exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	ad4b4f15f3	DB: 2018-06-06 11 changes to exploits/shellcodes Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Clone2GO Video converter 2.8.2 - Buffer Overflow 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH) 10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH) WebKitGTK+ < 2.21.3 - Crash (PoC) WebKit - not_number defineProperties UAF (Metasploit) EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting Pagekit < 1.0.13 - Cross-Site Scripting Code Generator Brother HL Series Printers 1.15 - Cross-Site Scripting Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)	2018-06-06 05:01:46 +00:00
Offensive Security	61159b7f3e	DB: 2018-06-05 5 changes to exploits/shellcodes R 3.4.4 - Local Buffer Overflow RGui 3.4.4 - Local Buffer Overflow Zip-n-Go 4.9 - Buffer Overflow (SEH) Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) CyberArk < 10 - Memory Disclosure GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) SearchBlox 8.6.7 - XML External Entity Injection EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting	2018-06-05 05:01:52 +00:00
Offensive Security	c0126aa27f	DB: 2018-05-25 16 changes to exploits/shellcodes DynoRoot DHCP - Client Command Injection DynoRoot DHCP Client - Command Injection Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution Flash ActiveX 18.0.0.194 - Code Execution Microsoft Internet Explorer 11 - javascript Code Execution Flash ActiveX 28.0.0.137 - Code Execution (1) Flash ActiveX 28.0.0.137 - Code Execution (2) GNU glibc < 2.27 - Local Buffer Overflow NewsBee CMS 1.4 - Cross-Site Request Forgery ASP.NET jVideo Kit - 'query' SQL Injection PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting OpenDaylight - SQL Injection Timber 1.1 - Cross-Site Request Forgery Honeywell XL Web Controller - Cross-Site Scripting EU MRV Regulatory Complete Solution 1 - Authentication Bypass Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes) Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)	2018-05-25 05:01:45 +00:00
Offensive Security	54b5ed8407	DB: 2018-05-24 31 changes to exploits/shellcodes WordPress Core - 'load-scripts.php' Denial of Service WordPress Core - 'load-scripts.php' Denial of Service Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free FTPShell Server 6.80 - Denial of Service Siemens SCALANCE S613 - Remote Denial of Service Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH) Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH) WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service FTPShell Server 6.80 - Buffer Overflow (SEH) SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting EasyService Billing 1.0 - 'p1' SQL Injection MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection PHP Dashboards 4.5 - 'email' SQL Injection Mobile Card Selling Platform 1 - Cross-Site Request Forgery PHP Dashboards 4.5 - SQL Injection Online Store System CMS 1.0 - SQL Injection Gigs 2.0 - 'username' SQL Injection GPSTracker 1.0 - 'id' SQL Injection Shipping System CMS 1.0 - SQL Injection Wecodex Store Paypal 1.0 - SQL Injection SAT CFDI 3.3 - SQL Injection School Management System CMS 1.0 - 'username' SQL Injection Library CMS 1.0 - SQL Injection Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection eWallet Online Payment Gateway 2 - Cross-Site Request Forgery Mcard Mobile Card Selling Platform 1 - SQL Injection Honeywell Scada System - Information Disclosure NewsBee CMS 1.4 - Cross-Site Request Forgery SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change WordPress Plugin Peugeot Music - Arbitrary File Upload BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Bind (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) BSD/x86 - Reverse (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Reverse (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Bind (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) FreeBSD/x86 - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Bind TCP Shell Shellcode (Generator) Windows (XP SP1) - Bind TCP Shell Shellcode (Generator) Linux/x86 - Bind (/TCP) Shell Shellcode (Generator) Windows (XP SP1) - Bind (/TCP) Shell Shellcode (Generator) Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Windows - Reverse (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/x64 - Reverse (/TCP) Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/PPC - Reverse (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/SPARC - Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Bind (/TCP) Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Bind (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Reverse (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - Bind (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Reverse (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Reverse (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse (/TCP) Shell Shellcode (90 bytes) (Generator) Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Bind (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Reverse (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x86 - Bind (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x64 - Bind (4444/TCP) Shell Shellcode (132 bytes) NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes) NetBSD/x86 - Reverse (6666/TCP) Shell Shellcode (83 bytes) OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes) OpenBSD/x86 - Bind (6969/TCP) Shell Shellcode (148 bytes) Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/MIPS - Reverse (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shell Shellcode (Generator) Solaris/SPARC - Bind (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - Bind (/TCP) Shell Shellcode (240 bytes) Solaris/x86 - Bind (/TCP) Shell Shellcode (Generator) Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows/x86 (5.0 < 7.0) - Bind (28876/TCP) Shell + Null-Free Shellcode Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode Windows/x86 - Reverse (/TCP) + Download File + Save + Execute Shellcode Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP/2000/2003) - Reverse (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows (XP SP1) - Bind (58821/TCP) Shell Shellcode (116 bytes) FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) FreeBSD/x86 - Bind (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode Linux/x86 - Bind (13377/TCP) Netcat Shell Shellcode Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Reverse (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux/x86 - Bind (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) Linux/x86 - Bind (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes) BSD/x86 - Bind (2525/TCP) Shell Shellcode (167 bytes) Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind (0x1337/TCP) Shell Shellcode Linux/ARM - Bind (68/UDP) Listener + Reverse (192.168.0.1:67/TCP) Shell Shellcode Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) FreeBSD/x86 - Reverse (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/x86 - Reverse (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode OSX/x64 - Universal ROP + Reverse (/TCP) Shell Shellcode Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/MIPS - Reverse (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows/x86 - Bind (/TCP) Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x64 - Bind (4444/TCP) Shell Shellcode (508 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Linux/x86 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode Windows/ARM (RT) - Bind (4444/TCP) Shell Shellcode Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows/x86 - Reverse (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Linux/MIPS (Little Endian) - Reverse (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows/x86 (7) - Bind (4444/TCP) Shell Shellcode (357 bytes) Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Reverse (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Reverse (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes) Linux/x86 - Bind (5555/TCP) Netcat Shell Shellcode (60 bytes) Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) Mainframe/System Z - Bind (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) OSX/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Google Android - Bind (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Bind (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x64 - Reverse (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind (4444/TCP) Shell Shellcode (251 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/ARM - Reverse (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - Reverse (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (86 bytes) Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x64 - Bind TCP Shell Shellcode (Generator) Linux/x86 - Reverse (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x64 - Bind (/TCP) Shell Shellcode (Generator) Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x64 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x86 - Bind (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x64 - Reverse (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind (/TCP) Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x64 - Bind (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86 - Reverse (127.1.1.1:10/TCP) Xterm Shell Shellcode (68 bytes) Linux/x64 - Bind (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x64 - Reverse (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x86 - Bind (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Linux/x86 - Bind (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Bind (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode OSX/PPC - Reverse (/TCP) Shell (/bin/csh) Shellcode OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) OSX/PPC - Bind (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind (2222/TCP) Shell Shellcode (100 bytes) Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind TCP Shell Shellcode Solaris/SPARC - Bind (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind (/TCP) Shell Shellcode Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Bind (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - Reverse (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Bind (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - Bind (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - Bind TCP Shell Shellcode (112 bytes) Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Bind (/TCP) Shell Shellcode (112 bytes) Linux/x86 - Reverse (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Bind (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Windows/x86 (NT/XP/2000/2003) - Bind (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes) Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes) Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows/x86 - Reverse (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Windows/x64 - Reverse (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - Reverse (/TCP) Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x64 - Bind (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (87 bytes) Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse (/TCP) Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind (/TCP) Shell + Dual/Multi Mode Shellcode (156 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x64 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows/x86 - Reverse (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/x86 - Reverse (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) Linux/ARM (Raspberry Pi) - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x64 - Bind (/TCP) Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) FreeBSD/x86 - Bind (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes) IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes) Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Android/ARM - Reverse (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes) Linux/StrongARM - Bind (/TCP) Shell (/bin/sh) Shellcode (203 bytes) Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/SuperH (sh4) - Bind (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - Bind (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/x86 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes) Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes) Linux/x86 - Reverse (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x64 - Reverse (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86 - Reverse (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x64 - Reverse (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x64 - Reverse (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) Linux/ARM (Raspberry Pi) - Bind (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes) Linux/x86 - Bind (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (113 bytes)	2018-05-24 05:01:50 +00:00
Offensive Security	7bbc323854	DB: 2018-05-23 20 changes to exploits/shellcodes Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Microsoft Edge Chakra JIT - Magic Value Type Confusion AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read MakeMyTrip 7.2.4 - Information Disclosure Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit) Microsoft Windows - 'POP/MOV SS' Privilege Escalation Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting Zechat 1.5 - SQL Injection / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Nordex N149/4.0-4.5 - SQL Injection WebSocket Live Chat - Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting PaulPrinting CMS Printing 1.0 - SQL Injection iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery ERPnext 11 - Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Feedy RSS News Ticker 2.0 - 'cat' SQL Injection NewsBee CMS 1.4 - 'download.php' SQL Injection Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting	2018-05-23 05:01:45 +00:00
Offensive Security	42f3759885	DB: 2018-05-21 6 changes to exploits/shellcodes Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass) mySCADA myPRO 7 - Hard-Coded Credentials D-Link DSL-3782 - Authentication Bypass Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection	2018-05-21 05:01:47 +00:00
Offensive Security	41ea196761	DB: 2018-05-19 12 changes to exploits/shellcodes Microsoft Edge - 'Array.filter' Info Leak Microsoft Edge - 'Array.filter' Information Leak Microsoft Edge Chakra JIT - Bound Check Elimination Bug Windows - Local Privilege Escalation Windows WMI - Recieve Notification Exploit (Metasploit) Microsoft Windows - Local Privilege Escalation Microsoft Windows WMI - Recieve Notification Exploit (Metasploit) Microsoft Xbox One 10.0.14393.2152 - Code Execution (PoC) Prime95 29.4b8 - Stack Buffer Overflow (SEH) DynoRoot DHCP - Client Command Injection Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit) Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution Microsoft Edge (Windows 10) - 'chakra.dll' Information Leak / Type Confusion Remote Code Execution Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010) Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010) HPE iMC 7.3 - Remote Code Execution (Metasploit) Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Monstra CMS before 3.0.4 - Cross-Site Scripting SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Cisco SA520W Security Appliance - Path Traversal SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion	2018-05-19 05:01:48 +00:00
Offensive Security	1873a7d234	DB: 2018-05-17 12 changes to exploits/shellcodes WhatsApp 2.18.31 - Memory Corruption Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Libuser - roothelper Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery VirtueMart 3.1.14 - Persistent Cross-Site Scripting Rockwell Scada System 27.011 - Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting	2018-05-17 05:01:47 +00:00
Offensive Security	2d5885c58b	DB: 2018-05-15 5 changes to exploits/shellcodes 2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service FxCop 10/12 - XML External Entity Injection Microsoft Windows FxCop 10/12 - XML External Entity Injection Apple Safari 3.2.x - 'XXE' Local File Theft Apple Safari 3.2.x - XML External Entity Local File Theft Open-AudIT Community - 2.2.0 – Cross-Site Scripting Open-AudIT Community 2.2.0 - Cross-Site Scripting Monstra CMS 3.0.4 - Remote Code Execution XATABoost 1.0.0 - SQL Injection Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell Shellcode (96 Bytes)	2018-05-15 05:01:47 +00:00
Offensive Security	7788a305c5	DB: 2018-05-12 6 changes to exploits/shellcodes 2345 Security Guard 3.7 - Denial of Service 2345 Security Guard 3.7 - '2345NetFirewall.sys' Denial of Service 2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service Reaper 5.78 - Local Buffer Overflow EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection Mantis 1.1.3 - manage_proj_page PHP Code Execution (Metasploit) Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) Open-AudIT Professional - 2.1.1 - Cross-Site Scripting Ncomputing vSpace Pro v10 and v11 - Directory Traversal PoC Ncomputing vSpace Pro 10/11 - Directory Traversal Fastweb FASTGate 0.00.47 - Cross-site Request Forgery Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery Open-AudIT Community - 2.2.0 – Cross-Site Scripting	2018-05-12 05:01:46 +00:00
Offensive Security	017887466c	DB: 2018-05-10 4 changes to exploits/shellcodes Allok Video Splitter 3.1.12.17 - Denial of Service GNU wget - Cookie Injection FxCop 10/12 - XML External Entity Injection Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit) PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - sendfromfile.php Authenticated _Filename_ Field Code Execution (Metasploit) Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit) PlaySMS - 'import.php' Authenticated CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit) Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)	2018-05-10 05:01:46 +00:00
Offensive Security	a066ef9212	DB: 2018-05-07 11 changes to exploits/shellcodes HWiNFO 5.82-3410 - Denial of Service DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH) CSP MySQL User Manager 2.3.1 - Authentication Bypass WordPress Plugin User Role Editor < 4.25 - Privilege Escalation Linux/x86 - execve(/bin/sh) NOT Encoded Shellcode (27 bytes)	2018-05-07 05:01:44 +00:00
Offensive Security	813a3efbb5	DB: 2018-05-04 20 changes to exploits/shellcodes Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow Jnes 1.0.2 - Stack Buffer Overflow Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow netek 0.8.2 - Denial of Service Cisco Smart Install - Crash (PoC) Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Local Privilege Escalation (1) Linux Kernel 2.6.32 < 3.x (CentOS 5/6) - 'PERF_EVENTS' Local Privilege Escalation (1) Adobe Reader PDF - Client Side Request Injection Windows - Local Privilege Escalation Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit) Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit) Adobe Flash < 28.0.0.161 - Use-After-Free Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC) GPON Routers - Authentication Bypass / Command Injection TBK DVR4104 / DVR4216 - Credentials Leak Call of Duty Modern Warefare 2 - Buffer Overflow Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion Squirrelcart 1.x - 'cart.php' Remote File Inclusion Infinity 2.x.x - options[style_dir] Local File Disclosure Infinity 2.x - 'options[style_dir]' Local File Disclosure PHP-Nuke 8.x.x - Blind SQL Injection PHP-Nuke 8.x - Blind SQL Injection WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - 'cart.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x.x - 'clientarea.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x - 'clientarea.php' Local File Disclosure Ajax Availability Calendar 3.x.x - Multiple Vulnerabilities Ajax Availability Calendar 3.x - Multiple Vulnerabilities vBulletin vBSEO 4.x.x - 'visitormessage.php' Remote Code Injection vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection WordPress Theme Photocrati 4.x.x - SQL Injection / Cross-Site Scripting WordPress Theme Photocrati 4.x - SQL Injection / Cross-Site Scripting Subrion 3.X.x - Multiple Vulnerabilities Subrion 3.x - Multiple Vulnerabilities Ciuis CRM 1.0.7 - SQL Injection LifeSize ClearSea 3.1.4 - Directory Traversal WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting DLINK DCS-5020L - Remote Code Execution (PoC) Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection	2018-05-04 05:01:47 +00:00
Offensive Security	be89b7c04a	DB: 2018-05-03 11 changes to exploits/shellcodes WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free LibreOffice/Open Office - '.odt' Information Disclosure Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) ASUS infosvr - Auth Bypass Command Execution (Metasploit) ASUS infosvr - Authentication Bypass Command Execution (Metasploit) Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit) xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit) Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit) Metasploit Framework - 'msfd' Remote Code Execution (Metasploit) Exim < 4.90.1 - 'base64d' Remote Code Execution Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit) Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery	2018-05-03 05:01:45 +00:00
Offensive Security	b1f00227f1	DB: 2018-04-27 12 changes to exploits/shellcodes Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH) Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH) Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow Shopy Point of Sale v1.0 - CSV Injection Shopy Point of Sale 1.0 - CSV Injection Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC) Blog Master Pro v1.0 - CSV Injection HRSALE The Ultimate HRM v1.0.2 - CSV Injection HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection Blog Master Pro 1.0 - CSV Injection HRSALE The Ultimate HRM 1.0.2 - CSV Injection HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting GitList 0.6 - Unauthenticated Remote Code Execution TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot Frog CMS 0.9.5 - Persistent Cross-Site Scripting	2018-04-27 05:01:49 +00:00
Offensive Security	c249d94cb7	DB: 2018-04-25 28 changes to exploits/shellcodes gif2apng 1.9 - '.gif' Stack Buffer Overflow VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC) Kaspersky KSN for Linux 5.2 - Memory Corruption Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service Adobe Flash - Overflow when Playing Sound Adobe Flash - Overflow in Slab Rendering Adobe Flash - Info Leak in Image Inflation Adobe Flash - Out-of-Bounds Write in blur Filtering Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion R 3.4.4 - Local Buffer Overflow Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH) lastore-daemon D-Bus - Privilege Escalation (Metasploit) Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass) ASUS infosvr - Auth Bypass Command Execution (Metasploit) UK Cookie Consent - Persistent Cross-Site Scripting WUZHI CMS 4.1.0 - Cross-Site Request Forgery Open-AudIT 2.1 - CSV Macro Injection Monstra CMS 3.0.4 - Arbitrary Folder Deletion Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes) Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes) Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes) Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)	2018-04-25 05:01:39 +00:00
Offensive Security	d0cba5625f	DB: 2018-04-18 12 changes to exploits/shellcodes Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017) Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039) D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Joomla! Component jDownloads 3.2.58 - Cross Site Scripting	2018-04-18 05:01:47 +00:00
Offensive Security	f34469db27	DB: 2018-04-17 17 changes to exploits/shellcodes Barco ClickShare CSE-200 - Remote Denial of Service Microsoft Windows - 'nt!NtQueryFullAttributesFile' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryAttributesFile' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryVolumeInformationFile' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQuerySystemInformation (SystemPageFileInformation(Ex))' Kernel 64-bit Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation)' Kernel Pool Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessImageFileName)' Kernel 64-bit Pool/Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation)' Kernel 64-bit Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryVirtualMemory (MemoryImageInformation)' Kernel 64-bit Stack Memory Disclosure Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix Microsoft Edge - 'OpenProcess()' ACG Bypass Zortam MP3 Media Studio 23.45 - Local Buffer Overflow (SEH) SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH) CloudMe Sync 1.11.0 - Local Buffer Overflow Cobub Razor 0.8.0 - SQL injection Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference	2018-04-17 05:01:45 +00:00
Offensive Security	c91cad5a90	DB: 2018-04-10 19 changes to exploits/shellcodes WebKit - WebAssembly Parsing Does not Correctly Check Section Order CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure H2 Database - 'Alias' Arbitrary Code Execution GoldWave 5.70 - Local Buffer Overflow (SEH Unicode) PMS 0.42 - Local Stack-Based Overflow (ROP) Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution WolfCMS 0.8.3.1 - Cross Site Request Forgery Cobub Razor 0.7.2 - Add New Superuser Account MyBB Plugin Recent Threads On Index - Cross-Site Scripting WolfCMS 0.8.3.1 - Open Redirection Yahei PHP Prober 0.4.7 - Cross-Site Scripting WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution iScripts SonicBB 1.0 - Reflected Cross-Site Scripting WordPress Plugin Google Drive 2.2 - Remote Code Execution	2018-04-10 05:01:53 +00:00
Offensive Security	4088e4151b	DB: 2018-04-07 6 changes to exploits/shellcodes Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption LineageOS 14.1 Blueborne - Remote Code Execution FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass DotNetNuke DNNarticle Module 11 - Directory Traversal Cobub Razor 0.7.2 - Cross Site Request Forgery	2018-04-07 05:01:44 +00:00
Offensive Security	b6b60b70e9	DB: 2018-04-03 11 changes to exploits/shellcodes WebLog Expert Enterprise 9.4 - Privilege Escalation Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC) Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC) Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User) WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery WampServer 3.1.2 - Cross-Site Request Forgery VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials DLink DIR-601 - Admin Password Disclosure OpenCMS 10.5.3 - Cross-Site Request Forgery OpenCMS 10.5.3 - Cross-Site Scripting Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change	2018-04-03 05:01:54 +00:00
Offensive Security	a13c4ea572	DB: 2018-03-31 23 changes to exploits/shellcodes SysGauge 4.5.18 - Local Denial of Service Systematic SitAware - NVG Denial of Service Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH) Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow osTicket 1.10 - SQL Injection osTicket 1.10 - SQL Injection (PoC) Open-AuditIT Professional 2.1 - Cross-Site Request Forgery Homematic CCU2 2.29.23 - Arbitrary File Write MiniCMS 1.10 - Cross-Site Request Forgery WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection Homematic CCU2 2.29.23 - Remote Command Execution Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection Joomla! Component AcySMS 3.5.0 - CSV Macro Injection WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change osCommerce 2.3.4.1 - Remote Code Execution Tenda W316R Wireless Router 5.07.50 - Remote DNS Change D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit) Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)	2018-03-31 05:01:49 +00:00
Offensive Security	285f79e70e	DB: 2018-03-27 4 changes to exploits/shellcodes Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve ) Crashmail 1.6 - Stack-Based Buffer Overflow (ROP) Fast AVI MPEG Splitter 1.2 - Stack-Based Buffer Overflow LabF nfsAxe 3.7 - Privilege Escalation Acrolinx Server < 5.2.5 - Directory Traversal Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass Laravel Log Viewer < 0.13.0 - Local File Download Linux/x86 - EggHunter Shellcode (11 Bytes) Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)	2018-03-27 05:01:50 +00:00
Offensive Security	e3fb91f1d7	DB: 2018-03-24 14 changes to exploits/shellcodes Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Dell EMC NetWorker - Denial of Service WM Recorder 16.8.1 - Denial of Service Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve ) Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH) Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery XenForo 2 - CSS Loader Denial of Service MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion Linux/x86 - EggHunter Shellcode (11 Bytes)	2018-03-24 05:01:48 +00:00
Offensive Security	dd3b710ae8	DB: 2018-03-21 14 changes to exploits/shellcodes Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit Pool Memory Disclosure Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit Stack Memory Disclosure Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory Disclosure Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure Internet Explorer - 'RegExp.lastMatch' Memory Disclosure Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation Microsoft Windows - Desktop Bridge VFS Privilege Escalation Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Escalation Intelbras Telefone IP TIP200 LITE - Local File Disclosure Vehicle Sales Management System - Multiple Vulnerabilities Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)	2018-03-21 05:01:50 +00:00
Offensive Security	5947825a84	DB: 2018-03-10 15 changes to exploits/shellcodes uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service μTorrent (uTorrent) / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC) μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC) uTorrent WebUI 0.370 - Authorisation Header Denial of Service μTorrent (uTorrent) WebUI 0.370 - Authorisation Header Denial of Service Memcached - 'memcrashed' Denial of Service Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2) Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1) Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service WebLog Expert Enterprise 9.4 - Denial of Service uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking uTorrent 2.0.3 - DLL Hijacking μTorrent (uTorrent) 2.0.3 - DLL Hijacking iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow Microsoft Office - 'Composite Moniker Remote Code Execution Mozilla Firefox - Address Bar Spoofing Tor (Firefox 41 < 50) - Code Execution Chrome 35.0.1916.153 - Sandbox Escape / Command Execution WebLog Expert Enterprise 9.4 - Authentication Bypass uTorrent 1.6 build 474 - 'announce' Key Remote Heap Overflow μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution Werkzeug - 'Debug Shell' Command Execution TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal toronja CMS - SQL Injection Toronja CMS - SQL Injection uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery μTorrent (uTorrent) WebUI 0.310 Beta 2 - Cross-Site Request Forgery tinybrowser - 'tinybrowser.php' Directory Listing tinybrowser - 'edit.php' Directory Listing TinyBrowser - 'tinybrowser.php' Directory Listing TinyBrowser - 'edit.php' Directory Listing Xoops 2.5.7.2 - Directory Traversal Bypass XOOPS 2.5.7.2 - Directory Traversal Bypass SAP BusinessObjects launch pad - Server-Side Request Forgery antMan < 0.9.1a - Authentication Bypass Bacula-Web < 8.0.0-rc2 - SQL Injection	2018-03-10 05:01:50 +00:00
Offensive Security	6a017b10c8	DB: 2018-03-06 12 changes to exploits/shellcodes Suricata < 4.0.4 - IDS Detection Bypass ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploit Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow Sophos UTM 9.410 - 'loginuser' 'confd' Service Privilege Escalation Papenmeier WiFi Baby Monitor Free & Lite < 2.02.2 - Remote Audio Record NETGEAR - 'TelnetEnable' Magic Packet (Metasploit) Joomla! Component Joomanager 2.0.0 - Arbitrary File Download Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download (PoC) Parallels Remote Application Server 15.5 - Path Traversal ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download	2018-03-06 05:01:50 +00:00
Offensive Security	ba1d29bdd6	DB: 2018-03-03 13 changes to exploits/shellcodes SEGGER embOS/IP FTP Server 3.22 - Denial of Service DualDesk 20 - 'Proxy.exe' Denial of Service Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak Apple iOS - '.pdf' Local Privilege Escalation 'Jailbreak' Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow 'Jailbreak' ASX to MP3 Converter 1.82.50 - '.asx' Local Stack Overflow ASX to MP3 Converter 1.82.50 (Windows XP SP3) - '.asx' Local Stack Overflow Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader) Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'namedobj ' Kernel Loader IrfanView 4.44 Email Plugin - Buffer Overflow (SEH) IrfanView 4.50 Email Plugin - Buffer Overflow (SEH Unicode) Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC) Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC) ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation 'Jailbreak' Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55) Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' WebKit 5.01 / 'bpf' Kernel Loader 4.55 TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Joomla! 3.7 - SQL Injection Posnic Stock Management System - SQL Injection WordPress Plugin Polls 1.2.4 - SQL Injection (PoC) WordPress Plugin UPM-POLLS 1.0.4 - Blind SQL Injection WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection D-Link DIR-600M Wireless - Cross-Site Scripting uWSGI < 2.0.17 - Directory Traversal	2018-03-03 05:01:47 +00:00
Offensive Security	6885f2dcc7	DB: 2018-03-01 26 changes to exploits/shellcodes Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC) FreeBSD Kernel (FreeBSD 10.2 < 10.3 x64) - 'SETFKEY' (PoC) FreeBSD Kernel (FreeBSD 10.2 x64) - 'sendmsg' Kernel Heap Overflow (PoC) Apple iOS 11.2.5 / watchOS 4.2.2 / tvOS 11.2.5 - 'bluetoothd' Memory Corruption Apple iOS - '.pdf' Jailbreak Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak Foxit Reader 4.0 - '.pdf' Jailbreak Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' File Handling Local Command Execution Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution Sony Playstation 4 4.05 FW - Local Kernel Loader Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader) Sony Playstation 4 4.55 FW - Local Kernel Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC) Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC) Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC) Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC) WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Linux Kernel - 'BadIRET' Local Privilege Escalation Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader Nintendo Switch - WebKit Code Execution (PoC) Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55) EPIC MyChart - SQL Injection EPIC MyChart - X-Path Injection Routers2 2.24 - Cross-Site Scripting	2018-03-01 05:01:48 +00:00
Offensive Security	7a33f5d0bf	DB: 2018-02-23 15 changes to exploits/shellcodes NoMachine x86 < 6.0.80 - 'nxfuse' Privilege Escalation NoMachine x64 < 6.0.80 - 'nxfuse' Privilege Escalation Armadito Antivirus 0.12.7.2 - Detection Bypass Joomla! Component CW Tags 2.0.6 - SQL Injection Joomla! Component Proclaim 9.1.1 - Backup File Download Joomla! Component PrayerCenter 3.0.2 - 'sessionid' SQL Injection Joomla! Component Ek Rishta 2.9 - SQL Injection Joomla! Component Alexandria Book Library 3.1.2 - 'letter' SQL Injection Joomla! Component CheckList 1.1.1 - SQL Injection Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities Learning and Examination Management System - Cross-Site Scripting Alibaba Clone Script 1.0.2 - Cross-Site Scripting Groupon Clone Script 3.0.2 - Cross-Site Scripting	2018-02-23 05:01:47 +00:00
Offensive Security	b5d3581200	DB: 2018-02-21 8 changes to exploits/shellcodes Easy Karaokay Player 3.3.31 - '.wav' Integer Division by Zero Ofilter Player 1.1 - '.wav' Integer Division by Zero Wireshark 1.10.7 - Denial of Service (PoC) ZTE / TP-Link RomPager - Denial of Service Exif Pilot 4.7.2 - Buffer Overflow (SEH) InfraRecorder - '.m3u' File Buffer Overflow (PoC) MySQL 5.5.45 - procedure analyse Function Denial of Service Microsoft Windows Kernel - 'nt!RtlpCopyLegacyContextX86' Stack Memory Disclosure Microsoft Internet Explorer 11 - 'Js::RegexHelper::RegexReplace' Use-After-Free Sim Editor 6.6 - Local Stack Buffer Overflow Microsoft Windows - Global Reparse Point Security Feature Bypass/Elevation of Privilege Microsoft Windows - NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Microsoft Windows - Constrained Impersonation Capability Privilege Escalation MagniComp SysInfo - mcsiwrapper Privilege Escalation (Metasploit) Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation utorrent - JSON-RPC Remote Code Execution / Information Disclosure ZTE WXV10 W300 - Multiple Vulnerabilities Moodle 2.7 - Persistent Cross-Site Scripting D-Link DIR-615 - Multiple Vulnerabilities CMS Made Simple 2.1.6 - Multiple Vulnerabilities Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes)	2018-02-21 05:01:48 +00:00
Offensive Security	e630f8c249	DB: 2018-02-16 45 changes to exploits/shellcodes Cisco ASA - Crash PoC Cisco ASA - Crash (PoC) GNU binutils 2.26.1 - Integer Overflow (POC) GNU binutils 2.26.1 - Integer Overflow (PoC) K7 Total Security 15.1.0.305 - Device Driver Arbitrary Memory Read Linux Kernel - 'AF_PACKET' Use-After-Free Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly (2) Microsoft Edge Chakra JIT - Memory Corruption Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions Microsoft Edge Chakra JIT - 'Array.prototype.reverse' Array Type Confusion Microsoft Edge Chakra JIT - 'NewScObjectNoCtor' Array Type Confusion Microsoft Edge Chakra JIT - 'LdThis' Type Confusion Pdfium - Pattern Shading Integer Overflows Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace Chrome V8 - 'Runtime_RegExpReplace' Integer Overflow Hotspot Shield - Information Disclosure Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation Nitro Pro PDF - Multiple Vulnerabilities Odoo CRM 10.0 - Code Execution Dashlane - DLL Hijacking LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation LightDM (Ubuntu 16.04/16.10) - 'Guest Account' Local Privilege Escalation Trustwave SWG 11.8.0.27 - SSH Unauthorized Access Ichano AtHome IP Cameras - Multiple Vulnerabilities Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution Ikraus Anti Virus 2.16.7 - Remote Code Execution McAfee Security Scan Plus - Remote Command Execution OrientDB - Code Execution 360 Total Security - Local Privilege Escalation HPE Intelligent Management Center (iMC) 7.2 (E0403P10) - Code Execution Oracle Knowledge Management 12.1.1 < 12.2.5 - XML External Entity Leading To Remote Code Execution iBall WRA150N - Multiple Vulnerabilities GitStack - Unauthenticated Remote Code Execution Monstra CMS - Remote Code Execution Ametys CMS 4.0.2 - Unauthenticated Password Reset DblTek - Multiple Vulnerabilities FiberHome - Directory Traversal PHP Melody 2.7.3 - Multiple Vulnerabilities Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure Horde Groupware 5.2.21 - Unauthorized File Download QNAP HelpDesk < 1.1.12 - SQL Injection Hanbanggaoke IP Camera - Arbitrary Password Change McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution Sophos XG Firewall 16.05.4 MR-4 - Path Traversal Cisco DPC3928 Router - Arbitrary File Disclosure IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities Geneko Routers - Unauthenticated Path Traversal Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution	2018-02-16 05:01:50 +00:00
Offensive Security	2c4b08963a	DB: 2018-02-08 25 changes to exploits/shellcodes QNAP NAS Devices - Heap Overflow QNAP NVR/NAS - Buffer Overflow (PoC) QNAP NVR/NAS Devices - Buffer Overflow (PoC) Cisco ASA - Crash PoC Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption Android - 'getpidcon' Permission Bypass in KeyStore Service Multiple OEM - 'nsd' Remote Stack Format String (PoC) HP-UX 11.0 - pppd Stack Buffer Overflow HP-UX 11.0 - 'pppd' Local Stack Buffer Overflow SGI IRIX - 'LsD' Multiple Buffer Overflows SGI IRIX - 'LsD' Multiple Local Buffer Overflows PostScript Utilities - 'psnup' Argument Buffer Overflow PostScript Utilities - 'psnup' Local Buffer Overflow Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflows Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Local Buffer Overflows MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access Geovision Inc. IP Camera & Video - Remote Command Execution Axis SSI - Remote Command Execution / Read Files Axis Communications MPQT/PACS - Heap Overflow / Information Leakage Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable TelnetD Uniview - Remote Command Execution / Export Config (PoC) Vitek - Remote Command Execution / Information Disclosure (PoC) Vivotek IP Cameras - Remote Stack Overflow (PoC) Dahua Generation 2/3 - Backdoor Access HiSilicon DVR Devices - Remote Code Execution JiRos Banner Experience 1.0 - Unauthorised Create Admin JiRos Banner Experience 1.0 - Unauthorized Create Admin Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting Naukri Clone Script - Persistent Cross-Site Scripting Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting Online Test Script 2.0.7 - 'cid' SQL Injection Entrepreneur Dating Script 2.0.2 - Authentication Bypass	2018-02-08 05:01:53 +00:00
Offensive Security	efd633079a	DB: 2018-02-06 19 changes to exploits/shellcodes WordPress Core - 'load-scripts.php' Denial of Service Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow (PoC) Claymore Dual GPU Miner 10.5 - Format String Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit) MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation BOCHS 2.6-5 - Buffer Overflow Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010) Wonder CMS 2.3.1 - Unrestricted File Upload Wonder CMS 2.3.1 - 'Host' Header Injection Matrimonial Website Script 2.1.6 - 'uid' SQL Injection NixCMS 1.0 - 'category_id' SQL Injection Online Voting System - Authentication Bypass Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection Joomla! Component Zh YandexMap 6.2.1.0 - 'id' SQL Injection Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection Joomla! Component jLike 1.0 - Information Leak Joomla! Component JSP Tickets 1.1 - SQL Injection Student Profile Management System Script 2.0.6 - Authentication Bypass Netis WF2419 Router - Cross-Site Scripting Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)	2018-02-06 05:01:50 +00:00
Offensive Security	d12dffd438	DB: 2018-02-03 21 changes to exploits/shellcodes Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection Event Manager 1.0 - SQL Injection Fancy Clone Script - 'search_browse_product' SQL Injection Real Estate Custom Script - 'route' SQL Injection Advance Loan Management System - 'id' SQL Injection IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload Joomla! Component JMS Music 1.1.1 - SQL Injection Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal FiberHome AN5506 - Unauthenticated Remote DNS Change Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes) Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator) Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode	2018-02-03 05:01:48 +00:00
Offensive Security	62ce2d17ed	DB: 2018-01-31 8 changes to exploits/shellcodes LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow System Shield 5.0.0.136 - Privilege Escalation HPE iMC 7.3 - RMI Java Deserialization Advantech WebAccess < 8.3 - SQL Injection Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure	2018-01-31 05:01:49 +00:00
Offensive Security	d1b70e7a13	DB: 2018-01-25 8 changes to exploits/shellcodes RAVPower 2.000.056 - Memory Disclosure Acunetix WVS 10 - Local Privilege Escalation Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit) Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape Blizzard Update Agent - JSON RPC DNS Rebinding NoMachine 5.3.9 - Local Privilege Escalation Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1) Acunetix WVS 10 - Remote Command Execution RAVPower 2.000.056 - Root Remote Code Execution Kaltura - Remote PHP Code Execution over Cookie (Metasploit) GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit) Vodafone Mobile Wifi - Reset Admin Password Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution Professional Local Directory Script 1.0 - SQL Injection WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure	2018-01-25 05:01:47 +00:00
Offensive Security	a02c2710c9	DB: 2018-01-24 15 changes to exploits/shellcodes MixPad 5.00 - Buffer Overflow RAVPower 2.000.056 - Memory Disclosure HP Connected Backup 8.6/8.8.6 - Local Privilege Escalation CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download LiveCRM SaaS Cloud 1.0 - SQL Injection Affiligator 2.1.0 - SQL Injection RSVP Invitation Online 1.0 - Cross-Site Request Forgery (Update Admin) Easy Car Script 2014 - SQL Injection Wchat 1.5 - SQL Injection Zechat 1.5 - SQL Injection Tumder 2.1 - SQL Injection Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin) Quickad 4.0 - SQL Injection Flexible Poll 1.2 - SQL Injection	2018-01-24 05:01:58 +00:00
Offensive Security	bfebc3fa5a	DB: 2018-01-20 62 changes to exploits/shellcodes macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability' Peercast < 0.1211 - Format String Trillian Pro < 2.01 - Design Error dbPowerAmp < 2.0/10.0 - Buffer Overflow PsychoStats < 2.2.4 Beta - Cross Site Scripting MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution GitStack 2.3.10 - Unauthenticated Remote Code Execution Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection (PoC) Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC) Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities DUWare Multiple Products - Multiple Vulnerabilities AutoRank PHP < 2.0.4 - SQL Injection (PoC) ASPapp Multiple Products - Multiple Vulnerabilities osCommerce < 2.2-MS2 - Multiple Vulnerabilities PostNuke < 0.726 Phoenix - Multiple Vulnerabilities MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities phpGedView < 2.65 beta 5 - Multiple Vulnerabilities phpShop < 0.6.1-b - Multiple Vulnerabilities Invision Power Board (IP.Board) < 1.3 - SQL Injection phpBB < 2.0.6d - Cross Site Scripting Phorum < 5.0.3 Beta - Cross Site Scripting vBulletin < 3.0.0 RC4 - Cross Site Scripting Mambo < 4.5 - Multiple Vulnerabilities phpBB < 2.0.7a - Multiple Vulnerabilities Invision Power Top Site List < 1.1 RC 2 - SQL Injection Invision Gallery < 1.0.1 - SQL Injection PhotoPost < 4.6 - Multiple Vulnerabilities TikiWiki < 1.8.1 - Multiple Vulnerabilities phpBugTracker < 0.9.1 - Multiple Vulnerabilities OpenBB < 1.0.6 - Multiple Vulnerabilities PHPX < 3.26 - Multiple Vulnerabilities Invision Power Board (IP.Board) < 1.3.1 - Design Error HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities LiveWorld Multiple Products - Cross Site Scripting WHM.AutoPilot < 2.4.6.5 - Multiple Vulnerabilities PHP-Calendar < 0.10.1 - Arbitrary File Inclusion PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities ReviewPost < 2.84 - Multiple Vulnerabilities PhotoPost < 4.85 - Multiple Vulnerabilities AZBB < 1.0.07d - Multiple Vulnerabilities Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities Burning Board < 2.3.1 - SQL Injection XOOPS < 2.0.11 - Multiple Vulnerabilities PEAR XML_RPC < 1.3.0 - Remote Code Execution PHPXMLRPC < 1.1 - Remote Code Execution SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite XPCOM - Race Condition ADOdb < 4.71 - Cross Site Scripting Geeklog < 1.4.0 - Multiple Vulnerabilities PEAR LiveUser < 0.16.8 - Arbitrary File Access Mambo < 4.5.3h - Multiple Vulnerabilities phpRPC < 0.7 - Remote Code Execution Gallery 2 < 2.0.2 - Multiple Vulnerabilities PHPLib < 7.4 - SQL Injection SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite CubeCart < 3.0.12 - Multiple Vulnerabilities Claroline < 1.7.7 - Arbitrary File Inclusion X-Cart < 4.1.3 - Arbitrary Variable Overwrite Mambo < 4.5.4 - SQL Injection Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities D-Link DNS-343 ShareCenter < 1.05 - Command Injection D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)	2018-01-20 05:01:49 +00:00
Offensive Security	a7ddd8282b	DB: 2018-01-11 28 changes to exploits/shellcodes Multiple CPUs - Information Leak Using Speculative Execution Microsoft Edge Chakra JIT - 'Lowerer::LowerSetConcatStrMultiItem' Missing Integer Overflow Check Jungo Windriver 12.5.1 - Privilege Escalation DiskBoss Enterprise 8.8.16 - Buffer Overflow HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit) HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit) Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit) Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure Muviko 1.1 - SQL Injection WordPress Plugin Events Calendar - 'event_id' SQL Injection WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery / Privilege Escalation WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind TCP Shell (31337/TCP) Shellcode (94 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes) BSD/x86 - execve(/bin/cat /etc/master.passwd) \| mail root@localhost Shellcode (92 bytes) FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes) FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes) Linux/x86 - execve /bin/dash Shellcode (30 bytes) Alpha - /bin/sh Shellcode (80 bytes) Alpha - execve() Shellcode (112 bytes) Alpha - setuid() Shellcode (156 bytes) BSD/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh_) Shellcode (36 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)	2018-01-11 05:02:24 +00:00
Offensive Security	ffa8e63e25	DB: 2018-01-10 10 changes to exploits/shellcodes Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined JavaScript Functions Microsoft Edge Chakra JIT - BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert Branches Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read Microsoft Windows - 'nt!NtQuerySystemInformation (information class 138_ QueryMemoryTopologyInformation)' Kernel Pool Memory Disclosure Android - Inter-Process munmap due to Race Condition in ashmem Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76_ QueryProcessEnergyValues)' Kernel Stack Memory Disclosure Microsoft Edge Chakra JIT - Escape Analysis Bug Microsoft Windows - Local XPS Print Spooler Sandbox Escape Commvault Communications Service (cvd) - Command Injection (Metasploit) osCommerce 2.2 - SQL Injection	2018-01-10 05:02:14 +00:00
Offensive Security	2d8b561a5d	DB: 2018-01-09 26 changes to exploits/shellcodes Need for Speed 2 - Remote Client Buffer Overflow Need for Speed 2 - Remote Client Buffer Overflow (PoC) Red Faction 1.20 - Server Reply Remote Buffer Overflow Red Faction 1.20 - Server Reply Remote Buffer Overflow (PoC) Medal of Honor - Remote Buffer Overflow Medal of Honor - Remote Buffer Overflow (PoC) Monolith Games - Local Buffer Overflow Monolith Games - Local Buffer Overflow (PoC) BaSoMail - Multiple Buffer Overflow Denial of Service Vulnerabilities BaSoMail - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities Orbz Game 2.10 - Remote Buffer Overflow Orbz Game 2.10 - Remote Buffer Overflow (PoC) Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow (PoC) KNet Web Server 1.04c - Buffer Overflow Denial of Service KNet Web Server 1.04c - Buffer Overflow (Denial of Service) (PoC) ProRat Server 1.9 (Fix-2) - Buffer Overflow Crash ProRat Server 1.9 (Fix-2) - Buffer Overflow / Crash (PoC) Mozilla Products - 'Host:' Buffer Overflow Denial of Service String Mozilla Products - 'Host:' Buffer Overflow (Denial of Service) (PoC) String Virtools Web Player 3.0.0.100 - Buffer Overflow Denial of Service Virtools Web Player 3.0.0.100 - Buffer Overflow (Denial of Service) (PoC) FlatFrag 0.3 - Buffer Overflow / Denial of Service FlatFrag 0.3 - Buffer Overflow (Denial of Service) (PoC) zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC) TinyFTPD 1.4 - 'USER' Remote Buffer Overflow Denial of Service TinyFTPD 1.4 - 'USER' Remote Buffer Overflow (Denial of Service) (PoC) Genecys 0.2 - Buffer Overflow / NULL pointer Denial of Service Genecys 0.2 - Buffer Overflow / NULL Pointer (Denial of Service) PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow Denial of Service PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC) FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow Denial of Service FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow (Denial of Service) (PoC) Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow Denial of Service Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC) TFTP Server 1.3 - Remote Buffer Overflow Denial of Service TFTP Server 1.3 - Remote Buffer Overflow (Denial of Service) (PoC) LeadTools Raster - Dialog File_D Object Remote Buffer Overflow LeadTools Raster - Dialog File_D Object Remote Buffer Overflow (PoC) LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow (PoC) Xserver 0.1 Alpha - POST Remote Buffer Overflow Xserver 0.1 Alpha - 'POST' Remote Buffer Overflow (PoC) Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC) Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow / Denial of Service Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC) Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow Denial of Service Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC) Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) (PoC) Printoxx - Local Buffer Overflow Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC) Printoxx - Local Buffer Overflow (PoC) Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC) Apollo Player 37.0.0.0 - '.aap' Buffer Overflow Denial of Service Apollo Player 37.0.0.0 - '.aap' Buffer Overflow (Denial of Service) (PoC) Switch Sound File Converter - '.mpga' Buffer Overflow Denial of Service Switch Sound File Converter - '.mpga' Buffer Overflow (Denial of Service) (PoC) Wireshark 1.2.5 - LWRES getaddrbyname Stack Buffer Overflow Xerox Workcenter 4150 - Remote Buffer Overflow Wireshark 1.2.5 - 'LWRES getaddrbyname' Stack Buffer Overflow (PoC) Xerox Workcenter 4150 - Remote Buffer Overflow (PoC) iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service iPhone / iTouch FtpDisc 1.0 - Buffer Overflow (Denial of Service) (PoC) Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow (PoC) Mocha LPD 1.9 - Remote Buffer Overflow Denial of Service (PoC) FontForge - '.BDF' Font File Stack Buffer Overflow Mocha LPD 1.9 - Remote Buffer Overflow (Denial of Service) (PoC) FontForge - '.BDF' Font File Stack Buffer Overflow (PoC) Multiple Vendor AgentX++ - Stack Buffer Overflow Multiple Vendor AgentX++ - Stack Buffer Overflow (PoC) Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow (PoC) Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow (PoC) FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow (PoC) LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC) Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow (PoC) Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow (PoC) Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow (PoC) Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service) Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service) Real player 14.0.2.633 - Buffer Overflow / Denial of Service GOM Media Player 2.1.6.3499 - Buffer Overflow / Denial of Service Real player 14.0.2.633 - Buffer Overflow (Denial of Service) (PoC) GOM Media Player 2.1.6.3499 - Buffer Overflow (Denial of Service) (PoC) BulletProof FTP Client 2010 - Buffer Overflow BulletProof FTP Client 2010 - Buffer Overflow (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC) Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows (PoC) CSF Firewall - Buffer Overflow CSF Firewall - Buffer Overflow (PoC) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) (PoC) Edraw Diagram Component 5 - ActiveX Buffer Overflow Denial of Service Edraw Diagram Component 5 - ActiveX Buffer Overflow (Denial of Service) (PoC) Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow (PoC) Asterisk - 'ast_parse_digest()' Stack Buffer Overflow Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC) GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow (PoC) Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC) Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow Denial of Service Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC) Lattice Diamond Programmer 1.4.2 - Buffer Overflow Lattice Diamond Programmer 1.4.2 - Buffer Overflow (PoC) Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow Denial of Service Ipswitch IMail 5.0 - Imapd Buffer Overflow Denial of Service Ipswitch IMail 5.0 - LDAP Buffer Overflow Denial of Service Ipswitch IMail 5.0 - IMonitor Buffer Overflow Denial of Service Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow Denial of Service Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - Imapd Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - LDAP Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - IMonitor Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow (Denial of Service) (PoC) Netscape Enterprise Server 3.6 - SSL Buffer Overflow Denial of Service Netscape Enterprise Server 3.6 - SSL Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow (PoC) Gene6 G6 FTP Server 2.0 - Buffer Overflow Denial of Service Gene6 G6 FTP Server 2.0 - Buffer Overflow (Denial of Service) (PoC) RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow RedHat Linux 6.x - X Font Server Buffer Overflow (Denial of Service) Computalynx CProxy Server 3.3 SP2 - Buffer Overflow Denial of Service Computalynx CProxy Server 3.3 SP2 - Buffer Overflow (Denial of Service) (PoC) Cerberus FTP Server 1.x - Buffer Overflow Denial of Service Cerberus FTP Server 1.x - Buffer Overflow (Denial of Service) (PoC) Microsoft SQL Server 2000 - SQLXML Buffer Overflow Microsoft SQL Server 2000 - 'SQLXML' Buffer Overflow (PoC) Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC) Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow (PoC) Hotfoon Dialer 4.0 - Buffer Overflow Hotfoon Dialer 4.0 - Buffer Overflow (PoC) IISPop 1.161/1.181 - Remote Buffer Overflow Denial of Service IISPop 1.161/1.181 - Remote Buffer Overflow (Denial of Service) (PoC) Linksys Devices 1.42/1.43 - GET Buffer Overflow Linksys Devices 1.42/1.43 - 'GET' Buffer Overflow (PoC) iCal 3.7 - Remote Buffer Overflow iCal 3.7 - Remote Buffer Overflow (PoC) Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow (PoC) Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow (PoC) Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow (PoC) Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow (PoC) Zoner Photo Studio 15 b3 - Buffer Overflow Zoner Photo Studio 15 b3 - Buffer Overflow (PoC) Novell Netware Enterprise Web Server 5.1/6.0 - CGI2Perl.NLM Buffer Overflow Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC) IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow IBM U2 UniVerse 10.0.0.9 - 'uvrestore' Buffer Overflow (PoC) Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow (PoC) NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC) myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow (PoC) EffectOffice Server 2.6 - Remote Service Buffer Overflow EffectOffice Server 2.6 - Remote Service Buffer Overflow (PoC) Surfboard HTTPd 1.1.9 - Remote Buffer Overflow Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC) 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow (PoC) Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow (PoC) Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow (PoC) Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow (PoC) DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow (PoC) VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC) aGSM 2.35 Half-Life Server - Info Response Buffer Overflow aGSM 2.35 Half-Life Server - Info Response Buffer Overflow (PoC) cURL - Buffer Overflow cURL - Buffer Overflow (PoC) TagScanner 5.1 - Stack Buffer Overflow TagScanner 5.1 - Stack Buffer Overflow (PoC) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow (PoC) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC) QwikMail 0.3 - HELO Command Buffer Overflow QwikMail 0.3 - 'HELO' Buffer Overflow (PoC) NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow (PoC) Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities (PoC) Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow (PoC) AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow (PoC) Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of Service Serva 32 TFTP 2.1.0 - Buffer Overflow (Denial of Service) (PoC) Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow (PoC) Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow (PoC) PlanetDNS PlanetFileServer - Remote Buffer Overflow PlanetDNS PlanetFileServer - Remote Buffer Overflow (PoC) Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC) Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC) LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow (PoC) VbsEdit 5.9.3 - '.smi' Buffer Overflow VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC) Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC) AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow (PoC) DSocks 1.3 - 'Name' Buffer Overflow DSocks 1.3 - 'Name' Buffer Overflow (PoC) IcoFX 2.5.0.0 - '.ico' Buffer Overflow IcoFX 2.5.0.0 - '.ico' Buffer Overflow (PoC) Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow Microsoft Windows XP - 'cmd.exe' Buffer Overflow Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow (PoC) Microsoft Windows XP - 'cmd.exe' Buffer Overflow (PoC) Packeteer PacketShaper 8.0 - Multiple Buffer Overflow Denial of Service Vulnerabilities Packeteer PacketShaper 8.0 - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities Bochs 2.3 - Buffer Overflow / Denial of Service Bochs 2.3 - Buffer Overflow (Denial of Service) (PoC) Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow (PoC) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (1) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (2) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2) T1lib - intT1_Env_GetCompletePath Buffer Overflow T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC) Foxmail Email Client 6.5 - 'mailto' Buffer Overflow Foxmail Email Client 6.5 - 'mailto' Buffer Overflow (PoC) Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow Denial of Service Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow (PoC) Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow (Denial of Service) (PoC) Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow (PoC) Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow (PoC) MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow (PoC) MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow (PoC) Trend Micro OfficeScan - Buffer Overflow / Denial of Service Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC) ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow (PoC) Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow (PoC) Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow (PoC) ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC) A10 Networks ACOS 2.7.0-P2 (build: 53) - Buffer Overflow A10 Networks ACOS 2.7.0-P2 (Build 53) - Buffer Overflow (PoC) Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow (PoC) Jzip - Buffer Overflow (SEH Unicode) (Denial of Service) Jzip - Buffer Overflow (Denial of Service) (SEH Unicode) Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow (PoC) BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow (PoC) Adobe Flash Player 10.0.22 and AIR - URI Parsing Heap Buffer Overflow Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC) Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow (PoC) Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow (PoC) Xerox WorkCentre - PJL Daemon Buffer Overflow Xerox WorkCentre - PJL Daemon Buffer Overflow (PoC) Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow (PoC) Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow (PoC) Mocha W32 LPD 1.9 - Remote Buffer Overflow Mocha W32 LPD 1.9 - Remote Buffer Overflow (PoC) Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC) BulletProof FTP Client 2010 - Buffer Overflow (SEH) BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC) Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC) D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow D-Link WBR-2310 1.0.4 - 'GET' Remote Buffer Overflow (PoC) HTML Help Workshop 1.4 - Buffer Overflow (SEH) HTML Help Workshop 1.4 - Buffer Overflow (SEH) (PoC) Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow (Denial of Service) (PoC) EIP Overwrite TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC) G-WAN 2.10.6 - Buffer Overflow / Denial of Service G-WAN 2.10.6 - Buffer Overflow (Denial of Service) (PoC) Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow Denial of Service Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC) TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC) ZOC SSH Client - Buffer Overflow (SEH) ZOC SSH Client - Buffer Overflow (SEH) (PoC) WebDrive 12.2 (B4172) - Buffer Overflow WebDrive 12.2 (B4172) - Buffer Overflow (PoC) PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC) Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow (PoC) IKEView.exe Fox Beta 1 - Stack Buffer Overflow IKEView.exe R60 - Stack Buffer Overflow IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC) IKEView.exe R60 - Stack Buffer Overflow (PoC) Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow (PoC) Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow (PoC) LanSpy 2.0.0.155 - Buffer Overflow LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow LanSpy 2.0.0.155 - Buffer Overflow (PoC) LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow (PoC) Last PassBroker 3.2.16 - Stack Buffer Overflow (PoC) Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC) TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) TECO TP3-PCLINK 2.1 - '.tpc' File Handling Buffer Overflow TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) (PoC) TECO TP3-PCLINK 2.1 - '.tpc' Handling Buffer Overflow (PoC) TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow (PoC) IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_SetConfFileChunk Stack Buffer Overflow IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_SetConfFileChunk' Stack Buffer Overflow (PoC) IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_GetConfFileChunk' Stack Buffer Overflow (PoC) Advanced Encryption Package Buffer Overflow - Denial of Service Advanced Encryption Package - Buffer Overflow (Denial of Service) (PoC) InfraRecorder - '.m3u' File Buffer Overflow InfraRecorder - '.m3u' File Buffer Overflow (PoC) Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution (PoC) Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow yTree 1.94-1.1 - Local Buffer Overflow Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC) yTree 1.94-1.1 - Local Buffer Overflow (PoC) NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow (PoC) CyberCop Scanner Smbgrind 5.5 - Buffer Overflow CyberCop Scanner Smbgrind 5.5 - Buffer Overflow (PoC) STIMS Buffer 1.1.20 - Buffer Overflow (SEH) (Denial of Service) STIMS Cutter 1.1.3.20 - Buffer Overflow Denial of Service STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC) STIMS Cutter 1.1.3.20 - Buffer Overflow (Denial of Service) (PoC) 4digits 1.1.4 - Local Buffer Overflow 4digits 1.1.4 - Local Buffer Overflow (PoC) Websockify (C Implementation) 0.8.0 - Buffer Overflow Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC) Google Android - '/system/bin/sdcard' Stack Buffer Overflow Google Android - '/system/bin/sdcard' Stack Buffer Overflow (PoC) Oracle Orakill.exe 11.2.0 - Buffer Overflow Oracle Orakill.exe 11.2.0 - Buffer Overflow (PoC) Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow (PoC) Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow Core FTP LE 2.2 - Path Field Local Buffer Overflow Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow (PoC) Core FTP LE 2.2 - Path Field Local Buffer Overflow (PoC) Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC) ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow ConQuest DICOM Server 1.4.17d - Stack Buffer (PoC) QNAP NVR/NAS - Buffer Overflow QNAP NVR/NAS - Buffer Overflow (PoC) Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow CDex 1.96 - Buffer Overflow Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC) CDex 1.96 - Buffer Overflow (PoC) Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC) D3DGear 5.00 Build 2175 - Buffer Overflow D3DGear 5.00 Build 2175 - Buffer Overflow (PoC) VX Search Enterprise 10.1.12 - Denial of Service Disk Pulse Enterprise 10.1.18 - Denial of Service Sync Breeze Enterprise 10.1.16 - Denial of Service DiskBoss Enterprise 8.5.12 - Denial of Service BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC) APNGDis 2.8 - 'filename' Stack Buffer Overflow APNGDis 2.8 - 'filename' Stack Buffer Overflow (PoC) wifirxpower - Local Buffer Overflow wifirxpower - Local Buffer Overflow (PoC) pinfo 0.6.9 - Local Buffer Overflow Dmitry 1.3a - Local Buffer Overflow pinfo 0.6.9 - Local Buffer Overflow (PoC) Dmitry 1.3a - Local Buffer Overflow (PoC) Mapscrn 2.03 - Local Buffer Overflow Mapscrn 2.03 - Local Buffer Overflow (PoC) Stunnel 3.24/4.00 - Daemon Hijacking (PoC) Stunnel 3.24/4.00 - Daemon Hijacking Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (PoC) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (2) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator WinZip - MIME Parsing Overflow (PoC) WinZip - MIME Parsing Overflow glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow (PoC) GNU Sharutils 4.2.1 - Local Format String (PoC) glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow GNU Sharutils 4.2.1 - Local Format String GD Graphics Library - Local Heap Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) GD Graphics Library - Local Heap Overflow libxml 2.6.12 nanoftp - Buffer Overflow WinRAR 3.4.1 - Corrupt '.ZIP' File (PoC) WinRAR 3.4.1 - Corrupt '.ZIP' File Exim 4.41 - 'dns_build_reverse' Local (PoC) Exim 4.41 - 'dns_build_reverse' Local tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow (PoC) Microsoft Windows - NtClose DeadLock (PoC) (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (PoC) (MS06-030) tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow Microsoft Windows - NtClose DeadLock (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030) Microsoft Word 2000/2003 - Hlink Local Buffer Overflow (PoC) Microsoft Word 2000/2003 - Hlink Local Buffer Overflow Cheese Tracker 0.9.9 - Local Buffer Overflow (PoC) Cheese Tracker 0.9.9 - Local Buffer Overflow PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC) PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow (PoC) BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST (PoC) Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC) PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC) PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC) PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation (PoC) Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak (PoC) WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak Kodak Image Viewer - TIF/TIFF Code Execution (PoC) (MS07-055) Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055) Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow (PoC) Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow (PoC) Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC) DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak XnView 1.93.6 - '.taac' Local Buffer Overflow (PoC) XnView 1.93.6 - '.taac' Local Buffer Overflow OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow (PoC) Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution (PoC) OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution Microsoft Windows Server 2003 - Token Kidnapping Local (PoC) Microsoft Windows Server 2003 - Token Kidnapping Local Debian - Symlink In Login Arbitrary File Ownership (PoC) Debian - Symlink In Login Arbitrary File Ownership Trend Micro Internet Security Pro 2009 - Priviliege Escalation (PoC) Trend Micro Internet Security Pro 2009 - Priviliege Escalation Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (PoC) (SEH) Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH) Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure (PoC) Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow (PoC) Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow GPG2/Kleopatra 2.0.11 - Malformed Certificate (PoC) GPG2/Kleopatra 2.0.11 - Malformed Certificate Alleycode 2.21 - Local Overflow (SEH) (PoC) Alleycode 2.21 - Local Overflow (SEH) GPG4Win GNU - Privacy Assistant (PoC) GPG4Win GNU - Privacy Assistant VMware Fusion 2.0.5 - vmx86 kext Local (PoC) VMware Fusion 2.0.5 - vmx86 kext Local Mozilla Codesighs - Memory Corruption (PoC) Mozilla Codesighs - Memory Corruption Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow LDAP - Injection (PoC) LDAP - Injection QuickZip 4.x - '.zip' Local Universal Buffer Overflow (PoC) QuickZip 4.x - '.zip' Local Universal Buffer Overflow ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow (PoC) Crimson Editor r3.70 - Overwrite (SEH) (PoC) Kenward Zipper 1.4 - Local Stack Buffer Overflow (PoC) ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow Crimson Editor r3.70 - Overwrite (SEH) Kenward Zipper 1.4 - Local Stack Buffer Overflow Stud_PE 2.6.05 - Local Stack Overflow (PoC) Stud_PE 2.6.05 - Local Stack Overflow Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow (PoC) Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow (PoC) Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow PhotoFiltre Studio X - '.tif' Local Buffer Overflow (PoC) Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow (PoC) PhotoFiltre Studio X - '.tif' Local Buffer Overflow Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow (PoC) Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) Audio Converter 8.1 - Local Stack Buffer Overflow Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) ROP/WPM SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC) Audio Converter 8.1 - Local Stack Buffer Overflow ROP/WPM SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (PoC) (ASLR + DEP Bypass) BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (ASLR + DEP Bypass) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow (PoC) Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow PHP 5.3.6 - Local Buffer Overflow (ROP) (PoC) PHP 5.3.6 - Local Buffer Overflow (ROP) Xorg 1.4 < 1.11.2 - File Permission Change (PoC) Xorg 1.4 < 1.11.2 - File Permission Change Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 - LSA Secrets Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC) Linux Kernel 2.2.x - 'sysctl()' Memory Reading Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) (PoC) Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation HT Editor 2.0.20 - Local Buffer Overflow (ROP) (PoC) HT Editor 2.0.20 - Local Buffer Overflow (ROP) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read (PoC) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read Linux Kernel 2.6 - Console Keymap Local Command Injection (PoC) Linux Kernel 2.6 - Console Keymap Local Command Injection ACE Stream Media 2.1 - 'acestream://' Format String (PoC) ACE Stream Media 2.1 - 'acestream://' Format String Linux Kernel 3.13 - SGID Privilege Escalation (PoC) Linux Kernel 3.13 - SGID Privilege Escalation Comodo Internet Security - HIPS/Sandbox Escape (PoC) Comodo Internet Security - HIPS/Sandbox Escape Palringo 2.8.1 - Local Stack Buffer Overflow (PoC) Palringo 2.8.1 - Local Stack Buffer Overflow Linux Kernel (x86-64) - Rowhammer Privilege Escalation (PoC) Rowhammer - NaCl Sandbox Escape (PoC) Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation (PoC) Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (MS15-052) Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) Linux (x86) - Memory Sinkhole Privilege Escalation Core FTP Server 1.2 - Local Buffer Overflow (PoC) Core FTP Server 1.2 - Local Buffer Overflow Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051) Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method) GNU Screen 4.5.0 - Local Privilege Escalation (PoC) GNU Screen 4.5.0 - Local Privilege Escalation Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation (PoC) Man-db 2.6.7.1 - Local Privilege Escalation Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation (PoC) Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC) TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change Multiple CPUs - 'Spectre' Information Disclosure (PoC) Multiple CPUs - 'Spectre' Information Disclosure Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation glibc ld.so - Memory Leak / Buffer Overflow GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow Microsoft IIS 5.0 - WebDAV Remote (PoC) Microsoft IIS 5.0 - WebDAV Remote Microsoft Windows Server 2000 - RSVP Server Authority Hijacking (PoC) Microsoft Windows Server 2000 - RSVP Server Authority Hijacking ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow (4) Titan FTP Server - Long Command Heap Overflow (PoC) Titan FTP Server - Long Command Heap Overflow SLX Server 6.1 - Arbitrary File Creation (PoC) SLX Server 6.1 - Arbitrary File Creation zgv 5.5 - Multiple Arbitrary Code Executions (PoC) zgv 5.5 - Multiple Arbitrary Code Executions Microsoft Internet Explorer - Remote Code Execution (PoC) Microsoft Internet Explorer - Remote Code Execution Exim 4.43 - 'auth_spa_server()' Remote (PoC) Exim 4.43 - 'auth_spa_server()' Remote Microsoft Windows - DTC Remote (PoC) (MS05-051) (2) Microsoft Windows - DTC Remote (MS05-051) (2) Watchfire AppScan QA 5.0.x - Remote Code Execution (PoC) Watchfire AppScan QA 5.0.x - Remote Code Execution KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (MS06-005) (2) RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow (PoC) RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow (PoC) AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution (PoC) Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution Easy File Sharing FTP Server 2.0 - 'PASS' Remote (PoC) Easy File Sharing FTP Server 2.0 - 'PASS' Remote BulletProof FTP Client 2.45 - Remote Buffer Overflow (PoC) BulletProof FTP Client 2.45 - Remote Buffer Overflow Intel Centrino ipw2200BG - Wireless Driver Remote Overflow (PoC) Intel Centrino ipw2200BG - Wireless Driver Remote Overflow WebMod 0.48 - Content-Length Remote Buffer Overflow (PoC) WebMod 0.48 - Content-Length Remote Buffer Overflow OpenBSD - ICMPv6 Fragment Remote Execution (PoC) OpenBSD - ICMPv6 Fragment Remote Execution Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027) Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027) Apple Safari 3 for Windows Beta - Remote Command Execution (PoC) Apple Safari 3 for Windows Beta - Remote Command Execution Flash Player/Plugin Video - File Parsing Remote Code Execution (PoC) Flash Player/Plugin Video - File Parsing Remote Code Execution Apple QuickTime (Multiple Browsers) - Command Execution (PoC) Apple QuickTime (Multiple Browsers) - Command Execution Apple QuickTime /w IE .qtl Version XAS - Remote (PoC) Apple QuickTime /w IE .qtl Version XAS - Remote QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod (PoC) ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method (PoC) HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting (PoC) Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal MicroTik RouterOS 3.13 - SNMP write (Set request) (PoC) MicroTik RouterOS 3.13 - SNMP write (Set request) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution (PoC) Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution Opera 9.61 - 'opera:historysearch' Code Execution (PoC) Opera 9.61 - 'opera:historysearch' Code Execution Chilkat Crypt - ActiveX Arbitrary File Creation/Execution (PoC) Chilkat Crypt - ActiveX Arbitrary File Creation/Execution Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069) Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069) Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection (PoC) Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption (PoC) GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002) Zervit Web Server 0.4 - Directory Traversal / Memory Corruption (PoC) Zervit Web Server 0.4 - Directory Traversal / Memory Corruption Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2) Apple Mac OSX - Java applet Remote Deserialization Remote (2) VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow (PoC) VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) (MS09-054) Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054) Pegasus Mail Client 4.51 - Remote Buffer Overflow (PoC) Pegasus Mail Client 4.51 - Remote Buffer Overflow TLS - Renegotiation (PoC) TLS - Renegotiation Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC) Trend Micro Web-Deployment - ActiveX Remote Execution (PoC) Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution Trend Micro Web-Deployment - ActiveX Remote Execution MX Simulator Server - Remote Buffer Overflow (PoC) MX Simulator Server - Remote Buffer Overflow Apache OFBiz - Remote Execution (via SQL Execution) (PoC) Apache OFBiz - Admin Creator (PoC) Apache OFBiz - Remote Execution (via SQL Execution) Apache OFBiz - Admin Creator Adobe Flash / Reader - Live Malware (PoC) Adobe Flash / Reader - Live Malware Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow (PoC) Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow KingView 6.5.3 - SCADA HMI Heap Overflow (PoC) KingView 6.5.3 - SCADA HMI Heap Overflow Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002) Microsoft Data Access Components - Remote Overflow (MS11-002) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution Solar FTP Server 2.1.1 - PASV Buffer Overflow (PoC) Solar FTP Server 2.1.1 - PASV Buffer Overflow Apache mod_proxy - Reverse Proxy Exposure (PoC) Apache mod_proxy - Reverse Proxy Exposure Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite (PoC) Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC) Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution (PoC) Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution OpenVAS Manager 4.0 - Authentication Bypass (PoC) OpenVAS Manager 4.0 - Authentication Bypass w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution (PoC) w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution Legend Perl IRC Bot - Remote Code Execution (PoC) Legend Perl IRC Bot - Remote Code Execution dhclient 4.1 - Bash Environment Variable Command Injection (PoC) (Shellshock) dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow (PoC) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow Endian Firewall < 3.0.0 - OS Command Injection (Python) (PoC) Endian Firewall < 3.0.0 - OS Command Injection (Python) Fortigate OS 4.x < 5.0.7 - SSH Backdoor Access OpenSSHd 7.2p2 - Username Enumeration (PoC) OpenSSHd 7.2p2 - Username Enumeration Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution Intel Active Management Technology - System Privileges Xplico - Remote Code Execution (Metasploit) Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution S9Y Serendipity 0.7-beta1 - SQL Injection (PoC) S9Y Serendipity 0.7-beta1 - SQL Injection AWStats 5.7 < 6.2 - Multiple Remote (PoC) AWStats 5.7 < 6.2 - Multiple Remote WoltLab Burning Book 1.1.2 - SQL Injection (PoC) WoltLab Burning Book 1.1.2 - SQL Injection Invision Power Board 2.1.7 - ACTIVE Cross-Site Scripting / SQL Injection Invision Power Board (IP.Board) 2.1.7 - 'ACTIVE' Cross-Site Scripting / SQL Injection EQdkp 1.3.2f - 'user_id' Authentication Bypass (PoC) EQdkp 1.3.2f - 'user_id' Authentication Bypass Invision Power Board 2.3.5 - Multiple Vulnerabilities (2) Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2) FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC) FOSS Gallery Public 1.0 - Arbitrary File Upload Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC) Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation (PoC) Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation Invision Power Board 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure Invision Power Board (IP.Board) 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption (PoC) Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption IPB (nv2) Awards < 1.1.0 - SQL Injection (PoC) IPB (nv2) Awards < 1.1.0 - SQL Injection X-Cart Pro 4.0.13 - SQL Injection (PoC) X-Cart Pro 4.0.13 - SQL Injection Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute (PoC) Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute IPB 3.0.1 - SQL Injection Invision Power Board 3.0.1 - SQL Injection WebsiteBaker 2.8.1 - Cross-Site Request Forgery (PoC) WebsiteBaker 2.8.1 - Cross-Site Request Forgery BS Auto Classifieds - 'info.php' SQL Injection (PoC) BS Business Directory - 'articlesdetails.php' SQL Injection (PoC) BS Classifieds Ads - 'articlesdetails.php' SQL Injection (PoC) BS Events Directory - 'articlesdetails.php' SQL Injection (PoC) BS Auto Classifieds - 'info.php' SQL Injection BS Business Directory - 'articlesdetails.php' SQL Injection BS Classifieds Ads - 'articlesdetails.php' SQL Injection BS Events Directory - 'articlesdetails.php' SQL Injection BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC) BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) (PoC) Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) SWAT Samba Web Administration Tool - Cross-Site Request Forgery (PoC) SWAT Samba Web Administration Tool - Cross-Site Request Forgery Plone and Zope - Remote Command Execution (PoC) Plone and Zope - Remote Command Execution Invision Power Board 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting Invision Power Board (IP.Board) 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting Invision Power Board 1.x - 'index.php' showtopic Cross-Site Scripting Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.3 - 'Pop' Cross-Site Scripting Invision Power Board (IP.Board) 1.3 - 'Pop' Cross-Site Scripting Invision Power Board 1.3 - 'SSI.php' Cross-Site Scripting Invision Power Board (IP.Board) 1.3 - 'SSI.php' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.x/2.0.3 - SML Code Script Injection Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 2.0.3/2.1 - 'Act' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.3/2.1 - 'Act' Cross-Site Scripting Invision Power Board 1.0.3 - Attached File Cross-Site Scripting Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting Invision Power Services Invision Board 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Invision Power Services Invision Board 2.0.4 - 'index.php?st' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - 'index.php?st' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Services Invision Board 2.0.4 - Print Action 't' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Mail Action 'MID' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Help Action 'HID' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Print Action 't' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Mail Action 'MID' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Help Action 'HID' Cross-Site Scripting Invision Power Board 1.x/2.x - Multiple SQL Injections Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections Invision Power Board 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities Invision Power Board 3.0.3 - '.txt' MIME-Type Cross-Site Scripting Invision Power Board (IP.Board) 3.0.3 - '.txt' MIME-Type Cross-Site Scripting IP Board 3.x - Cross-Site Request Forgery / Token Hjiacking Invision Power Board (IP.Board) 3.x - Cross-Site Request Forgery / Token Hjiacking Invision Power Board 4.2.1 - 'searchText' Cross-Site Scripting Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting TOTOLINK Routers - Backdoor / Remote Code Execution (PoC) TOTOLINK Routers - Backdoor / Remote Code Execution IP.Board 4.x - Persistent Cross-Site Scripting Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting IP.Board 4.1.4.x - Persistent Cross-Site Scripting Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting NETGEAR R7000 - Command Injection (PoC) NETGEAR R7000 - Command Injection WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration Photos in Wifi 1.0.1 - Path Traversal SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities FiberHome LM53Q1 - Multiple Vulnerabilities WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload Vanilla < 2.1.5 - Cross-Site Request Forgery Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE (PoC) Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC) Joomla! 3.7.0 - 'com_fields' SQL Injection Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) Apache Struts 2.3.x Showcase - Remote Code Execution AIX - execve /bin/sh Shellcode (88 bytes) Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)	2018-01-09 05:02:30 +00:00
Offensive Security	b768a6ef6c	DB: 2018-01-05 5 changes to exploits/shellcodes Multiple CPUs - 'Spectre' Information Disclosure (PoC) Iopsys Router - 'dhcp' Remote Code Execution Linksys WVBR0-25 - User-Agent Command Execution (Metasploit) Xplico - Remote Code Execution (Metasploit)	2018-01-05 05:02:22 +00:00
Offensive Security	3eec0e4999	DB: 2018-01-04 4 changes to exploits/shellcodes Kingsoft Antivirus/Internet Security 9+ - Privilege Escalation WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection	2018-01-04 05:02:14 +00:00
Offensive Security	c03d2a3ba2	DB: 2018-01-03 3 changes to exploits/shellcodes Acoustica Audio Converter Pro 1.1 (build 25) - Local Heap Overflow (.mp3 / .wav / .ogg / .wma) (PoC) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC) Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP) AWStats 5.7 < 6.2 - Multiple Remote s (PoC) AWStats 5.7 < 6.2 - Multiple Remote (PoC) Auto Dealer - SQL Injection (PoC) Auto Dealer - SQL Injection Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Windows (2000/XP/7 x64/x86) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode	2018-01-03 05:02:14 +00:00
Offensive Security	b91055c9da	DB: 2017-12-27 8 changes to exploits/shellcodes GetGo Download Manager 5.3.0.2712 - Buffer Overflow Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation COMTREND ADSL Router CT-5367 - Remote Code Execution Joomla! Component JEXTN FAQ Pro 4.0.0 - 'id' SQL Injection Biometric Shift Employee Management System 3.0 - Local File Disclosure Sendroid < 6.5.0 - SQL Injection SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Cells Blog 3.5 - 'bgid' / 'fmid' / 'fnid' SQL Injection	2017-12-27 05:02:31 +00:00
Offensive Security	f93f05e46f	DB: 2017-12-20 12 changes to exploits/shellcodes Microsoft Windows - 'jscript!NameTbl::GetValDef' Use-After-Free Microsoft Internet Explorer 11 - 'jscript!JSONStringifyObject' Use-After-Free Microsoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE or Local Network via WPAD Microsoft Windows - jscript.dll 'Array.sort' Heap Overflow Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable Microsoft Windows - 'jscript!RegExpFncObj::LastParen' Out-of-Bounds Read Intel Content Protection HECI Service - Type Confusion Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC) Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit) Jenkins - XStream Groovy classpath Deserialization (Metasploit) BrightSign Digital Signage - Multiple Vulnerablities Joomla! Component NextGen Editor 2.1.0 - 'plname' SQL Injection	2017-12-20 05:02:22 +00:00
Offensive Security	a24ecf72c3	DB: 2017-12-01 82 changes to exploits/shellcodes 32 new exploits/shellcodes Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC) CA BrightStor HSM r11.5 - Remote Stack Based Overflow / Denial of Service CA BrightStor HSM r11.5 - Remote Stack Overflow / Denial of Service Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC) Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC) Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow FontForge - '.BDF' Font File Stack Based Buffer Overflow FontForge - '.BDF' Font File Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC) Libmodplug 0.8.8.2 - '.abc' Stack Buffer Overflow (PoC) Citrix XenApp / XenDesktop - Stack Based Buffer Overflow Citrix XenApp / XenDesktop - Stack Buffer Overflow Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC) Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC) IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow Oracle Outside-In - '.LWP' File Parsing Stack Buffer Overflow mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC) mcrypt 2.6.8 - Stack Buffer Overflow (PoC) MySQL (Linux) - Stack Based Buffer Overrun (PoC) MySQL (Linux) - Heap Based Overrun (PoC) MySQL (Linux) - Stack Buffer Overrun (PoC) MySQL (Linux) - Heap Overrun (PoC) Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (1) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow Winamp 5.63 - Stack Based Buffer Overflow Winamp 5.63 - Stack Buffer Overflow Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap-Based Buffer Overflow (MS14-056) Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap Buffer Overflow (MS14-056) MPlayer 1.0 - AVIHeader.C Heap Based Buffer Overflow MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Based Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow Google Android Web Browser - '.GIF' File Heap Buffer Overflow Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC) Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow OpenVms 8.3 Finger Service - Stack Based Buffer Overflow OpenVms 8.3 Finger Service - Stack Buffer Overflow Free Download Manager - Stack Based Buffer Overflow Free Download Manager - Stack Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Valhala Honeypot 1.8 - Stack Based Buffer Overflow Valhala Honeypot 1.8 - Stack Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Based Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Based Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Based Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read FBZX 2.10 - Local Stack Based Buffer Overflow TACK 1.07 - Local Stack Based Buffer Overflow FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read FBZX 2.10 - Local Stack Buffer Overflow TACK 1.07 - Local Stack Buffer Overflow Gnome Nautilus 3.16 - Denial of Service Wireshark - iseries_parse_packet Heap Based Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow Wireshark - iseries_parse_packet Heap Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Buffer Overflow Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow Wireshark - find_signature Stack Based Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow Wireshark - getRate Stack Based Out-of-Bounds Read Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow Wireshark - find_signature Stack Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Buffer Overflow Wireshark - getRate Stack Out-of-Bounds Read Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1) Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1) pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read pdfium - CPDF_Function::Call Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Buffer Overflow Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC) glibc - 'getaddrinfo' Stack Buffer Overflow (PoC) Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow libxml2 - xmlDictAddString Heap Based Buffer Overread libxml2 - xmlParseEndTag2 Heap Based Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread libxml2 - htmlCurrentChar Heap Based Buffer Overread Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow libxml2 - xmlDictAddString Heap Buffer Overread libxml2 - xmlParseEndTag2 Heap Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread libxml2 - htmlCurrentChar Heap Buffer Overread Kamailio 4.3.4 - Heap Based Buffer Overflow Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read Kamailio 4.3.4 - Heap Buffer Overflow Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2) Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2) Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow Graphite2 - GlyphCache::Loader Heap Based Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow Graphite2 - GlyphCache::Loader Heap Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097) Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) SAP SAPCAR 721.510 - Heap-Based Buffer Overflow SAP SAPCAR 721.510 - Heap Buffer Overflow Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow OpenJPEG - 'mqc.c' Heap Buffer Overflow tcprewrite - Heap-Based Buffer Overflow tcprewrite - Heap Buffer Overflow Dnsmasq < 2.78 - 2-byte Heap-Based Overflow Dnsmasq < 2.78 - Heap-Based Overflow Dnsmasq < 2.78 - Stack-Based Overflow Dnsmasq < 2.78 - 2-byte Heap Overflow Dnsmasq < 2.78 - Heap Overflow Dnsmasq < 2.78 - Stack Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow PHP 7.1.8 - Heap-Based Buffer Overflow PHP 7.1.8 - Heap Buffer Overflow QEMU - NBD Server Long Export Name Stack Buffer Overflow Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page TerminatorX 3.81 - Local Stack Overflow / Privilege Escalation TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Local Privilege Escalation AIX lquerylv - Local Buffer Overflow / Privilege Escalation AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Local Privilege Escalation libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Privilege Escalation Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation Gopher 3.0.9 - '+VIEWS' Remote Client-Side Buffer Overflow Gopher 3.0.9 - '+VIEWS' Client-Side Buffer Overflow XMail 1.21 - '-t' Command Line Option Buffer Overflow / Privilege Escalation XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation Microsoft Excel - Remote Code Execution Microsoft Excel - Code Execution HP-UX 11i - 'swpackage' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation News Rover 12.1 Rev 1 - Remote Stack Overflow (1) News Rover 12.1 Rev 1 - Stack Overflow (1) News Rover 12.1 Rev 1 - Remote Stack Overflow (2) News Rover 12.1 Rev 1 - Stack Overflow (2) FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit) MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Buffer Overflows Libmodplug - 's3m' Remote Buffer Overflow Libmodplug - 's3m' Buffer Overflow Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin) Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) Microsoft Visio 2002 - '.DXF' File Stack based Overflow Microsoft Visio 2002 - '.DXF' Local Stack Overflow AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit) AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit) Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Local Privilege Escalation BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3) S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Local Privilege Escalation Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation Internet Download Manager - Stack Based Buffer Overflow Internet Download Manager - Local Stack Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow / Privilege Escalation AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation mcrypt 2.5.8 - Stack Based Overflow mcrypt 2.5.8 - Local Stack Overflow Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow / Privilege Escalation (MS04-020) Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation (1) Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1) Winamp 5.12 - '.m3u' Stack Based Buffer Overflow Winamp 5.12 - '.m3u' Local Stack Buffer Overflow RealNetworks RealOne Player/RealPlayer - '.RM' Local Stack Buffer Overflow KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow Super Player 3500 - '.m3u' Local Stack Based Buffer Overflow Super Player 3500 - '.m3u' Local Stack Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Based Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Based Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Local Privilege Escalation BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Privilege Escalation Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow Sim Editor 6.6 - Stack Based Buffer Overflow Sim Editor 6.6 - Local Stack Buffer Overflow Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022) Microsoft Word - Local Machine Zone Code Execution (MS15-022) Symantec Encryption Desktop 10 - Local Buffer Overflow / Privilege Escalation Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (2) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2) Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042) TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow NRSS Reader 0.3.9 - Local Stack Based Overflow NRSS Reader 0.3.9 - Local Stack Overflow Linux - ecryptfs and /proc/$pid/environ Privilege Escalation Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099) Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099) NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow Callback / Privilege Escalation NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout) Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit) PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution PDF-XChange Viewer 2.5 Build 314.0 - Code Execution Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (2) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2) UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation macOS High Sierra - Root Privilege Escalation (Metasploit) lftp 2.6.9 - Remote Stack based Overflow lftp 2.6.9 - Remote Stack Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack/SEH Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack Overflow (SEH) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit) Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit) Citrix Gateway - ActiveX Control Stack Based Buffer Overflow (Metasploit) Citrix Gateway - ActiveX Control Stack Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack Buffer Overflow (Metasploit) Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (3) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (2) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities RealNetworks RealOne Player/RealPlayer - '.RM' File Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Buffer Overflow Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow Vim - 'mch_expand_wildcards()' Heap Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Based Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Based Buffer Overflow Stub TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub glibc - 'getaddrinfo' Stack Based Buffer Overflow glibc - 'getaddrinfo' Remote Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal R2/Extreme 1.65 - Stack Buffer Overflow / Directory Traversal Alligra Calligra - Heap Based Buffer Overflow Alligra Calligra - Heap Buffer Overflow Aloaha PDF Suite - Stack Based Buffer Overflow Aloaha PDF Suite - Remote Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit) ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit) pfSense - Authenticated Group Member Remote Command Execution (Metasploit) Almnzm - 'COOKIE: customer' SQL Injection Tutorialms 1.4 (show) - SQL Injection Tutorialms 1.4 - 'show' SQL Injection osCommerce 2.3.4.1 - Arbitrary File Upload Knowledge Base Enterprise Edition 4.62.00 - SQL Injection Knowledge Base Enterprise Edition 4.62.0 - SQL Injection WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload phpDolphin 2.0.5 - Multiple Vulnerabilities OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities AbanteCart 1.2.7 - Cross-Site Scripting MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection Synology StorageManager 5.2 - Remote Root Command Execution Synology StorageManager 5.2 - Root Remote Command Execution WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal	2017-12-01 10:57:46 +00:00
Offensive Security	f52bbcb598	DB: 2017-11-28 15 new exploits	2017-11-28 19:14:29 +00:00
Offensive Security	c62b253bde	DB: 2017-11-26 2 new exploits ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)	2017-11-26 05:02:31 +00:00

... 7 8 9 10 11

501 commits