1237 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Offensive Security
|
a7ddd8282b |
DB: 2018-01-11
28 changes to exploits/shellcodes Multiple CPUs - Information Leak Using Speculative Execution Microsoft Edge Chakra JIT - 'Lowerer::LowerSetConcatStrMultiItem' Missing Integer Overflow Check Jungo Windriver 12.5.1 - Privilege Escalation DiskBoss Enterprise 8.8.16 - Buffer Overflow HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit) HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit) Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit) Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure Muviko 1.1 - SQL Injection WordPress Plugin Events Calendar - 'event_id' SQL Injection WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery / Privilege Escalation WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind TCP Shell (31337/TCP) Shellcode (94 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd | mail [email] Shellcode (92 bytes) BSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes) BSD/x86 - execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes) FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes) FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes) Linux/x86 - execve /bin/dash Shellcode (30 bytes) Alpha - /bin/sh Shellcode (80 bytes) Alpha - execve() Shellcode (112 bytes) Alpha - setuid() Shellcode (156 bytes) BSD/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh_) Shellcode (36 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes) |
||
|
Offensive Security
|
ffa8e63e25 |
DB: 2018-01-10
10 changes to exploits/shellcodes Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined JavaScript Functions Microsoft Edge Chakra JIT - BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert Branches Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read Microsoft Windows - 'nt!NtQuerySystemInformation (information class 138_ QueryMemoryTopologyInformation)' Kernel Pool Memory Disclosure Android - Inter-Process munmap due to Race Condition in ashmem Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76_ QueryProcessEnergyValues)' Kernel Stack Memory Disclosure Microsoft Edge Chakra JIT - Escape Analysis Bug Microsoft Windows - Local XPS Print Spooler Sandbox Escape Commvault Communications Service (cvd) - Command Injection (Metasploit) osCommerce 2.2 - SQL Injection |
||
|
Offensive Security
|
2d8b561a5d |
DB: 2018-01-09
26 changes to exploits/shellcodes Need for Speed 2 - Remote Client Buffer Overflow Need for Speed 2 - Remote Client Buffer Overflow (PoC) Red Faction 1.20 - Server Reply Remote Buffer Overflow Red Faction 1.20 - Server Reply Remote Buffer Overflow (PoC) Medal of Honor - Remote Buffer Overflow Medal of Honor - Remote Buffer Overflow (PoC) Monolith Games - Local Buffer Overflow Monolith Games - Local Buffer Overflow (PoC) BaSoMail - Multiple Buffer Overflow Denial of Service Vulnerabilities BaSoMail - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities Orbz Game 2.10 - Remote Buffer Overflow Orbz Game 2.10 - Remote Buffer Overflow (PoC) Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow (PoC) KNet Web Server 1.04c - Buffer Overflow Denial of Service KNet Web Server 1.04c - Buffer Overflow (Denial of Service) (PoC) ProRat Server 1.9 (Fix-2) - Buffer Overflow Crash ProRat Server 1.9 (Fix-2) - Buffer Overflow / Crash (PoC) Mozilla Products - 'Host:' Buffer Overflow Denial of Service String Mozilla Products - 'Host:' Buffer Overflow (Denial of Service) (PoC) String Virtools Web Player 3.0.0.100 - Buffer Overflow Denial of Service Virtools Web Player 3.0.0.100 - Buffer Overflow (Denial of Service) (PoC) FlatFrag 0.3 - Buffer Overflow / Denial of Service FlatFrag 0.3 - Buffer Overflow (Denial of Service) (PoC) zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC) TinyFTPD 1.4 - 'USER' Remote Buffer Overflow Denial of Service TinyFTPD 1.4 - 'USER' Remote Buffer Overflow (Denial of Service) (PoC) Genecys 0.2 - Buffer Overflow / NULL pointer Denial of Service Genecys 0.2 - Buffer Overflow / NULL Pointer (Denial of Service) PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow Denial of Service PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC) FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow Denial of Service FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow (Denial of Service) (PoC) Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow Denial of Service Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC) TFTP Server 1.3 - Remote Buffer Overflow Denial of Service TFTP Server 1.3 - Remote Buffer Overflow (Denial of Service) (PoC) LeadTools Raster - Dialog File_D Object Remote Buffer Overflow LeadTools Raster - Dialog File_D Object Remote Buffer Overflow (PoC) LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow (PoC) Xserver 0.1 Alpha - POST Remote Buffer Overflow Xserver 0.1 Alpha - 'POST' Remote Buffer Overflow (PoC) Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC) Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow / Denial of Service Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC) Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow Denial of Service Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC) Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) (PoC) Printoxx - Local Buffer Overflow Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC) Printoxx - Local Buffer Overflow (PoC) Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC) Apollo Player 37.0.0.0 - '.aap' Buffer Overflow Denial of Service Apollo Player 37.0.0.0 - '.aap' Buffer Overflow (Denial of Service) (PoC) Switch Sound File Converter - '.mpga' Buffer Overflow Denial of Service Switch Sound File Converter - '.mpga' Buffer Overflow (Denial of Service) (PoC) Wireshark 1.2.5 - LWRES getaddrbyname Stack Buffer Overflow Xerox Workcenter 4150 - Remote Buffer Overflow Wireshark 1.2.5 - 'LWRES getaddrbyname' Stack Buffer Overflow (PoC) Xerox Workcenter 4150 - Remote Buffer Overflow (PoC) iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service iPhone / iTouch FtpDisc 1.0 - Buffer Overflow (Denial of Service) (PoC) Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow (PoC) Mocha LPD 1.9 - Remote Buffer Overflow Denial of Service (PoC) FontForge - '.BDF' Font File Stack Buffer Overflow Mocha LPD 1.9 - Remote Buffer Overflow (Denial of Service) (PoC) FontForge - '.BDF' Font File Stack Buffer Overflow (PoC) Multiple Vendor AgentX++ - Stack Buffer Overflow Multiple Vendor AgentX++ - Stack Buffer Overflow (PoC) Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow (PoC) Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow (PoC) FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow (PoC) LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC) Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow (PoC) Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow (PoC) Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow (PoC) Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service) Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service) Real player 14.0.2.633 - Buffer Overflow / Denial of Service GOM Media Player 2.1.6.3499 - Buffer Overflow / Denial of Service Real player 14.0.2.633 - Buffer Overflow (Denial of Service) (PoC) GOM Media Player 2.1.6.3499 - Buffer Overflow (Denial of Service) (PoC) BulletProof FTP Client 2010 - Buffer Overflow BulletProof FTP Client 2010 - Buffer Overflow (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC) Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows (PoC) CSF Firewall - Buffer Overflow CSF Firewall - Buffer Overflow (PoC) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) (PoC) Edraw Diagram Component 5 - ActiveX Buffer Overflow Denial of Service Edraw Diagram Component 5 - ActiveX Buffer Overflow (Denial of Service) (PoC) Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow (PoC) Asterisk - 'ast_parse_digest()' Stack Buffer Overflow Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC) GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow (PoC) Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC) Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow Denial of Service Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC) Lattice Diamond Programmer 1.4.2 - Buffer Overflow Lattice Diamond Programmer 1.4.2 - Buffer Overflow (PoC) Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow Denial of Service Ipswitch IMail 5.0 - Imapd Buffer Overflow Denial of Service Ipswitch IMail 5.0 - LDAP Buffer Overflow Denial of Service Ipswitch IMail 5.0 - IMonitor Buffer Overflow Denial of Service Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow Denial of Service Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - Imapd Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - LDAP Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - IMonitor Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow (Denial of Service) (PoC) Netscape Enterprise Server 3.6 - SSL Buffer Overflow Denial of Service Netscape Enterprise Server 3.6 - SSL Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow (PoC) Gene6 G6 FTP Server 2.0 - Buffer Overflow Denial of Service Gene6 G6 FTP Server 2.0 - Buffer Overflow (Denial of Service) (PoC) RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow RedHat Linux 6.x - X Font Server Buffer Overflow (Denial of Service) Computalynx CProxy Server 3.3 SP2 - Buffer Overflow Denial of Service Computalynx CProxy Server 3.3 SP2 - Buffer Overflow (Denial of Service) (PoC) Cerberus FTP Server 1.x - Buffer Overflow Denial of Service Cerberus FTP Server 1.x - Buffer Overflow (Denial of Service) (PoC) Microsoft SQL Server 2000 - SQLXML Buffer Overflow Microsoft SQL Server 2000 - 'SQLXML' Buffer Overflow (PoC) Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC) Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow (PoC) Hotfoon Dialer 4.0 - Buffer Overflow Hotfoon Dialer 4.0 - Buffer Overflow (PoC) IISPop 1.161/1.181 - Remote Buffer Overflow Denial of Service IISPop 1.161/1.181 - Remote Buffer Overflow (Denial of Service) (PoC) Linksys Devices 1.42/1.43 - GET Buffer Overflow Linksys Devices 1.42/1.43 - 'GET' Buffer Overflow (PoC) iCal 3.7 - Remote Buffer Overflow iCal 3.7 - Remote Buffer Overflow (PoC) Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow (PoC) Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow (PoC) Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow (PoC) Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow (PoC) Zoner Photo Studio 15 b3 - Buffer Overflow Zoner Photo Studio 15 b3 - Buffer Overflow (PoC) Novell Netware Enterprise Web Server 5.1/6.0 - CGI2Perl.NLM Buffer Overflow Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC) IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow IBM U2 UniVerse 10.0.0.9 - 'uvrestore' Buffer Overflow (PoC) Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow (PoC) NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC) myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow (PoC) EffectOffice Server 2.6 - Remote Service Buffer Overflow EffectOffice Server 2.6 - Remote Service Buffer Overflow (PoC) Surfboard HTTPd 1.1.9 - Remote Buffer Overflow Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC) 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow (PoC) Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow (PoC) Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow (PoC) Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow (PoC) DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow (PoC) VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC) aGSM 2.35 Half-Life Server - Info Response Buffer Overflow aGSM 2.35 Half-Life Server - Info Response Buffer Overflow (PoC) cURL - Buffer Overflow cURL - Buffer Overflow (PoC) TagScanner 5.1 - Stack Buffer Overflow TagScanner 5.1 - Stack Buffer Overflow (PoC) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow (PoC) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC) QwikMail 0.3 - HELO Command Buffer Overflow QwikMail 0.3 - 'HELO' Buffer Overflow (PoC) NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow (PoC) Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities (PoC) Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow (PoC) AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow (PoC) Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of Service Serva 32 TFTP 2.1.0 - Buffer Overflow (Denial of Service) (PoC) Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow (PoC) Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow (PoC) PlanetDNS PlanetFileServer - Remote Buffer Overflow PlanetDNS PlanetFileServer - Remote Buffer Overflow (PoC) Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC) Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC) LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow (PoC) VbsEdit 5.9.3 - '.smi' Buffer Overflow VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC) Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC) AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow (PoC) DSocks 1.3 - 'Name' Buffer Overflow DSocks 1.3 - 'Name' Buffer Overflow (PoC) IcoFX 2.5.0.0 - '.ico' Buffer Overflow IcoFX 2.5.0.0 - '.ico' Buffer Overflow (PoC) Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow Microsoft Windows XP - 'cmd.exe' Buffer Overflow Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow (PoC) Microsoft Windows XP - 'cmd.exe' Buffer Overflow (PoC) Packeteer PacketShaper 8.0 - Multiple Buffer Overflow Denial of Service Vulnerabilities Packeteer PacketShaper 8.0 - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities Bochs 2.3 - Buffer Overflow / Denial of Service Bochs 2.3 - Buffer Overflow (Denial of Service) (PoC) Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow (PoC) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (1) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (2) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2) T1lib - intT1_Env_GetCompletePath Buffer Overflow T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC) Foxmail Email Client 6.5 - 'mailto' Buffer Overflow Foxmail Email Client 6.5 - 'mailto' Buffer Overflow (PoC) Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow Denial of Service Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow (PoC) Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow (Denial of Service) (PoC) Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow (PoC) Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow (PoC) MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow (PoC) MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow (PoC) Trend Micro OfficeScan - Buffer Overflow / Denial of Service Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC) ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow (PoC) Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow (PoC) Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow (PoC) ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC) A10 Networks ACOS 2.7.0-P2 (build: 53) - Buffer Overflow A10 Networks ACOS 2.7.0-P2 (Build 53) - Buffer Overflow (PoC) Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow (PoC) Jzip - Buffer Overflow (SEH Unicode) (Denial of Service) Jzip - Buffer Overflow (Denial of Service) (SEH Unicode) Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow (PoC) BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow (PoC) Adobe Flash Player 10.0.22 and AIR - URI Parsing Heap Buffer Overflow Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC) Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow (PoC) Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow (PoC) Xerox WorkCentre - PJL Daemon Buffer Overflow Xerox WorkCentre - PJL Daemon Buffer Overflow (PoC) Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow (PoC) Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow (PoC) Mocha W32 LPD 1.9 - Remote Buffer Overflow Mocha W32 LPD 1.9 - Remote Buffer Overflow (PoC) Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC) BulletProof FTP Client 2010 - Buffer Overflow (SEH) BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC) Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC) D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow D-Link WBR-2310 1.0.4 - 'GET' Remote Buffer Overflow (PoC) HTML Help Workshop 1.4 - Buffer Overflow (SEH) HTML Help Workshop 1.4 - Buffer Overflow (SEH) (PoC) Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow (Denial of Service) (PoC) EIP Overwrite TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC) G-WAN 2.10.6 - Buffer Overflow / Denial of Service G-WAN 2.10.6 - Buffer Overflow (Denial of Service) (PoC) Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow Denial of Service Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC) TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC) ZOC SSH Client - Buffer Overflow (SEH) ZOC SSH Client - Buffer Overflow (SEH) (PoC) WebDrive 12.2 (B4172) - Buffer Overflow WebDrive 12.2 (B4172) - Buffer Overflow (PoC) PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC) Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow (PoC) IKEView.exe Fox Beta 1 - Stack Buffer Overflow IKEView.exe R60 - Stack Buffer Overflow IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC) IKEView.exe R60 - Stack Buffer Overflow (PoC) Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow (PoC) Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow (PoC) LanSpy 2.0.0.155 - Buffer Overflow LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow LanSpy 2.0.0.155 - Buffer Overflow (PoC) LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow (PoC) Last PassBroker 3.2.16 - Stack Buffer Overflow (PoC) Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC) TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) TECO TP3-PCLINK 2.1 - '.tpc' File Handling Buffer Overflow TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) (PoC) TECO TP3-PCLINK 2.1 - '.tpc' Handling Buffer Overflow (PoC) TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow (PoC) IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_SetConfFileChunk Stack Buffer Overflow IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_SetConfFileChunk' Stack Buffer Overflow (PoC) IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_GetConfFileChunk' Stack Buffer Overflow (PoC) Advanced Encryption Package Buffer Overflow - Denial of Service Advanced Encryption Package - Buffer Overflow (Denial of Service) (PoC) InfraRecorder - '.m3u' File Buffer Overflow InfraRecorder - '.m3u' File Buffer Overflow (PoC) Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution (PoC) Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow yTree 1.94-1.1 - Local Buffer Overflow Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC) yTree 1.94-1.1 - Local Buffer Overflow (PoC) NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow (PoC) CyberCop Scanner Smbgrind 5.5 - Buffer Overflow CyberCop Scanner Smbgrind 5.5 - Buffer Overflow (PoC) STIMS Buffer 1.1.20 - Buffer Overflow (SEH) (Denial of Service) STIMS Cutter 1.1.3.20 - Buffer Overflow Denial of Service STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC) STIMS Cutter 1.1.3.20 - Buffer Overflow (Denial of Service) (PoC) 4digits 1.1.4 - Local Buffer Overflow 4digits 1.1.4 - Local Buffer Overflow (PoC) Websockify (C Implementation) 0.8.0 - Buffer Overflow Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC) Google Android - '/system/bin/sdcard' Stack Buffer Overflow Google Android - '/system/bin/sdcard' Stack Buffer Overflow (PoC) Oracle Orakill.exe 11.2.0 - Buffer Overflow Oracle Orakill.exe 11.2.0 - Buffer Overflow (PoC) Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow (PoC) Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow Core FTP LE 2.2 - Path Field Local Buffer Overflow Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow (PoC) Core FTP LE 2.2 - Path Field Local Buffer Overflow (PoC) Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC) ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow ConQuest DICOM Server 1.4.17d - Stack Buffer (PoC) QNAP NVR/NAS - Buffer Overflow QNAP NVR/NAS - Buffer Overflow (PoC) Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow CDex 1.96 - Buffer Overflow Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC) CDex 1.96 - Buffer Overflow (PoC) Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC) D3DGear 5.00 Build 2175 - Buffer Overflow D3DGear 5.00 Build 2175 - Buffer Overflow (PoC) VX Search Enterprise 10.1.12 - Denial of Service Disk Pulse Enterprise 10.1.18 - Denial of Service Sync Breeze Enterprise 10.1.16 - Denial of Service DiskBoss Enterprise 8.5.12 - Denial of Service BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC) APNGDis 2.8 - 'filename' Stack Buffer Overflow APNGDis 2.8 - 'filename' Stack Buffer Overflow (PoC) wifirxpower - Local Buffer Overflow wifirxpower - Local Buffer Overflow (PoC) pinfo 0.6.9 - Local Buffer Overflow Dmitry 1.3a - Local Buffer Overflow pinfo 0.6.9 - Local Buffer Overflow (PoC) Dmitry 1.3a - Local Buffer Overflow (PoC) Mapscrn 2.03 - Local Buffer Overflow Mapscrn 2.03 - Local Buffer Overflow (PoC) Stunnel 3.24/4.00 - Daemon Hijacking (PoC) Stunnel 3.24/4.00 - Daemon Hijacking Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (PoC) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (2) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator WinZip - MIME Parsing Overflow (PoC) WinZip - MIME Parsing Overflow glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow (PoC) GNU Sharutils 4.2.1 - Local Format String (PoC) glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow GNU Sharutils 4.2.1 - Local Format String GD Graphics Library - Local Heap Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) GD Graphics Library - Local Heap Overflow libxml 2.6.12 nanoftp - Buffer Overflow WinRAR 3.4.1 - Corrupt '.ZIP' File (PoC) WinRAR 3.4.1 - Corrupt '.ZIP' File Exim 4.41 - 'dns_build_reverse' Local (PoC) Exim 4.41 - 'dns_build_reverse' Local tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow (PoC) Microsoft Windows - NtClose DeadLock (PoC) (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (PoC) (MS06-030) tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow Microsoft Windows - NtClose DeadLock (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030) Microsoft Word 2000/2003 - Hlink Local Buffer Overflow (PoC) Microsoft Word 2000/2003 - Hlink Local Buffer Overflow Cheese Tracker 0.9.9 - Local Buffer Overflow (PoC) Cheese Tracker 0.9.9 - Local Buffer Overflow PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC) PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow (PoC) BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST (PoC) Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC) PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC) PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC) PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation (PoC) Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak (PoC) WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak Kodak Image Viewer - TIF/TIFF Code Execution (PoC) (MS07-055) Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055) Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow (PoC) Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow (PoC) Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC) DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak XnView 1.93.6 - '.taac' Local Buffer Overflow (PoC) XnView 1.93.6 - '.taac' Local Buffer Overflow OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow (PoC) Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution (PoC) OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution Microsoft Windows Server 2003 - Token Kidnapping Local (PoC) Microsoft Windows Server 2003 - Token Kidnapping Local Debian - Symlink In Login Arbitrary File Ownership (PoC) Debian - Symlink In Login Arbitrary File Ownership Trend Micro Internet Security Pro 2009 - Priviliege Escalation (PoC) Trend Micro Internet Security Pro 2009 - Priviliege Escalation Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (PoC) (SEH) Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH) Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure (PoC) Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow (PoC) Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow GPG2/Kleopatra 2.0.11 - Malformed Certificate (PoC) GPG2/Kleopatra 2.0.11 - Malformed Certificate Alleycode 2.21 - Local Overflow (SEH) (PoC) Alleycode 2.21 - Local Overflow (SEH) GPG4Win GNU - Privacy Assistant (PoC) GPG4Win GNU - Privacy Assistant VMware Fusion 2.0.5 - vmx86 kext Local (PoC) VMware Fusion 2.0.5 - vmx86 kext Local Mozilla Codesighs - Memory Corruption (PoC) Mozilla Codesighs - Memory Corruption Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow LDAP - Injection (PoC) LDAP - Injection QuickZip 4.x - '.zip' Local Universal Buffer Overflow (PoC) QuickZip 4.x - '.zip' Local Universal Buffer Overflow ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow (PoC) Crimson Editor r3.70 - Overwrite (SEH) (PoC) Kenward Zipper 1.4 - Local Stack Buffer Overflow (PoC) ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow Crimson Editor r3.70 - Overwrite (SEH) Kenward Zipper 1.4 - Local Stack Buffer Overflow Stud_PE 2.6.05 - Local Stack Overflow (PoC) Stud_PE 2.6.05 - Local Stack Overflow Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow (PoC) Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow (PoC) Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow PhotoFiltre Studio X - '.tif' Local Buffer Overflow (PoC) Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow (PoC) PhotoFiltre Studio X - '.tif' Local Buffer Overflow Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow (PoC) Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) Audio Converter 8.1 - Local Stack Buffer Overflow Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) ROP/WPM SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC) Audio Converter 8.1 - Local Stack Buffer Overflow ROP/WPM SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (PoC) (ASLR + DEP Bypass) BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (ASLR + DEP Bypass) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow (PoC) Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow PHP 5.3.6 - Local Buffer Overflow (ROP) (PoC) PHP 5.3.6 - Local Buffer Overflow (ROP) Xorg 1.4 < 1.11.2 - File Permission Change (PoC) Xorg 1.4 < 1.11.2 - File Permission Change Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 - LSA Secrets Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC) Linux Kernel 2.2.x - 'sysctl()' Memory Reading Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) (PoC) Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation HT Editor 2.0.20 - Local Buffer Overflow (ROP) (PoC) HT Editor 2.0.20 - Local Buffer Overflow (ROP) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read (PoC) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read Linux Kernel 2.6 - Console Keymap Local Command Injection (PoC) Linux Kernel 2.6 - Console Keymap Local Command Injection ACE Stream Media 2.1 - 'acestream://' Format String (PoC) ACE Stream Media 2.1 - 'acestream://' Format String Linux Kernel 3.13 - SGID Privilege Escalation (PoC) Linux Kernel 3.13 - SGID Privilege Escalation Comodo Internet Security - HIPS/Sandbox Escape (PoC) Comodo Internet Security - HIPS/Sandbox Escape Palringo 2.8.1 - Local Stack Buffer Overflow (PoC) Palringo 2.8.1 - Local Stack Buffer Overflow Linux Kernel (x86-64) - Rowhammer Privilege Escalation (PoC) Rowhammer - NaCl Sandbox Escape (PoC) Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation (PoC) Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (MS15-052) Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) Linux (x86) - Memory Sinkhole Privilege Escalation Core FTP Server 1.2 - Local Buffer Overflow (PoC) Core FTP Server 1.2 - Local Buffer Overflow Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051) Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method) GNU Screen 4.5.0 - Local Privilege Escalation (PoC) GNU Screen 4.5.0 - Local Privilege Escalation Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation (PoC) Man-db 2.6.7.1 - Local Privilege Escalation Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation (PoC) Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC) TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change Multiple CPUs - 'Spectre' Information Disclosure (PoC) Multiple CPUs - 'Spectre' Information Disclosure Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation glibc ld.so - Memory Leak / Buffer Overflow GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow Microsoft IIS 5.0 - WebDAV Remote (PoC) Microsoft IIS 5.0 - WebDAV Remote Microsoft Windows Server 2000 - RSVP Server Authority Hijacking (PoC) Microsoft Windows Server 2000 - RSVP Server Authority Hijacking ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow (4) Titan FTP Server - Long Command Heap Overflow (PoC) Titan FTP Server - Long Command Heap Overflow SLX Server 6.1 - Arbitrary File Creation (PoC) SLX Server 6.1 - Arbitrary File Creation zgv 5.5 - Multiple Arbitrary Code Executions (PoC) zgv 5.5 - Multiple Arbitrary Code Executions Microsoft Internet Explorer - Remote Code Execution (PoC) Microsoft Internet Explorer - Remote Code Execution Exim 4.43 - 'auth_spa_server()' Remote (PoC) Exim 4.43 - 'auth_spa_server()' Remote Microsoft Windows - DTC Remote (PoC) (MS05-051) (2) Microsoft Windows - DTC Remote (MS05-051) (2) Watchfire AppScan QA 5.0.x - Remote Code Execution (PoC) Watchfire AppScan QA 5.0.x - Remote Code Execution KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (MS06-005) (2) RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow (PoC) RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow (PoC) AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution (PoC) Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution Easy File Sharing FTP Server 2.0 - 'PASS' Remote (PoC) Easy File Sharing FTP Server 2.0 - 'PASS' Remote BulletProof FTP Client 2.45 - Remote Buffer Overflow (PoC) BulletProof FTP Client 2.45 - Remote Buffer Overflow Intel Centrino ipw2200BG - Wireless Driver Remote Overflow (PoC) Intel Centrino ipw2200BG - Wireless Driver Remote Overflow WebMod 0.48 - Content-Length Remote Buffer Overflow (PoC) WebMod 0.48 - Content-Length Remote Buffer Overflow OpenBSD - ICMPv6 Fragment Remote Execution (PoC) OpenBSD - ICMPv6 Fragment Remote Execution Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027) Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027) Apple Safari 3 for Windows Beta - Remote Command Execution (PoC) Apple Safari 3 for Windows Beta - Remote Command Execution Flash Player/Plugin Video - File Parsing Remote Code Execution (PoC) Flash Player/Plugin Video - File Parsing Remote Code Execution Apple QuickTime (Multiple Browsers) - Command Execution (PoC) Apple QuickTime (Multiple Browsers) - Command Execution Apple QuickTime /w IE .qtl Version XAS - Remote (PoC) Apple QuickTime /w IE .qtl Version XAS - Remote QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod (PoC) ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method (PoC) HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting (PoC) Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal MicroTik RouterOS 3.13 - SNMP write (Set request) (PoC) MicroTik RouterOS 3.13 - SNMP write (Set request) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution (PoC) Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution Opera 9.61 - 'opera:historysearch' Code Execution (PoC) Opera 9.61 - 'opera:historysearch' Code Execution Chilkat Crypt - ActiveX Arbitrary File Creation/Execution (PoC) Chilkat Crypt - ActiveX Arbitrary File Creation/Execution Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069) Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069) Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection (PoC) Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption (PoC) GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002) Zervit Web Server 0.4 - Directory Traversal / Memory Corruption (PoC) Zervit Web Server 0.4 - Directory Traversal / Memory Corruption Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2) Apple Mac OSX - Java applet Remote Deserialization Remote (2) VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow (PoC) VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) (MS09-054) Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054) Pegasus Mail Client 4.51 - Remote Buffer Overflow (PoC) Pegasus Mail Client 4.51 - Remote Buffer Overflow TLS - Renegotiation (PoC) TLS - Renegotiation Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC) Trend Micro Web-Deployment - ActiveX Remote Execution (PoC) Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution Trend Micro Web-Deployment - ActiveX Remote Execution MX Simulator Server - Remote Buffer Overflow (PoC) MX Simulator Server - Remote Buffer Overflow Apache OFBiz - Remote Execution (via SQL Execution) (PoC) Apache OFBiz - Admin Creator (PoC) Apache OFBiz - Remote Execution (via SQL Execution) Apache OFBiz - Admin Creator Adobe Flash / Reader - Live Malware (PoC) Adobe Flash / Reader - Live Malware Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow (PoC) Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow KingView 6.5.3 - SCADA HMI Heap Overflow (PoC) KingView 6.5.3 - SCADA HMI Heap Overflow Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002) Microsoft Data Access Components - Remote Overflow (MS11-002) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution Solar FTP Server 2.1.1 - PASV Buffer Overflow (PoC) Solar FTP Server 2.1.1 - PASV Buffer Overflow Apache mod_proxy - Reverse Proxy Exposure (PoC) Apache mod_proxy - Reverse Proxy Exposure Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite (PoC) Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC) Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution (PoC) Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution OpenVAS Manager 4.0 - Authentication Bypass (PoC) OpenVAS Manager 4.0 - Authentication Bypass w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution (PoC) w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution Legend Perl IRC Bot - Remote Code Execution (PoC) Legend Perl IRC Bot - Remote Code Execution dhclient 4.1 - Bash Environment Variable Command Injection (PoC) (Shellshock) dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow (PoC) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow Endian Firewall < 3.0.0 - OS Command Injection (Python) (PoC) Endian Firewall < 3.0.0 - OS Command Injection (Python) Fortigate OS 4.x < 5.0.7 - SSH Backdoor Access OpenSSHd 7.2p2 - Username Enumeration (PoC) OpenSSHd 7.2p2 - Username Enumeration Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution Intel Active Management Technology - System Privileges Xplico - Remote Code Execution (Metasploit) Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution S9Y Serendipity 0.7-beta1 - SQL Injection (PoC) S9Y Serendipity 0.7-beta1 - SQL Injection AWStats 5.7 < 6.2 - Multiple Remote (PoC) AWStats 5.7 < 6.2 - Multiple Remote WoltLab Burning Book 1.1.2 - SQL Injection (PoC) WoltLab Burning Book 1.1.2 - SQL Injection Invision Power Board 2.1.7 - ACTIVE Cross-Site Scripting / SQL Injection Invision Power Board (IP.Board) 2.1.7 - 'ACTIVE' Cross-Site Scripting / SQL Injection EQdkp 1.3.2f - 'user_id' Authentication Bypass (PoC) EQdkp 1.3.2f - 'user_id' Authentication Bypass Invision Power Board 2.3.5 - Multiple Vulnerabilities (2) Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2) FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC) FOSS Gallery Public 1.0 - Arbitrary File Upload Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC) Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation (PoC) Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation Invision Power Board 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure Invision Power Board (IP.Board) 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption (PoC) Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption IPB (nv2) Awards < 1.1.0 - SQL Injection (PoC) IPB (nv2) Awards < 1.1.0 - SQL Injection X-Cart Pro 4.0.13 - SQL Injection (PoC) X-Cart Pro 4.0.13 - SQL Injection Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute (PoC) Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute IPB 3.0.1 - SQL Injection Invision Power Board 3.0.1 - SQL Injection WebsiteBaker 2.8.1 - Cross-Site Request Forgery (PoC) WebsiteBaker 2.8.1 - Cross-Site Request Forgery BS Auto Classifieds - 'info.php' SQL Injection (PoC) BS Business Directory - 'articlesdetails.php' SQL Injection (PoC) BS Classifieds Ads - 'articlesdetails.php' SQL Injection (PoC) BS Events Directory - 'articlesdetails.php' SQL Injection (PoC) BS Auto Classifieds - 'info.php' SQL Injection BS Business Directory - 'articlesdetails.php' SQL Injection BS Classifieds Ads - 'articlesdetails.php' SQL Injection BS Events Directory - 'articlesdetails.php' SQL Injection BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC) BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) (PoC) Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) SWAT Samba Web Administration Tool - Cross-Site Request Forgery (PoC) SWAT Samba Web Administration Tool - Cross-Site Request Forgery Plone and Zope - Remote Command Execution (PoC) Plone and Zope - Remote Command Execution Invision Power Board 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting Invision Power Board (IP.Board) 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting Invision Power Board 1.x - 'index.php' showtopic Cross-Site Scripting Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.3 - 'Pop' Cross-Site Scripting Invision Power Board (IP.Board) 1.3 - 'Pop' Cross-Site Scripting Invision Power Board 1.3 - 'SSI.php' Cross-Site Scripting Invision Power Board (IP.Board) 1.3 - 'SSI.php' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.x/2.0.3 - SML Code Script Injection Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 2.0.3/2.1 - 'Act' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.3/2.1 - 'Act' Cross-Site Scripting Invision Power Board 1.0.3 - Attached File Cross-Site Scripting Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting Invision Power Services Invision Board 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Invision Power Services Invision Board 2.0.4 - 'index.php?st' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - 'index.php?st' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Services Invision Board 2.0.4 - Print Action 't' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Mail Action 'MID' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Help Action 'HID' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Print Action 't' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Mail Action 'MID' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Help Action 'HID' Cross-Site Scripting Invision Power Board 1.x/2.x - Multiple SQL Injections Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections Invision Power Board 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities Invision Power Board 3.0.3 - '.txt' MIME-Type Cross-Site Scripting Invision Power Board (IP.Board) 3.0.3 - '.txt' MIME-Type Cross-Site Scripting IP Board 3.x - Cross-Site Request Forgery / Token Hjiacking Invision Power Board (IP.Board) 3.x - Cross-Site Request Forgery / Token Hjiacking Invision Power Board 4.2.1 - 'searchText' Cross-Site Scripting Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting TOTOLINK Routers - Backdoor / Remote Code Execution (PoC) TOTOLINK Routers - Backdoor / Remote Code Execution IP.Board 4.x - Persistent Cross-Site Scripting Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting IP.Board 4.1.4.x - Persistent Cross-Site Scripting Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting NETGEAR R7000 - Command Injection (PoC) NETGEAR R7000 - Command Injection WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration Photos in Wifi 1.0.1 - Path Traversal SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities FiberHome LM53Q1 - Multiple Vulnerabilities WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload Vanilla < 2.1.5 - Cross-Site Request Forgery Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE (PoC) Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC) Joomla! 3.7.0 - 'com_fields' SQL Injection Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) Apache Struts 2.3.x Showcase - Remote Code Execution AIX - execve /bin/sh Shellcode (88 bytes) Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes) |
||
|
Offensive Security
|
3d73ec60b6 |
DB: 2018-01-06
23 changes to exploits/shellcodes Emulive Server4 7560 - Remote Denial of Service Emulive Server4 Build 7560 - Remote Denial of Service ShareCenter D-Link DNS-320 - Remote reboot/shutdown/reset (Denial of Service) D-Link DNS-320 ShareCenter - Remote Reboot/Shutdown/Reset (Denial of Service) DNS4Me 3.0 - Denial of Service / Cross-Site Scripting EmuLive Server4 - Authentication Bypass / Denial of Service GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit) keene digital media server 1.0.2 - Directory Traversal variant Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - Traversal Arbitrary File Access Keene Digital Media Server 1.0.2 - Directory Traversal Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - Traversal Arbitrary File Access D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access WDMyCloud < 2.30.165 - Multiple Vulnerabilities Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit) Cisco IOS - Remote Code Execution Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection WordPress 1.5.1.2 - xmlrpc Interface SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection MySQL Eventum 1.5.5 - 'login.php' SQL Injection PHP live helper 2.0.1 - Multiple Vulnerabilities PHP Live Helper 2.0.1 - Multiple Vulnerabilities Zen Cart 1.3.9f (typefilter) - Local File Inclusion Zen Cart 1.3.9f - 'typefilter' Local File Inclusion phpWebSite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting phpWebSite 0.7.3/0.8.x/0.9.x Comment Module - 'CM_pid' Cross-Site Scripting YaBB 1.x/9.1.2000 - YaBB.pl IMSend Cross-Site Scripting YaBB 1.x/9.1.2000 - 'YaBB.pl IMSend' Cross-Site Scripting SugarCRM 1.x/2.0 Module - 'record' SQL Injection SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access SugarCRM 1.x/2.0 Module - 'record' SQL Injection SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting Kayako eSupport 2.x - Ticket System Multiple SQL Injections Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting Kayako eSupport 2.x - Ticket System Multiple SQL Injections Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution PHPCOIN 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access phpCoin 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Notes Module for phpBB - SQL Injection phpBB Notes Module - SQL Injection osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities Help Center Live 1.0/1.2.x - Multiple Input Validation Vulnerabilities HelpCenter Live! 1.0/1.2.x - Multiple Input Validation Vulnerabilities FusionBB 0.x - Multiple Input Validation Vulnerabilities Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities osCommerce 2.1/2.2 - Multiple HTTP Response Splitting Vulnerabilities PAFaq - Question Cross-Site Scripting PAFaq - Administrator 'Username' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection Kayako LiveResponse 2.0 - 'index.php?Username' Cross-Site Scripting Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple SQL Injections Kayako Live Response 2.0 - 'index.php?Username' Cross-Site Scripting Kayako Live Response 2.0 - 'index.php' Calendar Feature Multiple SQL Injections MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection EyeOS 0.8.x - Session Remote Command Execution eyeOS 0.8.x - Session Remote Command Execution CPAINT 1.3/2.0 - 'TYPE.php' Cross-Site Scripting CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting XMB Forum 1.8/1.9 - 'u2u.php?Username' Cross-Site Scripting Zen Cart Web Shopping Cart 1.x - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion Zen Cart Web Shopping Cart 1.3.0.2 - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion osCommerce 2.1/2.2 - 'product_info.php' SQL Injection CakePHP 1.1.7.3363 - 'Vendors.php' Directory Traversal HAMweather 3.9.8 - 'template.php' Script Code Injection Kayako SupportSuite 3.0.32 - PHP_SELF Trigger_Error Function Cross-Site Scripting Kayako SupportSuite 3.0.32 - 'PHP_SELF Trigger_Error' Function Cross-Site Scripting Jamroom 3.3.8 - Cookie Authentication Bypass Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection Vanilla 1.1.4 - HTML Injection / Cross-Site Scripting UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities Zen Cart < 1.3.8a - SQL Injection PHP Topsites < 2.2 - Multiple Vulnerabilities phpLinks < 2.1.2 - Multiple Vulnerabilities P-Synch < 6.2.5 - Multiple Vulnerabilities WinMX < 2.6 - Design Error FTP Service < 1.2 - Multiple Vulnerabilities MegaBrowser < 0.71b - Multiple Vulnerabilities Max Web Portal < 1.30 - Multiple Vulnerabilities Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities Gespage 7.4.8 - SQL Injection Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes) |
||
|
Offensive Security
|
b768a6ef6c |
DB: 2018-01-05
5 changes to exploits/shellcodes Multiple CPUs - 'Spectre' Information Disclosure (PoC) Iopsys Router - 'dhcp' Remote Code Execution Linksys WVBR0-25 - User-Agent Command Execution (Metasploit) Xplico - Remote Code Execution (Metasploit) |
||
|
Offensive Security
|
3eec0e4999 |
DB: 2018-01-04
4 changes to exploits/shellcodes Kingsoft Antivirus/Internet Security 9+ - Privilege Escalation WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection |
||
|
Offensive Security
|
c03d2a3ba2 |
DB: 2018-01-03
3 changes to exploits/shellcodes Acoustica Audio Converter Pro 1.1 (build 25) - Local Heap Overflow (.mp3 / .wav / .ogg / .wma) (PoC) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC) Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP) AWStats 5.7 < 6.2 - Multiple Remote s (PoC) AWStats 5.7 < 6.2 - Multiple Remote (PoC) Auto Dealer - SQL Injection (PoC) Auto Dealer - SQL Injection Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Windows (2000/XP/7 x64/x86) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode |
||
|
Offensive Security
|
f6c5c427c3 |
DB: 2018-01-02
5 changes to exploits/shellcodes Apple macOS - IOHIDSystem Kernel Read/Write HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit) Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit) Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit) Huawei Router HG532 - Arbitrary Command Execution |
||
|
Offensive Security
|
07e51f4126 |
DB: 2018-01-01
2 changes to exploits/shellcodes D3DGear 5.00 Build 2175 - Buffer Overflow PHP Melody 2.7.1 - 'playlist' SQL Injection |
||
|
Offensive Security
|
26a51e4657 |
DB: 2017-12-31
2 changes to exploits/shellcodes COMTREND ADSL Router CT-5367 - Remote Code Execution |
||
|
Offensive Security
|
b3eb5f7be0 |
DB: 2017-12-30
1 changes to exploits/shellcodes NetTransport 2.96L - Buffer Overflow (DEP Bypass) |
||
|
Offensive Security
|
be0fb79789 |
DB: 2017-12-29
2 changes to exploits/shellcodes ALLMediaServer 0.95 - Buffer Overflow ALLMediaServer 0.95 - Buffer Overflow (PoC) ALLMediaServer 0.95 - Buffer Overflow (Metasploit) DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit) |
||
|
Offensive Security
|
267f841bd8 |
DB: 2017-12-28
9 changes to exploits/shellcodes Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service SysGauge Server 3.6.18 - Denial of Service ALLMediaServer 0.95 - Buffer Overflow Sony Playstation 4 4.05 FW - Local Kernel Loader Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure Easy!Appointments 1.2.1 - Cross-Site Scripting Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download |
||
|
Offensive Security
|
b91055c9da |
DB: 2017-12-27
8 changes to exploits/shellcodes GetGo Download Manager 5.3.0.2712 - Buffer Overflow Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation COMTREND ADSL Router CT-5367 - Remote Code Execution Joomla! Component JEXTN FAQ Pro 4.0.0 - 'id' SQL Injection Biometric Shift Employee Management System 3.0 - Local File Disclosure Sendroid < 6.5.0 - SQL Injection SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Cells Blog 3.5 - 'bgid' / 'fmid' / 'fnid' SQL Injection |
||
|
Offensive Security
|
0fcc4af85c |
DB: 2017-12-23
5 changes to exploits/shellcodes Mini-stream RM-MP3 Converter - '.m3u' Local Stack Overflow (PoC) Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow (PoC) Broadcom BCM4325 and BCM4329 Devices - Denial of Service Broadcom BCM4325 / BCM4329 Devices - Denial of Service Armadito Antimalware - Backdoor/Bypass Armadito Antimalware - Backdoor Access/Bypass Mini-stream RM-MP3 Converter/WMDownloader/ASX to MP3 Cnvrtr - Local Stack Buffer Overflow Mini-stream RM-MP3 Converter/WMDownloader/ASX to MP3 Converter - Local Stack Buffer Overflow Apple macOS 10.12 16A323 XNU Kernel / iOS 10.1.1 - 'set_dp_control_port' Lack of Locking Use-After-Free Apple macOS 10.12 16A323 XNU Kernel / iOS 10.1.1 - 'set_dp_control_port' Lack of Locking Use-After-Free PHPMailer < 5.2.21 - Local File Disclosure MODACOM URoad-5000 1450 - Remote Command Execution/Backdoor MODACOM URoad-5000 1450 - Remote Command Execution / Backdoor Access Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Netcore / Netis Routers - UDP Backdoor Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Access Netcore / Netis Routers - UDP Backdoor Access Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution (Metasploit) Alienvault OSSIM av-centerd - Util.pm sync_rserver Command Execution (Metasploit) Joomla! Component com_rsgallery2 1.14.x/2.x - Remote Backdoor Joomla! Component com_rsgallery2 1.14.x/2.x - Remote Backdoor Access MyBB 1.6.4 - Backdoor (Metasploit) MyBB 1.6.4 - Backdoor Access (Metasploit) 8 TOTOLINK Router Models - Backdoor / Remote Code Execution 8 TOTOLINK Router Models - Backdoor Access / Remote Code Execution PHPMailer < 5.2.21 - Local File Disclosure |
||
|
Offensive Security
|
f0d075a5de |
DB: 2017-12-22
6 changes to exploits/shellcodes Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection Zabbix Agent 3.0.1 - mysql.size Shell Command Injection Zabbix Agent 3.0.1 - 'mysql.size' Shell Command Injection Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory Technicolor DPC3928SL - SNMP Authentication Bypass Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Netcore / Netis Routers - UDP Backdoor NETGEAR R7000 - Command Injection NETGEAR R7000 - Command Injection (PoC) Conarc iChannel - Improper Access Restrictions |
||
|
Offensive Security
|
307f5f46af |
DB: 2017-12-21
4 changes to exploits/shellcodes Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' Double-Write Ring-0 Address Leak Samsung Internet Browser - SOP Bypass (Metasploit) Ability Mail Server 3.3.2 - Cross-Site Scripting BEIMS ContractorWeb 5.18.0.0 - SQL Injection |
||
|
Offensive Security
|
f93f05e46f |
DB: 2017-12-20
12 changes to exploits/shellcodes Microsoft Windows - 'jscript!NameTbl::GetValDef' Use-After-Free Microsoft Internet Explorer 11 - 'jscript!JSONStringifyObject' Use-After-Free Microsoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE or Local Network via WPAD Microsoft Windows - jscript.dll 'Array.sort' Heap Overflow Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable Microsoft Windows - 'jscript!RegExpFncObj::LastParen' Out-of-Bounds Read Intel Content Protection HECI Service - Type Confusion Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC) Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit) Jenkins - XStream Groovy classpath Deserialization (Metasploit) BrightSign Digital Signage - Multiple Vulnerablities Joomla! Component NextGen Editor 2.1.0 - 'plname' SQL Injection |
||
|
Offensive Security
|
f76fbb1072 |
DB: 2017-12-19
19 changes to exploits/shellcodes CDex 1.96 - Buffer Overflow Zoom Linux Client 2.0.106600.0904 - Command Injection Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow Firejail - Local Privilege Escalation Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape Linux kernel < 4.10.15 - Race Condition Privilege Escalation Outlook for Android - Attachment Download Directory Traversal Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit) GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution Joomla! Component Guru Pro - SQL Injection Joomla! Component Guru Pro - 'Itemid' SQL Injection Joomla! Component User Bench 1.0 - 'userid' SQL Injection Joomla! Component My Projects 2.0 - SQL Injection vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion Linksys WVBR0 - 'User-Agent' Remote Command Injection Joomla! Component JB Visa 1.0 - 'visatype' SQL Injection Joomla! Component Guru Pro - 'promocode' SQL Injection Monstra CMS 3.0.4 - Arbitrary File Upload / Remote Code Execution |
||
|
Offensive Security
|
729a1a8bbf | DB: 2017-12-17 | ||
|
Offensive Security
|
cfef56c321 |
DB: 2017-12-16
5 changes to exploits/shellcodes MikroTik RouterBoard 6.39.2 / 6.40.5 DNS - Denial of Service Sync Breeze 10.2.12 - Denial of Service ITGuard-Manager 0.0.0.1 - Remote Code Execution Movie Guide 2.0 - SQL Injection |
||
|
Offensive Security
|
ed1c4edf3e |
DB: 2017-12-15
13 changes to exploits/shellcodes Dup Scout Enterprise 10.0.18 - 'Input Directory' Local Buffer Overflow (SEH) Microsoft Office - DDE Payload Delivery (Metasploit) Dup Scout Enterprise - Login Buffer Overflow (Metasploit) pfSense 2.4.1 - CSRF Error Page Clickjacking (Metasploit) Palo Alto Networks Firewalls - Remote root Code Execution Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection Joomla! Component JEXTN Video Gallery 3.0.5 - 'id' SQL Injection Readymade Video Sharing Script 3.2 - HTML Injection Paid To Read Script 2.0.5 - 'uid' / 'fnum' / 'fn' SQL Injection FS Lynda Clone 1.0 - SQL Injection Bus Booking Script 1.0 - 'txtname' SQL Injection Piwigo 2.9.1 - 'cat_true' / 'cat_false' SQL Injection Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit) |
||
|
Offensive Security
|
0f0a6efff9 |
DB: 2017-12-14
2 changes to exploits/shellcodes glibc ld.so - Memory Leak / Buffer Overflow Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read |
||
|
Offensive Security
|
d07aa0ed2a |
DB: 2017-12-13
6 changes to exploits/shellcodes Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling Joomla! Component JBuildozer 1.4.1 - 'appid' SQL Injection Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload |
||
|
Offensive Security
|
9cea53a35b |
DB: 2017-12-12
35 changes to exploits/shellcodes MikroTik RouterBoard 6.39.2 / 6.40.5 DNS - Denial of Service MikroTik 6.40.5 ICMP - Denial of Service iOS/macOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures macOS - 'getrusage' Stack Leak Through struct Padding macOS - 'necp_get_socket_attributes' so_pcb Type Confusion LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow Entrepreneur Dating Script 2.0.1 - 'marital' / 'gender' / 'country' / 'profileid' SQL Injection Secure E-commerce Script 2.0.1 - 'searchcat' / 'searchmain' SQL Injection Laundry Booking Script 1.0 - 'list?city' SQL Injection Lawyer Search Script 1.1 - 'lawyer-list?city' SQL Injection Multivendor Penny Auction Clone Script 1.0 - SQL Injection Online Exam Test Application Script 1.6 - 'exams.php?sort' SQL Injection Opensource Classified Ads Script 3.2 - SQL Injection PHP Multivendor Ecommerce 1.0 - 'sid' / 'searchcat' / 'chid1' SQL Injection Professional Service Script 1.0 - 'service-list?city' SQL Injection Readymade PHP Classified Script 3.3 - 'subctid' / 'mctid' SQL Injection Readymade Video Sharing Script 3.2 - SQL Injection Responsive Realestate Script 3.2 - 'property-list?tbud' SQL Injection Multireligion Responsive Matrimonial 4.7.2 - 'succid' SQL Injection Responsive Events & Movie Ticket Booking Script 3.2.1 - 'findcity.php?q' SQL Injection Multiplex Movie Theater Booking Script 3.1.5 - 'moid' / 'eid' SQL Injection Single Theater Booking Script 3.2.1 - 'findcity.php?q' SQL Injection Advanced Real Estate Script 4.0.7 - SQL Injection Entrepreneur Bus Booking Script 3.0.4 - 'sourcebus' SQL Injection MLM Forex Market Plan Script 2.0.4 - 'newid' / 'eventid' SQL Injection MLM Forced Matrix 2.0.9 - 'newid' SQL Injection Car Rental Script 2.0.4 - 'val' SQL Injection Groupon Clone Script 3.01 - 'state_id' / 'search' SQL Injection Muslim Matrimonial Script 3.02 - 'succid' SQL Injection Advanced World Database 2.0.5 - SQL Injection Resume Clone Script 2.0.5 - SQL Injection Basic Job Site Script 2.0.5 - SQL Injection Vanguard 1.4 - Arbitrary File Upload Vanguard 1.4 - SQL Injection |
||
|
Offensive Security
|
e37fd2bae3 |
DB: 2017-12-11
18 changes to exploits/shellcodes Nearbuy Clone Script 3.2 - 'search' SQL Injection Cab Booking Script 1.0 - 'city' SQL Injection Chartered Accountant Booking Script 1.0 - 'city' SQL Injection Child Care Script 1.0 - 'city' SQL Injection CMS Auditor Website 1.0 - SQL Injection Co-work Space Search Script 1.0 - 'city' SQL Injection Yoga Class Script 1.0 - 'list?city' SQL Injection Consumer Complaints Clone Script 1.0 - 'id' SQL Injection Entrepreneur Job Portal Script 2.0.6 - 'jobsearch_all.php?rid1' SQL Injection Doctor Search Script 1.0 - 'city' SQL Injection Food Order Script 1.0 - 'list?city' SQL Injection E-commerce MLM Software 1.0 - SQL Injection Facebook Clone Script 1.0 - 'id' / 'send' SQL Injection Event Calendar Category Script 1.0 - 'city' SQL Injection Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection Hot Scripts Clone 3.1 - 'subctid' / 'mctid' SQL Injection Foodspotting Clone Script 1.0 - 'quicksearch.php?q' SQL Injection Kickstarter Clone Acript 2.0 - 'projid' SQL Injection |
||
|
Offensive Security
|
97b5f8cc5b |
DB: 2017-12-10
20 changes to exploits/shellcodes FS Makemytrip Clone 1.0 - 'fl_orig' / 'fl_dest' SQL Injection FS Linkedin Clone 1.0 - 'grid' / 'fid' / 'id' SQL Injection FS Indiamart Clone 1.0 - 'token' / 'id' / 'c' SQL Injection FS IMDB Clone 1.0 - 'f' / 's' / 'id' SQL Injection FS Grubhub Clone 1.0 - 'keywords' SQL Injection FS Groupon Clone 1.0 - 'id' SQL Injection FS Gigs Script 1.0 - 'cat' / 'sc' SQL Injection FS Freelancer Clone 1.0 - 'profile.php?u' SQL Injection FS Ebay Clone 1.0 - 'id' / 'sub_category_id' / 'category_id' SQL Injection FS Crowdfunding Script 1.0 - 'latest_news_details.php?id' SQL Injection FS Care Clone 1.0 - 'jobFrequency' / 'jobType' SQL Injection FS Amazon Clone 1.0 - SQL Injection FS Trademe Clone 1.0 - 'search' / 'id' SQL Injection FS Expedia Clone 1.0 - 'fl_orig' / 'fl_dest' / 'id' SQL Injection FS Foodpanda Clone 1.0 - SQL Injection Advance B2B Script 2.1.3 - 'show_id' / 'pid' SQL Injection Advance Online Learning Management Script 3.1 - 'subcatid' / 'popcourseid' SQL Injection Affiliate MLM Script 1.0 - 'product-category.php?key' SQL Injection Basic B2B Script 2.0.8 - 'product_details.php?id' SQL Injection Beauty Parlour Booking Script 1.0 - 'gender' / 'city' SQL Injection |
||
|
Offensive Security
|
c35d9b35f7 |
DB: 2017-12-09
14 changes to exploits/shellcodes macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement Apple macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free Apple macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement Apple macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free Apple macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption Apple macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free Apple macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash Linux Kernel - DCCP Socket Use-After-Free Wireshark 2.4.0 < 2.4.2 / 2.2.0 < 2.2.10 - CIP Safety Dissector Crash Linux Kernel 4.10.5 / < 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free Apple iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation Apple macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation Apple iOS/macOS - 'xpc_data' Objects Sandbox Escape Privilege Escalation macOS High Sierra - Local Privilege Escalation (Metasploit) Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation (Metasploit) Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation LabF nfsAxe FTP Client 3.7 - Buffer Overflow (DEP Bypass) DomainSale PHP Script 1.0 - 'id' SQL Injection Simple Chatting System 1.0.0 - Arbitrary File Upload Website Auction Marketplace 2.0.5 - 'cat_id' SQL Injection Realestate Crowdfunding Script 2.7.2 - 'pid' SQL Injection FS Thumbtack Clone 1.0 - 'cat' / 'sc' SQL Injection FS Stackoverflow Clone 1.0 - 'keywords' SQL Injection FS Shutterstock Clone 1.0 - 'keywords' SQL Injection FS Quibids Clone 1.0 - SQL Injection FS Olx Clone 1.0 - 'scat' / 'pid' SQL Injection FS Monster Clone 1.0 - 'Employer_Details.php?id' SQL Injection |
||
|
Offensive Security
|
b546191ef2 |
DB: 2017-12-08
9 changes to exploits/shellcodes Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash Linux Kernel - DCCP Socket Use-After-Free LaCie 5big Network 2.2.8 - Command Injection Polycom Shell HDX Series - Traceroute Command Execution (Metasploit) Claymore Dual ETH + DCR/SC/LBC/PASC GPU Miner - Stack Buffer Overflow / Path Traversal FS IMDB Clone - 'id' SQL Injection FS Facebook Clone - 'token' SQL Injection OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting |
||
|
Offensive Security
|
08d2346400 |
DB: 2017-12-07
13 changes to exploits/shellcodes Arq 5.9.7 - Local Privilege Escalation Murus 1.4.11 - Local Privilege Escalation Arq 5.9.6 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation Sera 1.2 - Local Privilege Escalation / Password Disclosure Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation Proxifier for Mac 2.19 - Local Privilege Escalation FS Makemytrip Clone - 'id' SQL Injection WinduCMS 3.1 - Local File Disclosure FS Shaadi Clone - 'token' SQL Injection |
||
|
Offensive Security
|
5e7ce1be28 |
DB: 2017-12-06
4 changes to exploits/shellcodes Microsoft Internet Explorer 6 - Aurora Microsoft Internet Explorer 6 - 'Aurora' Memory Corruption (MS10-002) VX Search 10.2.14 - 'command_name' Buffer Overflow Perspective ICM Investigation & Case 5.1.1.16 - Privilege Escalation Techno Portfolio Management Panel - 'id' SQL Injection Readymade Classifieds Script 1.0 - SQL Injection |
||
|
Offensive Security
|
5c6fd52e87 | DB: 2017-12-05 | ||
|
Offensive Security
|
a595878586 | DB: 2017-12-04 | ||
|
Offensive Security
|
bb8b231f69 |
DB: 2017-12-02
8 changes to exploits/shellcodes 6 new exploits/shellcodes Abyss Web Server < 2.11.6 - Heap Memory Corruption HP iMC Plat 7.2 - Remote Code Execution HP iMC Plat 7.2 - Remote Code Execution (2) Kodi 15 - Web Interface Arbitrary File Access ( Kodi 15 - Web Interface Arbitrary File Access Jobs2Careers / Coroflot Clone - SQL Injection MistServer 2.12 - Cross-Site Scripting Artica Web Proxy 3.06 - Remote Code Execution |
||
|
Offensive Security
|
a24ecf72c3 |
DB: 2017-12-01
82 changes to exploits/shellcodes 32 new exploits/shellcodes Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC) CA BrightStor HSM r11.5 - Remote Stack Based Overflow / Denial of Service CA BrightStor HSM r11.5 - Remote Stack Overflow / Denial of Service Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC) Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC) Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow FontForge - '.BDF' Font File Stack Based Buffer Overflow FontForge - '.BDF' Font File Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC) Libmodplug 0.8.8.2 - '.abc' Stack Buffer Overflow (PoC) Citrix XenApp / XenDesktop - Stack Based Buffer Overflow Citrix XenApp / XenDesktop - Stack Buffer Overflow Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC) Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC) IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow Oracle Outside-In - '.LWP' File Parsing Stack Buffer Overflow mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC) mcrypt 2.6.8 - Stack Buffer Overflow (PoC) MySQL (Linux) - Stack Based Buffer Overrun (PoC) MySQL (Linux) - Heap Based Overrun (PoC) MySQL (Linux) - Stack Buffer Overrun (PoC) MySQL (Linux) - Heap Overrun (PoC) Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (1) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow Winamp 5.63 - Stack Based Buffer Overflow Winamp 5.63 - Stack Buffer Overflow Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap-Based Buffer Overflow (MS14-056) Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap Buffer Overflow (MS14-056) MPlayer 1.0 - AVIHeader.C Heap Based Buffer Overflow MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Based Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow Google Android Web Browser - '.GIF' File Heap Buffer Overflow Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC) Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow OpenVms 8.3 Finger Service - Stack Based Buffer Overflow OpenVms 8.3 Finger Service - Stack Buffer Overflow Free Download Manager - Stack Based Buffer Overflow Free Download Manager - Stack Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Valhala Honeypot 1.8 - Stack Based Buffer Overflow Valhala Honeypot 1.8 - Stack Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Based Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Based Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Based Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read FBZX 2.10 - Local Stack Based Buffer Overflow TACK 1.07 - Local Stack Based Buffer Overflow FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read FBZX 2.10 - Local Stack Buffer Overflow TACK 1.07 - Local Stack Buffer Overflow Gnome Nautilus 3.16 - Denial of Service Wireshark - iseries_parse_packet Heap Based Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow Wireshark - iseries_parse_packet Heap Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Buffer Overflow Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow Wireshark - find_signature Stack Based Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow Wireshark - getRate Stack Based Out-of-Bounds Read Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow Wireshark - find_signature Stack Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Buffer Overflow Wireshark - getRate Stack Out-of-Bounds Read Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1) Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1) pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read pdfium - CPDF_Function::Call Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Buffer Overflow Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC) glibc - 'getaddrinfo' Stack Buffer Overflow (PoC) Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow libxml2 - xmlDictAddString Heap Based Buffer Overread libxml2 - xmlParseEndTag2 Heap Based Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread libxml2 - htmlCurrentChar Heap Based Buffer Overread Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow libxml2 - xmlDictAddString Heap Buffer Overread libxml2 - xmlParseEndTag2 Heap Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread libxml2 - htmlCurrentChar Heap Buffer Overread Kamailio 4.3.4 - Heap Based Buffer Overflow Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read Kamailio 4.3.4 - Heap Buffer Overflow Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2) Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2) Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow Graphite2 - GlyphCache::Loader Heap Based Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow Graphite2 - GlyphCache::Loader Heap Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097) Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) SAP SAPCAR 721.510 - Heap-Based Buffer Overflow SAP SAPCAR 721.510 - Heap Buffer Overflow Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow OpenJPEG - 'mqc.c' Heap Buffer Overflow tcprewrite - Heap-Based Buffer Overflow tcprewrite - Heap Buffer Overflow Dnsmasq < 2.78 - 2-byte Heap-Based Overflow Dnsmasq < 2.78 - Heap-Based Overflow Dnsmasq < 2.78 - Stack-Based Overflow Dnsmasq < 2.78 - 2-byte Heap Overflow Dnsmasq < 2.78 - Heap Overflow Dnsmasq < 2.78 - Stack Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow PHP 7.1.8 - Heap-Based Buffer Overflow PHP 7.1.8 - Heap Buffer Overflow QEMU - NBD Server Long Export Name Stack Buffer Overflow Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page TerminatorX 3.81 - Local Stack Overflow / Privilege Escalation TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Local Privilege Escalation AIX lquerylv - Local Buffer Overflow / Privilege Escalation AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Local Privilege Escalation libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Privilege Escalation Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation Gopher 3.0.9 - '+VIEWS' Remote Client-Side Buffer Overflow Gopher 3.0.9 - '+VIEWS' Client-Side Buffer Overflow XMail 1.21 - '-t' Command Line Option Buffer Overflow / Privilege Escalation XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation Microsoft Excel - Remote Code Execution Microsoft Excel - Code Execution HP-UX 11i - 'swpackage' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation News Rover 12.1 Rev 1 - Remote Stack Overflow (1) News Rover 12.1 Rev 1 - Stack Overflow (1) News Rover 12.1 Rev 1 - Remote Stack Overflow (2) News Rover 12.1 Rev 1 - Stack Overflow (2) FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit) MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Buffer Overflows Libmodplug - 's3m' Remote Buffer Overflow Libmodplug - 's3m' Buffer Overflow Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin) Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) Microsoft Visio 2002 - '.DXF' File Stack based Overflow Microsoft Visio 2002 - '.DXF' Local Stack Overflow AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit) AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit) Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Local Privilege Escalation BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3) S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Local Privilege Escalation Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation Internet Download Manager - Stack Based Buffer Overflow Internet Download Manager - Local Stack Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow / Privilege Escalation AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation mcrypt 2.5.8 - Stack Based Overflow mcrypt 2.5.8 - Local Stack Overflow Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow / Privilege Escalation (MS04-020) Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation (1) Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1) Winamp 5.12 - '.m3u' Stack Based Buffer Overflow Winamp 5.12 - '.m3u' Local Stack Buffer Overflow RealNetworks RealOne Player/RealPlayer - '.RM' Local Stack Buffer Overflow KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow Super Player 3500 - '.m3u' Local Stack Based Buffer Overflow Super Player 3500 - '.m3u' Local Stack Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Based Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Based Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Local Privilege Escalation BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Privilege Escalation Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow Sim Editor 6.6 - Stack Based Buffer Overflow Sim Editor 6.6 - Local Stack Buffer Overflow Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022) Microsoft Word - Local Machine Zone Code Execution (MS15-022) Symantec Encryption Desktop 10 - Local Buffer Overflow / Privilege Escalation Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (2) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2) Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042) TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow NRSS Reader 0.3.9 - Local Stack Based Overflow NRSS Reader 0.3.9 - Local Stack Overflow Linux - ecryptfs and /proc/$pid/environ Privilege Escalation Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099) Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099) NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow Callback / Privilege Escalation NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout) Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit) PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution PDF-XChange Viewer 2.5 Build 314.0 - Code Execution Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (2) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2) UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation macOS High Sierra - Root Privilege Escalation (Metasploit) lftp 2.6.9 - Remote Stack based Overflow lftp 2.6.9 - Remote Stack Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack/SEH Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack Overflow (SEH) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit) Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit) Citrix Gateway - ActiveX Control Stack Based Buffer Overflow (Metasploit) Citrix Gateway - ActiveX Control Stack Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack Buffer Overflow (Metasploit) Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (3) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (2) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities RealNetworks RealOne Player/RealPlayer - '.RM' File Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Buffer Overflow Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow Vim - 'mch_expand_wildcards()' Heap Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Based Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Based Buffer Overflow Stub TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub glibc - 'getaddrinfo' Stack Based Buffer Overflow glibc - 'getaddrinfo' Remote Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal R2/Extreme 1.65 - Stack Buffer Overflow / Directory Traversal Alligra Calligra - Heap Based Buffer Overflow Alligra Calligra - Heap Buffer Overflow Aloaha PDF Suite - Stack Based Buffer Overflow Aloaha PDF Suite - Remote Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit) ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit) pfSense - Authenticated Group Member Remote Command Execution (Metasploit) Almnzm - 'COOKIE: customer' SQL Injection Tutorialms 1.4 (show) - SQL Injection Tutorialms 1.4 - 'show' SQL Injection osCommerce 2.3.4.1 - Arbitrary File Upload Knowledge Base Enterprise Edition 4.62.00 - SQL Injection Knowledge Base Enterprise Edition 4.62.0 - SQL Injection WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload phpDolphin 2.0.5 - Multiple Vulnerabilities OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities AbanteCart 1.2.7 - Cross-Site Scripting MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection Synology StorageManager 5.2 - Remote Root Command Execution Synology StorageManager 5.2 - Root Remote Command Execution WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal |
||
|
Offensive Security
|
cc349de5d3 |
DB: 2017-11-29
4 changes to exploits/shellcodes Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) YaBB 1 Gold - SP 1 YaBB.pl Cross-Site Scripting YaBB 1 Gold SP 1 - 'YaBB.pl' Cross-Site Scripting NetPilot/Soho Blue Router 6.1.15 - Privilege Escalation Synology StorageManager 5.2 - Remote Root Command Execution |
||
|
Offensive Security
|
f52bbcb598 |
DB: 2017-11-28
15 new exploits |
Renamed from files.csv (Browse further)