bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1195 commits 1 branch 0 tags 351 MiB
Commit graph

4 commits

Author SHA1 Message Date
Offensive Security
be57520c6f DB: 2016-12-21 
2 new exploits

FlashGet 1.9 - (FTP PWD Response) Remote Buffer Overflow (PoC)
FlashGet 1.9 - 'FTP PWD Response' Remote Buffer Overflow (PoC)

VMware Workstation - 'hcmon.sys 6.0.0.45731' Local Denial of Service
VMware Workstation 6.5.1 - 'hcmon.sys 6.0.0.45731' Local Denial of Service

Flashget 3.x - IEHelper Remote Exec (PoC)
FlashGet 3.x - IEHelper Remote Exec (PoC)

Rosoft media player 4.4.4 - Buffer Overflow (SEH) (PoC)
Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (PoC)
Google Android -  WifiNative::setHotlist Stack Overflow
Microsoft Internet Explorer 11 MSHTML - CSplice­Tree­Engine::Remove­Splice Use-After-Free (MS14-035)
FlashGet 1.9.0.1012 - (FTP PWD Response) SEH STACK Overflow
FlashGet 1.9.0.1012 - (FTP PWD Response) Buffer Overflow (SafeSEH)
FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow
FlashGet 1.9.0.1012 - 'FTP PWD Response' Buffer Overflow (SafeSEH)

freeFTPd - Remote Authentication Bypass
freeFTPd 1.2.6 - Remote Authentication Bypass

freeFTPd 1.0.10 - 'PASS' SEH Overflow (Metasploit)
freeFTPd 1.0.10 - 'PASS' SEH Buffer Overflow (Metasploit)

freeFTPd - 'PASS' Buffer Overflow (Metasploit)
freeFTPd 1.0.10 - 'PASS' Buffer Overflow (Metasploit)
AlberT-EasySite 1.0a5 - (PSA_PATH) Remote File Inclusion
iziContents RC6 - GLOBALS[] Remote Code Execution
AlberT-EasySite 1.0a5 - 'PSA_PATH' Parameter Remote File Inclusion
iziContents RC6 - Remote Code Execution

SunShop Shopping Cart 3.5 - 'abs_path' Remote File Inclusion
SunShop Shopping Cart 3.5 - 'abs_path' Parameter Remote File Inclusion

SunShop 4.0 RC 6 - 'Search' Blind SQL Injection
SunShop Shopping Cart 4.0 RC 6 - 'Search' Blind SQL Injection

izicontents rc6 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities
iziContents rc6 - Remote File Inclusion / Local File Inclusion
gelato CMS 0.95 - (img) Remote File Disclosure
dotCMS 1.6 - 'id' Multiple Local File Inclusion
ZeeJobsite 2.0 - (adid) SQL Injection
gelato CMS 0.95 - 'img' Parameter Remote File Disclosure
dotCMS 1.6 - 'id' Parameter Local File Inclusion
Zeeways ZeeJobsite 2.0 - 'adid' Parameter SQL Injection

XNova 0.8 sp1 - (xnova_root_path) Remote File Inclusion
XNova 0.8 sp1 - 'xnova_root_path' Parameter Remote File Inclusion

PHPBasket - 'product.php pro_id' SQL Injection
PHPBasket - 'pro_id' Parameter SQL Injection
Ad Board - 'id' SQL Injection
SunShop 4.1.4 - 'id' SQL Injection
Banner Management Script - 'tr.php id' SQL Injection
Ad Board - 'id' Parameter SQL Injection
SunShop Shopping Cart 4.1.4 - 'id' Parameter SQL Injection
Banner Management Script - 'id' Parameter SQL Injection
phpBazar 2.0.2 - (adid) SQL Injection
webEdition CMS - (we_objectID) Blind SQL Injection
CustomCMS 4.0 - (CCMS) print.php SQL Injection
phpBazar 2.0.2 - 'adid' Parameter SQL Injection
webEdition CMS - 'we_objectID' Parameter Blind SQL Injection
CustomCMS 4.0 - 'print.php' SQL Injection

TinyCMS 1.1.2 - (templater.php) Local File Inclusion
TinyCMS 1.1.2 - 'templater.php' Local File Inclusion
onenews Beta 2 - (Cross-Site Scripting / HTML Injection / SQL Injection) Multiple Vulnerabilities
5 star review - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection
5 star review - Cross-Site Scripting / SQL Injection

Web Directory Script 2.0 - (name) SQL Injection
Web Directory Script 2.0 - 'name' Parameter SQL Injection

Crafty Syntax Live Help 2.14.6 - (department) SQL Injection
Crafty Syntax Live Help 2.14.6 - 'department' Parameter SQL Injection
k-rate - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
CMME 1.12 - (Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory) Multiple Vulnerabilities
Thickbox Gallery 2.0 - (Admins.php) Admin Data Disclosure
k-rate - SQL Injection / Cross-Site Scripting
CMME 1.12 - Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory
Thickbox Gallery 2.0 - 'Admins.php' Admin Data Disclosure

phpMyRealty 1.0.9 - Multiple SQL Injections
PHPMyRealty 1.0.9 - Multiple SQL Injections
brim 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Web Directory Script 1.5.3 - (site) SQL Injection
Words tag script 1.2 - (word) SQL Injection
Brim 2.0.0 - SQL Injection / Cross-Site Scripting
Web Directory Script 1.5.3 - 'site' Parameter SQL Injection
Words tag script 1.2 - 'word' Parameter SQL Injection

WeBid 0.5.4 - (item.php id) SQL Injection
WeBid 0.5.4 - 'item.php' SQL Injection

ZeeJobsite 2.0 - Arbitrary File Upload
Zeeways ZeeJobsite 2.0 - Arbitrary File Upload

BandSite CMS 1.1.4 - (members.php memid) SQL Injection
BandSite CMS 1.1.4 - 'members.php' SQL Injection

Thickbox Gallery 2 - 'index.php ln' Local File Inclusion
Thickbox Gallery 2 - 'index.php' Local File Inclusion

Joomla! Component 'com_wmtpic' 1.0 - SQL Injection
Joomla! Component com_wmtpic 1.0 - SQL Injection
Joomla! Component 'com_redshop' 1.0 - Local File Inclusion
Joomla! Component 'com_redtwitter' 1.0 - Local File Inclusion
Joomla! Component redSHOP 1.0 - Local File Inclusion
Joomla! Component redTWITTER 1.0 - Local File Inclusion
Joomla! Component 'com_svmap' 1.1.1 - Local File Inclusion
Joomla! Component 'com_shoutbox' - Local File Inclusion
Joomla! Component SVMap 1.1.1 - Local File Inclusion
Joomla! Component Shoutbox Pro - Local File Inclusion

Joomla! Component 'com_sebercart' 1.0.0.12 - Local File Inclusion
Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion

Joomla! Component 'com_xobbix' 1.0 - 'prodid' Parameter SQL Injection
Joomla! Component XOBBIX 1.0 - 'prodid' Parameter SQL Injection

Joomla! Component 'com_vjdeo' 1.0 - Local File Inclusion
Joomla! Component VJDEO 1.0 - Local File Inclusion

Joomla! Component 'com_realtyna' 1.0.15 - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion

Joomla! Component 'com_powermail' 1.5.3 - Local File Inclusion
Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion

Joomla! Component 'com_properties' - 'aid' Parameter SQL Injection
Joomla! Component Real Estate Property 3.1.22-03 - 'aid' Parameter SQL Injection

Joomla! Component 'com_tweetla' - Local File Inclusion
Joomla! Component TweetLA 1.0.1 - Local File Inclusion
Joomla! Component 'com_preventive' - Local File Inclusion
Joomla! Component 'com_rokmodule' - 'moduleid' Parameter Blind SQL Injection
Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
Joomla! Component RokModule 1.1 - 'moduleid' Parameter Blind SQL Injection

Joomla! Component 'com_travelbook' 1.0.1 - Local File Inclusion
Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion

Joomla! Component 'com_webtv' - Local File Inclusion
Joomla! Component Web TV 1.0 - Local File Inclusion

Joomla! Component 'com_onlineexam' - Local File Inclusion
Joomla! Component Online Exam 1.5.0 - Local File Inclusion

Joomla! Component 'com_sweetykeeper' - Local File Inclusion
Joomla! Component Sweetykeeper 1.5 - Local File Inclusion

Joomla! Component 'com_sermonspeaker' - SQL Injection
Joomla! Component SermonSpeaker - SQL Injection

Joomla! Component 'com_QPersonel' - SQL Injection
Joomla! Component QPersonel 1.0.2 - SQL Injection

Joomla! Component 'com_photobattle' - Local File Inclusion
Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
Joomla! Component 'com_zimbcomment' - Local File Inclusion
Joomla! Component 'com_zimbcore' - Local File Inclusion
Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
Joomla! Component ZiMBCore 0.1 - Local File Inclusion
Joomla! Component 'com_wmi' - Local File Inclusion
Joomla! Component 'com_orgchart' - Local File Inclusion
Joomla! Component WMI 1.5.0 - Local File Inclusion
Joomla! Component OrgChart 1.0.0 - Local File Inclusion

Joomla! Component 'com_ultimateportfolio' - Local File Inclusion
Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion

Joomla! Component 'com_smartsite' - Local File Inclusion
Joomla! Component SmartSite 1.0.0 - Local File Inclusion

Joomla! Component 'com_simpledownload' 0.9.5 - Local File Inclusion
Joomla! Component simpledownload 0.9.5 - Local File Inclusion

Joomla! Component 'com_simpledownload' 0.9.5 - Local File Disclosure
Joomla! Component simpledownload 0.9.5 - Local File Disclosure

Wordpress Plugin TinyBrowser - Arbitrary File Upload
WordPress Plugin TinyBrowser - Arbitrary File Upload

Joomla! Component 'com_qpersonel' 1.0 - SQL Injection
Joomla! Component Q-Personel 1.0 - SQL Injection

Joomla! Component 'com_searchlog' - SQL Injection
Joomla! Component Search Log 3.1.0 - SQL Injection

Joomla! Component 'com_oziogallery' 2 - Multiple Vulnerabilities
Joomla! Component Ozio Gallery 2 - Multiple Vulnerabilities

Joomla! Component 'com_picasa2gallery' - Local File Inclusion
Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion

Joomla! Component 'jeeventcalendar' - SQL Injection
Joomla! Component JE Ajax Event Calendar 1.0.5 - SQL Injection

Joomla! Component 'com_realtyna' - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component 'jesubmit' - SQL Injection
Joomla! Component 'com_sef' - Remote File Inclusion
Joomla! Component jesubmit 1.4 - SQL Injection
Joomla! Component com_sef - Remote File Inclusion

Joomla! Component 'jesectionfinder' - Local File Inclusion
Joomla! Component jesectionfinder - Local File Inclusion

Joomla! Component 'Joomanager' - SQL Injection
Joomla! Component Joomanager - SQL Injection

Joomla! Component 'com_socialads' - Persistent Cross-Site Scripting
Joomla! Component Techjoomla SocialAds - Persistent Cross-Site Scripting
Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection
Joomla! Component 'com_quickfaq' - Blind SQL Injection
Joomla! Component redSHOP 1.0 - 'pid' Parameter SQL Injection
Joomla! Component QuickFAQ 1.0.3 - Blind SQL Injection

Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection
Joomla! Component redSHOP 1.0.23.1 - Blind SQL Injection

Joomla! Component 'com_staticxt' - SQL Injection
Joomla! Component StaticXT - SQL Injection

Joomla! Component 'com_oziogallery' - SQL Injection
Joomla! Component Ozio Gallery - SQL Injection

Joomla! Component 'com_youtube' - SQL Injection
Joomla! Component YouTube 1.5 - SQL Injection

Joomla! Component 'com_ttvideo' 1.0 - SQL Injection
Joomla! Component TTVideo 1.0 - SQL Injection

Joomla! Component 'com_teams' - Multiple Blind SQL Injection
Joomla! Component Teams - Multiple Blind SQL Injection

Joomla! Component 'com_picsell' - Local File Disclosure
Joomla! Component PicSell 1.0 - Local File Disclosure

Joomla! Component 'com_restaurantguide' - Multiple Vulnerabilities
Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities

Joomla! Component 'com_timetrack' 1.2.4 - Multiple SQL Injection
Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injection

Joomla! Component 'com_sponsorwall' - SQL Injection
Joomla! Component Sponsor Wall 1.1 - SQL Injection

Joomla! Component 'com_pro_desk' 1.5 - Local File Inclusion
Joomla! Component ProDesk 1.5 - Local File Inclusion

Joomla! Component 'mdigg' - SQL Injection
Joomla! Component mDigg 2.2.8 - SQL Injection

phpMyRealty 1.0.7 - SQL Injection
PHPMyRealty 1.0.7 - SQL Injection

Joomla! Component 'com_timereturns' 2.0 - SQL Injection
Joomla! Component Time Returns 2.0 - SQL Injection

Joomla! Component 'com_techfolio' 1.0 - SQL Injection
Joomla! Component Techfolio 1.0 - SQL Injection

Joomla! Component 'com_vikrealestate' 1.0 - Multiple Vulnerabilities
Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities

BRIM < 2.0.0 - SQL Injection
Brim < 2.0.0 - SQL Injection

Joomla! Component 'com_rokmodule' - 'module' Parameter Blind SQL Injection
Joomla! Component RokModule 1.1 - 'module' Parameter Blind SQL Injection

Wordpress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

webid 1.0.5 - Directory Traversal
weBid 1.0.5 - Directory Traversal

Wordpress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload
WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload

Webid 1.0.6 - Multiple Vulnerabilities
WeBid 1.0.6 - Multiple Vulnerabilities
MyBulletinBoard RC4 - 'Username' Parameter SQL Injection
MyBulletinBoard RC4 - 'member.php' Multiple Parameter SQL Injection
MyBulletinBoard RC4 - 'polloptions' Parameter SQL Injection
MyBulletinBoard RC4 - 'action' Parameter SQL Injection
MyBulletinBoard (MyBB) RC4 - 'Username' Parameter SQL Injection
MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple Parameter SQL Injection
MyBulletinBoard (MyBB) RC4 - 'polloptions' Parameter SQL Injection
MyBulletinBoard (MyBB) RC4 - 'action' Parameter SQL Injection

MyBulletinBoard 1.0 - Multiple SQL Injections
MyBulletinBoard (MyBB) 1.0 - Multiple SQL Injections

MyBulletinBoard 1.0 - 'RateThread.php' SQL Injection
MyBulletinBoard (MyBB) 1.0 - 'RateThread.php' SQL Injection

MyBulletinBoard 1.0 - 'usercp.php' SQL Injection
MyBulletinBoard (MyBB) 1.0 - 'usercp.php' SQL Injection

Joomla! Component 'com_redshop' 1.2 - SQL Injection
Joomla! Component redSHOP 1.2 - SQL Injection

MyBulletinBoard 1.0.x/1.1.x - 'usercp.php' SQL Injection
MyBulletinBoard (MyBB) 1.0.x/1.1.x - 'usercp.php' SQL Injection

MyBulletinBoard 1.x - 'usercp.php' Directory Traversal
MyBulletinBoard (MyBB) 1.x - 'usercp.php' Directory Traversal
Grayscale BandSite CMS 1.1 - help_news.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - help_merch.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - help_mp3.php max_file_size_purdy Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - sendemail.php message_text Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - header.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - login_header.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - bio_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - gbook_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - interview_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - links_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - lyrics_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - member_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - merch_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - mp3_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - news_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - pastshows_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - photo_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - releases_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - reviews_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - shows_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - signgbook_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - footer.php this_year Parameter Cross-Site Scripting
BandSite CMS 1.1 - 'help_news.php' Cross-Site Scripting
BandSite CMS 1.1 - 'help_merch.php' Cross-Site Scripting
BandSite CMS 1.1 - 'help_mp3.php' Cross-Site Scripting
BandSite CMS 1.1 - 'sendemail.php' Cross-Site Scripting
BandSite CMS 1.1 - 'header.php' Cross-Site Scripting
BandSite CMS 1.1 - 'login_header.php' Cross-Site Scripting
BandSite CMS 1.1 - 'bio_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'gbook_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'interview_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'links_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'lyrics_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'member_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'merch_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'mp3_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'news_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'pastshows_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'photo_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'releases_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'reviews_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'shows_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'signgbook_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'footer.php' Cross-Site Scripting

Wordpress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting
WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting

Active PHP BookMarks 1.1.2 - APB_SETTINGS['apb_path' ] Multiple Remote File Inclusion
Active PHP BookMarks 1.1.2 - Multiple Remote File Inclusion

Wordpress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting
WordPress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting

TurnkeyWebTools Sunshop 3.5/4.0 - Multiple Remote File Inclusion
SunShop Shopping Cart 3.5/4.0 - Multiple Remote File Inclusion

Active PHP BookMarks 1.0 - APB.php Remote File Inclusion
Active PHP BookMarks 1.0 - 'APB.php' Remote File Inclusion
TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection
TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting
SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection
SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting

Wordpress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery
WordPress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery

DMCMS 0.7 - 'index.php' SQL Injection
deeemm CMS (dmcms) 0.7 - 'index.php' SQL Injection
EasySite 2.0 - browser.php EASYSITE_BASE Parameter Remote File Inclusion
EasySite 2.0 - image_editor.php EASYSITE_BASE Parameter Remote File Inclusion
EasySite 2.0 - skin_chooser.php EASYSITE_BASE Parameter Remote File Inclusion
EasySite 2.0 - 'browser.php' Remote File Inclusion
EasySite 2.0 - 'image_editor.php' Remote File Inclusion
EasySite 2.0 - 'skin_chooser.php' Remote File Inclusion

MatterDaddy Market 1.1 - 'admin/login.php' Cross-Site Scripting
MatterDaddy Market 1.1 - 'login.php' Cross-Site Scripting

Wordpress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
WordPress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
Joomla! Component 'com_perchaimageattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component 'com_perchafieldsattach' 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access
Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component Percha Image Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component Percha Fields Attach 1.0 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component Percha Downloads Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component Percha Gallery 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access

Joomla! Component 'com_perchacategoriestree' 0.6 - 'Controller' Parameter Arbitrary File Access
Joomla! Component Percha Multicategory Article 0.6 - 'Controller' Parameter Arbitrary File Access

Joomla! Component 'com_youtubegallery' - SQL Injection
Joomla! Component Youtube Gallery 4.1.7 - SQL Injection

Wordpress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities

Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection
Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection

Wordpress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities

Joomla! Component 'com_weblinks' - 'Itemid' Parameter SQL Injection
Joomla! Component Weblinks - 'Itemid' Parameter SQL Injection

Wordpress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload
WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload

Wordpress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting
WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting

Wordpress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal
WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal

Wordpress Plugin DukaPress 2.5.2 - Directory Traversal
WordPress Plugin DukaPress 2.5.2 - Directory Traversal

Wordpress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection
WordPress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection

Wordpress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting
WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting

Wordpress Plugin Duplicator 0.5.8 - Privilege Escalation
WordPress Plugin Duplicator 0.5.8 - Privilege Escalation

Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection
WordPress Plugin Single Personal Message 1.0.3 - SQL Injection

Joomla! Component 'com_sanpham' - Multiple SQL Injections
Joomla! Component Vik Real Estate 1.0 - Multiple SQL Injections

Wordpress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload
WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload

Joomla! Component 'mod_currencyconverter' - 'from' Parameter Cross-Site Scripting
Joomla! Component Currency Converter 1.0.0 - 'from' Parameter Cross-Site Scripting

Wordpress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting
WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting

Wordpress Plugin Paypal Currency Converter Basic For WooCommerce - File Read
WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read

Joomla! Component 'mod_ccnewsletter' 1.0.7 - 'id' Parameter SQL Injection
Joomla! Component CCNewsLetter 1.0.7 - 'id' Parameter SQL Injection

Wordpress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection
WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection

Wordpress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting
WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting
Wordpress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting
Wordpress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting
WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

Wordpress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting
WordPress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting

Wordpress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities
WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities
Joomla! Component 'com_rpl' 8.9.2 - Multiple SQL Injections
Joomla! Component 'com_rpl' 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Joomla! Component Realtyna RPL 8.9.2 - Multiple SQL Injections
Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery

Wordpress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting
WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting

Wordpress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities

Joomla! Component 'com_sexypolling' - 'answer_id' Parameter SQL Injection
Joomla! Component Sexy polling 1.0.8 - 'answer_id' Parameter SQL Injection

Joomla! Component 'com_novasfh' - 'upload.php' Arbitrary File Upload
Joomla! Component Projoom NovaSFH 3.0.2 - 'upload.php' Arbitrary File Upload

Wordpress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection
WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection

Wordpress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting
WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting

Wordpress Plugin Job Script by Scubez - Remote Code Execution
WordPress Plugin Job Script by Scubez - Remote Code Execution

Wordpress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite
WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite
Wordpress Plugin Answer My Question 1.3 - SQL Injection
Wordpress Plugin Sirv 1.3.1 - SQL Injection
Wordpress Plugin BBS e-Franchise 1.1.1 - SQL Injection
Wordpress Plugin Product Catalog 8 1.2.0 - SQL Injection
WordPress Plugin Answer My Question 1.3 - SQL Injection
WordPress Plugin Sirv 1.3.1 - SQL Injection
WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection
WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection

Wordpress Plugin Olimometer 2.56 - SQL Injection
WordPress Plugin Olimometer 2.56 - SQL Injection

Wordpress Plugin WP Vault 0.8.6.6 - Local File Inclusion
WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion
Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
 2016-12-21 05:01:18 +00:00
Offensive Security
62dddb2f49 DB: 2016-12-20 
9 new exploits

Apache 2.2 - (Windows) Local Denial of Service
Apache 2.2 (Windows) - Local Denial of Service

Apache 1.3.x + Tomcat 4.0.x/4.1.x Mod_JK - Chunked Encoding Denial of Service
Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service

Apache 2.4.7 mod_status - Scoreboard Handling Race Condition
Apache 2.4.7 (mod_status) - Scoreboard Handling Race Condition

Google Chrome < 31.0.1650.48 - HTTP 1xx base::String­Tokenizer­T<...>::Quick­Get­Next Out-of-Bounds Read

Apache 1.3.31 mod_include - Local Buffer Overflow
Apache 1.3.31 (mod_include) - Local Buffer Overflow

Gopher 3.0.9 - (+VIEWS) Remote Client Side Buffer Overflow
Gopher 3.0.9 - (+VIEWS) Remote Client-Side Buffer Overflow

Apache 'Mod_Auth_OpenID' - Session Stealing
Apache (Mod_Auth_OpenID) - Session Stealing
Apache 2.0.4x mod_php Module - File Descriptor Leakage (1)
Apache 2.0.4x mod_php Module - File Descriptor Leakage (2)
Apache 2.0.4x (mod_php) - File Descriptor Leakage (1)
Apache 2.0.4x (mod_php) - File Descriptor Leakage (2)

Apache 2.0.4x mod_perl Module - File Descriptor Leakage (3)
Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3)

Apache 1.3.x mod_include - Local Buffer Overflow
Apache 1.3.x (mod_include) - Local Buffer Overflow

Naenara Browser 3.5 (RedStar 3.0 Desktop) - 'JACKRABBIT' Client-Side Command Execution
Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock)
Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download

Apache 1.3.x mod_mylo - Remote Code Execution
Apache 1.3.x (mod_mylo) - Remote Code Execution

Apache 1.3.x < 2.0.48 - mod_userdir Remote Users Disclosure
Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure

Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)

Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (2)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray

Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-Site Scripting
Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting

Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit
Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit

Apache (Windows x86) - (Windows x86) Chunked Encoding (Metasploit)
Apache (Windows x86) - Chunked Encoding (Metasploit)

Apache mod_proxy - Reverse Proxy Exposure (PoC)
Apache (mod_proxy) - Reverse Proxy Exposure (PoC)

Apache 1.3.20 - Win32 PHP.exe Remote File Disclosure
Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure

Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuck.c' Remote Exploit (1)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1)

Joomla! Component 'com_media' - Arbitrary File Upload (Metasploit)
Joomla! Component Media Manager - Arbitrary File Upload (Metasploit)

Apache 2.2.6 - 'mod_negotiation' HTML Injection and HTTP Response Splitting
Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting

Apache 7.0.x 'mod_proxy'- Reverse Proxy Security Bypass
Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass

Apache 2.2.15 - 'mod_proxy' Reverse Proxy Security Bypass
Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass

Apache 'mod_wsgi' Module - Information Disclosure
Apache (mod_wsgi) - Information Disclosure

Joomla! Component 'com_jp_jobs' 1.4.1 - SQL Injection
Joomla! Component JP Jobs 1.4.1 - SQL Injection

Joomla! Component 'com_joomlapicasa' 2.0 - Local File Inclusion
Joomla! Component Picasa 2.0 - Local File Inclusion

Joomla! Component 'com_jinventory' - Local File Inclusion
Joomla! Component JInventory 1.23.02 - Local File Inclusion

Joomla! Component 'com_loginbox' - Local File Inclusion
Joomla! Component LoginBox - Local File Inclusion

Joomla! Component 'com_Joomlaupdater' - Local File Inclusion
Joomla! Component Magic Updater - Local File Inclusion
Joomla! Component 'com_news_portal' 1.5.x - Local File Inclusion
Joomla! Component 'com_fss' 1.3 - 'faqid' Parameter SQL Injection
Joomla! Component News Portal 1.5.x - Local File Inclusion
Joomla! Component Freestyle FAQ Lite 1.3 - 'faqid' Parameter SQL Injection
Joomla! Component 'com_jwhmcs' 1.5.0 - Local File Inclusion
Joomla! Component 'com_jukebox' 1.7 - Local File Inclusion
Joomla! Component 'com_Joomlaflickr' 1.0 - Local File Inclusion
Joomla! Component 'com_hsconfig' 1.5 - Local File Inclusion
Joomla! Component 'com_fabrik' 2.0 - Local File Inclusion
Joomla! Component 'com_datafeeds' 880 - Local File Inclusion
Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
Joomla! Component Juke Box 1.7 - Local File Inclusion
Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Highslide 1.5 - Local File Inclusion
Joomla! Component Fabrik 2.0 - Local File Inclusion
Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion
Joomla! Component 'com_foobla_suggestions' 1.5.1.2 - Local File Inclusion
Joomla! Component 'com_javoice' - Local File Inclusion
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
Joomla! Component JA Voice 2.0 - Local File Inclusion
Joomla! Component 'com_jfeedback' - Local File Inclusion
Joomla! Component 'com_jprojectmanager' - Local File Inclusion
Joomla! Component Jfeedback 1.2 - Local File Inclusion
Joomla! Component JProject Manager 1.0 - Local File Inclusion

Joomla! Component 'com_mv_restaurantmenumanager' 1.5.2 - SQL Injection
Joomla! Component Multi-Venue Restaurant Menu Manager 1.5.2 - SQL Injection

Joomla! Component 'com_horoscope' - Local File Inclusion
Joomla! Component Horoscope 1.5.0 - Local File Inclusion

Joomla! Component 'com_market' - Local File Inclusion
Joomla! Component Online Market 2.x - Local File Inclusion
Joomla! Component 'com_jvehicles' - 'aid' Parameter SQL Injection
Joomla! Component 'com_jp_jobs' 1.2.0 - 'id' Parameter SQL Injection
Joomla! Component Jvehicles 1.0/2.0 - 'aid' Parameter SQL Injection
Joomla! Component JP Jobs 1.2.0 - 'id' Parameter SQL Injection
Joomla! Component 'com_mtfireeagle' - Local File Inclusion
Joomla! Component 'com_mediamall' - Blind SQL Injection
Joomla! Component 'com_lovefactory' - Local File Inclusion
Joomla! Component 'com_jacomment' - Local File Inclusion
Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection
Joomla! Component Love Factory 1.3.4 - Local File Inclusion
Joomla! Component JA Comment - Local File Inclusion

Joomla! Component 'com_iproperty' 1.5.3 - 'id' Parameter SQL Injection
Joomla! Component Intellectual Property 1.5.3 - 'id' Parameter SQL Injection

Joomla! Component 'com_joltcard' - SQL Injection
Joomla! Component JoltCard 1.2.1 - SQL Injection
Joomla! Component 'com_gadgetfactory' - Local File Inclusion
Joomla! Component 'com_matamko' - Local File Inclusion
Joomla! Component 'com_multiroot' - Local File Inclusion
Joomla! Component 'com_multimap' - Local File Inclusion
Joomla! Component 'com_drawroot' - Local File Inclusion
Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
Joomla! Component Matamko 1.01 - Local File Inclusion
Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion

Joomla! Component 'com_if_surfalert' - Local File Inclusion
Joomla! Component iF surfALERT 1.2 - Local File Inclusion

Joomla! Component 'com_gbufacebook' 1.0.5 - SQL Injection
Joomla! Component GBU Facebook 1.0.5 - SQL Injection
Joomla! Component 'com_jnewspaper' - 'cid' Parameter SQL Injection
Joomla! Component 'com_jtm' 1.9 Beta - SQL Injection
Joomla! Component Online News Paper Manager 1.0 - 'cid' Parameter SQL Injection
Joomla! Component JTM Reseller 1.9 Beta - SQL Injection

Joomla! Component 'com_mmsblog' - Local File Inclusion
Joomla! Component MMS Blog 2.3.0 - Local File Inclusion

Joomla! Component 'com_noticeboard' - Local File Inclusion
Joomla! Component NoticeBoard 1.3 - Local File Inclusion

Joomla! Component 'com_graphics' 1.0.6 - Local File Inclusion
Joomla! Component Graphics 1.0.6 - Local File Inclusion

Joomla! Component 'com_newsfeeds' - SQL Injection
Joomla! Component Newsfeeds - SQL Injection

Joomla! Component 'com_konsultasi' - 'sid' Parameter SQL Injection
Joomla! Component Komento 1.0.0 - 'sid' Parameter SQL Injection

Joomla! Component 'com_dioneformwizard' - Local File Inclusion
Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion

Joomla! Component 'com_jejob' 1.0 - Local File Inclusion
Joomla! Component JE Job 1.0 - Local File Inclusion

Joomla! Component 'com_jequoteform' - Local File Inclusion
Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion

Joomla! Component 'com_mscomment' 0.8.0b - Local File Inclusion
Joomla! Component MS Comment 0.8.0b - Local File Inclusion

Apache Axis2 Administration console - Authenticated Cross-Site Scripting
Apache Axis2 Administration Console - Authenticated Cross-Site Scripting

Joomla! Component 'com_mycar' - Multiple Vulnerabilities
Joomla! Component My Car 1.0 - Multiple Vulnerabilities

Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection
Joomla! Component JE Job 1.0 - 'catid' Parameter SQL Injection

Joomla! Component 'com_jsjobs' - SQL Injection
Joomla! Component JS Jobs 1.0.5.8 - SQL Injection

Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities
Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities

Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection
Joomla! Component Gamesbox 1.0.2 - 'id' Parameter SQL Injection

Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection
Joomla! Component eventCal 1.6.4 - Blind SQL Injection

Joomla! Component 'com_ninjamonials' - Blind SQL Injection
Joomla! Component NinjaMonials - Blind SQL Injection

Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection
Joomla! Component NeoRecruit 1.6.4 - 'Itemid' Parameter Blind SQL Injection
Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection
Joomla! Component 'com_huruhelpdesk' - SQL Injection
Joomla! Component Golf Course Guide 0.9.6.0 - SQL Injection
Joomla! Component Huru Helpdesk - SQL Injection

Joomla! Component 'com_joomdle' 0.24 - SQL Injection
Joomla! Component Joomdle 0.24 - SQL Injection

Joomla! Component 'com_Joomla-visites' - Remote File Inclusion
Joomla! Component Visites 1.1 RC2 - Remote File Inclusion

Joomla! Component 'com_jefaqpro' - Multiple Blind SQL Injection
Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection

Joomla! Component 'com_magazine' 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion

Joomla! Component 'com_gantry' 3.0.10 - Blind SQL Injection
Joomla! Component Gantry 3.0.10 - Blind SQL Injection

Joomla! Component 'com_jphone' - Local File Inclusion
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion

Joomla! Component 'com_jgen' - SQL Injection
Joomla! Component JGen 0.9.33 - SQL Injection

Joomla! Component 'com_ezautos' - SQL Injection
Joomla! Component Joostina - SQL Injection

Joomla! Component 'com_jeguestbook' 1.0 - Multiple Vulnerabilities
Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities

Joomla! Component 'com_jedirectory' - SQL Injection
Joomla! Component JE Directory 1.0 - SQL Injection

Joomla! Component 'com_jscalendar' 1.5.1 - Multiple Vulnerabilities
Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities

Joomla! Component 'com_jeajaxeventcalendar' - SQL Injection
Joomla! Component JE Ajax Event Calendar - SQL Injection

Joomla! Component 'com_flipwall' - SQL Injection
Joomla! Component Pulse Infotech Flip Wall - SQL Injection

Joomla! Component 'com_jquarks4s' 1.0.0 - Blind SQL Injection
Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection
Joomla! Component 'com_jsupport' - Cross-Site Scripting
Joomla! Component 'com_jsupport' - SQL Injection
Joomla! Component JSupport 1.5.6 - Cross-Site Scripting
Joomla! Component JSupport 1.5.6 - SQL Injection

Joomla! Component 'com_jimtawl' - Local File Inclusion
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion

phpMyAdmin - Client Side Code Injection / Redirect Link Falsification
phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification

Joomla! Component 'com_jeauto' 1.0 - SQL Injection
Joomla! Component JE Auto 1.0 - SQL Injection

Joomla! Component 'com_jradio' - Local File Inclusion
Joomla! Component JRadio - Local File Inclusion

Joomla! Component 'com_jotloader' 2.2.1 - Local File Inclusion
Joomla! Component JotLoader 2.2.1 - Local File Inclusion

Joomla! Component 'com_hmcommunity' - Multiple Vulnerabilities
Joomla! Component HM Community - Multiple Vulnerabilities

Joomla! Component 'com_estateagent' - SQL Injection
Joomla! Component Estate Agent - SQL Injection

EPortfolio 1.0 - Client Side Input Validation
EPortfolio 1.0 - Client-Side Input Validation

ActiveWeb Contentserver 5.6.2929 CMS - Client Side Filtering Bypass
ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass
Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting
Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection
Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting
Joomla! Component JV Comment 3.0.2 - 'id' Parameter SQL Injection

Joomla! Component 'com_jcomments' 2.1 - 'ComntrNam' Parameter Cross-Site Scripting
Joomla! Component JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting

Joomla! Component 'com_clubmanager' - 'cm_id' Parameter SQL Injection
Joomla! Component Club Manager - 'cm_id' Parameter SQL Injection

Joomla! Component 'com_jstore' - 'Controller' Parameter Local File Inclusion
Joomla! Component Jstore - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection
Joomla! Component ECommerce-WD 1.2.5 - SQL Injection

Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection
Joomla! Component Contact Form Maker 1.0.1 - SQL Injection

Joomla! Component 'com_kp' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_kp - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities
Joomla! Component Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities
Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection
ntop-ng 2.5.160805 - Username  Enumeration
 2016-12-20 05:01:16 +00:00
Offensive Security
490539b3f3 DB: 2016-11-09 
17 new exploits

DigitalHive 2.0 RC2 - (base_include.php) Remote File Inclusion
DigitalHive 2.0 RC2 - 'base_include.php' Remote File Inclusion

DodosMail 2.0.1 - (dodosmail.php) Remote File Inclusion
DodosMail 2.0.1 - 'dodosmail.php' Remote File Inclusion

DoSePa 1.0.4 - (textview.php) Information Disclosure
DoSePa 1.0.4 - 'textview.php' Information Disclosure

TrueCrypt 4.3 - Privilege Escalation
TrueCrypt 4.3 - 'setuid' Privilege Escalation

w-Agora 4.2.1 - (cat) SQL Injection
w-Agora 4.2.1 - 'cat' Parameter SQL Injection

IPTBB 0.5.4 - (viewdir id) SQL Injection
IPTBB 0.5.4 - 'id' Parameter SQL Injection

LoudBlog 0.6.1 - (parsedpage) Remote Code Execution
LoudBlog 0.6.1 - 'parsedpage' Parameter Remote Code Execution

evilboard 0.1a - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
evilboard 0.1a - SQL Injection / Cross-Site Scripting

QuickTime Player 7.3.1.70 - (rtsp) Buffer Overflow
QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow

DigitalHive 2.0 RC2 - (user_id) SQL Injection
DigitalHive 2.0 RC2 - 'user_id' Parameter SQL Injection

X7 Chat 2.0.5 - 'day' SQL Injection
X7 Chat 2.0.5 - 'day' Parameter SQL Injection

HP Data Protector 4.00-SP1b43064 - Remote Memory Leak/Dos Exploit
HP Data Protector 4.00-SP1b43064 - Remote Memory Leak/DoS

Cisco VPN Client - Integer Overflow (DOS)
Cisco VPN Client - Integer Overflow (DoS)

Multiple WordPress Plugins - timthumb.php File Upload
Multiple WordPress Plugins - 'timthumb.php' File Upload

glibc - LD_AUDIT Arbitrary DSO Load Privilege Escalation
glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation

NetServe FTP Client 1.0 - Local DOS (Overflow)
NetServe FTP Client 1.0 - Local DoS (Overflow)

Microsoft Windows Server 2008/2012 - LDAP RootDSE Netlogon Denial Of Service (PoC)
Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080 / MS14-084)
Internet Explorer 9 MSHTML - CPtsTextParaclient::CountApes Out-of-Bounds Read
Microsoft Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Internet Explorer 9 MSHTML - CPtsTextParaclient::CountApes Out-of-Bounds Read
Linux Kernel 2.6.x < 2.6.7-rc3 - 'sys_chown()' Privilege Escalation
Solaris 8/9 ps - Environment Variable Information leak
Solaris 7/8/9 CDE libDtHelp - Buffer Overflow dtprintinfo Privilege Escalation
Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation
Solaris 8/9 passwd(1) - 'circ()' Stack-Based Buffer Overflow Privilege Escalation
Linux Kernel - TCP Related Read Use-After-Free
WordPress Plugin 'XCloner' 3.1.5 - Multiple Vulnerabilities
WordPress Plugin 404 to 301 2.2.8 - Persistent Cross-Site Scripting
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting
MOVISTAR ADSL Router BHS_RTA - Remote File Disclosure
D-Link ADSL Router DSL-2730U/2750U/2750E - Remote File Disclosure
NETGEAR ADSL Router JNR1010 - Authenticated Remote File Disclosure
NETGEAR ADSL Router WNR500/WNR612v3/JNR1010/JNR2010 - Authenticated Remote File Disclosure
PLANET ADSL Router AND-4101 - Remote File Disclosure
Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit)
Avira Antivirus 15.0.21.86 - '.zip' Directory Traversal / Command Execution
 2016-11-09 05:01:25 +00:00
Offensive Security
9be5679994 DB: 2016-08-26 
1 new exploits

Too many to list!
 2016-08-26 05:06:52 +00:00