bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2833 commits 1 branch 0 tags 261 MiB
Commit graph

157 commits

Author SHA1 Message Date
Offensive Security
3d73ec60b6 DB: 2018-01-06 
23 changes to exploits/shellcodes

Emulive Server4 7560 - Remote Denial of Service
Emulive Server4 Build 7560 - Remote Denial of Service

ShareCenter D-Link DNS-320 - Remote reboot/shutdown/reset (Denial of Service)
D-Link DNS-320 ShareCenter - Remote Reboot/Shutdown/Reset (Denial of Service)

DNS4Me 3.0 - Denial of Service / Cross-Site Scripting

EmuLive Server4 - Authentication Bypass / Denial of Service
GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow
Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache

VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit)
keene digital media server 1.0.2 - Directory Traversal variant
Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting
Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting
Xedus Web Server 1.0 - Traversal Arbitrary File Access
Keene Digital Media Server 1.0.2 - Directory Traversal
Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting
Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting
Xedus Web Server 1.0 - Traversal Arbitrary File Access
D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access
WDMyCloud < 2.30.165 - Multiple Vulnerabilities
Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit)
Cisco IOS - Remote Code Execution

Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection

WordPress 1.5.1.2 - xmlrpc Interface SQL Injection
WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection

MySQL Eventum 1.5.5 - 'login.php' SQL Injection

PHP live helper 2.0.1 - Multiple Vulnerabilities
PHP Live Helper 2.0.1 - Multiple Vulnerabilities

Zen Cart 1.3.9f (typefilter) - Local File Inclusion
Zen Cart 1.3.9f - 'typefilter' Local File Inclusion

phpWebSite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting
phpWebSite 0.7.3/0.8.x/0.9.x Comment Module - 'CM_pid' Cross-Site Scripting

YaBB 1.x/9.1.2000 - YaBB.pl IMSend Cross-Site Scripting
YaBB 1.x/9.1.2000 - 'YaBB.pl IMSend' Cross-Site Scripting
SugarCRM 1.x/2.0 Module - 'record' SQL Injection
SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access
SugarCRM 1.x/2.0 Module - 'record' SQL Injection
SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access
phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection
phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections
phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection
phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections
Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting
Kayako eSupport 2.x - Ticket System Multiple SQL Injections
Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting
Kayako eSupport 2.x - Ticket System Multiple SQL Injections

Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution

PHPCOIN 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access
phpCoin 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access
ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion
ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting
ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting
ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion
ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting
ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting
Yappa-ng 1.x/2.x - Remote File Inclusion
Yappa-ng 1.x/2.x - Cross-Site Scripting
Yappa-ng 1.x/2.x - Remote File Inclusion
Yappa-ng 1.x/2.x - Cross-Site Scripting

Notes Module for phpBB - SQL Injection
phpBB Notes Module - SQL Injection
osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities
SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities
osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities
SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities

Help Center Live 1.0/1.2.x - Multiple Input Validation Vulnerabilities
HelpCenter Live! 1.0/1.2.x - Multiple Input Validation Vulnerabilities

FusionBB 0.x - Multiple Input Validation Vulnerabilities
Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection
Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities
Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection
Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities

osCommerce 2.1/2.2 - Multiple HTTP Response Splitting Vulnerabilities

PAFaq - Question Cross-Site Scripting

PAFaq - Administrator 'Username' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection
Kayako LiveResponse 2.0 - 'index.php?Username' Cross-Site Scripting
Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple SQL Injections
Kayako Live Response 2.0 - 'index.php?Username' Cross-Site Scripting
Kayako Live Response 2.0 - 'index.php' Calendar Feature Multiple SQL Injections
MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting
MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting
MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting
MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting
MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting
MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting

RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection

EyeOS 0.8.x - Session Remote Command Execution
eyeOS 0.8.x - Session Remote Command Execution

CPAINT 1.3/2.0 - 'TYPE.php' Cross-Site Scripting
CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting

XMB Forum 1.8/1.9 - 'u2u.php?Username' Cross-Site Scripting

Zen Cart Web Shopping Cart 1.x - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion
Zen Cart Web Shopping Cart 1.3.0.2 - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion

osCommerce 2.1/2.2 - 'product_info.php' SQL Injection

CakePHP 1.1.7.3363 - 'Vendors.php' Directory Traversal

HAMweather 3.9.8 - 'template.php' Script Code Injection

Kayako SupportSuite 3.0.32 - PHP_SELF Trigger_Error Function Cross-Site Scripting
Kayako SupportSuite 3.0.32 - 'PHP_SELF Trigger_Error' Function Cross-Site Scripting

Jamroom 3.3.8 - Cookie Authentication Bypass
Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting
Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting
Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection
Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting
Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting
Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection

Vanilla 1.1.4 - HTML Injection / Cross-Site Scripting

UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
Zen Cart < 1.3.8a - SQL Injection
PHP Topsites < 2.2 - Multiple Vulnerabilities
phpLinks < 2.1.2 - Multiple Vulnerabilities
P-Synch < 6.2.5 - Multiple Vulnerabilities
WinMX < 2.6 - Design Error
FTP Service < 1.2 - Multiple Vulnerabilities
MegaBrowser < 0.71b - Multiple Vulnerabilities
Max Web Portal < 1.30 - Multiple Vulnerabilities
Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities
Gespage 7.4.8 - SQL Injection

Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)
 2018-01-06 05:02:14 +00:00
Offensive Security
3eec0e4999 DB: 2018-01-04 
4 changes to exploits/shellcodes

Kingsoft Antivirus/Internet Security 9+ - Privilege Escalation
WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass  / SQL Injection
EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection
 2018-01-04 05:02:14 +00:00
Offensive Security
c03d2a3ba2 DB: 2018-01-03 
3 changes to exploits/shellcodes

Acoustica Audio Converter Pro 1.1 (build 25) - Local Heap Overflow (.mp3 / .wav / .ogg / .wma) (PoC)
Acoustica Audio Converter Pro 1.1 (build 25) -  '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC)

Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP)

AWStats 5.7 < 6.2 - Multiple Remote s (PoC)
AWStats 5.7 < 6.2 - Multiple Remote (PoC)

Auto Dealer - SQL Injection (PoC)
Auto Dealer - SQL Injection

Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode
Windows (2000/XP/7 x64/x86) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode
 2018-01-03 05:02:14 +00:00
Offensive Security
f76fbb1072 DB: 2017-12-19 
19 changes to exploits/shellcodes

CDex 1.96 - Buffer Overflow
Zoom Linux Client 2.0.106600.0904 - Command Injection
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow

Firejail - Local Privilege Escalation

Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape

Linux kernel < 4.10.15 - Race Condition Privilege Escalation
Outlook for Android - Attachment Download Directory Traversal
Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit)
GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution

Joomla! Component Guru Pro - SQL Injection
Joomla! Component Guru Pro - 'Itemid' SQL Injection
Joomla! Component User Bench 1.0 - 'userid' SQL Injection
Joomla! Component My Projects 2.0 - SQL Injection
vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution
vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion
Linksys WVBR0 - 'User-Agent' Remote Command Injection
Joomla! Component JB Visa 1.0 - 'visatype' SQL Injection
Joomla! Component Guru Pro - 'promocode' SQL Injection

Monstra CMS 3.0.4 - Arbitrary File Upload / Remote Code Execution
 2017-12-19 05:02:17 +00:00
Offensive Security
0f0a6efff9 DB: 2017-12-14 
2 changes to exploits/shellcodes

glibc ld.so - Memory Leak / Buffer Overflow

Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read
 2017-12-14 05:02:14 +00:00
Offensive Security
a24ecf72c3 DB: 2017-12-01 
82 changes to exploits/shellcodes

32 new exploits/shellcodes

Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC)
Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC)

CA BrightStor HSM r11.5 - Remote Stack Based Overflow / Denial of Service
CA BrightStor HSM r11.5 - Remote Stack Overflow / Denial of Service

Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC)
Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC)

Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow
Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow

FontForge - '.BDF' Font File Stack Based Buffer Overflow
FontForge - '.BDF' Font File Stack Buffer Overflow

Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow
Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow

Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC)
Libmodplug 0.8.8.2 - '.abc' Stack Buffer Overflow (PoC)

Citrix XenApp / XenDesktop - Stack Based Buffer Overflow
Citrix XenApp / XenDesktop - Stack Buffer Overflow

Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows
Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows

Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC)
Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC)

IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow
IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow

Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow
Oracle Outside-In - '.LWP' File Parsing Stack Buffer Overflow

mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC)
mcrypt 2.6.8 - Stack Buffer Overflow (PoC)
MySQL (Linux) - Stack Based Buffer Overrun (PoC)
MySQL (Linux) - Heap Based Overrun (PoC)
MySQL (Linux) - Stack Buffer Overrun (PoC)
MySQL (Linux) - Heap Overrun (PoC)
Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow
Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow
Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow

DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow
DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow

GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (1)
GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1)

Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow
Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow

Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service
Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service

Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow
Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow

SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow
SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow

Winamp 5.63 - Stack Based Buffer Overflow
Winamp 5.63 - Stack Buffer Overflow

Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow
Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow

Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap-Based Buffer Overflow (MS14-056)
Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap Buffer Overflow (MS14-056)

MPlayer 1.0 - AVIHeader.C Heap Based Buffer Overflow
MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow
ProWizard 4 PC 1.62 - Multiple Remote Stack Based Buffer Overflow Vulnerabilities
WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow
ProWizard 4 PC 1.62 - Multiple Remote Stack Buffer Overflow Vulnerabilities
WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow

Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow
Google Android Web Browser - '.GIF' File Heap Buffer Overflow

Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC)
Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC)

NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow
NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow

FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow
FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow

OpenVms 8.3 Finger Service - Stack Based Buffer Overflow
OpenVms 8.3 Finger Service - Stack Buffer Overflow

Free Download Manager - Stack Based Buffer Overflow
Free Download Manager - Stack Buffer Overflow

Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow
Sonique 2.0 - '.xpl' Remote Stack Buffer Overflow

eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow
eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow
Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec
Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec
Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File

Valhala Honeypot 1.8 - Stack Based Buffer Overflow
Valhala Honeypot 1.8 - Stack Buffer Overflow

Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow
Microsoft Office 2007 - Malformed Document Stack Buffer Overflow

Xion Audio Player 1.5 build 155 - Stack Based Buffer Overflow
Xion Audio Player 1.5 build 155 - Stack Buffer Overflow

Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Based Buffer Overflow
Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow

Last PassBroker 3.2.16 - Stack Based Buffer Overflow
Last PassBroker 3.2.16 - Stack Buffer Overflow

FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads
FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read
FBZX 2.10 - Local Stack Based Buffer Overflow
TACK 1.07 - Local Stack Based Buffer Overflow
FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read
FBZX 2.10 - Local Stack Buffer Overflow
TACK 1.07 - Local Stack Buffer Overflow

Gnome Nautilus 3.16 - Denial of Service
Wireshark - iseries_parse_packet Heap Based Buffer Overflow
Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow
Wireshark - iseries_parse_packet Heap Buffer Overflow
Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow

Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow
Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Buffer Overflow
Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow
Wireshark - find_signature Stack Based Out-of-Bounds Read
Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow
Wireshark - getRate Stack Based Out-of-Bounds Read
Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow
Wireshark - find_signature Stack Out-of-Bounds Read
Wireshark - AirPDcapPacketProcess Stack Buffer Overflow
Wireshark - getRate Stack Out-of-Bounds Read
Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1)
Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1)
pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read
pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read
pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read
pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read

pdfium - CPDF_Function::Call Stack Based Buffer Overflow
pdfium - CPDF_Function::Call Stack Buffer Overflow
pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read
pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read
Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read
Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow
pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read
pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read
Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read
Wireshark - dissect_nhdr_extopt Stack Buffer Overflow
Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read
Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read
Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read
Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read

glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC)
glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow
libxml2 - xmlDictAddString Heap Based Buffer Overread
libxml2 - xmlParseEndTag2 Heap Based Buffer Overread
libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread
libxml2 - htmlCurrentChar Heap Based Buffer Overread
Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow
libxml2 - xmlDictAddString Heap Buffer Overread
libxml2 - xmlParseEndTag2 Heap Buffer Overread
libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread
libxml2 - htmlCurrentChar Heap Buffer Overread
Kamailio 4.3.4 - Heap Based Buffer Overflow
Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read
Kamailio 4.3.4 - Heap Buffer Overflow
Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read

Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow
Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow

Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2)
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2)

Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow
Graphite2 - GlyphCache::Loader Heap Based Overreads
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread
Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads
Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow
Graphite2 - GlyphCache::Loader Heap Overreads
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread
Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads

Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption
Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption

Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)
Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074)

Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097)

Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure
Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure

Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow
Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow
Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011)
Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011)

Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011)
Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)

Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)
Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)

SAP SAPCAR 721.510 - Heap-Based Buffer Overflow
SAP SAPCAR 721.510 - Heap Buffer Overflow

Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption
Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption

LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow
LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow

OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow
OpenJPEG - 'mqc.c' Heap Buffer Overflow

tcprewrite - Heap-Based Buffer Overflow
tcprewrite - Heap Buffer Overflow
Dnsmasq < 2.78 - 2-byte Heap-Based Overflow
Dnsmasq < 2.78 - Heap-Based Overflow
Dnsmasq < 2.78 - Stack-Based Overflow
Dnsmasq < 2.78 - 2-byte Heap Overflow
Dnsmasq < 2.78 - Heap Overflow
Dnsmasq < 2.78 - Stack Overflow

binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow
binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow

PHP 7.1.8 - Heap-Based Buffer Overflow
PHP 7.1.8 - Heap Buffer Overflow
QEMU - NBD Server Long Export Name Stack Buffer Overflow
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page

TerminatorX 3.81 - Local Stack Overflow / Privilege Escalation
TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation

BSDi 3.0 inc - Local Buffer Overflow / Privilege Escalation
BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation

RedHat 6.1 - 'man' Local Overflow / Privilege Escalation
RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation

IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Local Privilege Escalation

AIX lquerylv - Local Buffer Overflow / Privilege Escalation
AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation

IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Privilege Escalation
IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Local Privilege Escalation

libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC)
libxml 2.6.12 nanoftp - Buffer Overflow (PoC)

Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Privilege Escalation
Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation

Gopher 3.0.9 - '+VIEWS' Remote Client-Side Buffer Overflow
Gopher 3.0.9 - '+VIEWS' Client-Side Buffer Overflow

XMail 1.21 - '-t' Command Line Option Buffer Overflow / Privilege Escalation
XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation

Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation
Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation

Microsoft Excel - Remote Code Execution
Microsoft Excel - Code Execution
HP-UX 11i - 'swpackage' Local Stack Overflow / Privilege Escalation
HP-UX 11i - 'swmodify' Local Stack Overflow / Privilege Escalation
HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation
HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation

Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation
Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation

News Rover 12.1 Rev 1 - Remote Stack Overflow (1)
News Rover 12.1 Rev 1 - Stack Overflow (1)

News Rover 12.1 Rev 1 - Remote Stack Overflow (2)
News Rover 12.1 Rev 1 - Stack Overflow (2)

FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Privilege Escalation
FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation

Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow
Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow

VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow
VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow

Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit)
Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit)

MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows
MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Buffer Overflows

Libmodplug - 's3m' Remote Buffer Overflow
Libmodplug - 's3m' Buffer Overflow

Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin)
Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin)

EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC)
EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC)

Microsoft Visio 2002 - '.DXF' File Stack based Overflow
Microsoft Visio 2002 - '.DXF' Local Stack Overflow

AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit)
AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit)

CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (SEH) (Metasploit)
CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (SEH) (Metasploit)

CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (Metasploit)
CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (Metasploit)

Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit)
Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit)

Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation
Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Local Privilege Escalation

BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1)
BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3)

S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation
S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Local Privilege Escalation

Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption

SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation
SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation

Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation
Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation

Internet Download Manager - Stack Based Buffer Overflow
Internet Download Manager - Local Stack Buffer Overflow

AFD 1.2.x - Working Directory Local Buffer Overflow / Privilege Escalation
AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation

mcrypt 2.5.8 - Stack Based Overflow
mcrypt 2.5.8 - Local Stack Overflow

Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun

Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow / Privilege Escalation (MS04-020)
Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020)

Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities

Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation (1)
Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1)

Winamp 5.12 - '.m3u' Stack Based Buffer Overflow
Winamp 5.12 - '.m3u' Local Stack Buffer Overflow

RealNetworks RealOne Player/RealPlayer - '.RM' Local Stack Buffer Overflow

KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite
KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite

BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow
BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow

Super Player 3500 - '.m3u' Local Stack Based Buffer Overflow
Super Player 3500 - '.m3u' Local Stack Buffer Overflow

IBM AIX 5.2/5.3 - Capture Command Local Stack Based Buffer Overflow
IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow
MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color()
GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow
MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color()
GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow

MicroP 0.1.1.1600 - '.mppl' Local Stack Based Buffer Overflow
MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow

Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation
Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Local Privilege Escalation

BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP
BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP

Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Privilege Escalation
Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation

BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RET Buffer Overflow
BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow

BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow

Sim Editor 6.6 - Stack Based Buffer Overflow
Sim Editor 6.6 - Local Stack Buffer Overflow

Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022)
Microsoft Word - Local Machine Zone Code Execution (MS15-022)

Symantec Encryption Desktop 10 - Local Buffer Overflow / Privilege Escalation
Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation

AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow
AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow

EasyCafe Server 2.2.14 - Remote File Read
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (1)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (2)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2)

Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042)
Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)

TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow
TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow

NRSS Reader 0.3.9 - Local Stack Based Overflow
NRSS Reader 0.3.9 - Local Stack Overflow

Linux - ecryptfs and /proc/$pid/environ Privilege Escalation
Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation

Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution

Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)
Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)

NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow Callback / Privilege Escalation
NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation

Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout)

Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution
Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution

Man-db 2.6.7.1 - Local Privilege Escalation (PoC)

Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit)
Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit)

Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit)
Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit)

PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution
PDF-XChange Viewer 2.5 Build 314.0 - Code Execution

Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (1)
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1)

Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (2)
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2)
UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape
UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape
Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
macOS High Sierra - Root Privilege Escalation (Metasploit)

lftp 2.6.9 - Remote Stack based Overflow
lftp 2.6.9 - Remote Stack Overflow

BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack/SEH Overflow
BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack Overflow (SEH)

KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC)
KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC)

HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow
HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow

Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit)
Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit)

Citrix Gateway - ActiveX Control Stack Based Buffer Overflow (Metasploit)
Citrix Gateway - ActiveX Control Stack Buffer Overflow (Metasploit)

Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit)
Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack Buffer Overflow (Metasploit)

Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption

Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1)
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2)
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3)
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (1)
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (2)
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (3)

GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (2)
GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2)

Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities

RealNetworks RealOne Player/RealPlayer - '.RM' File Remote Stack Based Buffer Overflow

Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow
Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Buffer Overflow

Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow
Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Buffer Overflow

AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow
AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Buffer Overflow

Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities
Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities

Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow
Vim - 'mch_expand_wildcards()' Heap Buffer Overflow

Acunetix 8 build 20120704 - Remote Stack Based Overflow
Acunetix 8 build 20120704 - Remote Stack Overflow

Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow
Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow

TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Based Buffer Overflow Stub
TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub

glibc - 'getaddrinfo' Stack Based Buffer Overflow
glibc - 'getaddrinfo' Remote Stack Buffer Overflow

BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow

Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities
Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities

R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal
R2/Extreme 1.65 - Stack Buffer Overflow / Directory Traversal

Alligra Calligra - Heap Based Buffer Overflow
Alligra Calligra - Heap Buffer Overflow

Aloaha PDF Suite - Stack Based Buffer Overflow
Aloaha PDF Suite - Remote Stack Buffer Overflow

EasyCafe Server 2.2.14 - Remote File Read

Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution

ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit)
ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit)

Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit)
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit)

pfSense - Authenticated Group Member Remote Command Execution (Metasploit)

Almnzm - 'COOKIE: customer' SQL Injection

Tutorialms 1.4 (show) - SQL Injection
Tutorialms 1.4 - 'show' SQL Injection

osCommerce 2.3.4.1 - Arbitrary File Upload

Knowledge Base Enterprise Edition 4.62.00 - SQL Injection
Knowledge Base Enterprise Edition 4.62.0 - SQL Injection

WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload

phpDolphin 2.0.5 - Multiple Vulnerabilities

OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities

AbanteCart 1.2.7 - Cross-Site Scripting

MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution
EyesOfNetwork (EON) 5.0 - Remote Code Execution
EyesOfNetwork (EON) 5.0 - SQL Injection
EyesOfNetwork (EON) 5.0 - Remote Code Execution
EyesOfNetwork (EON) 5.0 - SQL Injection

ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities

Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution
Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution
phpCollab 2.5.1 - Arbitrary File Upload
phpCollab 2.5.1 - SQL Injection
phpCollab 2.5.1 - Arbitrary File Upload
phpCollab 2.5.1 - SQL Injection

Synology StorageManager 5.2 - Remote Root Command Execution
Synology StorageManager 5.2 - Root Remote Command Execution
WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal
 2017-12-01 10:57:46 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00