STG Security Advisory: An input validation flaw in ZeroBoard can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
Minis 0.2.1 suffers from a directory traversal flaw that allows for viewing of files outside of the webroot. If the server does not have access to the file, it enters into a loop causing a denial of service.
Microsoft Internet Explorer 6 is susceptible to a flaw that allows for malicious file download via manipulation of the File Download Information bar functionality.
GulfTech Security Research - ReviewPost PHP Pro versions below 2.84 suffer from cross site scripting and SQL injection attacks. Sample exploitation given.
GulfTech Security Research - PhotoPost PHP versions 4.8.6 and below suffer from cross site scripting and SQL injection flaws. Sample exploitation given.
Mac OSX versions 10.3.x with a Darwin Kernel equal to or below 7.7.0 are susceptible to a denial of service flaw that may allow for possible privilege escalation.
Proof of concept exploit for an old format string vulnerability in setuid versions of top. This vulnerability has popped back up in the Solaris 10 Companion CD.
Alt-N WebAdmin, the web application used to administer MDaemon and RelayFax, is susceptible to cross site scripting, html injection, and unauthenticated account modification vulnerabilities. Versions 3.0.2 and below are susceptible.
InternetExploiter 3, .ANI-file Animation header length stack based buffer overflow exploit for Internet Explorer. Uses Cascading Style Sheets to load a malicious animated cursor. Runs a bindshell on port 28876.