iPhone CSS::Selector crash exploit that acts as a web server that sends a malformed long string to the CSS style tag.
d71ada90483a76b113062fdae1846313e113c33c00836ca4c4a16526a4b6222b
EMC HomeBase Server contains a vulnerability that may allow an unauthenticated remote user to upload arbitrary files on the affected HomeBase Server. Versions 6.2.x and 6.3.x are affected.
1481b43fd91ee9d43c4ca39ea27c50887e8ea9279062e3564ef9f2bc7328f2f6
iDefense Security Advisory 02.23.10 - Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to improper validation of the domain used to download and execute applications from. The vulnerable code always assumes that the domain being validated is a subdomain, which can lead to a logic error when comparing the valid domain and the requested domain. iDefense has confirmed the existence of this vulnerability in getPlus version 1.5.2.35 as distributed by Adobe. The Adobe Download Manager on Windows (prior to February 23, 2010) has been confirmed vulnerable by Adobe.
d0efdc32584a23be37a59e4491447cc4ca499652cf899ad6b592297321df9b3a
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
af6d947eef87f00fe513045bf79828808ea42b9cf70eaee033d5e96e73edf61a
VUPEN Vulnerability Research Team discovered a vulnerability in various Symantec security products. The vulnerability is caused by a buffer overflow error in the SYMLTCOM.dll module when processing user-supplied data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page on a domain masqueraded as an authorized site.
1396c6713bed4dbfef7dae21661f037819774374e8dbc9e411a22263e49446ef
Technical Cyber Security Alert 2010-55A - Malicious activity detected in mid-December targeted at least 20 organizations representing multiple industries including chemical, finance, information technology, and media. Investigation into this activity revealed that third parties routinely accessed the personal email accounts of dozens of users based in the United States, China, and Europe. Further analysis revealed these users were victims of previous phishing scams through which threat actors successfully gained access to their email accounts.
cceaf3df3ab1ccf182366803b6bfb56b7c9cea916f742e8b4f9563252efe670d
JavaPont suffers from a local file inclusion vulnerability.
a013ca51d89ccb35e75cf4a2690348cf7368c3f368782a8e9e86ea9554782fad
Joomla HDFlvPlayer component remote SQL injection exploit.
dc912df0feedfb9f5ed7ac43039d679783880a60893bc48825697898d2e49d96
LiveChatNow suffers from a remote SQL injection vulnerability.
c185d764e3b247a42464968a76d8964632b5864476eab2c18fead83e812651f6
Kojoney versions prior to 0.0.4.2 suffer from a remote denial of service vulnerability.
a877fb5d19fecba22603df6557ffba4026cac256b572c537cf59dc8df9a77783
Apple Safari version 4.0.4 and Google Chrome version 4.0.249 suffer from a stack overflow denial of service vulnerability.
ba90a1df6078d3a036b3d5ff300808e8b94b9214960121c8a2c8e6c054db790e
FTP brute forcing utility written in Python.
cfa21c0a60f0dce81d28f10ac3a3c8f1ec11c0e1803d9b519d2fa308c15c83df
Assembly code that binds to port 12345.
3b81b5eab10bc8cb8b3503424ac364d82d833f0afa4ccc82097c78cc6c06910f
Avast! versions 4.8 and 5.0 suffer from a aavmker4.sys kernel memory corruption vulnerability.
423e14acc68af28b36348077feb4ef7ada79727abeb0a3fa6fe5fcf347f9aa5c
phpCOIN version 1.2.1 suffers from a remote SQL injection vulnerability in mod.php.
851d9fe31093b2a8736a03c6b09fcf3a26c924a64cccfd1b49beaaecb6d38f9f
Ubuntu Security Notice 903-1 - OpenOffice suffers from multiple vulnerabilities. It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls.
d0a5d9315dd8e403cd8b3e519b8802f52fab3266e43dcc3d765e96967c414897
Softbiz Auktios suffers from multiple remote SQL injection vulnerabilities.
47b1b5a09e2eec6890da99390c693438358b62b46bd79d23337fa9c2c09d0108
Ubuntu Security Notice 904-1 - It was discovered that Squid incorrectly handled certain malformed packets received on the HTCP port. A remote attacker could exploit this with a specially-crafted packet and cause Squid to crash, resulting in a denial of service.
d8d35fbd670ceb872134e0a760b1297c0ddf57008a8b14fb9d239abb228c5540
Softbiz Classifieds PLUS suffers from multiple remote SQL injection vulnerabilities.
6637f9df6e7c0380a790cc741bef9937374ec63fb8e821aa365caae0bca84e85
WikyBlog version 1.7.3rc2 suffers from shell upload, cross site scripting, cookie manipulation, session fixation, and remote file inclusion vulnerabilities.
acbfd4c7f5e319c5a321f810fa9217f1b5ee15842e106529193c9cdbeeb6d15d
Article Friendly suffers from a local file inclusion vulnerability.
bc6d96165ee0b4314aced6aba236f9bd3f29556c15be47378166e74df0c8237e
PBBoard version 2.0.5 suffers from add administrator and shell upload vulnerabilities.
29abb40977a4fb0be424a9f90430a489826cd07952a220e94dc1737315b5b968
Zero Day Initiative Advisory 10-020 - This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of EMC HomeBase Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HomeBase SSL Service due to a failure to sanitize '../' directory traversal modifiers from a parameter. This will allow a user to specify any filename to upload arbitrary contents into. Successful exploitation can result in code execution under the context of the service.
94b735cb9134c2f95e503f506eef61a55020e96a2a8404d05a17d6880d25f3d2
Newbie CMS suffers from an insecure cookie handling vulnerability.
f54f9549b0f96010f41871d9edbfacb2abb179f8fdfb7cacb26a99f79eb4aa89
MediaCoder version 0.7.3.4605 local buffer overflow exploit with calc.exe and bindshell shellcode.
fddb673addca4e8f2a1b132f3c1cc428c3b5554e631381b9af04b449c98a5ce4