It was discovered that several web browser will render web-pages without a defined charset with the charset of the parent page when put into an (i)frame. This might allow bypassing XSS filters with for example UTF-7 payload.
 more...

It was discovered that WordPress's support of trackbacks in different charsets can be used to bypass WordPress's SQL injection protection. This might result in a compromise of the admin account and the execution of arbitrary PHP code on the server more...

It was discovered that the CSRF protection of WordPress's administration interface is vulnerable to an XSS vulnerability which might result in a compromise of the admin account and the execution of arbitrary PHP code on the server more...

A vulnerability in Dotdebs PHP packages was discovered that allows abusing any PHP script that uses mail() as spamrobot. Furthermore this vulnerability might lead to disclosure of sensitive information sent out by email. more...

A heap overflow in PHP's HTML entity encoder was discovered that can be triggered through the htmlentities() and htmlspecialchars() functions. Successfull exploitation results in arbitrary remote code execution. more...

An user supplied charset in the error displaying script of phpMyAdmin allows XSS. more...

Multiple XSS vulnerabilities within the administration interface of Serendipity were found that allow Cross Site Scripting attacks against the blog admin. more...

A missing default charset definition in ViewVC allows XSS attacks against browsers interpreting UTF-7. more...

It was discovered that userinput passed to the unserialize() function might trigger an integer overflow in array creation that might result in remote code execution. more...

A design flaw of PHP's open_basedir feature allows bypassing it's restrictions with the symlink() function.
 more...

Multiple vulnerabilities within phpMyAdmin were discovered that allow bypassing it's protection against CSRF which might lead to the execution of arbitrary SQL queries. more...

An unverified path variable might allow an attacker to inject and execute arbitrary PHP code within PHProjekt. more...

Multiple remote vulnerabilities in the Zend Platform Session Handler have been discovered that can even lead to remote (PHP) code execution. more...

A vulnerability in DokuWiki's spellchecker allows normal wiki visitors to execute arbritrary PHP code through injection into a preg_replace() call, that uses the /e modifier. more...

A vulnerability in the passive wifi scanner KisMAC was discovered that allows execution of arbitrary code through a single manipulated 80211 management frame. more...

A format string vulnerability in the exception handling of the new mysqli extension for PHP may result in remote code execution. more...

Due to a flaw in the session handling of PHP, applications using PHP5's session extension are vulnerable to HTTP Response Splitting attacks. more...

TinyMCE Compressor uses unchecked user input directly within filenames or
prints it into the output buffer which allows disclosure of arbitrary files and XSS attacks more...

A vulnerability within the redesigned register_globals emulation layer of phpMyAdmin can be used to overwrite f.e. arbitrary configuration values and therefore eventually lead to execution of arbitrary code or injection of XSS. more...

A vulnerability in the URL parser of (lib)Curl may lead to a heap overflow and unintended code execution, when a certain kind of malformed URL is requested through (lib)Curl. more...

Multiple vulnerabilities in the commercial SugarCRM fork vTiger allow for privilege escalation, local and remote code execution, Cross-Site scripting and authentication bypass.
Attack classes found are SQL injection, XSS, unsafe file inclusion. more...

Due to incorrect handling of global variables, attackers can view arbitrary files, perform XSS and HTTP Response Splitting attacks on a vulnerable phpSysInfo instance. more...

Multiple vulnerabilities in the commercial community management system PHPKIT allow for password hash disclosure, XSS and remote code execution. more...

$GLOBALS overwrite can lead to unexpected behaviour of PHP applications, which can lead to execution of remote PHP code in many situations. more...

Unsafe termination of parse_str() by the memory_limit request shutdown may result in the register_globals directive turned back on. more...

A Cross Site Scripting (XSS) Vulnerability in phpinfo() could f.e. lead to cookie data exposure if an info script is left on a production server. more...

Multiple vulnerabilities within phpBB <= 2.0.17 allow XSS, SQL injection and even remote PHP code execution. more...

A design flaw within phpMyAdmin allows inclusion of arbitrary files, which usually leads to remote code execution. more...

A malformed XMLRPC request can result in execution of arbitrary injected PHP code in applications using PHPXMLRPC. more...

A malformed XMLRPC request can result in execution of arbitrary injected PHP code in applications using PEAR XML_RPC. more...

Several vulnerabilities in the server administration tool SysCP allow inclusion of remote code and compromise of the affected server. more...

Multiple SQL injection and XSS vulnerabilities may
result in disclosure of administrators credentials. more...

The CMS Contrexx is vulnerable to Cross-Site Scripting, SQL Injections and password hash disclosure. more...

A global variable, that controls the config file path within the Yawp library, can be overwritten which leads to a remote URL include vulnerability under some conditions. more...

A wrongly implemented feature of PunBB's template system, can lead to execution of arbitrary PHP code. more...

An uninitialised variable within PunBB allows SQL injection and can lead to forum privilege escalation. more...

Multiple Security Holes in Jaws allow remote code execution. more...

An input validation flaw within Geeklog allows SQL injection and can lead f.e. to user password hash disclosure. more...

A HTTP headers bypass switch can also be used to completely bypass the authentification system of Cacti. As admin it is possible to execute shell commands with the permission of the webserver. more...

Wrongly implemented user input filters allow injection of user input into executed shell commands. more...

Wrongly implemented user input filters lead to multiple SQL Injection vulnerabilities which can lead f.e. to disclosure of the admin password hash. more...

The free weblog system Serendipity allows for remote code execution through a vulnerability in its XML-RPC libraries which are derived from PEAR::XML_RPC. more...

An input validation flaw within Trac allows download/upload of files and therefore can lead to remote code execution in some configurations. more...

During development of the Hardening-Patch we have discovered several vulnerabilities within PHP that could allow local and remote execution of arbitrary code. more...

Several vulnerabilities were found within Cyrus IMAP Server, that allow remote execution of arbitrary code. more...

Several vulnerabilities within the smbfs module of the Linux kernel were found, that allow crashing the kernel or leaking kernel memory with the help of the smb server. more...

A buffer overflow inside the QFILEPATHINFO request handler of Samba 3.x was found, that allows remote code execution on Samba servers. more...

A binary safety problem within PHP's strip_tags() function was found, that may allow injection of arbitrary tags in Internet Explorer and Safari browsers. more...

During a reaudit of the memory_limit implementation within PHP, it was discovered, that it is possible for a remote attacker to trigger the memory_limit request termination in places where an interruption is unsafe. This can be abused to execute arbitrary code on remote PHP servers. more...

A vulnerability within the CVS viewer Chora was found, that allows remote shell command injection. more...

A team audit with SuSE Linux security researcher Sebastian Krahmer revealed more vulnerabilities within CVS, that allow remote compromise of CVS servers. more...

A vulnerability within Subversion was found, that allows remote compromise of Subversion servers. more...

A vulnerability within CVS was found, that allows remote compromise of CVS servers. more...

A vulnerability within a date parsing function within libneon was found, that allows arbitrary code execution in applications using the vulnerable function. more...

A vulnerability within phpMyFAQ was discovered that allows inclusion of arbitrary local files. more...

A vulnerability in the NetBSD and FreeBSD implementation of systrace was discovered, that allows local user with access to systrace to gain root privileges. more...

13 remotely triggerable vulnerabilities were discovered in the multiprotocol packet sniffer Ethereal that allow remote compromise. more...

2 vulnerabilities were found in the instant messenger Trillian that allow remote compromise. more...

12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. more...

Several vulnerabilities within emule and its unix ports were found, that could allow remote compromise of P2P users. more...

A vulnerability within CVS was found, that allows remote compromise of CVS servers. more...

Again a vulnerability within Fetchmail was found, that could allow remote compromise. more...

Several vulnerabilities within MySQL and the client library libmysqlclient were discovered, that could allow (remote) compromise of database clients and/or servers.
 more...

Several vulnerabilities within Fetchmail were discovered, that could allow remote compromise. more...

A critical vulnerability within the multipart/form-data handler of PHP was discovered, that could allow remote compromise of web-servers. more...

Several vulnerabilities in PHP's fileupload code were found, that allow remote compromise of servers running PHP. more...

A vulnerability in IE's SSL Certificate handling allows undetected SSL Man-In-The-Middle attacks. more...