Offensive Security
8359f0a6a2
DB: 2017-03-14
...
5 new exploits
Cerberus FTP Server 8.0.10.1 - Denial of Service
VirtualBox - Cooperating VMs can Escape from Shared Folder
Netgear R7000 and R6400 - cgi-bin Command Injection (Metasploit)
Car Workshop System - SQL Injection
Fiyo CMS 2.0.6.1 - Privilege Escalation
2017-03-14 05:01:18 +00:00
Offensive Security
d36dc6b95d
DB: 2017-03-12
...
14 new exploits
MobaXterm Personal Edition 9.4 - Directory Traversal
Windows x86 - Hide Console Window Shellcode (182 bytes)
e107 <= 2.1.4 - 'keyword' Blind SQL Injection
Domain Marketplace Script - SQL Injection
Global In - SQL Injection
Global In - Arbitrary File Upload
Vanelo - SQL Injection
Mirage - SQL Injection
Pet Listing Script 3.0 - SQL Injection
Property Listing Script 3.1 - SQL Injection
Travel Tours Script 2.0 - SQL Injection
Yacht Listing Script 2.0 - SQL Injection
Yellow Pages Script 3.2 - 'category_id' Parameter SQL Injection
PHP Forum Script 3.0 - SQL Injection
2017-03-12 05:01:18 +00:00
Offensive Security
846ce42eca
DB: 2017-03-02
...
14 new exploits
SysGauge 1.5.18 - Buffer Overflow
WePresent WiPG-1500 - Backdoor Account
Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes)
DLink DSL-2730U Wireless N 150 - Cross-Site Request Forgery
Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery
SchoolDir - SQL Injection
Rage Faces Script 1.3 - SQL Injection
Meme Maker Script 2.1 - 'user' Parameter SQL Injection
2017-03-02 05:01:19 +00:00
Offensive Security
026ded7298
DB: 2017-02-28
...
12 new exploits
MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit)
Windows x86 - Executable Directory Search Shellcode (130 bytes)
Linux/x86_64 - Random Listener Shellcode (54 bytes)
NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution
Joomla! Component Gnosis 1.1.2 - 'id' Parameter SQL Injection
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection
Joomla! Component My MSG 3.2.1 - SQL Injection
Joomla! Component Spinner 360 1.3.0 - SQL Injection
Joomla! Component JomSocial - SQL Injection
Grails PDF Plugin 0.6 - XML External Entity Injection
Joomla! Component OneVote! 1.0 - SQL Injection
2017-02-28 05:01:17 +00:00
Offensive Security
2d72a9c8b9
DB: 2017-02-18
...
4 new exploits
Netgear WGR614v9 Wireless Router - GET Request Denial of Service
Netgear WGR614v9 Wireless Router - Denial of Service
ZABBIX 1.1.2 - Multiple Unspecified Remote Code Execution Vulnerabilities
Zabbix 1.1.2 - Multiple Unspecified Remote Code Execution Vulnerabilities
ZABBIX 1.1x/1.4.x - File Checksum Request Denial of Service
Zabbix 1.1x/1.4.x - File Checksum Request Denial of Service
ZABBIX 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation
Zabbix 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation
Windows x86 - Protect Process Shellcode (229 bytes)
Qwerty CMS - 'id' SQL Injection
Qwerty CMS - 'id' Parameter SQL Injection
Golabi CMS - Remote File Inclusion
Golabi CMS 1.0 - Remote File Inclusion
blogman 0.45 - Multiple Vulnerabilities
EZ-Blog 1b - Delete All Posts / SQL Injection
Blogman 0.45 - Multiple Vulnerabilities
EZ-Blog beta1 - Delete All Posts / SQL Injection
Access2asp - imageLibrary - (ASP) Arbitrary File Upload
Access2asp - imageLibrary - Arbitrary File Upload
Joomla! Component com_digistore - 'pid' Blind SQL Injection
Joomla! Component com_digistore - 'pid' Parameter Blind SQL Injection
EZ-Blog Beta2 - (category) SQL Injection
EZ-Blog Beta2 - 'category' Parameter SQL Injection
Joomla! Component Team Display 1.2.1 - 'filter_category' Parameter SQL Injection
Joomla! Component Groovy Gallery 1.0.0 - SQL Injection
Joomla! Component WMT Content Timeline 1.0 - 'id' Parameter SQL Injection
2017-02-18 05:01:17 +00:00
Offensive Security
558ab1fc67
DB: 2016-10-18
...
24 new exploits
Entrepreneur Job Portal Script - SQL Injection
Entrepreneur Job Portal Script 2.06 - SQL Injection
NETGATE Registry Cleaner build 16.0.205 - Unquoted Service Path Privilege Escalation
HP Client - Automation Command Injection / Remote Code Execution
HP Client 9.1/9.0/8.1/7.9 - Command Injection
NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation
NO-IP DUC 4.1.1 - Unquoted Service Path Privilege Escalation
Wondershare PDFelement 5.2.9 - Unquoted Service Path Privilege Escalation
Firefox 49.0.1 - Denial of Service
Graylog Collector 0.4.2 - Unquoted Service Path Privilege Escalation
NETGATE AMITI Antivirus build 23.0.305 - Unquoted Service Path Privilege Escalation
NETGATE Data Backup build 3.0.605 - Unquoted Service Path Privilege Escalation
Student Information System (SIS) 0.1 - Authentication Bypass
Web Based Alumni Tracking System 0.1 - SQL Injection
Simple Dynamic Web 0.1 - SQL Injection
Learning Management System 0.1 - Authentication Bypass
Fashion Shopping Cart 0.1 - SQL Injection
Health Record System 0.1 - Authentication Bypass
Windows x64 - WinExec() Shellcode (93 bytes)
Spy Emergency 23.0.205 - Unquoted Service Path Privilege Escalation
PHP Telephone Directory - Multiple Vulnerabilities
Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass / Persistent Cross-Site Scripting
PHP Image Database - Multiple Vulnerabilities
Simple Shopping Cart Application 0.1 - SQL Injection
PHP NEWS 1.3.0 - Cross-Site Request Forgery (Add Admin)
School Full CBT 0.1 - SQL Injection
PHP Business Directory - Multiple Vulnerabilities
Windows x86 - Keylogger Reverse UDP Shellcode (493 bytes)
Ruby on Rails - Dynamic Render File Upload Remote Code Execution
Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)
2016-10-18 05:01:18 +00:00
Offensive Security
d5138d6962
DB: 2016-09-14
...
17 new exploits
Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script
Cherry Music 0.35.1 - Arbitrary File Disclosure
Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation
Windows x86 - Password Protected TCP Bind Shell (637 bytes)
wdCalendar 2 - SQL Injection
Zapya Desktop 1.803 - (ZapyaService.exe) Privilege Escalation
Exper EWM-01 ADSL/MODEM - Unauthenticated DNS Change
Open-Xchange App Suite 7.8.2 - Cross Site Scripting
Open-Xchange Guard 2.4.2 - Multiple Cross Site Scripting
Multiple Icecream Apps - Insecure File Permissions Privilege Escalation
WinSMS 3.43 - Insecure File Permissions Privilege Escalation
Microsoft Internet Explorer 11.0.9600.18482 - Use After Free
AIOCP 1.3.x - 'cp_dpage.php' Full Path Disclosure
AIOCP 1.3.x - Multiple Vulnerabilities
ASUS DSL-X11 ADSL Router - Unauthenticated DNS Change
COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change
Tenda ADSL2/2+ Modem 963281TAN - Unauthenticated DNS Change
PLANET VDR-300NU ADSL Router - Unauthenticated DNS Change
PIKATEL 96338WS_ 96338L-2M-8M - Unauthenticated DNS Change
Inteno EG101R1 VoIP Router - Unauthenticated DNS Change
2016-09-14 05:08:39 +00:00
Offensive Security
0be1ea959a
DB: 2016-09-09
...
11 new exploits
Samba 3.0.4 - SWAT Authorization Buffer Overflow
Samba 3.0.4 SWAT - Authorisation Buffer Overflow
Apache OpenSSL - 'OpenFuckV2.c' Remote Exploit
Apache/mod_ssl (< 2.8.7) OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)
HP-UX FTP Server - Pre-Authentication Directory Listing Exploit (Metasploit)
HP-UX FTP Server - Unauthenticated Directory Listing Exploit (Metasploit)
WinEggDropShell 1.7 - Multiple Pre-Authentication Remote Stack Overflow (PoC)
WinEggDropShell 1.7 - Multiple Unauthenticated Remote Stack Overflow (PoC)
FileCOPA FTP Server 1.01 - (USER) Remote Pre-Authentication Denial of Service
FileCOPA FTP Server 1.01 - (USER) Remote Unauthenticated Denial of Service
Multiple Applications - Local Credentials Disclosure
Asterisk 1.2.15 / 1.4.0 - Pre-Authentication Remote Denial of Service
Asterisk 1.2.15 / 1.4.0 - Unauthenticated Remote Denial of Service
IBM Lotus Domino Server 6.5 - Pre-Authentication Remote Exploit
IBM Lotus Domino Server 6.5 - Unauthenticated Remote Exploit
Frontbase 4.2.7 - Post-Authentication Remote Buffer Overflow (2.2)
Frontbase 4.2.7 - Authenticated Remote Buffer Overflow (2.2)
IBM Tivoli Provisioning Manager - Pre-Authentication Remote Exploit
IBM Tivoli Provisioning Manager - Unauthenticated Remote Exploit
Mercury SMTPD - Remote Pre-Authentication Stack Based Overrun (PoC)
Mercury SMTPD - Remote Unauthenticated Stack Based Overrun (PoC)
Mercury/32 4.51 - SMTPD CRAM-MD5 Pre-Authentication Remote Overflow
Mercury/32 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow
SIDVault LDAP Server - Pre-Authentication Remote Buffer Overflow
Mercury/32 3.32-4.51 - SMTP Pre-Authentication EIP Overwrite
SIDVault LDAP Server - Unauthenticated Remote Buffer Overflow
Mercury/32 3.32-4.51 - SMTP Unauthenticated EIP Overwrite
Hexamail Server 3.0.0.001 - (pop3) Pre-Authentication Remote Overflow (PoC)
Hexamail Server 3.0.0.001 - (pop3) Unauthenticated Remote Overflow (PoC)
Airsensor M520 - HTTPD Remote Pre-Authentication Denial of Service / Buffer Overflow (PoC)
Airsensor M520 - HTTPD Remote Unauthenticated Denial of Service / Buffer Overflow (PoC)
Mercury/32 4.52 IMAPD - SEARCH command Post-Authentication Overflow
Mercury/32 4.52 IMAPD - SEARCH command Authenticated Overflow
SAP MaxDB 7.6.03.07 - Pre-Authentication Remote Command Execution
McAfee E-Business Server - Remote Pre-Authentication Code Execution / Denial of Service (PoC)
SAP MaxDB 7.6.03.07 - Unauthenticated Remote Command Execution
McAfee E-Business Server - Remote Unauthenticated Code Execution / Denial of Service (PoC)
MailEnable Pro/Ent 3.13 - (Fetch) Post-Authentication Remote Buffer Overflow
MailEnable Pro/Ent 3.13 - (Fetch) Authenticated Remote Buffer Overflow
NetWin Surgemail 3.8k4-4 - IMAP Post-Authentication Remote LIST Universal Exploit
NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal Exploit
HP OpenView NNM 7.5.1 - OVAS.exe SEH Pre-Authentication Overflow
HP OpenView NNM 7.5.1 - OVAS.exe SEH Unauthenticated Overflow
BigAnt Server 2.2 - Pre-Authentication Remote SEH Overflow
BigAnt Server 2.2 - Unauthenticated Remote SEH Overflow
Joomla Component JPad 1.0 - Post-Authentication SQL Injection
Joomla Component JPad 1.0 - Authenticated SQL Injection
CMS Made Simple 1.2.4 - (FileManager module) File Upload
CMS Made Simple 1.2.4 - (FileManager module) Arbitrary File Upload
freeSSHd 1.2.1 - Remote Stack Overflow PoC (Post-Authentication)
freeSSHd 1.2.1 - Remote Stack Overflow PoC (Authenticated)
freeSSHd 1.2.1 - (Post-Authentication) Remote SEH Overflow
freeSSHd 1.2.1 - (Authenticated) Remote SEH Overflow
vsftpd 2.0.5 - (CWD) Post-Authentication Remote Memory Consumption Exploit
vsftpd 2.0.5 - (CWD) Authenticated Remote Memory Consumption Exploit
Surgemail 39e-1 - Post-Authentication IMAP Remote Buffer Overflow Denial of Service
Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow Denial of Service
Debian OpenSSH - (Post-Authentication) Remote SELinux Privilege Elevation Exploit
Debian OpenSSH - (Authenticated) Remote SELinux Privilege Elevation Exploit
Oracle Internet Directory 10.1.4 - Remote Pre-Authentication Denial of Service
Oracle Internet Directory 10.1.4 - Remote Unauthenticated Denial of Service
AvailScript Jobs Portal Script - (Post-Authentication) (jid) SQL Injection
AvailScript Jobs Portal Script - (Authenticated) (jid) SQL Injection
AvailScript Jobs Portal Script - (Post-Authentication) File Upload
AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload
Serv-U 7.3 - (Post-Authentication) (stou con:1) Denial of Service
Serv-U 7.3 - (Post-Authentication) Remote FTP File Replacement
Serv-U 7.3 - (Authenticated) (stou con:1) Denial of Service
Serv-U 7.3 - (Authenticated) Remote FTP File Replacement
Microsoft PicturePusher - ActiveX Cross-Site File Upload Attack (PoC)
Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Attack (PoC)
Noticeware E-mail Server 5.1.2.2 - (POP3) Pre-Authentication Denial of Service
Noticeware E-mail Server 5.1.2.2 - (POP3) Unauthenticated Denial of Service
freeSSHd 1.2.1 - (Post-Authentication) SFTP rename Remote Buffer Overflow PoC
freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow PoC
LoudBlog 0.8.0a - (Post-Authentication) (ajax.php) SQL Injection
LoudBlog 0.8.0a - (Authenticated) (ajax.php) SQL Injection
freeSSHd 1.2.1 - (Post-Authentication) SFTP realpath Remote Buffer Overflow PoC
freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow PoC
AJ Auction Authentication - Bypass Exploit
AJ Auction - Authentication Bypass
Simple Directory Listing 2 - Cross-Site File Upload
Simple Directory Listing 2 - Cross-Site Arbitrary File Upload
Mini File Host 1.x - Arbitrary PHP File Upload
Mini File Host 1.x - Arbitrary .PHP File Upload
Memberkit 1.0 - Remote PHP File Upload
Memberkit 1.0 - Remote Arbitrary .PHP File Upload
WinFTP 2.3.0 - 'LIST' Post-Authentication Remote Buffer Overflow
WinFTP 2.3.0 - 'LIST' Authenticated Remote Buffer Overflow
Coppermine Photo Gallery 1.4.19 - Remote PHP File Upload
Coppermine Photo Gallery 1.4.19 - Remote Arbitrary .PHP File Upload
Free Download Manager 2.5/3.0 - (Authorization) Stack Buffer Overflow (PoC)
Free Download Manager 2.5/3.0 - Authorisation Stack Buffer Overflow (PoC)
WikkiTikkiTavi 1.11 - Remote PHP File Upload
WikkiTikkiTavi 1.11 - Remote Arbitrary.PHP File Upload
Baran CMS 1.0 - Arbitrary ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation
Baran CMS 1.0 - Arbitrary .ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation
zFeeder 1.6 - 'admin.php' Pre-Authentication
zFeeder 1.6 - 'admin.php' Unauthenticated
Addonics NAS Adapter - Post-Authentication Denial of Service
Addonics NAS Adapter - Authenticated Denial of Service
Serv-U 7.4.0.1 - (SMNT) Post-Authentication Denial of Service
Serv-U 7.4.0.1 - (SMNT) Authenticated Denial of Service
Hannon Hill Cascade Server - (Post-Authentication) Command Execution
Hannon Hill Cascade Server - (Authenticated) Command Execution
Telnet-Ftp Service Server 1.x - (Post-Authentication) Multiple Vulnerabilities
Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities
Femitter FTP Server 1.x - (Post-Authentication) Multiple Vulnerabilities
Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities
Gravity Board X 2.0b - SQL Injection / Post-Authentication Code Execution
Gravity Board X 2.0b - SQL Injection / Authenticated Code Execution
XRDP 0.4.1 - Pre-Authentication Remote Buffer Overflow (PoC)
XRDP 0.4.1 - Unauthenticated Remote Buffer Overflow (PoC)
Addonics NAS Adapter - 'bts.cgi' Post-Authentication Remote Denial of Service
Addonics NAS Adapter - 'bts.cgi' Authenticated Remote Denial of Service
Cpanel - (Post-Authentication) (lastvisit.html domain) Arbitrary File Disclosure
Cpanel - (Authenticated) (lastvisit.html domain) Arbitrary File Disclosure
MySQL 5.0.45 - (Post-Authentication) COM_CREATE_DB Format String PoC
MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String PoC
Adobe JRun 4 - (logfile) Post-Authentication Directory Traversal
Adobe JRun 4 - (logfile) Authenticated Directory Traversal
FtpXQ FTP Server 3.0 - (Post-Authentication) Remote Denial of Service
FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service
NetAccess IP3 - (Post-Authentication) (ping option) Command Injection
NetAccess IP3 - (Authenticated) (ping option) Command Injection
Joomla 1.5.12 - tinybrowser Arbitrary File Upload / Execute
Joomla 1.5.12 tinybrowser - Arbitrary File Upload /Execution
Cerberus FTP server 3.0.6 - Pre-Authentication Denial of Service
Cerberus FTP server 3.0.6 - Unauthenticated Denial of Service
HP NNM 7.53 - ovalarm.exe CGI Pre-Authentication Remote Buffer Overflow
HP NNM 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow
Novell eDirectory 8.8 SP5 - (Post-Authentication) Remote Buffer Overflow
Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow
httpdx 1.5.2 - Remote Pre-Authentication Denial of Service (PoC)
httpdx 1.5.2 - Remote Unauthenticated Denial of Service (PoC)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Crash (PoC)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Crash (PoC)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Remote Exploit
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Exploit
Easy~Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow
Easy~Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow (SEH) (PoC)
Easy~Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow (PoC)
Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow
Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow (SEH) (PoC)
Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow (PoC)
httpdx 1.5.3b - Multiple Remote Pre-Authentication Denial of Service (PoC)
httpdx 1.5.3b - Multiple Remote Unauthenticated Denial of Service (PoC)
Kerio MailServer 6.2.2 - Pre-Authentication Remote Denial of Service (PoC)
Kerio MailServer 6.2.2 - Unauthenticated Remote Denial of Service (PoC)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Buffer Overflow (Metasploit)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Buffer Overflow (Metasploit)
eDisplay Personal FTP server 1.0.0 - Pre-Authentication Denial of Service (PoC)
eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Crash SEH (PoC)
eDisplay Personal FTP server 1.0.0 - Unauthenticated Denial of Service (PoC)
eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Crash SEH (PoC)
eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack Buffer Overflow (1)
eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (1)
eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack Buffer Overflow (2)
eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (2)
uTorrent WebUI 0.370 - Authorization header Denial of Service
uTorrent WebUI 0.370 - Authorisation Header Denial of Service
Easy Ftp Server 1.7.0.2 - MKD Remote Post-Authentication Buffer Overflow
Easy Ftp Server 1.7.0.2 - MKD Remote Authenticated Buffer Overflow
ProSSHD 1.2 - Remote Post-Authentication Exploit (ASLR + DEP Bypass)
ProSSHD 1.2 - Remote Authenticated Exploit (ASLR + DEP Bypass)
Apache Axis2 Administration console - (Post-Authentication) Cross-Site Scripting
Apache Axis2 Administration console - (Authenticated) Cross-Site Scripting
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Pre-Authentication Denial of Service
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Unauthenticated Denial of Service
BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ALSR + DEP Bypass)
BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass)
dotDefender 3.8-5 - Pre-Authentication Remote Code Execution (via Cross-Site Scripting)
dotDefender 3.8-5 - Unauthenticated Remote Code Execution (via Cross-Site Scripting)
Easy FTP Server 1.7.0.11 - (Post-Authentication) 'MKD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Post-Authentication) 'LIST' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'MKD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Post-Authentication) 'CWD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'CWD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Post-Authentication) 'LIST' Command Remote Buffer Overflow (Metasploit)
Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow (Metasploit)
UPlusFTP Server 1.7.1.01 - (Post-Authentication) HTTP Remote Buffer Overflow
UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Post-Authentication) Multiple Commands Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflow
Achievo 1.4.3 - Multiple Authorization Flaws
Achievo 1.4.3 - Multiple Authorisation Flaws
PHPMotion 1.62 - 'FCKeditor' File Upload
PHPMotion 1.62 - 'FCKeditor' Arbitrary File Upload
Home FTP Server 1.11.1.149 - Post-Authentication Directory Traversal
Home FTP Server 1.11.1.149 - Authenticated Directory Traversal
News Script PHP Pro - 'FCKeditor' File Upload
News Script PHP Pro - 'FCKeditor' Arbitrary File Upload
Microsoft Windows 2003 - AD Pre-Authentication BROWSER ELECTION Remote Heap Overflow
Microsoft Windows 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Post-Authentication) Remote Buffer Overflow
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow
Vtiger CRM 5.0.4 - Pre-Authentication Local File Inclusion
Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion
HP OpenView NNM 7.53/7.51 - OVAS.exe Pre-Authentication Stack Buffer Overflow
HP OpenView NNM 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow
MailEnable - Authorization Header Buffer Overflow
MailEnable - Authorisation Header Buffer Overflow
ColdFusion 8.0.1 - Arbitrary File Upload and Execution
Adobe RoboHelp Server 8 - Arbitrary File Upload and Execution
ColdFusion 8.0.1 - Arbitrary File Upload / Execution
Adobe RoboHelp Server 8 - Arbitrary File Upload / Execution
OpenX - banner-edit.php File Upload PHP Code Execution
OpenX - banner-edit.php Arbitrary File Upload / PHP Code Execution
Joomla 1.5.12 - tinybrowser File Upload Code Execution
Joomla 1.5.12 tinybrowser - Arbitrary File Upload / Code Execution
N_CMS 1.1E - Pre-Authentication Local File Inclusion / Remote Code Exploit
N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code Exploit
If-CMS 2.07 - Pre-Authentication Local File Inclusion (1)
If-CMS 2.07 - Unauthenticated Local File Inclusion (1)
IPComp - encapsulation Pre-Authentication kernel memory Corruption
IPComp - encapsulation Unauthenticated kernel memory Corruption
SQL-Ledger 2.8.33 - Post-Authentication Local File Inclusion / Edit
SQL-Ledger 2.8.33 - Authenticated Local File Inclusion / Edit
Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (DEP + ASLR Bypass)
Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (ASLR + DEP Bypass)
Easy Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow
Easy Ftp Server 1.7.0.2 - Authenticated Buffer Overflow
ActFax Server FTP - (Post-Authentication) Remote Buffer Overflow
ActFax Server FTP - (Authenticated) Remote Buffer Overflow
If-CMS 2.07 - Pre-Authentication Local File Inclusion (Metasploit) (2)
If-CMS 2.07 - Unauthenticated Local File Inclusion (Metasploit) (2)
DVD X Player 5.5.0 Pro / Standard - Universal Exploit (DEP + ASLR Bypass)
DVD X Player 5.5.0 Pro / Standard - Universal Exploit (ASLR + DEP Bypass)
DVD X Player 5.5 Pro - (SEH DEP + ASLR Bypass) Exploit
DVD X Player 5.5 Pro - (SEH + ASLR + DEP Bypass) Exploit
TomatoCart 1.1 - Post-Authentication Local File Inclusion
TomatoCart 1.1 - Authenticated Local File Inclusion
BlazeVideo HDTV Player 6.6 Professional - Universal DEP + ASLR Bypass
BlazeVideo HDTV Player 6.6 Professional - Universal ASLR + DEP Bypass
QuiXplorer 2.3 - Bugtraq File Upload
QuiXplorer 2.3 - Bugtraq Arbitrary File Upload
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR Bypass (Metasploit)
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit)
Avaya WinPDM UniteHostRouter 3.8.2 - Remote Pre-Authentication Command Execution
Avaya WinPDM UniteHostRouter 3.8.2 - Remote Unauthenticated Command Execution
Sysax Multi Server 5.53 - SFTP Post-Authentication SEH Exploit
Sysax 5.53 - SSH 'Username' Buffer Overflow Pre-Authentication Remote Code Execution (Egghunter)
Sysax Multi Server 5.53 - SFTP Authenticated SEH Exploit
Sysax 5.53 - SSH 'Username' Buffer Overflow Unauthenticated Remote Code Execution (Egghunter)
BlazeVideo HDTV Player 6.6 Professional - SEH & DEP & ASLR
BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass
Dolibarr ERP & CRM 3 - Post-Authentication OS Command Injection
Dolibarr ERP & CRM 3 - Authenticated OS Command Injection
V-CMS - PHP File Upload and Execution
V-CMS - Arbitrary .PHP File Upload / Execution
WebCalendar 1.2.4 - Pre-Authentication Remote Code Injection
WebCalendar 1.2.4 - Unauthenticated Remote Code Injection
appRain CMF - Arbitrary PHP File Upload
appRain CMF - Arbitrary .PHP File Upload
EGallery - PHP File Upload
EGallery - Arbitrary .PHP File Upload
SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Post-Authentication SQL Injection
SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Authenticated SQL Injection
WordPress Front End Upload 0.5.4.4 Plugin - Arbitrary PHP File Upload
WordPress Front End Upload 0.5.4.4 Plugin - Arbitrary .PHP File Upload
WebPageTest - Arbitrary PHP File Upload
WebPageTest - Arbitrary .PHP File Upload
XODA 0.4.5 - Arbitrary PHP File Upload
XODA 0.4.5 - Arbitrary .PHP File Upload
Elcom CMS 7.4.10 - Community Manager Insecure File Upload
Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload
Trend Micro Control Manager 5.5/6.0 AdHocQuery - Post-Authentication Blind SQL Injection
Trend Micro Control Manager 5.5/6.0 AdHocQuery - Authenticated Blind SQL Injection
Mod_SSL 2.8.x - Off-by-One HTAccess Buffer Overflow
Apache/mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow
Dropbox Desktop Client 9.4.49 (64bit) - Local Credentials Disclosure
OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow (1)
OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow (2)
Apache/mod_ssl (< 2.8.7) OpenSSL - 'OpenFuck.c' Remote Exploit (1)
Apache/mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit
qdPM 7.0 - Arbitrary PHP File Upload
qdPM 7.0 - Arbitrary .PHP File Upload
Oracle Database - Authentication Protocol Security Bypass
Oracle Database - Protocol Authentication Bypass
Mod_NTLM 0.x - Authorization Heap Overflow
Mod_NTLM 0.x - Authorisation Heap Overflow
Mod_NTLM 0.x - Authorization Format String
Mod_NTLM 0.x - Authorisation Format String
Geeklog 1.3.x - Authentication SQL Injection
Geeklog 1.3.x - Authenticated SQL Injection
NFR Agent FSFUI Record - Arbitrary File Upload Remote Code Execution
NFR Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution
PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload and Execution
PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload / Execution
MySQL - Remote Pre-Authentication User Enumeration
MySQL - Remote Unauthenticated User Enumeration
vbPortal 2.0 alpha 8.1 - Authentication SQL Injection
vbPortal 2.0 alpha 8.1 - Authenticated SQL Injection
DameWare Mini Remote Control Server 3.7x - Pre-Authentication Buffer Overflow (1)
DameWare Mini Remote Control Server 3.7x - Pre-Authentication Buffer Overflow (2)
DameWare Mini Remote Control Server 3.7x - Pre-Authentication Buffer Overflow (3)
DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (1)
DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (2)
DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (3)
WordPress WP-Property Plugin - PHP File Upload
WordPress Asset-Manager Plugin - PHP File Upload
WordPress WP-Property Plugin - Arbitrary .PHP File Upload
WordPress Asset-Manager Plugin - Arbitrary .PHP File Upload
Ubiquiti AirOS 5.5.2 - Remote Post-Authentication Root Command Execution
Ubiquiti AirOS 5.5.2 - Remote Authenticated Root Command Execution
RobotFTP Server 1.0/2.0 - Remote Pre-Authentication Command Denial of Service
RobotFTP Server 1.0/2.0 - Remote Unauthenticated Command Denial of Service
SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorization Request Denial of Service (1)
SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorization Request Denial of Service (2)
SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service (1)
SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service (2)
Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload and Execution
Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload / Execution
Firebird 1.0 - Remote Pre-Authentication Database Name Buffer Overrun
Firebird 1.0 - Remote Unauthenticated Database Name Buffer Overrun
Novell NCP - Pre-Authentication Remote Root Exploit
Novell NCP - Unauthenticated Remote Root Exploit
Polar Helpdesk 3.0 - Cookie Based Authentication System Bypass
Polar Helpdesk 3.0 - Cookie Based Authentication Bypass
IRIS Citations Management Tool - (Post-Authentication) Remote Command Execution
IRIS Citations Management Tool - (Authenticated) Remote Command Execution
Polycom HDX - Telnet Authorization Bypass (Metasploit)
Polycom HDX - Telnet Authentication Bypass (Metasploit)
OpenEMR - PHP File Upload
OpenEMR - Arbitrary .PHP File Upload
PolarPearCMS - PHP File Upload
PolarPearCMS - Arbitrary .PHP File Upload
Apache 2.0.x - mod_ssl Remote Denial of Service
Apache/mod_ssl 2.0.x - Remote Denial of Service
phpWebSite 0.x - Image File Processing Arbitrary PHP File Upload
phpWebSite 0.x - Image File Processing Arbitrary .PHP File Upload
BetaParticle blog 2.0/3.0 - upload.asp Unauthenticated File Upload
BetaParticle blog 2.0/3.0 - upload.asp Unauthenticated Arbitrary File Upload
BlueSoleil 1.4 - Object Push Service BlueTooth File Upload Directory Traversal
BlueSoleil 1.4 - Object Push Service BlueTooth Arbitrary File Upload / Directory Traversal
MoinMoin - twikidraw Action Traversal File Upload
MoinMoin - twikidraw Action Traversal Arbitrary File Upload
Mikrotik RouterOS sshd (ROSSSH) - Remote Pre-Authentication Heap Corruption
Mikrotik RouterOS sshd (ROSSSH) - Remote Unauthenticated Heap Corruption
Alt-N MDaemon 2-8 - Remote Pre-Authentication IMAP Buffer Overflow
Alt-N MDaemon 2-8 - Remote Unauthenticated IMAP Buffer Overflow
FlexWATCH 3.0 - AIndex.asp Authorization Bypass
FlexWATCH 3.0 - AIndex.asp Authentication Bypass
HP ProCurve Manager - SNAC UpdateDomainControllerServlet File Upload
HP ProCurve Manager SNAC - UpdateCertificatesServlet File Upload
HP ProCurve Manager - SNAC UpdateDomainControllerServlet Arbitrary File Upload
HP ProCurve Manager SNAC - UpdateCertificatesServlet Arbitrary File Upload
WordPress Curvo Themes - Cross-Site Request Forgery File Upload
WordPress Curvo Themes - Cross-Site Request Forgery / Arbitrary File Upload
WordPress Highlight Premium Theme - Cross-Site Request Forgery / File Upload
WordPress Highlight Premium Theme - Cross-Site Request Forgery / Arbitrary File Upload
PHPBB2 - Admin_Ug_Auth.php Administrative Security Bypass
PHPBB2 - Admin_Ug_Auth.php Administrative Bypass
Adobe Acrobat Reader - ASLR + DEP Bypass with SANDBOX Bypass
Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass
Castripper 2.50.70 - '.pls' DEP Exploit
Castripper 2.50.70 - '.pls' DEP Bypass Exploit
Google Urchin 5.7.3 - Report.cgi Authorization Bypass
Google Urchin 5.7.3 - Report.cgi Authentication Bypass
Adobe Flash - Method Calls Use-After-Free
Adobe Flash - Transform.colorTranform Getter Info Leak
RSA Authentication Agent for Web 5.3 - URI redirection
RSA Authentication Agent for Web 5.3 - URI Redirection
Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
Zabbix 2.0 - 3.0.3 - SQL Injection
ClassSystem 2.0/2.3 - class/ApplyDB.php Unrestricted Arbitrary File Upload Arbitrary Code Execution
ClassSystem 2.0/2.3 - class/ApplyDB.php Unrestricted Arbitrary File Upload / Arbitrary Code Execution
Apple iCloud Desktop Client 5.2.1.0 - Local Credentials Disclosure
LogMeIn Client 1.3.2462 (64bit) - Local Credentials Disclosure
SpagoBI 4.0 - Arbitrary Cross-Site Scripting / File Upload
SpagoBI 4.0 - Arbitrary Cross-Site Scripting / Arbitrary File Upload
Katello (Red Hat Satellite) - users/update_roles Missing Authorization
Katello (Red Hat Satellite) - users/update_roles Missing Authorisation
Freepbx 13.0.x < 13.0.154 - Remote Command Execution
FreePBX 13.0.x < 13.0.154 - Unauthenticated Remote Command Execution
Jobberbase 2.0 - Multiple Vulnerabilities
Windows x86 - Bind Shell TCP Shellcode
WordPress MailPoet Newsletters 2.6.8 Plugin - (wysija-newsletters) Unauthenticated File Upload
WordPress MailPoet Newsletters 2.6.8 Plugin - (wysija-newsletters) Unauthenticated Arbitrary File Upload
Bits Video Script 2.04/2.05 - 'addvideo.php' File Upload / Arbitrary PHP Code Execution
Bits Video Script 2.04/2.05 - 'register.php' File Upload / Arbitrary PHP Code Execution
Bits Video Script 2.04/2.05 - 'addvideo.php' Arbitrary File Upload / Arbitrary PHP Code Execution
Bits Video Script 2.04/2.05 - 'register.php' Arbitrary File Upload / Arbitrary PHP Code Execution
Moab < 7.2.9 - Authorization Bypass
Moab < 7.2.9 - Authentication Bypass
Tapatalk for vBulletin 4.x - Pre-Authentication Blind SQL Injection
Tapatalk for vBulletin 4.x - Unauthenticated Blind SQL Injection
Drupal Core < 7.32 - Pre-Authentication SQL Injection
Drupal Core < 7.32 - Unauthenticated SQL Injection
Tincd - Post-Authentication Remote TCP Stack Buffer Overflow
Tincd - Authenticated Remote TCP Stack Buffer Overflow
PMB 4.1.3 - Post-Authentication SQL Injection
PMB 4.1.3 - Authenticated SQL Injection
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Pre-Authentication Remote Code Execution
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Unauthenticated Remote Code Execution
ManageEngine Multiple Products - Authenticated File Upload
ManageEngine Multiple Products - Authenticated Arbitrary File Upload
Chyrp 2.x - swfupload Extension upload_handler.php File Upload Arbitrary PHP Code Execution
X360 VideoPlayer ActiveX Control 2.6 - (Full ASLR + DEP Bypass)
Chyrp 2.x - swfupload Extension upload_handler.php Arbitrary File Upload / Arbitrary PHP Code Execution
X360 VideoPlayer ActiveX Control 2.6 - (ASLR + DEP Bypass)
Seagate Business NAS 2014.00319 - Pre-Authentication Remote Code Execution
Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution
Symantec Web Gateway 5 - restore.php Post-Authentication Command Injection
Symantec Web Gateway 5 - restore.php Authenticated Command Injection
JBoss Seam 2 - Arbitrary File Upload and Execution
JBoss Seam 2 - Arbitrary File Upload / Execution
Barracuda Firmware 5.0.0.012 - Post-Authentication Remote Root Exploit (Metasploit)
Barracuda Firmware 5.0.0.012 - Authenticated Remote Root Exploit (Metasploit)
Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted File Upload / Arbitrary Code Execution
Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted Arbitrary File Upload / Arbitrary Code Execution
WordPress RevSlider 3.0.95 Plugin - Arbitrary File Upload and Execution
WordPress RevSlider 3.0.95 Plugin - Arbitrary File Upload / Execution
JibberBook 2.3 - 'Login_form.php' Authentication Security Bypass
JibberBook 2.3 - 'Login_form.php' Authentication Bypass
Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter File Upload / Code Execution
Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution
Zenoss 3.2.1 - Remote Post-Authentication Command Execution
Zenoss 3.2.1 - Remote Authenticated Command Execution
Microweber 1.0.3 - Arbitrary File Upload Filter Bypass Remote PHP Code Execution
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / Remote PHP Code Execution
Magento CE < 1.9.0.1 - Post-Authentication Remote Code Execution
Magento CE < 1.9.0.1 - Authenticated Remote Code Execution
Netsweeper 4.0.9 - Arbitrary File Upload and Execution
Netsweeper 4.0.9 - Arbitrary File Upload / Execution
Netsweeper 4.0.8 - Arbitrary File Upload and Execution
Netsweeper 4.0.8 - Arbitrary File Upload / Execution
EasyITSP - 'customers_edit.php' Authentication Security Bypass
EasyITSP - 'customers_edit.php' Authentication Bypass
Wolf CMS - Arbitrary File Upload and Execution
Wolf CMS - Arbitrary File Upload / Execution
Konica Minolta FTP Utility 1.00 - Post-Authentication CWD Command SEH Overflow
Konica Minolta FTP Utility 1.00 - Authenticated CWD Command SEH Overflow
GLPI 0.85.5 - Remote Code Execution (via File Upload Filter Bypass)
GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution
Dream CMS 2.3.0 - Cross-Site Request Forgery Add Extension / Arbitrary File Upload PHP Code Execution
Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution
vBulletin 5.1.x - Pre-Authentication Remote Code Execution
vBulletin 5.1.x - Unauthenticated Remote Code Execution
WordPress Ninja Forms 2.7.7 Plugin - Authorization Bypass
WordPress WP to Twitter Plugin - Authorization Bypass
WordPress Ninja Forms 2.7.7 Plugin - Authentication Bypass
WordPress WP to Twitter Plugin - Authentication Bypass
Novell ServiceDesk - Authenticated File Upload
Novell ServiceDesk - Authenticated Arbitrary File Upload
Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated File Upload
Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated Arbitrary File Upload
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal DEP + ASLR Bypass)
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal ASLR + DEP Bypass)
phpATM 1.32 - Remote Command Execution (Arbitrary File Upload) on Windows Servers
phpATM 1.32 - Arbitrary File Upload / Remote Command Execution (Windows Servers)
vBulletin 5.x/4.x - Post-Authentication Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x - Post-Authentication SQL Injection in breadcrumbs via xmlrpc API
vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Post-Authentication Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Post-Authentication Remote Root Exploit (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Post-Authentication Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Root Exploit (Metasploit)
phpMyAdmin 4.6.2 - Post-Authentication Remote Code Execution
phpMyAdmin 4.6.2 - Authenticated Remote Code Execution
vBulletin 5.2.2 - Pre-Authentication Server Side Request Forgery (SSRF)
vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery (SSRF)
ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authorization Bypass
ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authentication Bypass
2016-09-09 05:09:09 +00:00
Offensive Security
479ae86249
DB: 2016-09-06
...
5 new exploits
ProFTPD 1.2.9RC1 - (mod_sql) SQL Injection
ProFTPd 1.2.9RC1 - (mod_sql) SQL Injection
PHPBB 2.0.4 - PHP Remote File Inclusion Exploit
phpBB 2.0.4 - PHP Remote File Inclusion Exploit
wu-ftpd 2.6.2 - Off-by-One Remote Root Exploit
WU-FTPD 2.6.2 - Off-by-One Remote Root Exploit
wu-ftpd 2.6.2 - Remote Root Exploit
WU-FTPD 2.6.2 - Remote Root Exploit
ProFTPD 1.2.9rc2 - ASCII File Remote Root Exploit
ProFTPd 1.2.9rc2 - ASCII File Remote Root Exploit
ProFTPD 1.2.7 < 1.2.9rc2 - Remote Root / brute-force Exploit
ProFTPd 1.2.7 < 1.2.9rc2 - Remote Root / brute-force Exploit
wu-ftpd 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service
WU-FTPD 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service
wu-ftpd 2.6.0 - Remote Root Exploit
WU-FTPD 2.6.0 - Remote Root Exploit
OpenBSD 2.6 / 2.7ftpd - Remote Exploit
OpenBSD 2.6 / 2.7 ftpd - Remote Exploit
wu-ftpd 2.6.0 - Remote Format Strings Exploit
WU-FTPD 2.6.0 - Remote Format Strings Exploit
ProFTPD 1.2.0 (rc2) - memory leakage example Exploit
ProFTPd 1.2.0 (rc2) - memory leakage example Exploit
ProFTPD 1.2.0pre10 - Remote Denial of Service
ProFTPd 1.2.0pre10 - Remote Denial of Service
wu-ftpd 2.6.1 - Remote Root Exploit
WU-FTPD 2.6.1 - Remote Root Exploit
OpenFTPD 0.30.2 - Remote Exploit
OpenFTPD 0.30.1 - (message system) Remote Shell Exploit
OpenFTPd 0.30.2 - Remote Exploit
OpenFTPd 0.30.1 - (message system) Remote Shell Exploit
PHP - (PHP-exec-dir) Patch Command Access Restriction Bypass
PHP - (php-exec-dir) Patch Command Access Restriction Bypass
ProFTPd (ftpdctl) - Local pr_ctrls_connect
ProFTPd - (ftpdctl) Local pr_ctrls_connect
ProFTPD 1.2.10 - Remote Users Enumeration Exploit
ProFTPd 1.2.10 - Remote Users Enumeration Exploit
PHPBB 1.0.0 / 2.0.10 - admin_cash.php Remote Exploit
phpBB 1.0.0 / 2.0.10 - admin_cash.php Remote Exploit
PHP 4.3.9 + PHPBB 2.x - unserialize() Remote Exploit (Compiled)
PHP 4.3.9 + phpBB 2.x - unserialize() Remote Exploit (Compiled)
Apple QuickTime 6.5.2.10 - '.qtif'Image Parsing
Apple QuickTime 6.5.2.10 - '.qtif' Image Parsing
wu-ftpd 2.6.2 - File Globbing Denial of Service
WU-FTPD 2.6.2 - File Globbing Denial of Service
RealPlayer 10 - '.smil'Local Buffer Overflow
RealPlayer 10 - '.smil' Local Buffer Overflow
PHPBB 2.0.13 - 'downloads.php' mod Remote Exploit
phpBB 2.0.13 - 'downloads.php' mod Remote Exploit
PHPPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting
phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting
Invision Power Board 2.0.3 - login.php SQL Injection
Invision Power Board 2.0.3 - login.php SQL Injection (tutorial)
Invision Power Board 2.0.3 - 'login.php' SQL Injection
Invision Power Board 2.0.3 - 'login.php' SQL Injection (tutorial)
PHPStat 1.5 - (setup.php) Authentication Bypass Exploit (Perl)
PHPStat 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (1)
PHPStat 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (2)
phpStat 1.5 - (setup.php) Authentication Bypass Exploit (Perl)
phpStat 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (1)
phpStat 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (2)
Invision Power Board 1.3.1 - login.php SQL Injection
Invision Power Board 1.3.1 - 'login.php' SQL Injection
PHPBB 2.0.15 - (highlight) Remote PHP Code Execution
phpBB 2.0.15 - (highlight) Remote PHP Code Execution
Solaris SPARC / x86 - Local Socket Hijack Exploit
Solaris (SPARC / x86) - Local Socket Hijack Exploit
PHPBB 2.0.15 - Remote PHP Code Execution Exploit (Metasploit)
phpBB 2.0.15 - Remote PHP Code Execution Exploit (Metasploit)
Microsoft Windows XP SP2 - 'rdpwd.sys'Remote Kernel Denial of Service
Microsoft Windows XP SP2 - 'rdpwd.sys' Remote Kernel Denial of Service
PHPBB 2.0.13 - (admin_styles.php) Remote Command Execution Exploit
phpBB 2.0.13 - (admin_styles.php) Remote Command Execution Exploit
FreeFTPD 1.0.8 - (USER) Remote Buffer Overflow
freeFTPd 1.0.8 - (USER) Remote Buffer Overflow
FreeFTPD 1.0.10 - (PORT Command) Denial of Service
freeFTPd 1.0.10 - (PORT Command) Denial of Service
Tftpd32 2.81 - (GET Request) Format String Denial of Service (PoC)
TFTPD32 2.81 - (GET Request) Format String Denial of Service (PoC)
Microsoft HTML Help Workshop - '.hhp'Denial of Service
Microsoft HTML Help Workshop - '.hhp' Denial of Service
PHPWebSite 0.10.0-full - (topics.php) SQL Injection
phpWebSite 0.10.0-full - (topics.php) SQL Injection
Microsoft Visual Studio 6.0 sp6 - '.dbp'Buffer Overflow
Microsoft Visual Studio 6.0 sp6 - '.dbp' Buffer Overflow
PHPBookingCalendar 1.0c - (details_view.php) SQL Injection
phpBookingCalendar 1.0c - (details_view.php) SQL Injection
Navicat Premium 11.2.11 (64bit) - Local Database Password Disclosure
Microsoft Internet Explorer 6 - 'Internet.HHCtrl'Heap Overflow
Microsoft Internet Explorer 6 - 'Internet.HHCtrl' Heap Overflow
PHPBB 3 - 'memberlist.php' SQL Injection
phpBB 3 - 'memberlist.php' SQL Injection
WoW Roster 1.70 - (/lib/PHPbb.php) Remote File Inclusion
WoW Roster 1.70 - (/lib/phpBB.php) Remote File Inclusion
PHPBB XS 0.58 - (functions.php) Remote File Inclusion
phpBB XS 0.58 - (functions.php) Remote File Inclusion
phpBB XS 0.58a - (phpbb_root_path) Remote File Inclusion
phpBB XS 0.58a - (phpBB_root_path) Remote File Inclusion
phpBB Static Topics 1.0 - phpbb_root_path File Include
phpBB Static Topics 1.0 - phpBB_root_path File Include
PHPBB Security Suite Mod 1.0.0 - (logger_engine.php) Remote File Inclusion
Dimension of phpBB 0.2.6 - (phpbb_root_path) Remote File Inclusions
phpBB Security Suite Mod 1.0.0 - (logger_engine.php) Remote File Inclusion
Dimension of phpBB 0.2.6 - (phpBB_root_path) Remote File Inclusions
PHP News Reader 2.6.4 - (PHPbb.inc.php) Remote File Inclusion Exploit
PHP News Reader 2.6.4 - (phpBB.inc.php) Remote File Inclusion Exploit
PHPBB PlusXL 2.0_272 - (constants.php) Remote File Inclusion Exploit
phpBB PlusXL 2.0_272 - (constants.php) Remote File Inclusion Exploit
PHPBB Amazonia Mod - 'zufallscodepart.php' Remote File Inclusion Exploit
phpBB Amazonia Mod - 'zufallscodepart.php' Remote File Inclusion Exploit
PHPBB lat2cyr Mod 1.0.1 - (lat2cyr.php) Remote File Inclusion Exploit
phpBB lat2cyr Mod 1.0.1 - (lat2cyr.php) Remote File Inclusion Exploit
PHPBB SearchIndexer Mod - 'archive_topic.php' Remote File Inclusion Exploit
phpBB SearchIndexer Mod - 'archive_topic.php' Remote File Inclusion Exploit
PHPBB Security 1.0.1 - (PHP_security.php) Remote File Inclusion Exploit
phpBB Security 1.0.1 - (PHP_security.php) Remote File Inclusion Exploit
PGOSD - 'misc/function.php3'Remote File Inclusion
PGOSD - 'misc/function.php3' Remote File Inclusion
HP-UX 11i - (LIBC TZ enviroment variable) Privilege Escalation
HP-UX 11i - (LIBC TZ enviroment Variable) Privilege Escalation
ProFTPD 1.3.0 - (sreplace) Remote Stack Overflow (Metasploit)
ProFTPd 1.3.0 - (sreplace) Remote Stack Overflow (Metasploit)
ProFTPD 1.3.0a - (mod_ctrls support) Local Buffer Overflow (PoC)
ProFTPd 1.3.0a - (mod_ctrls support) Local Buffer Overflow (PoC)
ProFTPD 1.2.9 rc2 - (ASCII File) Remote Root Exploit
ProFTPd 1.2.9 rc2 - (ASCII File) Remote Root Exploit
Yrch 1.0 - (plug.inc.php path variable) Remote File Inclusion Exploit
Yrch 1.0 - (plug.inc.php path Variable) Remote File Inclusion Exploit
Vizayn Haber - 'haberdetay.asp id variable'SQL Injection
Vizayn Haber - 'haberdetay.asp id Variable' SQL Injection
newsCMSlite - 'newsCMS.mdb'Remote Password Disclosure
newsCMSlite - 'newsCMS.mdb' Remote Password Disclosure
iG Calendar 1.0 - (user.php id variable) SQL Injection
iG Calendar 1.0 - (user.php id Variable) SQL Injection
uniForum 4 - 'wbsearch.aspx'SQL Injection
uniForum 4 - 'wbsearch.aspx' SQL Injection
MGB 0.5.4.5 - (email.php id variable) SQL Injection
MGB 0.5.4.5 - (email.php id Variable) SQL Injection
Microsoft Help Workshop 4.03.0002 - '.CNT'Buffer Overflow
Microsoft Help Workshop 4.03.0002 - '.cnt' Buffer Overflow
Microsoft Help Workshop 4.03.0002 - '.HPJ'Buffer Overflow
Microsoft Help Workshop 4.03.0002 - '.HPJ' Buffer Overflow
Microsoft Visual C++ - '.RC Resource Files'Local Buffer Overflow
Microsoft Visual C++ - '.RC Resource Files' Local Buffer Overflow
Phpbb Tweaked 3 - (phpbb_root_path) Remote File Inclusion
phpBB Tweaked 3 - (phpBB_root_path) Remote File Inclusion
phpBB++ Build 100 - (phpbb_root_path) Remote File Inclusion Exploit
phpBB++ Build 100 - (phpBB_root_path) Remote File Inclusion Exploit
Categories hierarchy phpBB Mod 2.1.2 - (phpbb_root_path) Remote File Inclusion Exploit
Categories hierarchy phpBB Mod 2.1.2 - (phpBB_root_path) Remote File Inclusion Exploit
ProFTPD 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (1)
ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (1)
ProFTPD 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (2)
ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (2)
News Bin Pro 5.33 - '.NBI'Local Buffer Overflow
News Bin Pro 5.33 - '.nbi' Local Buffer Overflow
Extreme PHPBB 3.0.1 - (functions.php) Remote File Inclusion Exploit
Extreme phpBB 3.0.1 - (functions.php) Remote File Inclusion Exploit
Plan 9 Kernel - 'devenv.c OTRUNC/pwrite'Local Exploit
Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local Exploit
Microsoft Windows - '.doc'Malformed Pointers Denial of Service
Microsoft Windows - '.doc' Malformed Pointers Denial of Service
GestArt Beta 1 - 'aide.php aide'Remote File Inclusion
GestArt Beta 1 - 'aide.php aide' Remote File Inclusion
ttCMS 4 - 'ez_sql.php lib_path'Remote File Inclusion
ttCMS 4 - 'ez_sql.php lib_path' Remote File Inclusion
Corel Wordperfect X3 13.0.0.565 - '.PRS'Local Buffer Overflow
Corel Wordperfect X3 13.0.0.565 - '.prs' Local Buffer Overflow
ProFTPD 1.3.0/1.3.0a - (mod_ctrls) Local Overflow (exec-shield)
ProFTPd 1.3.0/1.3.0a - (mod_ctrls) Local Overflow (exec-shield)
Winamp 5.3 - '.WMV'Remote Denial of Service
Winamp 5.3 - '.wmv' Remote Denial of Service
ACDSee 9.0 - '.XPM'Local Buffer Overflow
XnView 1.90.3 - '.XPM'Local Buffer Overflow
WEBInsta FM 0.1.4 - login.php absolute_path Remote File Inclusion Exploit
Corel Paint Shop Pro Photo 11.20 - '.CLP'Buffer Overflow
ACDSee 9.0 - '.xpm' Local Buffer Overflow
XnView 1.90.3 - '.xpm' Local Buffer Overflow
WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion Exploit
Corel Paint Shop Pro Photo 11.20 - '.clp' Buffer Overflow
ABC-View Manager 1.42 - '.PSP'Buffer Overflow
FreshView 7.15 - '.PSP'Buffer Overflow
ABC-View Manager 1.42 - '.psp' Buffer Overflow
FreshView 7.15 - '.psp' Buffer Overflow
Gimp 2.2.14 - '.ras'SUNRAS Plugin Buffer Overflow
Gimp 2.2.14 - '.ras' SUNRAS Plugin Buffer Overflow
IrfanView 4.00 - '.iff'Buffer Overflow
Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png'Buffer Overflow Exploit
IrfanView 4.00 - '.iff' Buffer Overflow
Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png' Buffer Overflow Exploit
RealPlayer 10 - '.ra'Remote Denial of Service
RealPlayer 10 - '.ra' Remote Denial of Service
Winamp 5.34 - '.mp4'Code Execution Exploit
Winamp 5.34 - '.mp4' Code Execution Exploit
Wikivi5 - 'show.php sous_rep'Remote File Inclusion
Wikivi5 - 'show.php sous_rep' Remote File Inclusion
LeadTools Raster Thumbnail Object Library - 'LTRTM14e.DLL'Buffer Overflow Exploit
LeadTools Raster Thumbnail Object Library - 'LTRTM14e.dll' Buffer Overflow Exploit
Scallywag - 'template.php path'Remote File Inclusion
Scallywag - 'template.php path' Remote File Inclusion
Simple Invoices 2007 05 25 - 'index.php submit'SQL Injection
Simple Invoices 2007 05 25 - 'index.php submit' SQL Injection
Traffic Stats - 'referralUrl.php offset'SQL Injection
Traffic Stats - 'referralUrl.php offset' SQL Injection
BBS E-Market - 'postscript.php p_mode'Remote File Inclusion
BBS E-Market - 'postscript.php p_mode' Remote File Inclusion
PHPBB Module SupaNav 1.0.0 - (link_main.php) Remote File Inclusion
phpBB Module SupaNav 1.0.0 - (link_main.php) Remote File Inclusion
bwired - 'index.php newsID'SQL Injection
bwired - 'index.php newsID' SQL Injection
CrystalPlayer 1.98 - '.mls'Local Buffer Overflow
CrystalPlayer 1.98 - '.mls' Local Buffer Overflow
PHP123 Top Sites - 'category.php cat'SQL Injection
PHP123 Top Sites - 'category.php cat' SQL Injection
Live for Speed S1/S2/Demo - '.mpr replay'Buffer Overflow
Live for Speed S1/S2/Demo - '.mpr replay' Buffer Overflow
Microsoft Visual 6 - 'VDT70.dll NotSafe'Stack Overflow
Microsoft Visual 6 - 'VDT70.dll NotSafe' Stack Overflow
Live for Speed S1/S2/Demo - '.ply'Buffer Overflow
Live for Speed S1/S2/Demo - '.spr'Buffer Overflow
CartWeaver - 'Details.cfm ProdID'SQL Injection
Prozilla Pub Site Directory - 'directory.php cat'SQL Injection
Live for Speed S1/S2/Demo - '.ply' Buffer Overflow
Live for Speed S1/S2/Demo - '.spr' Buffer Overflow
CartWeaver - 'Details.cfm ProdID' SQL Injection
Prozilla Pub Site Directory - 'directory.php cat' SQL Injection
Prozilla Webring Website Script - 'category.php cat'SQL Injection
Prozilla Webring Website Script - 'category.php cat' SQL Injection
GetMyOwnArcade - 'search.php query'SQL Injection
GetMyOwnArcade - 'search.php query' SQL Injection
ProFTPD 1.x (module mod_tls) - Remote Buffer Overflow
ProFTPd 1.x (module mod_tls) - Remote Buffer Overflow
Sisfo Kampus 2006 - 'dwoprn.php f'Remote File Download
Sisfo Kampus 2006 - 'dwoprn.php f' Remote File Download
Gelato - 'index.php post'SQL Injection
Gelato - 'index.php post' SQL Injection
modifyform - 'modifyform.html'Remote File Inclusion
modifyform - 'modifyform.html' Remote File Inclusion
phpBB Plus 1.53 - (phpbb_root_path) Remote File Inclusion
phpBB Plus 1.53 - (phpBB_root_path) Remote File Inclusion
Black Lily 2007 - 'products.php class'SQL Injection
Black Lily 2007 - 'products.php class' SQL Injection
PHPBB Mod OpenID 0.2.0 - BBStore.php Remote File Inclusion
phpBB Mod OpenID 0.2.0 - BBStore.php Remote File Inclusion
wzdftpd 0.8.0 - (USER) Remote Denial of Service
WzdFTPD 0.8.0 - (USER) Remote Denial of Service
Solaris 10 - x86/sparc sysinfo Kernel Memory Disclosure Exploit
Solaris - fifofs I_PEEK Kernel Memory Disclosure Exploit (x86/sparc)
Solaris 10 (sparc/x86) - sysinfo Kernel Memory Disclosure Exploit
Solaris (sparc/x86) - fifofs I_PEEK Kernel Memory Disclosure Exploit
Mcms Easy Web Make - 'index.php template'Local File Inclusion
Mcms Easy Web Make - 'index.php template' Local File Inclusion
MOG-WebShop - 'index.php group'SQL Injection
MOG-WebShop - 'index.php group' SQL Injection
ClipShare - 'uprofile.php UID'SQL Injection
ClipShare - 'uprofile.php UID' SQL Injection
samPHPweb - 'db.php commonpath'Remote File Inclusion
samPHPweb - 'db.php commonpath' Remote File Inclusion
RichStrong CMS - 'showproduct.asp cat'SQL Injection
RichStrong CMS - 'showproduct.asp cat' SQL Injection
Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.dsr'File Handling Buffer Overflow Exploit
Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.dsr' File Handling Buffer Overflow Exploit
IrfanView 4.10 - '.fpx'Memory Corruption Exploit
IrfanView 4.10 - '.fpx' Memory Corruption Exploit
Fully Modded PHPBB - 'kb.php' SQL Injection
Fully Modded phpBB - 'kb.php' SQL Injection
ASPapp - 'links.asp CatId'SQL Injection
ASPapp - 'links.asp CatId' SQL Injection
HIS-Webshop - 'his-webshop.pl t'Remote File Disclosure
HIS-Webshop - 'his-webshop.pl t' Remote File Disclosure
Easynet Forum Host - 'forum.php forum'SQL Injection
Easynet Forum Host - 'forum.php forum' SQL Injection
Blog PixelMotion - 'index.php categorie'SQL Injection
Blog PixelMotion - 'index.php categorie' SQL Injection
Prozilla Forum Service - 'forum.php forum'SQL Injection
Prozilla Forum Service - 'forum.php forum' SQL Injection
Ksemail - 'index.php language'Local File Inclusion
Ksemail - 'index.php language' Local File Inclusion
RX Maxsoft - 'popup_img.php fotoID'SQL Injection
RX Maxsoft - 'popup_img.php fotoID' SQL Injection
Apartment Search Script - 'listtest.php r'SQL Injection
Apartment Search Script - 'listtest.php r' SQL Injection
Jokes Site Script - 'jokes.php?catagorie'SQL Injection
Jokes Site Script - 'jokes.php?catagorie' SQL Injection
Anserv Auction XL - 'viewfaqs.php cat'SQL Injection
Anserv Auction XL - 'viewfaqs.php cat' SQL Injection
fipsCMS - 'print.asp lg'SQL Injection
fipsCMS - 'print.asp lg' SQL Injection
PostcardMentor - 'step1.asp cat_fldAuto'SQL Injection
PostcardMentor - 'step1.asp cat_fldAuto' SQL Injection
HispaH Model Search - 'cat.php cat'SQL Injection
HispaH Model Search - 'cat.php cat' SQL Injection
EMO Realty Manager - 'news.php ida'SQL Injection
The Real Estate Script - 'dpage.php docID'SQL Injection
EMO Realty Manager - 'news.php ida' SQL Injection
The Real Estate Script - 'dpage.php docID' SQL Injection
GLLCTS2 - 'listing.php sort'Blind SQL Injection
GLLCTS2 - 'listing.php sort' Blind SQL Injection
PHPMyCart - 'shop.php cat'SQL Injection
PHPMyCart - 'shop.php cat' SQL Injection
BaSiC-CMS - 'index.php r'SQL Injection
BaSiC-CMS - 'index.php r' SQL Injection
Mybizz-Classifieds - 'index.php cat'SQL Injection
Mybizz-Classifieds - 'index.php cat' SQL Injection
Carscripts Classifieds - 'index.php cat'SQL Injection
BoatScripts Classifieds - 'index.php type'SQL Injection
Carscripts Classifieds - 'index.php cat' SQL Injection
BoatScripts Classifieds - 'index.php type' SQL Injection
RSS-Aggregator - 'display.php path'Remote File Inclusion
RSS-Aggregator - 'display.php path' Remote File Inclusion
MyBlog: PHP and MySQL Blog/CMS software - SQL / Cross-Site Scripting
MyBlog: PHP and MySQL Blog/CMS software - SQL Injection / Cross-Site Scripting
CodeDB - 'list.php lang'Local File Inclusion
CodeDB - 'list.php lang' Local File Inclusion
HRS Multi - 'picture_pic_bv.asp key'Blind SQL Injection
HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection
MojoPersonals - 'mojoClassified.cgi mojo'Blind SQL Injection
MojoJobs - 'mojoJobs.cgi mojo'Blind SQL Injection
MojoAuto - 'mojoAuto.cgi mojo'Blind SQL Injection
MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection
MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection
MojoAuto - 'mojoAuto.cgi mojo' Blind SQL Injection
Youtuber Clone - 'ugroups.php UID'SQL Injection
Youtuber Clone - 'ugroups.php UID' SQL Injection
ZeeReviews - 'comments.php ItemID'SQL Injection
ZeeReviews - 'comments.php ItemID' SQL Injection
Acoustica Beatcraft 1.02 Build 19 - '.bcproj'Local Buffer Overflow Exploit
Acoustica Beatcraft 1.02 Build 19 - '.bcproj' Local Buffer Overflow Exploit
Living Local Website - 'listtest.php r'SQL Injection
Living Local Website - 'listtest.php r' SQL Injection
AWStats Totals - 'AWStatstotals.php sort'Remote Code Execution Exploit
AWStats Totals - 'AWStatstotals.php sort' Remote Code Execution Exploit
Pre Real Estate Listings - 'search.php c'SQL Injection
Pre Real Estate Listings - 'search.php c' SQL Injection
Hotel reservation System - 'city.asp city'Blind SQL Injection
Hotel reservation System - 'city.asp city' Blind SQL Injection
Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - '.forward'Local Denial of Service
Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - '.forward' Local Denial of Service
Availscript Article Script - 'view.php v'SQL Injection
Availscript Article Script - 'view.php v' SQL Injection
JETIK-WEB Software - 'sayfa.php kat'SQL Injection
JETIK-WEB Software - 'sayfa.php kat' SQL Injection
Microsoft Windows GDI+ - '.ico'Remote Division By Zero Exploit
Microsoft Windows GDI+ - '.ico' Remote Division By Zero Exploit
ArabCMS - 'rss.php rss'Local File Inclusion
ArabCMS - 'rss.php rss' Local File Inclusion
Easynet4u faq Host - 'faq.php faq'SQL Injection
Easynet4u faq Host - 'faq.php faq' SQL Injection
Real Estate Scripts 2008 - 'index.php cat'SQL Injection
Real Estate Scripts 2008 - 'index.php cat' SQL Injection
RaidenFTPD 2.4 build 3620 - Remote Denial of Service
RaidenFTPd 2.4 build 3620 - Remote Denial of Service
XOOPS Module xhresim - 'index.php no'SQL Injection
XOOPS Module xhresim - 'index.php no' SQL Injection
Solaris 9 - [UltraSPARC] sadmind Remote Root Exploit
Solaris 9 (UltraSPARC) - sadmind Remote Root Exploit
DorsaCMS - 'ShowPage.aspx'SQL Injection
YDC - 'kdlist.php cat'SQL Injection
DorsaCMS - 'ShowPage.aspx' SQL Injection
YDC - 'kdlist.php cat' SQL Injection
Aj RSS Reader - 'EditUrl.php url'SQL Injection
Aj RSS Reader - 'EditUrl.php url' SQL Injection
Aiocp 1.4 - (poll_id) SQL Injection
AIOCP 1.4 - 'poll_id' SQL Injection
SFS EZ Auction - 'viewfaqs.php cat'Blind SQL Injection
SFS EZ Career - 'content.php topic'SQL Injection
SFS EZ Top Sites - 'topsite.php ts'SQL Injection
SFS EZ Auction - 'viewfaqs.php cat' Blind SQL Injection
SFS EZ Career - 'content.php topic' SQL Injection
SFS EZ Top Sites - 'topsite.php ts' SQL Injection
SFS EZ Pub Site - 'directory.php cat'SQL Injection
SFS EZ Pub Site - 'directory.php cat' SQL Injection
AJ ARTICLE - 'featured_article.php mode'SQL Injection
AJ ARTICLE - 'featured_article.php mode' SQL Injection
YourFreeWorld Shopping Cart - 'index.php c'Blind SQL Injection
Maran PHP Shop - 'prod.php cat'SQL Injection
YourFreeWorld Shopping Cart - 'index.php c' Blind SQL Injection
Maran PHP Shop - 'prod.php cat' SQL Injection
PHP Auto Listings - 'moreinfo.php pg'SQL Injection
PHP Auto Listings - 'moreinfo.php pg' SQL Injection
VLC Media Player < 0.9.6 - '.rt'Stack Buffer Overflow
VLC Media Player < 0.9.6 - '.rt' Stack Buffer Overflow
Minigal b13 - 'index.php list'Remote File Disclosure Exploit
Minigal b13 - 'index.php list' Remote File Disclosure Exploit
VCalendar - 'VCalendar.mdb'Remote Database Disclosure
VCalendar - 'VCalendar.mdb' Remote Database Disclosure
VideoGirls BiZ - 'view_snaps.php type'Blind SQL Injection
VideoGirls BiZ - 'view_snaps.php type' Blind SQL Injection
ParsBlogger - 'blog.asp wr'SQL Injection
ParsBlogger - 'blog.asp wr' SQL Injection
BaSiC-CMS - 'acm2000.mdb'Remote Database Disclosure
BaSiC-CMS - 'acm2000.mdb' Remote Database Disclosure
cpCommerce 1.2.6 - (URL Rewrite) Input variable overwrite / Authentication Bypass
Cain & Abel 4.9.24 - '.rdp'Stack Overflow
cpCommerce 1.2.6 - (URL Rewrite) Input Variable overwrite / Authentication Bypass
Cain & Abel 4.9.24 - '.rdp' Stack Overflow
Ocean12 Mailing List Manager Gold - DD / SQL / Cross-Site Scripting
Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
Cain & Abel 4.9.23 - '.rdp'Buffer Overflow Exploit
Cain & Abel 4.9.23 - '.rdp' Buffer Overflow Exploit
User Engine Lite ASP - 'users.mdb'Database Disclosure
User Engine Lite ASP - 'users.mdb' Database Disclosure
Easy News Content Management - 'News.mdb'Database Disclosure
Easy News Content Management - 'News.mdb' Database Disclosure
RankEm - 'rankup.asp siteID'SQL Injection
RankEm - 'rankup.asp siteID' SQL Injection
Cold BBS - 'cforum.mdb'Remote Database Disclosure
Cold BBS - 'cforum.mdb' Remote Database Disclosure
ASP PORTAL - 'xportal.mdb'Remote Database Disclosure
ASP PORTAL - 'xportal.mdb' Remote Database Disclosure
Webmaster Marketplace - 'member.php u'SQL Injection
Webmaster Marketplace - 'member.php u' SQL Injection
CF_Calendar - 'calendarevent.cfm'SQL Injection
CF_Calendar - 'calendarevent.cfm' SQL Injection
CFMBLOG - 'index.cfm categorynbr'Blind SQL Injection
CFMBLOG - 'index.cfm categorynbr' Blind SQL Injection
MyCal Personal Events Calendar - 'mycal.mdb'Database Disclosure
MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure
ASPired2Quote - 'quote.mdb'Remote Database Disclosure
ASPired2Quote - 'quote.mdb' Remote Database Disclosure
CodeAvalanche FreeForum - 'CAForum.mdb'Database Disclosure
CodeAvalanche FreeForum - 'CAForum.mdb' Database Disclosure
CodeAvalanche Directory - 'CADirectory.mdb'Database Disclosure
CodeAvalanche FreeForAll - 'CAFFAPage.mdb'Database Disclosure
CodeAvalanche Directory - 'CADirectory.mdb' Database Disclosure
CodeAvalanche FreeForAll - 'CAFFAPage.mdb' Database Disclosure
CodeAvalanche Articles - 'CAArticles.mdb'Database Disclosure
CodeAvalanche RateMySite - 'CARateMySite.mdb'Database Disclosure
CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure
CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure
CFAGCMS 1 - 'right.php title'SQL Injection
CFAGCMS 1 - 'right.php title' SQL Injection
click&rank - SQL / Cross-Site Scripting
click&rank - SQL Injection / Cross-Site Scripting
Liberum Help Desk 0.97.3 - SQL / DD
Liberum Help Desk 0.97.3 - SQL Injection / File Disclosure
QuickerSite Easy CMS - 'QuickerSite.mdb'Database Disclosure
QuickerSite Easy CMS - 'QuickerSite.mdb' Database Disclosure
MyPHPsite - 'index.php mod'Local File Inclusion
MyPHPsite - 'index.php mod' Local File Inclusion
MyPBS - 'index.php seasonID'SQL Injection
MyPBS - 'index.php seasonID' SQL Injection
Extract Website - 'download.php filename'File Disclosure
Extract Website - 'download.php filename' File Disclosure
CoolPlayer 2.19 - '.Skin'Local Buffer Overflow
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
Sepcity Shopping Mall - 'shpdetails.asp ID'SQL Injection
Sepcity Lawyer Portal - 'deptdisplay.asp ID'SQL Injection
Sepcity Shopping Mall - 'shpdetails.asp ID' SQL Injection
Sepcity Lawyer Portal - 'deptdisplay.asp ID' SQL Injection
Sepcity Classified - 'classdis.asp ID'SQL Injection
Sepcity Classified - 'classdis.asp ID' SQL Injection
Ayemsis Emlak Pro - 'acc.mdb'Database Disclosure
Ayemsis Emlak Pro - 'acc.mdb' Database Disclosure
VUPlayer 2.49 - '.wax'Local Buffer Overflow
VUPlayer 2.49 - '.wax' Local Buffer Overflow
BlogHelper - 'common_db.inc'Remote Config File Disclosure
PollHelper - 'poll.inc'Remote Config File Disclosure
BlogHelper - 'common_db.inc' Remote Config File Disclosure
PollHelper - 'poll.inc' Remote Config File Disclosure
Audacity 1.6.2 - '.aup'Remote Off-by-One Crash Exploit
Audacity 1.6.2 - '.aup' Remote Off-by-One Crash Exploit
QuoteBook - 'poll.inc'Remote Config File Disclosure
QuoteBook - 'poll.inc' Remote Config File Disclosure
XOOPS Module tadbook2 - 'open_book.php book_sn'SQL Injection
XOOPS Module tadbook2 - 'open_book.php book_sn' SQL Injection
Social Engine - 'browse_classifieds.php s'SQL Injection
Social Engine - 'browse_classifieds.php s' SQL Injection
Realtor 747 - 'define.php INC_DIR'Remote File Inclusion
Realtor 747 - 'define.php INC_DIR' Remote File Inclusion
OTSTurntables 1.00.027 - '.ofl'Local Stack Overflow
OTSTurntables 1.00.027 - '.ofl' Local Stack Overflow
SCMS 1 - 'index.php p'Local File Inclusion
SCMS 1 - 'index.php p' Local File Inclusion
Graugon Gallery 1.0 - Cross-Site Scripting / SQL / Cookie Bypass
Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass
Baran CMS 1.0 - Arbitrary ASP File Upload / DB / SQL / Cross-Site Scripting / CM
Baran CMS 1.0 - Arbitrary ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / CM
pHNews Alpha 1 - 'header.php mod'SQL Injection
pHNews Alpha 1 - 'header.php mod' SQL Injection
i-dreams GB Server - 'admin.dat'File Disclosure
i-dreams GB Server - 'admin.dat' File Disclosure
VUplayer 2.49 - '.cue'Local Buffer Overflow
VUplayer 2.49 - '.cue' Local Buffer Overflow
VUPlayer 2.49 - '.cue'Universal Buffer Overflow
VUPlayer 2.49 - '.cue' Universal Buffer Overflow
Chasys Media Player 1.1 - '.cue'Stack Overflow
Chasys Media Player 1.1 - '.cue' Stack Overflow
Chasys Media Player - '.lst Playlist'Local Buffer Overflow
Chasys Media Player - '.lst Playlist' Local Buffer Overflow
BS.Player 2.34 - '.bsl'Universal SEH Overwrite
BS.Player 2.34 - '.bsl' Universal SEH Overwrite
POP Peeper 3.4.0.0 - '.eml'Universal SEH Overwrite
POP Peeper 3.4.0.0 - '.eml' Universal SEH Overwrite
Abee Chm Maker 1.9.5 - '.CMP'Stack Overflow
Abee Chm Maker 1.9.5 - '.CMP' Stack Overflow
ActiveKB Knowledgebase - 'loadpanel.php Panel'Local File Inclusion
ActiveKB Knowledgebase - 'loadpanel.php Panel' Local File Inclusion
ftpdmin 0.96 - RNFR Remote Buffer Overflow (xp sp3/case study)
FTPDMIN 0.96 - RNFR Remote Buffer Overflow (xp sp3/case study)
ftpdmin 0.96 - Arbitrary File Disclosure Exploit
FTPDMIN 0.96 - Arbitrary File Disclosure Exploit
Jamroom - 'index.php t'Local File Inclusion
Jamroom - 'index.php t' Local File Inclusion
W2B phpEmployment - 'conf.inc'File Disclosure
W2B phpEmployment - 'conf.inc' File Disclosure
phpAdBoard - 'conf.inc'Remote Config File Disclosure
phpGreetCards - 'conf.inc'Config File Disclosure
phpAdBoard - 'conf.inc' Remote Config File Disclosure
phpGreetCards - 'conf.inc' Config File Disclosure
phpAdBoardPro - 'config.inc'Config File Disclosure
phpDatingClub - 'conf.inc'File Disclosure
Job2C - 'conf.inc'Config File Disclosure
phpAdBoardPro - 'config.inc' Config File Disclosure
phpDatingClub - 'conf.inc' File Disclosure
Job2C - 'conf.inc' Config File Disclosure
Star Downloader Free 1.45 - '.dat'Universal SEH Overwrite
Star Downloader Free 1.45 - '.dat' Universal SEH Overwrite
Destiny Media Player 1.61 - '.rdl'Local Buffer Overflow
Destiny Media Player 1.61 - '.rdl' Local Buffer Overflow
Thickbox Gallery 2 - 'index.php ln'Local File Inclusion
Thickbox Gallery 2 - 'index.php ln' Local File Inclusion
Symantec Fax Viewer Control 10 - 'DCCFAXVW.DLL'Remote Buffer Overflow Exploit
Symantec Fax Viewer Control 10 - 'DCCFAXVW.dll' Remote Buffer Overflow Exploit
Mercury Audio Player 1.21 - '.b4s'Local Stack Overflow
Mercury Audio Player 1.21 - '.b4s' Local Stack Overflow
RM Downloader - '.smi'Local Stack Overflow
RM Downloader - '.smi' Local Stack Overflow
RM Downloader - '.smi'Universal Local Buffer Overflow
RM Downloader - '.smi' Universal Local Buffer Overflow
RM Downloader 3.0.0.9 - '.RAM'Local Buffer Overflow
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM'Buffer Overflow
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.asx HREF'Local Buffer Overflow Exploit
Mini-stream Ripper 3.0.1.1 - '.RAM'Local Buffer Overflow
RM Downloader 3.0.0.9 - '.RAM' Local Buffer Overflow
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM' Buffer Overflow
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.asx HREF' Local Buffer Overflow Exploit
Mini-stream Ripper 3.0.1.1 - '.RAM' Local Buffer Overflow
Mini-stream RM-MP3 Converter 3.0.0.7 - '.RAM'Local Buffer Overflow Exploit
Mini-stream RM-MP3 Converter 3.0.0.7 - '.RAM' Local Buffer Overflow Exploit
MPLAB IDE 8.30 - '.mcp'Universal Seh Overwrite
MPLAB IDE 8.30 - '.mcp' Universal Seh Overwrite
Pinnacle Studio 12 - '.hfz'Directory Traversal
Pinnacle Studio 12 - '.hfz' Directory Traversal
COWON America jetCast 2.0.4.1109 - '.mp3'Local Overflow
COWON America jetCast 2.0.4.1109 - '.mp3' Local Overflow
R2 Newsletter Lite/Pro/Stats - 'admin.mdb'Database Disclosure
R2 Newsletter Lite/Pro/Stats - 'admin.mdb' Database Disclosure
phpDatingClub 3.7 - SQL / Cross-Site Scripting Injection
phpDatingClub 3.7 - SQL Injection / Cross-Site Scripting Injection
ClearContent - 'image.php url'Remote File Inclusion / Local File Inclusion
ClearContent - 'image.php url' Remote File Inclusion / Local File Inclusion
DJ Calendar - 'DJcalendar.cgi TEMPLATE'File Disclosure
DJ Calendar - 'DJcalendar.cgi TEMPLATE' File Disclosure
Icarus 2.0 - '.ICP'Local Stack Overflow Exploit
Icarus 2.0 - '.ICP' Local Stack Overflow Exploit
MixSense 1.0.0.1 DJ Studio - '.mp3'Crash Exploit
MixSense 1.0.0.1 DJ Studio - '.mp3' Crash Exploit
htmldoc 1.8.27.1 - '.html'Universal Stack Overflow
htmldoc 1.8.27.1 - '.html' Universal Stack Overflow
Acoustica MP3 Audio Mixer 2.471 - '.sgp'Crash Exploit
Acoustica MP3 Audio Mixer 2.471 - '.sgp' Crash Exploit
PHP Paid 4 Mail Script - 'paidbanner.php ID'SQL Injection
PHP Paid 4 Mail Script - 'paidbanner.php ID' SQL Injection
Microsoft Windows XP - 'win32k.sys'Privilege Escalation
Microsoft Windows XP - 'win32k.sys' Privilege Escalation
Portel 2008 - 'decide.php patron'Blind SQL Injection
Portel 2008 - 'decide.php patron' Blind SQL Injection
Microsoft Windows 2003 - '.EOT'BSOD Crash Exploit
Microsoft Windows 2003 - '.EOT' BSOD Crash Exploit
THOMSON ST585 - 'user.ini'Arbitrary Download
THOMSON ST585 - 'user.ini' Arbitrary Download
PHP Email Manager - 'remove.php ID'SQL Injection
PHP Email Manager - 'remove.php ID' SQL Injection
WAR-FTPD 1.65 - (MKD/CD Requests) Denial of Service
War-FTPD 1.65 - (MKD/CD Requests) Denial of Service
EMO Breader Manager - 'video.php movie'SQL Injection
EMO Breader Manager - 'video.php movie' SQL Injection
Invisible Browsing 5.0.52 - '.ibkey'Local Buffer Overflow
Invisible Browsing 5.0.52 - '.ibkey' Local Buffer Overflow
HotWeb Rentals - 'details.asp PropId'Blind SQL Injection
HotWeb Rentals - 'details.asp PropId' Blind SQL Injection
Blender 2.34 / 2.35a / 2.4 / 2.49b - '.blend'Command Injection
Blender 2.34 / 2.35a / 2.4 / 2.49b - '.blend' Command Injection
Blender 2.49b - '.blend'Remote Command Execution
Blender 2.49b - '.blend' Remote Command Execution
Aiocp 1.4.001 - File Inclusion
AIOCP 1.4.001 - File Inclusion
BibTeX - '.bib'File Handling Memory Corruption
BibTeX - '.bib' File Handling Memory Corruption
PHP 5.0.0 - domxml_open_file() Local Denial of Service
PHP 5.0.0 - 'domxml_open_file()' Local Denial of Service
PHP 5.0.0 - simplexml_load_file() Local Denial of Service
PHP 5.0.0 - 'simplexml_load_file()' Local Denial of Service
MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack-Based Buffer Overflows
MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows
Audacity 1.2.6 - '.gro'Buffer Overflow
Audacity 1.2.6 - '.gro' Buffer Overflow
gAlan - '.galan'Universal Buffer Overflow
gAlan - '.galan' Universal Buffer Overflow
ASPGuest - 'edit.asp ID'Blind SQL Injection
Smart ASPad - 'campaignEdit.asp CCam'Blind SQL Injection
ASPGuest - 'edit.asp ID' Blind SQL Injection
Smart ASPad - 'campaignEdit.asp CCam' Blind SQL Injection
dblog - 'dblog.mdb'Remote Database Disclosure
dblog - 'dblog.mdb' Remote Database Disclosure
PHP 5.0.0 - xmldocfile() Local Denial of Service
PHP 5.0.0 - 'xmldocfile()' Local Denial of Service
Apollo Player 37.0.0.0 - '.aap'Buffer Overflow Denial of Service
Apollo Player 37.0.0.0 - '.aap' Buffer Overflow Denial of Service
OpenOffice - '.slk'Parsing Null Pointer
OpenOffice - '.slk' Parsing Null Pointer
crownweb - 'page.cfm'SQL Injection
crownweb - 'page.cfm' SQL Injection
OtsTurntables Free 1.00.047 - '.olf'Universal Buffer Overflow
OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow
Windows Media Player 11.0.5721.5145 - '.mpg'Buffer Overflow
Windows Media Player 11.0.5721.5145 - '.mpg' Buffer Overflow
Orbital Viewer 1.04 - '.orb'Local Universal SEH Overflow
Orbital Viewer 1.04 - '.orb' Local Universal SEH Overflow
iPhone / iTouch FTPDisc 1.0 3 - ExploitsInOne Buffer Overflow Denial of Service
iPhone / iTouch FtpDisc 1.0 3 - ExploitsInOne Buffer Overflow Denial of Service
JAD java decompiler 1.5.8g - '.class'Stack Overflow Denial of Service
JAD java decompiler 1.5.8g - '.class' Stack Overflow Denial of Service
Media Player 6.4.9.1 with K-Lite Codec Pack - Denial of Service/Crash '.avi'
Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' Denial of Service/Crash
no$gba 2.5c - '.nds'Local crash
no$gba 2.5c - '.nds' Local crash
Xilisoft Blackberry Ring Tone Maker - '.wma'Local Crash
Xilisoft Blackberry Ring Tone Maker - '.wma' Local Crash
Dualis 20.4 - '.bin'Local Daniel Of Service
Dualis 20.4 - '.bin' Local Daniel Of Service
DSEmu 0.4.10 - '.nds'Local Crash Exploit
DSEmu 0.4.10 - '.nds' Local Crash Exploit
MP3 Wav Editor 3.80 - '.mp3'Local Denial of Service
MP3 Wav Editor 3.80 - '.mp3' Local Denial of Service
FontForge - .BDF Font File Stack-Based Buffer Overflow
FontForge - .BDF Font File Stack Based Buffer Overflow
Dolphin 2.0 - '.elf'Local Daniel Of Service
Dolphin 2.0 - '.elf' Local Daniel Of Service
e-webtech - 'new.asp?id='SQL Injection
e-webtech - 'new.asp?id=' SQL Injection
SmallFTPD FTP Server 1.0.3 - DELE Command Denial of Service
SmallFTPd FTP Server 1.0.3 - DELE Command Denial of Service
RahnemaCo - page.php PageID Remote File Inclusion
RahnemaCo - 'page.php' PageID Remote File Inclusion
goffgrafix - Design's SQL Injection
goffgrafix - Design's - SQL Injection
Spaceacre - SQL / Cross-Site Scripting / HTML Injection
Spaceacre - SQL Injection / Cross-Site Scripting / HTML Injection
ZipExplorer 7.0 - '.zar'Denial of Service
ZipExplorer 7.0 - '.zar' Denial of Service
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation
iOS - Version-independent shellcode
iOS - Version-independent Shellcode
Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 shellcode
Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 Shellcode
Win32 - SEH omelet shellcode
Win32 - SEH omelet Shellcode
Win32 - Connectback_ receive_ save and execute shellcode
Win32 - Connectback_ receive_ save and execute Shellcode
Windows XP - download and exec source shellcode
Windows XP - download and exec source Shellcode
Win32 XP SP3 - ShellExecuteA shellcode
Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) shellcode
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 shellcode
Win32 XP SP3 - ShellExecuteA Shellcode
Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) Shellcode
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 Shellcode
Win32 - JITed stage-0 shellcode
Win32 - JITed stage-0 Shellcode
Windows - JITed egg-hunter stage-0 shellcode
Windows - JITed egg-hunter stage-0 Shellcode
Linux/x86 - nc -lvve/bin/sh -p13377 shellcode
Linux/x86 - nc -lvve/bin/sh -p13377 Shellcode
Corel VideoStudio Pro X3 - '.mp4'Buffer Overflow
Corel VideoStudio Pro X3 - '.mp4' Buffer Overflow
Boat Classifieds - 'printdetail.asp?Id'SQL Injection
Boat Classifieds - 'printdetail.asp?Id' SQL Injection
PHPBB MOD 2.0.19 - Invitation Only (PassCode Bypass)
phpBB MOD 2.0.19 - Invitation Only (PassCode Bypass)
SnoGrafx - 'cat.php?cat'SQL Injection
SnoGrafx - 'cat.php?cat' SQL Injection
Mediacoder 0.7.5.4710 - 'Universal' SEH Buffer Overflow
Mediacoder 0.7.5.4710 - ' Universal' SEH Buffer Overflow
PlayPad Music Player 1.12 - '.mp3'Denial of Service
PlayPad Music Player 1.12 - '.mp3' Denial of Service
Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscal'l Emulation Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscall' Emulation Privilege Escalation
xt:Commerce Gambio 2008 - 2010 - ERROR Based SQL Injection 'reviews.php'
xt:Commerce Gambio 2008 < 2010 - 'reviews.php' ERROR Based SQL Injection
CuteNews - 'index.php?page'Local File Inclusion
CuteNews - 'index.php?page' Local File Inclusion
Hanso Converter 1.4.0 - '.ogg'Denial of Service
Hanso Converter 1.4.0 - '.ogg' Denial of Service
ARM - Bindshell port 0x1337 shellcode
ARM - Bind Connect UDP Port 68 shellcode
ARM - Loader Port 0x1337 shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode
ARM - Bindshell port 0x1337 Shellcode
ARM - Bind Connect UDP Port 68 Shellcode
ARM - Loader Port 0x1337 Shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode
SmallFTPD 1.0.3 - Remote Directory Traversal
SmallFTPd 1.0.3 - Remote Directory Traversal
HtaEdit 3.2.3.0 - '.hta'Buffer Overflow
HtaEdit 3.2.3.0 - '.hta' Buffer Overflow
ProFTPD IAC 1.3.x - Remote Root Exploit
ProFTPd IAC 1.3.x - Remote Root Exploit
VbsEdit 4.7.2.0 - '.vbs'Buffer Overflow
Power Audio Editor 7.4.3.230 - '.cda'Denial of Service
VbsEdit 4.7.2.0 - '.vbs' Buffer Overflow
Power Audio Editor 7.4.3.230 - '.cda' Denial of Service
Sitefinity CMS - 'ASP.NET'Arbitrary File Upload
Sitefinity CMS - 'ASP.NET' Arbitrary File Upload
Native Instruments Traktor Pro 1.2.6 - Stack-based Buffer Overflow
Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow
ProFTPD 1.3.3c - Compromised Source Remote Root Trojan
ProFTPd 1.3.3c - Compromised Source Remote Root Trojan
Dejcom Market CMS - 'showbrand.aspx'SQL Injection
Dejcom Market CMS - 'showbrand.aspx' SQL Injection
Aesop GIF Creator 2.1 - '.aep'Buffer Overflow
Aesop GIF Creator 2.1 - '.aep' Buffer Overflow
Apple iPhone Safari - 'JS .'Remote Crash
Apple iPhone Safari - 'JS .' Remote Crash
Microsoft Windows Fax Services Cover Page Editor - '.cov'Memory Corruption
Microsoft Windows Fax Services Cover Page Editor - '.cov' Memory Corruption
Win32 - speaking shellcode
Win32 - speaking Shellcode
ProFTPD mod_sftp - Integer Overflow Denial of Service (PoC)
ProFTPd mod_sftp - Integer Overflow Denial of Service (PoC)
BWMeter 5.4.0 - '.csv'Denial of Service
BWMeter 5.4.0 - '.csv' Denial of Service
Magic Music Editor - '.cda'Denial of Service
Magic Music Editor - '.cda' Denial of Service
wu-ftpd - SITE EXEC/INDEX Format String
WU-FTPD - SITE EXEC/INDEX Format String
Samba - trans2open Overflow (Solaris SPARC)
Samba (Solaris SPARC) - trans2open Overflow
FreeFTPd 1.0.10 - Key Exchange Algorithm String Buffer Overflow
freeFTPd 1.0.10 - Key Exchange Algorithm String Buffer Overflow
Microsoft IIS 4.0 - '.htr'Path Overflow
Microsoft IIS 4.0 - '.htr' Path Overflow
VariCAD 2010-2.05 EN - '.DWB'Stack Buffer Overflow
VariCAD 2010-2.05 EN - '.DWB' Stack Buffer Overflow
AOL 9.5 - Phobos.Playlist Import() Stack-based Buffer Overflow
AOL 9.5 - Phobos.Playlist Import() Stack Based Buffer Overflow
ProFTPD 1.3.2rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow
ProFTPD 1.2 < 1.3.0 (Linux) - sreplace Buffer Overflow
ProFTPd 1.3.2rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow
ProFTPd 1.2 < 1.3.0 (Linux) - sreplace Buffer Overflow
ProFTPD 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow
ProFTPd 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow
PHPBB - viewtopic.php Arbitrary Code Execution
phpBB - viewtopic.php Arbitrary Code Execution
ProFTPD-1.3.3c - Backdoor Command Execution
ProFTPd-1.3.3c - Backdoor Command Execution
ABBS Electronic Flash Cards 2.1 - '.fcd'Buffer Overflow
ABBS Electronic Flash Cards 2.1 - '.fcd' Buffer Overflow
VeryTools Video Spirit Pro 1.70 - '.visprj'Buffer Overflow
VeryTools Video Spirit Pro 1.70 - '.visprj' Buffer Overflow
Wordtrainer 3.0 - '.ord'Buffer Overflow
Wordtrainer 3.0 - '.ord' Buffer Overflow
PlaylistMaker 1.5 - '.txt'Buffer Overflow
PlaylistMaker 1.5 - '.txt' Buffer Overflow
libmodplug 0.8.8.2 - (.abc) Stack-Based Buffer Overflow (PoC)
libmodplug 0.8.8.2 - (.abc) Stack Based Buffer Overflow (PoC)
MJM QuickPlayer 1.00 Beta 60a / QuickPlayer 2010 - '.s3m'Stack Buffer Overflow
MJM Core Player 2011 - '.s3m'Stack Buffer Overflow
MJM QuickPlayer 1.00 Beta 60a / QuickPlayer 2010 - '.s3m' Stack Buffer Overflow
MJM Core Player 2011 - '.s3m' Stack Buffer Overflow
Magix Musik Maker 16 - '.mmm'Stack Buffer Overflow
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow
Smallftpd 1.0.3 FTP Server - Denial of Service
SmallFTPd 1.0.3 FTP Server - Denial of Service
FreeAmp 2.0.7 - '.fat'Buffer Overflow
FreeAmp 2.0.7 - '.fat' Buffer Overflow
VSFTPD 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 - Backdoor Command Execution
OS-X - Universal ROP shellcode
OS-X - Universal ROP Shellcode
Citrix XenApp / XenDesktop - Stack-Based Buffer Overflow
Citrix XenApp / XenDesktop - Stack Based Buffer Overflow
World Of Warcraft - 'chat-cache.txt'Local Stack Overflow Denial of Service
World Of Warcraft - 'chat-cache.txt' Local Stack Overflow Denial of Service
Wav Player 1.1.3.6 - '.pll'Buffer Overflow
Wav Player 1.1.3.6 - '.pll' Buffer Overflow
Norman Security Suite 8 - 'nprosec.sys'Privilege Escalation
Norman Security Suite 8 - 'nprosec.sys' Privilege Escalation
Ashampoo Burning Studio Elements 10.0.9 - '.ashprj'Heap Overflow
Ashampoo Burning Studio Elements 10.0.9 - '.ashprj' Heap Overflow
Cytel Studio 9.0 - '.CY3'Stack Buffer Overflow
Cytel Studio 9.0 - '.CY3' Stack Buffer Overflow
Xion Audio Player 1.0.127 - '.aiff'Denial of Service
Xion Audio Player 1.0.127 - '.aiff' Denial of Service
SnackAmp 3.1.3 - '.aiff'Denial of Service
SnackAmp 3.1.3 - '.aiff' Denial of Service
PHP Ticket System Beta 1 - 'index.php p parameter'SQL Injection
PHP Ticket System Beta 1 - 'index.php p parameter' SQL Injection
Nokia PC Suite Video Manager 7.1.180.64 - '.mp4'Denial of Service
Nokia PC Suite Video Manager 7.1.180.64 - '.mp4' Denial of Service
Multimedia Builder 4.9.8 - '.mef'Denial of Service
Multimedia Builder 4.9.8 - '.mef' Denial of Service
Tftpd32 DNS Server 4.00 - Denial of Service
LibreOffice 3.5.3 - '.rtf'FileOpen Crash
TFTPD32 DNS Server 4.00 - Denial of Service
LibreOffice 3.5.3 - '.rtf' FileOpen Crash
Microsoft Wordpad 5.1 - '.doc'Null Pointer Dereference
Microsoft Wordpad 5.1 - '.doc' Null Pointer Dereference
Lattice Semiconductor PAC-Designer 6.21 - '.PAC'Exploit
Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Exploit
wu-ftpd 2.4.2 & SCO Open Server 5.0.5 & ProFTPD 1.2 pre1 - realpath Exploit (1)
wu-ftpd 2.4.2 & SCO Open Server 5.0.5 & ProFTPD 1.2 pre1 - realpath Exploit (2)
WU-FTPD 2.4.2 & SCO Open Server 5.0.5 & ProFTPd 1.2 pre1 - realpath Exploit (1)
WU-FTPD 2.4.2 & SCO Open Server 5.0.5 & ProFTPd 1.2 pre1 - realpath Exploit (2)
ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)
ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)
ProFTPD 1.2 pre6 - snprintf
ProFTPd 1.2 pre6 - snprintf
Washington University wu-ftpd 2.5.0 - message Buffer Overflow
Washington University WU-FTPD 2.5.0 - message Buffer Overflow
GlFtpd 1.17.2 - Exploit
glFTPd 1.17.2 - Exploit
Oracle Outside-In - .LWP File Parsing Stack-Based Buffer Overflow
Oracle Outside-In - .LWP File Parsing Stack Based Buffer Overflow
wu-ftpd 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (1)
wu-ftpd 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (2)
wu-ftpd 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3)
WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (1)
WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (2)
WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3)
Microsoft Indexing Services for Windows 2000/NT 4.0 - '.htw'Cross-Site Scripting
Microsoft Indexing Services for Windows 2000/NT 4.0 - '.htw' Cross-Site Scripting
Microsoft Windows Media Player 7.0 - '.wms'Arbitrary Script
Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script
Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE'
Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Exploit
ProFTPD 1.2 - SIZE Remote Denial of Service
ProFTPd 1.2 - SIZE Remote Denial of Service
Microsoft Windows Media Player 7.0 - '.wmz'Arbitrary Java Applet
Microsoft Windows Media Player 7.0 - '.wmz' Arbitrary Java Applet
wu-ftpd 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion
WU-FTPD 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion
Wu-Ftpd 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String
WU-FTPD 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String
Joe Text Editor 2.8 - '.joerc'Arbitrary Command Execution
Joe Text Editor 2.8 - '.joerc' Arbitrary Command Execution
whitsoft slimserve ftpd 1.0/2.0 - Directory Traversal
WhitSoft slimserve ftpd 1.0/2.0 - Directory Traversal
wu-ftpd 2.4/2.5/2.6 / Trolltech ftpd 1.2 / ProFTPD 1.2 / BeroFTPD 1.3.4 FTP - glob Expansion
WU-FTPD 2.4/2.5/2.6 / Trolltech ftpd 1.2 / ProFTPd 1.2 / BeroFTPD 1.3.4 FTP - glob Expansion
freebsd 4.2-stable ftpd - glob() Buffer Overflow Vulnerabilities
FreeBSD 4.2-stable ftpd - glob() Buffer Overflow Vulnerabilities
raidenftpd 2.1 - Directory Traversal
RaidenFTPd 2.1 - Directory Traversal
AV Arcade Free Edition - 'add_rating.php id parameter'Blind SQL Injection
AV Arcade Free Edition - 'add_rating.php id parameter' Blind SQL Injection
Solaris 2.6/7/8 - SPARC xlock Heap Overflow
Solaris 2.6/7/8 -(SPARC) xlock Heap Overflow
glFTPD 1.x - LIST Denial of Service
glFTPd 1.x - 'LIST' Denial of Service
Wu-Ftpd 2.6 - File Globbing Heap Corruption
WU-FTPD 2.6 - File Globbing Heap Corruption
Joomla RokModule Component - 'index.php module parameter'Blind SQL Injection
Joomla RokModule Component - 'index.php module parameter' Blind SQL Injection
PHPWebsite 0.8.2 - PHP File Include
phpWebSite 0.8.2 - PHP File Include
PHPWebSite 0.8.3 - News Message HTML Injection
phpWebSite 0.8.3 - News Message HTML Injection
PHPWebSite 0.8.3 - article.php Cross-Site Scripting
phpWebSite 0.8.3 - article.php Cross-Site Scripting
PHPBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion
phpBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion
PHPBB 2.0.3 - search.php Cross-Site Scripting
phpBB 2.0.3 - search.php Cross-Site Scripting
ProFTPD 1.2.x - STAT Command Denial of Service
ProFTPd 1.2.x - STAT Command Denial of Service
Joomla Tags - 'index.php tag parameter'SQL Injection
Joomla Tags - 'index.php tag parameter' SQL Injection
Joomla Commedia Plugin - 'index.php task parameter'SQL Injection
Joomla Kunena Component - 'index.php search parameter'SQL Injection
Joomla Commedia Plugin - 'index.php task parameter' SQL Injection
Joomla Kunena Component - 'index.php search parameter' SQL Injection
PHPBB 2.0.3 - privmsg.php SQL Injection
phpBB 2.0.3 - privmsg.php SQL Injection
Joomla Spider Catalog - 'index.php product_id parameter'SQL Injection
Joomla Spider Catalog - 'index.php product_id parameter' SQL Injection
Battleaxe Software BTTLXE Forum - login.asp SQL Injection
Battleaxe Software BTTLXE Forum - 'login.asp' SQL Injection
SudBox Boutique 1.2 - login.php Authentication Bypass
SudBox Boutique 1.2 - 'login.php' Authentication Bypass
friendsinwar FAQ Manager - 'view_faq.php question parameter'SQL Injection
friendsinwar FAQ Manager - 'view_faq.php question parameter' SQL Injection
GuildFTPD 0.999.8 - CWD Command Denial of Service
GuildFTPd 0.999.8 - CWD Command Denial of Service
ProductCart 1.5/1.6/2.0 - login.asp SQL Injection
ProductCart 1.5/1.6/2.0 - 'login.asp' SQL Injection
SmartCMS - 'index.php idx parameter'SQL Injection
SmartCMS - 'index.php idx parameter' SQL Injection
mcrypt 2.6.8 - stack-based Buffer Overflow (PoC)
mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC)
wu-ftpd 2.6.2 - realpath() Off-by-One Buffer Overflow
WU-FTPD 2.6.2 - realpath() Off-by-One Buffer Overflow
wu-ftpd 2.6.2 / 2.6.0 / 2.6.1 - realpath() Off-by-One Buffer Overflow
freeBSD 4.8 - realpath() Off-by-One Buffer Overflow
WU-FTPD 2.6.2 / 2.6.0 / 2.6.1 - realpath() Off-by-One Buffer Overflow
FreeBSD 4.8 - realpath() Off-by-One Buffer Overflow
SmartCMS - 'index.php menuitem parameter'SQL Injection / Cross-Site Scripting
SmartCMS - 'index.php menuitem parameter' SQL Injection / Cross-Site Scripting
FreeFTPD - Remote Authentication Bypass Exploit
freeFTPd - Remote Authentication Bypass Exploit
PHPBB 2.0.6 - URL BBCode HTML Injection
phpBB 2.0.6 - URL BBCode HTML Injection
wzdftpd 0.1 rc5 - Login Remote Denial of Service
ProFTPD 1.2.7/1.2.8 - ASCII File Transfer Buffer Overrun
WzdFTPD 0.1 rc5 - Login Remote Denial of Service
ProFTPd 1.2.7/1.2.8 - ASCII File Transfer Buffer Overrun
PHPBB 2.0.x - profile.php SQL Injection
phpBB 2.0.x - profile.php SQL Injection
PHPBB 2.0.6 - privmsg.php Cross-Site Scripting
phpBB 2.0.6 - privmsg.php Cross-Site Scripting
Sony PC Companion 2.1 - (DownloadURLToFile()) Stack-based Unicode Buffer Overflow
Sony PC Companion 2.1 - (DownloadURLToFile()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Load()) Stack-based Unicode Buffer Overflow
Sony PC Companion 2.1 - (CheckCompatibility()) Stack-based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack-based Unicode Buffer Overflow
SelectSurvey CMS - 'ASP.NET'Arbitrary File Upload
Sony PC Companion 2.1 - (Load()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (CheckCompatibility()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack Based Unicode Buffer Overflow
SelectSurvey CMS - 'ASP.NET' Arbitrary File Upload
MyBB AwayList Plugin - 'index.php id parameter'SQL Injection
MyBB AwayList Plugin - 'index.php id parameter' SQL Injection
SmallFTPD 1.0.3 - Remote Denial of Service
SmallFTPd 1.0.3 - Remote Denial of Service
MyBB - 'editpost.php posthash'SQL Injection
Joomla Spider Calendar - 'index.php date parameter'Blind SQL Injection
MyBB - 'editpost.php posthash' SQL Injection
Joomla Spider Calendar - 'index.php date parameter' Blind SQL Injection
Phorum 3.x - login.php HTTP_REFERER Cross-Site Scripting
Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting
PHPBB 1.x/2.0.x - search.php Search_Results Parameter SQL Injection
phpBB 1.x/2.0.x - search.php Search_Results Parameter SQL Injection
Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'Exploit
Inmatrix Ltd. Zoom Player 8.5 - '.jpeg' Exploit
PHPBB 2.0.x - album_portal.php Remote File Inclusion
phpBB 2.0.x - album_portal.php Remote File Inclusion
PHPBB 2.0.x - viewtopic.php PHP Script Injection
phpBB 2.0.x - viewtopic.php PHP Script Injection
JShop E-Commerce Suite 3.0 - page.php Cross-Site Scripting
JShop E-Commerce Suite 3.0 - 'page.php' Cross-Site Scripting
NullSoft Winamp 2-5 - '.wsz'Remote Code Execution
NullSoft Winamp 2-5 - '.wsz' Remote Code Execution
phpWebsite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting
phpWebSite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting
Scripts Genie Gallery Personals - 'gallery.php L parameter'SQL Injection
Scripts Genie Gallery Personals - 'gallery.php L parameter' SQL Injection
Scripts Genie Domain Trader - 'catalog.php id parameter'SQL Injection
Scripts Genie Domain Trader - 'catalog.php id parameter' SQL Injection
Scripts Genie Games Site Script - 'index.php id parameter'SQL Injection
Scripts Genie Games Site Script - 'index.php id parameter' SQL Injection
Photodex ProShow Producer 5.0.3297 - '.pxs'Memory Corruption Exploit
Photodex ProShow Producer 5.0.3297 - '.pxs' Memory Corruption Exploit
Scripts Genie Top Sites - 'out.php id parameter'SQL Injection
Scripts Genie Top Sites - 'out.php id parameter' SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php cid parameter'SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php cid parameter' SQL Injection
W-Agora 4.1.6 - a login.php loginuser Parameter Cross-Site Scripting
W-Agora 4.1.6 - a 'login.php' loginuser Parameter Cross-Site Scripting
PHPWebSite 0.7.3/0.8.x/0.9.3 - User Module HTTP Response Splitting
phpWebSite 0.7.3/0.8.x/0.9.3 - User Module HTTP Response Splitting
Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack-Based Buffer Overflow
Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow
PHPBB 2.0.x - admin_cash.php Remote PHP File Include
phpBB 2.0.x - admin_cash.php Remote PHP File Include
UBBCentral UBB.threads 6.2.3/6.5 - login.php Cat Parameter Cross-Site Scripting
UBBCentral UBB.threads 6.2.3/6.5 - 'login.php' Cat Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - login.php URL Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - login.php Username Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - login.php Newlanguage Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php' URL Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php' Username Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting
Rebus:list - 'list.php list_id parameter'SQL Injection
Rebus:list - 'list.php list_id parameter' SQL Injection
SynConnect Pms - 'index.php loginid parameter'SQL Injection
SynConnect Pms - 'index.php loginid parameter' SQL Injection
Groovy Media Player 3.2.0 - '.mp3'Buffer Overflow
Groovy Media Player 3.2.0 - '.mp3' Buffer Overflow
glFTPD 1.x/2.0 ZIP Plugins - Multiple Directory Traversal Vulnerabilities
glFTPd 1.x/2.0 'ZIP' Plugins - Multiple Directory Traversal Vulnerabilities
PHPWebSite 0.x - Image File Processing Arbitrary PHP File Upload
phpWebSite 0.x - Image File Processing Arbitrary PHP File Upload
PHPBB 2.0.x - Authentication Bypass (1)
PHPBB 2.0.x - Authentication Bypass (2)
PHPBB 2.0.x - Authentication Bypass (3)
phpBB 2.0.x - Authentication Bypass (1)
phpBB 2.0.x - Authentication Bypass (2)
phpBB 2.0.x - Authentication Bypass (3)
PHPCOIN 1.2 - login.php Multiple Parameter Cross-Site Scripting
PHPCOIN 1.2 - 'login.php' Multiple Parameter Cross-Site Scripting
Multiple Vendor Telnet Client - Env_opt_add Heap-Based Buffer Overflow
Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow
PHPBB 2.0.13 DLMan Pro Module - SQL Injection
PHPBB 2.0.13 Linkz Pro Module - SQL Injection
phpBB 2.0.13 DLMan Pro Module - SQL Injection
phpBB 2.0.13 Linkz Pro Module - SQL Injection
PHPBB Photo Album 2.0.53 Module - Album_Cat.php Cross-Site Scripting
PHPBB Photo Album Module 2.0.53 - Album_Comment.php Cross-Site Scripting
phpBB Photo Album 2.0.53 Module - Album_Cat.php Cross-Site Scripting
phpBB Photo Album Module 2.0.53 - Album_Comment.php Cross-Site Scripting
Joomla S5 Clan Roster com_s5clanroster - 'index.php id parameter'SQL Injection
Joomla S5 Clan Roster com_s5clanroster - 'index.php id parameter' SQL Injection
PHPBB Remote - mod.php SQL Injection
Datenbank Module For PHPBB - Remote mod.php Cross-Site Scripting
phpBB Remote - mod.php SQL Injection
Datenbank Module For phpBB - Remote mod.php Cross-Site Scripting
PHPBB 1.x/2.0.x - Knowledge Base Module KB.php SQL Injection
phpBB 1.x/2.0.x - Knowledge Base Module KB.php SQL Injection
PHPBB-Auction Module 1.0/1.2 - Auction_Rating.php SQL Injection
PHPBB-Auction Module 1.0/1.2 - Auction_Offer.php SQL Injection
phpBB-Auction Module 1.0/1.2 - Auction_Rating.php SQL Injection
phpBB-Auction Module 1.0/1.2 - Auction_Offer.php SQL Injection
RaidenFTPD 2.4 - Unauthorized File Access
RaidenFTPd 2.4 - Unauthorized File Access
CartWIZ 1.10 - login.asp Redirect Argument Cross-Site Scripting
CartWIZ 1.10 - 'login.asp' Redirect Argument Cross-Site Scripting
CartWIZ 1.10 - login.asp Message Argument Cross-Site Scripting
CartWIZ 1.10 - 'login.asp' Message Argument Cross-Site Scripting
PHPBB 2.0.x - profile.php Cross-Site Scripting
PHPBB 2.0.x - viewtopic.php Cross-Site Scripting
phpBB 2.0.x - profile.php Cross-Site Scripting
phpBB 2.0.x - viewtopic.php Cross-Site Scripting
Notes Module for PHPBB - SQL Injection
Notes Module for phpBB - SQL Injection
PHPCOIN 1.2 - login.php PHPcoinsessid Parameter SQL Injection
PHPCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection
CodetoSell ViArt Shop Enterprise 2.1.6 - page.php page Parameter Cross-Site Scripting
CodetoSell ViArt Shop Enterprise 2.1.6 - 'page.php' page Parameter Cross-Site Scripting
PHPBB 2.0.x - URL Tag BBCode.php
phpBB 2.0.x - URL Tag BBCode.php
Active News Manager - login.asp SQL Injection
Active News Manager - 'login.asp' SQL Injection
FunkyASP AD Systems 1.1 - login.asp SQL Injection
FunkyASP AD Systems 1.1 - 'login.asp' SQL Injection
SAS Integration Technologies Client 9.31_M1 (SASspk.dll) - Stack-Based Overflow
SAS Integration Technologies Client 9.31_M1 (SASspk.dll) - Stack Based Overflow
OS4E - login.asp SQL Injection
OS4E - 'login.asp' SQL Injection
JiRo's Upload System 1.0 - login.asp SQL Injection
NEXTWEB - (i)Site login.asp SQL Injection
JiRo's Upload System 1.0 - 'login.asp' SQL Injection
NEXTWEB - (i)Site 'login.asp' SQL Injection
Livingcolor Livingmailing 1.3 - login.asp SQL Injection
Livingcolor Livingmailing 1.3 - 'login.asp' SQL Injection
WWWeb Concepts Events System 1.0 - login.asp SQL Injection
WWWeb Concepts Events System 1.0 - 'login.asp' SQL Injection
Cool Cafe Chat 1.2.1 - login.asp SQL Injection
Cool Cafe Chat 1.2.1 - 'login.asp' SQL Injection
LaGarde StoreFront 5.0 Shopping Cart - login.asp SQL Injection
LaGarde StoreFront 5.0 Shopping Cart - 'login.asp' SQL Injection
Ipswitch WhatsUp Professional 2005 SP1 - login.asp SQL Injection
Ipswitch WhatsUp Professional 2005 SP1 - 'login.asp' SQL Injection
Dynamic Biz Website Builder (QuickWeb) 1.0 - login.asp SQL Injection
Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' SQL Injection
PHPWebsite 0.7.3/0.8.x/0.9.x - 'index.php' Directory Traversal
phpWebSite 0.7.3/0.8.x/0.9.x - 'index.php' Directory Traversal
Cuppa CMS - 'alertConfigField.php urlConfig parameter'Remote / Local File Inclusion
Cuppa CMS - 'alertConfigField.php urlConfig parameter' Remote / Local File Inclusion
VBZoom 1.0/1.11 - login.php UserID Parameter Cross-Site Scripting
VBZoom 1.0/1.11 - 'login.php' UserID Parameter Cross-Site Scripting
PHP Lite Calendar Express 2.2 - login.php cid Parameter SQL Injection
PHP Lite Calendar Express 2.2 - 'login.php' cid Parameter SQL Injection
ATutor 1.5.1 - login.php course Parameter Cross-Site Scripting
ATutor 1.5.1 - 'login.php' course Parameter Cross-Site Scripting
Adrenalin Player 2.2.5.3 - '.wax'SEH Buffer Overflow
Adrenalin Player 2.2.5.3 - '.wax' SEH Buffer Overflow
PHPwcms 1.2.5 -DEV - login.php form_lang Parameter Traversal Arbitrary File Access
PHPwcms 1.2.5 -DEV - 'login.php' form_lang Parameter Traversal Arbitrary File Access
AVS Media Player 4.1.11.100 - '.ac3'Denial of Service
AVS Media Player 4.1.11.100 - '.ac3' Denial of Service
Adrenalin Player 2.2.5.3 - '.wvx'SEH Buffer Overflow
Adrenalin Player 2.2.5.3 - '.wvx' SEH Buffer Overflow
WinAmp 5.63 - Stack-based Buffer Overflow
WinAmp 5.63 - Stack Based Buffer Overflow
PHPX 3.5.x - Admin login.php SQL Injection
PHPX 3.5.x - Admin 'login.php' SQL Injection
DRZES Hms 3.2 - login.php Cross-Site Scripting
DRZES Hms 3.2 - 'login.php' Cross-Site Scripting
PortalApp 3.3/4.0 - login.asp Cross-Site Scripting
SiteEnable 3.3 - login.asp Cross-Site Scripting
IntranetApp 3.3 - login.asp ret_page Parameter Cross-Site Scripting
PortalApp 3.3/4.0 - 'login.asp' Cross-Site Scripting
SiteEnable 3.3 - 'login.asp' Cross-Site Scripting
IntranetApp 3.3 - 'login.asp' ret_page Parameter Cross-Site Scripting
ProjectApp 3.3 - login.asp ret_page Parameter Cross-Site Scripting
ProjectApp 3.3 - 'login.asp' ret_page Parameter Cross-Site Scripting
VbsEdit 5.9.3 - '.smi'Buffer Overflow
VbsEdit 5.9.3 - '.smi' Buffer Overflow
Artweaver 3.1.5 - '.awd'Buffer Overflow
Artweaver 3.1.5 - '.awd' Buffer Overflow
XnView 2.03 - '.pct'Buffer Overflow
XnView 2.03 - '.pct' Buffer Overflow
aoblogger 2.3 - login.php username Field SQL Injection
aoblogger 2.3 - 'login.php' username Field SQL Injection
WebspotBlogging 3.0 - login.php SQL Injection
WebspotBlogging 3.0 - 'login.php' SQL Injection
miniBloggie 1.0 - login.php SQL Injection
miniBloggie 1.0 - 'login.php' SQL Injection
ASPThai Forums 8.0 - login.asp SQL Injection
ASPThai Forums 8.0 - 'login.asp' SQL Injection
Windows RT ARM - Bind Shell (Port 4444) shellcode
Windows RT ARM - Bind Shell (Port 4444) Shellcode
Virtual Hosting Control System 2.2/2.4 - login.php check_login() Function Authentication Bypass
Virtual Hosting Control System 2.2/2.4 - 'login.php' check_login() Function Authentication Bypass
Siteframe Beaumont 5.0.1/5.0.2 - page.php HTML Injection
Siteframe Beaumont 5.0.1/5.0.2 - 'page.php' HTML Injection
Ginkgo CMS - 'index.php rang parameter'SQL Injection
Ginkgo CMS - 'index.php rang parameter' SQL Injection
Game-Panel 2.6 - login.php Cross-Site Scripting
Game-Panel 2.6 - 'login.php' Cross-Site Scripting
QwikiWiki 1.4/1.5 - login.php Multiple Parameter Cross-Site Scripting
QwikiWiki 1.4/1.5 - 'login.php' Multiple Parameter Cross-Site Scripting
PHPWebsite 0.8.2/0.8.3 - friend.php sid Parameter SQL Injection
PHPWebsite 0.8.2/0.8.3 - article.php sid Parameter SQL Injection
phpWebSite 0.8.2/0.8.3 - friend.php sid Parameter SQL Injection
phpWebSite 0.8.2/0.8.3 - article.php sid Parameter SQL Injection
PhxContacts 0.93 - login.php Cross-Site Scripting
PhxContacts 0.93 - 'login.php' Cross-Site Scripting
MLMAuction Script - 'gallery.php id parameter'SQL Injection
MLMAuction Script - 'gallery.php id parameter' SQL Injection
RedCMS 0.1 - login.php Multiple Parameter SQL Injection
RedCMS 0.1 - 'login.php' Multiple Parameter SQL Injection
ShopWeezle 2.0 - login.php itemID Parameter SQL Injection
ShopWeezle 2.0 - 'login.php' itemID Parameter SQL Injection
ContentBoxx - login.php Cross-Site Scripting
ContentBoxx - 'login.php' Cross-Site Scripting
PHPBB Chart Mod 1.1 - charts.php id Parameter SQL Injection
phpBB Chart Mod 1.1 - charts.php id Parameter SQL Injection
PHPBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion
phpBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion
JSBoard 2.0.10/2.0.11 - login.php Cross-Site Scripting
JSBoard 2.0.10/2.0.11 - 'login.php' Cross-Site Scripting
CyberBuild - login.asp SessionID Parameter SQL Injection
CyberBuild - 'login.asp' SessionID Parameter SQL Injection
CyberBuild - login.asp SessionID Parameter Cross-Site Scripting
CyberBuild - 'login.asp' SessionID Parameter Cross-Site Scripting
PHPBB Chart Mod 1.1 - charts.php id Parameter Cross-Site Scripting
phpBB Chart Mod 1.1 - charts.php id Parameter Cross-Site Scripting
PHPBB 2.0.20 - Unauthorized HTTP Proxy
phpBB 2.0.20 - Unauthorized HTTP Proxy
PHPBB 2.0.x - template.php Remote File Inclusion
phpBB 2.0.x - template.php Remote File Inclusion
PHPBB - BBRSS.php Remote File Inclusion
RahnemaCo - page.php Remote File Inclusion
phpBB - BBRSS.php Remote File Inclusion
RahnemaCo - 'page.php' Remote File Inclusion
BlueDragon Server 6.2.1 - '.cfm'Denial of Service
BlueDragon Server 6.2.1 - '.cfm' Denial of Service
MyMail 1.0 - login.php Cross-Site Scripting
MyMail 1.0 - 'login.php' Cross-Site Scripting
Woltlab Burning Board FLVideo Addon - 'video.php value parameter'SQL Injection
Woltlab Burning Board FLVideo Addon - 'video.php value parameter' SQL Injection
PHPBB 1.2.4 For Mambo - Multiple Remote File Inclusion
phpBB 1.2.4 For Mambo - Multiple Remote File Inclusion
PHPbb-auction 1.x - auction_room.php ar Parameter SQL Injection
PHPbb-auction 1.x - auction_store.php u Parameter SQL Injection
phpBB-auction 1.x - auction_room.php ar Parameter SQL Injection
phpBB-auction 1.x - auction_store.php u Parameter SQL Injection
Linux/x86 - Multi-Egghunter shellcode
Linux/x86 - Multi-Egghunter Shellcode
Jamroom 3.0.16 - login.php Cross-Site Scripting
Jamroom 3.0.16 - 'login.php' Cross-Site Scripting
DCP-Portal 6.0 - login.php username Parameter SQL Injection
DCP-Portal 6.0 - 'login.php' username Parameter SQL Injection
PhpBB XS 0.58 - Multiple Remote File Inclusion
phpBB XS 0.58 - Multiple Remote File Inclusion
AckerTodo 4.2 - login.php Multiple SQL Injection
AckerTodo 4.2 - 'login.php' Multiple SQL Injection
PHPWebSite 0.10.2 - PHPWS_SOURemote Code Execution_DIR Parameter Multiple Remote File Inclusion
phpWebSite 0.10.2 - PHPWS_SOURemote Code Execution_DIR Parameter Multiple Remote File Inclusion
PHPBB Add Name Module - Not_Mem.php Remote File Inclusion
IcoFX 2.5.0.0 - '.ico'Buffer Overflow
phpBB Add Name Module - Not_Mem.php Remote File Inclusion
IcoFX 2.5.0.0 - '.ico' Buffer Overflow
Evandor Easy notesManager 0.0.1 - login.php username Parameter SQL Injection
Evandor Easy notesManager 0.0.1 - 'login.php' username Parameter SQL Injection
AIOCP 1.3.x - cp_forum_view.php Multiple Parameter Cross-Site Scripting
AIOCP 1.3.x - cp_dpage.php choosed_language Parameter Cross-Site Scripting
AIOCP 1.3.x - cp_show_ec_products.php order_field Parameter Cross-Site Scripting
AIOCP 1.3.x - cp_users_online.php order_field Parameter Cross-Site Scripting
AIOCP 1.3.x - cp_links_search.php orderdir Parameter Cross-Site Scripting
AIOCP 1.3.x - /admin/code/index.php load_page Parameter Remote File Inclusion
AIOCP 1.3.x - cp_dpage.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_news.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_forum_view.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_edit_user.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_newsletter.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_links.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_contact_us.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_show_ec_products.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_login.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_users_online.php order_field Parameter SQL Injection
AIOCP 1.3.x - cp_codice_fiscale.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_links_search.php orderdir Parameter SQL Injection
AIOCP 1.3.x - cp_dpage.php Full Path Disclosure
AIOCP 1.3.x - cp_show_ec_products.php Full Path Disclosure
AIOCP 1.3.x - cp_show_page_help.php Full Path Disclosure
AIOCP 1.3.x - 'cp_forum_view.php' Multiple Parameter Cross-Site Scripting
Windows x86 - Persistent Reverse Shell TCP (494 Bytes)
AIOCP 1.3.x - 'cp_dpage.php' choosed_language Parameter Cross-Site Scripting
AIOCP 1.3.x - 'cp_show_ec_products.php' order_field Parameter Cross-Site Scripting
AIOCP 1.3.x - 'cp_users_online.php order_field Parameter Cross-Site Scripting
AIOCP 1.3.x - 'cp_links_search.php' orderdir Parameter Cross-Site Scripting
AIOCP 1.3.x - '/admin/code/index.php' load_page Parameter Remote File Inclusion
AIOCP 1.3.x - 'cp_dpage.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_news.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_forum_view.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_edit_user.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_newsletter.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_links.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_contact_us.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_show_ec_products.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_login.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_users_online.php' order_field Parameter SQL Injection
AIOCP 1.3.x - 'cp_codice_fiscale.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_links_search.php' orderdir Parameter SQL Injection
AIOCP 1.3.x - 'cp_dpage.php' Full Path Disclosure
AIOCP 1.3.x - 'cp_show_ec_products.php' Full Path Disclosure
AIOCP 1.3.x - 'cp_show_page_help.php' Full Path Disclosure
INFINICART - login.asp Multiple Parameter Cross-Site Scripting
INFINICART - 'login.asp' Multiple Parameter Cross-Site Scripting
Active PHP Bookmarks 1.1.2 - APB_SETTINGS['apb_path'] Multiple Remote File Inclusion
Active PHP Bookmarks 1.1.2 - APB_SETTINGS['apb_path' ] Multiple Remote File Inclusion
SIAP CMS - login.asp SQL Injection
SIAP CMS - 'login.asp' SQL Injection
AppIntellect SpotLight CRM - login.asp SQL Injection
AppIntellect SpotLight CRM - 'login.asp' SQL Injection
DMXReady Secure Login Manager 1.0 - login.asp sent Parameter SQL Injection
DMXReady Secure Login Manager 1.0 - 'login.asp' sent Parameter SQL Injection
PHPBB 2.0.21 - privmsg.php HTML Injection
phpBB 2.0.21 - privmsg.php HTML Injection
Indexu 5.0/5.3 - login.php error_msg Parameter Cross-Site Scripting
Indexu 5.0/5.3 - 'login.php' error_msg Parameter Cross-Site Scripting
myBloggie 2.1.5 - login.php PATH_INFO Parameter Cross-Site Scripting
myBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting
Avira Secure Backup 1.0.0.1 Build 3616 - '.reg'Buffer Overflow
Avira Secure Backup 1.0.0.1 Build 3616 - '.reg' Buffer Overflow
Boilsoft RM TO MP3 Converter 1.72 - Crash PoC '.wav'
Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash PoC
Tyger Bug Tracking System 1.1.3 - login.php PATH_INFO Parameter Cross-Site Scripting
Tyger Bug Tracking System 1.1.3 - 'login.php' PATH_INFO Parameter Cross-Site Scripting
Horde Framework 3.1.3 - login.php Cross-Site Scripting
Horde Framework 3.1.3 - 'login.php' Cross-Site Scripting
PHPStats 0.1.9 - Multiple SQL Injections
PHPStats 0.1.9 - PHP-Stats-options.php Remote Code Execution
phpStats 0.1.9 - Multiple SQL Injections
phpStats 0.1.9 - PHP-Stats-options.php Remote Code Execution
Free File Hosting System 1.1 - login.php AD_BODY_TEMP Parameter Remote File Inclusion
Free File Hosting System 1.1 - 'login.php' AD_BODY_TEMP Parameter Remote File Inclusion
DeskPro 2.0.1 - login.php HTML Injection
DeskPro 2.0.1 - 'login.php' HTML Injection
plesk 8.1.1 - login.php3 Directory Traversal
plesk 8.1.1 - 'login.php3' Directory Traversal
Ahhp Portal - page.php Multiple Remote File Inclusion
Ahhp Portal - 'page.php' Multiple Remote File Inclusion
Campsite 2.6.1 - 'LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ' LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ' LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion
PHPPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting
phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting
Maia Mailguard 1.0.2 - login.php Multiple Local File Inclusion
Maia Mailguard 1.0.2 - 'login.php' Multiple Local File Inclusion
Nukedit 4.9.x - login.asp Cross-Site Scripting
Nukedit 4.9.x - 'login.asp' Cross-Site Scripting
Pay Roll Time Sheet and Punch Card Application With Web UI - login.asp SQL Injection
Pay Roll Time Sheet and Punch Card Application With Web UI - 'login.asp' SQL Injection
RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp'Version Attribute Buffer Overflow
RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp' Version Attribute Buffer Overflow
PHPGedView 4.1 - login.php Cross-Site Scripting
PHPGedView 4.1 - 'login.php' Cross-Site Scripting
E-Smart Cart 1.0 - login.asp SQL Injection
AkkyWareHOUSE 7-zip32.dll 4.42 - Heap-Based Buffer Overflow
E-Smart Cart 1.0 - 'login.asp' SQL Injection
AkkyWareHOUSE 7-zip32.dll 4.42 - Heap Based Buffer Overflow
SWSoft Plesk 8.2 - login.php3 PLESKSESSID Cookie SQL Injection
SWSoft Plesk 8.2 - 'login.php3' PLESKSESSID Cookie SQL Injection
AfterLogic MailBee WebMail Pro 3.x - login.php mode Parameter Cross-Site Scripting
AfterLogic MailBee WebMail Pro 3.x - 'login.php' mode Parameter Cross-Site Scripting
Miro Broadcast Machine 0.9.9 - login.php Cross-Site Scripting
Miro Broadcast Machine 0.9.9 - 'login.php' Cross-Site Scripting
JiRo's Banner System 2.0 - login.asp Multiple SQL Injection
JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injection
WinUAE 1.4.4 - 'zfile.c' Stack-Based Buffer Overflow
WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow
Toshiba Surveillance Surveillix DVR 'MeIpCamX.DLL' 1.0 - ActiveX Control Buffer Overflow
Toshiba Surveillance Surveillix DVR 'MeIpCamX.dll' 1.0 - ActiveX Control Buffer Overflow
MuPDF 1.3 - Stack-based Buffer Overflow in xps_parse_color()
MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color()
Android Web Browser - GIF File Heap-Based Buffer Overflow
Android Web Browser - GIF File Heap Based Buffer Overflow
NCH Software Express Burn Plus 4.68 - '.EBP'Project File Buffer Overflow
NCH Software Express Burn Plus 4.68 - '.EBP' Project File Buffer Overflow
PHPstats 0.1_alpha - 'PHPstats.php' Cross-Site Scripting
phpStats 0.1_alpha - 'phpStats.php' Cross-Site Scripting
Publish-It 3.6d - '.pui'SEH Buffer Overflow
Publish-It 3.6d - '.pui' SEH Buffer Overflow
LeadTools Multimedia 15 - 'LTMM15.DLL' ActiveX Control Arbitrary File Overwrite Vulnerabilities
PHPBB PJIRC Module 0.5 - 'irc.php' Local File Inclusion
LeadTools Multimedia 15 - 'LTMM15.dll' ActiveX Control Arbitrary File Overwrite Vulnerabilities
phpBB PJIRC Module 0.5 - 'irc.php' Local File Inclusion
PHPBB Fishing Cat Portal Addon - 'functions_portal.php' Remote File Inclusion
phpBB Fishing Cat Portal Addon - 'functions_portal.php' Remote File Inclusion
EsContacts 1.0 - login.php msg Parameter Cross-Site Scripting
EsContacts 1.0 - 'login.php' msg Parameter Cross-Site Scripting
NASA Ames Research Center BigView 1.8 - '.PNM'Stack-Based Buffer Overflow
NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow
PHP Ticket System Beta 1 - 'get_all_created_by_user.php id parameter'SQL Injection
PHP Ticket System Beta 1 - 'get_all_created_by_user.php id parameter' SQL Injection
VCDGear 3.50 - '.cue'Stack Buffer Overflow
VCDGear 3.50 - '.cue' Stack Buffer Overflow
FaName 1.0 - page.php name Parameter Cross-Site Scripting
FaName 1.0 - 'page.php' name Parameter Cross-Site Scripting
TGS Content Management 0.3.2r2 - login.php Multiple Parameter Cross-Site Scripting
TGS Content Management 0.3.2r2 - 'login.php' Multiple Parameter Cross-Site Scripting
Claroline 1.8.9 - PHPbb/newtopic.php URL Cross-Site Scripting
Claroline 1.8.9 - PHPbb/reply.php URL Cross-Site Scripting
Claroline 1.8.9 - PHPbb/viewtopic.php URL Cross-Site Scripting
Claroline 1.8.9 - phpBB/newtopic.php URL Cross-Site Scripting
Claroline 1.8.9 - phpBB/reply.php URL Cross-Site Scripting
Claroline 1.8.9 - phpBB/viewtopic.php URL Cross-Site Scripting
Trixbox - 'endpoint_aastra.php mac parameter'Remote Code Injection
Trixbox - 'endpoint_aastra.php mac parameter' Remote Code Injection
Free Download Manager - Stack-based Buffer Overflow
Free Download Manager - Stack Based Buffer Overflow
XRms 1.99.2 - login.php target Parameter Cross-Site Scripting
XRms 1.99.2 - 'login.php' target Parameter Cross-Site Scripting
Microsoft DebugDiag 1.0 - 'CrashHangExt.dll' ActiveX Control Remote Denial of Service
Microsoft DebugDiag 1.0 - ' CrashHangExt.dll' ActiveX Control Remote Denial of Service
PHPWebSite 0.9.3 - 'links.php' SQL Injection
phpWebSite 0.9.3 - 'links.php' SQL Injection
Easyedit CMS - page.php intPageID Parameter SQL Injection
Easyedit CMS - 'page.php' intPageID Parameter SQL Injection
aMSN - '.ctt'Remote Denial of Service
aMSN - '.ctt' Remote Denial of Service
68 Classifieds 4.1 - login.php goto Parameter Cross-Site Scripting
68 Classifieds 4.1 - 'login.php' goto Parameter Cross-Site Scripting
ProFTPD 1.3 - 'mod_sql' Username SQL Injection
ProFTPd 1.3 - 'mod_sql' Username SQL Injection
LinPHA 1.3.2/1.3.3 - login.php Cross-Site Scripting
LinPHA 1.3.2/1.3.3 - 'login.php' Cross-Site Scripting
Recover Data for Novell Netware 1.0 - '.sav'Remote Denial of Service
Recover Data for Novell Netware 1.0 - '.sav' Remote Denial of Service
J. River Media Jukebox 12 - '.mp3'Remote Heap Buffer Overflow
J. River Media Jukebox 12 - '.mp3' Remote Heap Buffer Overflow
Invision Power Board 3.0.3 - '.txt'MIME-Type Cross-Site Scripting
Invision Power Board 3.0.3 - '.txt' MIME-Type Cross-Site Scripting
OpenOffice 3.1 - '.csv'Remote Denial of Service
OpenOffice 3.1 - '.csv' Remote Denial of Service
OpenOffice 3.1 - '.slk'NULL Pointer Dereference Remote Denial of Service
OpenOffice 3.1 - '.slk' NULL Pointer Dereference Remote Denial of Service
BS.Player 2.51 - '.mp3'Buffer Overflow
BS.Player 2.51 - '.mp3' Buffer Overflow
netKar PRO 1.1 - '.nkuser'File Creation NULL Pointer Denial Of Service
netKar PRO 1.1 - '.nkuser' File Creation NULL Pointer Denial Of Service
Aqua Real Screensaver - '.ar'Buffer Overflow
Aqua Real Screensaver - '.ar' Buffer Overflow
Mthree Development MP3 to WAV Decoder - '.mp3'Remote Buffer Overflow
Mthree Development MP3 to WAV Decoder - '.mp3' Remote Buffer Overflow
Sonique 2.0 - '.xpl'Remote Stack-Based Buffer Overflow
Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow
Property Watch - login.php redirect Parameter Cross-Site Scripting
Property Watch - 'login.php' redirect Parameter Cross-Site Scripting
Xilisoft Video Converter 3.1.8.0720b - '.ogg'Buffer Overflow
Xilisoft Video Converter 3.1.8.0720b - '.ogg' Buffer Overflow
Mulitple Wordpress Themes - 'admin-ajax.php img parameter'Arbitrary File Download
Mulitple Wordpress Themes - 'admin-ajax.php img parameter' Arbitrary File Download
Crystal Player 1.98 - '.mls'Buffer Overflow
Crystal Player 1.98 - '.mls' Buffer Overflow
Wordpress Acento Theme - 'view-pdf.php file parameter'Arbitrary File Download
Wordpress Acento Theme - 'view-pdf.php file parameter' Arbitrary File Download
GreenBrowser - 'RSRC32.DLL' DLL Loading Arbitrary Code Execution
GreenBrowser - 'RSRC32.dll' DLL Loading Arbitrary Code Execution
DragDropCart - login.php redirect Parameter Cross-Site Scripting
DragDropCart - 'login.php' redirect Parameter Cross-Site Scripting
Microsoft Bluetooth Personal Area Networking - 'BthPan.sys'Privilege Escalation
Microsoft Bluetooth Personal Area Networking - 'BthPan.sys' Privilege Escalation
WordPress RB Agency Plugin 2.4.7 - Local File Disclosure
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax'Buffer Overflow/Denial of Service EIP Overwrite
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow/Denial of Service EIP Overwrite
Wireshark 1.4.3 - '.pcap'Memory Corruption
Wireshark 1.4.3 - '.pcap' Memory Corruption
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax'SEH Buffer Overflow
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' SEH Buffer Overflow
KMPlayer 2.9.3.1214 - '.ksf'Remote Buffer Overflow
DivX Player 6.x - '.dps'Remote Buffer Overflow
KMPlayer 2.9.3.1214 - '.ksf' Remote Buffer Overflow
DivX Player 6.x - '.dps' Remote Buffer Overflow
VLC Media Player 1.0.5 - '.ape'Denial of Service
VLC Media Player 1.0.5 - '.ape' Denial of Service
RealPlayer 11 - '.rmp'Remote Buffer Overflow
RealPlayer 11 - '.rmp' Remote Buffer Overflow
Advantech AdamView 4.30.003 - '.gni'SEH Buffer Overflow
Advantech AdamView 4.30.003 - '.gni' SEH Buffer Overflow
FLVPlayer4Free 2.9 - '.fp4f'Remote Buffer Overflow
FLVPlayer4Free 2.9 - '.fp4f' Remote Buffer Overflow
eXPert PDF 7.0.880.0 - '.pj'Heab-based Buffer Overflow
eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow
BlueVoda Website Builder 11 - '.bvp' File Stack-Based Buffer Overflow
BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow
PHPWebSite 1.7.1 - 'upload.php' Arbitrary File Upload
phpWebSite 1.7.1 - 'upload.php' Arbitrary File Upload
xAurora 10.00 - 'RSRC32.DLL' DLL Loading Arbitrary Code Execution
xAurora 10.00 - 'RSRC32.dll' DLL Loading Arbitrary Code Execution
PHPWebSite 1.7.1 - 'mod.php' SQL Injection
phpWebSite 1.7.1 - 'mod.php' SQL Injection
Linux/x86 - custom execve-shellcode Encoder/Decoder
Linux/x86 - custom execve-Shellcode Encoder/Decoder
ProFTPd 1.3.5 (mod_copy) - Remote Command Execution
ProFTPd 1.3.5 - (mod_copy) Remote Command Execution
ProFTPD 1.3.5 - Mod_Copy Command Execution
ProFTPd 1.3.5 - 'Mod_Copy' Command Execution
Linux/x86 - Download & Execute shellcode
Linux/x86 - Download & Execute Shellcode
Adobe Flash - Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash - Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash - Heap Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File
Valhala Honeypot 1.8 - Stack-Based Buffer Overflow
Valhala Honeypot 1.8 - Stack Based Buffer Overflow
Microsoft Office 2007 - Malformed Document Stack-Based Buffer Overflow
Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow
WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass
WebKit Cross-Site Scripting Filter - ' Cross-Site ScriptingAuditor.cpp' Security Bypass
Mpxplay Multimedia Commander 2.00a - .m3u Stack-Based Buffer Overflow
Mpxplay Multimedia Commander 2.00a - .m3u Stack Based Buffer Overflow
Linux/x86-64 - /bin/sh shellcode
Linux/x86-64 - /bin/sh Shellcode
Last PassBroker 3.2.16 - Stack-Based Buffer Overflow
Last PassBroker 3.2.16 - Stack Based Buffer Overflow
C2 WebResource - 'File' Parameter Cross-Site Scripting
C2 WebResource - ' File' Parameter Cross-Site Scripting
SmallFTPD - Unspecified Denial of Service
SmallFTPd - Unspecified Denial of Service
VLC 2.2.1 libvlccore - '.mp3'Stack Overflow
VLC 2.2.1 libvlccore - '.mp3' Stack Overflow
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap-Based Out-of-Bounds Reads
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads
FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap-Based Out-of-Bounds Read
FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read
FBZX 2.10 - Local Stack-Based Buffer Overflow
FBZX 2.10 - Local Stack Based Buffer Overflow
TACK 1.07 - Local Stack-Based Buffer Overflow
TACK 1.07 - Local Stack Based Buffer Overflow
Dynamic Biz Website Builder (QuickWeb) 1.0 - login.asp Multiple Field SQL Injection Authentication Bypass
Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injection Authentication Bypass
Wireshark - iseries_parse_packet Heap-Based Buffer Overflow
Wireshark - dissect_tds7_colmetadata_token Stack-Based Buffer Overflow
Wireshark - iseries_parse_packet Heap Based Buffer Overflow
Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow
Wireshark - file_read (wtap_read_bytes_or_eof/mp2t_find_next_pcr) Stack-Based Buffer Overflow
Wireshark - file_read (wtap_read_bytes_or_eof/mp2t_find_next_pcr) Stack Based Buffer Overflow
Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack-Based Buffer Overflow
Wireshark - find_signature Stack-Based Out-of-Bounds Read
Wireshark - AirPDcapPacketProcess Stack-Based Buffer Overflow
Wireshark - getRate Stack-Based Out-of-Bounds Read
Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow
Wireshark - find_signature Stack Based Out-of-Bounds Read
Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow
Wireshark - getRate Stack Based Out-of-Bounds Read
Adobe Flash TextField.variable Setter - Use-After-Free
Adobe Flash TextField.Variable Setter - Use-After-Free
Wireshark infer_pkt_encap - Heap-Based Out-of-Bounds Read
Wireshark AirPDcapDecryptWPABroadcastKey - Heap-Based Out-of-Bounds Read
Wireshark infer_pkt_encap - Heap Based Out-of-Bounds Read
Wireshark AirPDcapDecryptWPABroadcastKey - Heap Based Out-of-Bounds Read
eshtery CMS - 'FileManager.aspx' Local File Disclosure
eshtery CMS - ' FileManager.aspx' Local File Disclosure
pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap-Based Out-of-Bounds Read
pdfium CPDF_TextObject::CalcPositionData - Heap-Based Out-of-Bounds Read
pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap Based Out-of-Bounds Read
pdfium CPDF_TextObject::CalcPositionData - Heap Based Out-of-Bounds Read
pdfium CPDF_Function::Call - Stack-Based Buffer Overflow
pdfium CPDF_Function::Call - Stack Based Buffer Overflow
MySQL 5.5.45 (64bit) - Local Credentials Disclosure
pdfium - opj_jp2_apply_pclr (libopenjpeg) Heap-Based Out-of-Bounds Read
pdfium - opj_j2k_read_mcc (libopenjpeg) Heap-Based Out-of-Bounds Read
Wireshark - iseries_check_file_type Stack-Based Out-of-Bounds Read
Wireshark - dissect_nhdr_extopt Stack-Based Buffer Overflow
pdfium - opj_jp2_apply_pclr (libopenjpeg) Heap Based Out-of-Bounds Read
pdfium - opj_j2k_read_mcc (libopenjpeg) Heap Based Out-of-Bounds Read
Wireshark - iseries_check_file_type Stack Based Out-of-Bounds Read
Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow
Wireshark - nettrace_3gpp_32_423_file_open Stack-Based Out-of-Bounds Read
Wireshark - dissect_ber_constrained_bitstring Heap-Based Out-of-Bounds Read
Wireshark - nettrace_3gpp_32_423_file_open Stack Based Out-of-Bounds Read
Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read
Tftpd32 and Tftpd64 - Denial Of Service
TFTPD32 and Tftpd64 - Denial Of Service
glibc - getaddrinfo Stack-Based Buffer Overflow
glibc - getaddrinfo Stack Based Buffer Overflow
Wireshark - vwr_read_s2_s3_W_rec Heap-Based Buffer Overflow
libxml2 - xmlDictAddString Heap-Based Buffer Overread
libxml2 - xmlParseEndTag2 Heap-Based Buffer Overread
libxml2 - xmlParserPrintFileContextInternal Heap-Based Buffer Overread
libxml2 - htmlCurrentChar Heap-Based Buffer Overread
Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow
libxml2 - xmlDictAddString Heap Based Buffer Overread
libxml2 - xmlParseEndTag2 Heap Based Buffer Overread
libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread
libxml2 - htmlCurrentChar Heap Based Buffer Overread
Kamailio 4.3.4 - Heap-Based Buffer Overflow
Kamailio 4.3.4 - Heap Based Buffer Overflow
Wireshark - dissect_pktc_rekey Heap-based Out-of-Bounds Read
Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read
Wireshark - dissect_2008_16_security_4 Stack-Based Buffer Overflow
Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow
TRN Threaded USENET News Reader 3.6-23 - Local Stack-Based Overflow
TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow
NRSS Reader 0.3.9 - Local Stack-Based Overflow
NRSS Reader 0.3.9 - Local Stack Based Overflow
Wireshark - AirPDcapDecryptWPABroadcastKey Heap-Based Out-of-Bounds Read
Wireshark - AirPDcapDecryptWPABroadcastKey Heap Based Out-of-Bounds Read
Windows - gdi32.dll Heap-Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Windows - gdi32.dll Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Graphite2 - GlyphCache::GlyphCache Heap-Based Buffer Overflow
Graphite2 - GlyphCache::Loader Heap-Based Overreads
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap-Based Overread
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap-Based Overread
Graphite2 - NameTable::getName Multiple Heap-Based Out-of-Bounds Reads
Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow
Graphite2 - GlyphCache::Loader Heap Based Overreads
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread
Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads
Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap-Based Memory Corruption
Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption
Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap-Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)
Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)
Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap-Based Buffer Overflow (MS16-097)
Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
PHP 5.0.0 - imap_mail() Local Denial of Service
PHP 5.0.0 - 'imap_mail()' Local Denial of Service
PHP 5.0.0 - html_doc_file() Local Denial of Service
PHP 5.0.0 - 'html_doc_file()' Local Denial of Service
2016-09-06 05:08:08 +00:00
Offensive Security
ae53a02150
DB: 2016-08-19
...
4 new exploits
Too many too list!
2016-08-19 05:06:41 +00:00
Offensive Security
29076928d8
DB: 2016-08-17
...
10 new exploits
Mozilla Firefox 1.5.0.4 - (marquee) Denial of Service Exploit
Mozilla Firefox 1.5.0.4 - (marquee) Denial of Service
LifeType 1.0.4 - SQL Injection / Admin Credentials Disclosure Exploit
LifeType 1.0.4 - Multiple Vulnerabilities
Linux Kernel < 2.6.16.18 - (Netfilter NAT SNMP Module) Remote DoS Exploit
Linux Kernel < 2.6.16.18 - (Netfilter NAT SNMP Module) Remote Denial of Service
cms-bandits 2.5 - (spaw_root) Remote File Inclusion
Enterprise Payroll Systems 1.1 - (footer) Remote Include
CMS-Bandits 2.5 - (spaw_root) Remote File Inclusion
Enterprise Payroll Systems 1.1 - (footer) Remote File Inclusion
0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash Exploit
empris r20020923 - (phormationdir) Remote Include
aePartner 0.8.3 - (dir[data]) Remote Include
0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash PoC
empris r20020923 - (phormationdir) Remote File Inclusion
aePartner 0.8.3 - (dir[data]) Remote File Inclusion
SmartSiteCMS 1.0 - (root) Remote File Inclusion
Opera 9 - (long href) Remote Denial of Service Exploit
SmartSite CMS 1.0 - (root) Remote File Inclusion
Opera 9 - (long href) Remote Denial of Service
w-Agora 4.2.0 - (inc_dir) Remote File Inclusion Exploit
w-Agora 4.2.0 - (inc_dir) Remote File Inclusion
BitchX 1.1-final do_hook() Remote Denial of Service Exploit
BitchX 1.1-final - do_hook() Remote Denial of Service
BLOG:CMS 4.0.0k SQL Injection Exploit
BLOG:CMS 4.0.0k - SQL Injection
Sun Board 1.00.00 alpha Remote File Inclusion
Sun Board 1.00.00 alpha - Remote File Inclusion
Mailist 3.0 Insecure Backup/Local File Inclusion
Mailist 3.0 - Insecure Backup/Local File Inclusion
AdaptCMS 2.0.0 Beta (init.php) Remote File Inclusion
AdaptCMS 2.0.0 Beta - (init.php) Remote File Inclusion
VisualShapers ezContents 1.x/2.0 db.php Arbitrary File Inclusion
VisualShapers ezContents 1.x/2.0 archivednews.php Arbitrary File Inclusion
VisualShapers ezContents 1.x/2.0 - db.php Arbitrary File Inclusion
VisualShapers ezContents 1.x/2.0 - archivednews.php Arbitrary File Inclusion
VoteBox 2.0 Votebox.php Remote File Inclusion
VoteBox 2.0 - Votebox.php Remote File Inclusion
TRG News 3.0 Script Remote File Inclusion
TRG News 3.0 Script - Remote File Inclusion
Vortex Portal 2.0 content.php act Parameter Remote File Inclusion
Vortex Portal 2.0 - content.php act Parameter Remote File Inclusion
Shoutbox 1.0 Shoutbox.php Remote File Inclusion
Shoutbox 1.0 - Shoutbox.php Remote File Inclusion
Ajaxmint Gallery 1.0 Local File Inclusion
Ajaxmint Gallery 1.0 - Local File Inclusion
Zabbix 2.2.x_ 3.0.x - SQL Injection
Microsoft Office Word 2013_2016 - sprmSdyaTop Denial of Service (MS16-099)
Zabbix 2.2.x / 3.0.x - SQL Injection
Microsoft Office Word 2013/2016 - sprmSdyaTop Denial of Service (MS16-099)
Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use After Free PoC
Windows x86 - MessageBoxA Shellcode (242 bytes)
Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal
Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection
Pi-Hole Web Interface 2.8.1 - Stored XSS in Whitelist/Blacklist
Nagios Log Server 1.4.1 - Multiple Vulnerabilities
Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities
Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities
Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV
2016-08-17 05:02:47 +00:00
Offensive Security
d1e88dd6d0
DB: 2016-07-30
2016-07-30 07:05:01 +00:00
Offensive Security
a9e80c57e9
DB: 2016-07-18
...
164 new exploits
Snitz Forums 3.3.03 - Remote Command Execution Exploit
CdRecord <= 2.0 - Mandrake Local Root Exploit
Snitz Forums 3.3.03 - Remote Command Execution Exploit
CdRecord <= 2.0 - Mandrake Local Root Exploit
Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
Mandrake Linux 8.2 - /usr/mail Local Exploit
Microsoft Windows Media Services - (nsiislog.dll) Remote Exploit
Microsoft Windows - (RPC DCOM) Remote Exploit (48 Targets)
Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit
Microsoft Windows - (RPC2) Universal Exploit & DoS (RPC3) (MS03-039)
Eudora 6.0.3 Attachment Spoofing Exploit (windows)
Redhat 6.2 /sbin/restore - Exploit
Oracle (oidldapd connect) Local Command Line Overflow Exploit
Redhat 6.2 /sbin/restore - Exploit
Oracle (oidldapd connect) Local Command Line Overflow Exploit
CVS - Remote Entry Line Root Heap Overflow Exploit
UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit
CVS - Remote Entry Line Root Heap Overflow Exploit
UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit
Microsoft Outlook Express Window Opener
Microsoft Outlook Express Javascript Execution
Microsoft Outlook Express Window Opener
Microsoft Outlook Express Javascript Execution
Ping of Death Remote Denial of Service Exploit
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Internet Explorer Overly Trusted Location Cache Exploit
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Internet Explorer Overly Trusted Location Cache Exploit
Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)
Microsoft Internet Explorer Remote Null Pointer Crash (mshtml.dll)
CVSTrac Remote Arbitrary Code Execution Exploit
LibPNG <= 1.2.5 - png_jmpbuf() Local Buffer Overflow Exploit
IPD (Integrity Protection Driver) Local Exploit
Bird Chat 1.61 - Denial of Service
D-Link DCS-900 Camera Remote IP Address Changer Exploit
GD Graphics Library Heap Overflow Proof of Concept Exploit
vBulletin LAST.php SQL Injection
miniBB - Input Validation Hole ('user')
phpBB highlight Arbitrary File Upload (Santy.A)
Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)
PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion
ZeroBoard Worm Source Code
Invision Power Board <= 1.3.1 - Login.php SQL Injection
Veritas Backup Exec Remote File Access Exploit (windows)
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow
Microsoft Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047)
PHP-Nuke <= 7.8 - Search Module Remote SQL Injection Exploit
SGI IRIX <= 6.5.28 - (runpriv) Design Error
Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit
Microsoft Internet Explorer 7 Popup Address Bar Spoofing Weakness
Microsoft Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit
Invision Community Blog Mod 1.2.4 - SQL Injection
Microsoft Windows - (MessageBox) Memory Corruption Local Denial of Service
Twilight Webserver 1.3.3.0 (GET) Remote Denial of Service Exploit
PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit
Microsoft Internet Explorer - Recordset Double Free Memory Exploit (MS07-009)
phpGalleryScript 1.0 - (init.gallery.php include_class) RFI
Md-Pro <= 1.0.8x (Topics topicid) Remote SQL Injection
DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service PoC
Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BoF Exploit
Woltlab Burning Board Addon JGS-Treffen SQL Injection
pSys 0.7.0.a (shownews) Remote SQL Injection
JAMM CMS (id) Remote Blind SQL Injection Exploit
Clever Copy 3.0 (results.php) Remote SQL Injection Exploit
GLLCTS2 (listing.php sort) Remote Blind SQL Injection Exploit
PHPMyCart (shop.php cat) Remote SQL Injection
Cartweaver 3 (prodId) Remote Blind SQL Injection Exploit
Oxygen 2.0 (repquote) Remote SQL Injection
MyMarket 1.72 - BlindSQL Injection Exploit
easyTrade 2.x - (detail.php id) Remote SQL Injection
CaupoShop Classic 1.3 - (saArticle[ID]) Remote SQL Injection
AcmlmBoard 1.A2 (pow) Remote SQL Injection
Catviz 0.4.0 beta1 - Multiple Remote SQL Injection Vulnerabilities
DZCP (deV!L_z Clanportal) <= 1.4.9.6 - Blind SQL Injection Exploit
Webspell 4 (Auth Bypass) SQL Injection
Microsoft Internet Explorer 7 - Memory Corruption PoC (MS09-002)
kloxo 5.75 - Multiple Vulnerabilities
Microsoft Office Web Components (Spreadsheet) ActiveX BoF PoC
PulseAudio setuid - Local Privilege Escalation Exploit
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
PulseAudio setuid - Local Privilege Escalation Exploit
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X)
mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X)
eWebeditor Directory Traversal
eWebeditor ASP Version - Multiple Vulnerabilities
Radasm .rap file Local Buffer Overflow
Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes)
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) shellcode (38 bytes)
Joomla Component com_event - SQL Injection
Aix - execve /bin/sh (88 bytes)
BSD - Passive Connection Shellcode
bsd/PPC - execve /bin/sh (128 bytes)
bsd/x86 - setuid/execve shellcode (30 bytes)
bsd/x86 - setuid/portbind shellcode (94 bytes)
bsd/x86 - execve /bin/sh multiplatform (27 bytes)
bsd/x86 - execve /bin/sh setuid (0) (29 bytes)
bsd/x86 - portbind port 31337 (83 bytes)
bsd/x86 - portbind port random (143 bytes)
bsd/x86 - break chroot (45 bytes)
bsd/x86 - execve /bin/sh Crypt /bin/sh (49 bytes)
bsd/x86 - execve /bin/sh ENCRYPT* (57 bytes)
bsd/x86 - connect (93 bytes)
bsd/x86 - cat /etc/master.passwd | mail [email] (92 bytes)
bsd/x86 - reverse portbind (129 bytes)
bsdi/x86 - execve /bin/sh (45 bytes)
bsdi/x86 - execve /bin/sh (46 bytes)
AIX - execve /bin/sh shellcode (88 bytes)
BSD - Passive Connection Shellcode (124 bytes)
BSD/PPC - execve /bin/sh shellcode (128 bytes)
BSD/x86 - setuid(0) then execve /bin/sh shellcode (30 bytes)
BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes)
BSD/x86 - execve /bin/sh multiplatform shellcode (27 bytes)
BSD/x86 - execve /bin/sh setuid (0) shellcode (29 bytes)
BSD/x86 - portbind port 31337 shellcode (83 bytes)
BSD/x86 - portbind port random shellcode (143 bytes)
BSD/x86 - break chroot shellcode (45 bytes)
BSD/x86 - execve /bin/sh Crypt /bin/sh shellcode (49 bytes)
BSD/x86 - execve /bin/sh ENCRYPT* shellcode (57 bytes)
BSD/x86 - connect torootteam.host.sk:2222 shellcode (93 bytes)
BSD/x86 - cat /etc/master.passwd | mail [email] shellcode (92 bytes)
BSD/x86 - reverse 6969 portbind shellcode (129 bytes)
BSDi/x86 - execve /bin/sh shellcode (45 bytes)
BSDi/x86 - execve /bin/sh shellcode (46 bytes)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (1)
bsdi/x86 - execve /bin/sh toupper evasion (97 bytes)
FreeBSD i386/AMD64 - Execve /bin/sh (Anti-Debugging)
freebsd/x86 - setreuid_ execve(pfctl -d) (56 bytes)
freebsd/x86 - connect back.send.exit /etc/passwd (112 bytes)
freebsd/x86 - kill all processes (12 bytes)
freebsd/x86 - rev connect_ recv_ jmp_ return results (90 bytes)
freebsd/x86 - /bin/cat /etc/master.passwd (NULL free) (65 bytes)
freebsd/x86 - reverse portbind /bin/sh (89 bytes)
freebsd/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)
freebsd/x86 - encrypted shellcode /bin/sh (48 bytes)
freebsd/x86 - portbind 4883 with auth shellcode
freebsd/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)
freebsd/x86 - execve /bin/sh (23 bytes)
freebsd/x86 - execve /bin/sh (2) (23 bytes)
freebsd/x86 - execve /bin/sh (37 bytes)
freebsd/x86 - kldload /tmp/o.o (74 bytes)
freebsd/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes)
freebsd/x86 - execve /tmp/sh (34 bytes)
freebsd/x86 - connect (102 bytes)
freebsd/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)
freebsd/x86-64 - execve /bin/sh shellcode (34 bytes)
Linux/x86 - execve shellcode generator null byte free
Linux/x86 - generate portbind payload
Windows XP SP1 - portbind payload (Generator)
/bin/sh Polymorphic shellcode with printable ASCII characters
Linux/x86 - shellcode null free (Generator)
Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)
Multi-Format Shellcode Encoding Tool - Beta 2.0 (Win32) (Generator)
iOS Version-independent shellcode
Cisco IOS - Connectback Shellcode
Cisco IOS - Bind Shellcode 1.0 (116 bytes)
Cisco IOS - Tiny Shellcode
Cisco IOS - Shellcode And Exploitation Techniques (BlackHat)
HPUX - execve /bin/sh (58 bytes)
Linux/amd64 - flush iptables rules shellcode (84 bytes)
Linux/amd64 - connect-back semi-stealth shellcode (88+ bytes)
Linux/MIPS (Linksys WRT54G/GL) - port bind shellcode (276 bytes)
BSDi/x86 - execve /bin/sh toupper evasion shellcode (97 bytes)
FreeBSD i386 & AMD64 - Execve /bin/sh shellcode (Anti-Debugging) (140 bytes)
FreeBSD/x86 - setreuid_ execve(pfctl -d) shellcode (56 bytes)
FreeBSD/x86 - connect back.send.exit /etc/passwd shellcode (112 bytes)
FreeBSD/x86 - kill all processes shellcode (12 bytes)
FreeBSD/x86 - rev connect_ recv_ jmp_ return results shellcode (90 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh shellcode (89 bytes)
FreeBSD/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)
FreeBSD/x86 - encrypted shellcode /bin/sh (48 bytes)
FreeBSD/x86 - portbind 4883 with auth shellcode (222 bytes)
FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (23 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (2) (23 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (37 bytes)
FreeBSD/x86 - kldload /tmp/o.o shellcode (74 bytes)
FreeBSD/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh shellcode (44 bytes)
FreeBSD/x86 - execve /tmp/sh shellcode (34 bytes)
FreeBSD/x86 - connect (Port 31337) shellcode (102 bytes)
FreeBSD/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)
FreeBSD/x86-64 - execve /bin/sh shellcode (34 bytes)
Linux/x86 - execve shellcode null byte free (Generator)
Linux/x86 - portbind payload shellcode (Generator)
Windows XP SP1 - portbind payload shellcode (Generator)
(Generator) - /bin/sh Polymorphic shellcode with printable ASCII characters
Linux/x86 - cmd shellcode null free (Generator)
(Generator) - Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)
Win32 - Multi-Format Shellcode Encoding Tool (Generator)
iOS - Version-independent shellcode
Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Bind Shellcode Password Protected (116 bytes)
Cisco IOS - Tiny Shellcode (New TTY_ Privilege level to 15_ No password)
HPUX - execve /bin/sh shellcode (58 bytes)
Linux/x86-64 - flush iptables rules shellcode (84 bytes)
Linux/x86-64 - connect-back semi-stealth shellcode (88+ bytes)
Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind shellcode (276 bytes)
Linux/MIPS - execve /bin/sh (56 bytes)
Linux/PPC - execve /bin/sh (60 bytes)
Linux/MIPS - execve /bin/sh shellcode (56 bytes)
Linux/PPC - execve /bin/sh shellcode (60 bytes)
Linux/PPC - connect back execve /bin/sh (240 bytes)
Linux/PPC - execve /bin/sh (112 bytes)
Linux/SPARC - connect back (216 bytes)
Linux/SPARC - portbind port 8975 (284 bytes)
Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh shellcode (240 bytes)
Linux/PPC - execve /bin/sh shellcode (112 bytes)
Linux/SPARC - connect back (192.168.100.1:2313) shellcode (216 bytes)
Linux/SPARC - portbind port 8975 shellcode (284 bytes)
Linux/x86 - Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) (34 bytes)
Linux/x86 - bindport 8000 & execve iptables -F (176 bytes)
Linux/x86 - bindport 8000 & add user with root access (225+ bytes)
Linux/x86 - Bind ASM Code Linux (179 bytes)
Linux/x86_64 - setuid(0) + execve(/bin/sh) (49 bytes)
Serial port shell binding & busybox Launching shellcode
Linux/x86 - File unlinker (18+ bytes)
Linux/x86 - Perl script execution (99+ bytes)
Linux/x86 - file reader (65+ bytes)
Linux/x86 - chmod(_/etc/shadow__666) & exit(0) (30 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) shellcode (34 bytes)
Linux/x86 - bindport 8000 & execve iptables -F shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux shellcode (179 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) shellcode (49 bytes)
Linux/x86 - Serial port shell binding & busybox Launching shellcode (82 bytes)
Linux/x86 - File unlinker shellcode (18+ bytes)
Linux/x86 - Perl script execution shellcode (99+ bytes)
Linux/x86 - file reader shellcode (65+ bytes)
Linux/x86 - chmod(_/etc/shadow__666) & exit(0) shellcode (30 bytes)
Linux/x86 - PUSH reboot() (30 bytes)
Linux/x86 - PUSH reboot() shellcode (30 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 (295 bytes)
Linux/x86 - edit /etc/sudoers for full access (86 bytes)
Ho' Detector - Promiscuous mode detector shellcode (56 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 shellcode (295 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access shellcode (86 bytes)
Linux/x86 - Ho' Detector - Promiscuous mode detector shellcode (56 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} (12 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} shellcode (12 bytes)
Linux/x86 - connect back_ download a file and execute (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode
Linux/x86 - connect back.send.exit /etc/shadow (155 bytes)
Linux/x86 - writes a php connectback shell to the fs (508 bytes)
Linux/x86 - rm -rf / attempts to block the process from being stopped (132 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off (79 bytes)
Linux/x86 - raw-socket ICMP/checksum shell (235 bytes)
Linux/x86 - /sbin/iptables -F (40 bytes)
Linux/x86 - kill all processes (11 bytes)
Linux/x86 - connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode (39 bytes)
Linux/x86 - connect back (Port )8192.send.exit /etc/shadow shellcode (155 bytes)
Linux/x86 - writes a php connectback shell (/var/www/cb.php) to the filesystem shellcode (508 bytes)
Linux/x86 - rm -rf / attempts to block the process from being stopped shellcode (132 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off shellcode (79 bytes)
Linux/x86 - raw-socket ICMP/checksum shell shellcode (235 bytes)
Linux/x86 - /sbin/iptables -F shellcode (40 bytes)
Linux/x86 - kill all processes shellcode (11 bytes)
Linux/x86 - /sbin/ipchains -F (40 bytes)
Linux/x86 - set system time to 0 and exit (12 bytes)
Linux/x86 - add root user r00t with no password to /etc/passwd (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow (36 bytes)
Linux/x86 - forkbomb (7 bytes)
Linux/x86 - /sbin/ipchains -F shellcode (40 bytes)
Linux/x86 - set system time to 0 and exit shellcode (12 bytes)
Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow shellcode (36 bytes)
Linux/x86 - forkbomb shellcode (7 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) (28 bytes)
Linux/x86 - execve(/bin/sh) (22 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111+ bytes)
Linux/x86 - executes command after setreuid (49+ bytes)
Linux/x86 - stdin re-open and /bin/sh exec shellcode
Linux/x86 - setuid(0) + execve(/bin/sh) shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) shellcode (22 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() shellcode (111+ bytes)
Linux/x86 - executes command after setreuid shellcode (49+ bytes)
Linux/x86 - stdin re-open and /bin/sh exec shellcode (39 bytes)
Linux/x86 - setuid/portbind shellcode (96 bytes)
Linux/x86 - portbind (define your own port) (84 bytes)
Linux/x86 - setuid/portbind (Port 31337) shellcode (96 bytes)
Linux/x86 - portbind (2707) shellcode (84 bytes)
Linux/x86 - SET_PORT() portbind (100 bytes)
Linux/x86 - SET_IP() Connectback Shellcode (82 bytes)
Linux/x86 - execve(/bin/sh) (24 bytes)
Linux/x86 - xor-encoded Connect Back Shellcode (371 bytes)
Linux/x86 - execve(/bin/sh) + ZIP Header (28 bytes)
Linux/x86 - execve(/bin/sh) + RTF Header (30 bytes)
Linux/x86 - execve(/bin/sh) + RIFF Header (28 bytes)
Linux/x86 - execve(/bin/sh) + Bitmap Header (27 bytes)
Linux/x86 - SWAP restore shellcode (109 bytes)
Linux/x86 - SWAP store shellcode (99 bytes)
Linux/x86 - Password Authentication portbind Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) (31 bytes)
Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) (37 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) (33 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68+ bytes)
Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes)
Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes)
Linux/x86 - execve(/bin/sh) shellcode (24 bytes)
Linux/x86 - xor-encoded Connect Back (127.0.0.1:80) Shellcode (371 bytes)
Linux/x86 - execve(/bin/sh) + ZIP Header shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + RTF Header shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + RIFF Header shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + Bitmap Header shellcode (27 bytes)
Linux/x86 - /tmp/swr to SWAP restore shellcode (109 bytes)
Linux/x86 - SWAP store from /tmp/sws shellcode (99 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) shellcode (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (31 bytes)
Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) shellcode (37 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (33 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP shellcode (68+ bytes)
Linux/x86 - execve /bin/sh anti-ids (40 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID (41 bytes)
Linux/x86 - execve /bin/sh (encoded by +1) (39 bytes)
Linux/x86 - Adduser without Password to /etc/passwd (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() (98 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) (39 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) (45 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() (32 bytes)
Linux/x86 - execve /bin/sh anti-ids shellcode (40 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID shellcode (41 bytes)
Linux/x86 - execve /bin/sh shellcode (encoded by +1) (39 bytes)
Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh shellcode (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) shellcode (39 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() shellcode (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) shellcode (45 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() shellcode (32 bytes)
Linux/x86 - normal exit with random (so to speak) return value (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) (51 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit (4 bytes)
Linux/x86 - reboot() (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) (31 bytes)
Linux/x86 - execve(/bin/sh) / PUSH (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console (63 bytes)
Linux/x86 - normal exit with random (so to speak) return value shellcode (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) shellcode (51 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes)
Linux/x86 - reboot() shellcode (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) / PUSH shellcode (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console shellcode (63 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); (29 bytes)
Linux/x86 - _exit(1); (7 bytes)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) (36 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); shellcode (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); shellcode (29 bytes)
Linux/x86 - _exit(1); shellcode (7 bytes)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) shellcode (36 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload (21 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (187+ bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (45 bytes)
Linux/x86 - chroot & standart (66 bytes)
Linux/x86 - upload & exec (189 bytes)
Linux/x86 - setreuid/execve (31 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload shellcode (21 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change shellcode (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change shellcode (187+ bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (45 bytes)
Linux/x86 - chroot & standart shellcode (66 bytes)
Linux/x86 - upload & exec shellcode (189 bytes)
Linux/x86 - setreuid/execve shellcode (31 bytes)
Linux/x86 - Radically Self Modifying Code (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code (76 bytes)
Linux/x86 - execve code (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); (21 bytes)
Linux/x86 - execve /bin/sh alphanumeric (392 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less (45 bytes)
Linux/x86 - symlink /bin/sh xoring (56 bytes)
Linux/x86 - portbind port 5074 toupper (226 bytes)
Linux/x86 - add user t00r ENCRYPT (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT (75 bytes)
Linux/x86 - symlink . /bin/sh (32 bytes)
Linux/x86 - kill snort (151 bytes)
Linux/x86 - shared memory exec (50 bytes)
Linux/x86 - iptables -F (45 bytes)
Linux/x86 - iptables -F (58 bytes)
Linux/x86 - Reverse telnet (134 bytes)
Linux/x86 - connect (120 bytes)
Linux/x86 - chmod 666 /etc/shadow (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy (126 bytes)
Linux/x86 - eject /dev/cdrom (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 (132 bytes)
Linux/x86 - ipchains -F (49 bytes)
Linux/x86 - chmod 666 /etc/shadow (82 bytes)
Linux/x86 - execve /bin/sh (29 bytes)
Linux/x86 - execve /bin/sh (24 bytes)
Linux/x86 - execve /bin/sh (38 bytes)
Linux/x86 - execve /bin/sh (30 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) (50 bytes)
Linux/x86 - portbind port 5074 (92 bytes)
Linux/x86 - portbind port 5074 + fork() (130 bytes)
Linux/x86 - add user t00r (82 bytes)
Linux/x86 - add user (104 bytes)
Linux/x86 - break chroot (34 bytes)
Linux/x86 - break chroot (46 bytes)
Linux/x86 - break chroot execve /bin/sh (80 bytes)
Linux/x86 - execve /bin/sh encrypted (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted (55 bytes)
Linux/x86 - execve /bin/sh tolower() evasion (41 bytes)
execve of /bin/sh after setreuid(0_0)
Linux - chroot()/execve() code (80 bytes)
Linux/x86 - execve /bin/sh toupper() evasion (55 bytes)
Linux/x86 - add user (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh (132 bytes)
Linux/x86_64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86_64 - execve(/bin/sh) (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes)
Linux/x86 & unix/SPARC & irix/mips - execve /bin/sh irx.mips (141 bytes)
Linux/x86 & unix/SPARC - execve /bin/sh (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh (38 bytes)
netbsd/x86 - kill all processes shellcode (23 bytes)
netbsd/x86 - callback shellcode (port 6666) (83 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes)
netbsd/x86 - execve /bin/sh (68 bytes)
openbsd/x86 - execve(/bin/sh) (23 bytes)
openbsd/x86 - portbind port 6969 (148 bytes)
openbsd/x86 - add user w00w00 (112 bytes)
OS-X/ppc - sync()_ reboot() (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() (72 bytes)
OS-X/PPC - Add user r00t (219 bytes)
OS-X/PPC - execve /bin/sh (72 bytes)
OS-X/PPC - add inetd backdoor (222 bytes)
OS-X/PPC - reboot (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh (88 bytes)
OS-X/PPC - create /tmp/suid (122 bytes)
OS-X/PPC - simple write() (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm (141 bytes)
sco/x86 - execve(_/bin/sh__ ..._ NULL); (43 bytes)
Solaris/SPARC - download and execute (278 bytes)
Solaris/SPARC - executes command after setreuid (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) (600 bytes)
Solaris/SPARC - setreuid/execve (56 bytes)
Solaris/SPARC - portbind (port 6666) (240 bytes)
Solaris/SPARC - execve /bin/sh (52 bytes)
Solaris/SPARC - portbind port 6789 (228 bytes)
Solaris/SPARC - connect-back (204 bytes)
Solaris/SPARC - portbinding shellcode
Linux/x86 - Radically Self Modifying Code shellcode (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code shellcode (76 bytes)
Linux/x86 - execve code shellcode (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); shellcode (21 bytes)
Linux/x86 - execve /bin/sh alphanumeric shellcode (392 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring shellcode (56 bytes)
Linux/x86 - portbind port 5074 toupper shellcode (226 bytes)
Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh shellcode (32 bytes)
Linux/x86 - kill snort shellcode (151 bytes)
Linux/x86 - shared memory exec shellcode (50 bytes)
Linux/x86 - iptables -F shellcode (45 bytes)
Linux/x86 - iptables -F shellcode (58 bytes)
Linux/x86 - Reverse telnet shellcode (134 bytes)
Linux/x86 - connect shellcode (120 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy shellcode (126 bytes)
Linux/x86 - eject /dev/cdrom shellcode (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 shellcode (132 bytes)
Linux/x86 - ipchains -F shellcode (49 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (82 bytes)
Linux/x86 - execve /bin/sh shellcode (29 bytes)
Linux/x86 - execve /bin/sh shellcode (24 bytes)
Linux/x86 - execve /bin/sh shellcode (38 bytes)
Linux/x86 - execve /bin/sh shellcode (30 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) shellcode (50 bytes)
Linux/x86 - portbind port 5074 shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() shellcode (130 bytes)
Linux/x86 - Add user _t00r_ shellcode (82 bytes)
Linux/x86 - Add user shellcode (104 bytes)
Linux/x86 - break chroot shellcode (34 bytes)
Linux/x86 - break chroot shellcode (46 bytes)
Linux/x86 - break chroot execve /bin/sh shellcode (80 bytes)
Linux/x86 - execve /bin/sh encrypted shellcode (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted shellcode (55 bytes)
Linux/x86 - execve /bin/sh tolower() evasion shellcode (41 bytes)
Linux/x86 - execve of /bin/sh after setreuid(0_0) shellcode (46+ bytes)
Linux/x86 - chroot()/execve() code shellcode (80 bytes)
Linux/x86 - execve /bin/sh toupper() evasion shellcode (55 bytes)
Linux/x86 - Add user _z_ shellcode (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh shellcode (132 bytes)
Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (121 bytes)
Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh shellcode (141 bytes)
Linux/x86 & Unix/SPARC - execve /bin/sh shellcode (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh shellcode (38 bytes)
NetBSD/x86 - kill all processes shellcode (23 bytes)
NetBSD/x86 - callback shellcode (port 6666) (83 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (30 bytes)
NetBSD/x86 - execve /bin/sh shellcode (68 bytes)
OpenBSD/x86 - execve(/bin/sh) ( shellcode 23 bytes)
OpenBSD/x86 - portbind port 6969 shellcode (148 bytes)
OpenBSD/x86 - Add user _w00w00_ (112 shellcode bytes)
OS-X/PPC - sync()_ reboot() shellcode (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() shellcode (72 bytes)
OS-X/PPC - Add user _r00t_ shellcode (219 bytes)
OS-X/PPC - execve /bin/sh shellcode (72 bytes)
OS-X/PPC - Add inetd backdoor shellcode (222 bytes)
OS-X/PPC - reboot shellcode (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh shellcode (88 bytes)
OS-X/PPC - create /tmp/suid shellcode (122 bytes)
OS-X/PPC - simple write() shellcode (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm shellcode (141 bytes)
SCO/x86 - execve(_/bin/sh__ ..._ NULL); shellcode (43 bytes)
Solaris/SPARC - download and execute shellcode (278 bytes)
Solaris/SPARC - executes command after setreuid shellcode (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) shellcode (600 bytes)
Solaris/SPARC - setreuid/execve shellcode (56 bytes)
Solaris/SPARC - portbind (port 6666) shellcode (240 bytes)
Solaris/SPARC - execve /bin/sh shellcode (52 bytes)
Solaris/SPARC - portbind port 6789 shellcode (228 bytes)
Solaris/SPARC - connect-bac shellcode k (204 bytes)
Solaris/SPARC - portbinding shellcode (240 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion (84 bytes)
Solaris/x86 - add services and execve inetd (201 bytes)
Unixware - execve /bin/sh (95 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell
Win32/XP SP2 (EN) - cmd.exe (23 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) shellcode (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion shellcode (84 bytes)
Solaris/x86 - Add services and execve inetd shellcode (201 bytes)
UnixWare - execve /bin/sh shellcode (95 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell shellcode
Win32/XP SP2 (EN) - cmd.exe shellcode (23 bytes)
Win32 -SEH omelet shellcode
Win32 - telnetbind by Winexec (111 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe (32 bytes)
Win32/XP SP2 - cmd.exe (57 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Tiny Download and Exec Shellcode (192 bytes)
Win32 - download and execute (124 bytes)
Win32 (NT/XP) - IsDebuggerPresent ShellCode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box (110 bytes)
Win32 - WinExec() Command Parameter (104+ bytes)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows NT/2000/XP - useradd shellcode for russian systems (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method (29 bytes)
Windows 9x/NT/2000/XP - PEB method (31 bytes)
Windows 9x/NT/2000/XP - PEB method (35 bytes)
Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes)
Windows XP/2000/2003 - Download File and Exec (241 bytes)
Windows XP - download and exec source
Windows XP SP1 - Portshell on port 58821 (116 bytes)
Windows - (DCOM RPC2) Universal Shellcode
Win64 - (URLDownloadToFileA) download and execute (218+ bytes)
Linux/x86 - kill all processes (9 bytes)
Linux - setuid(0) & execve(_/sbin/poweroff -f_) (47 bytes)
Linux - setuid(0) and cat /etc/shadow
Linux - chmod(/etc/shadow_ 0666) & exit() (33 bytes)
Linux - Linux/x86 execve() (51bytes)
Win32 - SEH omelet shellcode
Win32 - telnetbind by Winexec shellcode (111 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe shellcode (32 bytes)
Win32/XP SP2 - cmd.exe shellcode (57 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric shellcode (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) shellcode (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Tiny Download and Exec Shellcode (192 bytes)
Win32 - download and execute shellcode (124 bytes)
Win32/NT/XP - IsDebuggerPresent ShellCode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box shellcode (110 bytes)
Win32 - WinExec() Command Parameter shellcode (104+ bytes)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (35 bytes)
Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes)
Windows XP/2000/2003 - Download File and Exec shellcode (241 bytes)
Windows XP - download and exec source shellcode
Windows XP SP1 - Portshell on port 58821 shellcode (116 bytes)
Windows - (DCOM RPC2) Universal Shellcode
Win64 - (URLDownloadToFileA) download and execute shellcode (218+ bytes)
Linux/x86 - kill all processes shellcode (9 bytes)
Linux/x86 - setuid(0) & execve(_/sbin/poweroff -f_) shellcode (47 bytes)
Linux/x86 - setuid(0) and cat /etc/shadow shellcode (49 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) & exit() shellcode (33 bytes)
Linux/x86 - Linux/x86 execve() shellcode (51 bytes)
Windows XP SP2 - PEB ISbeingdebugged shellcode
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' (43 bytes)
Win32 XP SP3 - ShellExecuteA shellcode
Linux - setreuid (0_0) & execve(/bin/rm /etc/shadow)
Win32 XP SP3 - addFirewallRule
freebsd/x86 - portbind shellcode (167 bytes)
Win32/XP SP2 - calc.exe (45 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe (23 bytes)
Linux/x86 - chmod 666 /etc/shadow (27 bytes)
Linux/x86 - break chroot (79 bytes)
Linux/x86 - fork bomb (6 bytes)
Linux/x86 - append _/etc/passwd_ & exit() (107 bytes)
Windows XP SP2 - PEB ISbeingdebugged shellcode (56 bytes)
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' shellcode (43 bytes)
Win32 XP SP3 - ShellExecuteA shellcode
Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) shellcode
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 shellcode
FreeBSD/x86 - portbind (Port 1337) shellcode (167 bytes)
Win32/XP SP2 - calc.exe shellcode (45 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() shellcode (35 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe shellcode (23 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (27 bytes)
Linux/x86 - break chroot shellcode (79 bytes)
Linux/x86 - fork bomb shellcode (6 bytes)
Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)
Linux/x86 - eject /dev/cdrom (42 bytes)
Win32 XP SP2 FR - calc (19 bytes)
Linux/x86 - eject /dev/cdrom shellcode (42 bytes)
Win32 XP SP2 FR - calc shellcode (19 bytes)
Linux/x86 - ip6tables -F (47 bytes)
Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes)
Linux i686 - pacman -R <package> (59 bytes)
Linux - bin/cat /etc/passwd (43 bytes)
Win32 XP SP3 English - cmd.exe (26 bytes)
Win32 XP SP2 Turkish - cmd.exe (26 bytes)
Linux/x86 - /bin/sh (8 bytes)
Linux/x86 - execve /bin/sh (21 bytes)
Windows XP Home Edition SP2 English - calc.exe (37 bytes)
Windows XP Home Edition SP3 English - calc.exe (37 bytes)
Linux/x86 - disabled modsecurity (64 bytes)
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Linux/x86 - ip6tables -F shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) shellcode (64 bytes)
Linux/i686 - pacman -R <package> shellcode (59 bytes)
Linux/x86 - bin/cat /etc/passwd shellcode (43 bytes)
Win32 XP SP3 English - cmd.exe shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe shellcode (26 bytes)
Linux/x86 - /bin/sh shellcode (8 bytes)
Linux/x86 - execve /bin/sh shellcode (21 bytes)
Windows XP Home Edition SP2 English - calc.exe shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe shellcode (37 bytes)
Linux/x86 - disabled modsecurity shellcode (64 bytes)
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox (Metasploit)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox shellcode (Metasploit)
chmod(_/etc/shadow__ 0666) shellcode (36 bytes)
execve(_/bin/sh_) shellcode (25 bytes)
DoS-Badger-Game shellcode (6 bytes)
SLoc-DoS shellcode (55 bytes)
execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
chmod(_/etc/shadow__ 0777) Shellcode(33 bytes)
chmod(_/etc/shadow__ 0777) shellcode (29 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0666) shellcode (36 bytes)
Linux/x86-64 - execve(_/bin/sh_) shellcode (25 bytes)
Linux/x86 - DoS-Badger-Game shellcode (6 bytes)
Linux/x86 - SLoc-DoS shellcode (55 bytes)
Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) shellcode (29 bytes)
Linux/x86 - polymorphic forkbombe (30 bytes)
Linux/x86 - forkbomb
setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86_64 - reboot(POWER_OFF) shellcode (19 bytes)
Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes)
Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) (27 bytes)
Linux/x86 - polymorphic forkbombe shellcode (30 bytes)
Linux/x86 - forkbomb shellcode (6 bytes)
Linux/x86 - setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86-64 - reboot(POWER_OFF) shellcode (19 bytes)
Linux/x86-64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) shellcode (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) shellcode (57 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); shellcode (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) shellcode (45 bytes)
Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) shellcode (27 bytes)
Solaris/x86 - Reboot() (37 bytes)
Solaris/x86 - Remote Download file (79 bytes)
Linux/x86 - Disable randomize stack addresse (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83
Solaris/x86 - Reboot() shellcode (37 bytes)
Solaris/x86 - Remote Download file shellcode (79 bytes)
Linux/x86 - Disable randomize stack addresse shellcode (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
change mode 0777 of _/etc/shadow_ with sys_chmod syscall (39 bytes)
Linux/x86 - kill all running process (11 bytes)
change mode 0777 of _/etc/passwd_ with sys_chmod syscall (39 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Linux/x86 - Polymorphic setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - kill all running process shellcode (11 bytes)
Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - hard / unclean reboot (29 bytes)
Linux/x86 - hard / unclean reboot (33 bytes)
Solaris/x86 - SystemV killall command (39 bytes)
Linux/x86 - hard / unclean reboot shellcode (29 bytes)
Linux/x86 - hard / unclean reboot shellcode (33 bytes)
Solaris/x86 - SystemV killall command shellcode (39 bytes)
Linux/x86 - give all user root access when execute /bin/sh (45 bytes)
Linux/x86 - give all user root access when execute /bin/sh shellcode (45 bytes)
Linux/x86 - netcat connect back port 8080 (76 bytes)
Linux/x86 - netcat connect back port 8080 shellcode (76 bytes)
Windows - MessageBoxA Shellcode
Windows - MessageBoxA Shellcode (238 bytes)
Solaris/x86 - Sync() & reboot() & exit(0) (48 bytes)
Solaris/x86 - Sync() & reboot() & exit(0) shellcode (48 bytes)
Linux/x86_64 - Disable ASLR Security (143 bytes)
Linux/x86-64 - Disable ASLR Security shellcode (143 bytes)
Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) (131 bytes)
Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) shellcode (131 bytes)
Linux/x86_64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes)
Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) shellcode (63 bytes)
Linux/x86_64 - Add root user with password (390 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ shellcode (390 bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess (176+ bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess shellcode (176+ bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) shellcode (28 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) shellcode (30 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) shellcode (84 bytes)
Linux/ARM - Disable ASLR Security (102 bytes)
Linux/ARM - Disable ASLR Security shellcode (102 bytes)
Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded (78 bytes)
Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded shellcode (78 bytes)
Linux/x86 - bind shell port 64533 (97 bytes)
Linux/x86 - bind shell port 64533 shellcode (97 bytes)
Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode (161 bytes)
Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes)
Linux - 125 bind port to 6778 XOR encoded polymorphic
Linux - 125 bind port to 6778 XOR encoded polymorphic shellcode (125 bytes)
Linux - nc -lp 31337 -e /bin//sh polymorphic shellcode (91 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic shellcode (91 bytes)
Win32 - Write-to-file Shellcode
Win32 - Write-to-file Shellcode (278 bytes)
Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) shellcode (49 bytes)
Linux/x86 - netcat bindshell port 8080 (75 bytes)
Linux/x86 - netcat bindshell port 8080 shellcode (75 bytes)
Mini-Stream RM-MP3 Converter 3.1.2.1 - (.pls) Stack Buffer Overflow universal
PHP-Nuke 8.1 SEO Arabic - Remote File Include
bds/x86 - bindshell on port 2525 shellcode (167 bytes)
BSD/x86 - bindshell on port 2525 shellcode (167 bytes)
Win32 - Shellcode Checksum Routine (18 bytes)
Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) (27 bytes)
Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (27 bytes)
Integard Home and Pro 2 - Remote HTTP Buffer Overflow Exploit
Audiotran 1.4.2.4 SEH Overflow Exploit
Joomla Component (com_elite_experts) SQL Injection
Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)
Traidnt UP - Cross-Site Request Forgery Add Admin Account
Allpc 2.5 osCommerce - (SQL/XSS) Multiple Vulnerabilities
Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes)
Win32 - add new local administrator (326 bytes)
Win32/XP Pro SP3 (EN) 32-bit - Add new local administrator _secuid0_ shellcode (113 bytes)
Win32 - Add new local administrator shellcode _secuid0_ (326 bytes)
HP Data Protector Media Operations NULL Pointer Dereference Remote DoS
AnyDVD <= 6.7.1.0 - Denial of Service
ARM - Bindshell port 0x1337
ARM - Bind Connect UDP Port 68
ARM - Loader Port 0x1337
ARM - ifconfig eth0 and Assign Address
ARM - Bindshell port 0x1337shellcode
ARM - Bind Connect UDP Port 68 shellcode
ARM - Loader Port 0x1337 shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode
Linux/ARM - add root user with password (151 bytes)
Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes)
OS-X/Intel - setuid shell x86_64 (51 bytes)
OS-X/Intel - setuid shell x86_64 shellcode (51 bytes)
Create a New User with UID 0 - ARM (Metasploit)
ARM - Create a New User with UID 0 shellcode (Metasploit) (Generator) (66+ bytes)
Windows Win32k Pointer Dereferencement PoC (MS10-098)
Win32 - speaking shellcode
bds/x86 - connect back Shellcode (81 bytes)
bds/x86 - portbind + fork shellcode (111 bytes)
bsd/x86 - connect back Shellcode (81 bytes)
BSD/x86 - 31337 portbind + fork shellcode (111 bytes)
Win32 - eggsearch shellcode (33 bytes)
Arkeia Backup Client Type 77 - Overflow (Win32)
Oracle 9i XDB FTP PASS Overflow (Win32)
SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow
SHTTPD <= 1.34 - URI-Encoded POST Request Overflow (Win32)
Icecast <= 2.0.1 - Header Overwrite (Win32)
McAfee ePolicy Orchestrator / ProtectionPilot Overflow
Oracle 9i XDB HTTP PASS Overflow (Win32)
Linux/SuperH - sh4 - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) (43 bytes)
Linux/SuperH (sh4) - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) shellcode (43 bytes)
Linux/x86 - netcat bindshell port 6666 (69 bytes)
Linux/x86 - netcat bindshell port 6666 shellcode (69 bytes)
OS-X/Intel - reverse_tcp shell x86_64 (131 bytes)
OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes)
Windows - WinExec add new local administrator + ExitProcess Shellcode (279 bytes)
Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)
Linux/x86 - ASLR deactivation (83 bytes)
Linux/x86 - ASLR deactivation shellcode (83 bytes)
Linux/x86 - ConnectBack with SSL connection (422 bytes)
Linux/x86 - ConnectBack with SSL connection shellcode (422 bytes)
SuperH (sh4) - Add root user with password (143 bytes)
Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)
Linux/MIPS - execve (52 bytes)
Linux/MIPS - execve shellcode (52 bytes)
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS
Linux/SuperH - sh4 - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) (27 bytes)
Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) shellcode (27 bytes)
Linux/MIPS - execve /bin/sh (48 bytes)
Linux/MIPS - add user(UID 0) with password (164 bytes)
Linux/MIPS - execve /bin/sh shellcode (48 bytes)
Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes)
Linux/x86_64 - execve(/bin/sh) (52 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (52 bytes)
Linux/MIPS - reboot() (32 bytes)
Linux/MIPS - reboot() shellcode (32 bytes)
GdiDrawStream BSoD using Safari
Linux/x86 - Polymorphic ShellCode - setuid(0)+setgid(0)+add user 'iph' without password to /etc/passwd
Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd
Linux/x86 - Search For php/html Writable Files and Add Your Code (380+ bytes)
Linux/x86 - Search For php/html Writable Files and Add Your Code shellcode (380+ bytes)
Linux/x86_64 - add user with passwd (189 bytes)
Linux/x86-64 - Add user _t0r_ with password _Winner_ shellcode (189 bytes)
Linux/x86 - execve(/bin/dash) (42 bytes)
Linux/x86 - execve(/bin/dash) shellcode (42 bytes)
Linux/x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes)
Linux/x86 - chmod 666 /etc/passwd & /etc/shadow shellcode (57 bytes)
Microsoft Windows Kernel - Intel x64 SYSRET PoC
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) (41 bytes)
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) shellcode (41 bytes)
Windows XP Pro SP3 - Full ROP calc shellcode
Windows XP Pro SP3 - Full ROP calc shellcode (428 bytes)
Novell Client 2 SP3 - nicm.sys Local Privilege Escalation
MIPS Little Endian - Shellcode
MIPS - (Little Endian) system() Shellcode (80 bytes)
Windows RT ARM - Bind Shell (Port 4444)
Windows RT ARM - Bind Shell (Port 4444) shellcode
Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation
Linux/x86 - Multi-Egghunter
Linux/x86 - Multi-Egghunter shellcode
MIPS Little Endian - Reverse Shell Shellcode (Linux)
Linux/MIPS - (Little Endian) Reverse Shell (192.168.1.177:31337) Shellcode (200 bytes)
Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation
Windows - Add Admin User Shellcode (194 bytes)
Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)
OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation
MQAC.sys Arbitrary Write Privilege Escalation
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes)
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh shellcode (378 bytes)
VirtualBox 3D Acceleration Virtual Machine Escape
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes)
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)
Connect Back (139 bytes)
Linux/x86-64 - Connect Back shellcode (139 bytes)
Linux/x86 - Add map in /etc/hosts file
Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) shellcode (77 bytes)
Microsoft Bluetooth Personal Area Networking - (BthPan.sys) Privilege Escalation
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Position independent & Alphanumeric 64-bit execve(_/bin/sh\0__NULL_NULL); (87 bytes)
Linux/x86-64 - Position independent & Alphanumeric execve(_/bin/sh\0__NULL_NULL); shellcode (87 bytes)
Offset2lib: Bypassing Full ASLR On 64 bit Linux
Linux/x86 - rmdir (37 bytes)
Linux/x86 - rmdir shellcode (37 bytes)
Linux/x64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x64 - Reverse TCP connect (77 to 85 bytes / 90 to 98 bytes with password)
Linux/x86-64 - Reverse TCP connect shellcode (77 to 85 bytes / 90 to 98 bytes with password)
RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation
RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation
Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Linux/MIPS - execve (36 bytes)
Linux/MIPS - execve /bin/sh shellcode (36 bytes)
Windows XP x86-64 - Download & execute (Generator)
Windows XP x86-64 - Download & execute shellcode (Generator)
Linux Kernel <= 3.17.5 - IRET Instruction #SS Fault Handling Crash PoC
Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow (55 bytes)
Linux/MIPS - (Little Endian) Chmod 666 /etc/shadow shellcode (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd shellcode (55 bytes)
Reads Data From /etc/passwd To /tmp/outfile (118 bytes)
Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile shellcode (118 bytes)
Linux/x86 - ROT13 encoded execve(_/bin/sh_) (68 bytes)
Linux/x86 - ROT13 encoded execve(_/bin/sh_) shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated (84 bytes)
Linux/x86 - Obfuscated map google.com to 127.1.1.1 (98 bytes)
Linux/x86 - Obfuscated execve(_/bin/sh_) (40 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated shellcode (84 bytes)
Linux/x86 - Obfuscated map google.com to 127.1.1.1 shellcode (98 bytes)
Linux/x86 - Obfuscated execve(_/bin/sh_) shellcode (40 bytes)
Linux/x86 - Reverse TCP Shell (72 bytes)
Linux/x86 - TCP Bind Shell (96 bytes)
Linux/x86 - Reverse TCP Shell shellcode (72 bytes)
Linux/x86 - TCP Bind Shel shellcode l (96 bytes)
Linux - Disable ASLR (84 bytes)
Linux/x86 - Disable ASLR shellcode (84 bytes)
Linux/x86 - Egg-hunter (20 bytes)
Linux/x86 - Egg-hunter shellcode (20 bytes)
Create 'my.txt' Working Directory (37 bytes)
Linux/x86 - Create 'my.txt' Working Directory shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) (49 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) shellcode (49 bytes)
Win32/XP SP3 - Create (_file.txt_) (83 bytes)
Win32/XP SP3 - Restart computer
Linux - custom execve-shellcode Encoder/Decoder
Win32/XP SP3 - Create (_file.txt_) shellcode (83 bytes)
Win32/XP SP3 - Restart computer shellcode (57 bytes)
Linux/x86 - custom execve-shellcode Encoder/Decoder
Linux/x86_64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86 - exit(0) (6 bytes)
Linux/x86 - exit(0) shellcode (6 bytes)
Windows 8.0 < 8.1 x64 - TrackPopupMenu Privilege Escalation (MS14-058)
Linux/x86 - chmod() 777 /etc/shadow & exit() (33 bytes)
Linux/x86 - chmod() 777 /etc/shadow & exit() shellcode (33 bytes)
Linux/x86 - /etc/passwd Reader (58 bytes)
Linux/x86 - /etc/passwd Reader shellcode (58 bytes)
Linux/x86 - mkdir HACK & chmod 777 and exit(0) (29 bytes)
Linux/x86 - Netcat BindShell Port 5555 (60 bytes)
Linux/x86 - mkdir HACK & chmod 777 and exit(0) shellcode (29 bytes)
Linux/x86 - Netcat BindShell Port 5555 shellcode (60 bytes)
Linux/x86_64 - execve(/bin/sh) (30 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (30 bytes)
Linux/x86 - Download & Execute
Linux/x86 - Reboot (28 bytes)
Linux/x86 - Download & Execute shellcode
Linux/x86 - Reboot shellcode (28 bytes)
Linux/x86 - execve /bin/sh (23 bytes)
Linux/x86 - execve /bin/sh shellcode (23 bytes)
Linux 64bit - Encoded execve shellcode
Linux/x86-64 - Encoded execve shellcode (57 bytes)
encoded 64 bit execve shellcode
Linux/x86-64 - encoded execve shellcode (57 bytes)
Win32/XP SP3 (TR) - MessageBox (24 bytes)
Win32/XP SP3 (TR) - MessageBox shellcode (24 bytes)
Windows XP SP3 x86 / 2003 SP2 x86 - NDProxy Privilege Escalation (MS14-002)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free (199 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes)
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
Adobe Flash XMLSocket Destructor Not Cleared Before Setting User Data in connect
Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash Shared Object Type Confusion
Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash Shared Object Type Confusion
Windows 2003 x64 - Token Stealing shellcode (59 bytes)
OS-X x64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
Mainframe/System Z - Bind Shell
Mainframe/System Z - Bind Shell shellcode (2488 bytes)
ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC
Linux/x86 - execve(/bin/bash) (31 bytes)
Linux/x86 - execve(/bin/bash) shellcode (31 bytes)
Linux/x86 - Create file with permission 7775 and exit (Shell Generator)
Linux/x86 - Create file with permission 7775 and exit shellcode (Generator)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) (75 bytes)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) shellcode (75 bytes)
OS-X x64 - tcp bind shellcode_ NULL byte free (144 bytes)
OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes)
Linux/x86_64 - /bin/sh
Linux/x86-64 - /bin/sh shellcode
Android Shellcode Telnetd with Parameters
Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Microsoft Windows - Font Driver Buffer Overflow (MS15-078)
Linux/x86_64 - execve Shellcode (22 bytes)
Linux/x86-64 - execve Shellcode (22 bytes)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)
Windows Kernel - WindowStation Use-After-Free (MS15-061)
Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)
Windows Kernel - WindowStation Use-After-Free (MS15-061)
Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)
Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097)
Truecrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation
Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application)
Linux/x86_64 - Bindshell with Password (92 bytes)
Linux/x86-64 - Bindshell with Password shellcode (92 bytes)
Symantec pcAnywhere 12.5.0 Windows x86 - Remote Code Execution
Linux/x64 - egghunter (24 bytes)
Linux/x86-64 - egghunter shellcode (24 bytes)
Linux/x86_64 - Polymorphic execve Shellcode (31 bytes)
Linux/x86-64 - Polymorphic execve Shellcode (31 bytes)
Windows XP<10 - Null-Free WinExec Shellcode (Python)
Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator)
win32k Desktop and Clipboard - Null Pointer Derefence
win32k Clipboard Bitmap - Use-After-Free
win32k Desktop and Clipboard - Null Pointer Derefence
win32k Clipboard Bitmap - Use-After-Free
Microsoft Windows 8.1 - win32k Local Privilege Escalation (MS15-010)
Adobe Flash Selection.SetSelection - Use-After-Free
Adobe Flash Sound.setTransform - Use-After-Free
Linux/x64 - Bind TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind TCP Port Shellcode (103 bytes)
Linux/x86_64 - bind TCP port shellcode (103 bytes)
TCP Bindshell with Password Prompt (162 bytes)
Linux/x86-64 - bind TCP port shellcode (103 bytes)
Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes)
TCP Reverse Shell with Password Prompt (151 bytes)
Linux/x86-64 - TCP Reverse Shell with Password Prompt shellcode (151 bytes)
Linux/x86_64 - Egghunter (18 bytes)
Linux/x86 - Egg-hunter (13 bytes)
Linux/x86-64 - Egghunter shellcode (18 bytes)
Linux/x86 - Egg-hunter shellcode (13 bytes)
Adobe Flash - Use-After-Free When Setting Stage
Linux/x86_64 - xor/not/div Encoded execve Shellcode (54 bytes)
Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes)
Linux x86 & x86_64 - reverse_tcp Shellcode
Linux x86 & x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 & x86_64 - tcp_bind Shellcode
Linux x86 & x86_64 - Read etc/passwd Shellcode
Linux x86 & x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 & x86_64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (1) (122 bytes)
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (1) (122 bytes)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode
Linux/x86_64 - Polymorphic Execve-Stack (47 bytes)
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode (135 bytes)
Linux/x86-64 - Polymorphic Execve-Stack shellcode (47 bytes)
Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040)
Linux/ARM - Connect back to {ip:port} with /bin/sh (95 bytes)
Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh shellcode (95 bytes)
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Microsoft Windows 7 x64 - afd.sys Privilege Escalation (MS14-040)
Linux/x86_64 - Reverse Shell Shellcode
Linux/x86-64 - Reverse Shell Shellcode
Linux/x86_64 - execve(/bin/sh) (26 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (26 bytes)
Linux/x86_64 - execve(/bin/sh) (25 bytes)
Linux/x86_64 - execve(/bin/bash) (33 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (25 bytes)
Linux/x86-64 - execve(/bin/bash) shellcode (33 bytes)
Linux/x86_64 - bindshell (Pori: 5600) (81 bytes)
Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes)
Linux/x86_64 - Read /etc/passwd (65 bytes)
Linux/x86-64 - Read /etc/passwd shellcode (65 bytes)
Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)
Linux/x86_64 - bindshell (Port 5600) (86 bytes)
Linux/x86-64 - bindshell (Port 5600) shellcode (86 bytes)
Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode
Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode (394 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6)
Linux/x86 - Bind TCP Port 1472 (IPv6) (1250 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes)
Linux/x86 - Bind TCP Port 1472 (IPv6) shellcode (1250 bytes)
Linux/x64 - Bind Shell Shellcode (Generator)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
Linux/x86-64 - Bind Shell Shellcode (Generator)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
Win32 .Net Framework - Execute Native x86 Shellcode
Linux/x86_64 - Bind TCP Port 1472 (IPv6)
Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes)
Linux/x86_64 - Reverse TCP (IPv6)
Linux/x86-64 - Reverse TCP shellcode (IPv6) (203 bytes)
Linux/x86 - Bindshell with Configurable Port (87 bytes)
Linux/x86 - Bindshell with Configurable Port shellcode (87 bytes)
Linux/x86_64 - Null-Free Reverse TCP Shell
Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes)
Linux/x86_64 - Information Stealer Shellcode
Linux/x86-64 - Information Stealer Shellcode (399 bytes)
Linux/x86 - TCP Bind Shell Port 4444 (656 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes)
Linux/x86_64 - XOR Encode execve Shellcode
Linux/x86-64 - XOR Encode execve Shellcode
Windows x86 - WinExec(_cmd.exe__0) Shellcode
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Windows x86 - system(_systeminfo_) Shellcode
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)
Windows - Custom Font Disable Policy Bypass
PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit)
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Linux/x86_64 - /etc/passwd File Sender Shellcode
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)
Windows 7 SP1 x86 - Privilege Escalation (MS16-014)
Linux 64bit - NetCat Bind Shell Shellcode (64 bytes)
Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes)
Linux/x86 - TCP Bind Shell Port 4444 (98 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes)
Linux 64bit - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)
Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)
Linux/x86_64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes)
Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password shellcode (172 bytes)
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 shellcode (68 bytes)
2016-07-18 05:02:52 +00:00
Offensive Security