exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	2ac6fc17c2	DB: 2017-04-13 3 new exploits Solaris 7 - 11 (x86 & SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation Cisco Catalyst 2960 IOS 12.2(55)SE11 - 'ROCEM' Remote Code Execution D-Link DWR-116 / DWR-116A1 - Arbitrary File Download	2017-04-13 05:01:16 +00:00
Offensive Security	814ba132f8	DB: 2017-04-12 18 new exploits Apple WebKit - 'JSC::B3::Procedure::resetReachability' Use-After-Free Apple WebKit - 'Document::adoptNode' Use-After-Free Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow Proxifier for Mac 2.18 - Multiple Vulnerabilities Proxifier for Mac 2.17 / 2.18 - Privesc Escalation Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout Quest Privilege Manager 6.0.0 - Arbitrary File Write Adobe Multiple Products - XML Injection File Content Disclosure MyClassifiedScript 5.1 - SQL Injection Social Directory Script 2.0 - SQL Injection FAQ Script 3.1.3 - 'category_id' Parameter SQL Injection WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal Brother MFC-J6520DW - Authentication Bypass / Password Change Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element	2017-04-12 05:01:16 +00:00
Offensive Security	6624e39c26	DB: 2017-04-05 31 new exploits macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking Broadcom Wi-Fi SoC - Heap Overflow in _wlc_tdls_cal_mic_chk_ Due to Large RSN IE in TDLS Setup Confirm Frame Apple WebKit 10.0.2 - HTMLInputElement Use-After-Free Apple WebKit - 'RenderLayer' Use-After-Free Apple WebKit - Negative-Size memmove in HTMLFormElement Apple WebKit - 'FormSubmission::create' Use-After-Free Apple WebKit - 'ComposedTreeIterator::traverseNextInShadowTree' Use-After-Free Apple WebKit - 'table' Use-After-Free Apple WebKit - 'WebCore::toJS' Use-After-Free macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device Bluecoat ASG 6.6/CAS 1.3 - Privilege Escalation (Metasploit) Bluecoat ASG 6.6/CAS 1.3 - OS Command Injection (Metasploit) Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow Exploit SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit) Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit) Broadcom Wi-Fi SoC - 'dhd_handle_swc_evt' Heap Overflow Pixie 1.0.4 - Arbitrary File Upload Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting Apple WebKit 10.0.2(12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting Maian Uploader 4.0 - 'index.php' keywords Parameter Cross-Site Scripting Maian Uploader 4.0 - admin/index.php keywords Parameter Cross-Site Scripting Maian Uploader 4.0 - admin/inc/header.php Multiple Parameter Cross-Site Scripting Maian Uploader 4.0 - 'keywords' Parameter Cross-Site Scripting Maian Uploader 4.0 - 'index.php' Cross-Site Scripting Maian Uploader 4.0 - 'header.php' Cross-Site Scripting Maian Uploader 4.0 - 'user' Parameter SQL Injection Maian Survey 1.1 - 'survey' Parameter SQL Injection Maian Greetings 2.1 - 'cat' Parameter SQL Injection	2017-04-05 05:01:18 +00:00
Offensive Security	8ce122cbaf	DB: 2017-04-04 3 new exploits BackBox OS - Denial of Service Apache Tomcat 6/7/8/9 - Information Disclosure Zyxel_ EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection	2017-04-04 05:01:25 +00:00
Offensive Security	0320cba051	DB: 2017-04-02 6 new exploits Microsoft Internet Explorer 11 - Crash PoC (1) Microsoft Internet Explorer 11 - Crash (PoC) (1) Microsoft Windows SQL Server - Denial of Service Remote Exploit (MS03-031) Microsoft Windows SQL Server - Remote Denial of Service (MS03-031) Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow PoC (MS03-046) Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (PoC) (MS03-046) Microsoft Windows - MSDTC Service Remote Memory Modification PoC (MS05-051) Microsoft Windows - MSDTC Service Remote Memory Modification (PoC) (MS05-051) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (1) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1) Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (1) Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (1) Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (3) Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (3) Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (2) Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (2) Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC (Metasploit) Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit) Microsoft Windows - DNS Resolution Remote Denial of Service PoC (MS06-041) Microsoft Windows - DNS Resolution Remote Denial of Service (PoC) (MS06-041) Microsoft Excel - Malformed Palette Record Denial of Service PoC (MS07-002) Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002) BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow PoCs BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs) Visual Basic - 'vbe6.dll' Local Stack Overflow PoC / Denial of Service Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC) Microsoft Internet Explorer GDI+ - PoC (MS08-052) Microsoft Internet Explorer GDI+ - (PoC) (MS08-052) Microsoft Windows - GDI+ PoC (MS08-052) (2) Microsoft Windows - GDI+ (PoC) (MS08-052) (2) Microsoft Windows - InternalOpenColorProfile Heap Overflow PoC (MS08-046) GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption PoC/Denial of Service Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046) GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Apple Safari - 'ARGUMENTS' Array Integer Overflow (PoC) (New Heap Spray) Adobe Acrobat Reader - JBIG2 Local Buffer Overflow PoC (2) Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC) (2) eZip Wizard 3.0 - Local Stack Buffer Overflow PoC (SEH) eZip Wizard 3.0 - Local Stack Buffer Overflow (PoC) (SEH) Chasys Media Player 1.1 - '.pls' Local Buffer Overflow PoC (SEH) Chasys Media Player 1.1 - '.pls' Local Buffer Overflow (PoC) (SEH) Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (1) Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (1) Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (2) Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (2) Microsoft Internet Explorer - EMBED Memory Corruption PoC (MS09-014) Microsoft Internet Explorer - EMBED Memory Corruption (PoC) (MS09-014) DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow PoCs DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs) AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow PoC (SEH) AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow (PoC) (SEH) MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC) otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs) JetAudio 7.5.3 COWON Media Center - '.wav' Crash Streaming Audio Player 0.9 - (skin) Local Stack Overflow PoC (SEH) Soritong MP3 Player 1.0 - (SKIN) Local Stack Overflow PoC (SEH) Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (PoC) (SEH) Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH) Tuniac 090517c - '.m3u' Local File Crash (PoC) HTML Email Creator & Sender 2.3 - Local Buffer Overflow PoC (SEH) HTML Email Creator & Sender 2.3 - Local Buffer Overflow (PoC) (SEH) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (1) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (2) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (1) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (2) BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow PoC (2) BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow (PoC) (2) Eureka Email Client 2.2q - PoC Buffer Overflow Eureka Email Client 2.2q - Buffer Overflow (PoC) Microsoft Windows 7 / Server 2008 R2 - Remote Kernel Crash Microsoft Windows 7 / 2008 R2 - Remote Kernel Crash Picpuz 2.1.1 - Buffer Overflow Denial of Service/PoC Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC) Total MultiMedia Features - Denial of Service PoC for Sony Ericsson Phones Total MultiMedia Features - Sony Ericsson Phones Denial of Service (PoC) Mozilla Firefox 3.6 - (XML parser) Memory Corruption PoC/Denial of Service Mozilla Firefox 3.6 - (XML parser) Memory Corruption (PoC) / Denial of Service iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service/PoC iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service (PoC) RCA DCM425 Cable Modem - micro_httpd Denial of Service/PoC RCA DCM425 Cable Modem - 'micro_httpd' Denial of Service (PoC) Free MP3 CD Ripper 2.6 - '.wav' PoC Free MP3 CD Ripper 2.6 - '.wav' (PoC) Anyzip 1.1 - '.zip' PoC (SEH) Anyzip 1.1 - '.zip' (PoC) (SEH) Microsoft Windows - SMB Client-Side Bug PoC (MS10-006) Microsoft Windows - SMB Client-Side Bug (PoC) (MS10-006) Webby WebServer - PoC SEH control Webby WebServer - SEH Control (PoC) FreeBSD 8.0 ftpd - off-by one PoC (FreeBSD-SA-10:05) FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off- By One (PoC) Microsoft Windows Vista/Server 2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free AoAAudioExtractor 2.0.0.0 - ActiveX PoC (SEH) AoAAudioExtractor 2.0.0.0 - ActiveX (PoC) (SEH) Mozilla Firefox - Memory Corruption PoC (Simplified) Mozilla Firefox - (Simplified) Memory Corruption (PoC) Microsoft Windows - Win32k Pointer Dereferencement PoC (MS10-098) Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098) Elecard MPEG Player 5.7 - Local Buffer Overflow PoC (SEH) Elecard MPEG Player 5.7 - Local Buffer Overflow (PoC) (SEH) Microsoft Windows XP - WmiTraceMessageVa Integer Truncation PoC (MS11-011) Microsoft Windows XP - WmiTraceMessageVa Integer Truncation (PoC) (MS11-011) Real player 14.0.2.633 - Buffer Overflow / Denial of ServiceExploit Real player 14.0.2.633 - Buffer Overflow / Denial of Service IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - '.ICO' With Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - '.ICO' Without Transparent Colour Denial of Service / Remote Denial of Service Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel Denial of Service Microsoft Windows Vista/2008 - 'nsiproxy.sys' Local Kernel Denial of Service D-Link DSL-2650U - Denial of Service/PoC D-Link DSL-2650U - Denial of Service (PoC) Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun PoC (MS11-077) Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun (PoC) (MS11-077) Opera 11.52 - PoC Denial of Service Opera 11.52 - Denial of Service (PoC) Microsoft Win32k - Null Pointer De-reference PoC (MS11-077) Microsoft Win32k - Null Pointer De-reference (PoC) (MS11-077) Microsoft Windows - 'afd.sys' PoC (MS11-046) Microsoft Windows - 'afd.sys' (PoC) (MS11-046) Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (MS12-034) Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE (PoC) (MS12-034) Wyse - Machine Remote Power off (DOS) without any Privilege (Metasploit) Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit) Microsoft Windows Server 2000/NT 4.0 - TCP/IP Printing Service Denial of Service Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Crash PoC (Null Pointer Dereference) Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (PoC) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5) Microsoft Windows Server 2000/NT - Terminal Server Service RDP Denial of Service Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (1) Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (2) Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1) Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2) Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2) Microsoft PoCket Internet Explorer 3.0 - Denial of Service Microsoft Pocket Internet Explorer 3.0 - Denial of Service Microsoft Windows - HWND_BROADCAST PoC (MS13-005) Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005) Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash PoC Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash (PoC) Apple Safari 3 for Windows - Document.Location Denial of Service Apple Safari 3 for Windows - 'Document.Location' Denial of Service PotPlayer 1.5.42509 Beta - Denial of Service (Integer Division by Zero Exploit) PotPlayer 1.5.42509 Beta - Integer Division by Zero Denial of Service Apple Safari 3.0.x - for Windows Document.Location.Hash Buffer Overflow Apple Safari 3.0.x for Windows - 'Document.Location.Hash' Buffer Overflow Android Web Browser - GIF File Heap Based Buffer Overflow Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow Android Web Browser - BMP File Integer Overflow Google Android Web Browser - '.BMP' File Integer Overflow Gold MP4 Player 3.3 - Buffer Overflow PoC (SEH) Gold MP4 Player 3.3 - Buffer Overflow (PoC) (SEH) Microsoft Windows Server 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service Microsoft Windows Vista/2003 - 'UnhookWindowsHookEx' Local Denial of Service Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035) Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035) Microsoft Internet Explorer - Memory Corruption PoC (MS14-029) Microsoft Internet Explorer - Memory Corruption (PoC) (MS14-029) UniPDF 1.1 - Crash (PoC) (SEH) Brasero CD/DVD Burner 3.4.1 - '.m3u' Buffer Overflow Crash (PoC) Microsoft Windows - 'HTTP.sys' PoC (MS15-034) Microsoft Windows - 'HTTP.sys' (PoC) (MS15-034) UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC) Microsoft Internet Explorer 11 - Crash PoC (2) Microsoft Internet Explorer 11 - Crash (PoC) (2) Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow QNX RTOS 6.3.0 - Insecure rc.local Permissions Plus System Crash QNX RTOS 6.3.0 - Insecure 'rc.local' Permissions System Crash / Privilege Escalation Microsoft Windows - NtClose DeadLock PoC (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030) Microsoft Windows - NtClose DeadLock (PoC) (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation (PoC) (MS06-030) PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - zip:// URL Wrapper Buffer Overflow PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - 'zip://' URL Wrapper Buffer Overflow Apache Tomcat (Windows) - runtime.getRuntime().exec() Privilege Escalation Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Privilege Escalation Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow PoC (SEH) Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow (PoC) (SEH) Streaming Audio Player 0.9 - (skin) Local Stack Overflow (SEH) Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (SEH) Tuniac 090517c - '.m3u' Local File Crash (PoC) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (1) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (1) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3) Microsoft HTML Help Workshop 4.74 - '.hhp' Index Buffer Overflow (Metasploit) (3) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (2) Microsoft HTML Help Workshop 4.74 - '.hhp' Cotent Buffer Overflow (Metasploit) (2) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (2) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (2) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4) Microsoft HTML Help Workshop 4.74 - '.hhp' compiled Buffer Overflow (Metasploit) (4) Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (without egg-hunter) (Metasploit) Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without Egg-Hunter) (Metasploit) PHP 5.3.6 - Buffer Overflow PoC (ROP) PHP 5.3.6 - Buffer Overflow (ROP) (PoC) Microsoft Windows Server 2000/NT 4 - DLL Search Path Microsoft Windows NT 4/2000 - DLL Search Path Microsoft Windows Server 2000/NT 4 - NTFS File Hiding Microsoft Windows NT 4/2000 - NTFS File Hiding Microsoft Windows Server 2000/NT 4.0 - Process Handle Local Privilege Elevation Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (1) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (2) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (3) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (4) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (5) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (6) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (7) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (8) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8) Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (1) Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (2) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2) Microsoft Windows Server 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows Server 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_parameters' Argument Arbitrary File Creation Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit) Microsoft Windows Server 2003/2008/XP/Vista - WMI Service Isolation Privilege Escalation Microsoft Windows XP/Vista/2003/2008 - WMI Service Isolation Privilege Escalation Adobe Reader for Android - addJavascriptInterface Exploit (Metasploit) Adobe Reader for Android - 'addJavascriptInterface' Exploit (Metasploit) UniPDF 1.1 - Crash PoC (SEH overwritten) Brasero CD/DVD Burner 3.4.1 - 'm3u' Buffer Overflow Crash (PoC) UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass PoC (MS15-052) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052) Android - get_user/put_user Exploit (Metasploit) Google Android - get_user/put_user Exploit (Metasploit) Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#) Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#) Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (2) Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit) Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit) MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit) MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit) ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (1) Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (1) Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2) Ultr@VNC 1.0.1 - client Log::ReallyPrint Buffer Overflow Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow (Metasploit) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (1) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (1) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2) Microsoft Internet Explorer 7 - Arbitrary File Rewrite PoC (MS07-027) Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (1) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) ImageStation - 'SonyISUpload.cab 1.0.0.38' ActiveX Buffer Overflow ImageStation - 'SonyISUpload.cab' 1.0.0.38 ActiveX Buffer Overflow IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow Microsoft XML Core Services DTD - Cross-Domain Scripting PoC (MS08-069) Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption PoC (MS09-002) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002) Apple Mac OSX - Java applet Remote Deserialization Remote PoC (2) Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2) Microsoft Windows live messenger plus! fileserver 1.0 - Directory Traversal Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal JetAudio 7.5.3 COWON Media Center - '.wav' Crash DistCC Daemon - Command Execution (Metasploit) (1) DistCC Daemon - Command Execution (Metasploit) Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit) mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit) Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit) mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit) Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (1) Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) Veritas NetBackup - Remote Command Execution (Metasploit) (1) Veritas NetBackup - Remote Command Execution (Metasploit) Pegasus Mail Client 4.51 - PoC Buffer Overflow Pegasus Mail Client 4.51 - Buffer Overflow (PoC) Irix LPD tagprinter - Command Execution (Metasploit) (1) Irix LPD tagprinter - Command Execution (Metasploit) Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (1) Xtacacsd 4.1.2 - 'report()' Buffer Overflow (Metasploit) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (1) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) Tandberg E & EX & C Series Endpoints - Default Credentials for Root Account Tandberg E & EX & C Series Endpoints - Default Root Account Credentials Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (2) Veritas NetBackup - Remote Command Execution (Metasploit) (2) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (2) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (2) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (1) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (2) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (1) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (2) httpdx - tolog() Function Format String (Metasploit) (1) httpdx - 'tolog()' Function Format String (Metasploit) (1) Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1) Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) httpdx - tolog() Function Format String (Metasploit) (2) httpdx - 'tolog()' Function Format String (Metasploit) (2) Irix LPD tagprinter - Command Execution (Metasploit) (2) Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (2) DistCC Daemon - Command Execution (Metasploit) (2) HP Data Protector Client 6.11 - EXEC_SETUP Remote Code Execution PoC (ZDI-11-056) HP Data Protector Client 6.11 - EXEC_CMD Remote Code Execution PoC (ZDI-11-055) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC) Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (1) Mozilla Firefox 3.6.16 (Windows) - mChannel Use-After-Free (Metasploit) (1) Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit) Opera 10/11 - Bad Nesting with Frameset Tag Memory Corruption (Metasploit) Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (2) Mozilla Firefox 3.6.16 (OSX) - mChannel Use-After-Free (Metasploit) (2) HP SiteScope - Remote Code Execution (Metasploit) (1) HP SiteScope (Linux/Windows) - Remote Code Execution (Metasploit) Microsoft Windows Server 2000/NT 4/XP - Help Facility ActiveX Control Buffer Overflow Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow Microsoft Windows Server 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow thttpd 2.2x - defang Remote Buffer Overflow thttpd 2.2x - 'defang' Remote Buffer Overflow Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (2) Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit) Dovecot with Exim - sender_address Parameter Remote Command Execution Dovecot with Exim - 'sender_address' Parameter Remote Command Execution HP SiteScope - Remote Code Execution (Metasploit) (2) HP SiteScope (Windows) - Remote Code Execution (Metasploit) Western Digital Arkeia - Remote Code Execution (Metasploit) (1) Western Digital Arkeia < 10.0.10 - Remote Code Execution (Metasploit) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (2) Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (1) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) Western Digital Arkeia - Remote Code Execution (Metasploit) (2) Western Digital Arkeia < 11.0.12 - Remote Code Execution (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) E-Uploader Pro 1.0 - Image Upload with Code Execution E-Uploader Pro 1.0 - Image Upload / Code Execution ASPapp Knowledge Base - 'CatId' Parameter SQL Injection ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (1) ASPapp KnowledgeBase - 'catid' Parameter SQL Injection ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (2) ea-gBook 0.1 - Remote Command Execution with Remote File Inclusion (c99) ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion (c99) Flatchat 3.0 - 'pmscript.php with' Local File Inclusion Flatchat 3.0 - 'pmscript.php' Local File Inclusion Joomla! Component huruhelpdesk - SQL Injection Joomla! Component Huru Helpdesk - SQL Injection (1) PGAUTOPro - SQL Injection / Cross-Site Scripting PGAUTOPro - SQL Injection / Cross-Site Scripting (1) Joomla! Component Huru Helpdesk - SQL Injection Joomla! Component Huru Helpdesk - SQL Injection (2) SoftwareDEP Classified Script 2.5 - SQL Injection SoftwareDEP Classified Script 2.5 - SQL Injection (1) WordPress Plugin pay with tweet 1.1 - Multiple Vulnerabilities WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities Software DEP Classified Script 2.5 - SQL Injection SoftwareDEP Classified Script 2.5 - SQL Injection (2) Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (1) Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (2) Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1) Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2) OnlineArts DailyDose 1.1 - Denial of Servicee.pl Remote Command Execution OnlineArts DailyDose 1.1 - 'dose.pl' Remote Command Execution PHPOpenChat 2.3.4/3.0.1 - PoC_loginform.php phpbb_root_path Parameter Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - PoC.php Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php' phpbb_root_path Parameter Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion ActiveNews Manager - 'articleId' Parameter SQL Injection ActiveNews Manager - 'articleId' Parameter SQL Injection (1) Active News Manager - 'articleId' Parameter SQL Injection ActiveNews Manager - 'articleId' Parameter SQL Injection (2) Sagem Fast 3304-V2 - Authentication Bypass Sagem Fast 3304-V2 - Authentication Bypass (1) PG Auto Pro - SQL Injection / Cross-Site Scripting PGAUTOPro - SQL Injection / Cross-Site Scripting (2) Sagem FAST3304-V2 - Authentication Bypass Sagem FAST3304-V2 - Authentication Bypass (2) Trend Micro - Multiple HTTP Problems with CoreServiceShell.exe Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues phpATM 1.32 - Arbitrary File Upload / Remote Command Execution (Windows Servers) phpATM 1.32 (Windows) - Arbitrary File Upload / Remote Command Execution Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)	2017-04-02 05:01:18 +00:00
Offensive Security	52fd3d8a20	DB: 2017-04-01 2 new exploits Microsoft Windows Server 2003/XP - Samba Share Resource Exhaustion Exploit Microsoft Windows XP/2003 - Samba Share Resource Exhaustion Exploit Microsoft Windows Server 2000/XP - TCP Connection Reset Remote Attack Tool Microsoft Windows XP/2000 - TCP Connection Reset Remote Attack Tool Microsoft Windows Server 2003/XP - Remote Denial of Service Microsoft Windows XP/2003 - Remote Denial of Service Microsoft Windows Server 2003/XP - IPv6 Remote Denial of Service Microsoft Windows XP/2003 - IPv6 Remote Denial of Service Microsoft Windows Server 2003/XP - IGMP v3 Denial of Service (MS06-007) (1) Microsoft Windows XP/2003 - IGMP v3 Denial of Service (MS06-007) (1) Microsoft Windows Server 2003/XP - IGMP v3 Denial of Service (MS06-007) (2) Microsoft Windows XP/2003 - IGMP v3 Denial of Service (MS06-007) (2) Microsoft Windows Server 2000/2003/XP - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service Microsoft Windows Server 2000/2003/XP - 'win32k.sys' SfnINSTRING Local kernel Denial of Service Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service Microsoft Windows - cmd.exe Unicode Buffer Overflow (SEH) Microsoft Windows - 'cmd.exe' Unicode Buffer Overflow (SEH) Microsoft Windows Win32k!xxxRealDrawMenuItem() - Missing HBITMAP Bounds Checks Microsoft Windows - Win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks Microsoft Windows - (IcmpSendEcho2Ex Interrupting) Denial of Service Microsoft Windows - IcmpSendEcho2Ex Interrupting Denial of Service Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (1) Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (1) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (2) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (3) Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (2) Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (3) Microsoft Windows Server 2000/XP - GDI Denial of Service Microsoft Windows XP/2000 - GDI Denial of Service Microsoft Windows Help program - 'WinHlp32.exe' Crash (PoC) Microsoft Windows Help Program - 'WinHlp32.exe' Crash (PoC) Microsoft Windows Server 2000/2003/XP - Graphical Device Interface Library Denial of Service Microsoft Windows XP/2000/2003 - Graphical Device Interface Library Denial of Service Microsoft Windows Server 2000/XP - Internet Protocol Validation Remote Code Execution (1) Microsoft Windows XP/2000 - Internet Protocol Validation Remote Code Execution (1) Microsoft Windows Server 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051) Microsoft Windows XP/2000/2003 - MSDTC TIP Denial of Service (MS05-051) Microsoft Windows Server 2000/2003/XP - CreateRemoteThread Local Denial of Service Microsoft Windows XP/2000/2003 - CreateRemoteThread Local Denial of Service Microsoft Windows Server 2000/XP - Registry Access Local Denial of Service Microsoft Windows XP/2000 - Registry Access Local Denial of Service Microsoft Windows XP - cmd.exe Buffer Overflow Microsoft Windows XP - 'cmd.exe' Buffer Overflow Microsoft Windows Explorer - explorer.exe WMV File Handling Denial of Service Microsoft Windows Explorer - 'explorer.exe' .WMV File Handling Denial of Service Microsoft Windows Server 2003/XP - Explorer .WMF File Handling Denial of Service Microsoft Windows XP/2003 - Explorer .WMF File Handling Denial of Service Microsoft Windows Kernel 'win32k.sys' - Integer Overflow (MS13-101) Microsoft Windows Kernel - 'win32k.sys' Integer Overflow (MS13-101) Microsoft Windows Media Player 11 - AVI File Colorspace Conversion Remote Memory Corruption Microsoft Windows Media Player 11 - .AVI File Colorspace Conversion Remote Memory Corruption Microsoft Windows = devenum.dll!DeviceMoniker::Load() Heap Corruption Buffer Underflow (MS16-007) Microsoft Windows - devenum.dll!DeviceMoniker::Load() Heap Corruption Buffer Underflow (MS16-007) Microsoft Windows - (ListBox/ComboBox Control) Local Exploit (MS03-045) Microsoft Windows - ListBox/ComboBox Control Local Exploit (MS03-045) Microsoft Windows Server 2000/XP - Task Scheduler .job Exploit (MS04-022) Microsoft Windows Task Scheduler (Windows XP/2000) - '.job' Exploit (MS04-022) Microsoft Windows - (NtClose DeadLock) PoC (MS06-030) Microsoft Windows Server 2000/XP - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030) Microsoft Windows - NtClose DeadLock PoC (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030) Microsoft Windows Server 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (1) Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (1) Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (1) Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (1) Adobe - 'Collab.getIcon()' Buffer Overflow (Metasploit) (1) Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (2) Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (2) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (2) Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (2) Adobe - 'Collab.getIcon()' Buffer Overflow (Metasploit) (2) Microsoft Windows Server 2003/XP - 'afd.sys' Privilege Escalation (MS11-080) Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4 / Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 - Screensaver Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4 / NT 3.5.1/SP1/SP2/SP3/SP4/SP5 - Screensaver Microsoft Windows Server 2000/2003/XP - Keyboard Event Privilege Escalation Microsoft Windows XP/2000/2003 - Keyboard Event Privilege Escalation Microsoft Windows Server 2003/XP - ReadDirectoryChangesW Information Disclosure Microsoft Windows XP/2003 - ReadDirectoryChangesW Information Disclosure Microsoft Windows Server 2003/XP - RPCSS Service Isolation Privilege Escalation Microsoft Windows XP/2003 - RPCSS Service Isolation Privilege Escalation Microsoft Windows Server 2000/2003/XP - Desktop Wall Paper System Parameter Privilege Escalation Microsoft Windows XP/2000/2003 - Desktop Wall Paper System Parameter Privilege Escalation Microsoft Windows Server 2000/2003/XP/Vista - Double-Free Memory Corruption Privilege Escalation Microsoft Windows XP/Vista/2000/2003 - Double-Free Memory Corruption Privilege Escalation KiTTY Portable 0.65.0.2p (Windows 8.1 / Windows 10) - Local kitty.ini Overflow KiTTY Portable 0.65.0.2p (Windows 8.1/10) - Local kitty.ini Overflow Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (2) Microsoft Windows Server 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026) Microsoft Windows XP/2000 - 'RPC DCOM' Remote Exploit (MS03-026) Microsoft Windows Server 2000/XP - RPC Remote (Non Exec Memory) Exploit Microsoft Windows Server 2000/XP - Workstation Service Overflow (MS03-049) Microsoft Windows XP/2000 - RPC Remote (Non Exec Memory) Exploit Microsoft Windows XP/2000 - Workstation Service Overflow (MS03-049) Microsoft Windows Messenger Service - Remote Exploit FR (MS03-043) Microsoft Windows Messenger Service (French) - Remote Exploit (MS03-043) Microsoft Windows Server 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011) Microsoft Windows XP/2000 - 'Lsasrv.dll' Remote Universal Exploit (MS04-011) Microsoft Windows Server 2003/XP - Metafile Escape() Code Execution (Metasploit) Microsoft Windows XP/2003 - Metafile Escape() Code Execution (Metasploit) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3) Apple QuickTime 7.2/7.3 (Windows Vista / Windows XP) - RSTP Response Code Execution Apple QuickTime 7.2/7.3 (Windows Vista/XP) - RSTP Response Code Execution Microsoft Windows Server 2003/XP/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit) Microsoft Windows XP/Vista/2003 - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit) Microsoft IIS4 (Windows NT) - Remote Web-Based Administration Microsoft IIS4 (Windows NT) - Log Avoidance Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration Microsoft IIS 4 (Windows NT) - Log Avoidance Microsoft IIS (Windows NT 4.0/SP1/SP2/SP3/SP4/SP5) - IIS IDC Path Mapping Microsoft IIS (Windows NT 4.0/SP1/SP2/SP3/SP4/SP5) - '.IDC' Path Mapping Microsoft Internet Explorer 4 (Windows 95/Windows NT 4) - Setupctl ActiveX Control Buffer Overflow Microsoft Internet Explorer 4 (Windows 95/NT 4) - Setupctl ActiveX Control Buffer Overflow Microsoft Windows Server 2000 - telnet.exe NTLM Authentication Microsoft Windows Server 2000 - 'telnet.exe' NTLM Authentication Microsoft Windows Server 2000/2003/XP - winhlp32 Phrase Integer Overflow Microsoft Windows Server 2000/2003/XP - winhlp32 Phrase Heap Overflow Microsoft Windows XP/2000/2003 -'winhlp32' Phrase Integer Overflow Microsoft Windows XP/2000/2003 - 'winhlp32' Phrase Heap Overflow Microsoft Windows Server 2000/XP - Internet Protocol Validation Remote Code Execution (2) Microsoft Windows XP/2000 - Internet Protocol Validation Remote Code Execution (2) Microsoft Windows Explorer 2000/2003/XP - Drag and Drop Remote Code Execution Microsoft Windows XP/2000/2003 - Explorer Drag and Drop Remote Code Execution Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (1) Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Buffer Overflow Windows XP/Vista/Windows 7 - JITed egg-hunter stage-0 Shellcode Adjusted universal Windows XP/Vista/7 - JITed egg-hunter stage-0 Shellcode Adjusted Universal Dosya Yukle Scrtipi 1.0 - Arbitrary File Upload Dosya Yukle Scrtipi (DosyaYukle Scripti) 1.0 - Arbitrary File Upload DosyaYukle Scripti 1.0 - Arbitrary File Upload Splunk Enterprise - Information Disclosure Membership Formula - 'order' Parameter SQL Injection	2017-04-01 05:01:15 +00:00
Offensive Security	6d17bc529d	DB: 2017-03-31 4 new exploits dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow (PoC) dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow (PoC) Spider Solitaire - Denial of Service (PoC) Spider Solitaire - Denial of Service (PoC) Baby FTP Server 1.24 - Denial of Service Baby FTP Server 1.24 - Denial of Service (1) Baby FTP server 1.24 - Denial of Service Baby FTP server 1.24 - Denial of Service (2) Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Evostream Media Server 1.7.1 (x64) - Denial of Service Evostream Media Server 1.7.1 (x64) - Denial of Service Cerberus FTP Server 8.0.10.1 - Denial of Service Cerberus FTP Server 8.0.10.1 - Denial of Service Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Solaris 10 sysinfo() - Local Kernel Memory Disclosure Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1) Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC) Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC) Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008) Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008) Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2) Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (1) Forticlient 5.2.3 Windows 10 x64 (Pre Anniversary) - Privilege Escalation Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Privilege Escalation Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (2) Yahoo! Music Jukebox 2.2 - AddImage() ActiveX Remote Buffer Overflow (1) Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (1) dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (1) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1) Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2) Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2) D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (2) D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit) D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (1) D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit) Azure Data Expert Ultimate 2.2.16 - Buffer Overflow Azure Data Expert Ultimate 2.2.16 - Buffer Overflow Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) Article Script 1.6.3 - 'rss.php' SQL Injection (1) Article Script 1.6.3 - 'rss.php' SQL Injection DBHcms 1.1.4 - Remote File Inclusion DBHcms 1.1.4 - 'code' Remote File Inclusion LaserNet CMS 1.5 - SQL Injection (2) LaserNet CMS 1.5 - SQL Injection Clever Copy 3.0 - 'postview.php' SQL Injection (1) Clever Copy 3.0 - 'postview.php' SQL Injection phpAuction - 'profile.php' SQL Injection phpAuction - 'profile.php' SQL Injection (1) Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (1) Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (2) Matterdaddy Market 1.1 - Multiple SQL Injections (1) Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections PHPWebGallery 1.3.4 - Blind SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection (1) PHPWebGallery 1.3.4 - Blind SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection (2) Zeeways Shaadi Clone 2.0 - Authentication Bypass Zeeways Shaadi Clone 2.0 - Authentication Bypass (1) Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1) DBHcms 1.1.4 - Remote File Inclusion DBHcms 1.1.4 - 'dbhcms_core_dir' Remote File Inclusion E-book Store - Multiple Vulnerabilities (1) Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1) E-book Store - Multiple Vulnerabilities (2) E-book Store - Multiple Vulnerabilities Classifieds Script - SQL Injection Classifieds Script - 'rate' SQL Injection Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (2) DBHcms 1.1.4 - SQL Injection DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection LaserNet CMS 1.5 - SQL Injection (1) Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (2) Article Script 1.6.3 - 'rss.php' SQL Injection (2) Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (1) Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (1) LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (2) Fonality trixbox 2.4.2 - Cross-Site Scripting Fonality trixbox 2.4.2 - Cross-Site Scripting (1) Fonality trixbox 2.4.2 - Cross-Site Scripting (2) Clever Copy 3.0 - 'postview.php' SQL Injection (2) phpAuction - 'profile.php' SQL Injection phpAuction - 'profile.php' SQL Injection (2) Zeeways Shaadi Clone 2.0 - Authentication Bypass Zeeways Shaadi Clone 2.0 - Authentication Bypass (2) DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2) Matterdaddy Market 1.1 - Multiple SQL Injections (2) Matterdaddy Market 1.1 - 'cat_name' Multiple SQL Injections WordPress Plugin WP Private Messages 1.0.1 - SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1) Huawei Flybox B660 - Cross-Site Request Forgery Huawei Flybox B660 - Cross-Site Request Forgery (1) Huawei Flybox B660 - Cross-Site Request Forgery Huawei Flybox B660 - Cross-Site Request Forgery (2) Classifieds Script - SQL Injection Classifieds Script - 'term' SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)	2017-03-31 05:01:16 +00:00
Offensive Security	1f8c35c0c0	DB: 2017-03-28 25 new exploits Samba < 3.6.2 (x86) - Denial of Serviec (PoC) Samba < 3.6.2 (x86) - Denial of Service (PoC) Microsoft Visual Studio 2015 update 3 - Denial of Service Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow Apple Safari - 'DateTimeFormat.format' Type Confusion Apple Safari - Builtin JavaScript Allows Function.caller to be Used in Strict Mode Apple Safari - Out-of-Bounds Read when Calling Bound Function QNAP QTS < 4.2.4 - Domain Privilege Escalation Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory Github Enterprise - Default Session Secret And Deserialization (Metasploit) B2B Alibaba Clone Script - SQL Injection B2B Alibaba Clone Script - 'IndustryID' Parameter SQL Injection Just Another Video Script 1.4.3 - SQL Injection Adult Tube Video Script - SQL Injection Alibaba Clone Script - SQL Injection B2B Marketplace Script 2.0 - SQL Injection Php Real Estate Property Script - SQL Injection Courier Tracking Software 6.0 - SQL Injection Parcel Delivery Booking Script 1.0 - SQL Injection Delux Same Day Delivery Script 1.0 - SQL Injection Hotel Booking Script 1.0 - SQL Injection Tour Package Booking 1.0 - SQL Injection Professional Bus Booking Script - 'hid_Busid' Parameter SQL Injection CouponPHP CMS 3.1 - 'code' Parameter SQL Injection EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution (Metasploit) inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation	2017-03-28 05:01:16 +00:00
Offensive Security	3ad96f313d	DB: 2017-03-24 39 new exploits Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit) Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection (Metasploit) Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit) Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) (Metasploit) EMC Replication Manager < 5.3 - Command Execution (Metasploit) MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit) Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070) (Metasploit) CA Arcserve D2D - GWT RPC Credential Information Disclosure (Metasploit) Lenovo System Update - Privilege Escalation (Metasploit) Firebird - Relational Database CNCT Group Number Buffer Overflow (Metasploit) HP Intelligent Management Center < 5.0 E0102 - UAM Buffer Overflow (Metasploit) VMware Host Guest Client Redirector - DLL Side Loading (Metasploit) CADA 3S CoDeSys Gateway Server - Directory Traversal (Metasploit) MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit) SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit) Ceragon FibeAir IP-10 - SSH Private Key Exposure (Metasploit) ExaGrid - Known SSH Key and Default Password (Metasploit) GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit) Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit) Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) SSH - User Code Execution (Metasploit) Redmine SCM Repository - Arbitrary Command Execution (Metasploit) Linux/x86 - Bind Shell Shellcode (42 bytes) Linux/x86 - Bind Shell Shellcode (44 bytes) Joomla! Component Modern Booking 1.0 - 'coupon' Parameter SQL Injection Flippa Clone - SQL Injection Centreon < 2.5.1 / Centreon Enterprise Server < 2.2 - SQL Injection / Command Injection (Metasploit) D-Link/TRENDnet - NCC Service Command Injection (Metasploit) Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit) MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit) OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'license.php' Remote Command Execution (Metasploit) OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'welcome' Remote Command Execution (Metasploit) PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit) SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit) WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - Unauthenticated File Upload (Metasploit) SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit) WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit) Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)	2017-03-24 05:01:16 +00:00
Offensive Security	8b5b662af9	DB: 2017-03-23 8 new exploits SpyCamLizard 1.230 - Denial of Service APNGDis 2.8 - 'chunk size descriptor' Heap Buffer Overflow APNGDis 2.8 - 'image width / height chunk' Heap Buffer Overflow APNGDis 2.8 - 'filename' Stack Buffer Overflow Disk Sorter Enterprise 9.5.12 - 'GET' Buffer Overflow (SEH) SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit) GLink Word Link Script 1.2.3 - SQL Injection Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities	2017-03-23 05:01:16 +00:00
Offensive Security	07432556e0	DB: 2017-03-21 26 new exploits FTPShell Client 6.53 - Local Buffer Overflow FTPShell Client 6.53 - 'Session name' Local Buffer Overflow FTPShell Server 6.56 - 'ChangePassword' Buffer Overflow ExtraPuTTY 0.29-RC2 - Denial of Service Google Nest Cam 5.2.1  - Buffer Overflow Conditions Over Bluetooth LE Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017) Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011) Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - Uniscribe Font Processing Buffer Overflow in 'USP10!FillAlternatesList' (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011) Microsoft GDI+ - 'gdiplus!GetRECTSForPlayback' Out-of-Bounds Read (MS17-013) Microsoft Color Management Module 'icm32.dll' - 'icm32!Fill_ushort_ELUTs_from_lut16Tag' Out-of-Bounds Read (MS17-013) Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) Microsoft Color Management Module 'icm32.dll' - 'icm32!LHCalc3toX_Di16_Do16_Lut8_G32' Out-of-Bounds Read (MS17-013) Mozilla Firefox - 'table' Use-After-Free Microsoft Internet Explorer - 'textarea.defaultValue' Memory Disclosure (MS17-006) HttpServer 1.0 - Directory Traversal Cobbler 2.8.0 - Authenticated Remote Code Execution Joomla! Component JooCart 2.x - 'product_id' Parameter SQL Injection Joomla! Component jCart for OpenCart 2.0 - 'product_id' Parameter SQL Injection phplist 3.2.6 - SQL Injection D-Link DGS-1510 - Multiple Vulnerabilities	2017-03-21 05:01:17 +00:00
Offensive Security	66117c63f5	DB: 2017-03-16 16 new exploits Adobe Flash - Metadata Parsing Out-of-Bounds Read Adobe Flash - MovieClip Attach init Object Use-After-Free Adobe Flash - ATF Thumbnailing Heap Overflow Adobe Flash - ATF Planar Decompression Heap Overflow Adobe Flash - AVC Header Slicing Heap Overflow Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow USBPcap - Privilege Escalation USBPcap 1.1.0.0 (WireShark 2.2.5) - Privilege Escalation PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012) Cisco Firepower Management Console 6.0 - Post Authentication UserAdd Cisco Firepower Management Console 6.0 - Post Authentication UserAdd (Metasploit) IBM WebSphere - RCE Java Deserialization (Metasploit) Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit) Joomla! Component Vik Appointments 1.5 - SQL Injection Joomla! Component Vik Rent Items 1.3 - SQL Injection Joomla! Component Vik Rent Car 1.11 - SQL Injection GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution Steam Profile Integration 2.0.11 - SQL injection Sitecore CMS 8.1 Update-3 - Cross-Site Scripting	2017-03-16 05:01:20 +00:00
Offensive Security	06a7933be4	DB: 2017-03-09 8 new exploits USBPcap - Privilege Escalation Linux - Reverse Shell Shellcode (66 bytes) Linux - Reverse Shell Shellcode (65 bytes) Themeforest Clone Script - SQL Injection Graphicriver Clone Script - SQL Injection Codecanyon Clone Script - SQL Injection Audiojungle Clone Script - SQL Injection Videohive Clone Script - SQL Injection Envato Clone Script - SQL Injection Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery	2017-03-09 05:01:19 +00:00
Offensive Security	026ded7298	DB: 2017-02-28 12 new exploits MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit) Windows x86 - Executable Directory Search Shellcode (130 bytes) Linux/x86_64 - Random Listener Shellcode (54 bytes) NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution Joomla! Component Gnosis 1.1.2 - 'id' Parameter SQL Injection Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit) Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection Joomla! Component My MSG 3.2.1 - SQL Injection Joomla! Component Spinner 360 1.3.0 - SQL Injection Joomla! Component JomSocial - SQL Injection Grails PDF Plugin 0.6 - XML External Entity Injection Joomla! Component OneVote! 1.0 - SQL Injection	2017-02-28 05:01:17 +00:00
Offensive Security	438afbcaf8	DB: 2017-02-25 12 new exploits Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion Joomla! Component JooDatabase 3.1.0 - SQL Injection Joomla! Component JO Facebook Gallery 4.5 - SQL Injection Joomla! Component AJAX Search for K2 2.2 - SQL Injection Joomla! Component Community Surveys 4.3 - SQL Injection Joomla! Component Community Polls 4.5.0 - SQL Injection Apple WebKit 10.0.2 - 'FrameLoader::clear' Universal Cross-Site Scripting Joomla! Component GPS Tools 4.0.1 - SQL Injection Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass Joomla! Component Community Quiz 4.3.5 - SQL Injection Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting memcache-viewer - Cross-Site Scripting	2017-02-25 05:01:19 +00:00
Offensive Security	c7c1c7d92e	DB: 2017-02-23 13 new exploits EasyCom For PHP 4.0.0 - Buffer Overflow (PoC) EasyCom For PHP 4.0.0 - Denial of Service Google Chrome - 'layout' Out-of-Bounds Read Shutter 0.93.1 - Code Execution DiskSavvy Enterprise - GET Buffer Overflow (Metasploit) Disk Savvy Enterprise - GET Buffer Overflow (Metasploit) Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH) Joomla! Component ContentMap 1.3.8 - 'contentid' Parameter SQL Injection Joomla! Component VehicleManager 3.9 - SQL Injection Joomla! Component RealEstateManager 3.9 - SQL Injection Joomla! Component BookLibrary 3.6.1 - SQL Injection Joomla! Component MediaLibrary Basic 3.5 - SQL Injection Lock Photos Album&Videos Safe 4.3 - Directory Traversal ProjectSend r754 - Insecure Direct Object Reference Teradici Management Console 2.2.0 - Privilege Escalation	2017-02-23 05:01:18 +00:00
Offensive Security	ad7bd81657	DB: 2017-02-22 21 new exploits Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption Microsoft Office PowerPoint 2010 - MSO/OART Heap Out-of-Bounds Access Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check Adobe Flash - MP4 AMF Parsing Overflow Adobe Flash - SWF Stack Corruption Adobe Flash - Use-After-Free in Applying Bitmap Filter Adobe Flash - YUVPlane Decoding Heap Overflow DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery Joomla! Component J-HotelPortal 6.0.2 - 'review_id' Parameter SQL Injection Joomla! Component J-CruiseReservation Standard 3.0 - 'city' Parameter SQL Injection Joomla! Component Eventix Events Calendar 1.0 - SQL Injection Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' Parameter SQL Injection Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection Joomla! Component Magic Deals Web 1.2.0 - SQL Injection Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit) Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit) Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metasploit) Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit) AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit)	2017-02-22 05:01:19 +00:00
Offensive Security	dcc7720ad6	DB: 2017-02-11 18 new exploits Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection (Metasploit) F5 BIG-IP SSL Virtual Server - Memory Disclosure CMS Lite 1.3.1 - SQL Injection Tiger Post 3.0.1 - SQL Injection Gram Post 1.0 - SQL Injection Youtube Analytics Multi Channel 3.0 - SQL Injection Collabo - Arbitrary File Download Takas Classified 1.1 - SQL Injection Zigaform - SQL Injection Multilanguage Estate Agency Pro 1.2 - SQL Injection QWIKIA 1.1.1 - SQL Injection Automated Job Portal Script - SQL Injection CLUB-8 EMS - SQL Injection Uploadr - SQL Injection CodePaul ClipMass - SQL Injection Video Subscription - SQL Injection D-link DIR-600M - Cross-Site Request Forgery HotelCMS with Booking Engine - SQL Injection	2017-02-11 05:01:16 +00:00
Offensive Security	893d590404	DB: 2017-02-02 12 new exploits PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow PHP 5.2.0 (Windows x86) - 'PHP_win32sti' Local Buffer Overflow Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1) PHP 5.3.0 - getopt() Denial of Service PHP 5.3.0 - 'getopt()' Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2) PHP 4.3.x/5.0 - openlog() Buffer Overflow PHP 4.3.x/5.0 - 'openlog()' Buffer Overflow Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Apple WebKit - 'HTMLFormElement::reset()' Use-After Free Google Chrome - 'HTMLKeygenElement::shadowSelect()' Type Confusion Apple WebKit - 'HTMLKeygenElement' Type Confusion Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled Google Android - RKP Information Disclosure via s2-remapping Physical Ranges QNAP NVR/NAS - Buffer Overflow Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV < 1.4.1 Privilege Escalation (1) Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) UDEV < 1.4.1 - Privilege Escalation (1) Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) - UDEV < 141 Privilege Escalation (2) Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) UDEV < 1.4.1 - Privilege Escalation (2) PHP 5.2.9 (Windows x86) - Local Safemod Bypass Exploit PHP 5.2.9 (Windows x86) - Local Safemod Bypass Linux udev - Netlink Privilege Escalation (Metasploit) Linux Kernel UDEV < 1.4.1 - Netlink Privilege Escalation (Metasploit) Google Android - RKP EL1 Code Loading Bypass Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Syntax Desktop 2.7 - (synTarget) Local File Inclusion Syntax Desktop 2.7 - 'synTarget' Parameter Local File Inclusion Joomla! Component JTAG Calendar 6.2.4 - 'search' Parameter SQL Injection LogoStore - 'query' Parameter SQL Injection	2017-02-02 05:01:18 +00:00
Offensive Security	bf6526a40b	DB: 2017-01-31 39 new exploits OpenSSL 1.1.0 - Remote Client Denial of Service CDRTools CDRecord 2.0 - Mandrake Privilege Escalation CDRTools CDRecord 2.0 (Mandrake / Slackware) - Privilege Escalation RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation BitchX 1.0c19 - Privilege Escalation (suid?) Apache 1.3.31 (mod_include) - Local Buffer Overflow BitchX 1.0c19 - Privilege Escalation Apache 1.3.31 mod_include - Local Buffer Overflow AIX 4.3/5.1 < 5.3 - lsmcode Command Execution Privilege Escalation AIX 4.3/5.1 < 5.3 - 'lsmcode' Command Execution Privilege Escalation Debian 2.2 - /usr/bin/pileup Privilege Escalation Debian 2.2 /usr/bin/pileup - Privilege Escalation Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow IBM AIX 5.3 sp6 - ftp gets() Privilege Escalation IBM AIX 5.3 SP6 - FTP gets() Privilege Escalation IBM AIX 5.3.0 - setlocale() Privilege Escalation IBM AIX 5.3.0 - 'setlocale()' Privilege Escalation FreeBSD 6x/7 - protosw kernel Local Privilege Escalation Exploit FreeBSD 6x/7 protosw Kernel - Privilege Escalation PHP 5.2.9 (Windows x86) - Local Safemod Bypass Exploit HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - xattr Privilege Escalation (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit) Linux Kernel 4.6.3 (x86) - 'Netfilter' Privilege Escalation (Metasploit) FreeBSD 6.4 - Netgraph Local Privilege Escalation Exploit FreeBSD 6.4 - Netgraph Privilege Escalation PHP 5.4.3 (Windows x86 Polish) - Code Execution Apache (Mod_Auth_OpenID) - Session Stealing Apache Mod_Auth_OpenID - Session Stealing cPanel 5.0 - Openwebmail Privilege Escalation cPanel 5.0 - 'Openwebmail' Privilege Escalation Apache 2.0.4x (mod_php) - File Descriptor Leakage (1) Apache 2.0.4x (mod_php) - File Descriptor Leakage (2) Apache 2.0.4x mod_php - File Descriptor Leakage (1) Apache 2.0.4x mod_php - File Descriptor Leakage (2) Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3) Apache 2.0.4x mod_perl - File Descriptor Leakage (3) cPanel 5-9 - Privilege Escalation cPanel 5 < 9 - Privilege Escalation Apache 1.3.x (mod_include) - Local Buffer Overflow Apache 1.3.x mod_include - Local Buffer Overflow IBM AIX 5.x - Diag Privilege Escalation Vulnerabilities IBM AIX 5.x - 'Diag' Privilege Escalation Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation Nginx (Debian-Based Distros + Gentoo) - 'logrotate' Privilege Escalation Amanda 3.3.1 - amstar Command Injection Privilege Escalation Amanda 3.3.1 - 'amstar' Command Injection Privilege Escalation Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1) Deepin Linux 15 - lastore-daemon Privilege Escalation Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1) Deepin Linux 15 - 'lastore-daemon' Privilege Escalation Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032) Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Privilege Escalation Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit) Allwinner 3.4 Legacy Kernel - Privilege Escalation (Metasploit) Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062) MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('mysql' System User) Privilege Escalation / Race Condition MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' Privilege Escalation MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('root' System User) Privilege Escalation Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit) Linux Kernel 4.4 (Ubuntu 16.04) - 'BPF' Privilege Escalation (Metasploit) Apache CouchDB 2.0.0 - Local Privilege Escalation Apache CouchDB 2.0.0 - Privilege Escalation Vesta Control Panel 0.9.8-16 - Local Privilege Escalation Vesta Control Panel 0.9.8-16 - Privilege Escalation Systemd 228 - Privilege Escalation (PoC) Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Privilege Escalation (PoC) Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Privilege Escalation (PoC) Apache 1.3.x (mod_mylo) - Remote Code Execution Apache 1.3.x mod_mylo - Remote Code Execution Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure Apache 1.3.x < 2.0.48 mod_userdir - Remote Users Disclosure Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit Veritas NetBackup 6.0 (Windows x86) - (bpjava-msvc) Remote Exploit Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow 3proxy 0.5.3g (Windows x86) - proxy.c logurl() Remote Buffer Overflow Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow Apache 2.0.58 mod_rewrite (Windows 2003) - Remote Overflow Apache Tomcat Connector (mod_jk) - Remote Exploit (exec-shield) Apache Tomcat Connector mod_jk - 'exec-shield' Remote Exploit 3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl) SapLPD 6.28 (Windows x86) - Remote Buffer Overflow Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow Apache Tomcat Connector jk2-2.0.2 (mod_jk2) - Remote Overflow Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting Apache mod_perl - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit Apache (mod_proxy) - Reverse Proxy Exposure (PoC) Apache mod_proxy - Reverse Proxy Exposure (PoC) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass Apache (mod_wsgi) - Information Disclosure Apache mod_wsgi - Information Disclosure Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution Exploit Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution phpGraphy 0.9.12 - Privilege Escalation / Commands Execution Exploit phpGraphy 0.9.12 - Privilege Escalation / Commands Execution PEAR 1.9.0 - Multiple Remote File Inclusion PHP PEAR 1.9.0 - Multiple Remote File Inclusion Pear HTTP_Upload 1.0.0b3 - Arbitrary File Upload PHP PEAR HTTP_Upload 1.0.0b3 - Arbitrary File Upload Radisys MRF - Command Injection PHP PEAR 1.10.1 - Arbitrary File Download Caregiver Script 2.57 - SQL Injection Auction Script 6.49 - SQL Injection Itech B2B Script 4.28 - SQL Injection Itech Classifieds Script 7.27 - 'scat' Parameter SQL Injection Itech Dating Script 3.26 - SQL Injection Itech Freelancer Script 5.13 - SQL Injection Itech Multi Vendor Script 6.49 - SQL Injection Itech News Portal Script 6.28 - SQL Injection Itech Real Estate Script 3.12 - SQL Injection PHP Product Designer Script - Arbitrary File Upload PHP Logo Designer Script - Arbitrary File Upload Video Sharing Script 4.94 - SQL Injection HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download Itech Classifieds Script 7.27 - 'pid' Parameter SQL Injection Itech Dating Script 3.26 - 'send_gift.php' SQL Injection Itech Real Estate Script 3.12 - 'id' Parameter SQL Injection	2017-01-31 05:01:15 +00:00
Offensive Security	d0b74905e8	DB: 2017-01-27 17 new exploits Google Android - 'pm_qos' KASLR Bypass macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free Systemd 228 - Privilege Escalation (PoC) OpenSSH 6.8 < 6.9 - 'PTY' Privilege Escalation Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference Denial of Service Haraka < 2.8.9 - Remote Command Execution Linux/x86_64 - execve /bin/sh Shellcode (22 bytes) Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (1) Drupal 7.0 < 7.31 - SQL Injection (1) Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (2) Drupal 7.0 < 7.31 - SQL Injection (2) Pear HTTP_Upload 1.0.0b3 - Arbitrary File Upload KB Affiliate Referral Script 1.0 - Authentication Bypass KB Login Authentication Script 1.1 - Authentication Bypass KB Messages PHP Script 1.0 - Authentication Bypass Web Based TimeSheet Script - Authentication Bypass TM RG4332 Wireless Router - Arbitrary File Disclosure PHPBack < 1.3.1 - SQL Injection / Cross-Site Scripting Polycom VVX Web Interface - Change Admin Password	2017-01-27 05:01:17 +00:00
Offensive Security	5c20fdffaa	DB: 2017-01-24 2 new exploits MediaMonkey 3.2.4.1304 - (mp3) Buffer Overflow (PoC) MediaMonkey 3.2.4.1304 - 'mp3' Buffer Overflow (PoC) Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service DiskSavvy Enterprise - GET Buffer Overflow (Metasploit) OwnRS Blog 1.2 - (autor.php) SQL Injection OwnRS Blog 1.2 - 'autor.php' SQL Injection Mambo Component 'com_sim' 0.8 - Blind SQL Injection Mambo Component com_sim 0.8 - Blind SQL Injection Flax Article Manager 1.1 - 'cat_id' SQL Injection OpenGoo 1.1 - (script_class) Local File Inclusion EPOLL SYSTEM 3.1 - (Password.dat) Disclosure Flax Article Manager 1.1 - 'cat_id' Parameter SQL Injection OpenGoo 1.1 - Local File Inclusion EPOLL SYSTEM 3.1 - 'Password.dat' Disclosure ITLPoll 2.7 Stable2 - (index.php id) Blind SQL Injection ITLPoll 2.7 Stable2 - Blind SQL Injection Script Toko Online 5.01 - (shop_display_products.php) SQL Injection Script Toko Online 5.01 - SQL Injection Wazzum Dating Software - (userid) SQL Injection Wazzum Dating Software - 'userid' Parameter SQL Injection SiteXS 0.1.1 - (type) Local File Inclusion SiteXS CMS 0.1.1 - Local File Inclusion Joomla! Component com_flashmagazinedeluxe - (mag_id) SQL Injection OpenX 2.6.3 - (MAX_type) Local File Inclusion Joomla! Component ElearningForce Flash Magazine Deluxe - SQL Injection OpenX 2.6.3 - 'MAX_type' Parameter Local File Inclusion Community CMS 0.4 - (/index.php id) Blind SQL Injection Community CMS 0.4 - 'id' Parameter Blind SQL Injection	2017-01-24 05:01:17 +00:00
Offensive Security	3617e005f6	DB: 2017-01-12 16 new exploits VMware 2.5.1 - (VMware-authd) Remote Denial of Service VMware 2.5.1 - 'VMware-authd' Remote Denial of Service Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (2) Boxoft Wav 1.0 - Buffer Overflow VideoLAN VLC Media Player 2.2.1 - 'DecodeAdpcmImaQT' Buffer Overflow EleCard MPEG PLAYER - '.m3u' Local Stack Overflow Elecard MPEG Player - '.m3u' Local Stack Overflow Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1) Boxoft WAV to MP3 Converter - convert Feature Buffer Overflow Boxoft WAV to MP3 Converter - 'convert' Buffer Overflow Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2) Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout) Firejail - Privilege Escalation McAfee Virus Scan Enterprise for Linux - Remote Code Execution McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution Ansible 2.1.4 / 2.2.1 - Command Execution Eggblog < 3.07 - Remote SQL Injection / Privilege Escalation EggBlog < 3.07 - Remote SQL Injection / Privilege Escalation PowerClan 1.14a - (footer.inc.php) Remote File Inclusion PowerClan 1.14a - 'footer.inc.php' Remote File Inclusion Eggblog 3.1.0 - Cookies SQL Injection EggBlog 3.1.0 - Cookies SQL Injection eggBlog 4.0 - SQL Injection EggBlog 4.0 - SQL Injection 2Capsule - 'sticker.php id' SQL Injection 2Capsule - SQL Injection ASPThai.Net WebBoard 6.0 - (bview.asp) SQL Injection ASPThai.Net WebBoard 6.0 - SQL Injection Memberkit 1.0 - Remote Arbitrary .PHP File Upload phpScribe 0.9 - (user.cfg) Remote Config Disclosure Memberkit 1.0 - Arbitrary File Upload phpScribe 0.9 - 'user.cfg' Remote Config Disclosure PowerClan 1.14a - (Authentication Bypass) SQL Injection PowerClan 1.14a - Authentication Bypass Webspell 4 - (Authentication Bypass) SQL Injection webSPELL 4 - Authentication Bypass eggBlog 4.1.1 - Local Directory Traversal EggBlog 4.1.1 - Local Directory Traversal Travel Portal Script Admin Password Change - Cross-Site Request Forgery Travel Portal Script - Cross-Site Request Forgery (Admin Password Change) eggBlog 4.1.2 - Arbitrary File Upload EggBlog 4.1.2 - Arbitrary File Upload Eggblog 2.0 - blog.php id Parameter SQL Injection Eggblog 2.0 - topic.php message Parameter Cross-Site Scripting EggBlog 2.0 - 'id' Parameter SQL Injection EggBlog 2.0 - 'message' Parameter Cross-Site Scripting PowerClan 1.14 - member.php SQL Injection PowerClan 1.14 - 'member.php' SQL Injection SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'featured_photos.php' SQL Injection SoftBizScripts Dating Script 1.0 - 'products.php' SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' SQL Injection SoftBizScripts Dating Script 1.0 - 'news_desc.php' SQL Injection Dating Script 3.25 - SQL Injection Starting Page 1.3 - SQL Injection Starting Page 1.3 - 'linkid' Parameter SQL Injection Starting Page 1.3 - 'category' Parameter SQL Injection My link trader 1.1 - 'id' Parameter SQL Injection Blackboard LMS 9.1 SP14 - Cross-Site Scripting Huawei Flybox B660 - Cross-Site Request Forgery Travel Portal Script 9.33 - SQL Injection Movie Portal Script 7.35 - SQL Injection	2017-01-12 05:01:16 +00:00
Offensive Security	a1c336773a	DB: 2017-01-09 3 new exploits Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing Advanced Desktop Locker 6.0.0 - Lock Screen Bypass DirectAdmin 1.28/1.29 - CMD_SHOW_RESELLER user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_SHOW_USER user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_TICKET_CREATE TYPE Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_EMAIL_FORWARDER_MODIFY user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_TICKET type Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_EMAIL_VACATION_MODIFY user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_EMAIL_LIST name Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_FTP_SHOW DOMAIN Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting DirectAdmin 1.292 - CMD_USER_STATS Cross-Site Scripting DirectAdmin 1.292 - 'CMD_USER_STATS' Cross-Site Scripting DirectAdmin 1.50.1 - Denial of Service	2017-01-09 05:01:15 +00:00
Offensive Security	bac881f89a	DB: 2017-01-03 3 new exploits QNAP NAS Devices - Heap Overflow Castle Rock Computing SNMPc 7.0.19 - Community String Stack Based Buffer Overflow Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH) PHPFanBase 2.x - (protection.php) Remote File Inclusion PHPFanBase 2.x - 'protection.php' Remote File Inclusion DigiAffiliate 1.4 - (visu_user.asp id) SQL Injection DigiAffiliate 1.4 - 'id' Parameter SQL Injection ExoPHPDesk 1.2.1 - (faq.php) SQL Injection ExoPHPDesk 1.2.1 - 'faq.php' SQL Injection MiniGal b13 - (image backdoor) Remote Code Execution MiniGal b13 - Remote Code Execution PHP Auto Listings - 'moreinfo.php pg' SQL Injection Pre Simple CMS - SQL Injection (Authentication Bypass) PHP Auto Listings - 'pg' Parameter SQL Injection Pre Simple CMS - Authentication Bypass Harlandscripts drinks - (recid) SQL Injection Harlandscripts drinks - 'recid' Parameter SQL Injection Mole Group Taxi Calc Dist Script - (Authentication Bypass) SQL Injection Mole Group Taxi Calc Dist Script - Authentication Bypass DevelopItEasy Membership System 1.3 - (Authentication Bypass) SQL Injection DevelopItEasy Membership System 1.3 - Authentication Bypass NICE FAQ Script - (Authentication Bypass) SQL Injection NICE FAQ Script - Authentication Bypass SoftComplex PHP Image Gallery 1.0 - (Authentication Bypass) SQL Injection SoftComplex PHP Image Gallery 1.0 - Authentication Bypass DELTAScripts PHP Classifieds 7.5 - (Authentication Bypass) SQL Injection DELTAScripts PHP Links 1.3 - (Authentication Bypass) SQL Injection DELTAScripts PHP Shop 1.0 - (Authentication Bypass) SQL Injection SoftComplex PHP Image Gallery - (ctg) SQL Injection DELTAScripts PHP Classifieds 7.5 - Authentication Bypass DELTAScripts PHP Links 1.3 - Authentication Bypass DELTAScripts PHP Shop 1.0 - Authentication Bypass SoftComplex PHP Image Gallery - 'ctg' Parameter SQL Injection TurnkeyForms Business Survey Pro 1.0 - 'id' SQL Injection Mole Group Pizza - (manufacturers_id) Script SQL Injection TurnkeyForms Business Survey Pro 1.0 - 'id' Parameter SQL Injection Mole Group Pizza - 'manufacturers_id' Parameter SQL Injection E-topbiz Online Store 1 - (Authentication Bypass) SQL Injection PHP Auto Listings Script - (Authentication Bypass) SQL Injection Mole Group Rental Script - (Authentication Bypass) SQL Injection MyioSoft Ajax Portal 3.0 - (Authentication Bypass) SQL Injection MyioSoft EasyBookMarker - (Authentication Bypass) SQL Injection MyioSoft EasyCalendar - (Authentication Bypass) SQL Injection E-topbiz Online Store 1 - Authentication Bypass PHP Auto Listings Script - Authentication Bypass Mole Group Rental Script - Authentication Bypass MyioSoft Ajax Portal 3.0 - Authentication Bypass MyioSoft EasyBookMarker 4.0 - Authentication Bypass MyioSoft EasyCalendar - Authentication Bypass E-topbiz Online Store 1 - 'cat_id' SQL Injection E-topbiz Online Store 1 - 'cat_id' Parameter SQL Injection Myiosoft EasyBookMarker 4 - (Parent) SQL Injection Myiosoft EasyBookMarker 4 - 'Parent' Parameter SQL Injection Enthusiast 3.1.4 - (show_joined.php path) Remote File Inclusion V3 Chat Profiles/Dating Script 3.0.2 - (Authentication Bypass) SQL Injection Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass DigiAffiliate 1.4 - (Authentication Bypass) SQL Injection Mole Group Airline Ticket Script - (Authentication Bypass) SQL Injection DigiAffiliate 1.4 - Authentication Bypass Mole Group Airline Ticket Script - Authentication Bypass ExoPHPDesk 1.2 Final - (Authentication Bypass) SQL Injection ZEEMATRI 3.0 - (bannerclick.php adid) SQL Injection ExoPHPDesk 1.2 Final - Authentication Bypass ZEEMATRI 3.0 - 'adid' Parameter SQL Injection Joomla! Component com_books - (book_id) SQL Injection Joomla! Component com_books - 'book_id' Parameter SQL Injection Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection Joomla! / Mambo Component com_catalogproduction - 'id' Parameter SQL Injection PozScripts Business Directory Script - 'cid' SQL Injection PozScripts Business Directory Script - 'cid' Parameter SQL Injection Alstrasoft Web Host Directory - (Authentication Bypass) SQL Injection Quick Poll Script - 'code.php id' SQL Injection Alstrasoft Web Host Directory - Authentication Bypass Quick Poll Script - 'id' Parameter SQL Injection Bankoi Webhost Panel 1.20 - (Authentication Bypass) SQL Injection Bankoi Webhost Panel 1.20 - Authentication Bypass Minigal b13 - 'index.php list' Remote File Disclosure yahoo answers - 'id' SQL Injection Minigal b13 - Remote File Disclosure yahoo answers - 'id' Parameter SQL Injection PHPstore Wholesale - 'track.php?id' SQL Injection PHPstore Wholesale - 'id' Parameter SQL Injection E-topbiz ADManager 4 - (group) Blind SQL Injection E-topbiz ADManager 4 - 'group' Parameter Blind SQL Injection PHPfan 3.3.4 - (init.php includepath) Remote File Inclusion Jadu Galaxies - 'categoryId' Blind SQL Injection PHPfan 3.3.4 - 'init.php' Remote File Inclusion Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection MemHT Portal 4.0.1 - (avatar) Remote Code Execution MemHT Portal 4.0.1 - Remote Code Execution MemHT Portal 4.0.1 - (pvtmsg) Delete All Private Messages Exploit MemHT Portal 4.0.1 - Delete All Private Messages Exploit MyioSoft Ajax Portal 3.0 - (page) SQL Injection MyioSoft Ajax Portal 3.0 - 'page' Parameter SQL Injection X10media Mp3 Search Engine < 1.6.2 Admin Access X10media Mp3 Search Engine < 1.6.2 - Admin Access Arab Portal 2.2 - (Authentication Bypass) SQL Injection Arab Portal 2.2 - Authentication Bypass Arab Portal 2.x - (forum.php qc) SQL Injection Arab Portal 2.x - 'forum.php' SQL Injection Arab Portal 2.2 - (mod.php module) Local File Inclusion Arab Portal 2.2 - 'mod.php' Local File Inclusion Collabtive - SQL Injection Collabtive 0.65 - SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - showproduct.php SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - showcat.php SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - 'showproduct.php' SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - 'showcat.php' SQL Injection All Enthusiast PhotoPost PHP Pro 5.0 - adm-photo.php Arbitrary Image Manipulation All Enthusiast PhotoPost PHP Pro 5.0 - 'adm-photo.php' Arbitrary Image Manipulation Collabtive 1.0 - (manageuser.php task Parameter) SQL Injection Collabtive 1.0 - 'manageuser.php' SQL Injection Arab Portal 2.0 - Link.php SQL Injection Arab Portal 2.0 - 'Link.php' SQL Injection Arab Portal System 2.0 - online.php title Parameter Cross-Site Scripting Arab Portal System 2.0 - download.php title Parameter Cross-Site Scripting Arab Portal 2.0 - 'online.php' Cross-Site Scripting Arab Portal 2.0 - 'download.php' Cross-Site Scripting ExoPHPDesk 1.2 - Pipe.php Remote File Inclusion ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion Collabtive 1.1 - (managetimetracker.php id Parameter) SQL Injection Collabtive 1.1 - 'managetimetracker.php' SQL Injection Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass Zeeways Shaadi Clone 2.0 - Authentication Bypass PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution	2017-01-03 05:01:17 +00:00
Offensive Security	897e1fa191	DB: 2016-12-24 3 new exploits WinFTP Server 2.0.2 - (PASV) Remote Denial of Service WinFTP Server 2.0.2 - 'PASV' Remote Denial of Service WinFTP Server 2.3.0 - (NLST) Denial of Service WinFTP Server 2.3.0 - 'NLST' Denial of Service vxFtpSrv 2.0.3 - CWD command Remote Buffer Overflow (PoC) vxFtpSrv 2.0.3 - 'CWD' Remote Buffer Overflow (PoC) OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation X7 Chat 2.0.5 - lib/message.php preg_replace() PHP Code Execution (Metasploit) X7 Chat 2.0.5 - 'message.php' PHP Code Execution (Metasploit) OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading X7 Chat 2.0 - (help_file) Remote Command Execution X7 Chat 2.0 - 'help_file' Parameter Remote Command Execution Ultimate WebBoard 3.00 - (Category) SQL Injection PromoteWeb MySQL - 'go.php id' SQL Injection 212Cafe Board 0.07 - (view.php qID) SQL Injection Ultimate WebBoard 3.00 - 'Category' Parameter SQL Injection PromoteWeb MySQL - 'id' Parameter SQL Injection 212Cafe Board 0.07 - 'qID' Parameter SQL Injection The Gemini Portal - 'lang' Remote File Inclusion RPG.Board 0.0.8Beta2 - (showtopic) SQL Injection ASPapp KnowledgeBase - 'catid' SQL Injection The Gemini Portal 4.7 - 'lang' Parameter Remote File Inclusion RPG.Board 0.0.8Beta2 - 'showtopic' Parameter SQL Injection ASPapp KnowledgeBase - 'catid' Parameter SQL Injection X7 Chat 2.0.1A1 - (mini.php help_file) Local File Inclusion X7 Chat 2.0.1A1 - 'mini.php' Local File Inclusion CoAST 0.95 - (sections_file) Remote File Inclusion Real Estate Manager - 'cat_id' SQL Injection LnBlog 0.9.0 - (plugin) Local File Inclusion PlugSpace 0.1 - (index.php navi) Local File Inclusion MyCard 1.0.2 - (gallery.php id) SQL Injection PowerPortal 2.0.13 - 'path' Local Directory Traversal PHP-Lance 1.52 - (show.php catid) SQL Injection Yoxel 1.23beta - (itpm_estimate.php a) Remote Code Execution CoAST 0.95 - 'sections_file' Parameter Remote File Inclusion Real Estate Manager 1.01 - 'cat_id' Parameter SQL Injection LnBlog 0.9.0 - 'plugin' Parameter Local File Inclusion PlugSpace 0.1 - 'navi' Parameter Local File Inclusion MyCard 1.0.2 - 'id' Parameter SQL Injection PowerPortal 2.0.13 - 'path' Parameter Local Directory Traversal PHP-Lance 1.52 - 'catid' Parameter SQL Injection Yoxel 1.23beta - 'itpm_estimate.php' Remote Code Execution ZEELYRICS 2.0 - (bannerclick.php adid) SQL Injection ZEELYRICS 2.0 - 'bannerclick.php' SQL Injection Pro Chat Rooms 3.0.3 - (guid) SQL Injection Pilot Group eTraining - 'news_read.php id' SQL Injection BbZL.php 0.92 - (lien_2) Local Directory Traversal Pro Chat Rooms 3.0.3 - SQL Injection Pilot Group eTraining - 'news_read.php' SQL Injection BbZL.php 0.92 - 'lien_2' Parameter Local Directory Traversal Arcadem Pro - 'articlecat' SQL Injection Arcadem Pro - 'articlecat' Parameter SQL Injection ArabCMS - 'rss.php rss' Local File Inclusion FAQ Management Script - 'catid' SQL Injection ArabCMS - 'rss.php' Local File Inclusion FAQ Management Script - 'catid' Parameter SQL Injection BookMarks Favourites Script - 'view_group.php id' SQL Injection BookMarks Favourites Script - 'id' Parameter SQL Injection BMForum 5.6 - (tagname) SQL Injection BMForum 5.6 - 'tagname' Parameter SQL Injection Crux Gallery 1.32 - (index.php theme) Local File Inclusion phpScheduleIt 1.2.10 - (reserve.php) Remote Code Execution RPortal 1.1 - (file_op) Remote File Inclusion Crux Gallery 1.32 - 'theme' Parameter Local File Inclusion phpScheduleIt 1.2.10 - 'reserve.php' Remote Code Execution RPortal 1.1 - 'file_op' Parameter Remote File Inclusion Link Trader - 'ratelink.php lnkid' SQL Injection Link Trader - 'lnkid' Parameter SQL Injection OLIB 7 WebView 2.5.1.1 - (infile) Local File Inclusion OpenX 2.6 - (ac.php bannerid) Blind SQL Injection OLIB 7 WebView 2.5.1.1 - 'infile' Parameter Local File Inclusion OpenX 2.6 - 'bannerid' Parameter Blind SQL Injection X7 Chat 2.0.5 - (Authentication Bypass) SQL Injection X7 Chat 2.0.5 - Authentication Bypass Arcadem Pro 2.8 - (article) Blind SQL Injection Arcadem Pro 2.8 - 'article' Parameter Blind SQL Injection Link Trader - (lnkid) SQL Injection phpScheduleIt PHP - reserve.php start_date Parameter Arbitrary Code Injection (Metasploit) phpScheduleIt 1.2.10 - 'reserve.php' Arbitrary Code Injection (Metasploit) PowerPortal 1.1/1.3 - modules.php Traversal Arbitrary Directory Listing PowerPortal 1.1/1.3 - 'modules.php' Traversal Arbitrary Directory Listing Atomic Photo Album 0.x/1.0 - Apa_PHPInclude.INC.php Remote File Inclusion Atomic Photo Album 0.x/1.0 - 'Apa_PHPInclude.INC.php' Remote File Inclusion BMForum 3.0 - topic.php Multiple Parameter Cross-Site Scripting BMForum 3.0 - forums.php Multiple Parameter Cross-Site Scripting BMForum 3.0 - post.php forumid Parameter Cross-Site Scripting BMForum 3.0 - announcesys.php forumid Parameter Cross-Site Scripting BMForum 3.0 - 'topic.php' Cross-Site Scripting BMForum 3.0 - 'forums.php' Cross-Site Scripting BMForum 3.0 - 'post.php' Cross-Site Scripting BMForum 3.0 - 'announcesys.php' Cross-Site Scripting PowerPortal 1.1/1.3 - 'index.php' search Parameter Cross-Site Scripting PowerPortal 1.1/1.3 - search.php search Parameter Cross-Site Scripting PowerPortal 1.1/1.3 - 'index.php' Cross-Site Scripting PowerPortal 1.1/1.3 - 'search.php' Cross-Site Scripting X7 Chat 2.0.4 - sources/frame.php room Parameter Cross-Site Scripting X7 Chat 2.0.4 - upgradev1.php INSTALL_X7CHATVERSION Parameter Cross-Site Scripting X7 Chat 2.0.4 - 'frame.php' Cross-Site Scripting X7 Chat 2.0.4 - 'upgradev1.php' Cross-Site Scripting BMForum 5.6 - 'index.php' outpused Parameter Cross-Site Scripting BMForum 5.6 - newtem/footer/bsd01footer.php Multiple Parameter Cross-Site Scripting BMForum 5.6 - newtem/header/bsd01header.php Multiple Parameter Cross-Site Scripting BMForum 5.6 - 'index.php' Cross-Site Scripting BMForum 5.6 - 'bsd01footer.php' Cross-Site Scripting BMForum 5.6 - 'bsd01header.php' Cross-Site Scripting Pilot Group eTraining - courses_login.php cat_id Parameter Cross-Site Scripting Pilot Group eTraining - news_read.php id Parameter Cross-Site Scripting Pilot Group eTraining - lessons_login.php Multiple Parameter Cross-Site Scripting Pilot Group eTraining - 'courses_login.php' Cross-Site Scripting Pilot Group eTraining - 'news_read.php' Cross-Site Scripting Pilot Group eTraining - 'lessons_login.php' Cross-Site Scripting OpenX - /www/admin/plugin-index.php parent Parameter Cross-Site Scripting OpenX 2.8.10 - 'plugin-index.php' Cross-Site Scripting Apache mod_session_crypto - Padding Oracle	2016-12-24 05:01:17 +00:00
Offensive Security	26b1e8b6ad	DB: 2016-12-23 10 new exploits Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap-Based Buffer Overflow (MS14-056) Microsoft Internet Explorer 11 MSHTML - CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035) Microsoft Internet Explorer 11 - MSHTML CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035) macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement IBM AIX 6.1/7.1/7.2 - 'Bellmail' Privilege Escalation Vesta Control Panel 0.9.8-16 - Local Privilege Escalation macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation PHP iCalendar 2.21 - (publish.ical.php) Remote Code Execution PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution CzarNews 1.14 - (tpath) Remote File Inclusion CzarNews 1.14 - 'tpath' Parameter Remote File Inclusion N/X WCMS 4.1 - (nxheader.inc.php) Remote File Inclusion N/X WCMS 4.1 - 'nxheader.inc.php' Remote File Inclusion Powies pForum 1.29a - (editpoll.php) SQL Injection Powies pForum 1.29a - 'editpoll.php' SQL Injection AssetMan 2.4a - (download_pdf.php) Remote File Disclosure AssetMan 2.4a - 'download_pdf.php' Remote File Disclosure Orion-Blog 2.0 - (AdminBlogNewsEdit.asp) Remote Authentication Bypass Orion-Blog 2.0 - Remote Authentication Bypass Ol BookMarks Manager 0.7.4 - (root) Remote File Inclusion Ol BookMarks Manager 0.7.4 - 'root' Parameter Remote File Inclusion AdminBot 9.0.5 - (live_status.lib.php ROOT) Remote File Inclusion AdminBot 9.0.5 - 'live_status.lib.php' Remote File Inclusion WSN Links Basic Edition - (displaycat catid) SQL Injection WSN Links Basic Edition - 'catid' Parameter SQL Injection phpRealty 0.02 - (MGR) Multiple Remote File Inclusion phpRealty 0.02 - 'MGR' Parameter Multiple Remote File Inclusion jPORTAL 2 - mailer.php SQL Injection jPORTAL 2.3.1 - articles.php SQL Injection jPORTAL 2 - 'mailer.php' SQL Injection jPORTAL 2.3.1 - 'articles.php' SQL Injection AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection AvailScript Jobs Portal Script - 'jid' Parameter SQL Injection PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion PHPWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion D-iscussion Board 3.01 - (topic) Local File Inclusion D-iscussion Board 3.01 - 'topic' Parameter Local File Inclusion PhpWebGallery 1.3.4 - Blind SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection PhpWebGallery 1.3.4 - Blind SQL Injection pForum 1.30 - (showprofil.php id) SQL Injection WebPortal CMS 0.7.4 - (download.php aid) SQL Injection iBoutique 4.0 - (cat) SQL Injection SkaLinks 1.5 - (register.php) Arbitrary Add Editor vbLOGIX Tutorial Script 1.0 - 'cat_id' SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection pForum 1.30 - 'showprofil.php' SQL Injection WebPortal CMS 0.7.4 - 'download.php' SQL Injection iBoutique 4.0 - 'cat' Parameter SQL Injection SkaLinks 1.5 - 'register.php' Arbitrary Add Editor vbLOGIX Tutorial Script 1.0 - 'cat_id' Parameter SQL Injection pLink 2.07 - (linkto.php id) Blind SQL Injection pLink 2.07 - 'linkto.php' Blind SQL Injection FoT Video scripti 1.1b - (oyun) SQL Injection FoT Video scripti 1.1b - 'oyun' Parameter SQL Injection Pre Real Estate Listings - 'search.php c' SQL Injection Pre Real Estate Listings - 'search.php' SQL Injection iScripts EasyIndex - (produid) SQL Injection iScripts EasyIndex - 'produid' Parameter SQL Injection Hotel Reservation System - 'city.asp city' Blind SQL Injection phpRealty 0.3 - (INC) Remote File Inclusion PHP Crawler 0.8 - (footer) Remote File Inclusion Technote 7 - (shop_this_skin_path) Remote File Inclusion Hotel Reservation System - 'city.asp' Blind SQL Injection phpRealty 0.3 - 'INC' Parameter Remote File Inclusion PHP Crawler 0.8 - Remote File Inclusion Technote 7 - 'shop_this_skin_path' Parameter Remote File Inclusion E-PHP CMS - 'article.php es_id' SQL Injection addalink 4 - 'category_id' SQL Injection ProArcadeScript 1.3 - (random) SQL Injection CYASK 3.x - (collect.php neturl) Local File Disclosure Diesel Joke Site - 'picture_category.php id' SQL Injection ProActive CMS - 'template' Local File Inclusion E-PHP CMS - 'article.php' SQL Injection addalink 4 - 'category_id' Parameter SQL Injection ProArcadeScript 1.3 - 'random' Parameter SQL Injection CYASK 3.x - 'neturl' Parameter Local File Disclosure Diesel Joke Site - 'picture_category.php' SQL Injection ProActive CMS - 'template' Parameter Local File Inclusion Diesel Pay Script - (area) SQL Injection Plaincart 1.1.2 - (p) SQL Injection Oceandir 2.9 - (show_vote.php id) SQL Injection jPORTAL 2 - 'humor.php id' SQL Injection Diesel Pay Script - 'area' Parameter SQL Injection Plaincart 1.1.2 - 'p' Parameter SQL Injection Oceandir 2.9 - 'show_vote.php' SQL Injection jPORTAL 2 - 'humor.php' SQL Injection Diesel Job Site - (job_id) Blind SQL Injection Diesel Job Site - 'job_id' Parameter Blind SQL Injection e107 Plugin Image Gallery 0.9.6.2 - (image) SQL Injection e107 Plugin Image Gallery 0.9.6.2 - SQL Injection WSN Links 2.22/2.23 - (vote.php) SQL Injection WSN Links 2.22/2.23 - 'vote.php' SQL Injection BuzzyWall 1.3.1 - (search.php search) SQL Injection WCMS 1.0b - (news_detail.asp id) SQL Injection BuzzyWall 1.3.1 - 'search' Parameter SQL Injection WCMS 1.0b - 'news_detail.asp' SQL Injection OpenElec 3.01 - (form.php obj) Local File Inclusion OpenElec 3.01 - 'obj' Parameter Local File Inclusion basebuilder 2.0.1 - (main.inc.php) Remote File Inclusion Fez 1.3/2.0 RC1 - (list.php) SQL Injection basebuilder 2.0.1 - 'main.inc.php' Remote File Inclusion Fez 1.3/2.0 RC1 - 'list.php' SQL Injection OpenRat 0.8-beta4 - (tpl_dir) Remote File Inclusion Sofi WebGui 0.6.3 PRE - (mod_dir) Remote File Inclusion OpenRat 0.8-beta4 - 'tpl_dir' Parameter Remote File Inclusion Sofi WebGui 0.6.3 PRE - 'mod_dir' Parameter Remote File Inclusion JETIK-WEB Software - 'sayfa.php kat' SQL Injection JETIK-WEB Software - 'kat' Parameter SQL Injection WebPortal CMS 0.7.4 - (code) Remote Code Execution HotScripts Clone - 'cid' SQL Injection WebPortal CMS 0.7.4 - 'code' Parameter Remote Code Execution HotScripts Clone - 'cid' Parameter SQL Injection emergecolab 1.0 - (sitecode) Local File Inclusion mailwatch 1.0.4 - (docs.php doc) Local File Inclusion PHPcounter 1.3.2 - (defs.php l) Local File Inclusion emergecolab 1.0 - 'sitecode' Parameter Local File Inclusion mailwatch 1.0.4 - 'doc' Parameter Local File Inclusion PHPcounter 1.3.2 - 'defs.php' Local File Inclusion webcp 0.5.7 - (filelocation) Remote File Disclosure webcp 0.5.7 - 'filelocation' Parameter Remote File Disclosure LanSuite 3.3.2 - (design) Local File Inclusion PHPOCS 0.1-beta3 - (index.php act) Local File Inclusion Vikingboard 0.2 Beta - (task) Local File Inclusion LanSuite 3.3.2 - 'design' Parameter Local File Inclusion PHPOCS 0.1-beta3 - 'act' Parameter Local File Inclusion Vikingboard 0.2 Beta - 'task' Parameter Local File Inclusion barcodegen 2.0.0 - (class_dir) Remote File Inclusion barcodegen 2.0.0 - 'class_dir' Parameter Remote File Inclusion PHPcounter 1.3.2 - (index.php name) SQL Injection PHPcounter 1.3.2 - 'index.php' SQL Injection PhpWebGallery 1.7.2 - Session Hijacking / Code Execution PHPWebGallery 1.7.2 - Session Hijacking / Code Execution BuzzyWall 1.3.1 - (download id) Remote File Disclosure BuzzyWall 1.3.1 - 'id' Parameter Remote File Disclosure Pre Real Estate Listings - (Authentication Bypass) SQL Injection Pre Real Estate Listings - Authentication Bypass Netartmedia Real Estate Portal 1.2 - (ad_id) SQL Injection Netartmedia Real Estate Portal 1.2 - 'ad_id' Parameter SQL Injection SkaLinks 1.5 - (Authentication Bypass) SQL Injection SkaLinks 1.5 - Authentication Bypass diesel job site 1.4 - Multiple Vulnerabilities Diesel Job Site 1.4 - Multiple Vulnerabilities ProArcadeScript to Game - (game) SQL Injection ProArcadeScript to Game - SQL Injection Link Bid Script - 'links.php id' SQL Injection Link Bid Script - 'links.php' SQL Injection NetArt Media iBoutique 4.0 - (index.php key Parameter) SQL Injection iBoutique 4.0 - 'key' Parameter SQL Injection PHPForum 2.0 RC1 - Mainfile.php Remote File Inclusion PHPForum 2.0 RC1 - 'Mainfile.php' Remote File Inclusion JPortal 2.2.1 - print.php SQL Injection jPORTAL 2.2.1 - 'print.php' SQL Injection CzarNews 1.13/1.14 - headlines.php Remote File Inclusion CzarNews 1.13/1.14 - 'headlines.php' Remote File Inclusion JPortal 2.3.1 - Banner.php SQL Injection jPORTAL 2.3.1 - 'Banner.php' SQL Injection CJ Ultra Plus 1.0.3/1.0.4 - OUT.php SQL Injection CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection JPortal 2.2.1/2.3.1 - download.php SQL Injection jPORTAL 2.2.1/2.3.1 - 'download.php' SQL Injection JPortal Web Portal 2.2.1/2.3.1 - comment.php id Parameter SQL Injection JPortal Web Portal 2.2.1/2.3.1 - news.php id Parameter SQL Injection JPortal Web Portal 2.2.1/2.3.1 - 'comment.php' SQL Injection JPortal Web Portal 2.2.1/2.3.1 - 'news.php' SQL Injection PHPWCMS 1.2.5 -DEV - random_image.php imgdir Parameter Traversal Arbitrary File Access PHPWCMS 1.2.5 -DEV - 'imgdir' Parameter Traversal Arbitrary File Access JPortal 2.2.1/2.3 Forum - forum.php SQL Injection jPORTAL 2.2.1/2.3 Forum - 'forum.php' SQL Injection Diesel Joke Site - Category.php SQL Injection Diesel Joke Site - 'Category.php' SQL Injection TinyPHPForum 3.6 - error.php Information Disclosure TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass TinyPHPForum 3.6 - 'error.php' Information Disclosure TinyPHPForum 3.6 - 'UpdatePF.php' Authentication Bypass Vikingboard Viking board 0.1b - help.php act Parameter Cross-Site Scripting Vikingboard Viking board 0.1b - report.php p Parameter Cross-Site Scripting Vikingboard 0.1 - topic.php SQL Injection Vikingboard 0.1b - 'help.php' Cross-Site Scripting Vikingboard 0.1b - 'report.php' Cross-Site Scripting Vikingboard 0.1 - 'topic.php' SQL Injection PHP iCalendar 1.1/2.x - day.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - month.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - year.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - week.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - search.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - rss/index.php getdate Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - print.php getdate Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - preferences.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - 'day.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'month.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'year.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'week.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'search.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'getdate' Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - 'print.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'preferences.php' Cross-Site Scripting Vikingboard Viking board 0.1.2 - cp.php Multiple Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - user.php u Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - post.php Multiple Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - topic.php s Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - forum.php debug Variable Information Disclosure Vikingboard Viking board 0.1.2 - cp.php debug Variable Information Disclosure Vikingboard 0.1.2 - 'cp.php' Cross-Site Scripting Vikingboard 0.1.2 - 'user.php' Cross-Site Scripting Vikingboard 0.1.2 - 'post.php' Cross-Site Scripting Vikingboard 0.1.2 - 'topic.php' Cross-Site Scripting Vikingboard 0.1.2 - 'forum.php' Information Disclosure Vikingboard 0.1.2 - 'cp.php' Information Disclosure PaysiteReviewCMS 1.1 - search.php q Parameter Cross-Site Scripting PaysiteReviewCMS - image.php image Parameter Cross-Site Scripting PaysiteReviewCMS 1.1 - 'search.php' Cross-Site Scripting PaysiteReviewCMS - 'image.php' Cross-Site Scripting BuzzScripts BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure	2016-12-23 05:01:18 +00:00
Offensive Security	62dddb2f49	DB: 2016-12-20 9 new exploits Apache 2.2 - (Windows) Local Denial of Service Apache 2.2 (Windows) - Local Denial of Service Apache 1.3.x + Tomcat 4.0.x/4.1.x Mod_JK - Chunked Encoding Denial of Service Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service Apache 2.4.7 mod_status - Scoreboard Handling Race Condition Apache 2.4.7 (mod_status) - Scoreboard Handling Race Condition Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read Apache 1.3.31 mod_include - Local Buffer Overflow Apache 1.3.31 (mod_include) - Local Buffer Overflow Gopher 3.0.9 - (+VIEWS) Remote Client Side Buffer Overflow Gopher 3.0.9 - (+VIEWS) Remote Client-Side Buffer Overflow Apache 'Mod_Auth_OpenID' - Session Stealing Apache (Mod_Auth_OpenID) - Session Stealing Apache 2.0.4x mod_php Module - File Descriptor Leakage (1) Apache 2.0.4x mod_php Module - File Descriptor Leakage (2) Apache 2.0.4x (mod_php) - File Descriptor Leakage (1) Apache 2.0.4x (mod_php) - File Descriptor Leakage (2) Apache 2.0.4x mod_perl Module - File Descriptor Leakage (3) Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3) Apache 1.3.x mod_include - Local Buffer Overflow Apache 1.3.x (mod_include) - Local Buffer Overflow Naenara Browser 3.5 (RedStar 3.0 Desktop) - 'JACKRABBIT' Client-Side Command Execution Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock) Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download Apache 1.3.x mod_mylo - Remote Code Execution Apache 1.3.x (mod_mylo) - Remote Code Execution Apache 1.3.x < 2.0.48 - mod_userdir Remote Users Disclosure Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuckV2.c' Remote Exploit (2) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (2) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-Site Scripting Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit Apache (Windows x86) - (Windows x86) Chunked Encoding (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) Apache mod_proxy - Reverse Proxy Exposure (PoC) Apache (mod_proxy) - Reverse Proxy Exposure (PoC) Apache 1.3.20 - Win32 PHP.exe Remote File Disclosure Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuck.c' Remote Exploit (1) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1) Joomla! Component 'com_media' - Arbitrary File Upload (Metasploit) Joomla! Component Media Manager - Arbitrary File Upload (Metasploit) Apache 2.2.6 - 'mod_negotiation' HTML Injection and HTTP Response Splitting Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting Apache 7.0.x 'mod_proxy'- Reverse Proxy Security Bypass Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass Apache 2.2.15 - 'mod_proxy' Reverse Proxy Security Bypass Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass Apache 'mod_wsgi' Module - Information Disclosure Apache (mod_wsgi) - Information Disclosure Joomla! Component 'com_jp_jobs' 1.4.1 - SQL Injection Joomla! Component JP Jobs 1.4.1 - SQL Injection Joomla! Component 'com_joomlapicasa' 2.0 - Local File Inclusion Joomla! Component Picasa 2.0 - Local File Inclusion Joomla! Component 'com_jinventory' - Local File Inclusion Joomla! Component JInventory 1.23.02 - Local File Inclusion Joomla! Component 'com_loginbox' - Local File Inclusion Joomla! Component LoginBox - Local File Inclusion Joomla! Component 'com_Joomlaupdater' - Local File Inclusion Joomla! Component Magic Updater - Local File Inclusion Joomla! Component 'com_news_portal' 1.5.x - Local File Inclusion Joomla! Component 'com_fss' 1.3 - 'faqid' Parameter SQL Injection Joomla! Component News Portal 1.5.x - Local File Inclusion Joomla! Component Freestyle FAQ Lite 1.3 - 'faqid' Parameter SQL Injection Joomla! Component 'com_jwhmcs' 1.5.0 - Local File Inclusion Joomla! Component 'com_jukebox' 1.7 - Local File Inclusion Joomla! Component 'com_Joomlaflickr' 1.0 - Local File Inclusion Joomla! Component 'com_hsconfig' 1.5 - Local File Inclusion Joomla! Component 'com_fabrik' 2.0 - Local File Inclusion Joomla! Component 'com_datafeeds' 880 - Local File Inclusion Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion Joomla! Component Juke Box 1.7 - Local File Inclusion Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Highslide 1.5 - Local File Inclusion Joomla! Component Fabrik 2.0 - Local File Inclusion Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion Joomla! Component 'com_foobla_suggestions' 1.5.1.2 - Local File Inclusion Joomla! Component 'com_javoice' - Local File Inclusion Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion Joomla! Component JA Voice 2.0 - Local File Inclusion Joomla! Component 'com_jfeedback' - Local File Inclusion Joomla! Component 'com_jprojectmanager' - Local File Inclusion Joomla! Component Jfeedback 1.2 - Local File Inclusion Joomla! Component JProject Manager 1.0 - Local File Inclusion Joomla! Component 'com_mv_restaurantmenumanager' 1.5.2 - SQL Injection Joomla! Component Multi-Venue Restaurant Menu Manager 1.5.2 - SQL Injection Joomla! Component 'com_horoscope' - Local File Inclusion Joomla! Component Horoscope 1.5.0 - Local File Inclusion Joomla! Component 'com_market' - Local File Inclusion Joomla! Component Online Market 2.x - Local File Inclusion Joomla! Component 'com_jvehicles' - 'aid' Parameter SQL Injection Joomla! Component 'com_jp_jobs' 1.2.0 - 'id' Parameter SQL Injection Joomla! Component Jvehicles 1.0/2.0 - 'aid' Parameter SQL Injection Joomla! Component JP Jobs 1.2.0 - 'id' Parameter SQL Injection Joomla! Component 'com_mtfireeagle' - Local File Inclusion Joomla! Component 'com_mediamall' - Blind SQL Injection Joomla! Component 'com_lovefactory' - Local File Inclusion Joomla! Component 'com_jacomment' - Local File Inclusion Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection Joomla! Component Love Factory 1.3.4 - Local File Inclusion Joomla! Component JA Comment - Local File Inclusion Joomla! Component 'com_iproperty' 1.5.3 - 'id' Parameter SQL Injection Joomla! Component Intellectual Property 1.5.3 - 'id' Parameter SQL Injection Joomla! Component 'com_joltcard' - SQL Injection Joomla! Component JoltCard 1.2.1 - SQL Injection Joomla! Component 'com_gadgetfactory' - Local File Inclusion Joomla! Component 'com_matamko' - Local File Inclusion Joomla! Component 'com_multiroot' - Local File Inclusion Joomla! Component 'com_multimap' - Local File Inclusion Joomla! Component 'com_drawroot' - Local File Inclusion Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion Joomla! Component Matamko 1.01 - Local File Inclusion Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion Joomla! Component 'com_if_surfalert' - Local File Inclusion Joomla! Component iF surfALERT 1.2 - Local File Inclusion Joomla! Component 'com_gbufacebook' 1.0.5 - SQL Injection Joomla! Component GBU Facebook 1.0.5 - SQL Injection Joomla! Component 'com_jnewspaper' - 'cid' Parameter SQL Injection Joomla! Component 'com_jtm' 1.9 Beta - SQL Injection Joomla! Component Online News Paper Manager 1.0 - 'cid' Parameter SQL Injection Joomla! Component JTM Reseller 1.9 Beta - SQL Injection Joomla! Component 'com_mmsblog' - Local File Inclusion Joomla! Component MMS Blog 2.3.0 - Local File Inclusion Joomla! Component 'com_noticeboard' - Local File Inclusion Joomla! Component NoticeBoard 1.3 - Local File Inclusion Joomla! Component 'com_graphics' 1.0.6 - Local File Inclusion Joomla! Component Graphics 1.0.6 - Local File Inclusion Joomla! Component 'com_newsfeeds' - SQL Injection Joomla! Component Newsfeeds - SQL Injection Joomla! Component 'com_konsultasi' - 'sid' Parameter SQL Injection Joomla! Component Komento 1.0.0 - 'sid' Parameter SQL Injection Joomla! Component 'com_dioneformwizard' - Local File Inclusion Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion Joomla! Component 'com_jejob' 1.0 - Local File Inclusion Joomla! Component JE Job 1.0 - Local File Inclusion Joomla! Component 'com_jequoteform' - Local File Inclusion Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion Joomla! Component 'com_mscomment' 0.8.0b - Local File Inclusion Joomla! Component MS Comment 0.8.0b - Local File Inclusion Apache Axis2 Administration console - Authenticated Cross-Site Scripting Apache Axis2 Administration Console - Authenticated Cross-Site Scripting Joomla! Component 'com_mycar' - Multiple Vulnerabilities Joomla! Component My Car 1.0 - Multiple Vulnerabilities Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection Joomla! Component JE Job 1.0 - 'catid' Parameter SQL Injection Joomla! Component 'com_jsjobs' - SQL Injection Joomla! Component JS Jobs 1.0.5.8 - SQL Injection Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection Joomla! Component Gamesbox 1.0.2 - 'id' Parameter SQL Injection Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection Joomla! Component eventCal 1.6.4 - Blind SQL Injection Joomla! Component 'com_ninjamonials' - Blind SQL Injection Joomla! Component NinjaMonials - Blind SQL Injection Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection Joomla! Component NeoRecruit 1.6.4 - 'Itemid' Parameter Blind SQL Injection Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection Joomla! Component 'com_huruhelpdesk' - SQL Injection Joomla! Component Golf Course Guide 0.9.6.0 - SQL Injection Joomla! Component Huru Helpdesk - SQL Injection Joomla! Component 'com_joomdle' 0.24 - SQL Injection Joomla! Component Joomdle 0.24 - SQL Injection Joomla! Component 'com_Joomla-visites' - Remote File Inclusion Joomla! Component Visites 1.1 RC2 - Remote File Inclusion Joomla! Component 'com_jefaqpro' - Multiple Blind SQL Injection Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection Joomla! Component 'com_magazine' 3.0.1 - Remote File Inclusion Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component 'com_gantry' 3.0.10 - Blind SQL Injection Joomla! Component Gantry 3.0.10 - Blind SQL Injection Joomla! Component 'com_jphone' - Local File Inclusion Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion Joomla! Component 'com_jgen' - SQL Injection Joomla! Component JGen 0.9.33 - SQL Injection Joomla! Component 'com_ezautos' - SQL Injection Joomla! Component Joostina - SQL Injection Joomla! Component 'com_jeguestbook' 1.0 - Multiple Vulnerabilities Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities Joomla! Component 'com_jedirectory' - SQL Injection Joomla! Component JE Directory 1.0 - SQL Injection Joomla! Component 'com_jscalendar' 1.5.1 - Multiple Vulnerabilities Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities Joomla! Component 'com_jeajaxeventcalendar' - SQL Injection Joomla! Component JE Ajax Event Calendar - SQL Injection Joomla! Component 'com_flipwall' - SQL Injection Joomla! Component Pulse Infotech Flip Wall - SQL Injection Joomla! Component 'com_jquarks4s' 1.0.0 - Blind SQL Injection Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection Joomla! Component 'com_jsupport' - Cross-Site Scripting Joomla! Component 'com_jsupport' - SQL Injection Joomla! Component JSupport 1.5.6 - Cross-Site Scripting Joomla! Component JSupport 1.5.6 - SQL Injection Joomla! Component 'com_jimtawl' - Local File Inclusion Joomla! Component Jimtawl 1.0.2 - Local File Inclusion phpMyAdmin - Client Side Code Injection / Redirect Link Falsification phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification Joomla! Component 'com_jeauto' 1.0 - SQL Injection Joomla! Component JE Auto 1.0 - SQL Injection Joomla! Component 'com_jradio' - Local File Inclusion Joomla! Component JRadio - Local File Inclusion Joomla! Component 'com_jotloader' 2.2.1 - Local File Inclusion Joomla! Component JotLoader 2.2.1 - Local File Inclusion Joomla! Component 'com_hmcommunity' - Multiple Vulnerabilities Joomla! Component HM Community - Multiple Vulnerabilities Joomla! Component 'com_estateagent' - SQL Injection Joomla! Component Estate Agent - SQL Injection EPortfolio 1.0 - Client Side Input Validation EPortfolio 1.0 - Client-Side Input Validation ActiveWeb Contentserver 5.6.2929 CMS - Client Side Filtering Bypass ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting Joomla! Component JV Comment 3.0.2 - 'id' Parameter SQL Injection Joomla! Component 'com_jcomments' 2.1 - 'ComntrNam' Parameter Cross-Site Scripting Joomla! Component JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting Joomla! Component 'com_clubmanager' - 'cm_id' Parameter SQL Injection Joomla! Component Club Manager - 'cm_id' Parameter SQL Injection Joomla! Component 'com_jstore' - 'Controller' Parameter Local File Inclusion Joomla! Component Jstore - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection Joomla! Component ECommerce-WD 1.2.5 - SQL Injection Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection Joomla! Component Contact Form Maker 1.0.1 - SQL Injection Joomla! Component 'com_kp' - 'Controller' Parameter Local File Inclusion Joomla! Component com_kp - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities Joomla! Component Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection ntop-ng 2.5.160805 - Username Enumeration	2016-12-20 05:01:16 +00:00
Offensive Security	18d8085c6d	DB: 2016-12-18 13 new exploits Microsoft Internet Explorer 9 MSHTML - CMarkup::ReloadInCompatView Use-After-Free Microsoft Internet Explorer 9 IEFRAME - CMarkup::RemovePointerPos Use-After-Free (MS13-055) Orthanc DICOM Server 1.1.0 - Memory Corruption Microsoft Internet Explorer 9 - MSHTML CMarkup::ReloadInCompatView Use-After-Free Microsoft Internet Explorer 9 - IEFRAME CMarkup::RemovePointerPos Use-After-Free (MS13-055) OsiriX DICOM Viewer 8.0.1 - Memory Corruption ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow DCMTK 3.6.0 storescp - Stack Buffer Overflow Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service Microsoft Internet Explorer 9 IEFRAME - CMarkupPointer::MoveToGap Use-After-Free Microsoft Internet Explorer 9 IEFRAME - CView::EnsureSize Use-After-Free (MS13-021) Nagios < 4.2.4 - Privilege Escalation iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free Alienvault OSSIM - SQL Injection / Remote Code Execution (Metasploit) Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit) Alienvault OSSIM < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution Alienvault Open Source SIEM (OSSIM) < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution Alienvault OSSIM - av-centerd Command Injection (Metasploit) Alienvault Open Source SIEM (OSSIM) - av-centerd Command Injection (Metasploit) Horos 2.1.0 Web Portal - Directory Traversal Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Alienvault OSSIM Open Source SIEM 3.1 - Multiple Security Vulnerabilities Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Security Vulnerabilities Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault OSSIM 4.1.2 - Multiple SQL Injections Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections Alienvault OSSIM Open Source SIEM 4.1 - Multiple SQL Vulnerabilities Alienvault Open Source SIEM (OSSIM) 4.1 - Multiple SQL Vulnerabilities Alienvault 4.3.1 - Unauthenticated SQL Injection Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting Alienvault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit) Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit) Alienvault OSSIM 4.3 - Cross-Site Request Forgery Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery WHMCS Addon VMPanel 2.7.4 - SQL Injection WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery	2016-12-18 05:01:16 +00:00
Offensive Security	9cad083b49	DB: 2016-12-11 5 new exploits uTorrent 1.8.3 (Build 15772) - Create New Torrent Buffer Overflow (PoC) uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC) F5 BIG-IP - Authentication Bypass (1) F5 BIG-IP - Authentication Bypass (PoC) Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC (1) Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (2) Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2) Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1) Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (2) Microsoft Internet Explorer 9 MSHTML - CElement::HasFlag Memory Corruption uTorrent - DLL Hijacking uTorrent 2.0.3 - DLL Hijacking F5 BIG-IP - Authentication Bypass (2) F5 BIG-IP - Authentication Bypass SePortal - SQL Injection / Remote Code Execution (Metasploit) SePortal 2.5 - SQL Injection / Remote Code Execution (Metasploit) MyPHP CMS 0.3 - (domain) Remote File Inclusion MyPHP CMS 0.3 - 'domain' Parameter Remote File Inclusion RSS-aggregator - 'display.php path' Remote File Inclusion RSS-aggregator - 'path' Parameter Remote File Inclusion HoMaP-CMS 0.1 - (plugin_admin.php) Remote File Inclusion HomePH Design 2.10 RC2 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities HoMaP-CMS 0.1 - 'plugin_admin.php' Remote File Inclusion HomePH Design 2.10 RC2 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting cmreams CMS 1.3.1.1 beta2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities cmreams CMS 1.3.1.1 beta2 - Local File Inclusion / Cross-Site Scripting HoMaP-CMS 0.1 - (index.php go) SQL Injection HoMaP-CMS 0.1 - 'go' Parameter SQL Injection Ready2Edit - 'pages.php menuid' SQL Injection ResearchGuide 0.5 - (guide.php id) SQL Injection MVC-Web CMS 1.0/1.2 - (index.asp newsid) SQL Injection Ready2Edit - 'menuid' Parameter SQL Injection ResearchGuide 0.5 - 'id' Parameter SQL Injection MVC-Web CMS 1.0/1.2 - 'newsid' Parameter SQL Injection Demo4 CMS - 'index.php id' SQL Injection Joomla! Component com_facileforms 1.4.4 - Remote File Inclusion Dagger CMS 2008 - (dir_inc) Remote File Inclusion TinxCMS 1.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities mm chat 1.5 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ourvideo CMS 9.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities cmsWorks 2.2 RC4 - (mod_root) Remote File Inclusion Demo4 CMS - 'id' Parameter SQL Injection Joomla! Component FacileForms 1.4.4 - Remote File Inclusion Dagger CMS 2008 - 'dir_inc' Parameter Remote File Inclusion TinXCMS 1.1 - Local File Inclusion / Cross-Site Scripting mm chat 1.5 - Local File Inclusion / Cross-Site Scripting ourvideo CMS 9.5 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting cmsWorks 2.2 RC4 - 'mod_root' Parameter Remote File Inclusion Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection Relative Real Estate Systems 3.0 - 'listing_id' Parameter SQL Injection DUcalendar 1.0 - (detail.asp iEve) SQL Injection HiveMaker Directory - 'cid' Parameter SQL Injection E-topbiz ViralDX 2.07 - (adclick.php bannerid) SQL Injection Link ADS 1 - 'out.php linkid' SQL Injection TOKOKITA - 'barang.php produk_id' SQL Injection Webdevindo-CMS 0.1 - (index.php hal) SQL Injection mUnky 0.0.1 - (index.php zone) Local File Inclusion Jokes & Funny Pics Script - (sb_jokeid) SQL Injection DUcalendar 1.0 - 'iEve' Parameter SQL Injection HiveMaker Directory 1.0.2 - 'cid' Parameter SQL Injection E-topbiz ViralDX 2.07 - 'bannerid' Parameter SQL Injection Link ADS 1 - 'linkid' Parameter SQL Injection TOKOKITA - 'produk_id' Parameter SQL Injection Webdevindo-CMS 0.1 - 'hal' Parameter SQL Injection mUnky 0.0.1 - 'zone' Parameter Local File Inclusion Jokes & Funny Pics Script - 'sb_jokeid' Parameter SQL Injection MyPHP CMS 0.3.1 - (page.php pid) SQL Injection PHPmotion 2.0 - (update_profile.php) Arbitrary File Upload MyPHP CMS 0.3.1 - 'pid' Parameter SQL Injection PHPmotion 2.0 - 'update_profile.php' Arbitrary File Upload polypager 1.0rc2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities PHP-Fusion Mod Kroax 4.42 - (category) SQL Injection polypager 1.0rc2 - SQL Injection / Cross-Site Scripting PHP-Fusion Mod Kroax 4.42 - 'category' Parameter SQL Injection Riddles Complete Website 1.2.1 - (riddleid) SQL Injection Tips Complete Website 1.2.0 - (tipid) SQL Injection Jokes Complete Website 2.1.3 - (jokeid) SQL Injection Drinks Complete Website 2.1.0 - (drinkid) SQL Injection Cheats Complete Website 1.1.1 - 'itemID' SQL Injection Riddles Complete Website 1.2.1 - 'riddleid' Parameter SQL Injection Tips Complete Website 1.2.0 - 'tipid' Parameter SQL Injection Easysitenetwork Jokes Complete Website 2.1.3 - 'jokeid' Parameter SQL Injection Drinks Complete Website 2.1.0 - 'drinkid' Parameter SQL Injection Cheats Complete Website 1.1.1 - 'itemID' Parameter SQL Injection Orca 2.0/2.0.2 - (Parameters.php) Remote File Inclusion Orca 2.0/2.0.2 - 'Parameters.php' Remote File Inclusion OTManager CMS 24a - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities OTManager CMS 24a - Local File Inclusion / Cross-Site Scripting SePortal 2.4 - (poll.php poll_id) SQL Injection SePortal 2.4 - 'poll_id' Parameter SQL Injection poweraward 1.1.0 rc1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Joomla! Component jabode - 'id' SQL Injection Online Booking Manager 2.2 - 'id' SQL Injection poweraward 1.1.0 rc1 - Local File Inclusion / Cross-Site Scripting Joomla! Component jabode - 'id' Parameter SQL Injection Online Booking Manager 2.2 - 'id' Parameter SQL Injection Joomla! Component Xe webtv - 'id' Blind SQL Injection Joomla! Component Xe webtv - 'id' Parameter Blind SQL Injection AcmlmBoard 1.A2 - 'pow' SQL Injection eSHOP100 - (SUB) SQL Injection AcmlmBoard 1.A2 - 'pow' Parameter SQL Injection eSHOP100 - 'SUB' Parameter SQL Injection OTManager CMS 2.4 - (Tipo) Remote File Inclusion OTManager CMS 2.4 - 'Tipo' Parameter Remote File Inclusion Orca 2.0.2 - (Topic) Cross-Site Scripting Orca 2.0.2 - Cross-Site Scripting Hedgehog-CMS 1.21 - (Local File Inclusion) Remote Command Execution Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution catviz 0.4.0b1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Catviz 0.4.0 beta1 - Local File Inclusion / Cross-Site Scripting Joomla! Component com_facileforms - Cross-Site Scripting Joomla! Component FacileForms - Cross-Site Scripting PHPMotion 1.62 - 'FCKeditor' Arbitrary File Upload PHPmotion 1.62 - 'FCKeditor' Arbitrary File Upload Roundcube 1.2.2 - Remote Code Execution Pivot 1.0 - Remote module_db.php File Inclusion Pivot 1.0 - 'module_db.php' Remote File Inclusion MyBloggie 2.1 - 'index.php' year Parameter Cross-Site Scripting MyBloggie 2.1 - 'index.php' Cross-Site Scripting E-topbiz Link ADS 1 - 'out.php' SQL Injection PolyPager 0.9.51/1.0 - 'nr' Parameter Cross-Site Scripting RSS-aggregator 1.0 - admin/fonctions/supprimer_flux.php IdFlux Parameter SQL Injection RSS-aggregator 1.0 - admin/fonctions/supprimer_tag.php IdTag Parameter SQL Injection RSS-aggregator 1.0 - 'admin/fonctions/' Direct Request Administrator Authentication Bypass RSS-aggregator 1.0 - 'IdFlux' Parameter SQL Injection RSS-aggregator 1.0 - 'IdTag' Parameter SQL Injection RSS-aggregator 1.0 - Authentication Bypass Jokes Complete Website - joke.php id Parameter Cross-Site Scripting Jokes Complete Website - results.php searchingred Parameter Cross-Site Scripting Easysitenetwork Jokes Complete Website - 'id' Parameter Cross-Site Scripting Easysitenetwork Jokes Complete Website - 'searchingred' Parameter Cross-Site Scripting Splunk Enterprise 6.4.3 - Server-Side Request Forgery	2016-12-11 05:01:17 +00:00
Offensive Security	b3a7c78388	DB: 2016-11-25 4 new exploits Groupwise 7.0 - (mailto: scheme) Buffer Overflow (PoC) Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC) Remote Utilities Host 6.3 - Denial of Service Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) GNU Wget < 1.18 - Access List Bypass / Race Condition miniBB - 'user' Input Validation Hole MiniBB 1.7f - 'user' Parameter SQL Injection TR Newsportal 0.36tr1 - (poll.php) Remote File Inclusion TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion miniBB keyword_replacer 1.0 - (pathToFiles) File Inclusion MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion miniBB 2.0.2 - (bb_func_txt.php) Remote File Inclusion MiniBB 2.0.2 - 'bb_func_txt.php' Remote File Inclusion W1L3D4 philboard 0.2 - (W1L3D4_bolum.asp forumid) SQL Injection W1L3D4 philboard 0.2 - 'W1L3D4_bolum.asp' SQL Injection miniBB 2.1 - (table) SQL Injection MiniBB 2.1 - 'table' Parameter SQL Injection Joovili 3.0.6 - (joovili.images.php) Remote File Disclosure Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure Apartment Search Script - 'listtest.php r' SQL Injection XOOPS Module Recipe - 'detail.php id' SQL Injection Aterr 0.9.1 - (class) Local File Inclusion (PHP5) W1L3D4 philboard 1.0 - (philboard_reply.asp) SQL Injection Apartment Search Script - 'listtest.php' SQL Injection XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection Aterr 0.9.1 - Local File Inclusion (PHP5) W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection KubeLance 1.6.4 - (ipn.php i) Local File Inclusion acidcat CMS 3.4.1 - Multiple Vulnerabilities BlogWorx 1.0 - (view.asp id) SQL Injection Crazy Goomba 1.2.1 - 'id' SQL Injection RedDot CMS 7.5 - (LngId) SQL Injection TR News 2.1 - (nb) SQL Injection KubeLance 1.6.4 - 'ipn.php' Local File Inclusion Acidcat CMS 3.4.1 - Multiple Vulnerabilities BlogWorx 1.0 - 'id' Parameter SQL Injection Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection RedDot CMS 7.5 - 'LngId' Parameter SQL Injection TR News 2.1 - 'nb' Parameter SQL Injection E RESERV 2.1 - (index.php ID_loc) SQL Injection Joomla! Component Filiale 1.0.4 - (idFiliale) SQL Injection E RESERV 2.1 - 'index.php' SQL Injection Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection minibb 2.2 - (Cross-Site Scripting / SQL Injection / Full Path Disclosure) Multiple Vulnerabilities PostNuke Module PostSchedule - (eid) SQL Injection MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting PHP Forge 3 Beta 2 - 'id' SQL Injection PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection megabbs forum 2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Jokes Site Script - 'jokes.php?catagorie' SQL Injection FluentCMS - 'view.php sid' SQL Injection megabbs forum 2.2 - SQL Injection / Cross-Site Scripting Jokes Site Script - 'jokes.php' SQL Injection FluentCMS - 'view.php' SQL Injection Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection Softbiz Web Host Directory Script (host_id) - SQL Injection Joovili 3.1 - (browse.videos.php category) SQL Injection Prozilla Hosting Index - 'cat_id' Parameter SQL Injection Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection Joovili 3.1 - 'browse.videos.php' SQL Injection w1l3d4 philboard 1.2 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting apartment search script - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities Apartment Search Script - Arbitrary File Upload / Cross-Site Scripting Mini Web Calendar 1.2 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting Prozilla Hosting Index - 'id' SQL Injection Prozilla Hosting Index - 'id' Parameter SQL Injection web Calendar system 3.12/3.30 - Multiple Vulnerabilities Web Calendar System 3.12/3.30 - Multiple Vulnerabilities Web Calendar 4.1 - (Authentication Bypass) SQL Injection Web Calendar 4.1 - Authentication Bypass web Calendar system 3.40 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection KubeLance - 'profile.php?id' SQL Injection KubeLance 1.7.6 - 'profile.php' SQL Injection Clever Copy 2.0 - calendar.php Cross-Site Scripting Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting Clever Copy 2.0 - results.php Multiple Parameter Cross-Site Scripting Clever Copy 2.0 - categorysearch.php Multiple Parameter Cross-Site Scripting Clever Copy 2.0 - 'results.php' Cross-Site Scripting Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting Acidcat CMS 2.1.13 - default.asp ID Parameter SQL Injection Acidcat CMS 2.1.13 - acidcat.mdb Remote Information Disclosure Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure ODFaq 2.1 - faq.php SQL Injection ODFaq 2.1 - 'faq.php' SQL Injection MiniBB 1.5 - news.php Remote File Inclusion MiniBB 1.5 - 'news.php' Remote File Inclusion W1L3D4 philboard 0.3 - W1L3D4_Aramasonuc.asp Cross-Site Scripting W1L3D4 philboard 0.3 - Cross-Site Scripting Proverbs Web Calendar 1.1 - Password Parameter SQL Injection Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection Chimaera Project Aterr 0.9.1 - Multiple Local File Inclusion miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting eZoneScripts Apartment Search Script - 'listtest.php' SQL Injection miniBB 3.1 - Blind SQL Injection MiniBB 3.1 - Blind SQL Injection Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting	2016-11-25 05:01:20 +00:00
Offensive Security	dab1517032	DB: 2016-11-22 13 new exploits Borland Interbase 2007 - ibserver.exe Buffer Overflow (PoC) Borland Interbase 2007 - 'ibserver.exe' Buffer Overflow (PoC) Linux Kernel (Ubuntu / RedHat) - 'keyctl' Null Pointer Dereference Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Microsoft Edge Scripting Engine - Memory Corruption (MS16-129) Microsoft Edge - 'CTextExtractor::GetBlockText' Out-of-Bounds Read (MS16-104) Microsoft Internet Explorer 8 jscript - 'RegExpBase::FBadHeader' Use-After-Free (MS15-018) NTP 4.2.8p8 - Denial of Service Tumbleweed SecureTransport FileTransfer - ActiveX Buffer Overflow Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow Borland Interbase 2007 - PWD_db_aliased Buffer Overflow (Metasploit) Borland Interbase 2007 - 'PWD_db_aliased' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 sp2 - 'jrd8_create_database' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit) Borland Interbase - isc_create_database() Buffer Overflow (Metasploit) Borland Interbase - 'isc_create_database()' Buffer Overflow (Metasploit) Borland Interbase - isc_attach_database() Buffer Overflow (Metasploit) Borland Interbase - 'isc_attach_database()' Buffer Overflow (Metasploit) Borland Interbase - SVC_attach() Buffer Overflow (Metasploit) Borland Interbase - 'SVC_attach()' Buffer Overflow (Metasploit) Borland Interbase - Create-Request Buffer Overflow (Metasploit) Borland Interbase - 'Create-Request' Buffer Overflow (Metasploit) Borland Interbase - PWD_db_aliased() Buffer Overflow (Metasploit) Borland Interbase - open_marker_file() Buffer Overflow (Metasploit) Borland Interbase - 'PWD_db_aliased()' Buffer Overflow (Metasploit) Borland Interbase - 'open_marker_file()' Buffer Overflow (Metasploit) Borland Interbase - jrd8_create_database() Buffer Overflow (Metasploit) Borland Interbase - INET_connect() Buffer Overflow (Metasploit) Borland Interbase - 'jrd8_create_database()' Buffer Overflow (Metasploit) Borland Interbase - 'INET_connect()' Buffer Overflow (Metasploit) Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) phpunity.postcard - (gallery_path) Remote File Inclusion phpunity.postcard - 'gallery_path' Parameter Remote File Inclusion CcMail 1.0.1 - (update.php functions_dir) Remote File Inclusion CcMail 1.0.1 - 'functions_dir' Parameter Remote File Inclusion 1024 CMS 0.7 - (download.php item) Remote File Disclosure 1024 CMS 0.7 - 'download.php' Remote File Disclosure cpCommerce 1.1.0 - (category.php id_category) SQL Injection CPCommerce 1.1.0 - 'id_category' Parameter SQL Injection 1024 CMS 1.3.1 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities 1024 CMS 1.3.1 - Local File Inclusion / SQL Injection Mole 2.1.0 - (viewsource.php) Remote File Disclosure ChartDirector 4.1 - (viewsource.php) File Disclosure 724CMS 4.01 Enterprise - (index.php ID) SQL Injection My Gaming Ladder 7.5 - (ladderid) SQL Injection Mole 2.1.0 - 'viewsource.php' Remote File Disclosure ChartDirector 4.1 - 'viewsource.php' File Disclosure 724CMS 4.01 Enterprise - 'index.php' SQL Injection My Gaming Ladder 7.5 - 'ladderid' Parameter SQL Injection exbb 0.22 - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities Pligg CMS 9.9.0 - (editlink.php id) SQL Injection ExBB 0.22 - Local / Remote File Inclusion Pligg CMS 9.9.0 - 'editlink.php' SQL Injection Prediction Football 1.x - (matchid) SQL Injection Prediction Football 1.x - 'matchid' Parameter SQL Injection Free Photo Gallery Site Script - (path) File Disclosure Free Photo Gallery Site Script - 'path' Parameter File Disclosure LiveCart 1.1.1 - (category id) Blind SQL Injection Ksemail - 'index.php language' Local File Inclusion LiveCart 1.1.1 - 'id' Parameter Blind SQL Injection Ksemail - Local File Inclusion RX Maxsoft - 'popup_img.php fotoID' SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection RX Maxsoft - 'fotoID' Parameter SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' Parameter SQL Injection Pollbooth 2.0 - (pollID) SQL Injection cpcommerce 1.1.0 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities Pollbooth 2.0 - 'pollID' Parameter SQL Injection CPCommerce 1.1.0 - Cross-Site Scripting / Local File Inclusion SmallBiz eShop - (content_id) SQL Injection SmallBiz eShop - 'content_id' Parameter SQL Injection lightneasy sqlite / no database 1.2.2 - Multiple Vulnerabilities LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities PostcardMentor - 'step1.asp cat_fldAuto' SQL Injection PostcardMentor - 'cat_fldAuto' Parameter SQL Injection Pligg CMS 9.9.0 - (story.php id) SQL Injection Pligg CMS 9.9.0 - 'story.php' SQL Injection LokiCMS 0.3.4 - writeconfig() Remote Command Execution LokiCMS 0.3.4 - 'writeconfig()' Remote Command Execution cpCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass CPCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass cpCommerce 1.2.8 - (id_document) Blind SQL Injection CPCommerce 1.2.8 - 'id_document' Parameter Blind SQL Injection cpCommerce 1.2.x - GLOBALS[prefix] Arbitrary File Inclusion CPCommerce 1.2.x - 'GLOBALS[prefix]' Arbitrary File Inclusion ChartDirector 5.0.1 - (cacheId) Arbitrary File Disclosure ChartDirector 5.0.1 - 'cacheId' Parameter Arbitrary File Disclosure Pligg CMS 1.0.4 - (story.php?id) SQL Injection Pligg CMS 1.0.4 - 'story.php' SQL Injection 724CMS 4.59 Enterprise - SQL Injection 724CMS Enterprise 4.59 - SQL Injection lightneasy 3.2.2 - Multiple Vulnerabilities LightNEasy 3.2.2 - Multiple Vulnerabilities My Postcards 6.0 - MagicCard.cgi Arbitrary File Disclosure My Postcards 6.0 - 'MagicCard.cgi' Arbitrary File Disclosure Mambo Open Source 4.0.14 - PollBooth.php Multiple SQL Injection Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injection PhotoKorn 1.53/1.54 - postcard.php id Parameter SQL Injection PhotoKorn 1.53/1.54 - 'id' Parameter SQL Injection CPCommerce 1.1 - Manufacturer.php SQL Injection CPCommerce 1.1 - 'manufacturer.php' SQL Injection LiveCart 1.0.1 - user/remindPassword return Parameter Cross-Site Scripting LiveCart 1.0.1 - category q Parameter Cross-Site Scripting LiveCart 1.0.1 - order return Parameter Cross-Site Scripting LiveCart 1.0.1 - user/remindComplete email Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'q' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'email' Parameter Cross-Site Scripting Pligg CMS 1.x - module.php Multiple Parameter Cross-Site Scripting Pligg CMS 1.x - 'module.php' Multiple Parameter Cross-Site Scripting Pligg CMS 2.0.2 - (load_data_for_search.php) SQL Injection Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection CMS Made Simple 2.1.5 - Cross-Site Scripting Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery Mezzanine 4.2.0 - Cross-Site Scripting LEPTON 2.2.2 - SQL Injection LEPTON 2.2.2 - Remote Code Execution FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery FUDforum 3.0.6 - Local File Inclusion Wordpress Plugin Olimometer 2.56 - SQL Injection	2016-11-22 05:01:18 +00:00
Offensive Security	b22e31535e	DB: 2016-11-18 3 new exploits Winamp 5.21 - (Midi File Header Handling) Buffer Overflow (PoC) Winamp 5.21 - .Midi File Header Handling Buffer Overflow (PoC) Nullsoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC) NullSoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC) Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC) WinAmp GEN_MSN Plugin - Heap Buffer Overflow (PoC) Winamp GEN_MSN Plugin - Heap Buffer Overflow (PoC) Winamp 5.572 - whatsnew.txt Stack Overflow (PoC) Winamp 5.572 - 'whatsnew.txt' Stack Overflow (PoC) Nullsoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow WinAmp 5.63 - Invalid Pointer Dereference WinAmp 5.63 - Stack Based Buffer Overflow Winamp 5.63 - Invalid Pointer Dereference Winamp 5.63 - Stack Based Buffer Overflow Winamp 5.666 build 3516 - (Corrupted flv) Crash (PoC) Winamp 5.666 build 3516 - Corrupted .flv Crash (PoC) Microsoft Edge - 'eval' Type Confusion Nullsoft Winamp 5.32 - .MP4 Tags Stack Overflow NullSoft Winamp 5.32 - .MP4 Tags Stack Overflow SCO UnixWare < 7.1.4 p534589 - (pkgadd) Privilege Escalation SCO UnixWare Reliant HA - Privilege Escalation SCO UnixWare Merge - mcd Privilege Escalation Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Privilege Escalation SCO UnixWare Reliant HA 1.1.4 - Privilege Escalation SCO UnixWare Merge - 'mcd' Privilege Escalation Winamp 5.05-5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.05<5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.572 - whatsnew.txt Stack Overflow Winamp 5.572 - whatsnew.txt Local Buffer Overflow (Windows XP SP3 DE) Winamp 5.572 - 'whatsnew.txt' Stack Overflow Winamp 5.572 (Windows XP SP3 DE) - 'whatsnew.txt' Local Buffer Overflow Winamp 5.572 - whatsnew.txt SEH (Metasploit) Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit) Winamp 5.572 - Local Buffer Overflow (Windows 7 ASLR + DEP Bypass) Winamp 5.572 (Windows 7) - Local Buffer Overflow (ASLR + DEP Bypass) Nullsoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking NullSoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking WinAmp 5.63 - (winamp.ini) Local Exploit Winamp 5.63 - 'winamp.ini' Local Exploit Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1) Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2) Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1) Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2) Nullsoft Winamp 2.x - AIP Buffer Overflow NullSoft Winamp 2.x - AIP Buffer Overflow Nullsoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow NullSoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow winamp Web interface 7.5.13 - Multiple Vulnerabilities Winamp Web interface 7.5.13 - Multiple Vulnerabilities Nullsoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow NullSoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow LinPHA 1.3.1 - (new_images.php) Blind SQL Injection LinPHA 1.3.1 - 'new_images.php' Blind SQL Injection KwsPHP Module jeuxflash 1.0 - 'id' SQL Injection KwsPHP Module jeuxflash 1.0 - 'id' Parameter SQL Injection KwsPHP 1.0 - Newsletter Module SQL Injection KwsPHP 1.0 Module Newsletter - SQL Injection DaZPHP 0.1 - (prefixdir) Local File Inclusion PhpBlock a8.4 - (PATH_TO_CODE) Remote File Inclusion KwsPHP Module Galerie - (id_gal) SQL Injection KwsPHP Module Archives - 'id' SQL Injection KwsPHP Module jeuxflash (cat) 1.0 - SQL Injection KwsPHP Module ConcoursPhoto - (C_ID) SQL Injection XPOZE Pro 3.05 - (reed) SQL Injection Vastal I-Tech Software Zone - 'cat_id' SQL Injection sabros.us 1.75 - (thumbnails.php) Remote File Disclosure Comdev News Publisher - SQL Injection Affiliate Directory - 'cat_id' SQL Injection PHP Photo Gallery 1.0 - (photo_id) SQL Injection Blogator-script 0.95 - (incl_page) Remote File Inclusion PIGMy-SQL 1.4.1 - (getdata.php id) Blind SQL Injection Blogator-script 0.95 - (id_art) SQL Injection Dragoon 0.1 - (lng) Local File Inclusion DaZPHP 0.1 - 'prefixdir' Parameter Local File Inclusion PhpBlock a8.4 - 'PATH_TO_CODE' Parameter Remote File Inclusion KwsPHP 1.3.456 Module Galerie - 'id_gal' Parameter SQL Injection KwsPHP 1.3.456 Module Archives - 'id' Parameter SQL Injection KwsPHP Module jeuxflash 1.0 - 'cat' Parameter SQL Injection KwsPHP Module ConcoursPhoto 2.0 - 'C_ID' Parameter SQL Injection XPOZE Pro 3.05 - 'reed' Parameter SQL Injection Vastal I-Tech Software Zone - 'cat_id' Parameter SQL Injection Sabros.us 1.75 - 'thumbnails.php' Remote File Disclosure Comdev News Publisher 4.1.2 - SQL Injection Affiliate Directory - 'cat_id' Parameter SQL Injection PHP Photo Gallery 1.0 - 'photo_id' Parameter SQL Injection Blogator-script 0.95 - 'incl_page' Parameter Remote File Inclusion PIGMy-SQL 1.4.1 - 'getdata.php' Blind SQL Injection Blogator-script 0.95 - 'id_art' Parameter SQL Injection Dragoon 0.1 - 'lng' Parameter Local File Inclusion Easynet Forum Host - 'forum.php forum' SQL Injection CoBaLT 0.1 - Multiple SQL Injections Gaming Directory 1.0 - 'cat_id' SQL Injection Easynet Forum Host - 'forum.php' SQL Injection Cobalt 0.1 - Multiple SQL Injections Gaming Directory 1.0 - 'cat_id' Parameter SQL Injection Links Directory 1.1 - 'cat_id' SQL Injection Software Index 1.1 - 'cid' SQL Injection Links Directory 1.1 - 'cat_id' Parameter SQL Injection Software Index 1.1 - 'cid' Parameter SQL Injection Blog PixelMotion - 'index.php categorie' SQL Injection Site Sift Listings - 'id' SQL Injection Blog PixelMotion - 'categorie' Parameter SQL Injection Site Sift Listings - 'id' Parameter SQL Injection Prozilla Forum Service - 'forum.php forum' SQL Injection Prozilla Forum Service - 'forum' Parameter SQL Injection Prozilla Freelancers - (project) SQL Injection Prozilla Freelancers - 'project' Parameter SQL Injection LinPHA 1.3.3 - (maps plugin) Remote Command Execution Dragoon 0.1 - (root) Remote File Inclusion LinPHA 1.3.3 Plugin Maps - Remote Command Execution Dragoon 0.1 - 'root' Parameter Remote File Inclusion k-links directory - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities k-links directory - SQL Injection / Cross-Site Scripting SFS Affiliate Directory - 'id' SQL Injection Affiliate Directory - 'id' Parameter SQL Injection SFS EZ Gaming Directory - 'Directory.php id' SQL Injection SFS EZ Gaming Directory - 'directory.php' SQL Injection SFS EZ Gaming Directory - 'cat_id' SQL Injection SFS EZ Gaming Directory - 'cat_id' Parameter SQL Injection LinPHA 1.3.2 - (rotate.php) Remote Command Execution LinPHA 1.3.2 - 'rotate.php' Remote Command Execution cobalt qube webmail 1.0 - Directory Traversal Cobalt Qube Webmail 1.0 - Directory Traversal LinPHA 0.9.x/1.0 - 'index.php' lang Parameter Local File Inclusion LinPHA 0.9.x/1.0 - install.php language Parameter Local File Inclusion LinPHA 0.9.x/1.0 - sec_stage_install.php language Parameter Local File Inclusion LinPHA 0.9.x/1.0 - forth_stage_install.php language Variable POST Method Local File Inclusion LinPHA 0.9.x/1.0 - 'lang' Parameter Local File Inclusion LinPHA 0.9.x/1.0 - 'install.php' Parameter Local File Inclusion LinPHA 0.9.x/1.0 - 'sec_stage_install.php' Parameter Local File Inclusion LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion LinPHA 1.1 - Multiple Cross-Site Scripting Vulnerabilities Drake CMS 0.2 - 'index.php' Cross-Site Scripting Sabros.US 1.7 - 'index.php' Cross-Site Scripting Drake CMS 0.3.7 - 404.php Local File Inclusion Drake CMS 0.3.7 - '404.php' Local File Inclusion Drake CMS 0.4.9 - 'index.php' Cross-Site Scripting Blogator-script 0.95 - 'bs_auth.php' Cross-Site Scripting CoBaLT 2.0 - 'adminler.asp' SQL Injection Cobalt 2.0 - 'adminler.asp' SQL Injection VisualPic 0.3.1 - Cross-Site Scripting LinPHA 1.3.2/1.3.3 - 'login.php' Cross-Site Scripting LinPHA 1.3.2/1.3.3 - new_images.php Cross-Site Scripting Software Index - 'signinform.php' Cross-Site Scripting CMSimple 4.4.4 - Remote file Inclusion CMSimple 4.4.4 - Remote File Inclusion Wordpress Plugin Answer My Question 1.3 - SQL Injection Wordpress Plugin Sirv 1.3.1 - SQL Injection	2016-11-18 05:01:22 +00:00
Offensive Security	e1c4e9e1ec	DB: 2016-11-17 3 new exploits Redhat 6.1 / 6.2 - TTY Flood Users Exploit RedHat 6.1 / 6.2 - TTY Flood Users Exploit Microsoft Windows - Kernel ANI File Parsing Crash Microsoft Windows Kernel - '.ANI' File Parsing Crash PunBB 2.0.10 - (Register Multiple Users) Denial Of Service PunBB 2.0.10 - (Register Multiple Users) Denial of Service Apple Mac OSX 10.4.x - Kernel shared_region_map_file_np() Memory Corruption Apple Mac OSX 10.4.x Kernel - shared_region_map_file_np() Memory Corruption MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial Of Service MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial of Service MailEnable Professional/Enterprise 2.37 - Denial Of Service MailEnable Professional/Enterprise 2.37 - Denial of Service Apple Mac OSX 10.4.x - Kernel i386_set_ldt() Integer Overflow (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial Of Service Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial Of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial of Service snircd 1.3.4 - (send_user_mode) Denial of Service MPlayer - sdpplin_parse() Array Indexing Buffer Overflow (PoC) Snircd 1.3.4 - 'send_user_mode' Denial of Service MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC) LogMeIn Remote Access Utility - ActiveX Memory Corruption (Denial Of Service) LogMeIn Remote Access Utility - ActiveX Memory Corruption (Denial of Service) ZoIPer 2.22 - Call-Info Remote Denial Of Service ZoIPer 2.22 - Call-Info Remote Denial of Service Dualis 20.4 - '.bin' Local Denial Of Service Dualis 20.4 - '.bin' Local Denial of Service Dolphin 2.0 - '.elf' Local Denial Of Service Dolphin 2.0 - '.elf' Local Denial of Service Home FTP Server r1.10.3 (build 144) - Denial of Service Home FTP Server 1.10.3 (build 144) - Denial of Service Red Hat Linux - stickiness of /tmp Exploit RedHat Linux - Stickiness of /tmp Exploit Apple Mac OSX < 10.6.7 - Kernel Panic Exploit Apple Mac OSX < 10.6.7 - Kernel Panic Red Hat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service RedHat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service Titan FTP Server 3.0 - 'LIST' Command Denial Of Service Titan FTP Server 3.0 - 'LIST' Command Denial of Service Mozilla0.x / Netscape 3/4 / Firefox 1.0 - JavaScript IFRAME Rendering Denial Of Service Mozilla0.x / Netscape 3/4 / Firefox 1.0 - JavaScript IFRAME Rendering Denial of Service I Hear U 0.5.6 - Multiple Remote Denial Of Service Vulnerabilities I Hear U 0.5.6 - Multiple Remote Denial of Service Vulnerabilities Microsoft Windows Explorer - '.png' Image Local Denial Of Service Microsoft Windows Explorer - '.png' Image Local Denial of Service Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial Of Service Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service MySQL 5.1.23 - Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service MySQL 5.1.23 - Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial of Service PHP 5.2.5 - Multiple GetText functions Denial Of Service Vulnerabilities PHP 5.2.5 - Multiple GetText functions Denial of Service Vulnerabilities LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial Of Service LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial Of Service Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial of Service Sami FTP Server 2.0.x - Multiple Commands Remote Denial Of Service Vulnerabilities Sami FTP Server 2.0.x - Multiple Commands Remote Denial of Service Vulnerabilities SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial Of Service SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial of Service RemotelyAnywhere 8.0.668 - 'Accept-Charset' Parameter Null Pointer Denial Of Service RemotelyAnywhere 8.0.668 - 'Accept-Charset' Parameter Null Pointer Denial of Service MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial Of Service snircd 1.3.4 And ircu 2.10.12.12 - 'set_user_mode' Remote Denial of Service MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial of Service SLMail Pro 6.3.1.0 - Multiple Remote Denial Of Service / Memory Corruption Vulnerabilities Microsoft Windows XP/Vista/2000/2003/2008 - Kernel Usermode Callback Privilege Escalation (1) SLMail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (1) SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial Of Service SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial of Service Apple iCal 3.0.1 - 'ATTACH' Parameter Denial Of Service Apple iCal 3.0.1 - 'ATTACH' Parameter Denial of Service WinWebMail 3.7.3 - IMAP Login Data Handling Denial Of Service WinWebMail 3.7.3 - IMAP Login Data Handling Denial of Service Computer Associates ARCserve Backup Discovery Service Remote - Denial Of Service Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service Microsoft Excel 2007 - JavaScript Code Remote Denial Of Service Microsoft Excel 2007 - JavaScript Code Remote Denial of Service GNOME Rhythmbox 0.11.5 - Malformed Playlist File Denial Of Service GNOME Rhythmbox 0.11.5 - Malformed Playlist File Denial of Service GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial Of Service GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial of Service SWAT 4 - Multiple Denial Of Service Vulnerabilities SWAT 4 - Multiple Denial of Service Vulnerabilities Unreal Tournament 3 - Denial Of Service / Memory Corruption Unreal Tournament 3 - Denial of Service / Memory Corruption Combat Evolved 1.0.7.0615 - Multiple Denial Of Service Vulnerabilities Combat Evolved 1.0.7.0615 - Multiple Denial of Service Vulnerabilities Noticeware Email Server 4.6 - NG LOGIN Messages Denial Of Service Noticeware Email Server 4.6 - NG LOGIN Messages Denial of Service Ruby 1.9 - REXML Remote Denial Of Service Ruby 1.9 - REXML Remote Denial of Service Red Hat 8/9 - Directory Server Crafted Search Pattern Denial of Service RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service MySQL 6.0.4 - Empty Binary String Literal Remote Denial Of Service MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service Mass Downloader - Malformed Executable Denial Of Service Mass Downloader - Malformed Executable Denial of Service Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial Of Service Zope 2.11.2 - PythonScript Multiple Remote Denial Of Service Vulnerabilities Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service Zope 2.11.2 - PythonScript Multiple Remote Denial of Service Vulnerabilities GeSHi 1.0.x - XML Parsing Remote Denial Of Service GeSHi 1.0.x - XML Parsing Remote Denial of Service Symbian S60 - Malformed SMS/Mms Remote Denial Of Service Symbian S60 - Malformed SMS/Mms Remote Denial of Service InfraRecorder 0.53 - Memory Corruption (Denial Of Service) IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial Of Service InfraRecorder 0.53 - Memory Corruption (Denial of Service) IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service QNX RTOS 6.4 - Malformed ELF Binary File Local Denial Of Service QNX RTOS 6.4 - Malformed ELF Binary File Local Denial of Service Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial Of Service PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial Of Service Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial of Service PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial of Service Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial Of Service Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial of Service MySQL 6.0.9 - XPath Expression Remote Denial Of Service MySQL 6.0.9 - XPath Expression Remote Denial of Service MPlayer - Malformed AAC File Handling Denial of Service MPlayer - Malformed OGM File Handling Denial of Service MPlayer - '.AAC' File Handling Denial of Service MPlayer - '.OGM' File Handling Denial of Service Mani's Admin Plugin - Remote Denial Of Service Mani's Admin Plugin - Remote Denial of Service cFos Personal Net 3.09 - Remote Heap Memory Corruption (Denial Of Service) CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial Of Service cFos Personal Net 3.09 - Remote Heap Memory Corruption (Denial of Service) CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service Git 1.6.3 - Parameter Processing Remote Denial Of Service Git 1.6.3 - Parameter Processing Remote Denial of Service GUPnP 0.12.7 - Message Handling Denial Of Service GUPnP 0.12.7 - Message Handling Denial of Service ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial Of Service ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service FileCOPA FTP Server 5.01 - 'NOOP' Command Denial Of Service FileCOPA FTP Server 5.01 - 'NOOP' Command Denial of Service Snort 2.8.5 - Multiple Denial Of Service Vulnerabilities Snort 2.8.5 - Multiple Denial of Service Vulnerabilities lighttpd 1.4/1.5 - Slow Request Handling Remote Denial Of Service lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service Skybox Security 6.3.x < 6.4.x - Multiple Denial Of Service Issue Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Issue Hybserv2 - ':help' Command Denial Of Service Hybserv2 - ':help' Command Denial of Service Mozilla Firefox 3.5.x and SeaMonkey 2.0.1 - Remote Denial Of Service Apple Safari 4.0.4 - Remote Denial Of Service Mozilla Firefox 3.5.x and SeaMonkey 2.0.1 - Remote Denial of Service Apple Safari 4.0.4 - Remote Denial of Service FreeBSD 8.0 / OpenBSD 4.x - 'ftpd' Null Pointer Dereference Denial Of Service FreeBSD 8.0 / OpenBSD 4.x - 'ftpd' Null Pointer Dereference Denial of Service PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial Of Service PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service Remote Help HTTP 0.0.7 - GET Request Format String Denial Of Service Remote Help HTTP 0.0.7 - GET Request Format String Denial of Service netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial Of Service netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial of Service Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial Of Service Geo++ GNCASTER 1.4.0.7 NMEA-data - Denial Of Service Xitami 5.0 - '/AUX' Request Remote Denial Of Service Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial of Service Geo++ GNCASTER 1.4.0.7 NMEA-data - Denial of Service Xitami 5.0 - '/AUX' Request Remote Denial of Service Torque Game Engine - Multiple Denial Of Service Vulnerabilities Torque Game Engine - Multiple Denial of Service Vulnerabilities EA Battlefield 2 1.41 / Battlefield 2142 1.50 - Multiple Denial Of Service Vulnerabilities EA Battlefield 2 1.41 / Battlefield 2142 1.50 - Multiple Denial of Service Vulnerabilities Unreal Engine - 'ReceivedRawBunch()' Denial Of Service Unreal Engine - 'ReceivedRawBunch()' Denial of Service Chrome Engine 4 - Denial Of Service Chrome Engine 4 - Denial of Service Sagem Fast 3304-V1 - Denial Of Service Sagem Fast 3304-V1 - Denial of Service Sumatra PDF 1.1 - Denial Of Service Sumatra PDF 1.1 - Denial of Service Freeciv 2.2.1 - Multiple Remote Denial Of Service Vulnerabilities Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial Of Service Vulnerabilities Freeciv 2.2.1 - Multiple Remote Denial of Service Vulnerabilities Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial of Service Vulnerabilities Microsoft DirectX 8/9 DirectPlay - Multiple Denial Of Service Vulnerabilities Microsoft DirectX 8/9 DirectPlay - Multiple Denial of Service Vulnerabilities PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial Of Service PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial of Service Sniper Elite 1.0 - Null Pointer Dereference Denial Of Service Sniper Elite 1.0 - Null Pointer Dereference Denial of Service MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial Of Service MySQL 5.1.48 - 'EXPLAIN' Denial Of Service OraclMySQL 5.1.48 - 'LOAD DATA INFILE' Denial Of Service MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial of Service MySQL 5.1.48 - 'EXPLAIN' Denial of Service OraclMySQL 5.1.48 - 'LOAD DATA INFILE' Denial of Service Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial Of Service Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial Of Service Oracle MySQL < 5.1.49 - 'DDL' Statements Denial Of Service Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial of Service Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial of Service Oracle MySQL < 5.1.49 - 'DDL' Statements Denial of Service GNU glibc - 'regcomp()' Stack Exhaustion Denial Of Service GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial Of Service Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial of Service Microsoft Internet Explorer 11 - Denial Of Service Microsoft Internet Explorer 11 - Denial of Service Golden FTP Server 4.70 - Malformed Message Denial Of Service Golden FTP Server 4.70 - Malformed Message Denial of Service TP-Link TL-WR740N - Denial Of Service PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial Of Service TP-Link TL-WR740N - Denial of Service PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial of Service Battlefield 2/2142 - Malformed Packet Null Pointer Dereference Remote Denial Of Service Battlefield 2/2142 - Malformed Packet Null Pointer Dereference Remote Denial of Service Wireshark 1.4.3 - NTLMSSP Null Pointer Dereference Denial Of Service Air Contacts Lite - HTTP Packet Denial Of Service Wireshark 1.4.3 - NTLMSSP Null Pointer Dereference Denial of Service Air Contacts Lite - HTTP Packet Denial of Service TOTVS ERP Microsiga Protheus 8/10 - Memory Corruption (Denial Of Service) TOTVS ERP Microsiga Protheus 8/10 - Memory Corruption (Denial of Service) Perl 5.10 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities Perl 5.10 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities Novell eDirectory 8.8 and Netware LDAP-SSL Daemon - Denial Of Service Novell eDirectory 8.8 and Netware LDAP-SSL Daemon - Denial of Service Wireshark 1.4.5 - 'bytes_repr_len()' Null Pointer Dereference Denial Of Service Wireshark 1.4.5 - 'bytes_repr_len()' Null Pointer Dereference Denial of Service RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial Of Service RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial of Service PHP < 5.3.7 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities PHP < 5.3.7 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial Of Service Microsoft Host Integration Server 2004-2010 - Remote Denial Of Service Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial of Service Microsoft Host Integration Server 2004-2010 - Remote Denial of Service Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial Of Service Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial of Service Titan FTP Server 8.40 - 'APPE' Command Remote Denial Of Service Titan FTP Server 8.40 - 'APPE' Command Remote Denial of Service Apache APR - Hash Collision Denial Of Service PHP PDORow Object - Remote Denial Of Service Apache APR - Hash Collision Denial of Service PHP PDORow Object - Remote Denial of Service PHP 5.3.8 - Remote Denial Of Service PHP 5.3.8 - Remote Denial of Service Mercury MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerabilities Mercury MR804 Router - Multiple HTTP Header Fields Denial of Service Vulnerabilities Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial Of Service Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial of Service Universal Reader 1.16.740.0 - 'uread.exe' Denial Of Service Universal Reader 1.16.740.0 - 'uread.exe' Denial of Service Apache Sling - Denial Of Service Apache Sling - Denial of Service VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial Of Service VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial of Service Microsoft Windows - Kernel Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows - Kernel DeferWindowPos Use-After-Free (MS15-073) Microsoft Windows - Kernel UserCommitDesktopMemory Use-After-Free (MS15-073) Microsoft Windows - Kernel Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows - Kernel HmgAllocateObjectAttr Use-After-Free (MS15-061) Microsoft Windows - Kernel win32k!vSolidFillRect Buffer Overflow (MS15-061) Microsoft Windows - Kernel SURFOBJ Null Pointer Dereference (MS15-061) Microsoft Windows - Kernel Brush Object Use-After-Free (MS15-061) Microsoft Windows - Kernel WindowStation Use-After-Free (MS15-061) Microsoft Windows - Kernel Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows - Kernel Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows - Kernel FlashWindowEx Memory Corruption (MS15-097) Microsoft Windows - Kernel bGetRealizedBrush Use-After-Free (MS15-097) Microsoft Windows - Kernel Use-After-Free with Cursor Object (MS15-097) Microsoft Windows - Kernel Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows - Kernel NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073) Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073) Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061) Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061) Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - Brush Object Use-After-Free (MS15-061) Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061) Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows Kernel - FlashWindowEx Memory Corruption (MS15-097) Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097) Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Microsoft Windows - Kernel NtGdiBitBlt Buffer Overflow (MS15-097) Microsoft Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097) MySQL / MariaDB - Geometry Query Denial Of Service MySQL / MariaDB - Geometry Query Denial of Service Apple Mac OSX - Kernel IOAccelMemoryInfoUserClient Use-After-Free Apple Mac OSX Kernel - IOAccelMemoryInfoUserClient Use-After-Free Microsoft Windows - Kernel 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows - Kernel 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows Kernel - 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows Kernel - 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Blue Coat ProxySG 5.x - and Security Gateway OS Denial Of Service Blue Coat ProxySG 5.x - and Security Gateway OS Denial of Service Microsoft Windows - Kernel Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115) Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115) Apple Mac OSX - Kernel no-more-senders Use-After-Free Apple Mac OSX Kernel - no-more-senders Use-After-Free Apple Mac OSX - Kernel IOAccelDisplayPipeUserClient2 Use-After-Free Apple Mac OSX Kernel - IOAccelDisplayPipeUserClient2 Use-After-Free TFTPD32 / Tftpd64 - Denial Of Service TFTPD32 / Tftpd64 - Denial of Service Apple Mac OSX / iOS - Kernel IOHDIXControllUserClient::clientClose Use-After-Free/Double-Free Apple Mac OSX / iOS - Kernel iokit Registry Iterator Manipulation Double-Free Apple Mac OSX / iOS Kernel - IOHDIXControllUserClient::clientClose Use-After-Free/Double-Free Apple Mac OSX / iOS Kernel - iokit Registry Iterator Manipulation Double-Free Apple Mac OSX - Kernel Hypervisor Driver Use-After-Free Apple Mac OSX Kernel - Hypervisor Driver Use-After-Free Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026) Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026) Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026) Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026) Apple Mac OSX - Kernel Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort Apple Mac OSX - Kernel AppleKeyStore Use-After-Free Apple Mac OSX - Kernel Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver Apple Mac OSX - Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver Apple Mac OSX Kernel - AppleKeyStore Use-After-Free Apple Mac OSX Kernel - Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver Apple Mac OSX Kernel - Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver Microsoft Windows - Kernel Bitmap Use-After-Free Microsoft Windows - Kernel NtGdiGetTextExtentExW Out-of-Bounds Memory Read Microsoft Windows Kernel - Bitmap Use-After-Free Microsoft Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read Microsoft Windows - Kernel DrawMenuBarTemp Wild-Write (MS16-039) Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039) Microsoft Windows - Kernel 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039) Microsoft Windows Kernel - 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039) Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX - Kernel Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX - Kernel Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in IOAudioEngine Apple Mac OSX - Kernel OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type Apple Mac OSX - Kernel Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 Apple Mac OSX / iOS - Kernel UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient Apple Mac OSX - Kernel Stack Buffer Overflow in GeForce GPU Driver Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in IOAudioEngine Apple Mac OSX Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow Microsoft Windows - Kernel 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074) Microsoft Windows Kernel - 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074) Apple OS X - Kernel IOBluetoothFamily.kext Use-After-Free Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free Linux Kernel 2.2.x / 2.4.x (Redhat) - 'ptrace/kmod' Privilege Escalation Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation XGalaga 2.0.34 - Local game Exploit (Red Hat 9.0) xtokkaetama 1.0b - Local Game Exploit (Red Hat 9.0) XGalaga 2.0.34 (RedHat 9.0) - Local Game Exploit xtokkaetama 1.0b (RedHat 9.0) - Local Game Exploit hztty 2.0 - Privilege Escalation (Red Hat 9.0) hztty 2.0 (RedHat 9.0) - Privilege Escalation Redhat 6.2 /sbin/restore - Exploit RedHat 6.2 /sbin/restore - Exploit Redhat 6.2 Restore and Dump - Local Exploit (Perl) RedHat 6.2 Restore and Dump - Local Exploit (Perl) Redhat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit dump 0.4b15 (Redhat 6.2) - Exploit RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit dump 0.4b15 (RedHat 6.2) - Exploit Red Hat 6.2 xsoldier 0.96 - Exploit xsoldier 0.96 (RedHat 6.2) - Exploit Redhat 6.1 man - Local Exploit (egid 15) RedHat 6.1 man - Local Exploit (egid 15) Microsoft Windows 2000 - Kernel APC Data-Free Local Escalation Exploit (MS05-055) Microsoft Windows 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055) Microsoft Windows - Kernel Privilege Escalation (MS06-049) Microsoft Windows Kernel - Privilege Escalation (MS06-049) Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Kernel Privilege Escalation Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Privilege Escalation Linux Kernel 2.x (Redhat) - 'sock_sendpage()' Ring0 Privilege Escalation (1) Linux Kernel 2.x (RedHat) - 'sock_sendpage()' Ring0 Privilege Escalation (1) (Linux Kernel 2.6.34-rc3) ReiserFS (Redhat / Ubuntu 9.10) - xattr Privilege Escalation (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - xattr Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (Redhat x86_64) - 'compat' Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86_64) - 'compat' Privilege Escalation Linux Kernel < 2.6.36-rc6 (Redhat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1) Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1) Immunix OS 6.2/7.0 / Redhat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow Microsoft Windows - Kernel Intel x64 SYSRET (PoC) Microsoft Windows Kernel - Intel x64 SYSRET (PoC) Linux Kernel 3.7.6 (Redhat x86/x64) - 'MSR' Driver Privilege Escalation Linux Kernel 3.7.6 (RedHat x86/x64) - 'MSR' Driver Privilege Escalation Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation Microsoft Windows XP/7 - Kernel 'win32k.sys' Keyboard Layout Privilege Escalation Microsoft Windows XP/7 Kernel - 'win32k.sys' Keyboard Layout Privilege Escalation Microsoft Windows - Kernel 'win32k.sys' Privilege Escalation (MS14-058) Microsoft Windows Kernel - 'win32k.sys' Privilege Escalation (MS14-058) Apple OS X/iOS - Kernel IOSurface Use-After-Free Apple OS X/iOS Kernel - IOSurface Use-After-Free Linux Kernel (Ubuntu / Fedora / Redhat) - 'Overlayfs' Privilege Escalation (Metasploit) Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Privilege Escalation (Metasploit) Ruby 1.8.6 - (Webrick Httpd 1.3.1) Directory Traversal Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal mg-soft net Inspector 6.5.0.828 - Multiple Vulnerabilities MG-SOFT Net Inspector 6.5.0.828 - Multiple Vulnerabilities ZYXEL ZyWALL Quagga/Zebra - (Default Password) Remote Root Exploit ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit Red Hat Linux 7.0 Apache - Remote 'Username' Enumeration RedHat Linux 7.0 Apache - Remote 'Username' Enumeration Red Hat Interchange 4.8.x - Arbitrary File Read RedHat Interchange 4.8.x - Arbitrary File Read Red Hat Apache 2.0.40 - Directory Index Default Configuration Error RedHat Apache 2.0.40 - Directory Index Default Configuration Error Foreman (Red Hat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit) Foreman (RedHat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit) Red Hat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities RedHat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities Red Hat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit) RedHat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit) Katello (Red Hat Satellite) - users/update_roles Missing Authorisation (Metasploit) Katello (RedHat Satellite) - users/update_roles Missing Authorisation (Metasploit) Red Hat Stronghold Web Server 2.3 - Cross-Site Scripting RedHat Stronghold Web Server 2.3 - Cross-Site Scripting Red Hat Piranha - Remote Security Bypass RedHat Piranha - Remote Security Bypass KISGB 5.1.1 - (Authenticate.php) Remote File Inclusion KISGB 5.1.1 - 'Authenticate.php' Remote File Inclusion Jshop Server 1.3 - (fieldValidation.php) Remote File Inclusion Jshop Server 1.3 - 'fieldValidation.php' Remote File Inclusion phpBP RC3 - (2.204) (SQL Injection / cmd) Remote Code Execution phpBP RC3 (2.204) - SQL Injection / Remote Code Execution eXV2 Module MyAnnonces - (lid) SQL Injection eXV2 Module eblog 1.2 - (blog_id) SQL Injection eXV2 Module Viso 2.0.4.3 - (kid) SQL Injection eXV2 Module WebChat 1.60 - (roomid) SQL Injection eXV2 Module MyAnnonces - 'lid' Parameter SQL Injection eXV2 Module eblog 1.2 - 'blog_id' Parameter SQL Injection eXV2 Module Viso 2.0.4.3 - 'kid' Parameter SQL Injection eXV2 Module WebChat 1.60 - 'roomid' Parameter SQL Injection Fuzzylime CMS 3.01 - (admindir) Remote File Inclusion Fuzzylime CMS 3.01 - 'admindir' Parameter Remote File Inclusion Exero CMS 1.0.1 - (theme) Multiple Local File Inclusion Exero CMS 1.0.1 - 'theme' Parameter Multiple Local File Inclusion Joomla! Component Acajoom (com_acajoom) - SQL Injection Joomla! Component Acajoom 1.1.5 - SQL Injection ASPapp Knowledge Base - 'links.asp CatId' SQL Injection Joomla! Component joovideo 1.2.2 - 'id' SQL Injection Joomla! Component Alberghi 2.1.3 - 'id' SQL Injection Mambo Component 'com_accombo' 1.x - 'id' SQL Injection Joomla! Component Restaurante 1.0 - 'id' SQL Injection PEEL CMS - Admin Hash Extraction / Arbitrary File Upload RunCMS Module section - (artid) SQL Injection ASPapp Knowledge Base - SQL Injection ASPapp Knowledge Base - 'CatId' Parameter SQL Injection Joomla! Component joovideo 1.2.2 - 'id' Parameter SQL Injection Joomla! Component Alberghi 2.1.3 - 'id' Parameter SQL Injection Mambo Component Accombo 1.x - 'id' Parameter SQL Injection Joomla! Component Restaurante 1.0 - 'id' Parameter SQL Injection PEEL CMS 3.x - Admin Hash Extraction / Arbitrary File Upload RunCMS Module section - 'artid' Parameter SQL Injection ASPapp Knowledge Base - SQL Injection RunCMS Module Photo 3.02 - 'cid' SQL Injection D.E. Classifieds - 'cat_id' SQL Injection RunCMS Module Photo 3.02 - 'cid' Parameter SQL Injection D.E. Classifieds - 'cat_id' Parameter SQL Injection PHP-Nuke Platinum 7.6.b.5 - (dynamic_titles.php) SQL Injection PHP-Nuke Platinum 7.6.b.5 - 'dynamic_titles.php' SQL Injection Joomla! Component rekry 1.0.0 - (op_id) SQL Injection destar 0.2.2-5 - Arbitrary Add New User Exploit Joomla! Component rekry 1.0.0 - 'op_id' Parameter SQL Injection Destar 0.2.2-5 - Arbitrary Add New User Exploit destar 0.2.2-5 - Arbitrary Add Admin Destar 0.2.2-5 - Arbitrary Add Admin BolinOS 4.6.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Security Vulnerabilities Joomla! Component Alphacontent 2.5.8 - 'id' SQL Injection BolinOS 4.6.1 - Local File Inclusion / Cross-Site Scripting Joomla! Component Alphacontent 2.5.8 - 'id' Parameter SQL Injection TopperMod 1.0 - (mod.php) Local File Inclusion TopperMod 1.0 - 'mod.php' Local File Inclusion Joomla! Component MyAlbum 1.0 - (album) SQL Injection Joomla! Component MyAlbum 1.0 - 'album' Parameter SQL Injection Smoothflash - 'admin_view_image.php cid' SQL Injection Smoothflash - 'cid' Parameter SQL Injection JShop 1.x < 2.x - (page.php xPage) Local File Inclusion WordPress Plugin Download - (dl_id) SQL Injection PHPSpamManager 0.53b - (body.php) Remote File Disclosure Woltlab Burning Board Addon JGS-Treffen - SQL Injection Neat weblog 0.2 - 'articleId' SQL Injection EasyNews 40tr - (SQL Injection / Cross-Site Scripting / Local File Inclusion) SQL Injection FaScript FaPhoto 1.0 - (show.php id) SQL Injection Mambo Component 'com_ahsshop' 1.51 - 'vara' Parameter SQL Injection eggBlog 4.0 - Password Retrieve SQL Injection Joomla! Component actualite 1.0 - 'id' SQL Injection JShop 1.x < 2.x - 'xPage' Parameter Local File Inclusion WordPress Plugin Download - 'dl_id' Parameter SQL Injection PHPSpamManager 0.53b - 'body.php' Remote File Disclosure Woltlab Burning Board Addon JGS-Treffen 2.0.2 - SQL Injection Neat weblog 0.2 - 'articleId' Parameter SQL Injection EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion FaScript FaPhoto 1.0 - 'show.php' SQL Injection Mambo Component Ahsshop 1.51 - 'vara' Parameter SQL Injection eggBlog 4.0 - SQL Injection Joomla! Component actualite 1.0 - 'id' Parameter SQL Injection PHPAddressBook 2.11 - (view.php id) SQL Injection PHPAddressBook 2.11 - 'view.php' SQL Injection Joomla! Component com_alphacontent - Blind SQL Injection Joomla! Component Alphacontent 2.5.8 - Blind SQL Injection Joomla! Component 'com_eventbooking' 2.10.1 - SQL Injection Joomla! Component Event Booking 2.10.1 - SQL Injection Nuked-klaN 1.3 - Multiple Cross-Site Scripting Vulnerabilities JShop E-Commerce Suite - xSearch Cross-Site Scripting JShop E-Commerce Suite 3.0 - 'page.php' Cross-Site Scripting JShop E-Commerce Suite 1.2 - product.php Cross-Site Scripting Nuked-klaN 1.7 Sections Module - artid Parameter SQL Injection Nuked-klaN 1.7 Sections Module - 'artid' Parameter SQL Injection Nuked-klaN 1.7 Download Module - dl_id Parameter SQL Injection Nuked-klaN 1.7 Links Module - link_id Parameter SQL Injection Nuked-klaN 1.7 Download Module - 'dl_id' Parameter SQL Injection Nuked-klaN 1.7 Links Module - 'link_id' Parameter SQL Injection Nuked-klaN 1.7 - 'index.php' Cross-Site Scripting Foreman (Red Hat OpenStack/Satellite) - users/create Mass Assignment (Metasploit) Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit) Eggblog 3.1 - admin/articles.php edit Parameter Cross-Site Scripting Eggblog 3.1 - admin/comments.php edit Parameter Cross-Site Scripting Eggblog 3.1 - admin/users.php add Parameter Cross-Site Scripting Eggblog 3.1 - rss.php Cross-Site Scripting Nuked-klaN 1.7.5 - File Parameter News Module Cross-Site Scripting Cuteflow Bin 1.5 - pages/showtemplates.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/editmailinglist_step1.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/showcirculation.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/edittemplate_step2.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/showfields.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/showuser.php language Parameter Cross-Site Scripting CS-Cart 4.3.10 - XML External Entity Injection CoronaMatrix phpAddressBook 2.0 - 'Username' Cross-Site Scripting Cisco BBSM Captive Portal 5.3 - 'AccesCodeStart.asp' Cross-Site Scripting Cacti 0.8.7 (Red Hat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting Cacti 0.8.7 (RedHat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload Mambo Component 'com_ahsshop' - SQL Injection Mambo Component Ahsshop - SQL Injection Wordpress Plugin Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting Joomla 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation WordPress Plugin XCloner 3.1.5 - Multiple Vulnerabilities	2016-11-17 05:01:21 +00:00
Offensive Security	3c006aac19	DB: 2016-11-13	2016-11-13 05:01:17 +00:00
Offensive Security	1f59ca27c2	DB: 2016-11-03 15 new exploits Joomla! Component PBBooking 1.0.4_3 - Multiple Blind SQL Injection Joomla! Component 'com_pbbooking' 1.0.4_3 - Multiple Blind SQL Injection Joomla! Component SimpleShop (com_SimpleShop) - SQL Injection Joomla! Component 'com_SimpleShop' - SQL Injection Joomla! Component Spielothek 1.6.9 - Multiple Blind SQL Injection Joomla! Component 'com_spielothek' 1.6.9 - Multiple Blind SQL Injection Joomla! Component CamelcityDB 2.2 - SQL Injection Joomla! Component 'com_camelcitydb2' 2.2 - SQL Injection Joomla! Component cgtestimonial 2.2 - Multiple Vulnerabilities Joomla! Component 'com_cgtestimonial' 2.2 - Multiple Vulnerabilities Joomla! Component com_neorecruit 1.4 - SQL Injection Joomla! Component 'com_neorecruit' 1.4 - SQL Injection Joomla! Component Teams - Multiple Blind SQL Injection Joomla! Component 'com_teams' - Multiple Blind SQL Injection Joomla! Component Yellowpages - SQL Injection Joomla! Component 'com_yellowpages' - SQL Injection Joomla! Component Amblog 1.0 - Multiple SQL Injections Joomla! Component 'com_amblog' 1.0 - Multiple SQL Injections Joomla! Component com_equipment - SQL Injection Joomla! Component Jgrid 1.0 - Local File Inclusion Joomla! Component OnGallery - SQL Injection Joomla! Component 'com_equipment' - SQL Injection Joomla! Component 'com_jgrid' 1.0 - Local File Inclusion Joomla! Component 'com_ongallery' - SQL Injection Joomla! Component com_Fabrik - SQL Injection Joomla! Component com_extcalendar - Blind SQL Injection Joomla! Component 'com_Fabrik' - SQL Injection Joomla! Component 'com_extcalendar' - Blind SQL Injection Joomla! Component com_zina - SQL Injection Joomla! Component Biblioteca 1.0 Beta - Multiple SQL Injections Joomla! Component 'com_zina' - SQL Injection Joomla! Component 'com_biblioteca' 1.0 Beta - Multiple SQL Injections Joomla! Component com_zoomportfolio - SQL Injection Joomla! Component 'com_zoomportfolio' - SQL Injection Joomla! Component com_remository - Arbitrary File Upload Joomla! Component 'com_remository' - Arbitrary File Upload Joomla! Component com_picsell - Local File Disclosure Joomla! Component com_jefaqpro - Multiple Blind SQL Injection Joomla! Component 'com_picsell' - Local File Disclosure Joomla! Component 'com_jefaqpro' - Multiple Blind SQL Injection Joomla! Component iJoomla! magazine 3.0.1 - Remote File Inclusion Joomla! Component 'com_magazine' 3.0.1 - Remote File Inclusion Joomla! Component Clantools 1.5 - Blind SQL Injection Joomla! Component Clantools 1.2.3 - Multiple Blind SQL Injection Joomla! Component 'com_clantools' 1.5 - Blind SQL Injection Joomla! Component 'com_clantools' 1.2.3 - Multiple Blind SQL Injection Joomla! Component Gantry Framework 3.0.10 - Blind SQL Injection Joomla! Component 'com_gantry' 3.0.10 - Blind SQL Injection Joomla! Component Aardvertiser 2.1 Free - Blind SQL Injection Joomla! Component 'com_aardvertiser' 2.1 - Blind SQL Injection Joomla! Component RSform! 1.0.5 - Multiple Vulnerabilities Joomla! Component 'com_forme' 1.0.5 - Multiple Vulnerabilities Joomla! Component com_jphone - Local File Inclusion Joomla! Component 'com_jphone' - Local File Inclusion Joomla! Component Mosets Tree 2.1.5 - Arbitrary File Upload Joomla! Component 'com_mtree' 2.1.5 - Arbitrary File Upload Joomla! Component com_jgen - SQL Injection Joomla! Component 'com_jgen' - SQL Injection Joomla! Component com_restaurantguide - Multiple Vulnerabilities Joomla! Component 'com_restaurantguide' - Multiple Vulnerabilities Joomla! Component com_elite_experts - SQL Injection Joomla! Component 'com_elite_experts' - SQL Injection Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injection Joomla! Component com_ezautos - SQL Injection Joomla! Component 'com_timetrack' 1.2.4 - Multiple SQL Injection Joomla! Component 'com_ezautos' - SQL Injection Joomla! Component je Guestbook 1.0 - Multiple Vulnerabilities Joomla! Component 'com_jeguestbook' 1.0 - Multiple Vulnerabilities Joomla! Component JE Job - SQL Injection Joomla! Component JE Directory - SQL Injection Joomla! Component 'com_jejob' - SQL Injection Joomla! Component 'com_jedirectory' - SQL Injection Joomla! Component Community Builder Enhenced (CBE) - Local File Inclusion / Remote Code Execution Joomla! Component 'com_cbe' - Local File Inclusion / Remote Code Execution Joomla! Component js Calendar 1.5.1 Joomla! - Multiple Vulnerabilities Joomla! Component 'com_jscalendar' 1.5.1 - Multiple Vulnerabilities Joomla! Component JE Ajax Event Calendar (com_jeajaxeventcalendar) - SQL Injection Joomla! Component 'com_jeajaxeventcalendar' - SQL Injection Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload Joomla! Component 'com_jfuploader' < 2.12 - Arbitrary File Upload Joomla! Component Flip Wall (com_flipwall) - SQL Injection Joomla! Component Sponsor Wall (com_sponsorwall) - SQL Injection Joomla! Component 'com_flipwall' - SQL Injection Joomla! Component 'com_sponsorwall' - SQL Injection sweetrice CMS 0.6.7 - Multiple Vulnerabilities SweetRice 0.6.7 - Multiple Vulnerabilities Joomla! Component ccInvoices (com_ccinvoices) - SQL Injection Joomla! Component 'com_ccinvoices' - SQL Injection Joomla! Component com_connect - Local File Inclusion Joomla! Component DCNews com_dcnews - Local File Inclusion Joomla! Component 'com_connect' - Local File Inclusion Joomla! Component 'com_dcnews' - Local File Inclusion Joomla! Component com_ckforms - Local File Inclusion Joomla! Component com_clan - SQL Injection Joomla! Component 'com_ckforms' - Local File Inclusion Joomla! Component 'com_clan' - SQL Injection Joomla! Component com_clanlist - SQL Injection Joomla! Component 'com_clanlist' - SQL Injection Joomla! Component ProDesk 1.5 - Local File Inclusion Joomla! Component 'com_pro_desk' 1.5 - Local File Inclusion Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection Joomla! Component 'com_jquarks4s' 1.0.0 - Blind SQL Injection Joomla! Component btg_oglas - HTML / Cross-Site Scripting Injection Joomla! Component com_markt - SQL Injection Joomla! Component com_img - Local File Inclusion Joomla! Component 'btg_oglas' - HTML / Cross-Site Scripting Injection Joomla! Component 'com_markt' - SQL Injection Joomla! Component 'com_img' - Local File Inclusion Joomla! Component com_jsupport - Cross-Site Scripting Joomla! Component com_jsupport - SQL Injection Joomla! Component 'com_jsupport' - Cross-Site Scripting Joomla! Component 'com_jsupport' - SQL Injection Joomla! Component ccBoard 1.2-RC - Multiple Vulnerabilities Joomla! Component 'com_ccboard' 1.2-RC - Multiple Vulnerabilities Joomla! Component com_alfurqan15x - SQL Injection Joomla! Component 'com_alfurqan15x' - SQL Injection Joomla! Component Maian Media (com_maianmedia) - SQL Injection Joomla! Component 'com_maianmedia' - SQL Injection Joomla! Component Template Mosets Tree 2.1.6 - Overwrite Cross-Site Request Forgery Joomla! Component 'com_mtree' 2.1.6 - Overwrite Cross-Site Request Forgery Joomla! Component com_jimtawl - Local File Inclusion Joomla! Component 'com_jimtawl' - Local File Inclusion Joomla! Component JE Auto 1.0 - SQL Injection Joomla! Component 'com_jeauto' 1.0 - SQL Injection Joomla! Component Billy Portfolio 1.1.2 - Blind SQL Injection Joomla! Component 'com_billyportfolio' 1.1.2 - Blind SQL Injection Joomla! Component JRadio (com_jradio) - Local File Inclusion Joomla! Component 'com_jradio' - Local File Inclusion Joomla! Component JE Auto (com_jeauto) - Local File Inclusion Joomla! Component 'com_jeauto' - Local File Inclusion Joomla! Component Jotloader 2.2.1 - Local File Inclusion Joomla! Component 'com_jotloader' 2.2.1 - Local File Inclusion Joomla! Component com_xgallery 1.0 - Local File Inclusion Joomla! Component 'com_xgallery' 1.0 - Local File Inclusion Joomla! Component com_ponygallery - Remote File Inclusion Joomla! Component com_adsmanager - Remote File Inclusion Joomla! Component 'com_ponygallery' - Remote File Inclusion Joomla! Component 'com_adsmanager' - Remote File Inclusion Joomla! Component com_xmovie 1.0 - Local File Inclusion Joomla! Component 'com_xmovie' 1.0 - Local File Inclusion Joomla! Component com_idoblog - SQL Injection Joomla! Component 'com_idoblog' - SQL Injection Joomla! Plugin Captcha 4.5.1 - Local File Disclosure Joomla! Plugin 'Captcha' 4.5.1 - Local File Disclosure Joomla! Component People 1.0.0 - SQL Injection Joomla! Component 'com_people' 1.0.0 - SQL Injection Joomla! Component People 1.0.0 - Local File Inclusion Joomla! Component 'com_people' 1.0.0 - Local File Inclusion Joomla! Component allCineVid 1.0.0 - Blind SQL Injection Joomla! Component 'com_allcinevid' 1.0.0 - Blind SQL Injection Joomla! Component B2 Portfolio 1.0.0 - Multiple SQL Injections Joomla! Component 'com_b2portfolio' 1.0.0 - Multiple SQL Injections Joomla! Component XCloner (com_xcloner-backupandrestore) - Remote Command Execution Joomla! Component 'com_xcloner-backupandrestore' - Remote Command Execution Joomla! Component com_booklibrary - SQL Injection Joomla! Component 'com_booklibrary' - SQL Injection Joomla! Component com_virtuemart 1.1.7 - Blind SQL Injection Joomla! Component 'com_virtuemart' 1.1.7 - Blind SQL Injection Joomla! Component JCE (com_jce) - Blind SQL Injection Joomla! Component 'com_jce' - Blind SQL Injection Joomla! Component com_versioning - SQL Injection Joomla! Component com_hello - SQL Injection Joomla! Component 'com_versioning' - SQL Injection Joomla! Component 'com_hello' - SQL Injection Joomla! Component com_question - SQL Injection Joomla! Component 'com_question' - SQL Injection Joomla! Component 1.0 jDownloads - Arbitrary File Upload Joomla! Component 1.0 'com_jdownloads' - Arbitrary File Upload Joomla! Component com_jmsfileseller - Local File Inclusion Joomla! Component 'com_jmsfileseller' - Local File Inclusion Joomla! Component com_joomnik - SQL Injection Joomla! Component 'com_joomnik' - SQL Injection Joomla! Plugin Scriptegrator 1.5 - File Inclusion Joomla! Component 'Scriptegrator' 1.5 - File Inclusion Joomla! Component A Cool Debate 1.0.3 - Local File Inclusion Joomla! Component com_team - SQL Injection Joomla! Component 'com_acooldebate' 1.0.3 - Local File Inclusion Joomla! Component 'com_team' - SQL Injection Joomla! Component Calc Builder - 'id' Blind SQL Injection Joomla! Component 'com_calcbuilder' - 'id' Parameter Blind SQL Injection Joomla! Component JoomlaXi - Persistent Cross-Site Scripting Joomla! Component 'JoomlaXi' - Persistent Cross-Site Scripting Joomla! Component mdigg - SQL Injection Joomla! Component 'mdigg' - SQL Injection Joomla! Component Xmap 1.2.11 - Blind SQL Injection Joomla! Component 'com_xmap' 1.2.11 - Blind SQL Injection Joomla! Component SOBI2 2.9.3.2 - Blind SQL Injections Joomla! Component 'com_sobi2' 2.9.3.2 - Blind SQL Injections Joomla! Component Appointment Booking Pro - Local File Inclusion Joomla! Component 'com_rsappt_pro2' - Local File Inclusion Joomla! Component JE K2 Story Submit - Local File Inclusion Joomla! Component 'com_jesubmit' - Local File Inclusion Joomla! Component mod_spo - SQL Injection Joomla! Component 'mod_spo' - SQL Injection Joomla! Component com_virtuemart 1.5 / 1.1.7 - Blind Time-Based SQL Injection (Metasploit) Joomla! Component 'com_virtuemart' 1.5 / 1.1.7 - Blind Time-Based SQL Injection (Metasploit) Joomla! Component com_obSuggest - Local File Inclusion Joomla! Component 'com_obSuggest' - Local File Inclusion Joomla! Component com_jdirectory - SQL Injection Joomla! Component 'com_jdirectory' - SQL Injection Joomla! Component TNR Enhanced Joomla! Search - SQL Injection Joomla! Component 'com_esearch' - SQL Injection Joomla! Component JoomTouch - Local File Inclusion Joomla! Component 'com_joomtouch' - Local File Inclusion Joomla! Extension JCE 2.0.10 - Multiple Vulnerabilities Joomla! Component 'com_jce' 2.0.10 - Multiple Vulnerabilities Joomla! Component simple file lister module 1.0 - Directory Traversal Joomla! Component 'mod_simpleFileLister' 1.0 - Directory Traversal Joomla! Component YJ Contact us - Local File Inclusion Joomla! Component 'com_yjcontactus' - Local File Inclusion Joomla! Component Time Returns (com_timereturns) 2.0 - SQL Injection Joomla! Component 'com_timereturns' 2.0 - SQL Injection Joomla! Component Techfolio 1.0 - SQL Injection Joomla! Component 'com_techfolio' 1.0 - SQL Injection Joomla! Component JEEMA Sms 3.2 - Multiple Vulnerabilities Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities Joomla! Component 'com_jeemasms' 3.2 - Multiple Vulnerabilities Joomla! Component 'com_vikrealestate' 1.0 - Multiple Vulnerabilities Joomla! Component HM-Community com_hmcommunity - Multiple Vulnerabilities Joomla! Component 'com_hmcommunity' - Multiple Vulnerabilities Joomla! Component Alameda (com_alameda) 1.0 - SQL Injection Joomla! Component 'com_alameda' 1.0 - SQL Injection Joomla! Component Jobprofile (com_jobprofile) - SQL Injection Joomla! Component 'com_jobprofile' - SQL Injection Joomla! Component QContacts 1.0.6 - SQL Injection Joomla! Component 'com_qcontacts' 1.0.6 - SQL Injection Joomla! Component com_dshop - SQL Injection Joomla! Component 'com_dshop' - SQL Injection Joomla! Component Discussions (com_discussions) - SQL Injection Joomla! Component 'com_discussions' - SQL Injection Joomla! Component The Estate Agent (com_estateagent) - SQL Injection Joomla! Component com_bearleague - SQL Injection Joomla! Component 'com_estateagent' - SQL Injection Joomla! Component 'com_bearleague' - SQL Injection Joomla! Component com_ponygallery - SQL Injection Joomla! Component 'com_ponygallery' - SQL Injection Joomla! Component com_jigsaw - 'Controller' Parameter Directory Traversal Joomla! Component 'com_jigsaw' - 'Controller' Parameter Directory Traversal Joomla! Component com_weblinks - 'Itemid' Parameter SQL Injection Joomla! Component 'com_weblinks' - 'Itemid' Parameter SQL Injection Joomla! Component com_fireboard - 'Itemid' Parameter SQL Injection Joomla! Component 'com_fireboard' - 'Itemid' Parameter SQL Injection Joomla! Component com_dirfrm - Multiple SQL Injections Joomla! Component 'com_dirfrm' - Multiple SQL Injections Joomla! Component Spain - 'nv' Parameter SQL Injection Joomla! Component 'com_spain' - 'nv' Parameter SQL Injection Joomla! Component com_tax - 'eid' Parameter SQL Injection Joomla! Component 'com_tax' - 'eid' Parameter SQL Injection Joomla! Component Club Manager - 'cm_id' Parameter SQL Injection Joomla! Component 'com_clubmanager' - 'cm_id' Parameter SQL Injection Joomla! / Mambo Component com_trade - 'PID' Parameter Cross-Site Scripting Joomla! / Mambo Component 'com_trade' - 'PID' Parameter Cross-Site Scripting Joomla! Component com_jstore - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_jstore' - 'Controller' Parameter Local File Inclusion Joomla! Component Catalogue - SQL Injection / Local File Inclusion Joomla! Component 'com_catalogue' - SQL Injection / Local File Inclusion Joomla! Component AutoArticles 3000 - 'id' Parameter SQL Injection Joomla! Component 'com_a3000' - 'id' Parameter SQL Injection Joomla! Component Store Directory - 'id' Parameter SQL Injection Joomla! Component 'com_storedirectory' - 'id' Parameter SQL Injection Joomla! Component Annuaire - 'id' Parameter SQL Injection Joomla! Component 'com_annuaire' - 'id' Parameter SQL Injection Joomla! Component Jeformcr - 'id' Parameter SQL Injection Joomla! Component JExtensions Property Finder - 'sf_id' Parameter SQL Injection Joomla! Component 'com_jeformcr' - 'id' Parameter SQL Injection Joomla! Component 'com_jesectionfinder' - 'sf_id' Parameter SQL Injection Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component Redirect 'com_redirect' 1.5.19 - Local File Inclusion Joomla! Component 'com_mailto' - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_redirect' 1.5.19 - Local File Inclusion Joomla! Component Classified - SQL Injection Joomla! Component 'com_classified' - SQL Injection Joomla! Component com_frontenduseraccess - Local File Inclusion Joomla! Component 'com_frontenduseraccess' - Local File Inclusion Joomla! Component VirtueMart eCommerce 1.1.6 - SQL Injection Joomla! Component 'com_virtuemart' 1.1.6 - SQL Injection Joomla! Component com_clan_members - 'id' Parameter SQL Injection Joomla! Component 'com_clan_members' - 'id' Parameter SQL Injection Joomla! Component com_phocadownload - Local File Inclusion Joomla! Component 'com_phocadownload' - Local File Inclusion Joomla! Component com_cbcontact - 'contact_id' Parameter SQL Injection Joomla! Component 'com_cbcontact' - 'contact_id' Parameter SQL Injection Joomla! Component com_maplocator - 'cid' Parameter SQL Injection Joomla! Component 'com_maplocator' - 'cid' Parameter SQL Injection Joomla! Component com_shop - SQL Injection Joomla! Component 'com_shop' - SQL Injection Joomla! Component Virtual Money 'com_virtualmoney' 1.5 - SQL Injection Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload Joomla! Component 'com_virtualmoney' 1.5 - SQL Injection Joomla! Component 'com_ccboard' - SQL Injection / Arbitrary File Upload Joomla! Component com_morfeoshow - 'idm' Parameter SQL Injection Joomla! Component 'com_morfeoshow' - 'idm' Parameter SQL Injection Joomla! Component com_jr_tfb - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_jr_tfb' - 'Controller' Parameter Local File Inclusion Joomla! Component com_voj - SQL Injection Joomla! Component 'com_voj' - SQL Injection Joomla! Component Foto - 'id_categoria' Parameter SQL Injection Joomla! Component 'com_foto' - 'id_categoria' Parameter SQL Injection Joomla! Component Juicy Gallery - 'picId' Parameter SQL Injection Joomla! Component com_hospital - SQL Injection Joomla! Component Controller - 'Itemid' Parameter SQL Injection Joomla! Component 'com_juicy' - 'picId' Parameter SQL Injection Joomla! Component 'com_hospital' - SQL Injection Joomla! Component 'com_controller' - 'Itemid' Parameter SQL Injection Joomla! Component com_resman - Cross-Site Scripting Joomla! Component com_newssearch - SQL Injection Joomla! Component 'com_newssearch' - SQL Injection Joomla! Component Slideshow Gallery - 'id' Parameter SQL Injection Joomla! Component 'com_xeslidegalfx' - 'id' Parameter SQL Injection Joomla! Component com_community - 'userid' Parameter SQL Injection Joomla! Component 'com_community' - 'userid' Parameter SQL Injection Joomla! Component com_biitatemplateshop - 'groups' Parameter SQL Injection Joomla! Component 'com_biitatemplateshop' - 'groups' Parameter SQL Injection Joomla! Component com_expedition - 'id' Parameter SQL Injection Joomla! Component 'com_expedition' - 'id' Parameter SQL Injection Joomla! Component com_tree - 'key' Parameter SQL Injection Joomla! Component com_br - 'state_id' Parameter SQL Injection Joomla! Component com_shop - 'id' Parameter SQL Injection Joomla! Component 'com_tree' - 'key' Parameter SQL Injection Joomla! Component 'com_br' - 'state_id' Parameter SQL Injection Joomla! Component 'com_shop' - 'id' Parameter SQL Injection Joomla! Component Sgicatalog 1.0 - 'id' Parameter SQL Injection Joomla! Component 'com_sgicatalog' 1.0 - 'id' Parameter SQL Injection Joomla! Extension com_alfcontact 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_alfcontact' 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component Content - 'year' Parameter SQL Injection Joomla! Component 'com_content' - 'year' Parameter SQL Injection Joomla! Component com_tsonymf - 'idofitem' Parameter SQL Injection Joomla! Component 'com_tsonymf' - 'idofitem' Parameter SQL Injection Joomla! Component com_caproductprices - 'id' Parameter SQL Injection Joomla! Component 'com_caproductprices' - 'id' Parameter SQL Injection Joomla! Component HD Video Share 1.3 - 'id' Parameter SQL Injection Joomla! Component 'com_contushdvideoshare' 1.3 - 'id' Parameter SQL Injection Joomla! Component com_br - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_br' - 'Controller' Parameter Local File Inclusion Joomla! Component Full 'com_full' - 'id' Parameter SQL Injection Joomla! Component com_sanpham - Multiple SQL Injections Joomla! Component com_xball - 'team_id' Parameter SQL Injection Joomla! Component com_boss - 'Controller' Parameter Local File Inclusion Joomla! Component com_car - Multiple SQL Injections Joomla! Component com_some - 'Controller' Parameter Local File Inclusion Joomla! Component com_bulkenquery - 'Controller' Parameter Local File Inclusion Joomla! Component com_kp - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_full' - 'id' Parameter SQL Injection Joomla! Component 'com_sanpham' - Multiple SQL Injections Joomla! Component 'com_xball' - 'team_id' Parameter SQL Injection Joomla! Component 'com_boss' - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_car' - Multiple SQL Injections Joomla! Component 'com_some' - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_bulkenquery' - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_kp' - 'Controller' Parameter Local File Inclusion Joomla! Component com_jesubmit - 'index.php' Arbitrary File Upload Joomla! Component 'com_jesubmit' - 'index.php' Arbitrary File Upload Joomla! Component com_motor - 'cid' Parameter SQL Injection Joomla! Component com_products - Multiple SQL Injections Joomla! Component 'com_motor' - 'cid' Parameter SQL Injection Joomla! Component 'com_products' - Multiple SQL Injections Joomla! Component com_visa - Local File Inclusion / SQL Injection Joomla! Component com_firmy - 'Id' Parameter SQL Injection Joomla! Component 'com_visa' - Local File Inclusion / SQL Injection Joomla! Component 'com_firmy' - 'Id' Parameter SQL Injection Joomla! Component com_crhotels - 'catid' Parameter SQL Injection Joomla! Component com_propertylab - 'id' Parameter SQL Injection Joomla! Component 'com_crhotels' - 'catid' Parameter SQL Injection Joomla! Component 'com_propertylab' - 'id' Parameter SQL Injection Joomla! Component com_bbs - Multiple SQL Injections Joomla! Component 'com_bbs' - Multiple SQL Injections Joomla! Component com_cmotour - 'id' Parameter SQL Injection Joomla! Component 'com_cmotour' - 'id' Parameter SQL Injection Joomla! Component com_bnf - 'seccion_id' Parameter SQL Injection Joomla! Component 'com_bnf' - 'seccion_id' Parameter SQL Injection Joomla! Component Currency Converter - 'from' Parameter Cross-Site Scripting Joomla! Component 'mod_currencyconverter' - 'from' Parameter Cross-Site Scripting Joomla! Component X-Shop - 'idd' Parameter SQL Injection Joomla! Component Xcomp 'com_xcomp' - Local File Inclusion Joomla! Component 'com_x-shop' - 'idd' Parameter SQL Injection Joomla! Component 'com_xcomp' - Local File Inclusion Joomla! Component com_xvs - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_xvs' - 'Controller' Parameter Local File Inclusion Joomla! Component Machine - Multiple SQL Injections Joomla! Component 'com_machine' - Multiple SQL Injections Joomla! Component CCNewsLetter Module 1.0.7 - 'id' Parameter SQL Injection Joomla! Component Video Gallery - Local File Inclusion / SQL Injection Joomla! Component 'mod_ccnewsletter' 1.0.7 - 'id' Parameter SQL Injection Joomla! Component 'com_videogallery' - Local File Inclusion / SQL Injection Joomla! Component Alphacontent - 'limitstart' Parameter SQL Injection Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload Joomla! Component 'com_alphacontent' - 'limitstart' Parameter SQL Injection Joomla! Component 'com_joomsport' - SQL Injection / Arbitrary File Upload Joomla! Component Simple SWFupload - 'uploadhandler.php' Arbitrary File Upload Joomla! Component Art Uploader - 'upload.php' Arbitrary File Upload Joomla! Component DentroVideo - 'upload.php' Arbitrary File Upload Joomla! Component 'com_simpleswfupload' - 'uploadhandler.php' Arbitrary File Upload Joomla! Component 'mod_artuploader' - 'upload.php' Arbitrary File Upload Joomla! Component 'com_dv' - 'upload.php' Arbitrary File Upload PCMAN FTP Server 2.0.7 - 'ls' Command Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Command Buffer Overflow (Metasploit) PCMAN FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition PCMan FTP Server 2.0.7 - 'UMASK' Command Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Command Buffer Overflow Alienvault OSSIM/USM 5.3.1 - PHP Object Injection Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting Alienvault OSSIM/USM 5.3.1 - SQL Injection Microsoft Internet Explorer 9 - MSHTML CAttrArray Use-After-Free (MS14-056) Citrix Receiver/Receiver Desktop Lock 4.5 - Authentication Bypass SunellSecurity NVR / Camera - Denial Of Service Linux Kernel (Ubuntu / Fedora / Redhat) - 'Overlayfs' Privilege Escalation (Metasploit) MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' Privilege Escalation Bassmaster 1.5.1 - Batch Arbitrary JavaScript Injection Remote Code Execution (Metasploit) LifeSize Room 5.0.9 - Multiple Vulnerabilities Microsoft Internet Explorer 11 - MSHTML CView::CalculateImageImmunity Use-After-Free SweetRice 1.5.1 - Cross-Site Request Forgery	2016-11-03 05:01:18 +00:00
Offensive Security	18f707fb94	DB: 2016-11-01 24 new exploits Serendipity 0.7-beta1 - SQL Injection (PoC) S9Y Serendipity 0.7-beta1 - SQL Injection (PoC) Serendipity 0.8beta4 - exit.php SQL Injection S9Y Serendipity 0.8beta4 - exit.php SQL Injection CBSms Mambo Module 1.0 - Remote File Inclusion Pearl For Mambo 1.6 - Multiple Remote File Inclusion Mambo Module CBSms 1.0 - Remote File Inclusion Mambo Component Pearl 1.6 - Multiple Remote File Inclusion galleria Mambo Module 1.0b - Remote File Inclusion Mambo Module galleria 1.0b - Remote File Inclusion SimpleBoard Mambo Component 1.1.0 - Remote File Inclusion com_forum Mambo Component 1.2.4RC3 - Remote File Inclusion Mambo Component SimpleBoard 1.1.0 - Remote File Inclusion Mambo Component com_forum 1.2.4RC3 - Remote File Inclusion com_videodb Mambo Component 0.3en - Remote File Inclusion SMF Forum Mambo Component 1.3.1.3 - Include com_extcalendar Mambo Component 2.0 - Include com_loudmouth Mambo Component 4.0j - Include pc_cookbook Mambo Component 0.3 - Include perForms Mambo Component 1.0 - Remote File Inclusion com_hashcash Mambo Component 1.2.1 - Include HTMLArea3 Mambo Module 1.5 - Remote File Inclusion Sitemap Mambo Component 2.0.0 - Remote File Inclusion pollxt Mambo Component 1.22.07 - Remote File Inclusion MiniBB Mambo Component 1.5a - Remote File Inclusion Mambo Component com_videodb 0.3en - Remote File Inclusion Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion Mambo Component com_loudmouth 4.0j - Remote File Inclusion Mambo Component pc_cookbook 0.3 - Remote File Inclusion Mambo Component perForms 1.0 - Remote File Inclusion Mambo Component com_hashcash 1.2.1 - Remote File Inclusion Mambo Module HTMLArea3 1.5 - Remote File Inclusion Mambo Component Sitemap 2.0.0 - Remote File Inclusion Mambo Component pollxt 1.22.07 - Remote File Inclusion Mambo Component MiniBB 1.5a - Remote File Inclusion MoSpray Mambo Component 18RC1 - Remote File Inclusion Mambo Component MoSpray 18RC1 - Remote File Inclusion Mam-Moodle Mambo Component alpha - Remote File Inclusion Mambo Component Mam-Moodle alpha - Remote File Inclusion multibanners Mambo Component 1.0.1 - Remote File Inclusion Mambo Component multibanners 1.0.1 - Remote File Inclusion PrinceClan Chess Mambo Com 0.8 - Remote File Inclusion Mambo Component PrinceClan Chess 0.8 - Remote File Inclusion a6mambohelpdesk Mambo Component 18RC1 - Include Mambo Component 'com_a6mambohelpdesk' 18RC1 - Remote File Inclusion Mambo Security Images Component 3.0.5 - Inclusion Mambo MGM Component 0.95r2 - Remote File Inclusion Mambo Colophon Component 1.2 - Remote File Inclusion Mambo mambatStaff Component 3.1b - Remote File Inclusion Mambo Component Security Images 3.0.5 - Inclusion Mambo Component MGM 0.95r2 - Remote File Inclusion Mambo Component 'com_colophon' 1.2 - Remote File Inclusion Mambo Component mambatStaff 3.1b - Remote File Inclusion Mambo User Home Pages Component 0.5 - Remote File Inclusion Mambo Component User Home Pages 0.5 - Remote File Inclusion Mambo Remository Component 3.25 - Remote File Inclusion Mambo Component Remository 3.25 - Remote File Inclusion Mambo mmp Component 1.2 - Remote File Inclusion Mambo Component MMP 1.2 - Remote File Inclusion Mambo Peoplebook Component 1.0 - Remote File Inclusion Mambo Component Peoplebook 1.0 - Remote File Inclusion Mambo CopperminePhotoGalery Component - Remote File Inclusion Mambo Component CopperminePhotoGalery - Remote File Inclusion Mambo mambelfish Component 1.1 - Remote File Inclusion Mambo Component mambelfish 1.1 - Remote File Inclusion Mambo phpShop Component 1.2 RC2b - File Inclusion Mambo a6mambocredits Component 1.0.0 - File Inclusion Mambo Component 'com_phpshop' 1.2 RC2b - File Inclusion Mambo Component 'com_a6mambocredits' 1.0.0 - File Inclusion Mambo MamboWiki Component 0.9.6 - Remote File Inclusion Mambo Component MamboWiki 0.9.6 - Remote File Inclusion Mambo cropimage Component 1.0 - Remote File Inclusion Mambo Component cropimage 1.0 - Remote File Inclusion Mambo com_lurm_constructor Component 0.6b - Include Mambo Component com_lurm_constructor 0.6b - Remote File Inclusion mambo com_babackup Component 1.1 - File Inclusion Mambo Component com_babackup 1.1 - File Inclusion Mambo com_serverstat Component 0.4.4 - File Inclusion Mambo Component com_serverstat 0.4.4 - File Inclusion Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Include Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Remote File Inclusion Mambo com_registration_detailed 4.1 - Remote File Inclusion Mambo Component com_registration_detailed 4.1 - Remote File Inclusion MambWeather Mambo Module 1.8.1 - Remote File Inclusion Mambo Module MambWeather 1.8.1 - Remote File Inclusion com_flyspray Mambo Com. <= 1.0.1 - Remote File Disclosure Mambo Component com_flyspray <= 1.0.1 - Remote File Disclosure Serendipity 1.0.3 - 'comment.php' Local File Inclusion S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion Hewlett-Packard FTP Print Server 2.4.5 - Buffer Overflow (PoC) Hewlett-Packard (HP) FTP Print Server 2.4.5 - Buffer Overflow (PoC) mambo Component nfnaddressbook 0.4 - Remote File Inclusion Mambo Component nfnaddressbook 0.4 - Remote File Inclusion Joomla! / Mambo Component SWmenuFree 4.0 - Remote File Inclusion Joomla! / Mambo Component 'com_swmenupro' 4.0 - Remote File Inclusion Irfanview 3.99 - '.ani' Local Buffer Overflow (1) IrfanView 3.99 - '.ani' Local Buffer Overflow (1) Irfanview 3.99 - '.ani' Local Buffer Overflow (2) IrfanView 3.99 - '.ani' Local Buffer Overflow (2) Joomla! / Mambo Component Taskhopper 1.1 - Remote File Inclusion Joomla! / Mambo Component 'com_thopper' 1.1 - Remote File Inclusion Joomla! / Mambo Component article 1.1 - Remote File Inclusion Joomla! / Mambo Component 'com_articles' 1.1 - Remote File Inclusion Irfanview 4.00 - '.iff' Buffer Overflow IrfanView 4.00 - '.iff' Buffer Overflow Mambo com_yanc 1.4 Beta - 'id' SQL Injection Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' SQL Injection Joomla! / Mambo Component 'com_rsgallery' 2.0b5 - 'catid' SQL Injection Irfanview 4.10 - '.fpx' Memory Corruption IrfanView 4.10 - '.fpx' Memory Corruption Mambo 4.5 'com_newsletter' - 'listid' Parameter SQL Injection Mambo 'com_fq' - 'listid' Parameter SQL Injection Mambo 'com_mamml' - 'listid' Parameter SQL Injection Mambo Component Glossary 2.0 - 'catid' SQL Injection Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection Mambo Component 'com_fq' - 'listid' Parameter SQL Injection Mambo Component 'com_mamml' - 'listid' Parameter SQL Injection Mambo Component 'com_glossary' 2.0 - 'catid' SQL Injection Mambo Component AkoGallery 2.5b - SQL Injection Mambo Component Catalogshop 1.0b1 - SQL Injection Mambo Component 'com_akogallery' 2.5b - SQL Injection Mambo Component 'com_catalogshop' 1.0b1 - SQL Injection Mambo Component Awesom 0.3.2 - (listid) SQL Injection Mambo Component 'com_awesom' 0.3.2 - (listid) SQL Injection Mambo Component Portfolio 1.0 - 'categoryId' SQL Injection Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection Mambo Component accombo 1.x - 'id' SQL Injection Mambo Component 'com_accombo' 1.x - 'id' SQL Injection Mambo Component ahsShop 1.51 - (vara) SQL Injection Mambo Component 'com_ahsshop' 1.51 - 'vara' Parameter SQL Injection Mambo Component Galleries 1.0 - (aid) SQL Injection Mambo Component 'com_galleries' 1.0 - 'aid' Parameter SQL Injection Mambo 4.6.4 - (Output.php) Remote File Inclusion Mambo 4.6.4 - 'Output.php' Remote File Inclusion Mambo Component Articles - (artid) Blind SQL Injection Mambo Component 'articles' - 'artid' Parameter Blind SQL Injection Mambo Component n-gallery - Multiple SQL Injections Mambo Component 'com_n-gallery' - Multiple SQL Injections Irfanview 3.99 - IFF File Local Stack Buffer Overflow IrfanView 3.99 - '.IFF' File Local Stack Buffer Overflow Mambo Component n-form - (form_id) Blind SQL Injection Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection Mambo com_sim 0.8 - Blind SQL Injection Mambo Component 'com_sim' 0.8 - Blind SQL Injection Mambo Component com_hestar - SQL Injection Mambo Component 'com_hestar' - SQL Injection Mambo com_koesubmit 1.0.0 - Remote File Inclusion Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion Joomla! / Mambo Component Tupinambis - SQL Injection Joomla! / Mambo Component 'com_tupinambis' - SQL Injection Joomla! / Mambo Component com_ezine 2.1 - Remote File Inclusion Joomla! / Mambo Component 'com_ezine' 2.1 - Remote File Inclusion Mambo Component Material Suche 1.0 - SQL Injection Mambo Component 'com_materialsuche' 1.0 - SQL Injection Mambo com_akogallery - SQL Injection Mambo Component 'com_akogallery' - SQL Injection Mambo Component com_acnews - [id] SQL Injection Mambo Component 'com_acnews' - 'id' Parameter SQL Injection Mambo Component com_mambads - SQL Injection Mambo Component 'com_mambads' - SQL Injection Rumba ftp Client 4.2 - PASV Buffer Overflow (SEH) Rumba FTP Client 4.2 - PASV Buffer Overflow (SEH) Serendipity 1.5.4 - Arbitrary File Upload S9Y Serendipity 1.5.4 - Arbitrary File Upload Irfanview 4.27 - 'JP2000.dll' plugin Denial of Service IrfanView 4.27 - 'JP2000.dll' plugin Denial of Service Irfanview 4.28 - Multiple Denial of Service Vulnerabilities IrfanView 4.28 - Multiple Denial of Service Vulnerabilities Irfanview 4.28 - ICO With Transparent Colour Denial of Service & RDenial of Service Irfanview 4.28 - ICO Without Transparent Colour Denial of Service & RDenial of Service IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service PCMan FTP Server Buffer Overflow - PUT Command (Metasploit) PCMan FTP Server Buffer Overflow - 'PUT' Command (Metasploit) Mambo CMS 4.6.x - (4.6.5) SQL Injection Mambo 4.6.x < 4.6.5 - SQL Injection Mambo CMS 4.x - (Zorder) SQL Injection Mambo 4.x - 'Zorder' SQL Injection Irfanview - '.tiff' Image Processing Buffer Overflow IrfanView - '.tiff' Image Processing Buffer Overflow Irfanview FlashPix PlugIn - Double-Free IrfanView FlashPix PlugIn - Double-Free Irfanview FlashPix PlugIn - Decompression Heap Overflow IrfanView FlashPix PlugIn - Decompression Heap Overflow Serendipity 1.6 - Backend Cross-Site Scripting / SQL Injection S9Y Serendipity 1.6 - (Backend) Cross-Site Scripting / SQL Injection Irfanview 4.33 - Format PlugIn ECW Decompression Heap Overflow IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow Irfanview 4.33 - Format PlugIn TTF File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Based Overflow Irfanview 4.33 - '.DJVU' Image Processing Heap Overflow IrfanView 4.33 - '.DJVU' Image Processing Heap Overflow Irfanview JLS Formats PlugIn - Heap Overflow IrfanView JLS Formats PlugIn - Heap Overflow Irfanview JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit) IrfanView JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit) Irfan Skiljan IrfanView32 3.0.7 - Image File Buffer Overflow IrfanView32 3.0.7 - Image File Buffer Overflow Joomla! Component Event Booking 2.10.1 - SQL Injection Joomla! Component 'com_eventbooking' 2.10.1 - SQL Injection Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection Joomla! Component 'com_videogallerylite' 1.0.9 - SQL Injection Irfanview - '.RLE' Image Decompression Buffer Overflow Irfanview - '.TIF' Image Decompression Buffer Overflow IrfanView - '.RLE' Image Decompression Buffer Overflow IrfanView - '.TIF' Image Decompression Buffer Overflow Irfanview 4.33 - 'IMXCF.dll' Plugin Code Execution IrfanView 4.33 - 'IMXCF.dll' Plugin Code Execution Serendipity 0.x - exit.php HTTP Response Splitting S9Y Serendipity 0.x - 'exit.php' HTTP Response Splitting PCMan FTP Server 2.07 - PASS Command Buffer Overflow PCMan FTP Server 2.07 - 'PASS' Command Buffer Overflow PCMan FTP Server 2.07 - STOR Command Buffer Overflow PCMan FTP Server 2.07 - 'STOR' Command Buffer Overflow freeFTPd 1.0.10 - 'PASS' Buffer Overflow (SEH) freeFTPd 1.0.10 - 'PASS' SEH Buffer Overflow Joomla! Component VirtueMart 2.0.22a - SQL Injection Joomla! Component 'com_virtuemart' 2.0.22a - SQL Injection phpBB 1.2.4 For Mambo - Multiple Remote File Inclusion Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusion Calendar Module 1.5.7 For Mambo - Com_Calendar.php Remote File Inclusion Mambo Module Calendar 1.5.7 - 'Com_Calendar.php' Remote File Inclusion PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - 'STOR' Command Stack Overflow (Metasploit) Irfanview 3.98 - '.ANI' Image File Denial of Service IrfanView 3.98 - '.ANI' Image File Denial of Service Reporter 1.0 Mambo Component - Reporter.sql.php Remote File Inclusion Mambo Component Reporter 1.0 - 'Reporter.sql.php' Remote File Inclusion Mambo LMTG Myhomepage 1.2 Component - Multiple Remote File Inclusion Mambo Rssxt Component 1.0 - MosConfig_absolute_path Multiple Remote File Inclusion Mambo Component 'lmtg_myhomepage' 1.2 - Multiple Remote File Inclusion Mambo Component 'com_rssxt' 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion Mambo Display MOSBot Manager Component - MosConfig_absolute_path Remote File Inclusion Mambo Component 'com_admin-copy_module' - 'MosConfig_absolute_path' Parameter Remote File Inclusion Mambo EstateAgent 1.0.2 Component - MosConfig_absolute_path Remote File Inclusion Mambo Component EstateAgent 1.0.2 - MosConfig_absolute_path Remote File Inclusion Joomla! / Mambo Component Com_comprofiler 1.0 - class.php Remote File Inclusion Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion Hewlett-Packard 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery Mambo MostlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion Irfanview 3.99 - Multiple BMP Denial of Service Vulnerabilities IrfanView 3.99 - Multiple .BMP Denial of Service Vulnerabilities Joomla! / Mambo Component Mod_Forum - PHPBB_Root.php Remote File Inclusion Joomla! / Mambo Component Mod_Forum - 'PHPBB_Root.php' Remote File Inclusion Mambo MOStlyCE 2.4 Module - 'connector.php' Cross-Site Scripting Mambo Module MOStlyCE 2.4 - 'connector.php' Cross-Site Scripting Mambo MOStlyCE Module 2.4 Image Manager Utility - Arbitrary File Upload Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting S9Y Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting Joomla! Extension Komento 1.7.2 - Persistent Cross-Site Scripting Joomla! Extension JV Comment 3.0.2 - (index.php id Parameter) SQL Injection Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection Joomla! / Mambo Component com_filebase - 'filecatid' Parameter SQL Injection Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection Joomla! / Mambo Component 'com_profile' - 'oid' Parameter SQL Injection Joomla! / Mambo Component com_detail - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_detail' - 'id' Parameter SQL Injection PCMan FTP Server 2.07 - ABOR Command Buffer Overflow PCMan FTP Server 2.07 - CWD Command Buffer Overflow PCMan FTP Server 2.07 - 'ABOR' Command Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Command Buffer Overflow Joomla! Component JomSocial 2.6 - Code Execution Joomla! Component 'com_community' 2.6 - Code Execution Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_datsogallery' 1.3.1 - 'id' Parameter SQL Injection Serendipity 1.7.5 (Backend) - Multiple Vulnerabilities S9Y Serendipity 1.7.5 - (Backend) Multiple Vulnerabilities Joomla! / Mambo Component Joomlaearn Lms - 'cat' Parameter SQL Injection Joomla! / Mambo Component 'com_lms' - 'cat' Parameter SQL Injection Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection Joomla! / Mambo Component 'com_gigcal' 1.0 - 'banddetails.php' SQL Injection Joomla! Component YouTube Gallery - SQL Injection Joomla! Component 'com_youtubegallery' - SQL Injection Joomla! Component Spider Form Maker 3.4 - SQL Injection Joomla! Component 'com_formmaker' 3.4 - SQL Injection Joomla! Component Spider Calendar 3.2.6 - SQL Injection Joomla! Component 'com_spidercalendar' 3.2.6 - SQL Injection Joomla! Component Spider Contacts 1.3.6 - (index.php contacts_id Parameter)SQL Injection Joomla! Component 'com_spidercontacts' 1.3.6 - 'contacts_id' Parameter SQL Injection Joomla! Component Face Gallery 1.0 - Multiple Vulnerabilities Joomla! Component Mac Gallery 1.5 - Arbitrary File Download Joomla! Component 'com_facegallery' 1.0 - Multiple Vulnerabilities Joomla! Component 'com_macgallery' 1.5 - Arbitrary File Download Joomla! Component HD FLV Player < 2.1.0.1 - SQL Injection Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - SQL Injection Joomla! Component HD FLV Player < 2.1.0.1 - Arbitrary File Download Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - Arbitrary File Download Mambo - 'com_docman' 1.3.0 Component Multiple SQL Injection Mambo Component 'com_docman' 1.3.0 - Multiple SQL Injection Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting Mambo CMS 4.6.x - Multiple Cross-Site Scripting Vulnerabilities Mambo 4.6.x - Multiple Cross-Site Scripting Vulnerabilities Hewlett-Packard UCMDB - JMX-Console Authentication Bypass Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass PCMan FTP Server 2.0.7 - Buffer Overflow MKD Command PCMan FTP Server 2.0.7 - 'MKD' Command Buffer Overflow Mambo CMS 4.6.5 - 'index.php' Cross-Site Request Forgery Mambo 4.6.5 - 'index.php' Cross-Site Request Forgery Serendipity 1.5.1 - 'research_display.php' SQL Injection S9Y Serendipity 1.5.1 - 'research_display.php' SQL Injection Mambo CMS N-Skyrslur - Cross-Site Scripting Mambo Component 'com_n-skyrslur' - Cross-Site Scripting Mambo CMS N-Gallery Component - SQL Injection Mambo CMS AHS Shop Component - SQL Injection Mambo Component 'com_n-gallery' - SQL Injection Mambo Component 'com_ahsshop' - SQL Injection Mambo CMS N-Press Component - SQL Injection Mambo Component 'com_n-press' - SQL Injection Mambo CMS N-Frettir Component - SQL Injection Mambo CMS N-Myndir Component - SQL Injection Mambo Component 'com_n-frettir' - SQL Injection Mambo Component 'com_n-myndir' - SQL Injection Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting S9Y Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting Joomla! Component Simple Photo Gallery 1.0 - Arbitrary File Upload Joomla! Component 'com_simplephotogallery' 1.0 - Arbitrary File Upload Joomla! Component Simple Photo Gallery 1.0 - SQL Injection Joomla! Component 'com_simplephotogallery' 1.0 - SQL Injection Joomla! Plugin eCommerce-WD 1.2.5 - SQL Injection Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection Joomla! Component Spider FAQ - SQL Injection Joomla! Component 'com_spiderfaq' - SQL Injection Joomla! Component Gallery WD - SQL Injection Joomla! Component Contact Form Maker 1.0.1 - SQL Injection Joomla! Component 'com_gallery_wd' - SQL Injection Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection Joomla! Component Spider Random Article - SQL Injection Joomla! Component 'com_rand' - SQL Injection Joomla! Component SimpleImageUpload - Arbitrary File Upload Joomla! Component 'com_simpleimageupload' - Arbitrary File Upload Joomla! Component DOCman - Multiple Vulnerabilities Joomla! Component 'com_docman' - Multiple Vulnerabilities Joomla! Plugin Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities PCMan FTP Server 2.0.7 - PUT Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PUT' Command Buffer Overflow Joomla! Component Event Manager 2.1.4 - Multiple Vulnerabilities Joomla! Component 'com_jem' 2.1.4 - Multiple Vulnerabilities Joomla! Component com_memorix - SQL Injection Joomla! Component com_informations - SQL Injection Joomla! Component 'com_memorix' - SQL Injection Joomla! Component 'com_informations' - SQL Injection PCMan FTP Server 2.0.7 - GET Command Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Command Buffer Overflow PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow Joomla! Component Real Estate Manager 3.7 - SQL Injection Joomla! Component 'com_realestatemanager' 3.7 - SQL Injection Joomla! Extension Realtyna RPL 8.9.2 - Multiple SQL Injections Joomla! Extension Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Joomla! Component 'com_rpl' 8.9.2 - Multiple SQL Injections Joomla! Component 'com_rpl' 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Joomla! Component JNews (com_jnews) 8.5.1 - SQL Injection Joomla! Component 'com_jnews' 8.5.1 - SQL Injection Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting Joomla! Component JVideoClip - 'uid' Parameter SQL Injection Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection Joomla! Component Content History - SQL Injection / Remote Code Execution (Metasploit) Joomla! Component 'com_contenthistory' - SQL Injection / Remote Code Execution (Metasploit) Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload Joomla! Component Aclsfgpl - 'index.php' Arbitrary File Upload Joomla! Component 'com_aclsfgpl' - 'index.php' Arbitrary File Upload Joomla! Component Wire Immogest - 'index.php' SQL Injection Joomla! Component 'com_wire_immogest' - 'index.php' SQL Injection Joomla! Component Almond Classifieds - Arbitrary File Upload Joomla! Component 'com_aclassfb' - Arbitrary File Upload Joomla! Extension Sexy Polling - 'answer_id' Parameter SQL Injection Joomla! Component 'com_sexypolling' - 'answer_id' Parameter SQL Injection Joomla! 1.5 < 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution Joomla! Plugin Projoom NovaSFH - 'upload.php' Arbitrary File Upload Joomla! Component 'com_novasfh' - 'upload.php' Arbitrary File Upload Joomla! Component Inneradmission - 'index.php' SQL Injection Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection Joomla! Extension Spider Video Player - 'theme' Parameter SQL Injection Joomla! Component 'spidervideoplayer' - 'theme' Parameter SQL Injection Joomla! Extension JSN Poweradmin 2.3.0 - Multiple Vulnerabilities Joomla! Component 'com_poweradmin' 2.3.0 - Multiple Vulnerabilities Joomla! Component Easy YouTube Gallery 1.0.2 - SQL Injection Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow (Metasploit) Joomla! Extension SecurityCheck 2.8.9 - Multiple Vulnerabilities Joomla! Component 'SecurityCheck' 2.8.9 - Multiple Vulnerabilities Joomla! Extension PayPlans (com_payplans) 3.3.6 - SQL Injection Joomla! Component 'com_payplans' 3.3.6 - SQL Injection Joomla! Component En Masse (com_enmasse) 5.1 < 6.4 - SQL Injection Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection Joomla! Component BT Media (com_bt_media) - SQL Injection Joomla! Component 'com_bt_media' - SQL Injection Joomla! Component Publisher Pro (com_publisher) - SQL Injection Joomla! Component 'com_publisher' - SQL Injection Joomla! Component Guru Pro (com_guru) - SQL Injection PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit) Joomla! Component 'com_guru' - SQL Injection PCMAN FTP Server 2.0.7 - 'ls' Command Buffer Overflow (Metasploit) Microsoft GDI+ - DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097) Microsoft GDI+ - ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097) Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097) Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124) Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124) freeFTPd 1.0.8 - 'mkd' Command Denial Of Service Micro Focus Rumba 9.4 - Local Denial Of Service Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow S9Y Serendipity 2.0.4 - Cross-Site Scripting Rumba FTP Client 4.x - Stack buffer overflow (SEH) Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free OS X/iOS Kernel - IOSurface Use-After-Free OS X/iOS - mach_ports_register Multiple Memory Safety Issues NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x700010d NVIDIA Driver - No Bounds Checking in Escape 0x7000194 NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D NVIDIA Driver - NvStreamKms Stack Buffer Overflow in PsSetCreateProcessNotifyRoutineEx Callback Privilege Escalation NVIDIA Driver - Escape 0x100010b Missing Bounds Check NVIDIA Driver - No Bounds Checking in Escape 0x7000170 NVIDIA Driver - Unchecked User-Provided Pointer in Escape 0x5000027 NVIDIA Driver - Incorrect Bounds Check in Escape 0x70001b2 NVIDIA Driver - Missing Bounds Check in Escape 0x100009a NVIDIA Driver - Missing Bounds Check in Escape 0x70000d5 NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014 NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9 MacOS 10.12 - 'task_t' Privilege Escalation PCMAN FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow	2016-11-01 05:01:18 +00:00
Offensive Security	d97b4f7c48	DB: 2016-10-28	2016-10-28 11:54:09 +00:00
Offensive Security	da85686a94	DB: 2016-10-28 6 new exploits Real Server < 8.0.2 - Remote Exploit (Windows Platforms) RealServer < 8.0.2 - Remote Exploit (Windows Platforms) OpenSSH/PAM 3.6.1p1 - Remote Users Ident (gossh.sh) OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident CdRecord 2.0 - Mandrake Privilege Escalation CDRTools CDRecord 2.0 - Mandrake Privilege Escalation LeapFTP 2.7.x - Remote Buffer Overflow LeapWare LeapFTP 2.7.x - Remote Buffer Overflow GNU Cfengine 2.-2.0.3 - Remote Stack Overflow GNU CFEngine 2.-2.0.3 - Remote Stack Overflow IA WebMail 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit Xsok 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit Serv-U FTPD 3.x/4.x - 'SITE CHMOD' Command Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow PSOProxy 0.91 - Remote Buffer Overflow (Windows 2000/XP) IPSwitch IMail LDAP Daemon - Remote Buffer Overflow Serv-U FTPD 3.x/4.x/5.x - (MDTM) Remote Overflow Proxy-Pro Professional GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow PSOProxy 0.91 (Windows 2000/XP) - Remote Buffer Overflow IPSwitch IMail LDAP Daemon/Service - Buffer Overflow RhinoSoft Serv-U FTPd Server 3.x/4.x/5.x - (MDTM) Remote Overflow Traceroute - Privilege Escalation LBL Traceroute - Privilege Escalation Perl (Redhat 6.2) - Restore and Dump Local Exploit Redhat 6.2 Restore and Dump - Local Exploit (Perl) HP-UX 11.00/10.20 - crontab Overwrite Files Exploit Solaris/SPARC 2.7 / 7 - locale Format String HP-UX 11.00/10.20 crontab - Overwrite Files Exploit Solaris/SPARC 2.7 / 7 locale - Format String Solaris - locale Format Strings (noexec stack) Exploit Solaris locale - Format Strings (noexec stack) Exploit glibc - locale bug mount Exploit GLIBC locale - bug mount Exploit Red Hat 6.2 xsoldier-0.96 - Exploit Red Hat 6.2 xsoldier 0.96 - Exploit OpenBSD 2.6 / 2.7 ftpd - Remote Exploit OpenBSD ftpd 2.6 / 2.7 - Remote Exploit GLIBC - Locale Format Strings Exploit GLIBC locale - Format Strings Exploit IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) - /usr/lib/print/netprint Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - /usr/lib/print/netprint Local Exploit SquirrelMail - chpasswd Buffer Overflow SquirrelMail - 'chpasswd' Buffer Overflow rlpr 2.04 - msg() Remote Format String Rlpr 2.04 - msg() Remote Format String Solaris 2.5.0/2.5.1 ps & chkey - Data Buffer Exploit Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer Exploit IRIX - Multiple Buffer Overflows (LsD) SGI IRIX - Multiple Buffer Overflows (LsD) IRIX - /bin/login Local Buffer Overflow SGI IRIX - /bin/login Local Buffer Overflow Solaris 2.4 - passwd & yppasswd & nispasswd Overflows Solaris 2.4 passwd / yppasswd / nispasswd - Overflows BlackJumboDog - Remote Buffer Overflow BlackJumboDog FTP Server - Remote Buffer Overflow Ollydbg 1.10 - Format String OllyDbg 1.10 - Format String SquirrelMail - (chpasswd) Privilege Escalation (Brute Force Exploit) SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit) CDRecord - '$RSH' exec() SUID Shell Creation CDRecord's ReadCD - '$RSH' exec() SUID Shell Creation MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow Alt-N MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow HP-UX 11.0/11.11 swxxx - Privilege Escalation HP-UX 11.0/11.11 - swxxx Privilege Escalation Zinf 2.2.1 - Local Buffer Overflow Zinf Audio Player 2.2.1 - Local Buffer Overflow ShixxNote 6.net - Remote Buffer Overflow ShixxNOTE 6.net - Remote Buffer Overflow MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow MailCarrier 2.51 - Remote Buffer Overflow SLMail 5.5 - POP3 PASS Buffer Overflow TABS MailCarrier 2.51 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow eZshopper - 'loadpage.cgi' Directory Traversal Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (1) Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1) Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (2) Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2) Microsoft Internet Explorer - '.ANI' files handling Universal Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Universal Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' files handling Downloader Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Downloader Exploit (MS05-002) Savant Web Server 3.1 - Remote Buffer Overflow (French Windows OS support) Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow Serv-U FTP Server 4.x - 'site chmod' Remote Buffer Overflow RhinoSoft Serv-U FTPd Server 4.x - 'site chmod' Remote Buffer Overflow Knet 1.04c - Buffer Overflow Denial of Service KNet Web Server 1.04c - Buffer Overflow Denial of Service Einstein 1.01 - Local Password Disclosure (asm) Einstein 1.01 - Local Password Disclosure (ASM) RealPlayer 10 - '.smil' Local Buffer Overflow RealNetworks RealPlayer 10 - '.smil' Local Buffer Overflow phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial 2) phpBB 2.0.12 - Session Handling Authentication Bypass UBB Threads < 6.5.2 Beta - (mailthread.php) SQL Injection UBBCentral UBB.Threads < 6.5.2 Beta - (mailthread.php) SQL Injection XML-RPC Library 1.3.0 - (xmlrpc.php) Remote Code Injection XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection xmlrpc.php Library 1.3.0 - Remote Command Execution (2) xmlrpc.php Library 1.3.0 - Remote Command Execution (3) XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2) XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3) wMailServer 1.0 - Remote Denial of Service SoftiaCom wMailServer 1.0 - Remote Denial of Service ZENworks 6.5 Desktop/Server Management - Remote Stack Overflow (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) BusinessMail 4.60.00 - Remote Buffer Overflow BusinessMail Server 4.60.00 - Remote Buffer Overflow WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit) Alt-N WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit) Wireless Tools 26 - (iwconfig) Privilege Escalation (some setuid) Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid) Mercury Mail 4.01a (Pegasus) - IMAP Buffer Overflow Mercury/32 Mail Server 4.01a (Pegasus) - IMAP Buffer Overflow CA iGateway - (debug mode) Remote Buffer Overflow CA iTechnology iGateway - (debug mode) Remote Buffer Overflow Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit) KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit) Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp) KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp) Zorum Forum 3.5 - (rollid) SQL Injection Zorum Forum 3.5 - 'rollid' SQL Injection SaphpLesson 2.0 - (forumid) SQL Injection saPHP Lesson 2.0 - (forumid) SQL Injection zawhttpd 0.8.23 - (GET) Remote Buffer Overflow Denial of Service zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service Zix Forum 1.12 - (layid) SQL Injection Zix Forum 1.12 - 'layid' SQL Injection QBik Wingate 6.1.1.1077 - (POST) Remote Buffer Overflow QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow INDEXU 5.0.1 - (admin_template_path) Remote File Inclusion Indexu 5.0.1 - (admin_template_path) Remote File Inclusion SmartSiteCMS 1.0 - (root) Multiple Remote File Inclusion SmartSite CMS 1.0 - (root) Multiple Remote File Inclusion Solaris 10 - sysinfo() Local Kernel Memory Disclosure Solaris 10 sysinfo() - Local Kernel Memory Disclosure SAPID CMS 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion SAPID 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion ZZ:FlashChat 3.1 - (adminlog) Remote File Inclusion ZZ:FlashChat 3.1 - 'adminlog' Remote File Inclusion WFTPD 3.23 - (SIZE) Remote Buffer Overflow Texas Imperial Software WFTPD 3.23 - (SIZE) Remote Buffer Overflow Apache < 1.3.37 / 2.0.59 / 2.2.3 - (mod_rewrite) Remote Overflow (PoC) Apache (mod_rewrite) < 1.3.37 / 2.0.59 / 2.2.3 - Remote Overflow (PoC) Tr Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit X11R6 <= 6.4 XKEYBOARD (solaris/x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco/x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion Telekorn Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion ZoomStats 1.0.2 - (mysql.php) Remote File Inclusion ZoomStats 1.0.2 - 'mysql.php' Remote File Inclusion Microsoft Internet Explorer (VML) - Remote Buffer Overflow (SP2) (Perl) Microsoft Internet Explorer - (VML) Remote Buffer Overflow (SP2) (Perl) PHPMyWebmin 1.0 - (window.php) Remote File Inclusion phpMyWebmin 1.0 - (window.php) Remote File Inclusion VideoDB 2.2.1 - (pdf.php) Remote File Inclusion VideoDB 2.2.1 - 'pdf.php' Remote File Inclusion Microsoft Office 2003 - PPT Local Buffer Overflow (PoC) Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC) Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 (libnspr) - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 libnspr - Constructor Privilege Escalation Solaris 10 (libnspr) - Constructor Privilege Escalation Microsoft Windows NAT Helper Components - 'ipnathlp.dll' Remote Denial of Service Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service 3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow (PoC) 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow (PoC) 3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit BlazeVideo HDTV Player 2.1 - Malformed PLF Buffer Overflow (PoC) BlazeVideo HDTV Player 2.1 - Malformed '.PLF' Buffer Overflow (PoC) AT-TFTP 1.9 - (Long Filename) Remote Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - (Long Filename) Remote Buffer Overflow DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow KDE 3.5 - (libkhtml) 4.2.0 / Unhandled HTML Parse Exception Exploit KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception Exploit Irokez CMS 0.7.1 - Multiple Remote File Inclusion Irokez Blog 0.7.1 - Multiple Remote File Inclusion PHP-update 2.7 - Multiple Vulnerabilities PHP-Update 2.7 - Multiple Vulnerabilities Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) TFTPDWIN 0.4.2 - Remote Buffer Overflow ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow 3Com TFTP Service 2.0.1 - Remote Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) 2.0.1 - Remote Buffer Overflow (Metasploit) FdScript 1.3.2 - 'download.php' Remote File Disclosure FD Script 1.3.2 - 'download.php' Remote File Disclosure Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit) Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit) SunOS 5.10/5.11 - in.TelnetD Remote Authentication Bypass SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass ZebraFeeds 1.0 - (zf_path) Remote File Inclusion ZebraFeeds 1.0 - 'zf_path' Remote File Inclusion MailEnable Enterprise 2.32 < 2.34 - Remote Buffer Overflow MailEnable Professional 2.35 - Remote Buffer Overflow MailEnable IMAPD Enterprise 2.32 < 2.34 - Remote Buffer Overflow MailEnable IMAPD Professional 2.35 - Remote Buffer Overflow Ipswitch WS_FTP 5.05 - (XMD5) Remote Buffer Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - (XMD5) Remote Buffer Overflow (Metasploit) Oracle 10g KUPW$WORKER.MAIN - SQL Injection (2) Oracle 10g - KUPW$WORKER.MAIN SQL Injection (2) 3Com TFTP Service 2.0.1 - (Long Transporting Mode) Exploit (Perl) madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow 3Com TFTP Service (3CTftpSvc) 2.0.1 - (Long Transporting Mode) Exploit (Perl) Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow TFTPDWIN Server 0.4.2 - (UDP) Denial of Service ProSysInfo TFTP Server TFTPDWIN 0.4.2 - (UDP) Denial of Service NetVios Portal - 'page.asp' SQL Injection NetVIOS Portal - 'page.asp' SQL Injection Mercury Mail 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow Mercury/32 Mail Server 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow Apache Mod_Rewrite (Windows x86) - Off-by-One Remote Overflow Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow Microsoft Windows GDI - Privilege Escalation (MS07-017) (1) Microsoft Windows - GDI Privilege Escalation (MS07-017) (1) qdblog 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Microsoft Windows GDI - Privilege Escalation (MS07-017) (2) Microsoft Windows - GDI Privilege Escalation (MS07-017) (2) Zomplog 3.8 - (force_download.php) Remote File Disclosure Zomplog 3.8 - 'force_download.php' Remote File Disclosure Versalsoft HTTP File Upload - ActiveX 6.36 (AddFile) Remote Denial of Service Versalsoft HTTP File Uploader - ActiveX 6.36 (AddFile) Remote Denial of Service Gimp 2.2.14 (Win x86) - '.ras' Download/Execute Buffer Overflow GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (PoC) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (PoC) Apache 2.0.58 Mod_Rewrite - Remote Overflow (Windows 2003) Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (1) UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (2) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (1) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (2) Microsoft Windows GDI+ - ICO File Remote Denial of Service Microsoft Windows - GDI+ '.ICO' File Remote Denial of Service Safari 3 for Windows Beta - Remote Command Execution (PoC) Apple Safari 3 for Windows Beta - Remote Command Execution (PoC) YourFreeScreamer 1.0 - (serverPath) Remote File Inclusion YourFreeScreamer 1.0 - 'serverPath' Remote File Inclusion BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow PHPEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection phpEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection Oracle 9i/10g Evil Views - Change Passwords Exploit Oracle 9i/10g - Evil Views Change Passwords Exploit Savant 3.1 - GET Request Remote Overflow (Universal) Savant Web Server 3.1 - GET Request Remote Overflow (Universal) Easy Chat Server 2.2 - Remote Denial of Service EFS Easy Chat Server 2.2 - Remote Denial of Service Mercury SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 3.32-4.51 - SMTP Unauthenticated EIP Overwrite Mercury/32 Mail Server 3.32<4.51 - SMTP Unauthenticated EIP Overwrite Thomson SIP phone ST 2030 - Remote Denial of Service Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service MSN messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft MSN Messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft Visual Basic Enterprise Edition 6.0 SP6 - Code Execution Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution AskJeeves Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow Ask.com/AskJeeves Toolbar Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow MDPro 1.0.76 - SQL Injection MD-Pro 1.0.76 - SQL Injection ZZ FlashChat 3.1 - (help.php) Local File Inclusion ZZ FlashChat 3.1 - 'help.php' Local File Inclusion PHP-AGTC membership system 1.1a - Remote Add Admin PHP-AGTC Membership System 1.1a - Remote Add Admin Quick and Dirty Blog 0.4 - (categories.php) Local File Inclusion Quick and Dirty Blog (qdblog) 0.4 - (categories.php) Local File Inclusion badblue 2.72b - Multiple Vulnerabilities BadBlue 2.72b - Multiple Vulnerabilities SquirrelMail G/PGP Plugin - deletekey() Command Injection SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection hp software update client 3.0.8.4 - Multiple Vulnerabilities HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities Microsoft Visual InterDev 6.0-SP6 - '.sln' Local Buffer Overflow Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow QuickTime Player 7.3.1.70 - RTSP Remote Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC) Gradman 0.1.3 - (agregar_info.php) Local File Inclusion Gradman 0.1.3 - 'agregar_info.php' Local File Inclusion mybulletinboard (MyBB) 1.2.10 - Multiple Vulnerabilities MyBulletinBoard (MyBB) 1.2.10 - Multiple Vulnerabilities Mini File Host 1.2 - (upload.php language) Local File Inclusion Crystal Reports XI Release 2 - (Enterprise Tree Control) ActiveX Buffer Overflow/Denial of Service Mini File Host 1.2 - 'language' Parameter Local File Inclusion Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow/Denial of Service Gradman 0.1.3 - (info.php tabla) Local File Inclusion Small Axe 0.3.1 - (linkbar.php cfile) Remote File Inclusion Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.dsr' File Handling Buffer Overflow Gradman 0.1.3 - 'info.php' Local File Inclusion Small Axe 0.3.1 - 'cfile' Parameter Remote File Inclusion Microsoft Visual Basic Enterprise 6 SP6 - '.dsr' File Handling Buffer Overflow Mini File Host 1.2.1 - (upload.php language) Local File Inclusion Mini File Host 1.2.1 - 'language' Parameter Local File Inclusion Frimousse 0.0.2 - explorerdir.php Local Directory Traversal 360 Web Manager 3.0 - (IDFM) SQL Injection bloofox 0.3 - (SQL Injection / File Disclosure) Multiple Vulnerabilities Frimousse 0.0.2 - 'explorerdir.php' Local Directory Traversal 360 Web Manager 3.0 - 'IDFM' Parameter SQL Injection bloofox 0.3 - SQL Injection / File Disclosure Mooseguy Blog System 1.0 - (blog.php month) SQL Injection Mooseguy Blog System 1.0 - 'month' Parameter SQL Injection IDM-OS 1.0 - (download.php Filename) File Disclosure IDM-OS 1.0 - 'Filename' Parameter File Disclosure MoinMoin 1.5.x - MOIND_ID cookie Bug Remote Exploit aflog 1.01 - comments.php Cross-Site Scripting / SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote Exploit aflog 1.01 - Cross-Site Scripting / SQL Injection Easysitenetwork Recipe - 'categoryId' SQL Injection Coppermine Photo Gallery 1.4.14 - SQL Injection Easysitenetwork Recipe - 'categoryId' Parameter SQL Injection Coppermine Photo Gallery 1.4.10 - SQL Injection web wiz rich text editor 4.0 - Multiple Vulnerabilities Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities Seagull 0.6.3 - (optimizer.php files) Remote File Disclosure Seagull 0.6.3 - 'optimizer.php' Remote File Disclosure Joomla! Component Marketplace 1.1.1 - SQL Injection Joomla! Component com_Marketplace 1.1.1 - SQL Injection ASPapp - 'links.asp CatId' SQL Injection ASPapp Knowledge Base - 'links.asp CatId' SQL Injection ZYXEL ZyWALL Quagga/Zebra - (default pass) Remote Root Exploit ZYXEL ZyWALL Quagga/Zebra - (Default Password) Remote Root Exploit Quick TFTP Pro 2.1 - Remote SEH Overflow Quick TFTP Server Pro 2.1 - Remote SEH Overflow Microsoft Office XP SP3 - PPT File Buffer Overflow (MS08-016) Microsoft Office XP SP3 - '.PPT' File Buffer Overflow (MS08-016) HP OpenView NNM 7.5.1 - OVAS.exe SEH Unauthenticated Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow Microsoft Visual InterDev 6.0 - (SP6) SLN File Local Buffer Overflow (PoC) Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC) Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.DSR' File Local Buffer Overflow Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow hp openview nnm 7.53 - Multiple Vulnerabilities HP OpenView Network Node Manager (OV NNM) 7.53 - Multiple Vulnerabilities PHPKB 1.5 Knowledge Base - 'ID' SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection Microsoft Windows GDI - Image Parsing Stack Overflow (MS08-021) Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021) HP OpenView NNM 7.5.1 - ovalarmsrv.exe Remote Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ZeusCart 2.0 - (category_list.php) SQL Injection ZeusCart 2.0 - 'category_list.php' SQL Injection Zomplog 3.8.2 - (newuser.php) Arbitrary Add Admin Zomplog 3.8.2 - 'newuser.php' Arbitrary Add Admin Zomplog 3.8.2 - (force_download.php) File Disclosure Zomplog 3.8.2 - 'force_download.php' File Disclosure PHP AGTC-Membership System 1.1a - Arbitrary Add Admin PHP-AGTC Membership System 1.1a - Arbitrary Add Admin PHP Booking Calendar 10 d - SQL Injection phpBookingCalendar 10 d - SQL Injection SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC) Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC) Yuhhu 2008 SuperStar - (board) SQL Injection Yuhhu 2008 SuperStar - 'board' SQL Injection gravity board x 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities gl-sh deaf forum 6.5.5 - Multiple Vulnerabilities GL-SH Deaf Forum 6.5.5 - Multiple Vulnerabilities Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow trixbox - (langChoice) Local File Inclusion (connect-back) (2) Trixbox - (langChoice) Local File Inclusion (connect-back) (2) Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow Artic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Ppim 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities pPIM 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities Cisco WebEx Meeting Manager - 'atucfobj.dll' ActiveX Remote Buffer Overflow Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX Remote Buffer Overflow Ppim 1.0 - (upload/change Password) Multiple Vulnerabilities pPIM 1.0 - (upload/change Password) Multiple Vulnerabilities z-breaknews 2.0 - (single.php) SQL Injection z-breaknews 2.0 - 'single.php' SQL Injection Ultra Office - ActiveX Control Remote Buffer Overflow Ultra Shareware Office Control - ActiveX Control Remote Buffer Overflow Micrsoft Windows GDI - (CreateDIBPatternBrushPt) Heap Overflow (PoC) Microsoft Windows - GDI (CreateDIBPatternBrushPt) Heap Overflow (PoC) phpvid 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - (page) SQL Injection phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection Microsoft Windows Media Encoder XP SP2 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) Microsoft Windows Media Encoder (Windows XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash Apple QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash Microsoft Windows GDI+ - '.ico' Remote Division By Zero Exploit Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit Microsoft Windows GDI - (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) opennms < 1.5.96 - Multiple Vulnerabilities OpenNMS < 1.5.96 - Multiple Vulnerabilities yerba sacphp 6.3 - Multiple Vulnerabilities Yerba SACphp 6.3 - Multiple Vulnerabilities Microsoft Windows GDI+ - PoC (MS08-052) (2) Microsoft Windows - GDI+ PoC (MS08-052) (2) zeeproperty - (adid) SQL Injection zeeproperty - 'adid' SQL Injection TUGzip 3.00 archiver - '.zip' Local Buffer Overflow TugZip 3.00 Archiver - '.zip' Local Buffer Overflow AJ ARTICLE - 'featured_article.php mode' SQL Injection AJ Article - 'featured_article.php mode' SQL Injection Article Publisher PRO 1.5 - Insecure Cookie Handling Graugon PHP Article Publisher Pro 1.5 - Insecure Cookie Handling YourFreeWorld Classifieds - (category) SQL Injection YourFreeWorld Classifieds - 'category' SQL Injection PG Roomate Finder Solution - (Authentication Bypass) SQL Injection Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) Apple iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) asp AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection phpmygallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Hex Workshop 6.0 - (ColorMap files .cmap) Invalid Memory Reference (PoC) Hex Workshop 6.0 - '.cmap' Invalid Memory Reference (PoC) ProFTPd with mod_mysql - Authentication Bypass ProFTPd - 'mod_mysql' Authentication Bypass ppim 1.0 - Multiple Vulnerabilities pPIM 1.0 - Multiple Vulnerabilities Orbit 2.8.4 - Long Hostname Remote Buffer Overflow Orbit Downloader 2.8.4 - Long Hostname Remote Buffer Overflow Merak Media PLayer 3.2 - '.m3u' File Local Buffer Overflow (SEH) Merak Media Player 3.2 - '.m3u' File Local Buffer Overflow (SEH) Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Files Local Heap Overflow (PoC) Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Local Heap Overflow (PoC) bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Racer 0.5.3b5 - Remote Stack Buffer Overflow Racer 0.5.3 Beta 5 - Remote Stack Buffer Overflow Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash Apple Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash Gravity Board X 2.0b - SQL Injection / Authenticated Code Execution Gravity Board X 2.0 Beta - SQL Injection / Authenticated Code Execution Online Guestbook Pro - (display) Blind SQL Injection Esoftpro Online Guestbook Pro - (display) Blind SQL Injection tematres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ZaoCMS - (user_id) SQL Injection ZaoCMS - 'user_id' SQL Injection Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC) Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC) ZeeCareers 2.0 - (addAdminmembercode.php) Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection Impact Software AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection WebBoard 2.90 Beta - Remote File Disclosure 212Cafe WebBoard 2.90 Beta - Remote File Disclosure ZeusCart 2.3 - (maincatid) SQL Injection ZeusCart 2.3 - 'maincatid' SQL Injection DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection Worldweaver DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) OtsAv DJ/TV/Radio - Multiple Local Heap Overflow PoCs otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs Microsoft Office Web Components (Spreadsheet) - ActiveX Buffer Overflow (PoC) Microsoft Office Web Components (OWC) Spreadsheet - ActiveX Buffer Overflow (PoC) DD-WRT - (httpd service) Remote Command Execution DD-WRT HTTPd Daemon/Service - Remote Command Execution GLinks 2.1 - (cat) Blind SQL Injection Groone's GLink ORGanizer 2.1 - (cat) Blind SQL Injection XOOPS celepar module qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Amaya 11.2 W3C Editor/Browser - (defer) Remote Buffer Overflow (SEH) Amaya 11.2 - W3C Editor/Browser (defer) Remote Buffer Overflow (SEH) Payment Processor Script - 'shop.htm cid' SQL Injection Payment Processor Script (PPScript) - 'shop.htm cid' SQL Injection Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) Apple Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) BandCMS 0.10 - news.php Multiple SQL Injection Rock Band CMS 0.10 - news.php Multiple SQL Injection Microsoft IIS 5.0 (Windows 2000 SP4) - FTP Server Remote Stack Overflow Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Eureka Mail Client 2.2q - PoC Buffer Overflow Eureka Email Client 2.2q - PoC Buffer Overflow Solaris 8.0 - LPD Command Execution (Metasploit) Solaris 8.0 LPD - Command Execution (Metasploit) Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit) Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) Apple Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit) Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) ntpd 4.0.99j-k readvar - Buffer Overflow (Metasploit) NTPd 4.0.99j-k readvar - Buffer Overflow (Metasploit) Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) PoPToP < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) BulletProof FTP 2.63 b56 - Client Malformed '.bps' File Stack Buffer Overflow BulletProof FTP Client 2.63 b56 - Malformed '.bps' File Stack Buffer Overflow Dopewars 1.5.12 Server - Denial of Service Dopewars Server 1.5.12 - Denial of Service Free Download Manager Torrent File Parsing - Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) HP LaserJet printers - Multiple Persistent Cross-Site Scripting Vulnerabilities HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Adobe Shockwave 11.5.1.601 Player - Multiple Code Execution Adobe Shockwave Player 11.5.1.601 - Multiple Code Execution HP Power Manager Administration - Universal Buffer Overflow Hewlett-Packard (HP) Power Manager Administration Power Manager Administration - Universal Buffer Overflow Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service HP Openview NNM 7.53 - Invalid DB Error Code HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code Quick.Cart 3.4 and Quick.CMS 2.4 - Cross-Site Request Forgery Quick.Cart 3.4 / Quick.CMS 2.4 - Cross-Site Request Forgery Eureka Mail Client - Remote Buffer Overflow Eureka Email Client - Remote Buffer Overflow IDEAL Administration 2009 9.7 - Local Buffer Overflow PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow phpshop 0.8.1 - Multiple Vulnerabilities phpShop 0.8.1 - Multiple Vulnerabilities IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) PointDev IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) HP NNM 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow DigitalHive - Multiple Vulnerabilities Digital Hive - Multiple Vulnerabilities zabbix server - Multiple Vulnerabilities Zabbix Server - Multiple Vulnerabilities freekot - (Authentication Bypass) SQL Injection Digiappz Freekot - (Authentication Bypass) SQL Injection TFTP Daemon 1.9 - Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Denial of Service B2B Trading Marketplace - SQL Injection SoftBiz B2B trading Marketplace Script - SQL Injection Mini-stream - Windows XP SP2 and SP3 Exploit Mini-stream Ripper (Windows XP SP2/SP3) - Exploit Audiotran 1.4.1 - (Win XP SP2/SP3 English) Buffer Overflow Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Buffer Overflow Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service Apple Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service iTunes 9.0.1 - '.pls' Handling Buffer Overflow Apple iTunes 9.0.1 - '.pls' Handling Buffer Overflow Apple Safari 4.0.4 & Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service/PoC Apple Safari 4.0.4 / Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service (PoC) Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service Apple Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service bild flirt system 2.0 - 'index.php' 'id' SQL Injection Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection SAFARI APPLE 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) iOS Safari - Bad 'VML' Remote Denial of Service iOS Safari - Remote Denial of Service Apple iOS Safari - Bad 'VML' Remote Denial of Service Apple iOS Safari - Remote Denial of Service HP OpenView NNM - OvWebHelp.exe CGI Topic Overflow HP OpenView Network Node Manager (OV NNM) - OvWebHelp.exe CGI Topic Overflow Adobe Reader - Escape From PDF Adobe Reader - Escape From '.PDF' TugZip 3.5 - '.ZIP' File Buffer Overflow TugZip 3.5 Archiver - '.ZIP' File Buffer Overflow Joomla! Component jp_jobs - SQL Injection Joomla! Component com_jp_jobs - SQL Injection Joomla! Component QPersonel - SQL Injection Joomla! Component com_QPersonel - SQL Injection Bild Flirt 1.0 - SQL Injection Bild Flirt System 1.0 - SQL Injection Safari 4.0.5 - (531.22.7) Denial of Service Apple Safari 4.0.5 - (531.22.7) Denial of Service Webkit (Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service Safari 4.0.3 / 4.0.4 - Stack Exhaustion Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion 724CMS Enterprise 4.59 - SQL Injection PHPKB Knowledge Base Software 2.0 - Multilanguage Support - Multiple SQL Injections 724CMS 4.59 Enterprise - SQL Injection PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections Joomla! Component JE Job - Local File Inclusion Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Joomla! Component com_jejob 1.0 - 'catid' SQL Injection Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection Savy Soda Documents - (Mobile Office Suite) XLS Denial of Service Office^2 iPhone - XLS Denial of Service GoodiWare GoodReader iPhone - XLS Denial of Service Savy Soda Documents - (Mobile Office Suite) '.XLS' Denial of Service Office^2 iPhone - '.XLS' Denial of Service GoodiWare GoodReader iPhone - '.XLS' Denial of Service Yamamah (news) - SQL Injection / Source Code Disclosure Yamamah - 'news' SQL Injection / Source Code Disclosure Unreal IRCD 3.2.8.1 - Remote Downloader/Execute Trojan UnrealIRCd 3.2.8.1 - Remote Downloader/Execute Trojan k-search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities YPNinc JokeScript - (ypncat_id) SQL Injection YPNinc JokeScript - 'ypncat_id' SQL Injection YPNinc PHP Realty Script - (docID) SQL Injection YPNinc PHP Realty Script - 'docID' SQL Injection HP OpenView NNM - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView NNM - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView NNM - getnnmdata.exe CGI Invalid Hostname Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution Apple Mac OSX (Snow Leopard) EvoCam Web Server - ROP Remote Exploit Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Exploit HP NNM 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) Safari Browser 4.0.2 - Clickjacking Apple Safari 4.0.2 - Clickjacking Barcodewiz 3.29 - Barcode ActiveX Control Remote Heap Spray Exploit (Internet Explorer 6/7' Barcodewiz Barcode ActiveX Control 3.29 - Remote Heap Spray Exploit (Internet Explorer 6/7) Apple iOS - pdf Jailbreak Exploit Apple iOS - '.pdf' Jailbreak Exploit HP OpenView NNM 7.53 OvJavaLocale - Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow Microsoft Power Point 2010 - 'pptimpconv.dll' DLL Hijacking Microsoft PowerPoint 2010 - 'pptimpconv.dll' DLL Hijacking Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking Apple Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking MediaPlayer Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking HP OpenView NNM - webappmon.exe execvp_nc Remote Code Execution HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution AdaptCMS 2.0.1 Beta Release - Remote File Inclusion (Metasploit) AdaptCMS 2.0.1 Beta - Remote File Inclusion (Metasploit) DATAC RealWin 2.0 (Build 6.1.8.10) - Buffer Overflow DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow FatPlayer 0.6b - '.wav' Buffer Overflow (SEH) Fat Player 0.6b - '.wav' Buffer Overflow (SEH) CubeCart 2.0.1 - SQL Injection Brooky CubeCart 2.0.1 - SQL Injection DATAC RealWin SCADA 1.06 - Buffer Overflow DATAC RealWin SCADA Server 1.06 - Buffer Overflow pilot cart 7.3 - Multiple Vulnerabilities ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities Mp3-Nator 2.0 - Buffer Overflow (SEH) MP3-Nator 2.0 - Buffer Overflow (SEH) Safari 5.02 - Stack Overflow Denial of Service Apple Safari 5.02 - Stack Overflow Denial of Service Microsoft Windows Task Scheduler - Privilege Escalation Microsoft Windows - Task Scheduler Privilege Escalation Pandora Fms 3.1 - Authentication Bypass Pandora FMS 3.1 - Authentication Bypass bugtracker.net 3.4.4 - Multiple Vulnerabilities BugTracker.NET 3.4.4 - Multiple Vulnerabilities Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow WMITools ActiveX - Remote Command Execution Microsoft WMITools ActiveX - Remote Command Execution VideoSpirit Pro 1.68 - Local Buffer Overflow VeryTools VideoSpirit Pro 1.68 - Local Buffer Overflow Apple Mac OSX iTunes 8.1.1 - ITms Overflow (Metasploit) Apple iTunes 8.1.1 (Mac OSX) - ITms Overflow (Metasploit) PeaZip 2.6.1 - Zip Processing Command Injection (Metasploit) PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit) Sun Java - System Web Server WebDAV OPTIONS Buffer Overflow (Metasploit) Sun Java Web Server - System WebDAV OPTIONS Buffer Overflow (Metasploit) Apache Tomcat Manager Application Deployer - Authenticated Code Execution (Metasploit) Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit) Solaris sadmind - Command Execution (Metasploit) Solaris Sadmind - Command Execution (Metasploit) Sun Solaris - Telnet Remote Authentication Bypass (Metasploit) Sun Solaris Telnet - Remote Authentication Bypass (Metasploit) Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit) Oracle 8i TNS Listener - 'ARGUMENTS' Buffer Overflow (Metasploit) Motorola Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit) Oracle 8i - TNS Listener 'ARGUMENTS' Buffer Overflow (Metasploit) TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3CTftpSvc TFTP - Long Mode Buffer Overflow (Metasploit) Quick FTP Pro 2.1 - Transfer-Mode Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - Long Mode Buffer Overflow (Metasploit) Quick TFTP Server Pro 2.1 - Transfer-Mode Overflow (Metasploit) Allied Telesyn TFTP Server 1.9 - Long Filename Overflow (Metasploit) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Long Filename Overflow (Metasploit) CA BrightStor - ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit) Eureka Email 2.2q - ERR Remote Buffer Overflow (Metasploit) (2) Eureka Email Client 2.2q - ERR Remote Buffer Overflow (Metasploit) (2) FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) Kerio Firewall 2.1.4 - Authentication Packet Overflow (Metasploit) Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Kerio Personal Firewall 2.1.4 - Authentication Packet Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Mercury/32 <= 4.01b - LOGIN Buffer Overflow (Metasploit) Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) MailEnable IMAPD (2.35) - Login Request Buffer Overflow (Metasploit) Mercur 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit) Mdaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit) Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) MailEnable IMAPD Professional (2.35) - Login Request Buffer Overflow (Metasploit) Mercur MailServer 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) IMail IMAP4D - Delete Overflow (Metasploit) IPSwitch IMail IMAP4D - Delete Overflow (Metasploit) Mercury/32 4.01a - IMAP RENAME Buffer Overflow (Metasploit) Mercury/32 Mail Server 4.01a - IMAP RENAME Buffer Overflow (Metasploit) Ipswitch IMail - IMAP SEARCH Buffer Overflow (Metasploit) Ipswitch IMail Server - IMAP SEARCH Buffer Overflow (Metasploit) AOL Instant Messenger - goaway Overflow (Metasploit) AOL Instant Messenger AIM - goaway Overflow (Metasploit) Microsoft OWC Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Zenturi ProgramChecker - ActiveX Control Arbitrary File Download (Metasploit) Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit) Tumbleweed FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) RKD Software 'BarCodeAx.dll' 4.9 - ActiveX Remote Stack Buffer Overflow (Metasploit) RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Stack Buffer Overflow (Metasploit) RealNetworks RealPlayer - SMIL Buffer Overflow (Metasploit) RealNetworks RealPlayer - '.SMIL' Buffer Overflow (Metasploit) Adobe Shockwave - rcsL Memory Corruption (Metasploit) Adobe Shockwave Player - rcsL Memory Corruption (Metasploit) Microsoft Internet Explorer - VML Fill Method Code Execution (Metasploit) Microsoft Internet Explorer - (VML) Fill Method Code Execution (Metasploit) WebEx UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) ACDSee - XPM File Section Buffer Overflow (Metasploit) ACDSee - '.XPM' File Section Buffer Overflow (Metasploit) HT-MP3Player 1.0 HT3 - File Parsing Buffer Overflow (Metasploit) HT-MP3Player 1.0 - '.HT3' File Parsing Buffer Overflow (Metasploit) Orbital Viewer - ORB File Parsing Buffer Overflow (Metasploit) Orbital Viewer - '.ORB' File Parsing Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - pls Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Qbik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit) QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit) Medal Of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit) Medal of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit) Cesar FTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) Serv-U FTPD - MDTM Overflow (Metasploit) RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - XMD5 Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - (XMD5) Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP - 'Username' Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit) FileCopa FTP Server pre 18 Jul Version - Exploit (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit) SentinelLM - UDP Buffer Overflow (Metasploit) Sentinel LM - UDP Buffer Overflow (Metasploit) Apache module Mod_Rewrite - LDAP protocol Buffer Overflow (Metasploit) Xitami 2.5c2 Web Server - If-Modified-Since Overflow (Metasploit) Apache (mod_rewrite) - LDAP protocol Buffer Overflow (Metasploit) Xitami Web Server 2.5c2 - If-Modified-Since Overflow (Metasploit) Sambar 6 - Search Results Buffer Overflow (Metasploit) Sambar Server 6 - Search Results Buffer Overflow (Metasploit) IA WebMail 3.x - Buffer Overflow (Metasploit) IA WebMail Server 3.x - Buffer Overflow (Metasploit) Savant 3.1 Web Server - Overflow Exploit (Metasploit) Savant Web Server 3.1 - Overflow Exploit (Metasploit) HP OpenView NNM 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) Hewlett-Packard Power Manager Administration - Buffer Overflow (Metasploit) Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit) Ipswitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) IPSwitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) PSO Proxy 0.91 - Stack Buffer Overflow (Metasploit) PSOProxy 0.91 - Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovalarm.exe CGI Buffer Overflow (Metasploit) Apache mod_jk 1.2.20 - Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit) Apache Tomcat mod_jk 1.2.20 - Buffer Overflow (Metasploit) NaviCOPA 2.0.1 - URL Handling Buffer Overflow (Metasploit) NaviCOPA Web Server 2.0.1 - URL Handling Buffer Overflow (Metasploit) MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) YPOPS 0.6 - Buffer Overflow (Metasploit) YahooPOPs (YPOPS) 0.6 - Buffer Overflow (Metasploit) Mercury Mail SMTP AUTH CRAM-MD5 - Buffer Overflow (Metasploit) Mercury/32 Mail SMTPD - AUTH CRAM-MD5 Buffer Overflow (Metasploit) IMail LDAP Service - Buffer Overflow (Metasploit) IPSwitch IMail LDAP Daemon/Service - Buffer Overflow (Metasploit) GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) Poptop - Negative Read Overflow (Metasploit) UoW IMAP server - LSUB Buffer Overflow (Metasploit) PoPToP - Negative Read Overflow (Metasploit) UoW IMAPd Server - LSUB Buffer Overflow (Metasploit) DD-WRT HTTP Daemon - Arbitrary Command Execution (Metasploit) DD-WRT HTTPd Daemon/Service - Arbitrary Command Execution (Metasploit) Samba (Linux/x86) - trans2open Overflow (Metasploit) iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) AppleFileServer - LoginExt PathName Overflow (Metasploit) Samba (Linux x86) - trans2open Overflow (Metasploit) Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) AppleFileServer (OSX) - LoginExt PathName Overflow (Metasploit) Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Safari - Archive Metadata Command Execution (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Apple Safari - Archive Metadata Command Execution (Metasploit) iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Mail.app - Image Attachment Command Execution (Metasploit) Apple Mail.app - Image Attachment Command Execution (Metasploit) Apple Mac OSX QuickTime - RTSP Content-Type Overflow (Metasploit) Apple Mac OSX EvoCam - HTTP GET Buffer Overflow (Metasploit) Apple QuickTime (Mac OSX) - RTSP Content-Type Overflow (Metasploit) Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit) Samba trans2open (BSD/x86) - Overflow Exploit (Metasploit) Samba (BSD x86) - trans2open Overflow Exploit (Metasploit) PHP XML-RPC - Arbitrary Code Execution (Metasploit) XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit) AWStats 6.4 < 6.5 migrate - Remote Command Execution (Metasploit) HP Openview - connectedNodes.ovpl Remote Command Execution (Metasploit) AWStats 6.4 < 6.5 - migrate Remote Command Execution (Metasploit) HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit) TWiki Search Function - Arbitrary Command Execution (Metasploit) TWiki - Search Function Arbitrary Command Execution (Metasploit) Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit) The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit) Novell iPrint Client ActiveX Control 5.52 - Buffer Overflow (Metasploit) Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit) Kolibri 2.0 - HTTP Server HEAD Buffer Overflow (Metasploit) Kolibri HTTP Server 2.0 - HEAD Buffer Overflow (Metasploit) 7-Technologies igss 9.00.00.11059 - Multiple Vulnerabilities 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities HP OpenView NNM - nnmRptConfig nameParams Buffer Overflow (Metasploit) HP NNM - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP NNM - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig nameParams Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP OpenView NNM - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) VeryTools Video Spirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) VeryTools VideoSpirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) eyeos 1.9.0.2 - Persistent Cross-Site Scripting using image files eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files Golden FTP 4.70 - PASS Stack Buffer Overflow (Metasploit) Golden FTP Server 4.70 - PASS Stack Buffer Overflow (Metasploit) manageengine support center plus 7.8 build 7801 - Directory Traversal ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal Safari 5.0.6/5.1 - SVG DOM Processing (PoC) Apple Safari 5.0.6/5.1 - SVG DOM Processing (PoC) Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass) Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass) TugZip 3.5 - '.ZIP' File Parsing Buffer Overflow (Metasploit) TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit) Sports PHool 1.0 - Remote File Inclusion SportsPHool 1.0 - Remote File Inclusion Mini-stream 3.0.1.1 - Buffer Overflow (3) Mini-stream Ripper 3.0.1.1 - Buffer Overflow (3) Log1CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Log1 CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Zabbix 1.8.4 - (popup.php) SQL Injection Zabbix 1.8.4 - 'popup.php' SQL Injection CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit '.m3u' (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow SEH Exploit (Metasploit) Serv-U FTP Server < 4.2 - Buffer Overflow (Metasploit) RhinoSoft Serv-U FTPd Server < 4.2 - Buffer Overflow (Metasploit) Family Connections - less.php Remote Command Execution (Metasploit) Family Connections CMS - 'less.php' Remote Command Execution (Metasploit) FCMS 2.7.2 CMS - Multiple Persistent Cross-Site Scripting Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting openemr 4 - Multiple Vulnerabilities Safari - GdiDrawStream BSoD OpenEMR 4 - Multiple Vulnerabilities Apple Safari - GdiDrawStream BSoD clip bucket 2.6 - Multiple Vulnerabilities Clipbucket 2.6 - Multiple Vulnerabilities Tube Ace(Adult PHP Tube Script) - SQL Injection Tube Ace (Adult PHP Tube Script) - SQL Injection Dolibarr CMS 3.2.0 < Alpha - File Inclusion Dolibarr 3.2.0 < Alpha - File Inclusion PBLang - Local File Inclusion PBLang Bulletin Board System - Local File Inclusion NetDecision 4.5.1 - HTTP Server Buffer Overflow (Metasploit) Netmechanica NetDecision HTTP Server 4.5.1 - Buffer Overflow (Metasploit) Ricoh DC Software DL-10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow Sitecom WLM-2501 new - Multiple Cross-Site Request Forgery Vulnerabilities Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities Ricoh DC DL-10 SR10 - FTP USER Command Buffer Overflow (Metasploit) Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit) TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam - ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow Quest InTrust Annotation Objects - Uninitialized Pointer (Metasploit) Quest InTrust - Annotation Objects Uninitialized Pointer (Metasploit) TFTP Server for Windows 1.4 - ST WRQ Buffer Overflow (Metasploit) TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit) samsung net-i ware 1.37 - Multiple Vulnerabilities Samsung NET-i ware 1.37 - Multiple Vulnerabilities iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) Apple iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) GIMP - script-fu Server Buffer Overflow (Metasploit) GIMP script-fu - Server Buffer Overflow (Metasploit) SugarCRM 6.3.1 - Unserialize() PHP Code Execution (Metasploit) SugarCRM CE 6.3.1 - Unserialize() PHP Code Execution (Metasploit) Openfire 3.6.0a - Admin Console Authentication Bypass (Metasploit) Openfire Server 3.6.0a - Admin Console Authentication Bypass (Metasploit) Tiki Wiki 8.3 - Unserialize() PHP Code Execution (Metasploit) Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution (Metasploit) Ipswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption Ipswitch IMail Server 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption UoW imapd 10.234/12.264 - Buffer Overflow UoW imapd 10.234/12.264 - LSUB Buffer Overflow (Metasploit) UoW imapd 10.234/12.264 - COPY Buffer Overflow (Metasploit) UoW IMAPd Server 10.234/12.264 - Buffer Overflow UoW IMAPd Server 10.234/12.264 - LSUB Buffer Overflow (Metasploit) UoW IMAPd Serve 10.234/12.264 - COPY Buffer Overflow (Metasploit) RedHat 6.2 - Piranha Virtual Server Package Default Account and Password RedHat 6.2 Piranha Virtual Server Package - Default Account and Password Microsoft Windows - Escalate Task Scheduler XML Privilege Escalation (Metasploit) Microsoft Windows - Task Scheduler XML Privilege Escalation (Metasploit) hp jetadmin 5.5.177/jetadmin 5.6 - Directory Traversal HP JetAdmin 5.5.177/jetadmin 5.6 - Directory Traversal Alienvault OSSIM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection RedHat 6 - glibc/locale Subsystem Format String Solaris 2.6/7.0 - /locale Subsystem Format String RedHat 6 GLIBC/locale - Subsystem Format String Solaris 2.6/7.0 /locale - Subsystem Format String Solaris 2.6/7.0 - 'eject' locale Subsystem Format String Solaris 2.6/7.0 'eject' locale - Subsystem Format String Microsoft IIS 4.0/5.0 and PWS Extended Unicode - Directory Traversal (5) Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (5) RedHat restore 0.4 b15 - Insecure Environment Variables RedHat 0.4 b15 restore - Insecure Environment Variables Viscosity OpenVPN Client (OSX) - Privilege Escalation Viscosity - Privilege Escalation Solaris 2.x/7.0/8 catman - Race Condition (1) Solaris 2.x/7.0/8 catman - Race Condition (2) Solaris 2.x/7.0/8 Catman - Race Condition (1) Solaris 2.x/7.0/8 Catman - Race Condition (2) sap NetWeaver dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities T-dah Webmail - Multiple Persistent Cross-Site Scripting T-dah Webmail Client - Multiple Persistent Cross-Site Scripting Ntpd - Remote Buffer Overflow NTPd - Remote Buffer Overflow Ipswitch WS_FTP 2.0 - Anonymous Multiple FTP Command Buffer Overflow Ipswitch WS_FTP Server 2.0 - Anonymous Multiple FTP Command Buffer Overflow Solaris 2.x/7.0/8 lpd - Remote Command Execution HP-UX 11.0 SWVerify - Buffer Overflow Solaris 2.x/7.0/8 LPD - Remote Command Execution HP-UX 11.0 - SWVerify Buffer Overflow phusion WebServer 1.0 - Directory Traversal (1) phusion WebServer 1.0 - Directory Traversal (2) Phusion WebServer 1.0 - Directory Traversal (1) Phusion WebServer 1.0 - Directory Traversal (2) Progress 9.1 - sqlcpp Local Buffer Overflow Progress Database 9.1 - sqlcpp Local Buffer Overflow PsyBNC 2.3 - Oversized Passwords Denial of Service psyBNC 2.3 - Oversized Passwords Denial of Service Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1) Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2) WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1) WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2) Midicart - PHP Arbitrary File Upload Midicart PHP - Arbitrary File Upload otrs 3.1 - Persistent Cross-Site Scripting OTRS 3.1 - Persistent Cross-Site Scripting EType EServ 2.9x POP3 - Remote Denial of Service EType EServ 2.9x - POP3 Remote Denial of Service Invision Power Board 3.3.4 - 'Unserialize()' PHP Code Execution Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution Invision Power Board 3.3.4 - Unserialize Regex Bypass Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass ttCMS 2.2 - / ttForum 1.1 news.php template Parameter Remote File Inclusion ttCMS 2.2 - / ttForum 1.1 install.php installdir Parameter Remote File Inclusion ttCMS 2.2 / ttForum 1.1 - news.php template Parameter Remote File Inclusion ttCMS 2.2 / ttForum 1.1 - install.php installdir Parameter Remote File Inclusion Invision IP.Board 3.3.4 - Unserialize() PHP Code Execution (Metasploit) Invision Power Board (IP.Board) 3.3.4 - Unserialize() PHP Code Execution (Metasploit) NFR Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit) Novell File Reporter (NFR) Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit) Kerio MailServer 5.6.3 - add_acl Module Overflow Kerio MailServer 5.6.3 add_acl Module - Overflow phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 - pagemaster Module PAGE_id Parameter Cross-Site Scripting phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module - PAGE_id Parameter Cross-Site Scripting IBM System Director - Remote System Level Exploit IBM System Director Agent - Remote System Level Exploit Tectia SSH - USERAUTH Change Request Password Reset (Metasploit) (SSH.com Communications) SSH Tectia - USERAUTH Change Request Password Reset (Metasploit) Oracle MySQL for Microsoft Windows - MOF Execution (Metasploit) Oracle MySQL (Windows) - MOF Execution (Metasploit) CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1) CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2) GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1) GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2) IWConfig - Local ARGV Command Line Buffer Overflow (1) IWConfig - Local ARGV Command Line Buffer Overflow (2) IWConfig - Local ARGV Command Line Buffer Overflow (3) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (1) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (2) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (3) Novell File Reporter Agent - XML Parsing Remote Code Execution Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (1) RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (2) RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (1) RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (2) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4) Alan Ward A-Cart 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Nagios - history.cgi Remote Command Execution Nagios3 - history.cgi Remote Command Execution phpshop 2.0 - SQL Injection phpShop 2.0 - SQL Injection Freesshd - Authentication Bypass (Metasploit) FreeSSHD - Authentication Bypass (Metasploit) RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Open Proxy Relay RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Arbitrary File Access RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Open Proxy Relay RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Arbitrary File Access SLMail 5.5 - POP3 PASS Remote Buffer Overflow SLMail 5.5 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow AT-TFTP Server 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Microsoft Windows Light HTTPD 0.1 - Buffer Overflow Light HTTPD 0.1 (Windows) - Buffer Overflow MSN Messenger 6.2.0137 - '.png' Buffer Overflow Microsoft MSN Messenger 6.2.0137 - '.png' Buffer Overflow Smail-3 - Multiple Remote and Local Vulnerabilities Smail 3 - Multiple Remote and Local Vulnerabilities Cisco Linksys E4200 Firmware - Multiple Vulnerabilities Cisco Linksys E4200 - Multiple Vulnerabilities Salim Gasmi GLD 1.x - Postfix Greylisting Daemon Buffer Overflow Salim Gasmi GLD (Greylisting Daemon) 1.x - Postfix Greylisting Daemon Buffer Overflow Claroline 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection Claroline E-Learning 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline E-Learning 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection PHPCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection phpCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection NPDS 4.8 - /5.0 admin.php language Parameter Cross-Site Scripting NPDS 4.8 - /5.0 powerpack_f.php language Parameter Cross-Site Scripting NPDS 4.8 - /5.0 sdv_infos.php sitename Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - admin.php language Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - powerpack_f.php language Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - sdv_infos.php sitename Parameter Cross-Site Scripting NPDS 4.8 - /5.0 reviews.php title Parameter Cross-Site Scripting NPDS 4.8 - /5.0 reply.php image_subject Parameter Cross-Site Scripting NPDS 4.8 - /5.0 Glossaire Module terme Parameter SQL Injection NPDS 4.8 - /5.0 links.php Query Parameter SQL Injection NPDS 4.8 - /5.0 faq.php categories Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - reviews.php title Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - reply.php image_subject Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - Glossaire Module terme Parameter SQL Injection NPDS 4.8 < 5.0 - links.php Query Parameter SQL Injection NPDS 4.8 < 5.0 - faq.php categories Parameter Cross-Site Scripting SlimServe httpd 1.0/1.1 - Directory Traversal WhitSoft SlimServe httpd 1.0/1.1 - Directory Traversal Quick TFTP Server 2.2 - Denial of Service Quick TFTP Server Pro 2.2 - Denial of Service aeNovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection XMB 1.9.3 - u2u.php Cross-Site Scripting XMB Forum 1.9.3 - u2u.php Cross-Site Scripting PHPAlbum 0.2.3/4.1 - Local File Inclusion PHP Photo Album 0.2.3/4.1 - Local File Inclusion Zoom X4/X5 ADSL Modem - Multiple Vulnerabilities Zoom Telephonics X4/X5 ADSL Modem - Multiple Vulnerabilities BlazeDVD Pro player 6.1 - Stack Based Buffer Overflow (Direct Ret) BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct Ret) NetBSD mail.local - Privilege Escalation (Metasploit) NetBSD mail.local(8) - Privilege Escalation (Metasploit) PCMAN FTP 2.07 - PASS Command Buffer Overflow PCMan FTP Server 2.07 - PASS Command Buffer Overflow PCMAN FTP 2.07 - STOR Command Buffer Overflow PCMan FTP Server 2.07 - STOR Command Buffer Overflow EImagePro - - subList.asp CatID Parameter SQL Injection EImagePro - subList.asp CatID Parameter SQL Injection OZJournals 1.2 - Vname Parameter Cross-Site Scripting OZJournals 1.2 - 'Vname' Parameter Cross-Site Scripting SoftBiz Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBiz Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBiz Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBiz Dating Script 1.0 - news_desc.php id Parameter SQL Injection SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection OZJournals 1.5 - Multiple Input Validation Vulnerabilities Baby FTP server 1.24 - Denial of Service PCMAN FTP 2.07 - STOR Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit) Sophos Web Protection Appliance sblistpack - Arbitrary Command Execution (Metasploit) Sophos Web Protection Appliance - 'sblistpack' Arbitrary Command Execution (Metasploit) Festalon 0.5 - '.HES' Files Remote Heap Buffer Overflow Festalon 0.5 - '.HES' Remote Heap Buffer Overflow EZContents 2.0. - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion EZContents 2.0 - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion Google Earth 4.0.2091 (Beta) - KML/KMZ Files Buffer Overflow Google Earth 4.0.2091 (Beta) - '.KML'/'.KMZ' Buffer Overflow A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk Denial of Service Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service Microsoft Windows NDPROXY - Local SYSTEM Privilege Escalation (MS14-002) Microsoft Windows - 'NDPROXY' Local SYSTEM Privilege Escalation (MS14-002) Fish - Multiple Remote Buffer Overflow Vulnerabilities FiSH-irssi - Multiple Remote Buffer Overflow Vulnerabilities Microsoft Windows XP/2000 - 'WinMM.dll' .WAV Files Remote Denial of Service Microsoft Windows XP/2000 - 'WinMM.dll' / '.WAV' Remote Denial of Service Comersus Cart 7.0.7 Cart - comersus_message.asp redirectUrl Cross-Site Scripting Comersus Cart 7.0.7 - comersus_message.asp redirectUrl Cross-Site Scripting LanDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow SAP DB 7.x - Web Server WAHTTP.exe Multiple Buffer Overflow Vulnerabilities SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities Lanius CMS 1.2.14 - FAQ Module mid Parameter SQL Injection Lanius CMS 1.2.14 - EZSHOPINGCART Module cid Parameter SQL Injection Lanius CMS 1.2.14 FAQ Module - 'mid' Parameter SQL Injection Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' Parameter SQL Injection Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal SafeNet Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal Thomson SpeedTouch 2030 - SIP Invite Message Remote Denial of Service Thomson SpeedTouch ST 2030 (SIP Phone) - SIP Invite Message Remote Denial of Service Uebimiau 2.7.x - 'index.php' Cross-Site Scripting Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting Seagate BlackArmor - Root Exploit Seagate BlackArmor NAS - Root Exploit Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering Apple Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering PCMAN FTP 2.07 - ABOR Command Buffer Overflow PCMAN FTP 2.07 - CWD Command Buffer Overflow PCMan FTP Server 2.07 - ABOR Command Buffer Overflow PCMan FTP Server 2.07 - CWD Command Buffer Overflow HP OpenView Network Node Manager 7.x - (OV NNM) OpenView5.exe Action Parameter Traversal Arbitrary File Access HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access amfphp 1.2 - browser/details class Parameter Cross-Site Scripting amfPHP 1.2 - browser/details class Parameter Cross-Site Scripting PCMAN FTP 2.07 - Buffer Overflow PCMan FTP Server 2.07 - Buffer Overflow Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit Ultra Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit SAFARI Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities Apple Safari Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities Novell Groupwise Messenger 2.0 - Client Buffer Overflow Novell Groupwise Messenger 2.0 Client - Buffer Overflow Meeting Room Booking System - (MRBS) 1.2.6 day.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 week.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 month.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - day.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - week.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - month.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 report.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 help.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - report.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - help.php area Parameter Cross-Site Scripting Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities Oracle VM VirtualBox 3D Acceleration - Multiple Vulnerabilities OpenNms 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNms 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNms 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNms 1.5.x - HTTP Response Splitting OpenNMS 1.5.x - HTTP Response Splitting Lynx 2.8 - '.mailcap' and '.mime.type' Files Local Code Execution Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution Zeeways SHAADICLONE 2.0 - 'admin/home.php' Authentication Bypass Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass Pilot Group PG Roommate - SQL Injection Pilot Group PG Roommate Finder Solution - SQL Injection OpenSSL TLS Heartbeat Extension - Memory Disclosure OpenSSL TLS Heartbeat Extension - ''Heartbleed' Memory Disclosure OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions) OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS versions) Heartbleed OpenSSL - Information Leak Exploit (1) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (1) IBM Director 5.20 - CIM Server Privilege Escalation IBM System Director Agent 5.20 - CIM Server Privilege Escalation Heartbleed OpenSSL - Information Leak Exploit (2) DTLS Support OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (2) (DTLS Support) Kolibri 2.0 - GET Request Stack Buffer Overflow Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow Easy Chat Server 3.1 - Stack Buffer Overflow EFS Easy Chat Server 3.1 - Stack Buffer Overflow Sphider 1.3.6 - Multiple Vulnerabilities Sphider Search Engine 1.3.6 - Multiple Vulnerabilities Kolibri WebServer 2.0 - GET Request SEH Exploit Kolibri Web Server 2.0 - GET Request SEH Exploit MQAC.sys - Arbitrary Write Privilege Escalation (Metasploit) Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) VirtualBox - 3D Acceleration Virtual Machine Escape (Metasploit) VirtualBox Guest Additions - 'VBoxGuest.sys' Privilege Escalation (Metasploit) Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit) Oracle VM VirtualBox Guest Additions 4.3.10r93012 - 'VBoxGuest.sys' Privilege Escalation (Metasploit) Impact Software Ad Peeps - Cross-Site Scripting / HTML Injection Impact Software AdPeeps - Cross-Site Scripting / HTML Injection PPScript - 'shop.htm' SQL Injection Payment Processor Script (PPScript) - 'shop.htm' SQL Injection ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution Microsoft Windows OLE - Remote Code Execution 'Sandworm' Exploit (MS14-060) Microsoft Windows - OLE Remote Code Execution 'Sandworm' Exploit (MS14-060) Eclipse 3.3.2 IDE Help Server - help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting Eclipse 3.3.2 IDE - Help Server help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting TaskFreak 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting TaskFreak 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting TaskFreak 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting TaskFreak! 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting TaskFreak! 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting TaskFreak! 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting WordPress Plugin Wp Symposium 14.11 - Unauthenticated Arbitrary File Upload WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload Pandora 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) Pandora FMS 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) Oracle MySQL for Microsoft Windows - FILE Privilege Abuse (Metasploit) Oracle MySQL (Windows) - FILE Privilege Abuse (Metasploit) Exim ESMTP 4.80 glibc gethostbyname - Denial of Service Exim ESMTP 4.80 - glibc gethostbyname Denial of Service Support Incident Tracker - (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection Support Incident Tracker (SiT!) 3.63 p1 - search.php search_string Parameter SQL Injection alitbang CMS 3.3 - alumni.php hal Parameter SQL Injection Balitbang CMS 3.3 - alumni.php hal Parameter SQL Injection HP Network Node Manager i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting Publish-It - PUI Buffer Overflow (SEH) Publish-It - '.PUI' Buffer Overflow (SEH) WordPress Plugin WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin) WordPress Plugin Marketplace 2.4.0 - Remote Code Execution (Add Admin) Yaws 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Yaws-Wiki 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities abrt (Fedora 21) - Race Condition Abrt (Fedora 21) - Race Condition Webgate WESP SDK 1.2 - ChangePassword Stack Overflow WebGate WESP SDK 1.2 - ChangePassword Stack Overflow Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Oracle - Outside-In DOCX File Parsing Memory Corruption Oracle - Outside-In '.DOCX' File Parsing Memory Corruption iTunes 10.6.1.7 - '.pls' Title Buffer Overflow Apple iTunes 10.6.1.7 - '.pls' Title Buffer Overflow WordPress Plugin Leaflet Maps Marker 0.0.1 for - leaflet_marker.php id Parameter Cross-Site Scripting WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_marker.php id Parameter Cross-Site Scripting Microsoft Windows 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Microsoft Windows Server 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Mozilla Firefox < 39.03 - pdf.js Same Origin Policy Exploit Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Exploit Mozilla Firefox - pdf.js Privileged JavaScript Injection (Metasploit) Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit) MiniUPnP - Multiple Denial of Service Vulnerabilities MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities Kaseya Virtual System Administrator - Multiple Vulnerabilities (2) Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2) Safari - User-Assisted Applescript Exec Attack (Metasploit) Apple Safari - User-Assisted Applescript Exec Attack (Metasploit) Acrobat Reader DC 15.008.20082.15957 - PDF Parsing Memory Corruption Acrobat Reader DC 15.008.20082.15957 - '.PDF' Parsing Memory Corruption Dynamic Biz Website Builder - (QuickWeb) 1.0 apps/news-events/newdetail.asp id Parameter SQL Injection Dynamic Biz Website Builder (QuickWeb) 1.0 - apps/news-events/newdetail.asp id Parameter SQL Injection Xangati XSR And XNR - 'gui_input_test.pl' Remote Command Execution Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap Based Out-of-Bounds Read pdfium CPDF_TextObject::CalcPositionData - Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium CPDF_Function::Call - Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Based Buffer Overflow Foxit Reader 7.2.8.1124 - PDF Parsing Memory Corruption Foxit Reader 7.2.8.1124 - '.PDF' Parsing Memory Corruption Netgear ProSafe Network Management System 300 - Arbitrary File Upload (Metasploit) Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit) Novell Service Desk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Novell ServiceDesk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass MiCasa VeraLite - Remote Code Execution MiCasaVerde VeraLite - Remote Code Execution SmallFTPd 1.0.3 - 'mkd' Command Denial of Service SmallFTPd 1.0.3 - 'mkd' Command Denial Of Service GNU GTypist 2.9.5-2 - Local Buffer Overflow uSQLite 1.0.0 - Denial Of Service HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation Joomla 3.4.4 - 3.6.4 - Account Creation / Privilege Escalation CherryTree 0.36.9 - Memory Corruption (PoC)	2016-10-28 05:01:21 +00:00
Offensive Security	07fdc778ee	DB: 2016-10-21 24 new exploits NetAuctionHelp 4.1 - search.asp SQL Injection Apple Mac OSX 10.4.11 2007-008 - i386_set_ldt System Call Local Arbitrary Code Execution Microsoft Edge - Array.map Heap Overflow (MS16-119) Microsoft Jet Database Engine - '.MDB' File Parsing Remote Buffer Overflow Microsoft Edge - Array.join Info Leak (MS16-119) Windows DeviceApi CMApi PiCMOpenDeviceKey - Arbitrary Registry Key Write Privilege Escalation (MS16-124) Windows DeviceApi CMApi - PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124) HikVision Security Systems - Activex Buffer Overflow Oracle Netbeans IDE 8.1 - Directory Traversal MiCasa VeraLite - Remote Code Execution Oracle BI Publisher 11.1.1.6.0 / 11.1.1.7.0 / 11.1.1.9.0 / 12.2.1.0.0 - XML External Entity Injection Classifieds Rental Script - SQL Injection SAP NetWeaver KERNEL 7.0 < 7.5 - Denial of Service SAP Adaptive Server Enterprise 16 - Denial of Service Event Calendar PHP 1.5 - SQL Injection SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution SPIP 3.1.1 / 3.1.2 - File Enumeration / Path Traversal SPIP 3.1.2 - Cross-Site Request Forgery Windows win32k.sys - TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read (MS16-120) Windows win32k.sys - TTF Processing win32k!sbit_Embolden / win32k!ttfdCloseFontContext Use-After-Free (MS16-120) Windows Kernel - Registry Hive Loading Negative RtlMoveMemory Size in nt!CmpCheckValueList (MS16-124) Windows Kernel - Registry Hive Loading Relative Arbitrary Read in nt!RtlValidRelativeSecurityDescriptor (MS16-123) Microsoft Edge - Function.apply Info Leak (MS16-119) Microsoft Edge - Spread Operator Stack Overflow (MS16-119) Windows Edge/IE - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118) Windows Edge/IE - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118) Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124) Hak5 WiFi Pineapple - Preconfiguration Command Injection (Metasploit) OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)	2016-10-21 05:01:17 +00:00
Offensive Security	558ab1fc67	DB: 2016-10-18 24 new exploits Entrepreneur Job Portal Script - SQL Injection Entrepreneur Job Portal Script 2.06 - SQL Injection NETGATE Registry Cleaner build 16.0.205 - Unquoted Service Path Privilege Escalation HP Client - Automation Command Injection / Remote Code Execution HP Client 9.1/9.0/8.1/7.9 - Command Injection NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation NO-IP DUC 4.1.1 - Unquoted Service Path Privilege Escalation Wondershare PDFelement 5.2.9 - Unquoted Service Path Privilege Escalation Firefox 49.0.1 - Denial of Service Graylog Collector 0.4.2 - Unquoted Service Path Privilege Escalation NETGATE AMITI Antivirus build 23.0.305 - Unquoted Service Path Privilege Escalation NETGATE Data Backup build 3.0.605 - Unquoted Service Path Privilege Escalation Student Information System (SIS) 0.1 - Authentication Bypass Web Based Alumni Tracking System 0.1 - SQL Injection Simple Dynamic Web 0.1 - SQL Injection Learning Management System 0.1 - Authentication Bypass Fashion Shopping Cart 0.1 - SQL Injection Health Record System 0.1 - Authentication Bypass Windows x64 - WinExec() Shellcode (93 bytes) Spy Emergency 23.0.205 - Unquoted Service Path Privilege Escalation PHP Telephone Directory - Multiple Vulnerabilities Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass / Persistent Cross-Site Scripting PHP Image Database - Multiple Vulnerabilities Simple Shopping Cart Application 0.1 - SQL Injection PHP NEWS 1.3.0 - Cross-Site Request Forgery (Add Admin) School Full CBT 0.1 - SQL Injection PHP Business Directory - Multiple Vulnerabilities Windows x86 - Keylogger Reverse UDP Shellcode (493 bytes) Ruby on Rails - Dynamic Render File Upload Remote Code Execution Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)	2016-10-18 05:01:18 +00:00
Offensive Security	01eb066d9d	DB: 2016-10-13 11 new exploits IBM AIX 5.2/5.3 FTP Client - Local Buffer Overflow Yahoo! Widgets Engine 4.0.3 - YDPCTL.dll ActiveX Control Buffer Overflow Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin) Simple PHP Blog 0.8.4 - (Add Admin) Cross-Site Request Forgery miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post) miniblog 1.0.1 - (Add New Post) Cross-Site Request Forgery PHP Press Release - Cross-Site Request Forgery (Add Admin) PHP Press Release - (Add Admin) Cross-Site Request Forgery Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post) Spacemarc News - Cross-Site Request Forgery (Add New Post) Minecraft Launcher - Insecure File Permissions Privilege Escalation Maian Weblog 4.0 - (Add New Post) Cross-Site Request Forgery Spacemarc News - (Add New Post) Cross-Site Request Forgery Minecraft Launcher 1.6.61 - Insecure File Permissions Privilege Escalation sheed AntiVirus - Unquoted Service Path Privilege Escalation AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities Linux Kernel 3.13.1 - Recvmmsg Privilege Escalation (Metasploit) Linux Kernel 3.13.1 - 'Recvmmsg' Privilege Escalation (Metasploit) ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author) ApPHP MicroBlog 1.0.2 - (Add New Author) Cross-Site Request Forgery Subversion 1.6.6 / 1.6.12 - Code Execution Cisco Webex Player T29.10 - '.WRF' Use-After-Free Memory Corruption Cisco Webex Player T29.10 - '.ARF' Out-of-Bounds Memory Corruption Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption Categorizator 0.3.1 - SQL Injection NetBilletterie 2.8 - Multiple Vulnerabilities ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting OpenCimetiere v3.0.0-a5 - Blind SQL Injection Android - Binder Generic ASLR Leak ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery	2016-10-13 05:01:17 +00:00
Offensive Security	a3dbf3113e	DB: 2016-10-11 9 new exploits ShoreTel Connect ONSITE - Blind SQL Injection Leap Service - Unquoted Service Path Privilege Escalation Wacom Consumer Service - Unquoted Service Path Privilege Escalation Foxit Cloud Update Service - Unquoted Service Path Privilege Escalation Apache Tomcat 8/7/6 (RedHat-Based Distros) - Privilege Escalation Linux Kernel 4.6.2 (Ubuntu 16.04.1) - IP6T_SO_SET_REPLACE Privilege Escalation Zend Studio IDE 13.5.1 - Insecure File Permissions Privilege Escalation HP Client - Automation Command Injection / Remote Code Execution Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)	2016-10-11 05:01:15 +00:00
Offensive Security	77681134f4	DB: 2016-10-05 3 new exploits CS-Cart 1.3.3 - (classes_dir) Remote File Inclusion CS-Cart 1.3.3 - 'classes_dir' Remote File Inclusion E-SMARTCART 1.0 - (Product_ID) SQL Injection E-Smart Cart 1.0 - 'Product_ID' SQL Injection E-SMART CART - 'productsofcat.asp' SQL Injection E-Smart Cart - 'productsofcat.asp' SQL Injection CS-Cart 2.0.0 Beta 3 - (Product_ID) SQL Injection CS-Cart 2.0.0 Beta 3 - 'Product_ID' SQL Injection E-Smartcart - SQL Injection E-Smart Cart - SQL Injection CubeCart PHP (shipkey parameter) 4.3.x - SQL Injection CubeCart PHP 4.3.x - 'shipkey' SQL Injection CS Cart 1.3.3 - (install.php) Cross-Site Scripting CS-Cart 1.3.3 - 'install.php' Cross-Site Scripting dansie shopping cart 3.0.4 - Multiple Vulnerabilities Dansie Shopping Cart 3.0.4 - Multiple Vulnerabilities Sendmail 8.11.6 - Address Prescan Memory Corruption Joomla! Component RSfiles (cid parameter) - SQL Injection Joomla! Component RSfiles - (cid parameter) SQL Injection Dovecot with Exim sender_address Parameter - Remote Command Execution Dovecot with Exim - sender_address Parameter Remote Command Execution Exim sender_address Parameter - Remote Code Execution Exim - sender_address Parameter Remote Code Execution PHP 4.x/5.0/5.1 with Sendmail Mail Function additional_parameters - Argument Arbitrary File Creation PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation Simplog 0.9.3 BlogID Parameter - Multiple SQL Injections Simplog 0.9.3 - BlogID Parameter Multiple SQL Injections E-SMART CART - 'Members Login' Multiple SQL Injection Vulnerabilities E-Smart Cart - 'Members Login' Multiple SQL Injection Vulnerabilities MW6 Technologies Aztec ActiveX (Data parameter) - Buffer Overflow MW6 Technologies Datamatrix - ActiveX (Data Parameter) - Buffer Overflow MW6 Technologies MaxiCode ActiveX (Data parameter) - Buffer Overflow MW6 Technologies Aztec ActiveX - (Data parameter) Buffer Overflow MW6 Technologies Datamatrix ActiveX - (Data Parameter) - Buffer Overflow MW6 Technologies MaxiCode ActiveX - (Data parameter) Buffer Overflow WordPress Plugin Recipes Blog 'id' Parameter - SQL Injection WordPress Plugin Recipes Blog - 'id' Parameter SQL Injection Le Forum 'Fichier_Acceuil' Parameter - Remote File Inclusion Le Forum - 'Fichier_Acceuil' Parameter Remote File Inclusion eFront 3.6.14.4 (surname parameter) - Persistent Cross-Site Scripting eFront 3.6.14.4 - (surname parameter) Persistent Cross-Site Scripting WordPress Plugin Safe Search 'v1' Parameter - Cross-Site Scripting WordPress Plugin Safe Search - 'v1' Parameter Cross-Site Scripting WordPress Plugin Twitter Feed 'url' Parameter - Cross-Site Scripting WordPress Plugin Twitter Feed - 'url' Parameter Cross-Site Scripting WordPress Plugin GD Star Rating 'votes' Parameter - SQL Injection WordPress Plugin GD Star Rating - 'votes' Parameter SQL Injection AJ Classifieds 'listingid' Parameter - SQL Injection AJ Classifieds - 'listingid' Parameter SQL Injection PHP Prior to 5.3.7 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities PHP < 5.3.7 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities Opera Web Browser Prior to 11.60 - Multiple Denial of Service / Unspecified Vulnerabilities Opera Web Browser < 11.60 - Multiple Denial of Service / Unspecified Vulnerabilities Bind 9 DNS Server - Denial of Service Linux Kernel 3.10.0-229.x (RHEL 7.1 / CentOS) - 'snd-usb-audio' Crash (PoC) Linux Kernel 3.10.0-229.x (RHEL 7.1 / CentOS) - 'iowarrior' Driver Crash (PoC) Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'snd-usb-audio' Crash (PoC) Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'iowarrior' Driver Crash (PoC) OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution OpenCart 2.1.0.2 < 2.2.0.0 - json_decode Function Remote Code Execution Disk Pulse Enterprise 9.0.34 - Buffer Overflow	2016-10-05 05:01:18 +00:00
Offensive Security	fa1b17f699	DB: 2016-09-30 1 new exploits Microsoft Windows - RPC DCOM Remote Exploit (18 Targets) Microsoft Windows - 'RPC DCOM' Remote Exploit (48 Targets) Microsoft Windows - 'RPC DCOM' Remote Exploit (1) Microsoft Windows - 'RPC DCOM' Remote Exploit (2) Microsoft Windows - 'RPC DCOM' Remote Exploit (Universal Targets) Microsoft Windows - 'RPC DCOM' Remote Exploit (Universal) Microsoft Windows 2000/XP - RPC Remote (non exec memory) Exploit Microsoft Windows 2000/XP - RPC Remote (Non Exec Memory) Exploit LimeWire 4.1.2 < 4.5.6 - Inappropriate Get Request Remote Exploit LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit PMSoftware Simple Web Server - (GET Request) Remote Buffer Overflow PMSoftware Simple Web Server - GET Request Remote Buffer Overflow CUPS Server 1.1 - (Get Request) Denial of Service CUPS Server 1.1 - GET Request Denial of Service BlueCoat WinProxy 6.0 R1c - (GET Request) Denial of Service BlueCoat WinProxy 6.0 R1c - GET Request Denial of Service TFTPD32 2.81 - (GET Request) Format String Denial of Service (PoC) TFTPD32 2.81 - GET Request Format String Denial of Service (PoC) Fenice Oms 1.10 - (long get request) Remote Buffer Overflow Fenice Oms 1.10 - Long GET Request Remote Buffer Overflow Multi-Threaded TFTP 1.1 - (Long Get Request) Denial of Service Multi-Threaded TFTP 1.1 - Long GET Request Denial of Service Essentia Web Server 2.15 - (GET Request) Remote Denial of Service Essentia Web Server 2.15 - GET Request Remote Denial of Service webdesproxy 0.0.1 - (GET Request) Remote Buffer Overflow webdesproxy 0.0.1 - GET Request Remote Buffer Overflow webdesproxy 0.0.1 - (GET Request) Remote Root Exploit (exec-shield) webdesproxy 0.0.1 - GET Request Remote Root Exploit (exec-shield) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (dnsname) Microsoft Windows Message Queuing Service - RPC Buffer Overflow Netgear WGR614v9 - Wireless Router Get Request Denial of Service Netgear WGR614v9 Wireless Router - GET Request Denial of Service XBMC 8.10 - (GET Requests) Multiple Remote Buffer Overflow (PoC) XBMC 8.10 (Windows) - (GET Request) Remote Buffer Overflow XBMC 8.10 - GET Requests Multiple Remote Buffer Overflow (PoC) XBMC 8.10 (Windows) - GET Request Remote Buffer Overflow httpdx 0.5b FTP Server - (USER) Remote Buffer Overflow (SEH) httpdx 0.5b - FTP Server (USER) Remote Buffer Overflow (SEH) Zervit Web Server 0.04 - (GET Request) Remote Buffer Overflow (PoC) Mereo 1.8.0 - (Get Request) Remote Denial of Service Zervit Web Server 0.04 - GET Request Remote Buffer Overflow (PoC) Mereo 1.8.0 - GET Request Remote Denial of Service httpdx 0.5b FTP Server - (CWD) Remote Buffer Overflow (SEH) httpdx 0.5b - FTP Server (CWD) Remote Buffer Overflow (SEH) httpdx 0.8 FTP Server - Delete/Get/Create Directories/Files Exploit httpdx 0.8 - FTP Server Delete/Get/Create Directories/Files Exploit ARD-9808 DVR Card Security Camera - (GET Request) Remote Denial of Service ARD-9808 DVR Card Security Camera - GET Request Remote Denial of Service Kolibri+ WebServer 2 - (Get Request) Denial of Service Kolibri+ WebServer 2 - GET Request Denial of Service Kolibri+ WebServer 2 - (GET Request) Remote Overwrite (SEH) Kolibri+ WebServer 2 - GET Request Remote Overwrite (SEH) httpdx Web Server 1.4 - (Host Header) Remote Format String Denial of Service httpdx 1.4 - HTTP Server (Host Header) Remote Format String Denial of Service httpdx 1.4 - Get Request Buffer Overflow httpdx 1.4 - GET Request Buffer Overflow Httpdx 1.5.4 - Multiple Denial of Service Vulnerabilities (http-ftp) (PoC) httpdx 1.5.4 - Multiple Denial of Service Vulnerabilities (http-ftp) (PoC) HTTPDX - tolog() Function Format String (1) httpdx - tolog() Function Format String (1) HTTPDX - tolog() Function Format String (2) httpdx - tolog() Function Format String (2) HTTPDX - h_handlepeer() Function Buffer Overflow (Metasploit) httpdx - h_handlepeer() Function Buffer Overflow (Metasploit) glibc LD_AUDIT Arbitrary DSO - Load Privilege Escalation glibc - LD_AUDIT Arbitrary DSO Load Privilege Escalation Xi Graphics Maximum CDE 1.2.3 & TriTeal TED CDE 4.3 & Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1) Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1) httpdx 1.5.4 - Remote HTTP Server Denial of Service httpdx 1.5.4 - HTTP Server Remote Denial of Service Working Resources BadBlue 1.7.3 - Get Request Denial of Service Working Resources BadBlue 1.7.3 - GET Request Denial of Service KeepNote 0.7.8 - Command Execution My Web Server 1.0.1/1.0.2 - Long Get Request Denial of Service My Web Server 1.0.1/1.0.2 - Long GET Request Denial of Service Snowblind Web Server 1.0/1.1 - (GET Request) Buffer Overflow Snowblind Web Server 1.0/1.1 - GET Request Buffer Overflow Proxomitron Proxy Server - Long Get Request Remote Denial of Service Proxomitron Proxy Server - Long GET Request Remote Denial of Service	2016-09-30 05:01:16 +00:00
Offensive Security	f421077feb	DB: 2016-09-28 6 new exploits UUCP Exploit - file creation/overwriting (symlinks) UUCP Exploit - File Creation/Overwriting (symlinks) Exploit Serv-U 3.x < 5.x - Privilege Escalation Serv-U FTP Server 3.x < 5.x - Privilege Escalation TiTan FTP Server - Long Command Heap Overflow (PoC) Titan FTP Server - Long Command Heap Overflow (PoC) Serv-U < 5.2 - Remote Denial of Service Serv-U FTP Server < 5.2 - Remote Denial of Service chesapeake tftp server 1.0 - Directory Traversal / Denial of Service (PoC) Chesapeake TFTP Server 1.0 - Directory Traversal / Denial of Service (PoC) Serv-U 4.x - 'site chmod' Remote Buffer Overflow Serv-U FTP Server 4.x - 'site chmod' Remote Buffer Overflow WS_FTP Server 5.03 - (RNFR) Buffer Overflow Ipswitch WS_FTP Server 5.03 - (RNFR) Buffer Overflow TYPSoft FTP Server 1.11 - (RETR) Denial of Service TYPSoft FTP Server 1.11 - 'RETR' Denial of Service XM Easy Personal FTP Server 1.0 - (Port) Remote Overflow (PoC) XM Easy Personal FTP Server 1.0 - 'Port' Remote Overflow (PoC) XM Easy Personal FTP Server 4.3 - (USER) Remote Buffer Overflow (PoC) XM Easy Personal FTP Server 4.3 - 'USER' Remote Buffer Overflow (PoC) XM Easy Personal FTP Server 5.0.1 - (Port) Remote Overflow (PoC) XM Easy Personal FTP Server 5.0.1 - 'Port' Remote Overflow (PoC) WinFtp Server 2.0.2 - (PASV) Remote Denial of Service WinFTP Server 2.0.2 - (PASV) Remote Denial of Service DREAM FTP Server 1.0.2 - (PORT) Remote Denial of Service Dream FTP Server 1.0.2 - (PORT) Remote Denial of Service XM Easy Personal FTP Server 5.2.1 - (USER) Format String Denial of Service XM Easy Personal FTP Server 5.2.1 - 'USER' Format String Denial of Service Sami HTTP Server 2.0.1 - (HTTP 404 Object not found) Denial of Service Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service TurboFTP 5.30 Build 572 - 'newline/LIST' Multiple Remote Denial of Service TurboFTP Server 5.30 Build 572 - 'newline/LIST' Multiple Remote Denial of Service XM Easy Personal FTP Server 5.30 - (ABOR) Format String Denial of Service XM Easy Personal FTP Server 5.30 - 'ABOR' Format String Denial of Service MiniWeb Http Server 0.8.x - Remote Denial of Service MiniWeb HTTP Server 0.8.x - Remote Denial of Service JAF-CMS 4.0 RC2 - Multiple Remote File Inclusion JAF CMS 4.0 RC2 - Multiple Remote File Inclusion XM Easy Personal FTP Server 5.4.0 - (XCWD) Denial of Service XM Easy Personal FTP Server 5.4.0 - 'XCWD' Denial of Service Belkin wireless G router + ADSL2 modem - Authentication Bypass Belkin Wireless G router + ADSL2 modem - Authentication Bypass Serv-U 7.3 - Authenticated (stou con:1) Denial of Service Serv-U 7.3 - Authenticated Remote FTP File Replacement Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service Serv-U FTP Server 7.3 - Authenticated Remote FTP File Replacement WinFTP 2.3.0 - (PASV mode) Remote Denial of Service WinFTP Server 2.3.0 - (PASV mode) Remote Denial of Service Titan FTP server 6.26 build 630 - Remote Denial of Service Titan FTP Server 6.26 build 630 - Remote Denial of Service Netgear WG102 - Leaks SNMP write Password with read access Netgear WG102 - Leaks SNMP Write Password With Read Access WinFTP 2.3.0 - 'LIST' Authenticated Remote Buffer Overflow WinFTP Server 2.3.0 - 'LIST' Authenticated Remote Buffer Overflow Netgear embedded Linux for the SSL312 router - Denial of Service Netgear SSL312 Router - Denial of Service Belkin BullDog Plus UPS-Service - Buffer Overflow Belkin BullDog Plus - UPS-Service Buffer Overflow Serv-U 7.4.0.1 - (MKD) Create Arbitrary Directories Exploit Serv-U 7.4.0.1 - (SMNT) Authenticated Denial of Service Serv-U FTP Server 7.4.0.1 - (MKD) Create Arbitrary Directories Exploit Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service XM Easy Personal FTP Server 5.7.0 - (NLST) Denial of Service XM Easy Personal FTP Server 5.7.0 - 'NLST' Denial of Service TYPSoft FTP Server 1.11 - (ABORT) Remote Denial of Service TYPSoft FTP Server 1.11 - 'ABORT' Remote Denial of Service httpdx 0.8 - FTP Server Delete/Get/Create Directories/Files Exploit httpdx 0.8 FTP Server - Delete/Get/Create Directories/Files Exploit Firebird SQL - op_connect_request main listener shutdown Firebird SQL - op_connect_request main listener shutdown Exploit HTTP SERVER (httpsv) 1.6.2 - (GET 404) Remote Denial of Service BugHunter HTTP Server 1.6.2 - 'httpsv.exe' (GET 404) Remote Denial of Service XM Easy Personal FTP Server - 'APPE' and 'DELE' Command Denial of Service XM Easy Personal FTP Server - 'APPE' / 'DELE' Commands Denial of Service TYPSoft 1.10 - APPE DELE Denial of Service TYPSoft FTP Server 1.10 - APPE DELE Denial of Service WingFTP Server 3.2.4 - Cross-Site Request Forgery Wing FTP Server 3.2.4 - Cross-Site Request Forgery Quick Player 1.2 -Unicode BoF - bindshell Quick Player 1.2 - Unicode Buffer Overflow (Bindshell) UplusFtp Server 1.7.0.12 - Remote Buffer Overflow UplusFTP Server 1.7.0.12 - Remote Buffer Overflow Wireshark 1.2.5 LWRES getaddrbyname BoF - calc.exe Wireshark 1.2.5 - LWRES getaddrbyname Buffer Overflow (calc.exe) Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow (SEH) (PoC) Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow (PoC) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (SEH) (PoC) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (PoC) Easy~Ftp Server 1.7.0.2 - (HTTP) Remote Buffer Overflow EasyFTP Server 1.7.0.2 - (HTTP) Remote Buffer Overflow Easy FTP Server 1.7.0.2 - CWD Remote Buffer Overflow EasyFTP Server 1.7.0.2 - CWD Remote Buffer Overflow iPhone - FTP Server (WiFi FTP) by SavySoda Denial of Service/PoC iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service/PoC TopDownloads MP3 Player 1.0 - '.m3u' crash TopDownloads MP3 Player 1.0 - '.m3u' Crash Exploit Easy FTP Server 1.7.0.2 - CWD Remote Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.2 - CWD Remote Buffer Overflow (Metasploit) eDisplay Personal FTP server 1.0.0 - Unauthenticated Denial of Service (PoC) eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Crash SEH (PoC) PHPscripte24 Preisschlacht Liveshop System SQL Injection - (seite&aid) index.php eDisplay Personal FTP Server 1.0.0 - Unauthenticated Denial of Service (PoC) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash SEH (PoC) PHPscripte24 Preisschlacht Liveshop System SQL Injection - (seite&aid) index.php Exploit eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (1) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (1) uhttp Server - Directory Traversal uhttp Server 0.1.0-alpha - Directory Traversal eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (2) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (2) Easy Ftp Server 1.7.0.2 - MKD Remote Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - MKD Remote Authenticated Buffer Overflow Apple Safari 4.0.3 (Windows x86) - (Windows x86) CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service SmallFTPd FTP Server 1.0.3 - DELE Command Denial of Service TYPSoft FTP Server 1.10 - RETR Command Denial of Service SmallFTPd 1.0.3 - DELE Command Denial of Service TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service SolarWinds 10.4.0.10 - TFTP Denial of Service SolarWinds TFTP Server 10.4.0.10 - Denial of Service e107 - Code Exec e107 - Code Exection HomeFTP Server r1.10.3 (build 144) - Denial of Service Home FTP Server r1.10.3 (build 144) - Denial of Service TYPSoft FTP Server 1.1 - Remote Denial of Service (APPE) TYPSoft FTP Server 1.1 - 'APPE' Remote Denial of Service SolarWinds 10.4.0.13 - Denial of Service SolarWinds TFTP Server 10.4.0.13 - Denial of Service ISC-DHCPD - Denial of Service ISC DHCPD - Denial of Service Easy FTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit) Easy FTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflow deepin tftp server 1.25 - Directory Traversal Deepin TFTP Server 1.25 - Directory Traversal Adobe Acrobat Reader and Flash Player - 'newclass' invalid pointer Adobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer Exploit JCMS 2010 - file download JCMS 2010 - File Download Exploit SolarFTP 2.0 - Multiple Commands Denial of Service Solar FTP Server 2.0 - Multiple Commands Denial of Service TYPSoft FTP Server 1.10 - RETR CMD Denial of Service TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service Xynph 1.0 - USER Denial of Service Xynph FTP Server 1.0 - USER Denial of Service XM Easy Personal FTP Server 5.8.0 - (TYPE) Denial of Service XM Easy Personal FTP Server 5.8.0 - 'TYPE' Denial of Service Solar FTP 2.1 - Denial of Service Solar FTP Server 2.1 - Denial of Service Red Hat Linux - stickiness of /tmp Red Hat Linux - stickiness of /tmp Exploit home ftp server 1.12 - Directory Traversal Home FTP Server 1.12 - Directory Traversal NetGear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit) Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit) Linux Kernel 4.6.3 - Netfilter Privilege Escalation (Metasploit) RhinoSoft Serv-U - Session Cookie Buffer Overflow (Metasploit) RhinoSoft Serv-U FTP Server - Session Cookie Buffer Overflow (Metasploit) Easy Ftp Server 1.7.0.2 - Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow SmallFTPd 1.0.3 FTP Server - Denial of Service SmallFTPd 1.0.3 - Denial of Service PCMAN FTP Server Buffer Overflow - PUT Command (Metasploit) PCMan FTP Server Buffer Overflow - PUT Command (Metasploit) Solar FTP 2.1.1 - PASV Buffer Overflow (PoC) Solar FTP Server 2.1.1 - PASV Buffer Overflow (PoC) BisonFTP Server 3.5 - Remote Buffer Overflow BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow Solarftp 2.1.2 - PASV Buffer Overflow (Metasploit) Solar FTP Server 2.1.2 - PASV Buffer Overflow (Metasploit) BisonFTP Server 3.5 - Remote Buffer Overflow (Metasploit) BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow (Metasploit) NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery zFTP Server - 'cwd/stat' Remote Denial of Service zFTPServer - 'cwd/stat' Remote Denial of Service Serv-U FTP - Jail Break Serv-U FTP Server - Jail Break Typsoft FTP Server 1.10 - Multiple Commands Denial of Service TYPSoft FTP Server 1.10 - Multiple Commands Denial of Service PeerBlock 1.1 - BSOD PeerBlock 1.1 - BSOD Exploit distinct tftp server 3.01 - Directory Traversal Distinct TFTP Server 3.01 - Directory Traversal PHP < 5.3.12 & < 5.4.2 - CGI Argument Injection PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection Berkeley Sendmail 5.58 - DEBUG Berkeley Sendmail 5.58 - Debug exploit SunView (SunOS 4.1.1) - selection_svc Digital Ultrix 4.0/4.1 - /usr/bin/chroot SunOS 4.1.1 - /usr/release/bin/makeinstall SunOS 4.1.1 - /usr/release/bin/winstall SunView (SunOS 4.1.1) - selection_svc Exploit Digital Ultrix 4.0/4.1 - /usr/bin/chroot Exploit SunOS 4.1.1 - /usr/release/bin/makeinstall Exploit SunOS 4.1.1 - /usr/release/bin/winstall Exploit SunOS 4.1.3 - kmem setgid /etc/crash SunOS 4.1.3 - kmem setgid /etc/crash Exploit IRIX 6.4 - pfdisplay.cgi IRIX 6.4 - 'pfdisplay.cgi' Exploit SGI IRIX 5.3/6.2 & SGI license_oeo 1.0 LicenseManager - NETLS_LICENSE_FILE SGI IRIX 6.4 & SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - LICENSEMGR_FILE_ROOT SGI IRIX 5.3/6.2 & SGI license_oeo 1.0 LicenseManager - NETLS_LICENSE_FILE Exploit SGI IRIX 6.4 & SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - LICENSEMGR_FILE_ROOT Exploit FreePBX < 13.0.188 - Remote Command Execution (Metasploit) HP JetAdmin 1.0.9 Rev. D - symlink HP JetAdmin 1.0.9 Rev. D - symlink Exploit Ipswitch IMail 5.0 / WS_FTP Server 1.0.1/1.0.2 - Privilege Escalation Ipswitch IMail 5.0 / Ipswitch WS_FTP Server 1.0.1/1.0.2 - Privilege Escalation TP-Link Archer CR-700 - Cross-Site Scripting BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - rlogin BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - rlogin Exploit Cat Soft Serv-U 2.5 - Buffer Overflow BisonWare BisonWare FTP Server 3.5 - Multiple Vulnerabilities Allaire ColdFusion Server 4.0.1 - CFCRYPT.EXE Cat Soft Serv-U FTP Server 2.5 - Buffer Overflow BisonWare BisohFTP Server 3.5 - Multiple Vulnerabilities Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Exploit Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA Exploit Linux Kernel 2.0 / 2.1 / 2.2 - autofs Linux Kernel 2.0 / 2.1 / 2.2 - autofs Exploit Debian 2.1 - httpd S.u.S.E. 5.2 - gnuplot Debian 2.1 - httpd Exploit S.u.S.E. Linux 5.2 - gnuplot Exploit Stanford University bootpd 2.4.3 / Debian 2.0 - netstd Stanford University bootpd 2.4.3 / Debian 2.0 - netstd Exploit SGI IRIX 6.2 - /usr/lib/netaddpr SGI IRIX 6.2 - /usr/lib/netaddpr Exploit SGI IRIX 6.2 - day5notifier SGI IRIX 6.2 - day5notifier Exploit SGI IRIX 6.4 - datman/cdman SGI IRIX 6.4 - datman/cdman Exploit RedHat Linux 2.1 - abuse.console RedHat Linux 2.1 - abuse.console Exploit SGI IRIX 6.3 - cgi-bin webdist.cgi SGI IRIX 6.3 - cgi-bin webdist.cgi Exploit SGI IRIX 6.4 - cgi-bin handler SGI IRIX 6.4 - cgi-bin handler Exploit SGI IRIX 6.4 - login SGI IRIX 6.4 - login Exploit IBM AIX 3.2.5 - IFS IBM AIX 3.2.5 - IFS Exploit IBM AIX 3.2.5 - login(1) IBM AIX 3.2.5 - login(1) Exploit Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (1) Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2) Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS Exploit (1) Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS Exploit (2) Microsoft Windows 98a/98b/98SE / Solaris 2.6 - IRDP Microsoft Windows 98a/98b/98SE / Solaris 2.6 - IRDP Exploit GNU glibc 2.1/2.1.1 -6 - pt_chown GNU glibc 2.1/2.1.1 -6 - pt_chown Exploit Common Desktop Environment 2.1 20 / Solaris 7.0 - dtspcd Common Desktop Environment 2.1 20 / Solaris 7.0 - dtspcd Exploit ProFTPd 1.2 pre6 - snprintf ProFTPd 1.2 pre6 - snprintf Exploit Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Exploit Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Exploit UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (1) UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (2) PHP/FI 1.0/FI 2.0/FI 2.0 b10 - mylog/mlog UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (1) UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (2) PHP/FI 1.0/FI 2.0/FI 2.0 b10 - mylog/mlog Exploit S.u.S.E. Linux 6.1/6.2 - cwdtools S.u.S.E. Linux 6.1/6.2 - cwdtools Exploit SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'uidadmin' SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'uidadmin' Exploit SCO Unixware 7.1 - 'pkg' commands SCO Unixware 7.1 - 'pkg' command Exploit Cat Soft Serv-U 2.5a - Server SITE PASS Denial of Service Cat Soft Serv-U FTP Server 2.5a - SITE PASS Denial of Service Nortel Networks Optivity NETarchitect 2.0 - PATH Nortel Networks Optivity NETarchitect 2.0 - PATH Exploit SGI IRIX 6.2 - midikeys/soundplayer SGI IRIX 6.2 - midikeys/soundplayer Exploit Allaire ColdFusion Server 4.0/4.0.1 - CFCACHE Allaire ColdFusion Server 4.0/4.0.1 - 'CFCACHE' Exploit Cat Soft Serv-U 2.5/a/b / Windows 2000/95/98/NT 4.0 - Shortcut Cat Soft Serv-U FTP Server 2.5/a/b (Windows 2000/95/98/NT 4.0) - Shortcut Exploit Microsoft Windows 95/98/NT 4.0 - autorun.inf Microsoft Windows 95/98/NT 4.0 - autorun.inf Exploit Corel Linux OS 1.0 - buildxconfig Corel Linux OS 1.0 - setxconf Corel Linux OS 1.0 - buildxconfig Exploit Corel Linux OS 1.0 - setxconf Exploit TP Link Gateway 3.12.4 - Multiple Vulnerabilities TP-Link Gateway 3.12.4 - Multiple Vulnerabilities SGI InfoSearch 1.0 / SGI IRIX 6.5.x - fname SGI InfoSearch 1.0 / SGI IRIX 6.5.x - fname Exploit Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr (2) Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr Exploit (2) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel (1) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel (2) Halloween Linux 4.0 / S.u.S.E. Linux 6.0/6.1/6.2/6.3 - kreatecd Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (1) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (2) Halloween Linux 4.0 / S.u.S.E. Linux 6.0/6.1/6.2/6.3 - kreatecd Exploit Cisco IOS 11.x/12.x - HTTP %% Cisco IOS 11.x/12.x - HTTP %% Exploit RedHat Linux 6.0/6.1/6.2 - pam_console RedHat Linux 6.0/6.1/6.2 - pam_console Exploit HP-UX 10.20/11.0 man - /tmp symlink HP-UX 10.20/11.0 man - /tmp Symlink Exploit IRIX 5.3/6.x - mail IRIX 5.3/6.x - mail Exploit TYPSoft 0.7 x - FTP Server Remote Denial of Service TYPSoft FTP Server 0.7.x - FTP Server Remote Denial of Service Oracle Internet Directory 2.0.6 - oidldap Oracle Internet Directory 2.0.6 - oidldap Exploit CatSoft FTP Serv-U 2.5.x - Brute Force Cat Soft Serv-U FTP Server 2.5.x - Brute Force Small HTTP server 2.0 1 - Non-Existent File Denial of Service Small HTTP Server 2.0 1 - Non-Existent File Denial of Service NCSA httpd-campas 1.2 - sample script NCSA httpd-campas 1.2 - sample script Exploit Novell NetWare Web Server 2.x - convert.bas Novell NetWare Web Server 2.x - convert.bas Exploit Serv-U 2.4/2.5 - FTP Directory Traversal Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal Novell Netware Web Server 3.x - files.pl Novell Netware Web Server 3.x - files.pl Exploit guido frassetto sedum http server 2.0 - Directory Traversal Guido Frassetto SEDUM HTTP Server 2.0 - Directory Traversal robin twombly a1 http server 1.0 - Directory Traversal Robin Twombly A1 HTTP Server 1.0 - Directory Traversal SGI IRIX 3/4/5/6 / OpenLinux 1.0/1.1 - routed traceon SGI IRIX 3/4/5/6 / OpenLinux 1.0/1.1 - routed traceon Exploit michael lamont savant http server 2.1 - Directory Traversal Michael Lamont Savant HTTP Server 2.1 - Directory Traversal zeroo http server 1.5 - Directory Traversal (1) zeroo http server 1.5 - Directory Traversal (2) Zeroo HTTP Server 1.5 - Directory Traversal (1) Zeroo HTTP Server 1.5 - Directory Traversal (2) Netgear 1.x - ProSafe VPN Firewall Web Interface Login Denial of Service Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service Centrinity FirstClass 5.50/5.77/7.0/7.1 - HTTP Server Long Version Field Denial of Service Centrinity FirstClass HTTP Server 5.50/5.77/7.0/7.1 - Long Version Field Denial of Service Centrinity FirstClass 7.1 - HTTP Server Directory Disclosure Centrinity FirstClass HTTP Server 7.1 - Directory Disclosure BRS Webweaver 1.0.7 - ISAPISkeleton.dll Cross-Site Scripting BRS Webweaver 1.0.7 - 'ISAPISkeleton.dll' Cross-Site Scripting XLight FTP Server 1.x - Long Directory Request Remote Denial of Service Xlight FTP Server 1.x - Long Directory Request Remote Denial of Service XLight FTP Server 1.52 - Remote Send File Request Denial of Service Xlight FTP Server 1.52 - Remote Send File Request Denial of Service gweb http server 0.5/0.6 - Directory Traversal GWeb HTTP Server 0.5/0.6 - Directory Traversal MiniWeb MiniWeb HTTP Server (build 300) - Crash (PoC) MiniWeb HTTP Server (build 300) - Crash (PoC) TP-Link Print Server TL PS110U - Sensitive Information Enumeration TP-Link PS110U Print Server TL - Sensitive Information Enumeration PCMan's FTP Server 2.0.7 - Buffer Overflow PCMan FTP Server 2.0.7 - Buffer Overflow PCMan's FTP Server 2.0 - Remote Buffer Overflow PCMan FTP Server 2.0 - Remote Buffer Overflow PHP 3-5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass PHP 3 < 5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass PHP 3-5 - ZendEngine ECalloc Integer Overflow PHP 3 < 5 - ZendEngine ECalloc Integer Overflow NetGear MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow Netgear MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow NetGear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow TPLINK WR740N/WR740ND - Multiple Cross-Site Request Forgery Vulnerabilities Static Http Server 1.0 - Denial of Service TP-Link WR740N/WR740ND - Multiple Cross-Site Request Forgery Vulnerabilities Static HTTP Server 1.0 - Denial of Service NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit) Netgear ReadyNAS - Perl Code Evaluation (Metasploit) NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting NetGear DGN2200 N300 Wireless Router - Multiple Vulnerabilities Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities vsftpd FTP Server 2.0.5 - 'deny_file' Option Remote Denial of Service (1) vsftpd FTP Server 2.0.5 - 'deny_file' Option Remote Denial of Service (2) vsftpd 2.0.5 - 'deny_file' Option Remote Denial of Service (1) vsftpd 2.0.5 - 'deny_file' Option Remote Denial of Service (2) Ipswitch 8.0 - WS_FTP Client Format String Ipswitch WS_FTP Home/Professional 8.0 - WS_FTP Client Format String NETGEAR WGR614 - Administration Interface Remote Denial of Service Netgear WGR614 - Administration Interface Remote Denial of Service Cisco IOS 12.4(23) HTTP Server - Multiple Cross-Site Scripting Vulnerabilities Cisco IOS 12.4(23) - HTTP Server Multiple Cross-Site Scripting Vulnerabilities NETGEAR N600 WIRELESS DUAL BAND WNDR3400 - Multiple Vulnerabilities Netgear N600 Wireless Dual Band WNDR3400 - Multiple Vulnerabilities NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure TP-Link Model No. TL-WR340G / TL-WR340GD - Multiple Vulnerabilities TP-Link Model No. TL-WR841N / TL-WR841ND - Multiple Vulnerabilities TP-Link TL-WR340G / TL-WR340GD - Multiple Vulnerabilities TP-Link TL-WR841N / TL-WR841ND - Multiple Vulnerabilities SolarFTP 2.1.1 - 'PASV' Command Remote Buffer Overflow Solar FTP Server 2.1.1 - 'PASV' Command Remote Buffer Overflow Netgear Wireless Router WNR500 - Parameter Traversal Arbitrary File Access Exploit Netgear WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit NetMan 204 - Backdoor Account NetGear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities Serv-U 11.1.0.3 - Denial of Service / Security Bypass Serv-U FTP Server 11.1.0.3 - Denial of Service / Security Bypass TP-Link ADSL2+ TD-W8950ND - Unauthenticated Remote DNS Change TP-Link TD-W8950ND ADSL2+ - Unauthenticated Remote DNS Change NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure ISC BIND9 - TKEY (PoC) Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure ISC BIND 9 - TKEY (PoC) ISC BIND9 - TKEY Remote Denial of Service (PoC) ISC BIND 9 - TKEY Remote Denial of Service (PoC) NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation Android (Stagefright) - Remote Code Execution Android - 'Stagefright' Remote Code Execution Microsoft Windows Media Center - MCL (MS15-100) Microsoft Windows Media Center - MCL Exploit (MS15-100) Android libstagefright - Integer Overflow Remote Code Execution Android - libstagefright Integer Overflow Remote Code Execution NETGEAR D6300B - /diag.cgi IPAddr4 Parameter Remote Command Execution Netgear D6300B - /diag.cgi IPAddr4 Parameter Remote Command Execution pdfium IsFlagSet (v8 memory management) - SIGSEGV pdfium IsFlagSet (v8 memory management) - SIGSEGV Exploit NETGEAR ProSafe Network Management System NMS300 - Multiple Vulnerabilities Netgear ProSafe Network Management System NMS300 - Multiple Vulnerabilities XM Easy Personal FTP Server 5.8 - (HELP) Remote Denial of Service XM Easy Personal FTP Server 5.8.0 - 'HELP' Remote Denial of Service NETGEAR ProSafe Network Management System 300 - Arbitrary File Upload (Metasploit) Netgear ProSafe Network Management System 300 - Arbitrary File Upload (Metasploit) TallSoft SNMP TFTP Server 1.0.0 - Denial of Service TallSoft SNMP/TFTP Server 1.0.0 - Denial of Service Metaphor - Stagefright Exploit with ASLR Bypass Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass) Zabbix 2.2 < 3.0.3 - Remote Code Execution with API JSON-RPC Zabbix 2.2 < 3.0.3 - API JSON-RPC Remote Code Execution Open Upload 0.4.2 - Multiple Cross-Site Request Forgery Vulnerabilities NUUO NVRmini2 / NVRsolo / Crystal Devices and NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities NUUO NVRmini2 / NVRsolo / Crystal Devices / Netgear ReadyNAS Surveillance Application - Multiple Vulnerabilities FreePBX 13 / 14 - Remote Command Execution With Privilege Escalation FreePBX 13 / 14 - Remote Command Execution / Privilege Escalation Easy FTP Server 1.7.0.11 - 'APPE' Command Buffer Overflow Remote Exploit EasyFTP Server 1.7.0.11 - 'APPE' Command Buffer Overflow Remote Exploit Android 5.0 <= 5.1.1 - Stagefright .MP4 tx3g Integer Overflow (Metasploit)	2016-09-28 11:55:43 +00:00
Offensive Security	102574cb3e	DB: 2016-09-24 5 new exploits EVA-Web 1.1<= 2.2 - (index.php3) Remote File Inclusion EVA-Web 1.1 <= 2.2 - (index.php3) Remote File Inclusion WordPress Plugin Simple Forum 1.10-1.11 - SQL Injection WordPress Plugin Simple Forum 1.10 < 1.11 - SQL Injection Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4<11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) Linux Kernel 2.4.1<2.4.37 / 2.6.1<2.6.32-rc5 - 'pipe.c' Privilege Escalation (3) Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Privilege Escalation (3) Adobe Acrobat Reader 7<9 - U3D Buffer Overflow Adobe Acrobat Reader 7 < 9 - U3D Buffer Overflow Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow (Metasploit) Samba 3.0.21 < 3.0.24 - LSA trans names Heap Overflow (Metasploit) Mozilla Firefox 7 / 8<= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit) Mozilla Firefox 7 / 8 <= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit) Adobe Flash - Crash When Freeing Memory After AVC decoding Adobe Flash - Video Decompression Memory Corruption Linux - SELinux W+X Protection Bypass via AIO Zortam Mp3 Media Studio 21.15 - Insecure File Permissions Privilege Escalation Wise Care 365 4.27 / Wise Disk Cleaner 9.29 - Unquoted Service Path Privilege Escalation Microsoft MSN Messenger 1<4 - Malformed Invite Request Denial of Service Microsoft MSN Messenger 1 < 4 - Malformed Invite Request Denial of Service Kerio Control Unified Threat Management 9.1.0 build 1087_ 9.1.1 build 1324 - Multiple Vulnerabilities Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabilities Check Point VPN-1 SecureClient 4.0/4.1 - Policy Bypass Check Point VPN-1 SecureClient 4.0 < 4.1 - Policy Bypass Microsoft Excel 95<2004 - Malformed Graphic File Code Execution Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution Git-1.9.5 - ssh-agent.exe Buffer Overflow Git 1.9.5 - ssh-agent.exe Buffer Overflow Skybox Platform <=7.0.611 - Multiple Vulnerabilities Skybox Platform <= 7.0.611 - Multiple Vulnerabilities SOLIDserver <=5.0.4 - Local File Inclusion SOLIDserver <= 5.0.4 - Local File Inclusion WordPress Plugin DZS Videogallery <=8.60 - Multiple Vulnerabilities WordPress Plugin DZS Videogallery <= 8.60 - Multiple Vulnerabilities Microsoft Windows 7<10 / Server 2008-2012 (x32/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7<10 / Server 2008-2012 (x32/x64) - Privilege Escalation (MS16-032) (C#) Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#) Microsoft Windows 7<10 / 2008<2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032)	2016-09-24 05:05:07 +00:00
Offensive Security	12047d93f1	DB: 2016-09-23 9 new exploits Slackware Linux 3.5 - /etc/group Missing Privilege Escalation Slackware Linux 3.5 - Missing /etc/group Privilege Escalation Matrimonial Website Script 1.0.2 - SQL Injection Metasploit Web UI - Diagnostic Console Command Execution Kerio Control Unified Threat Management 9.1.0 build 1087_ 9.1.1 build 1324 - Multiple Vulnerabilities Joomla Component Huge-IT Video Gallery 1.0.9 - SQL Injection Exponent CMS 2.3.9 - Blind SQL Injection JCraft/JSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal AnyDesk 2.5.0 - Unquoted Service Path Privilege Escalation Kerberos in Microsoft Windows - Security Feature Bypass (MS16-101) phpWebSite 0.10.2 - PHPWS_SOURemote Code Execution_DIR Parameter Multiple Remote File Inclusion phpWebSite 0.10.2 - 'PHPWS_SOURCE_DIR' Parameter Multiple Remote File Inclusion Multiple WordPress Plugins (Using TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution Microix Timesheet Module - SQL Injection Kaltura Community Edition <=11.1.0-2 - Multiple Vulnerabilities Kaltura Community Edition <= 11.1.0-2 - Multiple Vulnerabilities	2016-09-23 05:05:20 +00:00
Offensive Security	b8ebed3824	DB: 2016-09-22 6 new exploits Setuid perl - PerlIO_Debug() Root owned file creation Setuid perl - PerlIO_Debug() Root Owned File Creation Privilege Escalation Kaltura 11.1.0-2 - Remote Code Execution (Metasploit) Openswan 2.4.12/2.6.16 - Insecure Temp File Creation Root Exploit Openswan 2.4.12/2.6.16 - Insecure Temp File Creation Privilege Escalation Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4<11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Root Exploit (5) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4<11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Root Exploit (1) Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1) VideoCache 1.9.2 - vccleaner Root VideoCache 1.9.2 - 'vccleaner' Privilege Escalation UK One Media CMS - 'id' Error Based SQL Injection UK One Media CMS - 'id' Error-Based SQL Injection xt:Commerce Gambio 2008 < 2010 - 'reviews.php' ERROR Based SQL Injection xt:Commerce Gambio 2008 < 2010 - 'reviews.php' Error-Based SQL Injection Axis2 - / SAP BusinessObjects Authenticated Code Execution (via SOAP) Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP) Ultimate eShop - Error Based SQL Injection Ultimate eShop - Error-Based SQL Injection WordPress Plugin Multiple - timthumb.php Vulnerabilities Multiple WordPress Plugins - timthumb.php File Upload Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Slackware Linux 3.5 - /etc/group missing results in Root access Slackware Linux 3.5 - /etc/group Missing Privilege Escalation Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service Sudo 1.6.3 - Unclean Environment Variable Root Program Execution Sudo 1.6.3 - Unclean Environment Variable Privilege Escalation Linux Kernel 2.0.x/2.2.x/2.4.x / FreeBSD 4.x - Network Device Driver Frame Padding Information Disclosure Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure Microsoft Office PowerPoint 2010 - Invalid Pointer Reference Symantec rar Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write sudo 1.8.0 < 1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURemote Code Execution Bypass sudo 1.8.0 < 1.8.3p1 (sudo_debug) - Privilege Escalation + glibc FORTIFY_SOURCE Bypass Microweber 0.905 - Error Based SQL Injection Microweber 0.905 - Error-Based SQL Injection WordPress Theme TimThumb 2.8.13 WebShot Plugin/ - Remote Code Execution Multiple WordPress Plugins (Using TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution	2016-09-22 05:06:28 +00:00
Offensive Security	f1e68e0b1d	DB: 2016-09-15 3 new exploits Android - getpidcon Usage binder Service Replacement Race Condition PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure Apache Mina 2.0.13 - Remote Command Execution	2016-09-15 05:07:49 +00:00

1 2 3 4 5 ...

451 commits