exploit-db-mirror

Author	SHA1	Message	Date
Exploit-DB	a1ff73f948	DB: 2023-03-24 6 changes to exploits/shellcodes/ghdb wkhtmltopdf 0.12.6 - Server Side Request Forgery Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities WorkOrder CMS 0.1.0 - SQL Injection Bitbucket v7.0.0 - RCE MAN-EAM-0003 V3.2.4 - XXE	2023-03-24 00:16:21 +00:00
Offensive Security	b6e780c138	DB: 2022-11-10 20 changes to exploits/shellcodes/ghdb 0 new exploits/shellcodes Too many to list!	2022-11-10 23:30:40 +00:00
Offensive Security	d63de06c7a	DB: 2022-11-10 2776 changes to exploits/shellcodes/ghdb	2022-11-10 16:39:50 +00:00
Offensive Security	3d2fa2f00a	DB: 2022-09-22 2 changes to exploits/shellcodes Wifi HD Wireless Disk Drive 11 - Local File Inclusion WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)	2022-09-22 05:01:51 +00:00
Offensive Security	de260aeac6	DB: 2021-10-30 95 changes to exploits/shellcodes Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC) AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC) Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC) WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Sandboxie 5.49.7 - Denial of Service (PoC) WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) iDailyDiary 4.30 - Denial of Service (PoC) RarmaRadio 2.72.8 - Denial of Service (PoC) DupTerminator 1.4.5639.37199 - Denial of Service (PoC) Color Notes 1.4 - Denial of Service (PoC) Macaron Notes great notebook 5.5 - Denial of Service (PoC) My Notes Safe 5.3 - Denial of Service (PoC) n+otes 1.6.2 - Denial of Service (PoC) Telegram Desktop 2.9.2 - Denial of Service (PoC) Mini-XML 3.2 - Heap Overflow Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3) Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1) Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2) MariaDB 10.2 - 'wsrep_provider' OS Command Execution Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free Visual Studio Code 1.47.1 - Denial of Service (PoC) DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2) Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service (PoC) GNU Wget < 1.18 - Arbitrary File Upload (2) WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS) E-Learning System 1.0 - Authentication Bypass PEEL Shopping 9.3.0 - 'Comments' Persistent Cross-Site Scripting GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scripting Selea Targa 512 IP OCR-ANPR Camera - Stream Disclosure (Unauthenticated) Library System 1.0 - Authentication Bypass Web Based Quiz System 1.0 - 'name' Persistent Cross-Site Scripting Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE) GetSimple CMS My SMTP Contact Plugin 1.1.1 - Cross-Site Request Forgery GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit) Umbraco v8.14.1 - 'baseUrl' SSRF Cacti 1.2.12 - 'filter' SQL Injection GetSimple CMS Custom JS 0.1 - Cross-Site Request Forgery Internship Portal Management System 1.0 - Remote Code Execution(Unauthenticated) Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting Xmind 2020 - Persistent Cross-Site Scripting Tagstoo 2.0.1 - Persistent Cross-Site Scripting SnipCommand 0.1.0 - Persistent Cross-Site Scripting Moeditor 0.2.0 - Persistent Cross-Site Scripting Marky 0.0.1 - Persistent Cross-Site Scripting StudyMD 0.3.2 - Persistent Cross-Site Scripting Freeter 1.2.1 - Persistent Cross-Site Scripting Markright 1.0 - Persistent Cross-Site Scripting Markdownify 1.2.0 - Persistent Cross-Site Scripting Anote 1.0 - Persistent Cross-Site Scripting Subrion CMS 4.2.1 - Arbitrary File Upload Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated) Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) CHIYU IoT Devices - Denial of Service (DoS) Zenario CMS 8.8.52729 - 'cID' SQL injection (Authenticated) TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal Atlassian Jira Server Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS) Scratch Desktop 3.17 - Remote Code Execution Church Management System 1.0 - Arbitrary File Upload (Authenticated) Phone Shop Sales Managements System 1.0 - Arbitrary File Upload Zoo Management System 1.0 - 'Multiple' Persistent Cross-Site-Scripting (XSS) WordPress Plugin Current Book 1.0.1 - 'Book Title' Persistent Cross-Site Scripting ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated) KevinLAB BEMS 1.0 - Authentication Bypass Event Registration System with QR Code 1.0 - Authentication Bypass CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password) qdPM 9.2 - Password Exposure (Unauthenticated) ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) Movable Type 7 r.5002 - XMLRPC API OS Command Injection (Metasploit) GeoVision Geowebserver 5.3.3 - Local FIle Inclusion Simple Phone Book 1.0 - 'Username' SQL Injection (Unauthenticated) Umbraco CMS 8.9.1 - Directory Traversal Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated) Dolibarr ERP 14.0.1 - Privilege Escalation Compro Technology IP Camera - 'killps.cgi' Denial of Service (DoS) Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation Phpwcms 1.9.30 - Arbitrary File Upload Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes) Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes) Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes) Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes) Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes) Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes) Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes) Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes) Windows/x86 - MessageBoxA PEB & Export Address Table NullFree/Dynamic Shellcode (230 bytes)	2021-10-30 05:02:09 +00:00
Offensive Security	f33a724e0b	DB: 2021-10-29 58 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial of Service (PoC) Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) ProFTPD 1.3.7a - Remote Denial of Service glFTPd 2.11a - Remote Denial of Service Hasura GraphQL 1.3.3 - Denial of Service Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) NBMonitor 1.6.8 - Denial of Service (PoC) Nsauditor 3.2.3 - Denial of Service (PoC) Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service (PoC) Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial of Service (PoC) GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC) Backup Key Recovery 2.2.7 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path Cyberfox Web Browser 52.9.1 - Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access vsftpd 3.0.3 - Remote Denial of Service Dlink DSL2750U - 'Reboot' Command Injection PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) Netsia SEBA+ 0.16.1 - Add Root User (Metasploit) Arteco Web Client DVR/NVR - 'SessionId' Brute Force Resumes Management and Job Application Website 1.0 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) 'customhs_js_content' - 'customhs_js_content' Cross-Site Request Forgery Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Mini Mouse 9.3.0 - Local File inclusion rconfig 3.9.6 - Arbitrary File Upload Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS) Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated) OpenEMR 5.0.1.3 - Authentication Bypass VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS) Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection Budget and Expense Tracker System 1.0 - Authenticated Bypass Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF) WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) Blood Bank System 1.0 - Authentication Bypass Lodging Reservation Management System 1.0 - Authentication Bypass Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read Linux/x64 - /sbin/halt -p Shellcode (51 bytes) Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded) Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-29 05:02:12 +00:00
Offensive Security	1cf7d7364a	DB: 2021-10-13 176 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC) Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC) Sandboxie 5.49.7 - Denial of Service (PoC) WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) iDailyDiary 4.30 - Denial of Service (PoC) RarmaRadio 2.72.8 - Denial of Service (PoC) DupTerminator 1.4.5639.37199 - Denial of Service (PoC) Color Notes 1.4 - Denial of Service (PoC) Macaron Notes great notebook 5.5 - Denial of Service (PoC) My Notes Safe 5.3 - Denial of Service (PoC) Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) NBMonitor 1.6.8 - Denial of Service (PoC) Nsauditor 3.2.3 - Denial of Service (PoC) Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) n+otes 1.6.2 - Denial of Service (PoC) Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3) MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution Visual Studio Code 1.47.1 - Denial of Service (PoC) DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) Backup Key Recovery 2.2.7 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Dlink DSL2750U - 'Reboot' Command Injection E-Learning System 1.0 - Authentication Bypass & RCE POC Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation GetSimple CMS 3.3.16 - Reflected XSS to RCE House Rental and Property Listing 1.0 - Multiple Stored XSS Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection) EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC) Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated) Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated) CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC) Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE) Montiorr 1.7.6m - File Upload to XSS GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated) Markdown Explorer 0.1.1 - XSS to RCE Xmind 2020 - XSS to RCE Tagstoo 2.0.1 - Stored XSS to RCE SnipCommand 0.1.0 - XSS to RCE Moeditor 0.2.0 - XSS to RCE Marky 0.0.1 - XSS to RCE StudyMD 0.3.2 - XSS to RCE Freeter 1.2.1 - XSS to RCE Markright 1.0 - XSS to RCE Markdownify 1.2.0 - XSS to RCE Anote 1.0 - XSS to RCE Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated) Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated) Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) CHIYU IoT Devices - Denial of Service (DoS) Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS) Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated) Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Dolibarr ERP/CRM 10.0.6 - Login Brute Force qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated) Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated) ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function Budget and Expense Tracker System 1.0 - Authenticated Bypass WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS) Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Phpwcms 1.9.30 - File Upload to XSS Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes) Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode	2021-10-13 05:02:15 +00:00
Offensive Security	a250e82458	DB: 2021-10-12 176 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC) Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) jQuery UI 1.12.1 - Denial of Service (DoS) AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC) Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) ProFTPD 1.3.7a - Remote Denial of Service glFTPd 2.11a - Remote Denial of Service Hasura GraphQL 1.3.3 - Denial of Service WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Telegram Desktop 2.9.2 - Denial of Service (PoC) SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC) Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2) Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC) Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm vsftpd 3.0.3 - Remote Denial of Service GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2) PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting Arteco Web Client DVR/NVR - 'SessionId' Brute Force Resumes Management and Job Application Website 1.0 - Multiple Stored XSS Library System 1.0 - Authentication Bypass Via SQL Injection MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated) Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Mini Mouse 9.3.0 - Local File inclusion / Path Traversal GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2) GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit) GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS) Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated) OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated) Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution (XSS/RCE) Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated) Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS) WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS) KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass Event Registration System with QR Code 1.0 - Authentication Bypass & RCE CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated) Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated) Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS) OpenSIS 8.0 'modname' - Directory/Path Traversal Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF) Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation PlaceOS 1.2109.1 - Open Redirection Blood Bank System 1.0 - SQL Injection / Authentication Bypass Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes) Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes) Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes) Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes) Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes) Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes) Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes) Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes) Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded) Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes) Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-12 05:02:16 +00:00
Offensive Security	c9a65a1f7b	DB: 2021-09-03 52 changes to exploits/shellcodes	2021-09-03 21:04:54 +00:00
Offensive Security	b4c96a5864	DB: 2021-09-03 28807 changes to exploits/shellcodes	2021-09-03 20:19:21 +00:00
Offensive Security	6cbe6ebbb6	DB: 2021-09-03 395 changes to exploits/shellcodes EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC) Electronics Workbench - '.ewb' Local Stack Overflow (PoC) BulletProof FTP Client 2.63 - Local Heap Overflow (PoC) Easy Web Password 1.2 - Local Heap Memory Consumption (PoC) Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC) Zortam MP3 Media Studio 9.40 - Multiple Memory Corruption Vulnerabilities ImTOO MPEG Encoder 3.1.53 - '.cue' / '.m3u' Local Buffer Overflow (PoC) ZoIPer 2.22 - Call-Info Remote Denial of Service PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service PHP - MultiPart Form-Data Denial of Service (PoC) PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service PHP - MultiPart Form-Data Denial of Service (PoC) Nuked KLan 1.7.7 & SP4 - Denial of Service AIC Audio Player 1.4.1.587 - Local Crash (PoC) Xerox 4595 - Denial of Service WinMerge 2.12.4 - Project File Handling Stack Overflow Acoustica Mixcraft 1.00 - Local Crash SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC) Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption Spotify 0.8.2.610 - search func Memory Exhaustion Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC) WaveSurfer 1.8.8p4 - Memory Corruption (PoC) DIMIN Viewer 5.4.0 - Crash (PoC) FreeVimager 4.1.0 - Crash (PoC) DIMIN Viewer 5.4.0 - Crash (PoC) FreeVimager 4.1.0 - Crash (PoC) CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow Light Audio Player 1.0.14 - Memory Corruption (PoC) Image Transfer IOS - Remote Crash (PoC) Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH) VUPlayer 2.49 - '.cue' Universal Buffer Overflow Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflow (SEH) Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflow (SEH) Alleycode HTML Editor 2.2.1 - Local Buffer Overflow GPG2/Kleopatra 2.0.11 - Malformed Certificate Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow Watermark Master 2.2.23 - '.wstyle' Local Buffer Overflow (SEH) Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3) QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2) CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow quickshare file share 1.2.1 - Directory Traversal (1) SPlayer 3.7 (build 2055) - Remote Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Omeka 2.2.1 - Remote Code Execution D-Link DSL-2740R - Remote DNS Change D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution TorrentTrader 1.0 RC2 - SQL Injection WEBInsta CMS 0.3.1 - 'templates_dir' Remote File Inclusion MiniPort@l 0.1.5 Beta - 'skiny' Remote File Inclusion PHP DocWriter 0.3 - 'script' Remote File Inclusion phpBB Journals System Mod 1.0.2 RC2 - Remote File Inclusion phpBB SpamBlocker Mod 1.0.2 - Remote File Inclusion RSSonate - 'xml2rss.php' Remote File Inclusion CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion RSSonate - 'xml2rss.php' Remote File Inclusion CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion QnECMS 2.5.6 - 'adminfolderpath' Remote File Inclusion BrewBlogger 1.3.1 - 'printLog.php' SQL Injection e-Ark 1.0 - '/src/ark_inc.php' Remote File Inclusion awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion Gizzar 03162002 - 'index.php' Remote File Inclusion SH-News 0.93 - 'misc.php' Remote File Inclusion JSBoard 2.0.10 - 'login.php?table' Local File Inclusion XOOPS Module WF-Links 1.03 - 'cid' SQL Injection Scorp Book 1.0 - 'smilies.php?config' Remote File Inclusion WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion mxBB Module FAQ & RULES 2.0.0 - Remote File Inclusion EQdkp 1.3.2 - 'listmembers.php' SQL Injection FlashBB 1.1.8 - 'sendmsg.php' Remote File Inclusion SimpleBlog 3.0 - 'comments_get.asp?id' SQL Injection Pakupaku CMS 0.4 - Arbitrary File Upload / Local File Inclusion CCMS 3.1 Demo - SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection AuraCMS 1.62 - Multiple SQL Injections sCssBoard (Multiple Versions) - 'pwnpack' Remote s EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion RevokeBB 1.0 RC11 - 'Search' SQL Injection Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection PHPortal 1.2 - Multiple Remote File Inclusions Libera CMS 1.12 - 'cookie' SQL Injection Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload WCMS 1.0b - Arbitrary Add Admin FOSS Gallery Admin 1.0 - Arbitrary File Upload MemHT Portal 4.0.1 - SQL Injection / Code Execution Mediatheka 4.2 - Blind SQL Injection Pligg 9.9.5b - Arbitrary File Upload / SQL Injection XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution Joomla! Component Casino 0.3.1 - Multiple SQL Injections s ZeusCart 2.3 - 'maincatid' SQL Injection ASP Football Pool 2.3 - Remote Database Disclosure LightNEasy sql/no-db 2.2.x - System Configuration Disclosure Zen Cart 1.3.8 - Remote Code Execution Joomla! Component com_pinboard - 'task' SQL Injection Joomla! Component com_bookflip - 'book_id' SQL Injection Messages Library 2.0 - Arbitrary Delete Message Arab Portal 2.2 - Blind Cookie Authentication Bypass Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion REZERVI 3.0.2 - Remote Command Execution Joomla! Component BF Quiz 1.0 - SQL Injection (2) E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection AJ Matrix DNA - SQL Injection Joomla! Component JE Story Submit - Local File Inclusion CF Image Hosting Script 1.3.82 - File Disclosure hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting CMSLogik 1.2.1 - Multiple Vulnerabilities C.P.Sub 4.5 - Authentication Bypass WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload PHPMailer < 5.2.20 - Remote Code Execution phpIPAM 1.4 - SQL Injection Joomla! 3.9.0 < 3.9.7 - CSV Injection	2021-09-03 14:58:20 +00:00
Offensive Security	36c084c351	DB: 2021-09-03 45419 changes to exploits/shellcodes 2 new exploits/shellcodes Too many to list!	2021-09-03 13:39:06 +00:00
Offensive Security	4e7ab00187	DB: 2021-08-20 204 changes to exploits/shellcodes Charity Management System CMS 1.0 - Multiple Vulnerabilities	2021-08-20 05:01:51 +00:00
Offensive Security	fe5d7c9048	DB: 2021-06-15 16 changes to exploits/shellcodes Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) Spy Emergency 25.0.650 - 'Multiple' Unquoted Service Path WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS) Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR) GLPI 9.4.5 - Remote Code Execution (RCE) COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting (XSS) Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated) Small CRM 3.0 - 'Authentication Bypass' SQL Injection TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated)	2021-06-15 05:01:55 +00:00
Offensive Security	eaff7043e2	DB: 2021-06-11 6 changes to exploits/shellcodes Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) n+otes 1.6.2 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Student Result Management System 1.0 - 'class' SQL Injection TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)	2021-06-11 05:01:56 +00:00
Offensive Security	d6a44bd00b	DB: 2021-06-08 11 changes to exploits/shellcodes Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 - Remote Code Execution (Authenticated) WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting (XSS) Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated) Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)	2021-06-08 05:02:03 +00:00
Offensive Security	1dc98b3b8e	DB: 2021-06-05 6 changes to exploits/shellcodes Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC) Color Notes 1.4 - Denial of Service (PoC) Macaron Notes great notebook 5.5 - Denial of Service (PoC) My Notes Safe 5.3 - Denial of Service (PoC) Monstra CMS 3.0.4 - Remote Code Execution (Authenticated) Gitlab 13.10.2 - Remote Code Execution (Authenticated)	2021-06-05 05:01:54 +00:00
Offensive Security	2f8f6dffbd	DB: 2021-05-20 8 changes to exploits/shellcodes WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) Visual Studio Code 1.47.1 - Denial of Service (PoC) WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS) In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection ManageEngine ADSelfService Plus 6.1 - CSV Injection COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass) COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)	2021-05-20 05:02:04 +00:00
Offensive Security	b3da7560e0	DB: 2021-04-07 3 changes to exploits/shellcodes Google Chrome 86.0.4240 V8 - Remote Code Execution Google Chrome 81.0.4044 V8 - Remote Code Execution Mini Mouse 9.3.0 - Local File inclusion / Path Traversal	2021-04-07 05:02:04 +00:00
Offensive Security	1979df6cb3	DB: 2020-06-19 51 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Notepad++ < 7.7 (x64) - Denial of Service SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service InputMapper 1.6.10 - Denial of Service SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH) XnConvert 1.82 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC) SpotDialup 1.6.7 - 'Key' Denial of Service (PoC) Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) FreeBSD 12.0 - 'fd' Local Privilege Escalation iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH) DeviceViewer 3.12.0.1 - Arbitrary Password Change Winrar 5.80 - XML External Entity Injection Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution Siemens TIA Portal - Remote Command Execution Android 7 < 9 - Remote Code Execution CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit) CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit) CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) MyBB < 1.8.21 - Remote Code Execution Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit) Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery Publisure Hybrid - Multiple Vulnerabilities NetGain EM Plus 10.1.68 - Remote Command Execution Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion DotNetNuke 9.3.2 - Cross-Site Scripting VehicleWorkshop 1.0 - 'bookingid' SQL Injection WordPress Plugin Tutor.1.5.3 - Local File Inclusion WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting WordPress Plugin Wordfence.7.4.5 - Local File Disclosure WordPress Plugin contact-form-7 5.1.6 - Remote File Upload WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Joomla! 3.9.0 < 3.9.7 - CSV Injection PlaySMS 1.4.3 - Template Injection / Remote Code Execution Wing FTP Server - Authenticated CSRF (Delete Admin) WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification UADMIN Botnet 1.0 - 'link' SQL Injection Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload Wordpress Plugin PicUploader 1.0 - Remote File Upload PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution WordPress Plugin Helpful 2.4.11 - SQL Injection Prestashop 1.7.6.4 - Cross-Site Request Forgery WordPress Plugin Simple File List 5.4 - Remote Code Execution Library CMS Powerful Book Management System 2.2.0 - Session Fixation Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection Beauty Parlour Management System 1.0 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes) Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes) Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-06-19 05:02:01 +00:00
Offensive Security	9de5d20d13	DB: 2020-05-02 9 changes to exploits/shellcodes VirtualTablet Server 3.0.2 - Denial of Service (PoC) Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit) ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting Online Scheduling System 1.0 - Persistent Cross-Site Scripting php-fusion 9.03.50 - Persistent Cross-Site Scripting Super Backup 2.0.5 for iOS - Directory Traversal HardDrive 2.1 for iOS - Arbitrary File Upload Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover) Online Scheduling System 1.0 - Authentication Bypass	2020-05-02 05:01:58 +00:00
Offensive Security	a99d181f24	DB: 2020-04-30 8 changes to exploits/shellcodes Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Internet Download Manager 6.37.11.1 - Stack Buffer Overflow (PoC) EmEditor 19.8 - Insecure File Permissions Druva inSync Windows Client 6.5.2 - Local Privilege Escalation Open-AudIT Professional 3.3.1 - Remote Code Execution School ERP Pro 1.0 - Arbitrary File Read Easy Transfer 1.7 for iOS - Directory Traversal hits script 1.0 - 'item_name' SQL Injection	2020-04-30 05:01:48 +00:00
Offensive Security	cae82bb178	DB: 2020-04-24 8 changes to exploits/shellcodes User Management System 2.0 - Persistent Cross-Site Scripting User Management System 2.0 - Authentication Bypass Complaint Management System 4.2 - Persistent Cross-Site Scripting Complaint Management System 4.2 - Authentication Bypass Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User) Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit) Sky File 2.1.0 iOS - Directory Traversal	2020-04-24 05:01:50 +00:00
Offensive Security	189c8b52c9	DB: 2020-04-18 6 changes to exploits/shellcodes Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP) Code Blocks 16.01 - Buffer Overflow (SEH) UNICODE Nexus Repository Manager - Java EL Injection RCE (Metasploit) Playable 9.18 iOS - Persistent Cross-Site Scripting TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection Cisco IP Phone 11.7 - Denial of service (PoC)	2020-04-18 05:01:49 +00:00
Offensive Security	decb2a46ee	DB: 2020-04-16 9 changes to exploits/shellcodes BlazeDVD 7.0.2 - Buffer Overflow (SEH) AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting Pinger 1.0 - Remote Code Execution SeedDMS 5.1.18 - Persistent Cross-Site Scripting Macs Framework 1.14f CMS - Persistent Cross-Site Scripting DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting File Transfer iFamily 2.1 - Directory Traversal Xeroneit Library Management System 3.0 - 'category' SQL Injection	2020-04-16 05:01:47 +00:00
Offensive Security	b84d953124	DB: 2020-03-24 10 changes to exploits/shellcodes ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC) Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC) CyberArk PSMP 10.9.1 - Policy Restriction Bypass PHPMailer < 5.2.18 - Remote Code Execution (Bash) FIBARO System Home Center 5.021 - Remote File Include rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)	2020-03-24 05:01:50 +00:00
Offensive Security	8683ee3eea	DB: 2020-02-04 8 changes to exploits/shellcodes BearFTP 0.1.0 - 'PASV' Denial of Service P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC) Jobberbase 2.0 CMS - 'jobs-in' SQL Injection IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting phpList 3.5.0 - Authentication Bypass Jira 8.3.4 - Information Disclosure (Username Enumeration) Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection School ERP System 1.0 - Cross Site Request Forgery (Add Admin)	2020-02-04 05:02:00 +00:00
Offensive Security	7921f1a523	DB: 2019-11-29 4 changes to exploits/shellcodes GHIA CamIP 1.2 for iOS - 'Password' Denial of Service (PoC) Wordpress 5.3 - User Disclosure Mersive Solstice 2.8.0 - Remote Code Execution	2019-11-29 05:01:48 +00:00
Offensive Security	5543ae6e2e	DB: 2019-11-27 2 changes to exploits/shellcodes iNetTools for iOS 8.20 - 'Whois' Denial of Service (PoC) InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)	2019-11-27 05:01:43 +00:00
Offensive Security	cacee46726	DB: 2019-11-21 11 changes to exploits/shellcodes Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Xorg X11 Server - Local Privilege Escalation (Metasploit) FusionPBX - Operator Panel exec.php Command Execution (Metasploit) FreeSWITCH - Event Socket Command Execution (Metasploit) Bludit - Directory Traversal Image File Upload (Metasploit) Pulse Secure VPN - Arbitrary Command Execution (Metasploit) OpenNetAdmin 18.1.1 - Remote Code Execution	2019-11-21 05:01:49 +00:00
Offensive Security	72cddaee51	DB: 2019-11-20 13 changes to exploits/shellcodes ipPulse 1.92 - 'Enter Key' Denial of Service (PoC) Centova Cast 3.2.12 - Denial of Service (PoC) scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC) XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable' Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution Apache Httpd mod_proxy - Error Page Cross-Site Scripting Apache Httpd mod_rewrite - Open Redirects WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts	2019-11-20 05:01:41 +00:00
Offensive Security	3e9ff5a927	DB: 2019-11-19 13 changes to exploits/shellcodes iSmartViewPro 1.3.34 - Denial of Service (PoC) Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC) Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC) Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path MobileGo 8.5.0 - Insecure File Permissions NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths nipper-ng 0.11.10 - Remote Buffer Overflow (PoC) Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Crystal Live HTTP Server 6.01 - Directory Traversal Centova Cast 3.2.11 - Arbitrary File Download TemaTres 3.0 - Cross-Site Request Forgery (Add Admin) TemaTres 3.0 - 'value' Persistent Cross-site Scripting	2019-11-19 05:01:40 +00:00
Offensive Security	7e9d444235	DB: 2019-11-12 8 changes to exploits/shellcodes iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC) iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table) _GCafé 3.0 - 'gbClienService' Unquoted Service Path Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path XML Notepad 2.8.0.4 - XML External Entity Injection	2019-11-12 05:01:40 +00:00
Offensive Security	d7ea903400	DB: 2019-09-25 7 changes to exploits/shellcodes DeviceViewer 3.12.0.1 - 'creating user' Denial of Service Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow File Sharing Wizard 1.5.0 - POST SEH Overflow Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit) Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection	2019-09-25 05:04:03 +00:00
Offensive Security	970f7b1104	DB: 2019-05-24 18 changes to exploits/shellcodes macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free NetAware 1.20 - 'Add Block' Denial of Service (PoC) NetAware 1.20 - 'Share Name' Denial of Service (PoC) Terminal Services Manager 3.2.1 - Denial of Service Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free Microsoft Windows 10 (17763.379) - Install DLL Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation Apple Mac OS X - Feedback Assistant Race Condition (Metasploit) Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation Microsoft Internet Explorer 11 - Sandbox Escape Microsoft Windows - 'Win32k' Local Privilege Escalation Axis Network Camera - .srv to parhand RCE (Metasploit) Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit) HP Intelligent Management - Java Deserialization RCE (Metasploit) HP Intelligent Management - Java Deserialization Remote Code Execution (Metasploit) Erlang - Port Mapper Daemon Cookie RCE (Metasploit) Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit) CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit) CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit) AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit) Pimcore < 5.71 - Unserialize RCE (Metasploit) AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit) Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit) Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit) Nagios XI 5.6.1 - SQL injection BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind (31337/TCP) Shell (/bin/sh) Shellcode (94 bytes) Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes) Linux/x86 - Flush IPTables Rules (execve(/sbin/iptables -F)) Shellcode (70 bytes) Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables --flush) Shellcode (69 bytes) Linux/x86 - iptables --flush Shellcode (43 bytes) Linux/x86 - Flush IPTables Rules (iptables --flush) Shellcode (43 bytes) Linux/x86 - iptables -F Shellcode (43 bytes) Linux/x86 - Flush IPTables Rules (iptables -F) Shellcode (43 bytes) Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/x86 - Reverse (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/x86 - Reverse TCP (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes) Linux/x86 - Reverse (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes) Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes) macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) Apple macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) Apple macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes) Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (63 bytes) Linux/x86 - Add User (sshd/root) to Passwd File Shellcode (149 bytes) Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes) Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes) Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes) Linux/x86 - Rabbit Shellcode Crypter (200 bytes) Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes) Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes) Linux/ARM - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (S59!) + Null-Free Shellcode (100 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes) Linux/x86 - OpenSSL Encrypt (aes256cbc) Files (test.txt) Shellcode (185 bytes) Linux/x86 - shred file Shellcode (72 bytes) Linux/x86 - execve /bin/sh Shellcode (20 bytes) Linux/x86 - /sbin/iptables -F Shellcode (43 bytes) Linux x86_64 - Delete File Shellcode (28 bytes) Linux/x86 - Shred file (test.txt) Shellcode (72 bytes) Linux/x86 - execve(/bin/sh) Shellcode (20 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (43 bytes) Linux/x86_64 - Delete File (test.txt) Shellcode (28 bytes) Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)	2019-05-24 05:02:03 +00:00
Offensive Security	79a9df09f0	DB: 2019-05-07 13 changes to exploits/shellcodes iOS 12.1.3 - 'cfprefsd' Memory Corruption Windows PowerShell ISE - Remote Code Execution NSClient++ 0.5.2.35 - Privilege Escalation Windows PowerShell ISE - Remote Code Execution LG Supersign EZ CMS - Remote Code Execution (Metasploit) Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter) ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution PHPads 2.0 - 'click.php3?bannerID' SQL Injection microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes) Linux/x86 - shred file Shellcode (72 bytes)	2019-05-07 05:01:58 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	11366ca935	DB: 2018-11-07 18 changes to exploits/shellcodes FaceTime - RTP Video Processing Heap Corruption FaceTime - 'readSPSandGetDecoderParams' Stack Corruption FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption Blue Server 1.1 - Denial of Service (PoC) eToolz 3.4.8.0 - Denial of Service (PoC) VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC) Arm Whois 3.11 - Buffer Overflow (SEH) libiec61850 1.3 - Stack Based Buffer Overflow Morris Worm - sendmail Debug Mode Shell Escape (Metasploit) blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit) Morris Worm - fingerd Stack Buffer Overflow (Metasploit) PHP Proxy 3.0.3 - Local File Inclusion Voovi Social Networking Script 1.0 - 'user' SQL Injection CMS Made Simple 2.2.7 - Remote Code Execution OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin) Grocery crud 1.6.1 - 'search_field' SQL Injection OOP CMS BLOG 1.0 - 'search' SQL Injection OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection LibreHealth 2.0.0 - Arbitrary File Actions	2018-11-07 05:01:44 +00:00
Offensive Security	defa138d04	DB: 2018-10-23 17 changes to exploits/shellcodes Modbus Poll 7.2.2 - Denial of Service (PoC) AudaCity 2.3 - Denial of Service (PoC) Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit) Countly - Persistent Cross-Site Scripting Countly - Cross-Site Scripting MySQL Edit Table 1.0 - 'id' SQL Injection School ERP Ultimate 2018 - Arbitrary File Download Oracle Siebel CRM 8.1.1 - CSV Injection The Open ISES Project 3.30A - 'tick_lat' SQL Injection School ERP Ultimate 2018 - 'fid' SQL Injection eNdonesia Portal 8.7 - 'artid' SQL Injection The Open ISES Project 3.30A - Arbitrary File Download Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection	2018-10-23 05:01:48 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	925b2171f4	DB: 2018-09-04 10 changes to exploits/shellcodes VSAXESS V2.6.2.70 build20171226_053 - 'Nickname' Denial of Service (PoC) Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC) D-Link DIR-615 - Denial of Service (PoC) Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC) Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC) Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC) Wikipedia 12.0 - Denial of Service (PoC) Argus Surveillance DVR 4.0.0.0 - Directory Traversal Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting Argus Surveillance DVR 4.0.0.0 - Directory Traversal Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting Vox TG790 ADSL Router - Cross-Site Scripting WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting Vox TG790 ADSL Router - Cross-Site Scripting FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions) Online Quiz Maker 1.0 - 'catid' SQL Injection	2018-09-04 05:01:55 +00:00
Offensive Security	444206a6be	DB: 2018-08-30 21 changes to exploits/shellcodes NASA openVSP 3.16.1 - Denial of Service (PoC) Immunity Debugger 1.85 - Denial of Service (PoC) ipPulse 1.92 - 'TCP Port' Denial of Service (PoC) Fathom 2.4 - Denial Of Service (PoC) Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC) Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC) HD Tune Pro 5.70 - Denial of Service (PoC) Drive Power Manager 1.10 - Denial Of Service (PoC) Easy PhotoResQ 1.0 - Denial Of Service (PoC) Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC) SIPP 3.3 - Stack-Based Buffer Overflow R 3.4.4 - Buffer Overflow (SEH) Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure phpMyAdmin 4.7.x - Cross-Site Request Forgery Episerver 7 patch 4 - XML External Entity Injection Argus Surveillance DVR 4.0.0.0 - Directory Traversal Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes) Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes) Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)	2018-08-30 05:01:54 +00:00
Offensive Security	18e2848633	DB: 2018-08-28 25 changes to exploits/shellcodes Firefox 55.0.3 - Denial of Service (PoC) Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC) Libpango 1.40.8 - Denial of Service (PoC) Adobe Flash - AVC Processing Out-of-Bounds Read Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP) CuteFTP 5.0 - Buffer Overflow Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit) OpenSSH 7.7 - Username Enumeration OpenSSH 2.3 < 7.7 - Username Enumeration Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Node.JS - 'node-serialize' Remote Code Execution Electron WebPreferences - Remote Code Execution HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit) Auditor Website 2.0.1 - Cross-Site Scripting Basic B2B Script 2.0.0 - Cross-Site Scripting Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting Sentrifugo HRMS 3.2 - 'deptid' SQL Injection WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin) RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin) LiteCart 2.1.2 - Arbitrary File Upload Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection Responsive FileManager < 9.13.4 - Directory Traversal WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection	2018-08-28 05:01:59 +00:00
Offensive Security	ad4b4f15f3	DB: 2018-06-06 11 changes to exploits/shellcodes Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Clone2GO Video converter 2.8.2 - Buffer Overflow 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH) 10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH) WebKitGTK+ < 2.21.3 - Crash (PoC) WebKit - not_number defineProperties UAF (Metasploit) EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting Pagekit < 1.0.13 - Cross-Site Scripting Code Generator Brother HL Series Printers 1.15 - Cross-Site Scripting Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)	2018-06-06 05:01:46 +00:00
Offensive Security	1873a7d234	DB: 2018-05-17 12 changes to exploits/shellcodes WhatsApp 2.18.31 - Memory Corruption Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Libuser - roothelper Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery VirtueMart 3.1.14 - Persistent Cross-Site Scripting Rockwell Scada System 27.011 - Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting	2018-05-17 05:01:47 +00:00
Offensive Security	6885f2dcc7	DB: 2018-03-01 26 changes to exploits/shellcodes Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC) FreeBSD Kernel (FreeBSD 10.2 < 10.3 x64) - 'SETFKEY' (PoC) FreeBSD Kernel (FreeBSD 10.2 x64) - 'sendmsg' Kernel Heap Overflow (PoC) Apple iOS 11.2.5 / watchOS 4.2.2 / tvOS 11.2.5 - 'bluetoothd' Memory Corruption Apple iOS - '.pdf' Jailbreak Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak Foxit Reader 4.0 - '.pdf' Jailbreak Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' File Handling Local Command Execution Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution Sony Playstation 4 4.05 FW - Local Kernel Loader Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader) Sony Playstation 4 4.55 FW - Local Kernel Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC) Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC) Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC) Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC) WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Linux Kernel - 'BadIRET' Local Privilege Escalation Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader Nintendo Switch - WebKit Code Execution (PoC) Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55) EPIC MyChart - SQL Injection EPIC MyChart - X-Path Injection Routers2 2.24 - Cross-Site Scripting	2018-03-01 05:01:48 +00:00
Offensive Security	2d8b561a5d	DB: 2018-01-09 26 changes to exploits/shellcodes Need for Speed 2 - Remote Client Buffer Overflow Need for Speed 2 - Remote Client Buffer Overflow (PoC) Red Faction 1.20 - Server Reply Remote Buffer Overflow Red Faction 1.20 - Server Reply Remote Buffer Overflow (PoC) Medal of Honor - Remote Buffer Overflow Medal of Honor - Remote Buffer Overflow (PoC) Monolith Games - Local Buffer Overflow Monolith Games - Local Buffer Overflow (PoC) BaSoMail - Multiple Buffer Overflow Denial of Service Vulnerabilities BaSoMail - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities Orbz Game 2.10 - Remote Buffer Overflow Orbz Game 2.10 - Remote Buffer Overflow (PoC) Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow (PoC) KNet Web Server 1.04c - Buffer Overflow Denial of Service KNet Web Server 1.04c - Buffer Overflow (Denial of Service) (PoC) ProRat Server 1.9 (Fix-2) - Buffer Overflow Crash ProRat Server 1.9 (Fix-2) - Buffer Overflow / Crash (PoC) Mozilla Products - 'Host:' Buffer Overflow Denial of Service String Mozilla Products - 'Host:' Buffer Overflow (Denial of Service) (PoC) String Virtools Web Player 3.0.0.100 - Buffer Overflow Denial of Service Virtools Web Player 3.0.0.100 - Buffer Overflow (Denial of Service) (PoC) FlatFrag 0.3 - Buffer Overflow / Denial of Service FlatFrag 0.3 - Buffer Overflow (Denial of Service) (PoC) zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC) TinyFTPD 1.4 - 'USER' Remote Buffer Overflow Denial of Service TinyFTPD 1.4 - 'USER' Remote Buffer Overflow (Denial of Service) (PoC) Genecys 0.2 - Buffer Overflow / NULL pointer Denial of Service Genecys 0.2 - Buffer Overflow / NULL Pointer (Denial of Service) PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow Denial of Service PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC) FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow Denial of Service FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow (Denial of Service) (PoC) Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow Denial of Service Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC) TFTP Server 1.3 - Remote Buffer Overflow Denial of Service TFTP Server 1.3 - Remote Buffer Overflow (Denial of Service) (PoC) LeadTools Raster - Dialog File_D Object Remote Buffer Overflow LeadTools Raster - Dialog File_D Object Remote Buffer Overflow (PoC) LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow (PoC) Xserver 0.1 Alpha - POST Remote Buffer Overflow Xserver 0.1 Alpha - 'POST' Remote Buffer Overflow (PoC) Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC) Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow / Denial of Service Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC) Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow Denial of Service Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC) Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) (PoC) Printoxx - Local Buffer Overflow Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC) Printoxx - Local Buffer Overflow (PoC) Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC) Apollo Player 37.0.0.0 - '.aap' Buffer Overflow Denial of Service Apollo Player 37.0.0.0 - '.aap' Buffer Overflow (Denial of Service) (PoC) Switch Sound File Converter - '.mpga' Buffer Overflow Denial of Service Switch Sound File Converter - '.mpga' Buffer Overflow (Denial of Service) (PoC) Wireshark 1.2.5 - LWRES getaddrbyname Stack Buffer Overflow Xerox Workcenter 4150 - Remote Buffer Overflow Wireshark 1.2.5 - 'LWRES getaddrbyname' Stack Buffer Overflow (PoC) Xerox Workcenter 4150 - Remote Buffer Overflow (PoC) iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service iPhone / iTouch FtpDisc 1.0 - Buffer Overflow (Denial of Service) (PoC) Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow (PoC) Mocha LPD 1.9 - Remote Buffer Overflow Denial of Service (PoC) FontForge - '.BDF' Font File Stack Buffer Overflow Mocha LPD 1.9 - Remote Buffer Overflow (Denial of Service) (PoC) FontForge - '.BDF' Font File Stack Buffer Overflow (PoC) Multiple Vendor AgentX++ - Stack Buffer Overflow Multiple Vendor AgentX++ - Stack Buffer Overflow (PoC) Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow (PoC) Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow (PoC) FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow (PoC) LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC) Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow (PoC) Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow (PoC) Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow (PoC) Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service) Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service) Real player 14.0.2.633 - Buffer Overflow / Denial of Service GOM Media Player 2.1.6.3499 - Buffer Overflow / Denial of Service Real player 14.0.2.633 - Buffer Overflow (Denial of Service) (PoC) GOM Media Player 2.1.6.3499 - Buffer Overflow (Denial of Service) (PoC) BulletProof FTP Client 2010 - Buffer Overflow BulletProof FTP Client 2010 - Buffer Overflow (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC) Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows (PoC) CSF Firewall - Buffer Overflow CSF Firewall - Buffer Overflow (PoC) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) (PoC) Edraw Diagram Component 5 - ActiveX Buffer Overflow Denial of Service Edraw Diagram Component 5 - ActiveX Buffer Overflow (Denial of Service) (PoC) Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow (PoC) Asterisk - 'ast_parse_digest()' Stack Buffer Overflow Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC) GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow (PoC) Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC) Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow Denial of Service Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC) Lattice Diamond Programmer 1.4.2 - Buffer Overflow Lattice Diamond Programmer 1.4.2 - Buffer Overflow (PoC) Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow Denial of Service Ipswitch IMail 5.0 - Imapd Buffer Overflow Denial of Service Ipswitch IMail 5.0 - LDAP Buffer Overflow Denial of Service Ipswitch IMail 5.0 - IMonitor Buffer Overflow Denial of Service Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow Denial of Service Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - Imapd Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - LDAP Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - IMonitor Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow (Denial of Service) (PoC) Netscape Enterprise Server 3.6 - SSL Buffer Overflow Denial of Service Netscape Enterprise Server 3.6 - SSL Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow (PoC) Gene6 G6 FTP Server 2.0 - Buffer Overflow Denial of Service Gene6 G6 FTP Server 2.0 - Buffer Overflow (Denial of Service) (PoC) RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow RedHat Linux 6.x - X Font Server Buffer Overflow (Denial of Service) Computalynx CProxy Server 3.3 SP2 - Buffer Overflow Denial of Service Computalynx CProxy Server 3.3 SP2 - Buffer Overflow (Denial of Service) (PoC) Cerberus FTP Server 1.x - Buffer Overflow Denial of Service Cerberus FTP Server 1.x - Buffer Overflow (Denial of Service) (PoC) Microsoft SQL Server 2000 - SQLXML Buffer Overflow Microsoft SQL Server 2000 - 'SQLXML' Buffer Overflow (PoC) Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC) Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow (PoC) Hotfoon Dialer 4.0 - Buffer Overflow Hotfoon Dialer 4.0 - Buffer Overflow (PoC) IISPop 1.161/1.181 - Remote Buffer Overflow Denial of Service IISPop 1.161/1.181 - Remote Buffer Overflow (Denial of Service) (PoC) Linksys Devices 1.42/1.43 - GET Buffer Overflow Linksys Devices 1.42/1.43 - 'GET' Buffer Overflow (PoC) iCal 3.7 - Remote Buffer Overflow iCal 3.7 - Remote Buffer Overflow (PoC) Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow (PoC) Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow (PoC) Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow (PoC) Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow (PoC) Zoner Photo Studio 15 b3 - Buffer Overflow Zoner Photo Studio 15 b3 - Buffer Overflow (PoC) Novell Netware Enterprise Web Server 5.1/6.0 - CGI2Perl.NLM Buffer Overflow Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC) IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow IBM U2 UniVerse 10.0.0.9 - 'uvrestore' Buffer Overflow (PoC) Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow (PoC) NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC) myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow (PoC) EffectOffice Server 2.6 - Remote Service Buffer Overflow EffectOffice Server 2.6 - Remote Service Buffer Overflow (PoC) Surfboard HTTPd 1.1.9 - Remote Buffer Overflow Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC) 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow (PoC) Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow (PoC) Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow (PoC) Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow (PoC) DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow (PoC) VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC) aGSM 2.35 Half-Life Server - Info Response Buffer Overflow aGSM 2.35 Half-Life Server - Info Response Buffer Overflow (PoC) cURL - Buffer Overflow cURL - Buffer Overflow (PoC) TagScanner 5.1 - Stack Buffer Overflow TagScanner 5.1 - Stack Buffer Overflow (PoC) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow (PoC) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC) QwikMail 0.3 - HELO Command Buffer Overflow QwikMail 0.3 - 'HELO' Buffer Overflow (PoC) NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow (PoC) Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities (PoC) Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow (PoC) AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow (PoC) Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of Service Serva 32 TFTP 2.1.0 - Buffer Overflow (Denial of Service) (PoC) Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow (PoC) Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow (PoC) PlanetDNS PlanetFileServer - Remote Buffer Overflow PlanetDNS PlanetFileServer - Remote Buffer Overflow (PoC) Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC) Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC) LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow (PoC) VbsEdit 5.9.3 - '.smi' Buffer Overflow VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC) Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC) AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow (PoC) DSocks 1.3 - 'Name' Buffer Overflow DSocks 1.3 - 'Name' Buffer Overflow (PoC) IcoFX 2.5.0.0 - '.ico' Buffer Overflow IcoFX 2.5.0.0 - '.ico' Buffer Overflow (PoC) Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow Microsoft Windows XP - 'cmd.exe' Buffer Overflow Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow (PoC) Microsoft Windows XP - 'cmd.exe' Buffer Overflow (PoC) Packeteer PacketShaper 8.0 - Multiple Buffer Overflow Denial of Service Vulnerabilities Packeteer PacketShaper 8.0 - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities Bochs 2.3 - Buffer Overflow / Denial of Service Bochs 2.3 - Buffer Overflow (Denial of Service) (PoC) Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow (PoC) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (1) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (2) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2) T1lib - intT1_Env_GetCompletePath Buffer Overflow T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC) Foxmail Email Client 6.5 - 'mailto' Buffer Overflow Foxmail Email Client 6.5 - 'mailto' Buffer Overflow (PoC) Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow Denial of Service Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow (PoC) Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow (Denial of Service) (PoC) Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow (PoC) Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow (PoC) MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow (PoC) MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow (PoC) Trend Micro OfficeScan - Buffer Overflow / Denial of Service Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC) ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow (PoC) Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow (PoC) Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow (PoC) ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC) A10 Networks ACOS 2.7.0-P2 (build: 53) - Buffer Overflow A10 Networks ACOS 2.7.0-P2 (Build 53) - Buffer Overflow (PoC) Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow (PoC) Jzip - Buffer Overflow (SEH Unicode) (Denial of Service) Jzip - Buffer Overflow (Denial of Service) (SEH Unicode) Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow (PoC) BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow (PoC) Adobe Flash Player 10.0.22 and AIR - URI Parsing Heap Buffer Overflow Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC) Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow (PoC) Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow (PoC) Xerox WorkCentre - PJL Daemon Buffer Overflow Xerox WorkCentre - PJL Daemon Buffer Overflow (PoC) Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow (PoC) Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow (PoC) Mocha W32 LPD 1.9 - Remote Buffer Overflow Mocha W32 LPD 1.9 - Remote Buffer Overflow (PoC) Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC) BulletProof FTP Client 2010 - Buffer Overflow (SEH) BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC) Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC) D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow D-Link WBR-2310 1.0.4 - 'GET' Remote Buffer Overflow (PoC) HTML Help Workshop 1.4 - Buffer Overflow (SEH) HTML Help Workshop 1.4 - Buffer Overflow (SEH) (PoC) Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow (Denial of Service) (PoC) EIP Overwrite TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC) G-WAN 2.10.6 - Buffer Overflow / Denial of Service G-WAN 2.10.6 - Buffer Overflow (Denial of Service) (PoC) Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow Denial of Service Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC) TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC) ZOC SSH Client - Buffer Overflow (SEH) ZOC SSH Client - Buffer Overflow (SEH) (PoC) WebDrive 12.2 (B4172) - Buffer Overflow WebDrive 12.2 (B4172) - Buffer Overflow (PoC) PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC) Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow (PoC) IKEView.exe Fox Beta 1 - Stack Buffer Overflow IKEView.exe R60 - Stack Buffer Overflow IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC) IKEView.exe R60 - Stack Buffer Overflow (PoC) Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow (PoC) Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow (PoC) LanSpy 2.0.0.155 - Buffer Overflow LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow LanSpy 2.0.0.155 - Buffer Overflow (PoC) LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow (PoC) Last PassBroker 3.2.16 - Stack Buffer Overflow (PoC) Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC) TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) TECO TP3-PCLINK 2.1 - '.tpc' File Handling Buffer Overflow TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) (PoC) TECO TP3-PCLINK 2.1 - '.tpc' Handling Buffer Overflow (PoC) TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow (PoC) IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_SetConfFileChunk Stack Buffer Overflow IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_SetConfFileChunk' Stack Buffer Overflow (PoC) IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_GetConfFileChunk' Stack Buffer Overflow (PoC) Advanced Encryption Package Buffer Overflow - Denial of Service Advanced Encryption Package - Buffer Overflow (Denial of Service) (PoC) InfraRecorder - '.m3u' File Buffer Overflow InfraRecorder - '.m3u' File Buffer Overflow (PoC) Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution (PoC) Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow yTree 1.94-1.1 - Local Buffer Overflow Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC) yTree 1.94-1.1 - Local Buffer Overflow (PoC) NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow (PoC) CyberCop Scanner Smbgrind 5.5 - Buffer Overflow CyberCop Scanner Smbgrind 5.5 - Buffer Overflow (PoC) STIMS Buffer 1.1.20 - Buffer Overflow (SEH) (Denial of Service) STIMS Cutter 1.1.3.20 - Buffer Overflow Denial of Service STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC) STIMS Cutter 1.1.3.20 - Buffer Overflow (Denial of Service) (PoC) 4digits 1.1.4 - Local Buffer Overflow 4digits 1.1.4 - Local Buffer Overflow (PoC) Websockify (C Implementation) 0.8.0 - Buffer Overflow Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC) Google Android - '/system/bin/sdcard' Stack Buffer Overflow Google Android - '/system/bin/sdcard' Stack Buffer Overflow (PoC) Oracle Orakill.exe 11.2.0 - Buffer Overflow Oracle Orakill.exe 11.2.0 - Buffer Overflow (PoC) Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow (PoC) Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow Core FTP LE 2.2 - Path Field Local Buffer Overflow Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow (PoC) Core FTP LE 2.2 - Path Field Local Buffer Overflow (PoC) Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC) ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow ConQuest DICOM Server 1.4.17d - Stack Buffer (PoC) QNAP NVR/NAS - Buffer Overflow QNAP NVR/NAS - Buffer Overflow (PoC) Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow CDex 1.96 - Buffer Overflow Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC) CDex 1.96 - Buffer Overflow (PoC) Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC) D3DGear 5.00 Build 2175 - Buffer Overflow D3DGear 5.00 Build 2175 - Buffer Overflow (PoC) VX Search Enterprise 10.1.12 - Denial of Service Disk Pulse Enterprise 10.1.18 - Denial of Service Sync Breeze Enterprise 10.1.16 - Denial of Service DiskBoss Enterprise 8.5.12 - Denial of Service BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC) APNGDis 2.8 - 'filename' Stack Buffer Overflow APNGDis 2.8 - 'filename' Stack Buffer Overflow (PoC) wifirxpower - Local Buffer Overflow wifirxpower - Local Buffer Overflow (PoC) pinfo 0.6.9 - Local Buffer Overflow Dmitry 1.3a - Local Buffer Overflow pinfo 0.6.9 - Local Buffer Overflow (PoC) Dmitry 1.3a - Local Buffer Overflow (PoC) Mapscrn 2.03 - Local Buffer Overflow Mapscrn 2.03 - Local Buffer Overflow (PoC) Stunnel 3.24/4.00 - Daemon Hijacking (PoC) Stunnel 3.24/4.00 - Daemon Hijacking Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (PoC) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (2) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator WinZip - MIME Parsing Overflow (PoC) WinZip - MIME Parsing Overflow glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow (PoC) GNU Sharutils 4.2.1 - Local Format String (PoC) glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow GNU Sharutils 4.2.1 - Local Format String GD Graphics Library - Local Heap Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) GD Graphics Library - Local Heap Overflow libxml 2.6.12 nanoftp - Buffer Overflow WinRAR 3.4.1 - Corrupt '.ZIP' File (PoC) WinRAR 3.4.1 - Corrupt '.ZIP' File Exim 4.41 - 'dns_build_reverse' Local (PoC) Exim 4.41 - 'dns_build_reverse' Local tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow (PoC) Microsoft Windows - NtClose DeadLock (PoC) (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (PoC) (MS06-030) tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow Microsoft Windows - NtClose DeadLock (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030) Microsoft Word 2000/2003 - Hlink Local Buffer Overflow (PoC) Microsoft Word 2000/2003 - Hlink Local Buffer Overflow Cheese Tracker 0.9.9 - Local Buffer Overflow (PoC) Cheese Tracker 0.9.9 - Local Buffer Overflow PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC) PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow (PoC) BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST (PoC) Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC) PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC) PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC) PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation (PoC) Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak (PoC) WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak Kodak Image Viewer - TIF/TIFF Code Execution (PoC) (MS07-055) Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055) Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow (PoC) Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow (PoC) Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC) DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak XnView 1.93.6 - '.taac' Local Buffer Overflow (PoC) XnView 1.93.6 - '.taac' Local Buffer Overflow OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow (PoC) Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution (PoC) OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution Microsoft Windows Server 2003 - Token Kidnapping Local (PoC) Microsoft Windows Server 2003 - Token Kidnapping Local Debian - Symlink In Login Arbitrary File Ownership (PoC) Debian - Symlink In Login Arbitrary File Ownership Trend Micro Internet Security Pro 2009 - Priviliege Escalation (PoC) Trend Micro Internet Security Pro 2009 - Priviliege Escalation Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (PoC) (SEH) Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH) Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure (PoC) Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow (PoC) Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow GPG2/Kleopatra 2.0.11 - Malformed Certificate (PoC) GPG2/Kleopatra 2.0.11 - Malformed Certificate Alleycode 2.21 - Local Overflow (SEH) (PoC) Alleycode 2.21 - Local Overflow (SEH) GPG4Win GNU - Privacy Assistant (PoC) GPG4Win GNU - Privacy Assistant VMware Fusion 2.0.5 - vmx86 kext Local (PoC) VMware Fusion 2.0.5 - vmx86 kext Local Mozilla Codesighs - Memory Corruption (PoC) Mozilla Codesighs - Memory Corruption Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow LDAP - Injection (PoC) LDAP - Injection QuickZip 4.x - '.zip' Local Universal Buffer Overflow (PoC) QuickZip 4.x - '.zip' Local Universal Buffer Overflow ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow (PoC) Crimson Editor r3.70 - Overwrite (SEH) (PoC) Kenward Zipper 1.4 - Local Stack Buffer Overflow (PoC) ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow Crimson Editor r3.70 - Overwrite (SEH) Kenward Zipper 1.4 - Local Stack Buffer Overflow Stud_PE 2.6.05 - Local Stack Overflow (PoC) Stud_PE 2.6.05 - Local Stack Overflow Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow (PoC) Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow (PoC) Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow PhotoFiltre Studio X - '.tif' Local Buffer Overflow (PoC) Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow (PoC) PhotoFiltre Studio X - '.tif' Local Buffer Overflow Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow (PoC) Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) Audio Converter 8.1 - Local Stack Buffer Overflow Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) ROP/WPM SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC) Audio Converter 8.1 - Local Stack Buffer Overflow ROP/WPM SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (PoC) (ASLR + DEP Bypass) BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (ASLR + DEP Bypass) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow (PoC) Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow PHP 5.3.6 - Local Buffer Overflow (ROP) (PoC) PHP 5.3.6 - Local Buffer Overflow (ROP) Xorg 1.4 < 1.11.2 - File Permission Change (PoC) Xorg 1.4 < 1.11.2 - File Permission Change Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 - LSA Secrets Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC) Linux Kernel 2.2.x - 'sysctl()' Memory Reading Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) (PoC) Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation HT Editor 2.0.20 - Local Buffer Overflow (ROP) (PoC) HT Editor 2.0.20 - Local Buffer Overflow (ROP) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read (PoC) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read Linux Kernel 2.6 - Console Keymap Local Command Injection (PoC) Linux Kernel 2.6 - Console Keymap Local Command Injection ACE Stream Media 2.1 - 'acestream://' Format String (PoC) ACE Stream Media 2.1 - 'acestream://' Format String Linux Kernel 3.13 - SGID Privilege Escalation (PoC) Linux Kernel 3.13 - SGID Privilege Escalation Comodo Internet Security - HIPS/Sandbox Escape (PoC) Comodo Internet Security - HIPS/Sandbox Escape Palringo 2.8.1 - Local Stack Buffer Overflow (PoC) Palringo 2.8.1 - Local Stack Buffer Overflow Linux Kernel (x86-64) - Rowhammer Privilege Escalation (PoC) Rowhammer - NaCl Sandbox Escape (PoC) Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation (PoC) Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (MS15-052) Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) Linux (x86) - Memory Sinkhole Privilege Escalation Core FTP Server 1.2 - Local Buffer Overflow (PoC) Core FTP Server 1.2 - Local Buffer Overflow Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051) Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method) GNU Screen 4.5.0 - Local Privilege Escalation (PoC) GNU Screen 4.5.0 - Local Privilege Escalation Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation (PoC) Man-db 2.6.7.1 - Local Privilege Escalation Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation (PoC) Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC) TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change Multiple CPUs - 'Spectre' Information Disclosure (PoC) Multiple CPUs - 'Spectre' Information Disclosure Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation glibc ld.so - Memory Leak / Buffer Overflow GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow Microsoft IIS 5.0 - WebDAV Remote (PoC) Microsoft IIS 5.0 - WebDAV Remote Microsoft Windows Server 2000 - RSVP Server Authority Hijacking (PoC) Microsoft Windows Server 2000 - RSVP Server Authority Hijacking ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow (4) Titan FTP Server - Long Command Heap Overflow (PoC) Titan FTP Server - Long Command Heap Overflow SLX Server 6.1 - Arbitrary File Creation (PoC) SLX Server 6.1 - Arbitrary File Creation zgv 5.5 - Multiple Arbitrary Code Executions (PoC) zgv 5.5 - Multiple Arbitrary Code Executions Microsoft Internet Explorer - Remote Code Execution (PoC) Microsoft Internet Explorer - Remote Code Execution Exim 4.43 - 'auth_spa_server()' Remote (PoC) Exim 4.43 - 'auth_spa_server()' Remote Microsoft Windows - DTC Remote (PoC) (MS05-051) (2) Microsoft Windows - DTC Remote (MS05-051) (2) Watchfire AppScan QA 5.0.x - Remote Code Execution (PoC) Watchfire AppScan QA 5.0.x - Remote Code Execution KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (MS06-005) (2) RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow (PoC) RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow (PoC) AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution (PoC) Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution Easy File Sharing FTP Server 2.0 - 'PASS' Remote (PoC) Easy File Sharing FTP Server 2.0 - 'PASS' Remote BulletProof FTP Client 2.45 - Remote Buffer Overflow (PoC) BulletProof FTP Client 2.45 - Remote Buffer Overflow Intel Centrino ipw2200BG - Wireless Driver Remote Overflow (PoC) Intel Centrino ipw2200BG - Wireless Driver Remote Overflow WebMod 0.48 - Content-Length Remote Buffer Overflow (PoC) WebMod 0.48 - Content-Length Remote Buffer Overflow OpenBSD - ICMPv6 Fragment Remote Execution (PoC) OpenBSD - ICMPv6 Fragment Remote Execution Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027) Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027) Apple Safari 3 for Windows Beta - Remote Command Execution (PoC) Apple Safari 3 for Windows Beta - Remote Command Execution Flash Player/Plugin Video - File Parsing Remote Code Execution (PoC) Flash Player/Plugin Video - File Parsing Remote Code Execution Apple QuickTime (Multiple Browsers) - Command Execution (PoC) Apple QuickTime (Multiple Browsers) - Command Execution Apple QuickTime /w IE .qtl Version XAS - Remote (PoC) Apple QuickTime /w IE .qtl Version XAS - Remote QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod (PoC) ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method (PoC) HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting (PoC) Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal MicroTik RouterOS 3.13 - SNMP write (Set request) (PoC) MicroTik RouterOS 3.13 - SNMP write (Set request) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution (PoC) Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution Opera 9.61 - 'opera:historysearch' Code Execution (PoC) Opera 9.61 - 'opera:historysearch' Code Execution Chilkat Crypt - ActiveX Arbitrary File Creation/Execution (PoC) Chilkat Crypt - ActiveX Arbitrary File Creation/Execution Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069) Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069) Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection (PoC) Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption (PoC) GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002) Zervit Web Server 0.4 - Directory Traversal / Memory Corruption (PoC) Zervit Web Server 0.4 - Directory Traversal / Memory Corruption Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2) Apple Mac OSX - Java applet Remote Deserialization Remote (2) VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow (PoC) VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) (MS09-054) Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054) Pegasus Mail Client 4.51 - Remote Buffer Overflow (PoC) Pegasus Mail Client 4.51 - Remote Buffer Overflow TLS - Renegotiation (PoC) TLS - Renegotiation Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC) Trend Micro Web-Deployment - ActiveX Remote Execution (PoC) Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution Trend Micro Web-Deployment - ActiveX Remote Execution MX Simulator Server - Remote Buffer Overflow (PoC) MX Simulator Server - Remote Buffer Overflow Apache OFBiz - Remote Execution (via SQL Execution) (PoC) Apache OFBiz - Admin Creator (PoC) Apache OFBiz - Remote Execution (via SQL Execution) Apache OFBiz - Admin Creator Adobe Flash / Reader - Live Malware (PoC) Adobe Flash / Reader - Live Malware Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow (PoC) Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow KingView 6.5.3 - SCADA HMI Heap Overflow (PoC) KingView 6.5.3 - SCADA HMI Heap Overflow Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002) Microsoft Data Access Components - Remote Overflow (MS11-002) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution Solar FTP Server 2.1.1 - PASV Buffer Overflow (PoC) Solar FTP Server 2.1.1 - PASV Buffer Overflow Apache mod_proxy - Reverse Proxy Exposure (PoC) Apache mod_proxy - Reverse Proxy Exposure Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite (PoC) Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC) Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution (PoC) Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution OpenVAS Manager 4.0 - Authentication Bypass (PoC) OpenVAS Manager 4.0 - Authentication Bypass w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution (PoC) w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution Legend Perl IRC Bot - Remote Code Execution (PoC) Legend Perl IRC Bot - Remote Code Execution dhclient 4.1 - Bash Environment Variable Command Injection (PoC) (Shellshock) dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow (PoC) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow Endian Firewall < 3.0.0 - OS Command Injection (Python) (PoC) Endian Firewall < 3.0.0 - OS Command Injection (Python) Fortigate OS 4.x < 5.0.7 - SSH Backdoor Access OpenSSHd 7.2p2 - Username Enumeration (PoC) OpenSSHd 7.2p2 - Username Enumeration Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution Intel Active Management Technology - System Privileges Xplico - Remote Code Execution (Metasploit) Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution S9Y Serendipity 0.7-beta1 - SQL Injection (PoC) S9Y Serendipity 0.7-beta1 - SQL Injection AWStats 5.7 < 6.2 - Multiple Remote (PoC) AWStats 5.7 < 6.2 - Multiple Remote WoltLab Burning Book 1.1.2 - SQL Injection (PoC) WoltLab Burning Book 1.1.2 - SQL Injection Invision Power Board 2.1.7 - ACTIVE Cross-Site Scripting / SQL Injection Invision Power Board (IP.Board) 2.1.7 - 'ACTIVE' Cross-Site Scripting / SQL Injection EQdkp 1.3.2f - 'user_id' Authentication Bypass (PoC) EQdkp 1.3.2f - 'user_id' Authentication Bypass Invision Power Board 2.3.5 - Multiple Vulnerabilities (2) Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2) FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC) FOSS Gallery Public 1.0 - Arbitrary File Upload Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC) Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation (PoC) Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation Invision Power Board 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure Invision Power Board (IP.Board) 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption (PoC) Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption IPB (nv2) Awards < 1.1.0 - SQL Injection (PoC) IPB (nv2) Awards < 1.1.0 - SQL Injection X-Cart Pro 4.0.13 - SQL Injection (PoC) X-Cart Pro 4.0.13 - SQL Injection Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute (PoC) Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute IPB 3.0.1 - SQL Injection Invision Power Board 3.0.1 - SQL Injection WebsiteBaker 2.8.1 - Cross-Site Request Forgery (PoC) WebsiteBaker 2.8.1 - Cross-Site Request Forgery BS Auto Classifieds - 'info.php' SQL Injection (PoC) BS Business Directory - 'articlesdetails.php' SQL Injection (PoC) BS Classifieds Ads - 'articlesdetails.php' SQL Injection (PoC) BS Events Directory - 'articlesdetails.php' SQL Injection (PoC) BS Auto Classifieds - 'info.php' SQL Injection BS Business Directory - 'articlesdetails.php' SQL Injection BS Classifieds Ads - 'articlesdetails.php' SQL Injection BS Events Directory - 'articlesdetails.php' SQL Injection BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC) BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) (PoC) Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) SWAT Samba Web Administration Tool - Cross-Site Request Forgery (PoC) SWAT Samba Web Administration Tool - Cross-Site Request Forgery Plone and Zope - Remote Command Execution (PoC) Plone and Zope - Remote Command Execution Invision Power Board 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting Invision Power Board (IP.Board) 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting Invision Power Board 1.x - 'index.php' showtopic Cross-Site Scripting Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.3 - 'Pop' Cross-Site Scripting Invision Power Board (IP.Board) 1.3 - 'Pop' Cross-Site Scripting Invision Power Board 1.3 - 'SSI.php' Cross-Site Scripting Invision Power Board (IP.Board) 1.3 - 'SSI.php' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.x/2.0.3 - SML Code Script Injection Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 2.0.3/2.1 - 'Act' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.3/2.1 - 'Act' Cross-Site Scripting Invision Power Board 1.0.3 - Attached File Cross-Site Scripting Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting Invision Power Services Invision Board 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Invision Power Services Invision Board 2.0.4 - 'index.php?st' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - 'index.php?st' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Services Invision Board 2.0.4 - Print Action 't' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Mail Action 'MID' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Help Action 'HID' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Print Action 't' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Mail Action 'MID' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Help Action 'HID' Cross-Site Scripting Invision Power Board 1.x/2.x - Multiple SQL Injections Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections Invision Power Board 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities Invision Power Board 3.0.3 - '.txt' MIME-Type Cross-Site Scripting Invision Power Board (IP.Board) 3.0.3 - '.txt' MIME-Type Cross-Site Scripting IP Board 3.x - Cross-Site Request Forgery / Token Hjiacking Invision Power Board (IP.Board) 3.x - Cross-Site Request Forgery / Token Hjiacking Invision Power Board 4.2.1 - 'searchText' Cross-Site Scripting Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting TOTOLINK Routers - Backdoor / Remote Code Execution (PoC) TOTOLINK Routers - Backdoor / Remote Code Execution IP.Board 4.x - Persistent Cross-Site Scripting Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting IP.Board 4.1.4.x - Persistent Cross-Site Scripting Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting NETGEAR R7000 - Command Injection (PoC) NETGEAR R7000 - Command Injection WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration Photos in Wifi 1.0.1 - Path Traversal SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities FiberHome LM53Q1 - Multiple Vulnerabilities WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload Vanilla < 2.1.5 - Cross-Site Request Forgery Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE (PoC) Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC) Joomla! 3.7.0 - 'com_fields' SQL Injection Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) Apache Struts 2.3.x Showcase - Remote Code Execution AIX - execve /bin/sh Shellcode (88 bytes) Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)	2018-01-09 05:02:30 +00:00
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00

48 commits