Packet Storm's last 100 added files.
Last Updated: Wed Jul 28 18:42:38 EDT 2010


[ MDVSA-2010-142.txt ] 7c99ef64bfc0338ec6f317c16f73ff04 Mandriva Linux Security Advisory 2010-142 - The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.  
[ uplusftp-overflow.txt ] 60a3b2b94f3545e1846005844320d4f2 UPlusFTP Server version 1.7.1.01 remote buffer overflow post authentication exploit.  
[ symantecams-flaw.txt ] 99af1c5cdd484a0a3d2744bc9ee6a38d Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) proof of concept command execution exploit.  
[ jira-xss.txt ] bd54a2222350829abde01d653c24d6a4 Jira version 4.0.1 suffers from a cross site scripting vulnerability.  
[ secunia-autonomykvrp.txt ] 1e07e58e799d937de79f9a8685c827aa Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ secunia-autonomykvindex.txt ] 3d559dc765a3666312900d97ec293124 Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ zemana-escalate.txt ] 3c52a66eb2c31dd73df27b7a44faf0b1 Zemana AntiLogger with AntiLog32.sys versions 1.5.2.755 and below suffer from a local privilege escalation vulnerability.  
[ ceteraecommerce-sqlxss.txt ] 2eaa26eb1f22884df3d3167bc069e4b0 Cetera eCommerce versions 14.0 and below suffer from cross site scripting and remote SQL injection vulnerabilities.  
[ secunia-wkssriu.txt ] 50abca786543ffdc74a394e0ff72c086 Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ secunia-autonomywosr.txt ] 54f75386e8a64e96a4a8814d3df82ed6 Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ secunia-autonomyrtfsigned.txt ] 051da84386777387a8d490662fbcab7b Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the "\\ls" keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ secunia-autonomywkssr.txt ] b86bf4c0e20e58cec482e0807c9fbb94 Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ secunia-autonomycfp.txt ] 51d0af3f78c93a798c10dd606371c9df Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.  
[ apachetomcat-traversal.txt ] be0f85711288d99a26465aac5493aec3 UTF-8 directory traversal /etc/passwd grabbing exploit for Apache Tomcat versions prior to 6.0.18.   
[ joomlaphotomapgallery-sql.txt ] 929ef26fbab0a2d1e5aa1b95348554d7 Joomla PhotoMap Gallery version 1.6.0 suffers from multiple remote blind SQL injection vulnerabilities.  
[ avarcade-insecure.txt ] e24295757afa6e9f6b4a25d30a5fe4e7 AV Arcade version 3 suffers from insecure cookie and SQL injection vulnerabilities.  
[ nubuilder-rfi.txt ] d451eae5886197e24dccb93485ece7ea nuBuilder version 10.04.x suffers from a remote file inclusion vulnerability.  
[ dsa-2076-1.txt ] 9e20355dee50b90ffcce599a243fd717 Debian Linux Security Advisory 2076-1 - It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.  
[ dsa-2075-1.txt ] c85c7e83e978f83a8eb180e1d8a1ec32 Debian Linux Security Advisory 2075-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.  
[ MDVSA-2010-141.txt ] 61476c47e396c1762c6244eb9488a6f5 Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues.  
[ MDVSA-2010-140.txt ] 9728cbfda6ca6f7ff1a4ca0bc367b17c Mandriva Linux Security Advisory 2010-140 - This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version.  
[ punbbpunpm-sql.txt ] 6e2c0f3eee120f9b20dfae1d6ecb8956 PunBB versions 1.3.x and below with Pun_PM versions 1.2.6 and below remote blind SQL injection exploit.  
[ joomlattvideo-sql.txt ] 804159f3c6ff44c128962d760a3b3e00 Joomla TTVideo component version 1.0 suffers from a remote SQL injection vulnerability.  
[ msvisualstudio-overflow ] d97606695742264600bae5e755755fa4 Microsoft Visual Studio version 6.0 VCMUTL.dll unicode Active-X buffer overflow exploit.  
[ AdminLoginFinder.tar.gz ] 83f3d29ff6d9af527a0c9c9f5ded5d8c AdminLoginFnder is a perl script that scans webservers for administrative login / control panel sections.  
[ fbruteforcer.py.txt ] c1a881c74c55ae82b40e646268cab519 This is a simple Facebook bruteforcing script that makes use of the Python Mechanize module and a wordlist.  
[ ie67-dos.txt ] 2752a461ecb310dd0db37c67b478c81e Microsoft Internet Explorer versions 6 and 7 suffers from a denial of service vulnerability.  
[ NocON2010-CFP.txt ] c2aa734ac66dfe214966445e7bd4f875 Call For Papers for the No cON Name 2010 Congress. This conference will be held in Barcelona, Spain, from October 18th through the 19th.  
[ socialmedia-lfi.txt ] cfecac432433c100c61e1b5bd2b280fd Social Media version 2.0.0 suffers from a local file inclusion vulnerability.  
[ stackbf.c ] 68c6e59edcec5721f37a7e5d4572546a Stack bruteforcing utility against buffer overflow programs with ASLR. Provides polymorphic shellcode for /bin/sh.  
[ theetacms-sqlxss.txt ] dbfc07930d0e37e7ee46e6f86ff96744 Theeta CMS suffers from cross site scripting and remote SQL injection vulnerabilities.  
[ joomlaappointinator-sql.txt ] f3ba06cfcb83632d05900d500338dc58 The Joomla Appointinator component version 1.0.1 suffers from remote SQL injection vulnerabilities.  
[ syndeocms-xss.txt ] 7968a477727cac0314791654ba903d9f SyndeoCMS versions 2.9.0 and below suffer from multiple cross site scripting vulnerabilities.  
[ MDVSA-2010-139.txt ] 2b75ea5f7908e8b6b979d2ee7f9b6e02 Mandriva Linux Security Advisory 2010-139 - This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible interruption array leak in strrchr(). Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). Fixed a possible memory corruption in substr_replace(). Fixed SplObjectStorage unserialization problems. Fixed a possible stack exhaustion inside fnmatch(). Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed handling of session variable serialization on certain prefix characters. Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Additionally some of the third party extensions has been upgraded and/or rebuilt for the new php version.  
[ major_rls79.txt ] 0703add159aebb090826a24794228dde PHPKIT WCMS version 1.6.5 suffers from multiple cross site scripting vulnerabilities.  
[ easyftp_mkd_fixret.rb.txt ] a31ab6edcdb29318cc3ec1bcff1a522d This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing 'MKD' commands, which leads to a stack based buffer overflow. NOTE: EasyFTP allows anonymous access by default. However, in order to access the 'MKD' command, you must have access to an account that can create directories. After version 1.7.0.12, this package was renamed "UplusFtp". This exploit utilizes a small piece of code that I\\'ve referred to as 'fixRet'. This code allows us to inject of payload of ~500 bytes into a 264 byte buffer by 'fixing' the return address post-exploitation. See references for more information.   
[ easyftp_list_fixret.rb.txt ] dd1158c4d3c385cf313352a66803a9f8 This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11. credit goes to Karn Ganeshan. NOTE: Although, this is likely to exploit the same vulnerability as the 'easyftp_cwd_fixret' exploit, it uses a slightly different vector.   
[ hyleos_chemviewx_activex.rb.txt ] ba64d10e2eab24164863d5807b3b8829 This Metasploit module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary code.  
[ easyftp_list.rb.txt ] e8e1ba35a15a4cce0d46cd0b3dd34996 This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing the 'path' parameter supplied to an HTTP GET request, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability. After version 1.7.0.12, this package was renamed "UplusFtp". Due to limited space, as well as difficulties using an egghunter, the use of staged, ORD, and/or shell payloads is recommended.   
[ USN-964-1.txt ] 3111259b30c67166c3ac294216b6aa2f Ubuntu Security Notice 964-1 - Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to.  
[ USN-930-6.txt ] 324692d14b04636308087c2f0b7a0216 Ubuntu Security Notice 930-6 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem.  
[ USN-957-2.txt ] 3ac0be5b6b188eb8f7028ff06ce196a5 Ubuntu Security Notice 957-2 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem.  
[ LWSA-2010-011.txt ] e3445faede7a32cf2db6c82cd7257311 Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired.  
[ nessus-xssdisclose.txt ] df40b917caf2683326df86131ff08b44 The Nessus nessusd_www_server.nbin file suffers from cross site scripting and version disclosure vulnerabilities.  
[ macosxwebdav-dos.txt ] 435b710d622d103c5cd3285c6c725f47 The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.   
[ foofus-20100726.txt ] e3cc0c7592f38c3b6586dee82cf27d3e The Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response capabilities to AMS2. A design error in Symantec's implementation of this function allows an attacker who can establish a TCP connection to port 38292, on a vulnerable host to execute commands at system level on that host. Versions 10.1.8.8000 and below are affected.  
[ fuzzdiff.py.txt ] ec3d8e64642e2cc6539902f9ff72fd1f FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.  
[ transparent-medical-devices.pdf ] 5fcfc55317dc9197494fe74df312b5b1 Whitepaper called Killed by Code: Software Transparency in Implantable Medical Devices.  
[ qqplayersmi-overflow.txt ] 406fce05161dd97728004e5127e74900 QQplayer versions 2.3.696.400p1 and below .smi file processing local buffer overflow exploit.  
[ oscommercemax-backup.txt ] cc921370448d96ff05e985cba88687e9 Oscommerce Max version 2.0.25 suffers from a backup creation and download vulnerability.  
[ my-sql.pdf ] e29082314c34ad39aacd6ba49afe9045 This whitepaper is a MySQL SQL injection tutorial.  
[ xaoscms-sql.txt ] 3f1232364f7761927a2bc521a89941c4 XAOS CMS suffers from a remote SQL injection vulnerability.  
[ ballettinforum-sql.txt ] f0d470d0b7080cb35de5500baf7793bb Ballettin Forum suffers from multiple remote SQL injection vulnerabilities.  
[ dff-0.7.0-src.tar.gz ] 6b32705c46baca28919e4eb4a86d5edb DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules. 
[ freewaycms-sql.txt ] 1216100b38edc567233f55871056cc3c Freeway CMS version 1.4.3.210 suffers from a remote SQL injection vulnerability.  
[ cmsignition-sql.txt ] 446d8862e5f82196fb635141c713b34a CMS Ignition suffers from a remote SQL injection vulnerability.  
[ 3dlammtxklrr-sqlxss.txt ] 96c08fb2939955b12c9e268f6891e5b1 3dl.am Script Mtxkl Raidrush suffers from cross site scripting and remote SQL injection vulnerabilities.  
[ RewriteProxy.tar.gz ] a08c950a24eed7173d10eedf262b18f9 RewriteProxy is a small python tool that is based on the twisted library. Its purpose is to serve local files instead of remote files to fool the same-domain policy of modified flash and java-applets.  
[ H2HC-CFP-2010.txt ] 12de3bc173f5529e277ebfeb9786eb76 The Hackers 2 Hackers Conference (H2HC) 7th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from November 27th through the 28th, 2010.  
[ joomlayoutube-sql.txt ] c8dd9f2b8c10c316d484ab3670899934 The Joomla Youtube component version 1.5 suffers from a remote SQL injection vulnerability.  
[ snews-sql.txt ] ed4caa097d0a5510528623309e911953 sNews suffers from a remote SQL injection vulnerability.  
[ whiteboard-sql.txt ] 2a19ae36375d32a5ab9fdedfbfb652cc WhiteBoard version 0.1.30 suffers from remote blind SQL injection vulnerabilities.  
[ mccontentmanager-sqlxss.txt ] 58d6abfd9ce2049944a7bf5349cdf4ca MC Content Manager suffers from cross site scripting and remote SQL injection vulnerabilities.  
[ USN-958-1.txt ] 0de1e7fa26e9a0047dec66a87aa31f88 Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output.  
[ 3dlam-traversal.txt ] 2fe28b4ff6da2e85a187e09eb8d51d5a 3dl.am script Mtxkl Raidrush suffers from a directory traversal vulnerability.  
[ CVP-HackersPerspective.pdf ] 9762e45d583ee557b5973b01f6d64df3 Whitepaper called Cisco VoIP Phone - A Hackers Perspective.  
[ joomlajoomdle-sql.txt ] f1b69cf11c3f2b3292fcc7416a5144e4 The Joomla Joomdle component versions 0.24 and below suffer from a remote SQL injection vulnerability.  
[ buffer_overflow_edisi_ketiga.txt ] f22cc94bee01a03ff514f29dd444ff19 Whitepaper called Linux Buffer Overflow Tutorial III. Written in Indonesian.  
[ joomlaitarmory-sql.txt ] 7f12d608a61cc05aac5bba01d42cadf9 The Joomla ITArmory component versions 0.1.4 and below suffer from a remote SQL injection vulnerability.  
[ joomlaoziogallery-sql.txt ] dae7e34691b3c239f93bb3b27a5ab4f0 Joomla Ozio Gallery suffers from a remote SQL injection vulnerability.  
[ akyblog-sql.txt ] c4fa0c90b7565ad574ca93b30f6dc851 AKY Blog suffers from a remote SQL injection vulnerability.  
[ openrealty-xss.txt ] d0e65b7d700ff1100064e99760a8d61c Open Realty versions 2.x and 3.x suffer from a cross site scripting vulnerability.  
[ snews17cat-sql.txt ] 4d01ea8eb8192c4ef166acc87ac0c2ab sNews version 1.7 suffers from a remote SQL injection vulnerability.  
[ dmfilemanager-shell.txt ] 362db9a6cfc30255e8bd01ff42f7adc5 DM Filemanager version 3.9.11 suffers from a remote shell upload vulnerability.  
[ vbul386-disclose.txt ] 54d72c3bad39416a76438dc174286c2b vBulletin version 3.8.6 suffers from an information disclosure vulnerability in faq.php.  
[ validformbuilder-exec.txt ] 08b37b33f1c0f8b2514a16309b3c0103 ValidForm Builder Script suffers from a remote command execution vulnerability.  
[ mpcheap-overflow.txt ] 05d24a76429aadcf3f3a1f5edc915cc0 Media Player Classic - Home Cinema suffers from a heap overflow that allows for denial of service.  
[ ms10_045_outlook_ref_only.rb.txt ] dcbc54915c27887c2bb2f3952c91bd21 It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double clicks on such an attachment or message, Outlook will proceed to execute the file that is set by the path name value. These files can be local files, but also file stored remotely for example on a file share. Exploitation is limited by the fact that its is not possible for attackers to supply command line options.  
[ ms10_045_outlook_ref_resolve.rb.txt ] e7e89d2eccf76253811695d7fc565779 It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double clicks on such an attachment or message, Outlook will proceed to execute the file that is set by the path name value. These files can be local files, but also file stored remotely for example on a file share. Exploitation is limited by the fact that its is not possible for attackers to supply command line options.  
[ windows-smb-ms07_029_msdns_zonename.rb.txt ] 13ee9c64d141d0397e165c1fa9112fa0 This Metasploit module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This Metasploit module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2. This Metasploit module exploits the RPC service using the \\\\DNSSERVER pipe available via SMB. This pipe requires a valid user account to access, so the SMBUSER and SMBPASS options must be specified.  
[ windows-dcerpc-ms07_029_msdns_zonename.rb.txt ] 63098092df859e7e334084e3ddb459c8 This Metasploit module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This Metasploit module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2.  
[ ms03_051_fp30reg_chunked.rb.txt ] 03c71acda7b11ea0fb8eab5d2a1f6dd4 This is an exploit for the chunked encoding buffer overflow described in MS03-051 and originally reported by Brett Moore. This particular modules works against versions of Windows 2000 between SP0 and SP3. Service Pack 4 fixes the issue.  
[ ms03_022_nsiislog_post.rb.txt ] 16671c67b9f9d8da1b80c3f4aa20ff1e This exploits a buffer overflow found in the nsiislog.dll ISAPI filter that comes with Windows Media Server. This Metasploit module will also work against the 'patched' MS03-019 version. This vulnerability was addressed by MS03-022.  
[ lucidlynx-overflow.txt ] 24510248419f3e20285e695271783c3f Ubuntu 10.04 LTS - Lucid Lynx FTP Client version 0.17-19build1 suffers from a buffer overflow vulnerability related to the ACCT command.  
[ photopostphp465-sql.txt ] 2444acc53dcd42683fb414223d7790a9 PhotoPost PHP version 4.6.5 suffers from a remote SQL injection vulnerability.  
[ easyftp-overflow.rb.txt ] 75d67510cd8601ad1970bef73b239338 This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server version 1.7.0.11.  
[ ffsm-clickjack.txt ] 7ba30b781e859a4d0fdfeb52ca953e5c Firefox version 3.6.7 / SeaMonkey version 2.0.6 clickjacking proof of concept exploits.  
[ joomlagolfcourseguide-sql.txt ] 3d6ec581d8070b9739c7f267a8d19b7b Joomla GolfCourseGuide component versions 0.9.6.0 Beta and 1 Beta suffer from a remote SQL injection vulnerability.  
[ MDVSA-2010-138.txt ] f3a0872b53366adca0c324b1c26cef97 Mandriva Linux Security Advisory 2010-138 - Ovidiu Mara reported a vulnerability in ping.c (iputils) that could cause ping to hang when responding to a malicious echo reply. The updated packages have been patched to correct these issues.  
[ watobo_0.9.2rev149.zip ] f34e3a20366000b0e58427945094a5f9 WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more. 
[ USN-930-5.txt ] b18fb0e1a60d1c8024c63d29cf99455e Ubuntu Security Notice 930-5 - USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. It was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.  
[ USN-930-4.txt ] 8dac06ec88431ebfc36d057240bcabe5 Ubuntu Security Notice 930-4 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.  
[ USN-927-8.txt ] 64b84ca6839b3b57d046d740d8088886 Ubuntu Security Notice 927-8 - USN-927-1 fixed vulnerabilities in NSS. This update provides the Thunderbird update to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.  
[ photopostphp-sql.txt ] a1cdbe934b4c194f8d956b20c508495b PhotoPost PHP versions 4.0 through 4.6 suffer from a remote SQL injection vulnerability.  
[ PHPJackal.php.gz ] 034206ec21a87de8470dab73a098ccf7 PHPJackal is a PHP script that can be used to manage files, perform safemode bypass, has crackers built-in, various network scanners and more.  
[ DSECRG-09-068.txt ] 451abfbc0ef4b0e2a82befc9477d71d6 SAP NetWeaver SLD versions 6.4 through 7.02 suffer from multiple cross site scripting vulnerabilities.  
[ zeematri-shell.txt ] 4a637cc7d960b8f6d2938e0878df9701 ZeeMatri version 3x suffers from a shell upload vulnerability.  
[ DSECRG-09-040.txt ] d16c41273ad057de749869ddaaf86c49 SAP Netweaver versions 6.4 through 7.0 suffer from a cross site scripting vulnerability.  
[ ibmaix5l-hash.txt ] 9960734c7ca1d426705d71ffbd6d6444 AIX 5l with FTP server remote root hash disclosure exploit. Creates a coredump including the root user hash from /etc/security/passwd. This is the second version that was written to be more portable between hosts.  
[ zeenetworking-shell.txt ] 9b98bd7441a1a70a3be86f41f1bef75e ZeeNetworking 1x suffers from a shell upload vulnerability.