602315494af4563454f1a9a979135b31706910c0a
E-Cart v1.1 Remote Command Execution advisory. The file index.cgi contains a vulnerable open() call, resulting in remote command execution with the CGI privileges.
f3cdf6d3c914451395834918e3bdedb01a7d7d66ce540c1af4f0ef8ee8dabac3
BK Forum v.4 is vulnerable to multiple SQL injection vulnerabilities. Advisory includes example exploit URL.
88e22bd5f279a93f88df060dd312cb550288bf0e52da84bda4720bf69379b432
This tutorial is an overview of how javascript can be used to bypass html forms and how it can be used to override cookie/session authentication.
f33ef88eca88474ed96f2530c0a55fe5a5ea9ba9b220adc864b72f8b931e4932