exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	614fb1caf8	DB: 2016-05-12 22 new exploits PoPToP PPTP <= 1.1.4-b3 - Remote Root Exploit (poptop-sane.c) PoPToP PPTP <= 1.1.4-b3 - 'poptop-sane.c' Remote Root Exploit Atftpd 0.6 - Remote Root Exploit (atftpdx.c) Atftpd 0.6 - 'atftpdx.c' Remote Root Exploit Yahoo Messenger 5.5 - Remote Exploit (DSR-ducky.c) Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Exploit CCBILL CGI Remote Exploit for whereami.cgi (ccbillx.c) CCBILL CGI - 'ccbillx.c' whereami.cgi Remote Exploit Cisco IOS IPv4 Packet Denial of Service Exploit (cisco-bug-44020.c) Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service Exploit wu-ftpd 2.6.2 - Remote Denial of Service Exploit (wuftpd-freezer.c) wu-ftpd 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service Exploit Microsoft Windows - (Jolt2.c) Denial of Service Exploit Microsoft Windows - 'Jolt2.c' Denial of Service Exploit TCP SYN Denial of Service Exploit (bang.c) TCP SYN - 'bang.c' Denial of Service Exploit Apache HTTPd - Arbitrary Long HTTP Headers DoS (C) Apache HTTPd - Arbitrary Long HTTP Headers DoS Linux Kernel <= 2.4.26- File Offset Pointer Handling Memory Disclosure Exploit Linux Kernel <= 2.4.26 - File Offset Pointer Handling Memory Disclosure Exploit Linux Kernel 2.6.x (Slackware 9.1/ Debian 3.0) - chown() Group Ownership Alteration Exploit Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit Veritas Backup Exec Agent 8.x/9.x - Browser Overflow (C) Veritas Backup Exec Agent 8.x/9.x - Browser Overflow Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c) Apache OpenSSL - 'OpenFuckV2.c' Remote Exploit CA License Server (GETCONFIG) Remote Buffer Overflow Exploit (c) CA License Server (GETCONFIG) Remote Buffer Overflow Exploit Aeon 0.2a - Local Linux Exploit (C) Aeon 0.2a - Local Linux Exploit Linux Kernel 2.4 / 2.6 - bluez Local Root Privilege Escalation Exploit (3) Linux Kernel 2.4.x / 2.6.x - 'Bluez' Bluetooth Signed Buffer Index Local Root (3) nbSMTP <= 0.99 (util.c) Client-Side Command Execution Exploit nbSMTP <= 0.99 - 'util.c' Client-Side Command Execution Exploit SuSE Linux <= 9.3 / 10 - (chfn) Local Root Privilege Escalation Exploit Linux chfn (SuSE <= 9.3 / 10) - Local Privilege Escalation Exploit SugarSuite Open Source <= 4.0beta Remote Code Execution Exploit (c) SugarSuite Open Source <= 4.0beta - Remote Code Execution Exploit Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (c) Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (pl) Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (Perl) OpenVMPSd <= 1.3 - Remote Format String Exploit (Multiple Targets) OpenVMPSd <= 1.3 - Remote Format String Exploit Ubuntu Breezy 5.10 Installer Password Disclosure Vulnerability Ubuntu Breezy 5.10 - Installer Password Disclosure Vulnerability X.Org X11 (X11R6.9.0/X11R7.0) - Local Root Privilege Escalation Exploit X.Org X11 (X11R6.9.0/X11R7.0) - Local Privilege Escalation Exploit DataLife Engine <= 4.1 - Remote SQL Injection Exploit (php) DataLife Engine <= 4.1 - Remote SQL Injection Exploit (PHP) Opera 9 IRC Client Remote Denial of Service Exploit (c) Opera 9 IRC Client Remote Denial of Service Exploit (py) Opera 9 - IRC Client Remote Denial of Service Exploit Opera 9 IRC Client - Remote Denial of Service Exploit (Python) Microsoft Windows PNG File IHDR Block Denial of Service Exploit PoC (c) Microsoft Windows - PNG File IHDR Block Denial of Service Exploit PoC (1) Microsoft Windows PNG File IHDR Block Denial of Service Exploit PoC (c) (2) Microsoft Windows - PNG File IHDR Block Denial of Service Exploit PoC (2) Microsoft Internet Explorer (VML) Remote Buffer Overflow Exploit (SP2) (pl) Microsoft Internet Explorer (VML) - Remote Buffer Overflow Exploit (SP2) (Perl) Microsoft Internet Explorer WebViewFolderIcon setSlice() Exploit (pl) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (Perl) Microsoft Internet Explorer WebViewFolderIcon setSlice() Exploit (c) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit cPanel <= 10.8.x - (cpwrap via mysqladmin) Local Root Exploit (php) cPanel <= 10.8.x - (cpwrap via mysqladmin) Local Root Exploit (PHP) Xfire <= 1.6.4 - Remote Denial of Service Exploit (pl) Xfire <= 1.6.4 - Remote Denial of Service Exploit (Perl) Microsoft Windows NetpManageIPCConnect Stack Overflow Exploit (py) Microsoft Windows NetpManageIPCConnect - Stack Overflow Exploit (Python) VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (c) VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit QK SMTP <= 3.01 (RCPT TO) Remote Buffer Overflow Exploit (pl) QK SMTP <= 3.01 - (RCPT TO) Remote Buffer Overflow Exploit (Perl) Ubuntu/Debian Apache 1.3.33/1.3.34 - (CGI TTY) Local Root Exploit Apache 1.3.33/1.3.34 (Ubuntu / Debian) - (CGI TTY) Local Root Exploit WarFTP 1.65 (USER) Remote Buffer Overlow Exploit (multiple targets) WarFTP 1.65 (USER) Remote Buffer Overlow Exploit XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit XOOPS Module WF-Snippets <= 1.02 (c) - BLIND SQL Injection Exploit IrfanView 3.99 - (.ani) Local Buffer Overflow Exploit (multiple targets) IrfanView 3.99 - (.ani) Local Buffer Overflow Exploit 3proxy 0.5.3g logurl() Remote Buffer Overflow Exploit (Win32) (pl) 3proxy 0.5.3g logurl() - Remote Buffer Overflow Exploit (Win32) (Perl) Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit (c) Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (php) fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (pl) fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (PHP) fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution Exploit (Perl) IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (pl) IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (Perl) IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow Exploit (c) IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow Exploit BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (py) BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (Python) BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (c) BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (py) CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (Python) Browser3D 3.5 - (.sfs) Local Stack Overflow Exploit (c) Browser3D 3.5 - (.sfs) Local Stack Overflow Exploit Microsoft Internet Explorer 7 - Memory Corruption Exploit (MS09-002) (py) Microsoft Internet Explorer 7 - Memory Corruption Exploit (MS09-002) (Python) EFS Easy Chat Server Authentication Request Buffer Overflow Exploit (pl) EFS Easy Chat Server - Authentication Request Buffer Overflow Exploit (Perl) CastRipper 2.50.70 - (.m3u) Universal Stack Overflow Exploit (py) CastRipper 2.50.70 - (.m3u) Universal Stack Overflow Exploit (Python) Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php) Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (PHP) Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl) Microsoft IIS 6.0 WebDAV - Remote Authentication Bypass Exploit (Perl) kloxo 5.75 - (24 issues) Multiple Vulnerabilities kloxo 5.75 - Multiple Vulnerabilities Mozilla Firefox 3.5 (Font tags) Remote Heap Spray Exploit (pl) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (Perl) Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation Exploit (C) Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation Exploit MailEnable 1.52 HTTP Mail Service Stack BoF Exploit PoC MailEnable 1.52 - HTTP Mail Service Stack BoF Exploit PoC (Ubuntu 9.10/10.04) PAM 1.1.0 - MOTD File Tampering (Privilege Escalation) Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (1) Cacti 0.8.7e: Multiple Security Issues Cacti 0.8.7e - Multiple Vulnerabilities (Tod Miller's) Sudo/SudoEdit 1.6.x < 1.6.9p21 & 1.7.x < 1.7.2p4 - Local Root Exploit (Tod Miller's) Sudo/SudoEdit 1.6.x / 1.7.x (<= 1.6.9p21 / <= 1.7.2p4) - Local Root Exploit PAM 1.1.0 MOTD (Ubuntu 9.10/10.04) - Local Root Exploit Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (2) Linux Kernel < 2.6.36-rc1 CAN BCM (Ubuntu 10.04 / 2.6.32-21) - Privilege Escalation Exploit Linux Kernel < 2.6.36-rc1 CAN BCM (Ubuntu 10.04 / 2.6.32) - Privilege Escalation Exploit Ubuntu Linux - 'mountall' - Local Privilege Escalation Vulnerability mountall <= 2.15.2 (Ubuntu 10.04/10.10) - Local Privilege Escalation Vulnerability Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (.py) Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (Python) PHP Hosting Directory 2.0 Database Disclosure Exploit (.py) PHP Hosting Directory 2.0 Database Disclosure Exploit (Python) systemtap - Local Root Privilege Escalation Vulnerability systemtap - Local Privilege Escalation Vulnerability Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 110.10) - Local Privilege Escalation Exploit (2) Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 11.10) - Local Privilege Escalation Exploit (2) Kunena < 1.5.13_ < 1.6.3 - SQL Injection Vulnerability Kunena < 1.5.13 / < 1.6.3 - SQL Injection Vulnerability HP OpenView NNM 7.53_ 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow HP OpenView NNM 7.53/7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow Safari 5.0.6_ 5.1 - SVG DOM Processing PoC Safari 5.0.6/5.1 - SVG DOM Processing PoC Ubuntu <= 11.04 ftp client Local Buffer Overflow Crash PoC FTP Client (Ubuntu <= 11.04) - Local Buffer Overflow Crash PoC Acpid 1:2.0.10-1ubuntu2 - Privilege Boundary Crossing Vulnerability Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit RedHat Linux <= 6.0_ Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (1) RedHat Linux <= 6.0_ Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (2) RedHat Linux <= 6.0 / Slackware Linux <= 4.0 - Termcap tgetent() Buffer Overflow (1) RedHat Linux <= 6.0 / Slackware Linux <= 4.0 - Termcap tgetent() Buffer Overflow (2) Linux Kernel 2.2.x/2.4 .0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1) Linux Kernel 2.2.x/2.4 .0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2) Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1) Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2) Debian 2.x_RedHat 6.2_IRIX 5/6_ Solaris 2.x Mail Reply-To Field Vulnerability Debian 2.x_ RedHat 6.2_ IRIX 5/6_ Solaris 2.x - Mail Reply-To Field Vulnerability Pure-FTPd 1.0.21 (CentOS 6.2 & Ubuntu 8.04) - Crash PoC (Null Pointer Dereference) Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Crash PoC (Null Pointer Dereference) FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (1) FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (2) FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (3) FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (4) FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (5) FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (1) FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (2) FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (3) FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (4) FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (5) cPanel 5.0 - Openwebmail Local Privileges Escalation Vulnerability cPanel 5.0 - Openwebmail Local Privilege Escalation Vulnerability Linux-PAM 0.77 - Pam_Wheel Module getlogin() Username Spoofing Privileged Escalation Vulnerability Linux PAM 0.77 - Pam_Wheel Module getlogin() Username Spoofing Privilege Escalation Vulnerability Totem Movie Player (Ubuntu) 3.4.3 - Stack Corruption Totem Movie Player 3.4.3 (Ubuntu) - Stack Corruption Flightgear 2.0_ 2.4 - Remote Format String Exploit Flightgear 2.0/2.4 - Remote Format String Exploit Opera 7.x_ Firefox 1.0_ Internet Explorer 6.0 - Information Disclosure Weakness Opera 7.x/Firefox 1.0/Internet Explorer 6.0 - Information Disclosure Weakness Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC Vulnerability (1) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (2) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (3) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (4) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC (1) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root (2) Linux Kernel <= 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root Vulnerability Linux Kernel 2.6.37 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit Linux Kernel 2.6.32 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit Linux Kernel 3.8.x - open-time Capability file_ns_capable() Privilege Escalation Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation OSX <= 10.8.4 - Local Root Privilege Escalation (py) OSX <= 10.8.4 - Local Privilege Escalation (Python) Moodle 2.3.8_ 2.4.5 - Multiple Vulnerabilities Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities IBM AIX 6.1 / 7.1 - Local Root Privilege Escalation IBM AIX 6.1 / 7.1 - Local Privilege Escalation glibc and eglibc 2.5_ 2.7_ 2.13 - Buffer Overflow Vulnerability glibc and eglibc 2.5/2.7/2.13 - Buffer Overflow Vulnerability StatusNet/Laconica 0.7.4_ 0.8.2_ 0.9.0beta3 - Arbitrary File Reading StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading Links_ ELinks 'smbclient' Remote Command Execution Vulnerability Links_ ELinks 'smbclient' - Remote Command Execution Vulnerability Flyspray 0.9.9 - Information Disclosure_ HTML Injection and Cross-Site Scripting Vulnerabilities Flyspray 0.9.9 - Information Disclosure/HTML Injection/Cross-Site Scripting Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - Local Root (CONFIG_X86_X32=y) Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Local Root Exploit Symantec Endpoint Protection Manager 11.0_ 12.0_ 12.1 - Remote Command Execution Exploit Symantec Endpoint Protection Manager 11.0/12.0/12.1 - Remote Command Execution Exploit ownCloud 4.0.x_ 4.5.x (upload.php filename param) - Remote Code Execution ownCloud 4.0.x/4.5.x (upload.php filename param) - Remote Code Execution Procentia IntelliPen 1.1.12.1520 (Data.aspx_ value param) - Blind SQL Injection Vtiger CRM 5.4.0_ 6.0 RC_ 6.0.0 GA (browse.php file param) - Local File Inclusion Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA (browse.php file param) - Local File Inclusion Haihaisoft HUPlayer 1.0.4.8 - (.m3u_ .pls_ .asx) Buffer Overflow (SEH) Haihaisoft Universal Player 1.5.8 - (.m3u_ .pls_ .asx) Buffer Overflow (SEH) Haihaisoft HUPlayer 1.0.4.8 - (.m3u/.pls/.asx) Buffer Overflow (SEH) Haihaisoft Universal Player 1.5.8 - (.m3u/.pls/.asx) Buffer Overflow (SEH) JIRA Issues Collector Directory Traversal JIRA Issues Collector - Directory Traversal CMSimple 4.4_ 4.4.2 - Remote File Inclusion CMSimple 4.4/4.4.2 - Remote File Inclusion Core FTP Server 1.2_ build 535_ 32-bit - Crash PoC Core FTP Server 1.2 build 535 32-bit - Crash PoC Samba <= 3.4.5 - Symlink Directory Traversal Vulnerability (C) Samba <= 3.4.5 - Symlink Directory Traversal Vulnerability Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 4.1.x Bypass (MS12-037) Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 4.1.x Bypass (MS12-037) Linux Kernel < 3.2.0-23 (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation Linux Kernel < 3.2.0-23 (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation Symantec Endpoint Protection 11.x_ 12.x - Kernel Pool Overflow Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow Linux Kernel 3.16.1 - Remount FUSE Exploit Linux Kernel < 3.16.1 - Remount FUSE Local Root Exploit Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 5.0 Bypass (MS12-037) Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.0 Bypass (MS12-037) Rejetto HTTP File Server (HFS) 2.3a_ 2.3b_ 2.3c - Remote Command Execution Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 5.1 Bypass (MS12-037) Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.1 Bypass (MS12-037) Mac OS X - IOKit Keyboard Driver Root Privilege Escalation Mac OS X - IOKit Keyboard Driver Privilege Escalation Liferay Portal 7.0.0 M1_ 7.0.0 M2_ 7.0.0 M3 - Pre-Auth RCE Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Pre-Auth RCE vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion_ SQL Injection & XSS vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion/SQL Injection/XSS MalwareBytes Anti-Exploit 1.03.1.1220_ 1.04.1.1012 Out-of-bounds Read DoS MalwareBytes Anti-Exploit 1.03.1.1220/1.04.1.1012 Out-of-bounds Read DoS JBoss AS 3_ 4_ 5_ 6 - Remote Command Execution JBoss AS 3/4/5/6 - Remote Command Execution Mac OS X < 10.7.5_ 10.8.2_ 10.9.5 10.10.2 - rootpipe Local Privilege Escalation Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - rootpipe Local Privilege Escalation Alienvault OSSIM/USM 4.14_ 4.15_ and 5.0 - Multiple Vulnerabilities Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities Pandora FMS 5.0_ 5.1 - Authentication Bypass Pandora FMS 5.0/5.1 - Authentication Bypass Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root (Shell) Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root Shell Cisco AnyConnect Secure Mobility 2.x_ 3.x_ 4.x - Client DoS PoC Cisco AnyConnect Secure Mobility 2.x/3.x/4.x - Client DoS PoC Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root (Shadow File) Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Privilege Escalation (Access /etc/shadow) Orchard CMS 1.7.3_ 1.8.2_ 1.9.0 - Stored XSS Vulnerability Orchard CMS 1.7.3/1.8.2/1.9.0 - Stored XSS Vulnerability Ubuntu 14.04 NetKit FTP Client - Crash/DoS PoC NetKit FTP Client (Ubuntu 14.04) - Crash/DoS PoC Interspire Email Marketer Cross Site Scripting_ HTML Injection_ and SQL Injection Vulnerabilities Interspire Email Marketer - (Cross Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities BigDump Cross Site Scripting_ SQL Injection_ and Arbitrary File Upload Vulnerabilities BigDump - (Cross Site Scripting/SQL Injection/Arbitrary File Upload) Multiple Vulnerabilities Elastix < 2.5 _ PHP Code Injection Exploit Elastix < 2.5 - PHP Code Injection Exploit Microsoft Office Excel 2007_ 2010_ 2013 - BIFFRecord Use-After-Free Microsoft Office Excel 2007/2010/2013 - BIFFRecord Use-After-Free OS X Regex Engine (TRE) - Integer Signedness and Overflow Issues OS X Regex Engine (TRE) - (Integer Signedness and Overflow) Multiple Vulnerabilities Linux Kernel 3.3.5 - 'CLONE_NEWUSER\|CLONE_FS' Local Privilege Escalation Vulnerability Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER\|CLONE_FS' Local Privilege Escalation Vulnerability Linux Kernel <=4.3.3 (Ubuntu 14.04_ 15.10) - overlayfs Local Root Exploit Linux Kernel <= 4.3.3 (Ubuntu 14.04/15.10) - overlayfs Local Root Exploit Exim < 4.86.2 - Local Root Privilege Escalation Exim < 4.86.2 - Local Privilege Escalation RHEL 7.1 (and CentOS) Kernel 3.10.0-229.x - snd-usb-audio Crash PoC RHEL 7.1 (and CentOS) Kernel 3.10.0-229.x - iowarrior driver Crash PoC Linux Kernel 3.10.0-229.x (RHEL 7.1. CentOS) - snd-usb-audio Crash PoC Linux Kernel 3.10.0-229.x (RHEL 7.1. CentOS) - iowarrior driver Crash PoC Trend Micro Deep Discovery Inspector 3.8_ 3.7 - CSRF Vulnerabilities Trend Micro Deep Discovery Inspector 3.8/3.7 - CSRF Vulnerabilities FireEye - Privilege Escalation to root from Malware Input Processor (uid=mip) FireEye - Malware Input Processor (uid=mip) Privilege Escalation Exploit Novell Service Desk 7.1.0_ 7.0.3 and 6.5 - Multiple Vulnerabilities Novell Service Desk 7.1.0/7.0.3 and 6.5 - Multiple Vulnerabilities Internet Explorer 9_ 10_ 11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112) Internet Explorer 9/10/11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112) Linux (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow) Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow) Linux (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps Android Broadcom Wi-Fi Driver - Memory Corruption CIScan 1.00 - Hostname/IP Field SEH Overwrite PoC FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation Intuit QuickBooks Desktop 2007 - 2016 - Arbitrary Code Execution	2016-05-12 05:03:21 +00:00

Author

SHA1

Message

Date

Offensive Security

614fb1caf8

DB: 2016-05-12

22 new exploits

PoPToP PPTP <= 1.1.4-b3 - Remote Root Exploit (poptop-sane.c)
PoPToP PPTP <= 1.1.4-b3 - 'poptop-sane.c' Remote Root Exploit

Atftpd 0.6 - Remote Root Exploit (atftpdx.c)
Atftpd 0.6 - 'atftpdx.c' Remote Root Exploit

Yahoo Messenger 5.5 - Remote Exploit (DSR-ducky.c)
Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Exploit

CCBILL CGI Remote Exploit for whereami.cgi (ccbillx.c)
CCBILL CGI - 'ccbillx.c' whereami.cgi Remote Exploit

Cisco IOS IPv4 Packet Denial of Service Exploit (cisco-bug-44020.c)
Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service Exploit

wu-ftpd 2.6.2 - Remote Denial of Service Exploit (wuftpd-freezer.c)
wu-ftpd 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service Exploit

Microsoft Windows - (Jolt2.c) Denial of Service Exploit
Microsoft Windows - 'Jolt2.c' Denial of Service Exploit

TCP SYN Denial of Service Exploit (bang.c)
TCP SYN - 'bang.c' Denial of Service Exploit

Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)
Apache HTTPd - Arbitrary Long HTTP Headers DoS

Linux Kernel <= 2.4.26- File Offset Pointer Handling Memory Disclosure Exploit
Linux Kernel <= 2.4.26 - File Offset Pointer Handling Memory Disclosure Exploit

Linux Kernel 2.6.x (Slackware 9.1/ Debian 3.0) - chown() Group Ownership Alteration Exploit
Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit

Veritas Backup Exec Agent 8.x/9.x - Browser Overflow (C)
Veritas Backup Exec Agent 8.x/9.x - Browser Overflow

Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
Apache OpenSSL - 'OpenFuckV2.c' Remote Exploit

CA License Server (GETCONFIG) Remote Buffer Overflow Exploit (c)
CA License Server (GETCONFIG) Remote Buffer Overflow Exploit

Aeon 0.2a - Local Linux Exploit (C)
Aeon 0.2a - Local Linux Exploit

Linux Kernel 2.4 / 2.6 - bluez Local Root Privilege Escalation Exploit (3)
Linux Kernel 2.4.x / 2.6.x - 'Bluez' Bluetooth Signed Buffer Index Local Root (3)

nbSMTP <= 0.99 (util.c) Client-Side Command Execution Exploit
nbSMTP <= 0.99 - 'util.c' Client-Side Command Execution Exploit

SuSE Linux <= 9.3 / 10 - (chfn) Local Root Privilege Escalation Exploit
Linux chfn (SuSE <= 9.3 / 10) - Local Privilege Escalation Exploit

SugarSuite Open Source <= 4.0beta Remote Code Execution Exploit (c)
SugarSuite Open Source <= 4.0beta - Remote Code Execution Exploit
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (c)
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (pl)
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (Perl)

OpenVMPSd <= 1.3 - Remote Format String Exploit (Multiple Targets)
OpenVMPSd <= 1.3 - Remote Format String Exploit

Ubuntu Breezy 5.10 Installer Password Disclosure Vulnerability
Ubuntu Breezy 5.10 - Installer Password Disclosure Vulnerability

X.Org X11 (X11R6.9.0/X11R7.0) - Local Root Privilege Escalation Exploit
X.Org X11 (X11R6.9.0/X11R7.0) - Local Privilege Escalation Exploit

DataLife Engine <= 4.1 - Remote SQL Injection Exploit (php)
DataLife Engine <= 4.1 - Remote SQL Injection Exploit (PHP)
Opera 9 IRC Client Remote Denial of Service Exploit (c)
Opera 9 IRC Client Remote Denial of Service Exploit (py)
Opera 9 - IRC Client Remote Denial of Service Exploit
Opera 9 IRC Client - Remote Denial of Service Exploit (Python)

Microsoft Windows PNG File IHDR Block Denial of Service Exploit PoC (c)
Microsoft Windows - PNG File IHDR Block Denial of Service Exploit PoC (1)

Microsoft Windows PNG File IHDR Block Denial of Service Exploit PoC (c) (2)
Microsoft Windows - PNG File IHDR Block Denial of Service Exploit PoC (2)

Microsoft Internet Explorer (VML) Remote Buffer Overflow Exploit (SP2) (pl)
Microsoft Internet Explorer (VML) - Remote Buffer Overflow Exploit (SP2) (Perl)

Microsoft Internet Explorer WebViewFolderIcon setSlice() Exploit (pl)
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (Perl)

Microsoft Internet Explorer WebViewFolderIcon setSlice() Exploit (c)
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit

cPanel <= 10.8.x - (cpwrap via mysqladmin) Local Root Exploit (php)
cPanel <= 10.8.x - (cpwrap via mysqladmin) Local Root Exploit (PHP)

Xfire <= 1.6.4 - Remote Denial of Service Exploit (pl)
Xfire <= 1.6.4 - Remote Denial of Service Exploit (Perl)

Microsoft Windows NetpManageIPCConnect Stack Overflow Exploit (py)
Microsoft Windows NetpManageIPCConnect - Stack Overflow Exploit (Python)

VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (c)
VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit

QK SMTP <= 3.01 (RCPT TO) Remote Buffer Overflow Exploit (pl)
QK SMTP <= 3.01 - (RCPT TO) Remote Buffer Overflow Exploit (Perl)

Ubuntu/Debian Apache 1.3.33/1.3.34 - (CGI TTY) Local Root Exploit
Apache 1.3.33/1.3.34 (Ubuntu / Debian) - (CGI TTY) Local Root Exploit

WarFTP 1.65 (USER) Remote Buffer Overlow Exploit (multiple targets)
WarFTP 1.65 (USER) Remote Buffer Overlow Exploit

XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit
XOOPS Module WF-Snippets <= 1.02 (c) - BLIND SQL Injection Exploit

IrfanView 3.99 - (.ani) Local Buffer Overflow Exploit (multiple targets)
IrfanView 3.99 - (.ani) Local Buffer Overflow Exploit

3proxy 0.5.3g logurl() Remote Buffer Overflow Exploit (Win32) (pl)
3proxy 0.5.3g logurl() - Remote Buffer Overflow Exploit (Win32) (Perl)

Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit (c)
Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit
fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (php)
fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (pl)
fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (PHP)
fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution Exploit (Perl)

IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (pl)
IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (Perl)

IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow Exploit (c)
IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow Exploit

BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (py)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (Python)

BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (c)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit

CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (py)
CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (Python)

Browser3D 3.5 - (.sfs) Local Stack Overflow Exploit (c)
Browser3D 3.5 - (.sfs) Local Stack Overflow Exploit

Microsoft Internet Explorer 7 - Memory Corruption Exploit (MS09-002) (py)
Microsoft Internet Explorer 7 - Memory Corruption Exploit (MS09-002) (Python)

EFS Easy Chat Server Authentication Request Buffer Overflow Exploit (pl)
EFS Easy Chat Server - Authentication Request Buffer Overflow Exploit (Perl)

CastRipper 2.50.70 - (.m3u) Universal Stack Overflow Exploit (py)
CastRipper 2.50.70 - (.m3u) Universal Stack Overflow Exploit (Python)

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php)
Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (PHP)

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl)
Microsoft IIS 6.0 WebDAV - Remote Authentication Bypass Exploit (Perl)

kloxo 5.75 - (24 issues) Multiple Vulnerabilities
kloxo 5.75 - Multiple Vulnerabilities

Mozilla Firefox 3.5 (Font tags) Remote Heap Spray Exploit (pl)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (Perl)

Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation Exploit (C)
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation Exploit

MailEnable 1.52 HTTP Mail Service Stack BoF Exploit PoC
MailEnable 1.52 - HTTP Mail Service Stack BoF Exploit PoC

(Ubuntu 9.10/10.04) PAM 1.1.0 - MOTD File Tampering (Privilege Escalation)
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (1)

Cacti 0.8.7e: Multiple Security Issues
Cacti 0.8.7e - Multiple Vulnerabilities

(Tod Miller's) Sudo/SudoEdit 1.6.x < 1.6.9p21 & 1.7.x < 1.7.2p4 - Local Root Exploit
(Tod Miller's) Sudo/SudoEdit 1.6.x / 1.7.x (<= 1.6.9p21 / <= 1.7.2p4) - Local Root Exploit

PAM 1.1.0 MOTD (Ubuntu 9.10/10.04) - Local Root Exploit
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (2)

Linux Kernel < 2.6.36-rc1 CAN BCM (Ubuntu 10.04 / 2.6.32-21) - Privilege Escalation Exploit
Linux Kernel < 2.6.36-rc1 CAN BCM (Ubuntu 10.04 / 2.6.32) - Privilege Escalation Exploit

Ubuntu Linux - 'mountall' - Local Privilege Escalation Vulnerability
mountall <= 2.15.2 (Ubuntu 10.04/10.10) - Local Privilege Escalation Vulnerability

Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (.py)
Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (Python)

PHP Hosting Directory 2.0 Database Disclosure Exploit (.py)
PHP Hosting Directory 2.0 Database Disclosure Exploit (Python)

systemtap - Local Root Privilege Escalation Vulnerability
systemtap - Local Privilege Escalation Vulnerability

Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 110.10) - Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 11.10) - Local Privilege Escalation Exploit (2)

Kunena < 1.5.13_ < 1.6.3 - SQL Injection Vulnerability
Kunena < 1.5.13 / < 1.6.3 - SQL Injection Vulnerability

HP OpenView NNM 7.53_ 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow
HP OpenView NNM 7.53/7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow

Safari 5.0.6_ 5.1 - SVG DOM Processing PoC
Safari 5.0.6/5.1 - SVG DOM Processing PoC

Ubuntu <= 11.04 ftp client Local Buffer Overflow Crash PoC
FTP Client (Ubuntu <= 11.04) - Local Buffer Overflow Crash PoC

Acpid 1:2.0.10-1ubuntu2 - Privilege Boundary Crossing Vulnerability
Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit
RedHat Linux <= 6.0_ Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (1)
RedHat Linux <= 6.0_ Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (2)
RedHat Linux <= 6.0 / Slackware Linux <= 4.0 - Termcap tgetent() Buffer Overflow (1)
RedHat Linux <= 6.0 / Slackware Linux <= 4.0 - Termcap tgetent() Buffer Overflow (2)
Linux Kernel 2.2.x/2.4 .0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1)
Linux Kernel 2.2.x/2.4 .0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2)
Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1)
Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2)

Debian 2.x_RedHat 6.2_IRIX 5/6_ Solaris 2.x Mail Reply-To Field Vulnerability
Debian 2.x_ RedHat 6.2_ IRIX 5/6_ Solaris 2.x - Mail Reply-To Field Vulnerability

Pure-FTPd 1.0.21 (CentOS 6.2 & Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (1)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (2)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (3)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (4)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (5)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (1)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (2)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (3)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (4)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (5)

cPanel 5.0 - Openwebmail Local Privileges Escalation Vulnerability
cPanel 5.0 - Openwebmail Local Privilege Escalation Vulnerability

Linux-PAM 0.77 - Pam_Wheel Module getlogin() Username Spoofing Privileged Escalation Vulnerability
Linux PAM 0.77 - Pam_Wheel Module getlogin() Username Spoofing Privilege Escalation Vulnerability

Totem Movie Player (Ubuntu) 3.4.3 - Stack Corruption
Totem Movie Player 3.4.3 (Ubuntu) - Stack Corruption

Flightgear 2.0_ 2.4 - Remote Format String Exploit
Flightgear 2.0/2.4 - Remote Format String Exploit

Opera 7.x_ Firefox 1.0_ Internet Explorer 6.0 - Information Disclosure Weakness
Opera 7.x/Firefox 1.0/Internet Explorer 6.0 - Information Disclosure Weakness
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC Vulnerability (1)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (2)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (3)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (4)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC (1)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root (2)
Linux Kernel <= 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root Vulnerability

Linux Kernel 2.6.37 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit
Linux Kernel 2.6.32 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit

Linux Kernel 3.8.x - open-time Capability file_ns_capable() Privilege Escalation
Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation

OSX <= 10.8.4 - Local Root Privilege Escalation (py)
OSX <= 10.8.4 - Local Privilege Escalation (Python)

Moodle 2.3.8_ 2.4.5 - Multiple Vulnerabilities
Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities

IBM AIX 6.1 / 7.1 - Local Root Privilege Escalation
IBM AIX 6.1 / 7.1 - Local Privilege Escalation

glibc and eglibc 2.5_ 2.7_ 2.13 - Buffer Overflow Vulnerability
glibc and eglibc 2.5/2.7/2.13 - Buffer Overflow Vulnerability

StatusNet/Laconica 0.7.4_ 0.8.2_ 0.9.0beta3 - Arbitrary File Reading
StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading

Links_ ELinks 'smbclient' Remote Command Execution Vulnerability
Links_ ELinks 'smbclient' - Remote Command Execution Vulnerability

Flyspray 0.9.9 - Information Disclosure_ HTML Injection and Cross-Site Scripting Vulnerabilities
Flyspray 0.9.9 - Information Disclosure/HTML Injection/Cross-Site Scripting

Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - Local Root (CONFIG_X86_X32=y)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Local Root Exploit

Symantec Endpoint Protection Manager 11.0_ 12.0_ 12.1 - Remote Command Execution Exploit
Symantec Endpoint Protection Manager 11.0/12.0/12.1 - Remote Command Execution Exploit

ownCloud 4.0.x_ 4.5.x (upload.php filename param) - Remote Code Execution
ownCloud 4.0.x/4.5.x (upload.php filename param) - Remote Code Execution
Procentia IntelliPen 1.1.12.1520 (Data.aspx_ value param) - Blind SQL Injection
Vtiger CRM 5.4.0_ 6.0 RC_ 6.0.0 GA (browse.php file param) - Local File Inclusion
Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection
Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA (browse.php file param) - Local File Inclusion
Haihaisoft HUPlayer 1.0.4.8 - (.m3u_ .pls_ .asx) Buffer Overflow (SEH)
Haihaisoft Universal Player 1.5.8 - (.m3u_ .pls_ .asx) Buffer Overflow (SEH)
Haihaisoft HUPlayer 1.0.4.8 - (.m3u/.pls/.asx) Buffer Overflow (SEH)
Haihaisoft Universal Player 1.5.8 - (.m3u/.pls/.asx) Buffer Overflow (SEH)

JIRA Issues Collector Directory Traversal
JIRA Issues Collector - Directory Traversal

CMSimple 4.4_ 4.4.2 - Remote File Inclusion
CMSimple 4.4/4.4.2 - Remote File Inclusion

Core FTP Server 1.2_ build 535_ 32-bit - Crash PoC
Core FTP Server 1.2 build 535 32-bit - Crash PoC

Samba <= 3.4.5 - Symlink Directory Traversal Vulnerability (C)
Samba <= 3.4.5 - Symlink Directory Traversal Vulnerability

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 4.1.x Bypass (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 4.1.x Bypass (MS12-037)

Linux Kernel < 3.2.0-23 (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation
Linux Kernel < 3.2.0-23  (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation

Symantec Endpoint Protection 11.x_ 12.x - Kernel Pool Overflow
Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow

Linux Kernel 3.16.1 - Remount FUSE Exploit
Linux Kernel < 3.16.1 - Remount FUSE Local Root Exploit

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 5.0 Bypass (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.0 Bypass (MS12-037)

Rejetto HTTP File Server (HFS) 2.3a_ 2.3b_ 2.3c - Remote Command Execution
Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 5.1 Bypass (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.1 Bypass (MS12-037)

Mac OS X - IOKit Keyboard Driver Root Privilege Escalation
Mac OS X - IOKit Keyboard Driver Privilege Escalation

Liferay Portal 7.0.0 M1_ 7.0.0 M2_ 7.0.0 M3 - Pre-Auth RCE
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Pre-Auth RCE

vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion_ SQL Injection & XSS
vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion/SQL Injection/XSS

MalwareBytes Anti-Exploit 1.03.1.1220_ 1.04.1.1012 Out-of-bounds Read DoS
MalwareBytes Anti-Exploit 1.03.1.1220/1.04.1.1012 Out-of-bounds Read DoS

JBoss AS 3_ 4_ 5_ 6 - Remote Command Execution
JBoss AS 3/4/5/6 - Remote Command Execution

Mac OS X < 10.7.5_ 10.8.2_ 10.9.5 10.10.2 - rootpipe Local Privilege Escalation
Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - rootpipe Local Privilege Escalation

Alienvault OSSIM/USM 4.14_ 4.15_ and 5.0 - Multiple Vulnerabilities
Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities

Pandora FMS 5.0_ 5.1 - Authentication Bypass
Pandora FMS 5.0/5.1 - Authentication Bypass

Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root (Shell)
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root Shell

Cisco AnyConnect Secure Mobility 2.x_ 3.x_ 4.x - Client DoS PoC
Cisco AnyConnect Secure Mobility 2.x/3.x/4.x - Client DoS PoC

Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root (Shadow File)
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Privilege Escalation (Access /etc/shadow)

Orchard CMS 1.7.3_ 1.8.2_ 1.9.0 - Stored XSS Vulnerability
Orchard CMS 1.7.3/1.8.2/1.9.0 - Stored XSS Vulnerability

Ubuntu 14.04 NetKit FTP Client - Crash/DoS PoC
NetKit FTP Client (Ubuntu 14.04) - Crash/DoS PoC

Interspire Email Marketer Cross Site Scripting_ HTML Injection_ and SQL Injection Vulnerabilities
Interspire Email Marketer - (Cross Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities

BigDump Cross Site Scripting_ SQL Injection_ and Arbitrary File Upload Vulnerabilities
BigDump - (Cross Site Scripting/SQL Injection/Arbitrary File Upload) Multiple Vulnerabilities

Elastix < 2.5 _ PHP Code Injection Exploit
Elastix < 2.5 - PHP Code Injection Exploit

Microsoft Office Excel 2007_ 2010_ 2013 - BIFFRecord Use-After-Free
Microsoft Office Excel 2007/2010/2013 - BIFFRecord Use-After-Free

OS X Regex Engine (TRE) - Integer Signedness and Overflow Issues
OS X Regex Engine (TRE) - (Integer Signedness and Overflow) Multiple Vulnerabilities

Linux Kernel 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability
Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability

Linux Kernel <=4.3.3 (Ubuntu 14.04_ 15.10) - overlayfs Local Root Exploit
Linux Kernel <= 4.3.3 (Ubuntu 14.04/15.10) - overlayfs Local Root Exploit

Exim < 4.86.2 - Local Root Privilege Escalation
Exim < 4.86.2 - Local Privilege Escalation
RHEL 7.1 (and CentOS) Kernel 3.10.0-229.x - snd-usb-audio Crash PoC
RHEL 7.1 (and CentOS) Kernel 3.10.0-229.x - iowarrior driver Crash PoC
Linux Kernel 3.10.0-229.x (RHEL 7.1. CentOS) - snd-usb-audio Crash PoC
Linux Kernel 3.10.0-229.x (RHEL 7.1. CentOS) - iowarrior driver Crash PoC

Trend Micro Deep Discovery Inspector 3.8_ 3.7 - CSRF Vulnerabilities
Trend Micro Deep Discovery Inspector 3.8/3.7 - CSRF Vulnerabilities

FireEye - Privilege Escalation to root from Malware Input Processor (uid=mip)
FireEye - Malware Input Processor (uid=mip) Privilege Escalation Exploit

Novell Service Desk 7.1.0_ 7.0.3 and 6.5 - Multiple Vulnerabilities
Novell Service Desk 7.1.0/7.0.3 and 6.5 - Multiple Vulnerabilities

Internet Explorer 9_ 10_ 11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)
Internet Explorer 9/10/11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)

Linux (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)
Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)

Linux (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Android Broadcom Wi-Fi Driver - Memory Corruption
CIScan 1.00 - Hostname/IP Field SEH Overwrite PoC
FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation
Intuit QuickBooks Desktop 2007 - 2016 - Arbitrary Code Execution

2016-05-12 05:03:21 +00:00

1 commit