DB: 2016-07-25

12 new exploits

Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit
Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation Exploit

Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service

FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)

Linux/x86 - execve shellcode null byte free (Generator)
Linux/x86 - execve Null Free shellcode (Generator)

Linux/x86 - cmd shellcode null free (Generator)
Linux/x86 - cmd Null Free shellcode (Generator)

iOS - Version-independent shellcode

Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86-64 - bindshell port 4444 shellcode (132 bytes)

Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free shellcode (39 bytes)

Windows 5.0 < 7.0 x86 - null-free bindshell shellcode
Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 shellcode

Win32 - telnetbind by Winexec shellcode (111 bytes)
Win32 - telnetbind by Winexec 23 port shellcode (111 bytes)

Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes)
Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)
Windows XP Pro SP2 English - _Message-Box_ Shellcode Null-Free (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Shellcode Null Free (12 bytes)
Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)

Linux/x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes)
Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)

Win32 - Add new local administrator shellcode _secuid0_ (326 bytes)
Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)

ARM - Bindshell port 0x1337shellcode
ARM - Bindshell port 0x1337 shellcode

Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite

Linux Kernel <= 2.4.0 - Stack Infoleaks

bsd/x86 - connect back Shellcode (81 bytes)
FreeBSD/x86 - connect back Shellcode (81 bytes)

Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit
Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Privilege Boundary Crossing Local Root Exploit

Linux Kernel 2.0 / 2.1 - SIGIO
Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process

Linux Kernel 2.2 - 'ldd core' Force Reboot

Debian 2.1_ Linux Kernel 2.0.x_ RedHat 5.2 - Packet Length with Options
Linux Kernel 2.0.x (Debian 2.1 / RedHat 5.2) - Packet Length with Options

Linux Kernel 2.2.x - Non-Readable File Ptrace
Linux Kernel 2.2.x - Non-Readable File Ptrace Local Information Leak

OS X 10.x_ FreeBSD 4.x_OpenBSD 2.x_Solaris 2.5/2.6/7.0/8 exec C Library Standard I/O File Descriptor Closure
OS X 10.x_ FreeBSD 4.x_ OpenBSD 2.x_ Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure

Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (1)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (2)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (1)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (2)

Linux Kernel 2.4 - suid execve() System Call Race Condition PoC
Linux Kernel 2.4 - suid execve() System Call Race Condition Executable File Read Proof of Concept

Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling
Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read

Linux Kernel <= 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure

Microsoft Internet Explorer 6.0_ Firefox 0.x_Netscape 7.x - IMG Tag Multiple Vulnerabilities
Microsoft Internet Explorer 6.0 / Firefox 0.x / Netscape 7.x - IMG Tag Multiple Vulnerabilities

Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities

Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)

Linux/x86 - Reverse TCP Bind Shellcode (92 bytes)
Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes)

Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow

Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password)

Linux/x86 - TCP Bind Shel shellcode l (96 bytes)
Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes)

Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation
Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Privilege Escalation

Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)

OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes)
OS-X/x86-64 - /bin/sh Null Free Shellcode (34 bytes)

Mainframe/System Z - Bind Shell shellcode (2488 bytes)
Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes)

OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes)
OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes)

Ubuntu Apport - Local Privilege Escalation
Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation

Linux/x86-64 - Bindshell with Password shellcode (92 bytes)
Linux/x86-64 - Bindshell 31173 port with Password shellcode (92 bytes)

Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator)
Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)
Linux/x86-64 - bind TCP port shellcode (103 bytes)
Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes)
Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes)

Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)

Linux Kernel 3.10_ 3.18 + 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption
Linux Kernel 3.10 / 3.18 / 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption

Windows - Null-Free Shellcode Primitive Keylogger to File (431 (0x01AF) bytes)
Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)

Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)
Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow)

Windows - Null-Free Shellcode Functional Keylogger to File (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null Free Shellcode  (601 (0x0259) bytes)

Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes)
Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)

Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes)

Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes)
Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)
This commit is contained in:
Offensive Security 2016-07-25 05:06:19 +00:00
parent be496c36bc
commit 2a57bee5c6
16 changed files with 66 additions and 56 deletions

112
files.csv
View file

@ -556,7 +556,7 @@ id,file,description,date,author,platform,type,port
714,platforms/solaris/local/714.c,"Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow Exploit (2)",2004-12-24,"Marco Ivaldi",solaris,local,0
715,platforms/solaris/local/715.c,"Solaris 8/9 - passwd circ() Local Root Exploit",2004-12-24,"Marco Ivaldi",solaris,local,0
716,platforms/solaris/remote/716.c,"Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)",2004-12-24,"Marco Ivaldi",solaris,remote,513
718,platforms/linux/local/718.c,"Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit",2004-12-24,"Marco Ivaldi",linux,local,0
718,platforms/linux/local/718.c,"Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation Exploit",2004-12-24,"Marco Ivaldi",linux,local,0
719,platforms/windows/remote/719.txt,"Microsoft Internet Explorer XP SP2 - HTML Help Control Local Zone Bypass",2004-12-25,Paul,windows,remote,0
720,platforms/php/webapps/720.pl,"Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)",2004-12-25,anonymous,php,webapps,0
721,platforms/windows/dos/721.html,"Microsoft Windows Kernel - ANI File Parsing Crash",2004-12-25,Flashsky,windows,dos,0
@ -9501,7 +9501,7 @@ id,file,description,date,author,platform,type,port
10190,platforms/windows/dos/10190.txt,"Cisco VPN Client Integer Overflow (DOS)",2009-11-21,"Alex Hernandez",windows,dos,0
10192,platforms/php/webapps/10192.txt,"Joomla Component Com_Joomclip (cat) SQL injection",2009-11-21,"599eme Man",php,webapps,0
10201,platforms/windows/local/10201.pl,"TEKUVA Password Reminder Authentication Bypass",2009-11-21,iqlusion,windows,local,0
10202,platforms/linux/dos/10202.txt,"Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service",2009-10-15,"Simon Vallet",linux,dos,0
10202,platforms/linux/dos/10202.c,"Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service",2009-10-15,"Simon Vallet",linux,dos,0
10203,platforms/linux/dos/10203.txt,"BibTeX - (.bib) File Handling Memory Corruption",2009-11-13,"Vincent Lafevre",linux,dos,0
10204,platforms/windows/dos/10204.txt,"Foxit Reader - COM Objects Memory Corruption Remote Code Execution",2009-11-19,mrx,windows,dos,0
10205,platforms/multiple/dos/10205.txt,"LibTIFF - 'LZWDecodeCompat()' Remote Buffer Underflow",2009-11-12,wololo,multiple,dos,0
@ -11744,7 +11744,7 @@ id,file,description,date,author,platform,type,port
13263,platforms/freebsd_x86/shellcode/13263.txt,"FreeBSD/x86 - connect back.send.exit /etc/passwd shellcode (112 bytes)",2008-09-10,suN8Hclf,freebsd_x86,shellcode,0
13264,platforms/freebsd_x86/shellcode/13264.txt,"FreeBSD/x86 - kill all processes shellcode (12 bytes)",2008-09-09,suN8Hclf,freebsd_x86,shellcode,0
13265,platforms/freebsd_x86/shellcode/13265.c,"FreeBSD/x86 - rev connect_ recv_ jmp_ return results shellcode (90 bytes)",2008-09-05,sm4x,freebsd_x86,shellcode,0
13266,platforms/freebsd_x86/shellcode/13266.asm,"FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes)",2008-08-25,sm4x,freebsd_x86,shellcode,0
13266,platforms/freebsd_x86/shellcode/13266.asm,"FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)",2008-08-25,sm4x,freebsd_x86,shellcode,0
13267,platforms/freebsd_x86/shellcode/13267.asm,"FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh shellcode (89 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0
13268,platforms/freebsd_x86/shellcode/13268.asm,"FreeBSD/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0
13269,platforms/freebsd_x86/shellcode/13269.c,"FreeBSD/x86 - encrypted shellcode /bin/sh (48 bytes)",2008-08-19,c0d3_z3r0,freebsd_x86,shellcode,0
@ -11759,15 +11759,15 @@ id,file,description,date,author,platform,type,port
13278,platforms/freebsd_x86/shellcode/13278.asm,"FreeBSD/x86 - connect (Port 31337) shellcode (102 bytes)",2004-09-26,Scrippie,freebsd_x86,shellcode,0
13279,platforms/freebsd_x86-64/shellcode/13279.c,"FreeBSD/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)",2009-05-18,"Hack'n Roll",freebsd_x86-64,shellcode,0
13280,platforms/freebsd_x86-64/shellcode/13280.c,"FreeBSD/x86-64 - execve /bin/sh shellcode (34 bytes)",2009-05-15,c0d3_z3r0,freebsd_x86-64,shellcode,0
13281,platforms/generator/shellcode/13281.c,"Linux/x86 - execve shellcode null byte free (Generator)",2009-06-29,certaindeath,generator,shellcode,0
13281,platforms/generator/shellcode/13281.c,"Linux/x86 - execve Null Free shellcode (Generator)",2009-06-29,certaindeath,generator,shellcode,0
13282,platforms/generator/shellcode/13282.php,"Linux/x86 - portbind payload shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0
13283,platforms/generator/shellcode/13283.php,"Windows XP SP1 - portbind payload shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0
13284,platforms/generator/shellcode/13284.txt,"(Generator) - /bin/sh Polymorphic shellcode with printable ASCII characters",2008-08-31,sorrow,generator,shellcode,0
13285,platforms/generator/shellcode/13285.c,"Linux/x86 - cmd shellcode null free (Generator)",2008-08-19,BlackLight,generator,shellcode,0
13285,platforms/generator/shellcode/13285.c,"Linux/x86 - cmd Null Free shellcode (Generator)",2008-08-19,BlackLight,generator,shellcode,0
13286,platforms/generator/shellcode/13286.c,"(Generator) - Alphanumeric Shellcode Encoder/Decoder",2008-08-04,"Avri Schneider",generator,shellcode,0
13288,platforms/generator/shellcode/13288.c,"HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)",2006-10-22,izik,generator,shellcode,0
13289,platforms/generator/shellcode/13289.c,"Win32 - Multi-Format Shellcode Encoding Tool (Generator)",2005-12-16,Skylined,generator,shellcode,0
13290,platforms/hardware/shellcode/13290.txt,"iOS - Version-independent shellcode",2008-08-21,"Andy Davis",hardware,shellcode,0
13290,platforms/ios/shellcode/13290.txt,"iOS - Version-independent shellcode",2008-08-21,"Andy Davis",ios,shellcode,0
13291,platforms/hardware/shellcode/13291.txt,"Cisco IOS - Connectback (Port 21) Shellcode",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
13292,platforms/hardware/shellcode/13292.txt,"Cisco IOS - Bind Shellcode Password Protected (116 bytes)",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
13293,platforms/hardware/shellcode/13293.txt,"Cisco IOS - Tiny Shellcode (New TTY_ Privilege level to 15_ No password)",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
@ -11939,7 +11939,7 @@ id,file,description,date,author,platform,type,port
13460,platforms/lin_x86/shellcode/13460.c,"Linux/x86 - execve /bin/sh toupper() evasion shellcode (55 bytes)",2000-08-08,anonymous,lin_x86,shellcode,0
13461,platforms/lin_x86/shellcode/13461.c,"Linux/x86 - Add user _z_ shellcode (70 bytes)",2000-08-07,anonymous,lin_x86,shellcode,0
13462,platforms/lin_x86/shellcode/13462.c,"Linux/x86 - break chroot setuid(0) + /bin/sh shellcode (132 bytes)",2000-08-07,anonymous,lin_x86,shellcode,0
13463,platforms/lin_x86-64/shellcode/13463.c,"Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)",2009-05-18,evil.xi4oyu,lin_x86-64,shellcode,0
13463,platforms/lin_x86-64/shellcode/13463.c,"Linux/x86-64 - bindshell port 4444 shellcode (132 bytes)",2009-05-18,evil.xi4oyu,lin_x86-64,shellcode,0
13464,platforms/lin_x86-64/shellcode/13464.s,"Linux/x86-64 - execve(/bin/sh) shellcode (33 bytes)",2006-11-02,hophet,lin_x86-64,shellcode,0
13465,platforms/multiple/shellcode/13465.c,"Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (99 bytes)",2005-11-15,"Charles Stevenson",multiple,shellcode,0
13466,platforms/multiple/shellcode/13466.c,"OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (121 bytes)",2005-11-13,nemo,multiple,shellcode,0
@ -11975,18 +11975,18 @@ id,file,description,date,author,platform,type,port
13496,platforms/solaris_sparc/shellcode/13496.c,"Solaris/SPARC - connect-bac shellcode k (204 bytes)",2004-09-26,"Claes Nyberg",solaris_sparc,shellcode,0
13497,platforms/solaris_sparc/shellcode/13497.txt,"Solaris/SPARC - portbinding shellcode (240 bytes)",2000-11-19,dopesquad.net,solaris_sparc,shellcode,0
13498,platforms/solaris_x86/shellcode/13498.php,"Solaris/x86 - portbind/tcp shellcode (Generator)",2009-06-16,"Jonathan Salwan",solaris_x86,shellcode,0
13499,platforms/solaris_x86/shellcode/13499.c,"Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0
13499,platforms/solaris_x86/shellcode/13499.c,"Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free shellcode (39 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0
13500,platforms/solaris_x86/shellcode/13500.c,"Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) shellcode (59 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0
13501,platforms/solaris_x86/shellcode/13501.txt,"Solaris/x86 - execve /bin/sh toupper evasion shellcode (84 bytes)",2004-09-26,anonymous,solaris_x86,shellcode,0
13502,platforms/solaris_x86/shellcode/13502.txt,"Solaris/x86 - Add services and execve inetd shellcode (201 bytes)",2004-09-26,anonymous,solaris_x86,shellcode,0
13503,platforms/unixware/shellcode/13503.txt,"UnixWare - execve /bin/sh shellcode (95 bytes)",2004-09-26,K2,unixware,shellcode,0
13504,platforms/win_x86/shellcode/13504.asm,"Windows 5.0 < 7.0 x86 - null-free bindshell shellcode",2009-07-27,Skylined,win_x86,shellcode,0
13504,platforms/win_x86/shellcode/13504.asm,"Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 shellcode",2009-07-27,Skylined,win_x86,shellcode,0
13505,platforms/win_x86/shellcode/13505.c,"Win32/XP SP2 (EN) - cmd.exe shellcode (23 bytes)",2009-07-17,Stack,win_x86,shellcode,0
18615,platforms/windows/dos/18615.py,"TYPSoft FTP Server 1.1 - Remote DoS (APPE)",2012-03-17,"brock haun",windows,dos,0
18593,platforms/php/webapps/18593.txt,"ModX 2.2.0 - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0
18594,platforms/php/webapps/18594.txt,"Simple Posting System - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0
13507,platforms/win_x86/shellcode/13507.txt,"Win32 - SEH omelet shellcode",2009-03-16,Skylined,win_x86,shellcode,0
13508,platforms/win_x86/shellcode/13508.asm,"Win32 - telnetbind by Winexec shellcode (111 bytes)",2009-02-27,DATA_SNIPER,win_x86,shellcode,0
13508,platforms/win_x86/shellcode/13508.asm,"Win32 - telnetbind by Winexec 23 port shellcode (111 bytes)",2009-02-27,DATA_SNIPER,win_x86,shellcode,0
13509,platforms/win_x86/shellcode/13509.c,"Win32 - PEB!NtGlobalFlags shellcode (14 bytes)",2009-02-24,Koshi,win_x86,shellcode,0
13510,platforms/win_x86/shellcode/13510.c,"Win32 XP SP2 FR - Sellcode cmd.exe shellcode (32 bytes)",2009-02-20,Stack,win_x86,shellcode,0
13511,platforms/win_x86/shellcode/13511.c,"Win32/XP SP2 - cmd.exe shellcode (57 bytes)",2009-02-03,Stack,win_x86,shellcode,0
@ -12001,7 +12001,7 @@ id,file,description,date,author,platform,type,port
13520,platforms/win_x86/shellcode/13520.c,"Win32/XP SP2 - Pop up message box shellcode (110 bytes)",2006-01-24,Omega7,win_x86,shellcode,0
13521,platforms/win_x86/shellcode/13521.asm,"Win32 - WinExec() Command Parameter shellcode (104+ bytes)",2006-01-24,Weiss,win_x86,shellcode,0
13522,platforms/win_x86/shellcode/13522.c,"Win32 - Download & Exec Shellcode (226+ bytes)",2005-12-23,darkeagle,win_x86,shellcode,0
13523,platforms/win_x86/shellcode/13523.c,"Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes)",2005-10-28,darkeagle,win_x86,shellcode,0
13523,platforms/win_x86/shellcode/13523.c,"Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)",2005-10-28,darkeagle,win_x86,shellcode,0
13524,platforms/win_x86/shellcode/13524.txt,"Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)",2005-08-16,"Matthieu Suiche",win_x86,shellcode,0
13525,platforms/win_x86/shellcode/13525.c,"Windows 9x/NT/2000/XP - PEB method shellcode (29 bytes)",2005-07-26,loco,win_x86,shellcode,0
13526,platforms/win_x86/shellcode/13526.c,"Windows 9x/NT/2000/XP - PEB method shellcode (31 bytes)",2005-01-26,twoci,win_x86,shellcode,0
@ -12031,8 +12031,8 @@ id,file,description,date,author,platform,type,port
13577,platforms/lin_x86/shellcode/13577.txt,"Linux/x86 - break chroot shellcode (79 bytes)",2009-12-30,root@thegibson,lin_x86,shellcode,0
13578,platforms/lin_x86/shellcode/13578.txt,"Linux/x86 - fork bomb shellcode (6 bytes)",2009-12-30,root@thegibson,lin_x86,shellcode,0
13579,platforms/lin_x86/shellcode/13579.c,"Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)",2009-12-31,sandman,lin_x86,shellcode,0
13581,platforms/windows/shellcode/13581.txt,"Windows XP Pro SP2 English - _Message-Box_ Shellcode Null-Free (16 bytes)",2010-01-03,Aodrulez,windows,shellcode,0
13582,platforms/windows/shellcode/13582.txt,"Windows XP Pro SP2 English - _Wordpad_ Shellcode Null Free (12 bytes)",2010-01-03,Aodrulez,windows,shellcode,0
13581,platforms/windows/shellcode/13581.txt,"Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)",2010-01-03,Aodrulez,windows,shellcode,0
13582,platforms/windows/shellcode/13582.txt,"Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)",2010-01-03,Aodrulez,windows,shellcode,0
13586,platforms/lin_x86/shellcode/13586.txt,"Linux/x86 - eject /dev/cdrom shellcode (42 bytes)",2010-01-08,root@thegibson,lin_x86,shellcode,0
13595,platforms/win_x86/shellcode/13595.c,"Win32 XP SP2 FR - calc shellcode (19 bytes)",2010-01-20,SkuLL-HackeR,win_x86,shellcode,0
13599,platforms/lin_x86/shellcode/13599.txt,"Linux/x86 - polymorphic shellcode ip6tables -F (71 bytes)",2010-01-24,"Jonathan Salwan",lin_x86,shellcode,0
@ -12863,7 +12863,7 @@ id,file,description,date,author,platform,type,port
14688,platforms/freebsd/local/14688.c,"FreeBSD - mbufs() sendfile Cache Poisoning Privilege Escalation",2010-08-19,kingcope,freebsd,local,0
14689,platforms/windows/dos/14689.pl,"Tuniac 100723 - Denial of Service",2010-08-19,d4rk-h4ck3r,windows,dos,0
14690,platforms/windows/dos/14690.pl,"Fennec 1.2 Beta 3 - Denial of Service",2010-08-19,d4rk-h4ck3r,windows,dos,0
14691,platforms/lin_x86/shellcode/14691.c,"Linux/x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes)",2010-08-19,Aodrulez,lin_x86,shellcode,0
14691,platforms/lin_x86/shellcode/14691.c,"Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)",2010-08-19,Aodrulez,lin_x86,shellcode,0
14693,platforms/windows/local/14693.py,"Microsoft Word Record Parsing Buffer Overflow (MS09-027)",2010-08-20,anonymous,windows,local,0
14707,platforms/php/webapps/14707.txt,"Joomla Component (com_Fabrik) SQL Injection",2010-08-21,Mkr0x,php,webapps,0
14694,platforms/php/webapps/14694.txt,"Joomla Component com_extcalendar Blind SQL Injection",2010-08-20,Lagripe-Dz,php,webapps,0
@ -13217,7 +13217,7 @@ id,file,description,date,author,platform,type,port
15200,platforms/php/webapps/15200.txt,"FAQMasterFlex 1.2 - SQL Injection",2010-10-04,cyb3r.anbu,php,webapps,0
15201,platforms/windows/local/15201.rb,"SnackAmp 3.1.3B - SMP Buffer Overflow (SEH DEP Bypass)",2010-10-04,"Muhamad Fadzil Ramli",windows,local,0
15202,platforms/win_x86/shellcode/15202.c,"Win32/XP Pro SP3 (EN) 32-bit - Add new local administrator _secuid0_ shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0
15203,platforms/win_x86/shellcode/15203.c,"Win32 - Add new local administrator shellcode _secuid0_ (326 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0
15203,platforms/win_x86/shellcode/15203.c,"Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0
15204,platforms/php/webapps/15204.txt,"DNET Live-Stats 0.8 - Local File Inclusion",2010-10-04,blake,php,webapps,0
15205,platforms/php/webapps/15205.txt,"Aspect Ratio CMS Blind SQL Injection",2010-10-04,"Stephan Sattler",php,webapps,0
15206,platforms/bsd/local/15206.c,"FreeBSD - 'pseudofs' NULL Pointer Dereference Local Privilege Escalation",2010-10-04,"Babcia Padlina",bsd,local,0
@ -13323,7 +13323,7 @@ id,file,description,date,author,platform,type,port
15310,platforms/php/webapps/15310.py,"Jamb CSRF Arbitrary Add a Post",2010-10-25,Stoke,php,webapps,0
15312,platforms/windows/local/15312.py,"Winamp 5.5.8.2985 (in_mod plugin) - Stack Overflow",2010-10-25,"Mighty-D and 7eK",windows,local,0
15313,platforms/php/webapps/15313.txt,"Plesk Small Business Manager 10.2.0 and Site Editor - Multiple Vulnerabilities",2010-10-25,"David Hoyt",php,webapps,0
15314,platforms/arm/shellcode/15314.asm,"ARM - Bindshell port 0x1337shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
15314,platforms/arm/shellcode/15314.asm,"ARM - Bindshell port 0x1337 shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
15315,platforms/arm/shellcode/15315.asm,"ARM - Bind Connect UDP Port 68 shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
15316,platforms/arm/shellcode/15316.asm,"ARM - Loader Port 0x1337 shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
15317,platforms/arm/shellcode/15317.asm,"ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
@ -13353,7 +13353,7 @@ id,file,description,date,author,platform,type,port
15341,platforms/multiple/dos/15341.html,"Firefox - Interleaving document.write and appendChild Denial of Service",2010-10-28,"Daniel Veditz",multiple,dos,0
15342,platforms/multiple/dos/15342.html,"Firefox - Memory Corruption Proof of Concept (Simplified)",2010-10-28,extraexploit,multiple,dos,0
15343,platforms/php/webapps/15343.php,"RoSPORA <= 1.5.0 - Remote PHP Code Injection",2010-10-28,EgiX,php,webapps,0
15344,platforms/linux/dos/15344.c,"Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite",2010-10-28,"Kees Cook",linux,dos,0
15344,platforms/linux/local/15344.c,"Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite",2010-10-28,"Kees Cook",linux,local,0
15345,platforms/php/webapps/15345.txt,"TFTgallery <= 0.13.1 - Local File Inclusion",2010-10-28,Havok,php,webapps,0
15346,platforms/multiple/dos/15346.c,"Platinum SDK Library post upnp sscanf Buffer Overflow",2010-10-28,n00b,multiple,dos,0
15347,platforms/windows/remote/15347.py,"XBMC 9.04.1r20672 soap_action_name post upnp sscanf Buffer Overflow",2010-10-28,n00b,windows,remote,0
@ -13468,7 +13468,7 @@ id,file,description,date,author,platform,type,port
15476,platforms/multiple/dos/15476.php,"IBM OmniFind Crawler Denial of Service",2010-11-09,"Fatih Kilic",multiple,dos,0
15490,platforms/php/webapps/15490.txt,"XT:Commerce < 3.04 SP2.1 - XSS",2010-11-11,"Philipp Niedziela",php,webapps,0
15480,platforms/windows/local/15480.pl,"Free CD to MP3 Converter 3.1 - Buffer Overflow Exploit",2010-11-10,"C4SS!0 G0M3S",windows,local,0
15481,platforms/linux/dos/15481.c,"Linux Kernel <= 2.4.0 - Stack Infoleaks",2010-11-10,"Dan Rosenberg",linux,dos,0
15481,platforms/linux/local/15481.c,"Linux Kernel <= 2.4.0 - Stack Infoleaks",2010-11-10,"Dan Rosenberg",linux,local,0
15482,platforms/windows/dos/15482.html,"Qtweb Browser 3.5 - Buffer Overflow",2010-11-10,PoisonCode,windows,dos,0
15483,platforms/windows/local/15483.rb,"Free CD to MP3 Converter 3.1 - Buffer Overflow Exploit (SEH)",2010-11-10,"C4SS!0 G0M3S",windows,local,0
15486,platforms/php/webapps/15486.txt,"eBlog 1.7 - Multiple SQL Injection Vulnerabilities",2010-11-10,"Salvatore Fresta",php,webapps,0
@ -13881,7 +13881,7 @@ id,file,description,date,author,platform,type,port
16022,platforms/windows/dos/16022.c,"Panda Global Protection 2010 - Local DoS",2011-01-21,Heurs,windows,dos,0
16023,platforms/windows/dos/16023.c,"Panda Global Protection 2010 - Local DoS (unfiltered wcscpy())",2011-01-21,Heurs,windows,dos,0
16024,platforms/windows/local/16024.txt,"Microsoft Fax Cover Page Editor <= 5.2.3790.3959 Double Free Memory Corruption",2011-01-24,"Luigi Auriemma",windows,local,0
16025,platforms/bsd_x86/shellcode/16025.c,"bsd/x86 - connect back Shellcode (81 bytes)",2011-01-21,Tosh,bsd_x86,shellcode,0
16025,platforms/freebsd_x86/shellcode/16025.c,"FreeBSD/x86 - connect back Shellcode (81 bytes)",2011-01-21,Tosh,freebsd_x86,shellcode,0
16026,platforms/bsd_x86/shellcode/16026.c,"BSD/x86 - 31337 portbind + fork shellcode (111 bytes)",2011-01-21,Tosh,bsd_x86,shellcode,0
16027,platforms/php/webapps/16027.txt,"phpcms 9.0 - Blind SQL Injection",2011-01-22,eidelweiss,php,webapps,0
16028,platforms/php/webapps/16028.txt,"cultbooking 2.0.4 - Multiple Vulnerabilities",2011-01-22,LiquidWorm,php,webapps,0
@ -15817,7 +15817,7 @@ id,file,description,date,author,platform,type,port
18225,platforms/linux/dos/18225.c,"CSF Firewall Buffer Overflow",2011-12-09,"FoX HaCkEr",linux,dos,0
18226,platforms/linux_mips/shellcode/18226.c,"Linux/MIPS - connect back shellcode (port 0x7a69) (168 bytes)",2011-12-10,rigan,linux_mips,shellcode,0
18227,platforms/linux_mips/shellcode/18227.c,"Linux/MIPS - reboot() shellcode (32 bytes)",2011-12-10,rigan,linux_mips,shellcode,0
18228,platforms/linux/local/18228.sh,"Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit",2011-12-10,otr,linux,local,0
18228,platforms/linux/local/18228.sh,"Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Privilege Boundary Crossing Local Root Exploit",2011-12-10,otr,linux,local,0
18230,platforms/php/webapps/18230.txt,"FCMS <= 2.7.2 CMS - Multiple Stored XSS",2011-12-10,"Ahmed Elhady Mohamed",php,webapps,0
18231,platforms/php/webapps/18231.txt,"WordPress UPM-POLLS Plugin 1.0.4 - Blind SQL Injection",2011-12-11,Saif,php,webapps,0
18232,platforms/php/webapps/18232.txt,"FCMS <= 2.7.2 CMS - Multiple CSRF Vulnerabilities",2011-12-11,"Ahmed Elhady Mohamed",php,webapps,0
@ -16488,7 +16488,7 @@ id,file,description,date,author,platform,type,port
19082,platforms/linux/dos/19082.txt,"AMD K6 Processor",1998-06-01,Poulot-Cazajous,linux,dos,0
19083,platforms/windows/remote/19083.cpp,"Cheyenne Inoculan for Windows NT 4.0 Share",1998-06-10,"Paul Boyer",windows,remote,0
19084,platforms/multiple/remote/19084.txt,"Metainfo Sendmail 2.0/2.5 & MetaIP 3.1",1998-06-30,"Jeff Forristal",multiple,remote,0
19085,platforms/linux/dos/19085.c,"Linux Kernel 2.0 / 2.1 - SIGIO",1998-06-30,"David Luyer",linux,dos,0
19085,platforms/linux/dos/19085.c,"Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process",1998-06-30,"David Luyer",linux,dos,0
19086,platforms/linux/remote/19086.c,"wu-ftpd 2.4.2 & SCO Open Server <= 5.0.5 & ProFTPD 1.2 pre1 - realpath (1)",1999-02-09,"smiler and cossack",linux,remote,21
19087,platforms/linux/remote/19087.c,"wu-ftpd 2.4.2 & SCO Open Server <= 5.0.5 & ProFTPD 1.2 pre1 - realpath (2)",1999-02-09,"jamez and c0nd0r",linux,remote,21
19089,platforms/windows/dos/19089.txt,"Windows OpenType Font - File Format DoS Exploit",2012-06-12,Cr4sh,windows,dos,0
@ -16661,7 +16661,7 @@ id,file,description,date,author,platform,type,port
19269,platforms/irix/local/19269.txt,"SGI IRIX <= 6.0.1 colorview",1995-02-09,"Dave Sill",irix,local,0
19270,platforms/linux/local/19270.c,"Debian Linux 2.0 - Super Syslog Buffer Overflow",1999-02-25,c0nd0r,linux,local,0
19271,platforms/linux/dos/19271.c,"Linux Kernel 2.0 - TCP Port DoS",1999-01-19,"David Schwartz",linux,dos,0
19272,platforms/linux/local/19272.txt,"Linux Kernel 2.2 - 'ldd core' Force Reboot",1999-01-26,"Dan Burcaw",linux,local,0
19272,platforms/linux/dos/19272.txt,"Linux Kernel 2.2 - 'ldd core' Force Reboot",1999-01-26,"Dan Burcaw",linux,dos,0
19273,platforms/irix/local/19273.sh,"SGI IRIX 6.2 - day5notifier",1997-05-16,"Mike Neuman",irix,local,0
19274,platforms/irix/local/19274.c,"SGI IRIX <= 6.3 df",1997-05-24,"David Hedley",irix,local,0
19275,platforms/irix/local/19275.c,"SGI IRIX <= 6.4 datman/cdman",1996-12-09,"Yuri Volobuev",irix,local,0
@ -16946,7 +16946,7 @@ id,file,description,date,author,platform,type,port
19578,platforms/windows/dos/19578.txt,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (2)",1999-10-31,.rain.forest.puppy,windows,dos,0
19673,platforms/windows/local/19673.txt,"Microsoft Windows 95/98/NT 4.0 Help File Trojan",1999-12-10,"Pauli Ojanpera",windows,local,0
19674,platforms/sco/local/19674.c,"SCO Unixware 7.0/7.0.1/7.1/7.1.1 - Privileged Program Debugging",1999-12-10,"Brock Tellier",sco,local,0
19675,platforms/linux/dos/19675.c,"Debian 2.1_ Linux Kernel 2.0.x_ RedHat 5.2 - Packet Length with Options",1999-12-08,"Andrea Arcangeli",linux,dos,0
19675,platforms/linux/dos/19675.c,"Linux Kernel 2.0.x (Debian 2.1 / RedHat 5.2) - Packet Length with Options",1999-12-08,"Andrea Arcangeli",linux,dos,0
19676,platforms/freebsd/local/19676.c,"FreeBSD 3.3_Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (1)",2000-05-17,"Brock Tellier",freebsd,local,0
19677,platforms/linux/local/19677.c,"FreeBSD 3.3_Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (2)",2000-05-17,"Larry W. Cashdollar",linux,local,0
19580,platforms/windows/remote/19580.txt,"Avirt Gateway Suite 3.3 a/3.5 Mail Server Buffer Overflow (1)",1999-10-31,"Luck Martins",windows,remote,0
@ -17785,7 +17785,7 @@ id,file,description,date,author,platform,type,port
20455,platforms/aix/local/20455.c,"IBM AIX 4.3.x piobe Buffer Overflow",2000-12-01,"Last Stage of Delirium",aix,local,0
20456,platforms/windows/local/20456.c,"Microsoft SQL Server 7.0/2000_Data Engine 1.0/2000 xp_showcolv Buffer Overflow",2000-12-01,"David Litchfield",windows,local,0
20457,platforms/windows/local/20457.c,"Microsoft SQL Server 7.0/2000_Data Engine 1.0/2000 xp_peekqueue Buffer Overflow",2000-12-01,@stake,windows,local,0
20458,platforms/linux/local/20458.txt,"Linux Kernel 2.2.x - Non-Readable File Ptrace",2000-11-30,"Lamagra Argamal",linux,local,0
20458,platforms/linux/local/20458.txt,"Linux Kernel 2.2.x - Non-Readable File Ptrace Local Information Leak",2000-11-30,"Lamagra Argamal",linux,local,0
20459,platforms/windows/remote/20459.html,"Microsoft Internet Explorer 5 \'INPUT TYPE=FILE\'",2000-12-01,Key,windows,remote,0
20460,platforms/windows/remote/20460.txt,"Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow",2000-12-04,"Alberto Solino",windows,remote,0
20461,platforms/windows/remote/20461.txt,"Serv-U 2.4/2.5 FTP Directory Traversal",2000-12-05,Zoa_Chien,windows,remote,0
@ -18685,7 +18685,7 @@ id,file,description,date,author,platform,type,port
21404,platforms/windows/dos/21404.htm,"Microsoft Internet Explorer 5/6 Self-Referential Object Denial of Service",2002-04-20,"Matthew Murphy",windows,dos,0
21405,platforms/cgi/webapps/21405.txt,"Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting",2002-04-20,BrainRawt,cgi,webapps,0
21406,platforms/cgi/webapps/21406.txt,"Philip Chinery's Guestbook 1.1 Script Injection",2002-04-21,"markus arndt",cgi,webapps,0
21407,platforms/bsd/local/21407.c,"OS X 10.x_ FreeBSD 4.x_OpenBSD 2.x_Solaris 2.5/2.6/7.0/8 exec C Library Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0
21407,platforms/bsd/local/21407.c,"OS X 10.x_ FreeBSD 4.x_ OpenBSD 2.x_ Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0
21408,platforms/unix/local/21408.pl,"SLRNPull 0.9.6 Spool Directory Command Line Parameter Buffer Overflow",2002-04-22,zillion,unix,local,0
21409,platforms/unix/dos/21409.pl,"PsyBNC 2.3 Oversized Passwords Denial of Service",2002-04-22,DVDMAN,unix,dos,0
21410,platforms/windows/remote/21410.pl,"Matu FTP 1.74 Client Buffer Overflow",2002-04-23,Kanatoko,windows,remote,0
@ -18874,7 +18874,7 @@ id,file,description,date,author,platform,type,port
21595,platforms/windows/remote/21595.c,"Nullsoft Winamp 2.80 - Automatic Update Check Buffer Overflow",2002-07-03,anonymous,windows,remote,0
21596,platforms/osx/remote/21596.txt,"MacOS X 10.1.x SoftwareUpdate Arbitrary Package Installation",2002-07-08,"Russell Harding",osx,remote,0
21597,platforms/windows/remote/21597.txt,"Key Focus KF Web Server 1.0.2 - Directory Contents Disclosure",2002-07-08,Securiteinfo.com,windows,remote,0
21598,platforms/linux/local/21598.c,"Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion",2002-07-08,"Paul Starzetz",linux,local,0
21598,platforms/linux/dos/21598.c,"Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion",2002-07-08,"Paul Starzetz",linux,dos,0
21599,platforms/windows/remote/21599.txt,"Working Resources BadBlue 1.7.3 - cleanSearchString() Cross-Site Scripting",2002-07-08,"Matthew Murphy",windows,remote,0
21600,platforms/windows/dos/21600.txt,"Working Resources BadBlue 1.7.3 - Get Request Denial of Service",2002-07-08,"Matthew Murphy",windows,dos,0
21601,platforms/windows/remote/21601.c,"Microsoft Foundation Class Library 7.0 ISAPI Buffer Overflow",2002-07-08,"Matthew Murphy",windows,remote,0
@ -19612,8 +19612,8 @@ id,file,description,date,author,platform,type,port
22359,platforms/multiple/dos/22359.xsl,"Sun JDK/SDK 1.3/1.4_IBM JDK 1.3.1_BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (2)",2003-03-15,"Marc Schoenefeld",multiple,dos,0
22360,platforms/multiple/dos/22360.java,"Sun JDK/SDK 1.3/1.4_IBM JDK 1.3.1_BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (3)",2003-03-15,"Marc Schoenefeld",multiple,dos,0
22361,platforms/linux/remote/22361.cpp,"Qpopper 3/4 Username Information Disclosure Weakness",2003-03-11,plasmahh,linux,remote,0
22362,platforms/linux/local/22362.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (1)",2003-03-17,anszom@v-lo.krakow.pl,linux,local,0
22363,platforms/linux/local/22363.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (2)",2003-04-10,"Wojciech Purczynski",linux,local,0
22362,platforms/linux/local/22362.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (1)",2003-03-17,anszom@v-lo.krakow.pl,linux,local,0
22363,platforms/linux/local/22363.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (2)",2003-04-10,"Wojciech Purczynski",linux,local,0
22364,platforms/cgi/webapps/22364.c,"Outblaze Webmail - Cookie Authentication Bypass",2003-03-17,"dong-h0un U",cgi,webapps,0
22365,platforms/windows/remote/22365.pl,"Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow (1)",2003-03-24,mat,windows,remote,0
22366,platforms/windows/remote/22366.c,"Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow (2)",2003-03-31,ThreaT,windows,remote,0
@ -20079,7 +20079,7 @@ id,file,description,date,author,platform,type,port
22837,platforms/windows/remote/22837.c,"Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow",2003-06-25,firew0rker,windows,remote,0
22838,platforms/windows/remote/22838.txt,"BRS WebWeaver 1.0 Error Page Cross-Site Scripting",2003-06-26,"Carsten H. Eiram",windows,remote,0
22839,platforms/linux/dos/22839.c,"methane IRCd 0.1.1 - Remote Format String",2003-06-27,Dinos,linux,dos,0
22840,platforms/linux/local/22840.c,"Linux Kernel 2.4 - suid execve() System Call Race Condition PoC",2003-06-26,IhaQueR,linux,local,0
22840,platforms/linux/local/22840.c,"Linux Kernel 2.4 - suid execve() System Call Race Condition Executable File Read Proof of Concept",2003-06-26,IhaQueR,linux,local,0
22841,platforms/php/webapps/22841.txt,"iXmail 0.2/0.3 iXmail_NetAttach.php File Deletion",2003-06-26,leseulfrog,php,webapps,0
22842,platforms/php/webapps/22842.txt,"CutePHP CuteNews 1.3 HTML Injection",2003-06-29,"Peter Winter-Smith",php,webapps,0
22843,platforms/cgi/webapps/22843.txt,"MegaBook 1.1/2.0/2.1 - Multiple HTML Injection Vulnerabilities",2003-06-29,"Morning Wood",cgi,webapps,0
@ -21238,7 +21238,7 @@ id,file,description,date,author,platform,type,port
24040,platforms/multiple/remote/24040.txt,"PISG 0.54 IRC Nick HTML Injection",2004-04-22,shr3kst3r,multiple,remote,0
24041,platforms/multiple/remote/24041.c,"Epic Games Unreal Tournament Engine 3 - UMOD Manifest.INI Remote Arbitrary File Overwrite",2004-04-22,"Luigi Auriemma",multiple,remote,0
24042,platforms/windows/dos/24042.txt,"Yahoo! Messenger 5.6 YInsthelper.DLL Multiple Buffer Overflow Vulnerabilities",2004-04-23,"Rafel Ivgi The-Insider",windows,dos,0
24043,platforms/linux/local/24043.c,"Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling",2004-04-23,"Brad Spengler",linux,local,0
24043,platforms/linux/local/24043.c,"Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read",2004-04-23,"Brad Spengler",linux,local,0
24044,platforms/php/webapps/24044.txt,"phpLiteAdmin <= 1.9.3 - Remote PHP Code Injection",2013-01-11,L@usch,php,webapps,0
24045,platforms/java/remote/24045.rb,"Java Applet JMX - Remote Code Execution (1)",2013-01-11,Metasploit,java,remote,0
24049,platforms/asp/webapps/24049.txt,"PW New Media Network Modular Site Management System 0.2.1 - Ver.asp Information Disclosure",2004-04-23,CyberTalon,asp,webapps,0
@ -21639,7 +21639,7 @@ id,file,description,date,author,platform,type,port
24456,platforms/php/webapps/24456.txt,"glossword 1.8.12 - Multiple Vulnerabilities",2013-02-05,AkaStep,php,webapps,0
24457,platforms/php/webapps/24457.txt,"Glossword 1.8.3 - SQL Injection",2013-02-05,AkaStep,php,webapps,0
24458,platforms/linux/local/24458.txt,"Oracle Automated Service Manager 1.3 - Installation Local Privilege Escalation",2013-02-05,"Larry W. Cashdollar",linux,local,0
24459,platforms/linux/dos/24459.sh,"Linux Kernel <= 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure",2013-02-05,vladz,linux,dos,0
24459,platforms/linux/local/24459.sh,"Linux Kernel <= 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure",2013-02-05,vladz,linux,local,0
24461,platforms/windows/remote/24461.rb,"VMWare OVF Tools - Format String (2)",2013-02-12,Metasploit,windows,remote,0
24462,platforms/php/webapps/24462.txt,"Hiverr 2.2 - Multiple Vulnerabilities",2013-02-06,xStarCode,php,webapps,0
24463,platforms/windows/dos/24463.txt,"Cool PDF Reader 3.0.2.256 - Buffer Overflow",2013-02-07,"Chris Gabriel",windows,dos,0
@ -21885,7 +21885,7 @@ id,file,description,date,author,platform,type,port
24725,platforms/multiple/remote/24725.php,"Trend Micro ScanMail for Domino 2.51/2.6 - Remote File Disclosure",2004-11-05,DokFLeed,multiple,remote,0
24726,platforms/windows/dos/24726.txt,"Software602 602 LAN Suite Multiple Remote Denial of Service Vulnerabilities",2004-11-06,"Luigi Auriemma",windows,dos,0
24727,platforms/windows/remote/24727.txt,"Microsoft Internet Explorer 6.0 - Local Resource Enumeration",2004-11-08,"Benjamin Tobias Franz",windows,remote,0
24728,platforms/windows/remote/24728.txt,"Microsoft Internet Explorer 6.0_ Firefox 0.x_Netscape 7.x - IMG Tag Multiple Vulnerabilities",2004-11-10,"Wolfgang Schwarz",windows,remote,0
24728,platforms/windows/remote/24728.txt,"Microsoft Internet Explorer 6.0 / Firefox 0.x / Netscape 7.x - IMG Tag Multiple Vulnerabilities",2004-11-10,"Wolfgang Schwarz",windows,remote,0
24729,platforms/php/webapps/24729.txt,"webcalendar 0.9.x - Multiple Vulnerabilities",2004-11-10,"Joxean Koret",php,webapps,0
24730,platforms/multiple/remote/24730.txt,"04webserver 1.42 - Multiple Vulnerabilities",2004-11-10,"Tan Chew Keong",multiple,remote,0
24731,platforms/php/webapps/24731.txt,"Aztek Forum 4.0 - Multiple Input Validation Vulnerabilities",2004-11-12,"benji lemien",php,webapps,0
@ -22375,7 +22375,7 @@ id,file,description,date,author,platform,type,port
25231,platforms/windows/dos/25231.txt,"Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service",2005-03-17,"Hongzhen Zhou",windows,dos,0
25232,platforms/php/webapps/25232.txt,"McNews 1.x Install.php Arbitrary File Include",2005-03-17,"Jonathan Whiteley",php,webapps,0
25233,platforms/asp/webapps/25233.txt,"ACS Blog 0.8/0.9/1.0/1.1 - Search.ASP Cross-Site Scripting",2005-03-17,"farhad koosha",asp,webapps,0
25234,platforms/linux/local/25234.sh,"Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities",2005-03-17,"Michal Zalewski",linux,local,0
25234,platforms/linux/dos/25234.sh,"Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities",2005-03-17,"Michal Zalewski",linux,dos,0
25235,platforms/php/webapps/25235.txt,"Subdreamer 1.0 - SQL Injection",2005-03-18,"GHC team",php,webapps,0
25236,platforms/php/webapps/25236.html,"PHPOpenChat 3.0.1 - Multiple HTML Injection Vulnerabilities",2005-03-18,"PersianHacker Team",php,webapps,0
25237,platforms/php/webapps/25237.txt,"RunCMS 1.1 Database Configuration Information Disclosure",2005-03-18,"Majid NT",php,webapps,0
@ -22427,7 +22427,7 @@ id,file,description,date,author,platform,type,port
25284,platforms/php/webapps/25284.txt,"Nuke Bookmarks 0.6 Marks.php SQL Injection",2005-03-26,"Gerardo Astharot Di Giacomo",php,webapps,0
25285,platforms/php/webapps/25285.txt,"MagicScripts E-Store Kit-2 PayPal Edition Cross-Site Scripting",2005-03-26,Dcrab,php,webapps,0
25286,platforms/php/webapps/25286.txt,"MagicScripts E-Store Kit-2 PayPal Edition Remote File Include",2005-03-26,Dcrab,php,webapps,0
25287,platforms/linux/local/25287.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)",2005-03-28,"ilja van sprundel",linux,local,0
25287,platforms/linux/dos/25287.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)",2005-03-28,"ilja van sprundel",linux,dos,0
25288,platforms/linux/local/25288.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root (2)",2005-04-08,qobaiashi,linux,local,0
25289,platforms/linux/local/25289.c,"Linux Kernel <= 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root",2005-10-19,backdoored.net,linux,local,0
25291,platforms/multiple/remote/25291.txt,"Tincat Network Library Remote Buffer Overflow",2005-03-28,"Luigi Auriemma",multiple,remote,0
@ -22630,7 +22630,7 @@ id,file,description,date,author,platform,type,port
25494,platforms/php/webapps/25494.txt,"ProfitCode Software PayProCart 3.0 AdminShop ProMod Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0
25495,platforms/php/webapps/25495.txt,"ProfitCode Software PayProCart 3.0 AdminShop MMActionComm Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0
25496,platforms/php/webapps/25496.txt,"php-Charts 1.0 - Code Execution",2013-05-17,"fizzle stick",php,webapps,0
25497,platforms/lin_x86/shellcode/25497.c,"Linux/x86 - Reverse TCP Bind Shellcode (92 bytes)",2013-05-17,"Russell Willis",lin_x86,shellcode,0
25497,platforms/lin_x86/shellcode/25497.c,"Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes)",2013-05-17,"Russell Willis",lin_x86,shellcode,0
25498,platforms/asp/webapps/25498.txt,"ASPNuke 0.80 Comments.ASP SQL Injection",2005-04-22,Dcrab,asp,webapps,0
25499,platforms/linux/dos/25499.py,"nginx 1.3.9-1.4.0 - DoS PoC",2013-05-17,"Mert SARICA",linux,dos,0
25500,platforms/asp/webapps/25500.txt,"ASPNuke 0.80 Detail.ASP SQL Injection",2005-04-22,Dcrab,asp,webapps,0
@ -22784,7 +22784,7 @@ id,file,description,date,author,platform,type,port
25644,platforms/php/webapps/25644.txt,"e107 Website System 0.617 Request.php Directory Traversal",2005-05-10,Heintz,php,webapps,0
25645,platforms/php/webapps/25645.txt,"e107 Website System 0.617 Forum_viewforum.php SQL Injection",2005-05-10,Heintz,php,webapps,0
25646,platforms/windows/remote/25646.txt,"MyServer 0.8 - Cross-Site Scripting",2005-05-10,dr_insane,windows,remote,0
25647,platforms/linux/local/25647.sh,"Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow",2005-05-11,"Paul Starzetz",linux,local,0
25647,platforms/linux/dos/25647.sh,"Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow",2005-05-11,"Paul Starzetz",linux,dos,0
25648,platforms/cgi/remote/25648.txt,"neteyes nexusway border gateway - Multiple Vulnerabilities",2005-05-11,pokley,cgi,remote,0
25649,platforms/cgi/webapps/25649.txt,"showoff! digital media software 1.5.4 - Multiple Vulnerabilities",2011-05-11,dr_insane,cgi,webapps,0
25650,platforms/php/webapps/25650.txt,"Open Solution Quick.Cart 0.3 Index.php Cross-Site Scripting",2005-05-11,Lostmon,php,webapps,0
@ -32061,7 +32061,7 @@ id,file,description,date,author,platform,type,port
35582,platforms/php/webapps/35582.txt,"ProjectSend r561 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
35583,platforms/php/webapps/35583.txt,"Piwigo 2.7.2 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
35584,platforms/php/webapps/35584.txt,"GQ File Manager 0.2.5 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
35586,platforms/lin_x86-64/shellcode/35586.c,"Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
35586,platforms/lin_x86-64/shellcode/35586.c,"Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
35585,platforms/php/webapps/35585.txt,"Codiad 2.4.3 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
35587,platforms/lin_x86-64/shellcode/35587.c,"Linux/x86-64 - Reverse TCP connect shellcode (77 to 85 bytes / 90 to 98 bytes with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
35588,platforms/php/remote/35588.rb,"Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE",2014-12-22,"Patrick Webster",php,remote,9000
@ -32826,7 +32826,7 @@ id,file,description,date,author,platform,type,port
36395,platforms/lin_x86/shellcode/36395.c,"Linux/x86 - Obfuscated execve(_/bin/sh_) shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0
36481,platforms/php/webapps/36481.txt,"WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross Site Scripting",2011-12-31,6Scan,php,webapps,0
36397,platforms/lin_x86/shellcode/36397.c,"Linux/x86 - Reverse TCP Shell shellcode (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0
36398,platforms/lin_x86/shellcode/36398.c,"Linux/x86 - TCP Bind Shel shellcode l (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0
36398,platforms/lin_x86/shellcode/36398.c,"Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0
36407,platforms/php/webapps/36407.txt,"Elxis CMS 2009 administrator/index.php URI XSS",2011-12-05,"Ewerson Guimaraes",php,webapps,0
36408,platforms/php/webapps/36408.txt,"WordPress Pretty Link Plugin 1.5.2 - 'pretty-bar.php' Cross Site Scripting",2011-12-06,Am!r,php,webapps,0
36410,platforms/php/webapps/36410.txt,"Simple Machines Forum 1.1.15 - 'fckeditor' Arbitrary File Upload",2011-12-06,HELLBOY,php,webapps,0
@ -33104,7 +33104,7 @@ id,file,description,date,author,platform,type,port
36689,platforms/linux/webapps/36689.txt,"BOA Web Server 0.94.8.2 - Arbitrary File Access",2000-12-19,llmora,linux,webapps,0
36690,platforms/linux/remote/36690.rb,"Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit",2015-04-09,xort,linux,remote,8000
36691,platforms/php/webapps/36691.txt,"WordPress Windows Desktop and iPhone Photo Uploader Plugin Arbitrary File Upload",2015-04-09,"Manish Tanwar",php,webapps,80
36692,platforms/osx/local/36692.py,"Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0
36692,platforms/osx/local/36692.py,"Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0
36693,platforms/php/webapps/36693.txt,"RabbitWiki 'title' Parameter Cross Site Scripting",2012-02-10,sonyy,php,webapps,0
36694,platforms/php/webapps/36694.txt,"eFront Community++ 3.6.10 SQL Injection and Multiple HTML Injection Vulnerabilities",2012-02-12,"Benjamin Kunz Mejri",php,webapps,0
36695,platforms/php/webapps/36695.txt,"Zimbra 'view' Parameter Cross Site Scripting",2012-02-13,sonyy,php,webapps,0
@ -34087,7 +34087,7 @@ id,file,description,date,author,platform,type,port
37950,platforms/php/webapps/37950.txt,"jCore /admin/index.php path Parameter XSS",2012-10-17,"High-Tech Bridge",php,webapps,0
37951,platforms/windows/remote/37951.py,"Easy File Sharing Web Server 6.9 - USERID Remote Buffer Overflow",2015-08-24,"Tracy Turben",windows,remote,0
37757,platforms/multiple/webapps/37757.py,"Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XXE Exploit",2015-08-12,"David Bloom",multiple,webapps,0
37758,platforms/win_x86/shellcode/37758.c,"Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes)",2015-08-12,noviceflux,win_x86,shellcode,0
37758,platforms/win_x86/shellcode/37758.c,"Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)",2015-08-12,noviceflux,win_x86,shellcode,0
37759,platforms/linux/dos/37759.py,"NeuroServer 0.7.4 - (EEG TCP/IP Transceiver) Remote DoS",2015-08-12,nitr0us,linux,dos,0
37760,platforms/windows/local/37760.rb,"PDF Shaper 3.5 - Buffer Overflow",2015-08-12,metacom,windows,local,0
37761,platforms/ios/webapps/37761.txt,"Printer Pro 5.4.3 IOS - Persistent Cross Site Scripting",2015-08-12,"Taurus Omar",ios,webapps,0
@ -34378,13 +34378,13 @@ id,file,description,date,author,platform,type,port
38062,platforms/multiple/webapps/38062.txt,"Forescout CounterACT 'a' Parameter Open Redirection",2012-11-26,"Joseph Sheridan",multiple,webapps,0
38063,platforms/php/webapps/38063.txt,"WordPress Wp-ImageZoom Theme 'id' Parameter SQL Injection",2012-11-26,Amirh03in,php,webapps,0
38064,platforms/php/webapps/38064.txt,"WordPress CStar Design 'id' Parameter SQL Injection",2012-11-27,Amirh03in,php,webapps,0
38065,platforms/osx/shellcode/38065.txt,"OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes)",2015-09-02,"Fitzl Csaba",osx,shellcode,0
38065,platforms/osx/shellcode/38065.txt,"OS-X/x86-64 - /bin/sh Null Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",osx,shellcode,0
38068,platforms/php/webapps/38068.txt,"MantisBT 1.2.19 - Host Header Attack",2015-09-02,"Pier-Luc Maltais",php,webapps,80
38071,platforms/php/webapps/38071.rb,"YesWiki 0.2 - Path Traversal",2015-09-02,HaHwul,php,webapps,80
38072,platforms/windows/dos/38072.py,"SphereFTP Server 2.0 - Crash PoC",2015-09-02,"Meisam Monsef",windows,dos,21
38073,platforms/hardware/webapps/38073.html,"GPON Home Router FTP G-93RG1 - CSRF Command Execution",2015-09-02,"Phan Thanh Duy",hardware,webapps,80
38074,platforms/php/webapps/38074.txt,"Cerb 7.0.3 - CSRF",2015-09-02,"High-Tech Bridge SA",php,webapps,80
38075,platforms/system_z/shellcode/38075.txt,"Mainframe/System Z - Bind Shell shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",system_z,shellcode,0
38075,platforms/system_z/shellcode/38075.txt,"Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",system_z,shellcode,0
38086,platforms/php/webapps/38086.html,"WordPress Contact Form Generator <= 2.0.1 - Multiple CSRF Vulnerabilities",2015-09-06,"i0akiN SEC-LABORATORY",php,webapps,80
38076,platforms/php/webapps/38076.txt,"BigDump 0.29b and 0.32b - Multiple Vulnerabilities",2012-11-28,Ur0b0r0x,php,webapps,0
38077,platforms/php/webapps/38077.txt,"WordPress Toolbox Theme 'mls' Parameter SQL Injection",2012-11-29,"Ashiyane Digital Security Team",php,webapps,0
@ -34427,7 +34427,7 @@ id,file,description,date,author,platform,type,port
38123,platforms/php/dos/38123.txt,"PHP Session Deserializer Use-After-Free",2015-09-09,"Taoguang Chen",php,dos,0
38124,platforms/android/remote/38124.py,"Android Stagefright - Remote Code Execution",2015-09-09,"Joshua J. Drake",android,remote,0
38125,platforms/php/dos/38125.txt,"PHP unserialize() Use-After-Free Vulnerabilities",2015-09-09,"Taoguang Chen",php,dos,0
38126,platforms/osx/shellcode/38126.c,"OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes)",2015-09-10,"Fitzl Csaba",osx,shellcode,0
38126,platforms/osx/shellcode/38126.c,"OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes)",2015-09-10,"Fitzl Csaba",osx,shellcode,0
38127,platforms/php/webapps/38127.php,"php - cgimode fpm writeprocmemfile bypass disable function demo",2015-09-10,ylbhz,php,webapps,0
38128,platforms/cgi/webapps/38128.txt,"Synology Video Station 1.5-0757 - Multiple Vulnerabilities",2015-09-10,"Han Sahin",cgi,webapps,5000
38129,platforms/php/webapps/38129.txt,"Octogate UTM 3.0.12 - Admin Interface Directory Traversal",2015-09-10,"Oliver Karow",php,webapps,0
@ -34641,7 +34641,7 @@ id,file,description,date,author,platform,type,port
38350,platforms/hardware/webapps/38350.txt,"Western Digital My Cloud 04.01.03-421_ 04.01.04-422 - Command Injection",2015-09-29,absane,hardware,webapps,0
38351,platforms/asp/webapps/38351.txt,"Kaseya Virtual System Administrator - Multiple Vulnerabilities (2)",2015-09-29,"Pedro Ribeiro",asp,webapps,0
38352,platforms/windows/remote/38352.rb,"ManageEngine EventLog Analyzer Remote Code Execution",2015-09-29,Metasploit,windows,remote,8400
38353,platforms/linux/local/38353.txt,"Ubuntu Apport - Local Privilege Escalation",2015-09-29,halfdog,linux,local,0
38353,platforms/linux/local/38353.txt,"Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation",2015-09-29,halfdog,linux,local,0
38354,platforms/php/webapps/38354.txt,"Plogger Multiple Input Validation Vulnerabilities",2013-03-02,"Saadat Ullah",php,webapps,0
38355,platforms/php/webapps/38355.txt,"WordPress Uploader Plugin 'blog' Parameter Cross Site Scripting",2013-03-01,CodeV,php,webapps,0
38356,platforms/hardware/remote/38356.txt,"Foscam Prior to 11.37.2.49 Directory Traversal",2013-03-01,"Frederic Basse",hardware,remote,0
@ -34752,7 +34752,7 @@ id,file,description,date,author,platform,type,port
38464,platforms/hardware/remote/38464.txt,"Cisco Linksys EA2700 Router Multiple Security Vulnerabilities",2013-04-15,"Phil Purviance",hardware,remote,0
38465,platforms/linux/dos/38465.txt,"Linux Kernel <= 3.2.1 - Tracing Mutiple Local Denial of Service Vulnerabilities",2013-04-15,anonymous,linux,dos,0
38467,platforms/windows/local/38467.py,"AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow",2015-10-15,hyp3rlinx,windows,local,0
38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bindshell with Password shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0
38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bindshell 31173 port with Password shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0
38470,platforms/hardware/webapps/38470.txt,"netis RealTek Wireless Router / ADSL Modem - Multiple Vulnerabilities",2015-10-15,"Karn Ganeshen",hardware,webapps,0
38471,platforms/hardware/webapps/38471.txt,"PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities",2015-10-15,"Karn Ganeshen",hardware,webapps,0
38472,platforms/windows/local/38472.py,"Blat.exe 2.7.6 SMTP / NNTP Mailer - Buffer Overflow",2015-10-15,hyp3rlinx,windows,local,0
@ -35216,7 +35216,7 @@ id,file,description,date,author,platform,type,port
38956,platforms/php/webapps/38956.txt,"Command School Student Management System /sw/backup/backup_ray2.php Database Backup Direct Request Information Disclosure",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
38957,platforms/php/webapps/38957.html,"Command School Student Management System /sw/admin_change_password.php Admin Password Manipulation CSRF",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
38958,platforms/php/webapps/38958.html,"Command School Student Management System /sw/add_topic.php Topic Creation CSRF",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
38959,platforms/generator/shellcode/38959.py,"Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator)",2015-12-13,B3mB4m,generator,shellcode,0
38959,platforms/generator/shellcode/38959.py,"Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)",2015-12-13,B3mB4m,generator,shellcode,0
38965,platforms/php/webapps/38965.txt,"ECommerceMajor - (productdtl.php_ prodid param) SQL Injection",2015-12-14,"Rahul Pratap Singh",php,webapps,80
38966,platforms/php/webapps/38966.txt,"WordPress Admin Management Xtended Plugin 2.4.0 - Privilege escalation",2015-12-14,"Kacper Szurek",php,webapps,80
39096,platforms/php/webapps/39096.txt,"i-doit Pro 'objID' Parameter SQL Injection",2014-02-17,"Stephan Rickauer",php,webapps,0
@ -35400,8 +35400,8 @@ id,file,description,date,author,platform,type,port
39227,platforms/hardware/remote/39227.txt,"FingerTec Fingerprint Reader - Remote Access and Remote Enrollment",2016-01-12,"Daniel Lawson",hardware,remote,0
39149,platforms/lin_x86-64/shellcode/39149.c,"Linux/x86-64 - Bind TCP Port Shellcode (103 bytes)",2016-01-01,Scorpion_,lin_x86-64,shellcode,0
39150,platforms/php/webapps/39150.txt,"Open Audit SQL Injection",2016-01-02,"Rahul Pratap Singh",php,webapps,0
39151,platforms/lin_x86-64/shellcode/39151.c,"Linux/x86-64 - bind TCP port shellcode (103 bytes)",2016-01-02,Scorpion_,lin_x86-64,shellcode,0
39152,platforms/lin_x86-64/shellcode/39152.c,"Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes)",2016-01-02,"Sathish kumar",lin_x86-64,shellcode,0
39151,platforms/lin_x86-64/shellcode/39151.c,"Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes)",2016-01-02,Scorpion_,lin_x86-64,shellcode,0
39152,platforms/lin_x86-64/shellcode/39152.c,"Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes)",2016-01-02,"Sathish kumar",lin_x86-64,shellcode,0
39153,platforms/php/webapps/39153.txt,"iDevAffiliate 'idevads.php' SQL Injection",2014-04-22,"Robert Cooper",php,webapps,0
39154,platforms/hardware/remote/39154.txt,"Comtrend CT-5361T Router password.cgi Admin Password Manipulation CSRF",2014-04-21,"TUNISIAN CYBER",hardware,remote,0
39155,platforms/linux/remote/39155.txt,"lxml 'clean_html' Function Security Bypass",2014-04-15,"Maksim Kochkin",linux,remote,0
@ -35748,7 +35748,7 @@ id,file,description,date,author,platform,type,port
39516,platforms/windows/dos/39516.py,"Quick Tftp Server Pro 2.3 - Read Mode Denial of Service",2016-03-02,"Guillaume Kaddouch",windows,dos,69
39517,platforms/windows/dos/39517.py,"Freeproxy Internet Suite 4.10 - Denial of Service",2016-03-02,"Guillaume Kaddouch",windows,dos,8080
39518,platforms/windows/dos/39518.txt,"PictureTrails Photo Editor GE.exe 2.0.0 - .bmp Crash PoC",2016-03-02,redknight99,windows,dos,0
39519,platforms/win_x86/shellcode/39519.c,"Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)",2016-03-02,"Sean Dillon",win_x86,shellcode,0
39519,platforms/win_x86/shellcode/39519.c,"Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",win_x86,shellcode,0
39520,platforms/win_x86-64/local/39520.txt,"Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation",2016-03-02,Cr4sh,win_x86-64,local,0
39521,platforms/php/webapps/39521.txt,"WordPress Bulk Delete Plugin 5.5.3 - Privilege Escalation",2016-03-03,"Panagiotis Vagenas",php,webapps,80
39522,platforms/hardware/remote/39522.txt,"Schneider Electric SBO / AS - Multiple Vulnerabilities",2016-03-03,"Karn Ganeshen",hardware,remote,0
@ -35771,7 +35771,7 @@ id,file,description,date,author,platform,type,port
39541,platforms/linux/dos/39541.txt,"Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - mct_u232 Nullpointer Dereference",2016-03-09,"OpenSource Security",linux,dos,0
39543,platforms/linux/dos/39543.txt,"Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - cdc_acm Nullpointer Dereference",2016-03-09,"OpenSource Security",linux,dos,0
39544,platforms/linux/dos/39544.txt,"Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - aiptek Nullpointer Dereference",2016-03-09,"OpenSource Security",linux,dos,0
39545,platforms/linux/dos/39545.txt,"Linux Kernel 3.10_ 3.18 + 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption",2016-03-09,"Google Security Research",linux,dos,0
39545,platforms/linux/dos/39545.txt,"Linux Kernel 3.10 / 3.18 / 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption",2016-03-09,"Google Security Research",linux,dos,0
39546,platforms/windows/dos/39546.txt,"Nitro Pro <= 10.5.7.32 & Nitro Reader <= 5.5.3.1 - Heap Memory Corruption",2016-03-10,"Francis Provencher",windows,dos,0
39547,platforms/php/webapps/39547.txt,"WordPress Best Web Soft Captcha Plugin <= 4.1.5 - Multiple Vulnerabilities",2016-03-10,"Colette Chamberland",php,webapps,80
39548,platforms/php/webapps/39548.txt,"WordPress WP Advanced Comment Plugin 0.10 - Persistent XSS",2016-03-10,"Mohammad Khaleghi",php,webapps,80
@ -35940,7 +35940,7 @@ id,file,description,date,author,platform,type,port
39728,platforms/lin_x86-64/shellcode/39728.py,"Linux/x86-64 - Bind Shell Shellcode (Generator)",2016-04-25,"Ajith Kp",lin_x86-64,shellcode,0
39729,platforms/win_x86/remote/39729.rb,"PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)",2016-04-25,"Jonathan Smith",win_x86,remote,21
39730,platforms/ruby/webapps/39730.txt,"NationBuilder Multiple Stored XSS Vulnerabilities",2016-04-25,LiquidWorm,ruby,webapps,443
39731,platforms/windows/shellcode/39731.c,"Windows - Null-Free Shellcode Primitive Keylogger to File (431 (0x01AF) bytes)",2016-04-25,Fugu,windows,shellcode,0
39731,platforms/windows/shellcode/39731.c,"Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)",2016-04-25,Fugu,windows,shellcode,0
39733,platforms/linux/dos/39733.py,"Rough Auditing Tool for Security (RATS) 2.3 - Crash PoC",2016-04-25,"David Silveiro",linux,dos,0
39734,platforms/linux/local/39734.py,"Yasr Screen Reader 0.6.9 - Local Buffer Overflow",2016-04-26,"Juan Sacco",linux,local,0
39735,platforms/windows/remote/39735.rb,"Advantech WebAccess Dashboard Viewer Arbitrary File Upload",2016-04-26,Metasploit,windows,remote,80
@ -35978,7 +35978,7 @@ id,file,description,date,author,platform,type,port
39768,platforms/multiple/dos/39768.txt,"OpenSSL Padding Oracle in AES-NI CBC MAC Check",2016-05-04,"Juraj Somorovsky",multiple,dos,0
39769,platforms/linux/local/39769.txt,"Zabbix Agent 3.0.1 - mysql.size Shell Command Injection",2016-05-04,"Timo Lindfors",linux,local,0
39770,platforms/windows/dos/39770.txt,"McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption",2016-05-04,"Google Security Research",windows,dos,0
39771,platforms/linux/dos/39771.txt,"Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)",2016-05-04,"Google Security Research",linux,dos,0
39771,platforms/linux/local/39771.txt,"Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow)",2016-05-04,"Google Security Research",linux,local,0
39772,platforms/linux/local/39772.txt,"Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Local Root Exploit",2016-05-04,"Google Security Research",linux,local,0
39773,platforms/linux/dos/39773.txt,"Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps",2016-05-04,"Google Security Research",linux,dos,0
39774,platforms/windows/dos/39774.html,"Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing",2016-05-05,"liu zhu",windows,dos,0
@ -35999,7 +35999,7 @@ id,file,description,date,author,platform,type,port
39791,platforms/multiple/local/39791.rb,"ImageMagick <= 6.9.3-9 / <= 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)",2016-05-09,Metasploit,multiple,local,0
39792,platforms/ruby/remote/39792.rb,"Ruby on Rails Development Web Console (v2) Code Execution",2016-05-09,Metasploit,ruby,remote,3000
39966,platforms/windows/dos/39966.txt,"Blat 3.2.14 - Stack Overflow",2016-06-16,Vishnu,windows,dos,0
39794,platforms/windows/shellcode/39794.c,"Windows - Null-Free Shellcode Functional Keylogger to File (601 (0x0259) bytes)",2016-05-10,Fugu,windows,shellcode,0
39794,platforms/windows/shellcode/39794.c,"Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)",2016-05-10,Fugu,windows,shellcode,0
39795,platforms/windows/dos/39795.pl,"MediaInfo 0.7.61 - Crash PoC",2016-05-10,"Mohammad Reza Espargham",windows,dos,0
39796,platforms/windows/dos/39796.py,"Ipswitch WS_FTP LE 12.3 - Search field SEH Overwrite POC",2016-05-10,"Zahid Adeel",windows,dos,0
39797,platforms/windows/dos/39797.py,"Core FTP Server 32-bit Build 587 - Heap Overflow",2016-05-10,"Paul Purcell",windows,dos,21
@ -36048,7 +36048,7 @@ id,file,description,date,author,platform,type,port
39841,platforms/xml/webapps/39841.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure",2016-05-19,ERPScan,xml,webapps,0
39842,platforms/linux/dos/39842.txt,"4digits 1.1.4 - Local Buffer Overflow",2016-05-19,N_A,linux,dos,0
39843,platforms/windows/local/39843.c,"VirIT Explorer Lite & Pro 8.1.68 - Local Privilege Escalation",2016-05-19,"Paolo Stagno",windows,local,0
39844,platforms/lin_x86-64/shellcode/39844.c,"Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes)",2016-05-20,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
39844,platforms/lin_x86-64/shellcode/39844.c,"Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)",2016-05-20,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
39845,platforms/windows/local/39845.txt,"Operation Technology ETAP 14.1.0 - Local Privilege Escalation",2016-05-23,LiquidWorm,windows,local,0
39846,platforms/windows/dos/39846.txt,"Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities",2016-05-23,LiquidWorm,windows,dos,0
39847,platforms/lin_x86-64/shellcode/39847.c,"Linux/x86-64 - Information Stealer Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
@ -36280,7 +36280,7 @@ id,file,description,date,author,platform,type,port
40118,platforms/windows/local/40118.txt,"Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)",2016-06-22,"Brian Pak",windows,local,0
40119,platforms/linux/remote/40119.md,"DropBearSSHD <= 2015.71 - Command Injection",2016-03-03,tintinweb,linux,remote,0
40120,platforms/hardware/remote/40120.py,"Meinberg NTP Time Server ELX800/GPS M4x V5.30p - Remote Command Execution and Escalate Privileges",2016-07-17,b0yd,hardware,remote,0
40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes)",2016-07-19,CripSlick,lin_x86-64,shellcode,0
40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes)",2016-07-19,CripSlick,lin_x86-64,shellcode,0
40125,platforms/multiple/remote/40125.py,"Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String Exploit",2016-07-19,bashis,multiple,remote,0
40126,platforms/php/webapps/40126.txt,"NewsP Free News Script 1.4.7 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80
40127,platforms/php/webapps/40127.txt,"newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80
@ -36295,7 +36295,7 @@ id,file,description,date,author,platform,type,port
40136,platforms/linux/remote/40136.py,"OpenSSHD <= 7.2p2 - Username Enumeration",2016-07-20,0_o,linux,remote,22
40137,platforms/php/webapps/40137.html,"WordPress Video Player Plugin 1.5.16 - SQL Injection",2016-07-20,"David Vaartjes",php,webapps,80
40138,platforms/windows/remote/40138.py,"TFTP Server 1.4 - WRQ Buffer Overflow Exploit (Egghunter)",2016-07-21,"Karn Ganeshen",windows,remote,69
40139,platforms/lin_x86-64/shellcode/40139.c,"Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes)",2016-07-21,CripSlick,lin_x86-64,shellcode,0
40139,platforms/lin_x86-64/shellcode/40139.c,"Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)",2016-07-21,CripSlick,lin_x86-64,shellcode,0
40140,platforms/php/webapps/40140.txt,"TeamPass Passwords Management System 2.1.26 - Arbitrary File Download",2016-07-21,"Hasan Emre Ozer",php,webapps,80
40141,platforms/bsd/local/40141.c,"mail.local(8) (NetBSD) - Local Root Exploit (NetBSD-SA2016-006)",2016-07-21,akat1,bsd,local,0
40142,platforms/php/remote/40142.php,"Apache 2.4.7 & PHP <= 7.0.2 - openssl_seal() Uninitialized Memory Code Execution",2016-02-01,akat1,php,remote,0

Can't render this file because it is too large.

View file

@ -1,8 +1,10 @@
/*
source: http://www.securityfocus.com/bid/4568/info
It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are valid open files before exec()ing setuid images. Consequently, I/O that are opened by a setuid process may be assigned file descriptors equivelent to those used by the C library as 'standard input','standard output', and 'standard error'.
This may result in untrusted, attacker supplied data being written to sensitive I/O channels. Local root compromise has been confirmed as a possible consequence.
*/
/*
phased/b10z

View file

@ -1,3 +1,4 @@
/*
Description of problem:
execution of a particular program from the Arachne suite reliably causes a
@ -72,6 +73,7 @@ CR2: 0000000000000030
<0>Kernel panic - not syncing: Fatal exception
PoC:
*/
#include <stdio.h>
#include <sys/types.h>

View file

@ -1,6 +1,8 @@
/*
source: http://www.securityfocus.com/bid/111/info
A vulnerability in the Linux kernel allows any user to send a SIGIO signal to any process. If the process does not catch or ignore the signal is will exit.
*/
/* On non-glibc systems you must add
*

View file

@ -1,6 +1,8 @@
/*
source: http://www.securityfocus.com/bid/2247/info
Linux kernel versions 2.1.89 to 2.2.3 are vulnerable to a denial of service attack caused when a 0-length IP fragment is received, if it is the first fragment in the list. Several thousands 0-length packets must be sent in order for this to initiate a denial of service against the target.
*/
/*
* sesquipedalian.c - Demonstrates a DoS bug in Linux 2.1.89 - 2.2.3

View file

@ -1,3 +1,4 @@
/*
source: http://www.securityfocus.com/bid/5178/info
The Linux kernel is a freely available, open source kernel originally written by Linus Torvalds. It is the core of all Linux distributions.
@ -5,6 +6,7 @@ The Linux kernel is a freely available, open source kernel originally written by
Recent versions of the Linux kernel include a collection of file descriptors which are reserved for usage by processes executing as the root user. By default, the size of this collection is set to 10 file descriptors.
It is possible for a local, non-privileged user to open all system file descriptors. The malicious user may then exhaust the pool of reserved descriptors by opening several common suid binaries, resulting in a denial of service condition.
*/
#include <stdio.h>