The QNX Neutrino RTOS runtime linker allows the creation or overwriting of an arbitrary file. Moreover the technique by which this can be achieved can be triggered even where the binary being executed is setUID and is running as another user. Version 6.5.0 is affected.
7d1751f1d7538142a5f545dae3d6e0f64cbacc7f8b27be5bec111384542a5645
The Apache Traffic Server versions 2.1.1 and 2.0.0 suffer from a DNS cache poisoning vulnerability.
1dc0e9378f377c2bbcc492f5d1dc879dd8fb8b702f63ec2c802e48c3bdc43d67
Brief write up discussing exploitation of the Linux linker.
e6a4092d9c7f6bfe19a47771315ef0b1edbedff573ad3adc8783e68166ac9c97
The Rekonq web browser is vulnerable to Javascript injection in a number of components of the user interface. Depending on the exact component affected this can lead to Javascript being executed in a number of contexts which in the worst case could allow an arbitrary web site to be spoofed or even for the Javascript to be executed in the context of an arbitrary context.
b604a1d5db6b3f8fe6875b468e0971c8b0a5c62c937984575dbb59a86d78a575
SSHatter is a remote brute force utility that attempts every password from a given list against a target.
9c288bea73f302b726bbb13e21594df22b82f73f874f130fb60e626f3abd3b2a
The TekRADIUS radius server for Windows suffers from a SQL injection vulnerability that allows for privilege escalation. Details provided.
04e03394380b7c464a8bd6dabc94060b07b1420c44f813a363aca9d1aa17f13d
NullLogic Groupware suffers from account compromise, denial of service, and possibly remote code execution vulnerabilities.
c36c4bc118817c73caa7e27e4882f82a005ab7e206e99a27d5d2b690d6443b2a
Portcullis Security Advisory - By sending crafted packets to ports on the Checkpoint VPN-1 which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets.
51a82eb1b4c5f4d3532a75bb76489bb144459f7cdb950cf9b248f0ab003575f5
Affinium Campaign version 7.2.1.0.55 suffers from a javascript injection vulnerability in the templates web page.
c82b2a5713558c8a53fa779387549a6224ad899d490bc09ef23b7240a40aa8ec
Affinium Campaign version 7.2.1.0.55 suffers from a log related cross site scripting vulnerability.
053bcfa9891524f83f4ed4442a156d466047db8007c7ab7e014bb87db5b74a7a
Affinium Campaign version 7.2.1.0.55 suffers from a denial of service vulnerability in its Listener.
409f174deb2734fb33455f715be458ca7771b4452e3a584a4fd9708637195cb7
Affinium Campaign version 7.2.1.0.55 suffers from a directory traversal vulnerability in its Listener.
361a5fe7947bd8d0cd258ec7c536f58cde024e1a42d39189fab582b98aaed12d
Affinium Campaign version 7.2.1.0.55 suffers from a directory traversal vulnerability.
5aa4e14f00895220101919783b0a5c8fe0eb4337483e36ca303cd968223bc8bc
Affinium Campaign version 7.2.1.0.55 suffers from a javascript insertion vulnerability.
921ca5ae7e6ec08e4305b4dee7180b165fad9feed97d8ed15c114b81e10f83fd
Affinium Campaign version 7.2.1.0.55 suffers from multiple cross site scripting vulnerabilities.
05611b417843f52ea40678830e68b64d55d8267452c95284bad6f9bea704a4df
Nth Dimension Security Advisory (NDSA20080215) - The Festival server is vulnerable to unauthenticated remote code execution. Further research indicates that this vulnerability has already been reported as a local privilege escalation against both the Gentoo and SuSE GNU/Linux distributions. The remote form of this vulnerability was identified in 1.96~beta-5 as distributed in Debian unstable but it is also believed that Ubuntu Hardy Heron was affected.
679be8c3c5c41b4fce67f2ff8f104fcb7afbc9d058857614bb4a84ab75341837
Nth Dimension Security Advisory (NDSA20071016) - The SiteBar application has single high risk issues with its translation module. It can can be made to retrieve any file to which the web server user has read access. The SiteBar application has multiple high risk issues with its translation module. It can be made to execute arbitrary code to gain remote access as the web server user typically nobody. The SiteBar application has multiple medium risk issues where it is vulnerable to Javascript injection within the requested URL. The SiteBar application has single medium risk issue where it is vulnerable to malicious redirects within the requested URL. Version 3.3.8 is affected.
f9787ab6aeb07593ce7cda6de093a36855c1a84a926762bb230871ba4fa62bdb
SSHatter is a remote brute force utility that attempts every password from a given list against a target.
74989fe4b419899604f6db0946f0e0314f97a42cecc49672b4bf78d580842226
SSHatter is a remote brute force utility that attempts every password from a given list against a target.
690c0e0d317026df8d9c423cc3c6e552372dbbaaab16953a32d76b120fd720c5
SSHatter is a remote brute force utility that attempts every password from a given list against a target.
ccf0f5f7aa39fb59f5f5b2bd959ec841ca04f761de5c1c2da76f97a1bfa7976b
Whitepaper entitled "Writing a fuzzer using the Fuzzled framework". The paper includes some of the techniques used to dismantle protocols including documentation, observation and static analysis.
85eff0372eb6b927c7f66e8380f04f54c2152fb1202fd191238c82796096ff34
SSHatter is a remote brute force utility that attempts every password from a given list against a target.
f36698575e0aefc1ed0903dc22c54cd9ffdeb171aa4341ea9cc93b770555d3ad
ImgSvr suffers from a stack overflow vulnerability.
565d22b95eca8b9f9bc666c22a941d4f22918caf966cb2431c62ee0ee7aa6b51
ImgSvr suffers from a directory traversal vulnerability.
587cd55bbcebb9efada9fd3e9fcfc6871ab6005bad8bc15228ce890a7df36ba8
eVisit Analyst is susceptible to SQL injection vulnerabilities.
64578dc3aa5280d374e5a5e33556efa48bdbd09dd432b0ed80d48f0beb44bd5b