MyPHP Forum version 1.0 is susceptible to several SQL Injection vulnerabilities that may lead to viewing of sensitive information, including hashes of user's passwords.
02ffa72f4490fdd890dd2d57ef4a6d33632c102663382dac5725fbbc6bf21869
The SafeNet SoftRemote VPN client has an issue where a password is stored as clear text in memory.
4ddf3ab879d0979c09c314bbcf63db87068c3b3d1bffa3e1403cc152a76748af
php-fusion 4.x has a bypass vulnerability where a remote attacker can view any thread.
c7ed125f9030d5ddd42cd6eefbd5b3f3c4ed2a1d8327228f82d6f55f50e50a2c
A sign extending bug in AppleFileServer exists while parsing a FPLoginExt packet. Exploit included.
f172aaf165f55268a1cc2d2eb0e697bd235cf9e069b14565a19c5b48a3a6788f
White paper discussing web application footprints and discovery methodology for web servers hosting multiple web applications.
51f2b357535a04ed528e35ff209d1544050e9ec8990d03bddf56be14b2c0d5c0
A directory traversal vulnerability was found in 602LAN SUITE's Web Mail file attachment upload feature that may be exploited to upload files to arbitrary locations on the server.
d1e62e37804a53dc78c20de47ee46e113a4de98ba83f5baabc71e5e4e2eee35c
kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. It also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.
e9bee41940b31705d7a37e1abef91138bcd038e3f0b86ffc9b0e2ca4c0f451a3
iDEFENSE Security Advisory 02.07.05 - Local exploitation of a format string vulnerability in the chdev command included by default in multiple versions of IBM Corp.'s AIX operating system could allow for arbitrary code execution as the root user.
d7c9bca37286ed5ad97f11f281e8f69e4f56ba0601fc282e185945e8f036b5a8
An ident client that outputs the username to stdout. Optionally, it can detect botnet and fake ident servers based on RFC 1413 deviance.
46cc78f13373988a33451ab3dcdcd513ad968ddf32bb1c40d326def3e649dee0
Google's custom-crafted MX software is susceptible to a trivial buffer overflow vulnerability.
396737d94e8af9b562e87e15793607ec6157f8a039b69c9e0857d9830f7708c5
iDEFENSE Security Advisory 02.07.05 - Remote exploitation of a command injection vulnerability in the Squirrelmail S/MIME plugin allows web mail users to execute arbitrary commands with the privileges of the web server.
35671328df6ad7b30df6bdca6e66a1bb2b1ad41710b19633efa94975faefefa3
Gentoo Linux Security Advisory GLSA 200502-08 - PostgreSQL's LOAD extension is vulnerable to a local privilege escalation discovered by John Heasman. A local user can load any shared library, but the initialization function will then be executed with the permissions of the PostgreSQL server. Versions below 7.4.7 are affected.
615533cf8617ef7e96f68bfb83a60648ec43b2505242c675705f212cf1e23d2c
Using plugins like Flash and the -moz-opacity filter, it is possible to display the about:config site in a hidden frame or a new window in Firefox 1.0 and Mozilla 1.7.5.
c7cedd28bcc9f676fdc00b491f4c17d87ecc083eb62153962929c8cfa0956d21
The Javascript security manager can be bypassed when a link is dropped to a tab in Firefox 1.0 and Mozilla 1.7.5.
7cec86bc934ea6cea05a1709645f91946c041eac917919abc3f8c3a2521d4edc
Firefox built-in protection against allowing dragged non-image files can be bypassed when an executable is passed with a content-type of image/gif. Tested with Firefox 1.0 and Mozilla 1.7.5.
89c610f95e5084fbbd9fffd302c959d26a3a3d494bde761f4320c56b831760b3