exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	427165968d	DB: 2017-09-05 9 new exploits IBM Notes 8.5.x/9.0.x - Denial of Service (2) Lotus Notes Diagnostic Tool 8.5/9.0 - Privilege Escalation RubyGems < 2.6.13 - Arbitrary File Overwrite Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' Parameter SQL Injection Joomla! Component CheckList 1.1.0 - SQL Injection Wireless Repeater BE126 - Remote Code Execution CodeMeter 6.50 - Cross-Site Scripting Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery	2017-09-05 05:01:31 +00:00
Offensive Security	13819fd065	DB: 2017-08-30 10 new exploits ProFTPd 1.2.0 (rc2) - memory leakage example Exploit ProFTPd 1.2.0pre10 - Remote Denial of Service ProFTPd 1.2.0 rc2 - Memory Leakage Exploit ProFTPd 1.2.0 pre10 - Remote Denial of Service ProFTPd 1.3.0a - (mod_ctrls support) Local Buffer Overflow (PoC) ProFTPd 1.3.0a - 'mod_ctrls support' Local Buffer Overflow (PoC) ProFTPd mod_sftp - Integer Overflow Denial of Service (PoC) ProFTPd - 'mod_sftp' Integer Overflow Denial of Service (PoC) ProFTPd 1.2 - SIZE Remote Denial of Service ProFTPd 1.2 - 'SIZE' Remote Denial of Service ProFTPd 1.2.x - STAT Command Denial of Service ProFTPd 1.2.x - 'STAT' Denial of Service ProFTPd - (ftpdctl) Local pr_ctrls_connect ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (1) ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (2) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (1) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (2) ProFTPd 1.3.0/1.3.0a - (mod_ctrls) Local Overflow (exec-shield) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' Local Overflow (exec-shield) ProFTPd 1.3.0 - mod_ctrls Local Stack Overflow (OpenSUSE) ProFTPd 1.3.0 (OpenSUSE) - 'mod_ctrls' Local Stack Overflow Easy Vedio to PSP Converter 1.6.20 - Buffer Overflow (SEH) ProFTPd 1.2.9RC1 - 'mod_sql' SQL Injection ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection ProFTPd 1.3.0 - (sreplace) Remote Stack Overflow (Metasploit) ProFTPd 1.3.0 - 'sreplace' Remote Stack Overflow (Metasploit) ProFTPd 1.x (module mod_tls) - Remote Buffer Overflow ProFTPd 1.x - 'mod_tls module' Remote Buffer Overflow ProFTPd 1.3.2rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow (Metasploit) ProFTPd 1.2 < 1.3.0 (Linux) - sreplace Buffer Overflow (Metasploit) ProFTPd 1.3.2 rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow (Metasploit) ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Buffer Overflow (Metasploit) ProFTPd 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit) ProFTPd 1.3.2 rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit) FreeBSD ftpd and ProFTPd on FreeBSD - Remote Command Execution ftpd / ProFTPd (FreeBSD) - Remote Command Execution ProFTPd 1.2 pre6 - snprintf Exploit ProFTPd 1.2 pre6 - 'snprintf' Remote Root Exploit D-Link DIR-645 / DIR-815 - diagnostic.php Command Execution (Metasploit) D-Link DIR-645 / DIR-815 - 'diagnostic.php' Command Execution (Metasploit) D-Link DIR615h - OS Command Injection (Metasploit) D-Link DIR-615H - OS Command Injection (Metasploit) ProFTPd 1.3.5 - (mod_copy) Remote Command Execution ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution ProFTPd 1.3.5 - 'Mod_Copy' Command Execution (Metasploit) ProFTPd 1.3.5 - 'mod_copy' Command Execution (Metasploit) QNAP Transcode Server - Command Execution (Metasploit) D-Link DIR-600 / DIR-300 (rev B) - Multiple Vulnerabilities D-Link DIR-600 / DIR-300 (Rev B) - Multiple Vulnerabilities D-Link DIR-615 rev H - Multiple Vulnerabilities D-Link DIR-615 Rev H - Multiple Vulnerabilities D-Link DIR-615 Hardware rev D3 / DIR-300 Hardware rev A - Multiple Vulnerabilities D-Link DIR-615 Rev D3 / DIR-300 Rev A - Multiple Vulnerabilities D-Link DIR-615 Hardware vE4 Firmware 5.10 - Cross-Site Request Forgery D-Link DIR-615 vE4 Firmware 5.10 - Cross-Site Request Forgery D-Link DIR-600L Hardware Version AX Firmware 1.00 - Cross-Site Request Forgery D-Link DIR-600L AX 1.00 - Cross-Site Request Forgery NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access) D-Link DIR-600 - Authentication Bypass Car or Cab Booking Script - Authentication Bypass PHP Appointment Booking Script - Authentication Bypass User Login and Management - Multiple Vulnerabilities PHP Video Battle Script 1.0 - SQL Injection Brickcom IP Camera - Credentials Disclosure	2017-08-30 05:01:38 +00:00
Offensive Security	711d6a6a43	DB: 2017-08-29 21 new exploits Easy DVD Creator 2.5.11 - Buffer Overflow (SEH) Easy WMV/ASF/ASX to DVD Burner 2.3.11 - Buffer Overflow (SEH) Easy RM RMVB to DVD Burner 1.8.11 - Buffer Overflow (SEH) Dup Scout Enterprise 9.9.14 - Buffer Overflow (SEH) Disk Savvy Enterprise 9.9.14 - Buffer Overflow (SEH) Sync Breeze Enterprise 9.9.16 - Buffer Overflow (SEH) Disk Pulse Enterprise 9.9.16 - Buffer Overflow (SEH) Joomla! Component MasterForms 1.0.3 - SQL Injection Joomla! Component Photo Contest 1.0.2 - SQL Injection Wireless Repeater BE126 - Local File Inclusion Joomla! Component OSDownloads 1.7.4 - SQL Injection AutoCar 1.1 - 'category' Parameter SQL Injection Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection Matrimonial Script 2.7 - Authentication Bypass Smart Chat 1.0.0 - SQL Injection FTP Made Easy PRO 1.2 - SQL Injection WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download Easy Web Search 4.0 - SQL Injection PHP Search Engine 1.0 - SQL Injection Flash Poker 2.0 - 'game' Parameter SQL Injection Login-Reg Members Management PHP 1.0 - Arbitrary File Upload Schools Alert Management Script - Authentication Bypass	2017-08-29 05:01:21 +00:00
Offensive Security	c7b4bfd8e6	DB: 2017-08-23 23 new exploits Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit) IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit) BSD - Passive Connection Shellcode (124 bytes) BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes) BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes) BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh Shellcode (27 bytes) BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes) BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes) BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes) BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes) FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes) BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes) FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - kill all processes Shellcode (12 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes) FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Kill All Processes Shellcode (12 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes) FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes) FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) (Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode Linux/x86 - cmd Null-Free Shellcode (Generator) (Generator) - Alphanumeric Shellcode (Encoder/Decoder) Linux/x86 - Bind TCP Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) Linux/x86 - Command Null-Free Shellcode (Generator) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Win32 - Multi-Format Encoding Tool Shellcode (Generator) iOS - Version-independent Shellcode Cisco IOS - Connectback 21/TCP Shellcode Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) iOS Version-independent - Null-Free Shellcode Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/x86 - killall5 polymorphic Shellcode (61 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - reboot() polymorphic Shellcode (57 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator (Generator) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - /sbin/iptables -F Shellcode (40 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - executes command after setreuid Shellcode (49+ bytes) Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + executes command (49+ bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes) Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes) Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - TCP Proxy Shellcode (236 bytes) Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes) Linux/x86 - snoop /dev/dsp Shellcode (172 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - setreuid/execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - iptables -F Shellcode (45 bytes) Linux/x86 - iptables -F Shellcode (58 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - connect Shellcode (120 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - break chroot Shellcode (34 bytes) Linux/x86 - break chroot Shellcode (46 bytes) Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - chroot()/execve() code Shellcode (80 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes) Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes) BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes) OSX/PPC - sync()_ reboot() Shellcode (32 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes) OSX/PPC - sync() + reboot() Shellcode (32 bytes) OSX/PPC - Add user _r00t_ Shellcode (219 bytes) OSX/PPC - Add Root User (r00t) Shellcode (219 bytes) Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid/execve Shellcode (56 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid + execve Shellcode (56 bytes) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes) Win32 - SEH Omelet Shellcode Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - PEB!NtGlobalFlags Shellcode (14 bytes) Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes) Win32/XP SP2 - cmd.exe Shellcode (57 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Win32 - ConnectBack + Download A File + Save + Execute Shellcode Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes) Win32 - Download File + Execute Shellcode (192 bytes) Win32 - Download File + Execute Shellcode (124 bytes) Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box Shellcode (110 bytes) Win32 - WinExec() Command Parameter Shellcode (104+ bytes) Win32 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - SEH Omelet Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes) Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes) Windows x86 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP - Download File + Execute Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Windows XP - Download File + Execute Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Win32 XP SP3 - ShellExecuteA Shellcode Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Win32/XP SP2 - calc.exe Shellcode (45 bytes) Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - break chroot Shellcode (79 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Win32 XP SP2 (FR) - calc Shellcode (19 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes) Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes) Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - disabled modsecurity Shellcode (64 bytes) Win32 - JITed Stage-0 Shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Linux/x86 - Disabled modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes) Win32 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Generator) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes) Windows XP SP2 (FR) - Download File + Execute Shellcode Windows XP SP2 (French) - Download File + Execute Shellcode Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes) Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes) Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Win32 - Write-to-file Shellcode (278 bytes) Windows x86 - Write-to-file Null-Free Shellcode (278 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 English - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) Win32 - Checksum Routine Shellcode (18 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) Windows x86 - Checksum Routine Shellcode (18 bytes) Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes) Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes) Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader Port 0x1337 Shellcode ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader (0x1337/TCP) Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes) Win32 - Speaking 'You got pwned!' Shellcode FreeBSD/x86 - connect back Shellcode (81 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Win32 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes) Linux/x86 - ASLR deactivation Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes) Windows x86 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes) Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes) Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes) Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes) Windows x64 - Bind TCP Shell Shellcode (508 bytes) Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes) Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows - Messagebox Shellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Windows - Add Administrator 'BroK3n' Shellcode (194 bytes) Windows - Messagebox Null-FreeShellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes) Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - Disable ASLR Shellcode (84 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes) Win32/XP SP3 - Restart computer Shellcode (57 bytes) Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes) Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes) Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes) Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes) Linux/x86 - exec('/bin/dash') Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes) Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes) Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - /bin/sh Shellcode (34 bytes) Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Win32 .Net Framework - Execute Native x86 Shellcode Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes) Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x64 - WinExec() Shellcode (93 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes) Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Windows x86 - Executable Directory Search Shellcode (130 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Linux/x86 - Bind Shell Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes) Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Disable ASLR Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux x86 - /bin/sh Shellcode (24 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86_64 - kill All Processes Shellcode (19 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Php Cloud mining Script - Authentication Bypass (Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass	2017-08-23 05:01:29 +00:00
Offensive Security	26466c9d62	DB: 2017-08-14 1 new exploits RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password)	2017-08-14 05:01:19 +00:00
Offensive Security	3f58d5334c	DB: 2017-08-09 4 new exploits WildMIDI 0.4.2 - Multiple Vulnerabilities Comodo Backup 4.4.0.0 - Null Pointer Dereference EOP Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation Microsoft Windows - LNK Shortcut File Code Execution Microsoft Windows - '.LNK' Shortcut File Code Execution Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Oracle E-Business Suite 12.x - Server-Side Request Forgery Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit) Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit) Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload Technicolor TC7337 - SSID Persistent Cross-Site Scripting Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution	2017-08-09 05:01:29 +00:00
Offensive Security	16dd4b9d6d	DB: 2017-08-04 7 new exploits DNSTracer 1.8.1 - Buffer Overflow DNSTracer 1.8.1 - Buffer Overflow (PoC) DNSTracer 1.9 - Buffer Overflow VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation Premium Servers List Tracker 1.0 - SQL Injection EDUMOD Pro 1.3 - SQL Injection Muviko 1.0 - 'q' Parameter SQL Injection Technicolor TC7337 - SSID Persistent Cross-Site Scripting	2017-08-04 05:01:28 +00:00
Offensive Security	baeaf13b13	DB: 2017-08-02 9 new exploits libmad 0.15.1b - 'mp3' Memory Corruption iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation SKILLS.com.au Industry App - MITM Remote Code Execution Virtual Postage (VPA) - MITM Remote Code Execution Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit) Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload VehicleWorkshop - Authentication Bypass VehicleWorkshop - Arbitrary File Upload SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection	2017-08-02 05:01:31 +00:00
Offensive Security	fb7bed6364	DB: 2017-07-29 6 new exploits GNU libiberty - Buffer Overflow SoundTouch 1.9.2 - Multiple Vulnerabilities LAME 3.99.5 - Multiple Vulnerabilities libjpeg-turbo 1.5.1 - Denial of Service Joomla! Component com_ccnewsletter - Directory Traversal Joomla! Component CCNewsLetter - Directory Traversal Joomla! Component com_ccnewsletter - Local File Inclusion Joomla! Component CCNewsLetter - Local File Inclusion Joomla! Component CCNewsLetter 2.1.9 - 'sbid' Parameter SQL Injection FortiOS < 5.6.0 - Cross-Site Scripting	2017-07-29 05:01:21 +00:00
Offensive Security	9640473c86	DB: 2017-07-20 23 new exploits Linux Kernel 3.0.5 - 'test_root()' Function Local Denial of Service Linux Kernel 3.0.5 - 'test_root()' Local Denial of Service SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit) SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force) Kaspersky 17.0.0 - Local CA root Incorrectly Protected Kaspersky 17.0.0 - Local CA Root Incorrectly Protected Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass Castripper 2.50.70 - '.pls' File Stack Buffer Overflow (DEP Bypass) WICD - Local Privilege Esclation Exploit WICD 1.7.1 - Local Privilege Escalation Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions Oracle Solaris 11.1/11.3 (RSH) - Local Privilege Escalation 'Stack Clash' Exploit OpenBSD - 'at' Local Privilege Escalation 'Stack Clash' Exploit Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' Local Privilege Escalation 'Stack Clash' Exploit Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' Local Privilege Escalation 'Stack Clash' Exploit Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' Local Privilege Escalation 'Stack Clash' Exploit Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution Trend Micro Interscan VirusWall localweb - Directory Traversal Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit) XAMPP 1.6.x - 'showcode.php' Local File Inclusion Yealink VoIP Phone SIP-T38G - Local File Inclusion InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit) DreamBox DM800 - 'file' Parameter Local File Disclosure Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting TP-Link TL-WR841N Router - Local File Inclusion Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes) Vivvo Article Manager 3.4 - (root) Local File Inclusion Vivvo Article Manager 3.4 - 'root' Local File Inclusion 60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion 60cycleCMS 2.5.2 - 'DOCUMENT_ROOT' Multiple Local File Inclusion HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution Trend Micro Interscan VirusWall localweb - Directory Traversal Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting Campsite 2.6.1 - 'LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - 'LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit) XAMPP 1.6.x - 'showcode.php' Local File Inclusion Yealink VoIP Phone SIP-T38G - Local File Inclusion InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit) DreamBox DM800 - 'file' Parameter Local File Disclosure Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting TP-Link TL-WR841N Router - Local File Inclusion Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit) Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit) Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit) Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit) Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit) Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection	2017-07-20 05:01:21 +00:00
Offensive Security	21f7dd8438	DB: 2017-07-19 11 new exploits Microsoft Internet Explorer 11.0.9600.18617 - 'CMarkup::DestroySplayTree' Memory Corruption Microsoft Internet Explorer 11.1066.14393.0 - VBScript Arithmetic Functions Type Confusion Microsoft Windows Kernel - 'IOCTL 0x120007 (NsiGetParameter)' nsiproxy/netio Pool Memory Disclosure Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation Belkin NetCam F7D7601 - Multiple Vulnerabilities Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit) Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit) Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit) Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit) Sophos Web Appliance 4.3.1.1 - Session Fixation Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit) Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit) PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting	2017-07-19 05:01:23 +00:00
Offensive Security	635e0e935f	DB: 2017-07-15 4 new exploits Counter Strike: Condition Zero - '.BSP' Map File Code Execution Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) WDTV Live SMP 2.03.20 - Remote Password Reset	2017-07-15 05:01:21 +00:00
Offensive Security	2f83b6c1be	DB: 2017-07-14 6 new exploits Novell Groupwise 6.5.3 Client - Local Integer Overflow Novell Groupwise Client 6.5.3 - Local Integer Overflow SLMail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities SLmail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities Novell Client 4.91 SP4 - Privilege Escalation Novell Client 4.91 SP4 - Local Privilege Escalation Novell Client 4.91 SP4 - nwfs.sys Privilege Escalation (Metasploit) Novell Client 4.91 SP4 - 'nwfs.sys' Privilege Escalation (Metasploit) Novell Client 2 SP3 - Privilege Escalation Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation Linux Kernel 4.8.0 (Ubuntu) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1) Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1) Novell iPrint Client Browser Plugin - call-back-url Stack Overflow Novell iPrint Client Browser Plugin - 'call-back-url' Stack Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit) Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit) Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2) Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3) Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2) Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3) Skype for Business 2016 - Cross-Site Scripting DataTaker DT80 dEX 1.50.012 - Information Disclosure Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download	2017-07-14 05:01:24 +00:00
Offensive Security	ed107bc711	DB: 2017-07-12 9 new exploits Apache 2.0.52 - HTTP GET request Denial of Service Apache 2.0.52 - GET Request Denial of Service Microsoft IIS - Malformed HTTP Request Denial of Service (1) Microsoft IIS - Malformed HTTP Request Denial of Service (2) Microsoft IIS - HTTP Request Denial of Service (1) Microsoft IIS - HTTP Request Denial of Service (2) Microsoft IIS - Malformed HTTP Request Denial of Service Microsoft IIS - HTTP Request Denial of Service Adobe Acrobat Reader 8.1.2 - Malformed '.PDF' Remote Denial of Service (PoC) Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC) Allegro RomPager 2.10 - Malformed URL Request Denial of Service Allegro RomPager 2.10 - URL Request Denial of Service AVM KEN! 1.3.10/1.4.30 - Malformed Request Remote Denial of Service AVM KEN! 1.3.10/1.4.30 - Remote Denial of Service Netwin SurgeFTP 1.0b - Malformed Request Denial of Service Netwin SurgeFTP 1.0b - Denial of Service iCal 3.7 - Malformed HTTP Request Denial of Service iCal 3.7 - HTTP Request Denial of Service 3ware Disk Managment 1.10 - Malformed HTTP Request Denial of Service 3ware Disk Managment 1.10 - HTTP Request Denial of Service Pi3Web 2.0.1 - Malformed GET Request Denial of Service Pi3Web 2.0.1 - GET Request Denial of Service Loom Software SurfNow 1.x/2.x - Remote HTTP GET Request Denial of Service Loom Software SurfNow 1.x/2.x - Remote GET Request Denial of Service Linksys PSUS4 PrintServer - Malformed HTTP POST Request Denial of Service Linksys PSUS4 PrintServer - POST Request Denial of Service Multiple IEA Software Products - HTTP POST Request Denial of Service Multiple IEA Software Products - POST Request Denial of Service Linksys WRH54G 1.1.3 Wireless-G Router - Malformed HTTP Request Denial of Service Linksys WRH54G 1.1.3 Wireless-G Router - HTTP Request Denial of Service Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial of Service Geo++ GNCASTER 1.4.0.7 - GET Request Denial of Service D-Link WBR-2310 1.0.4 - HTTP GET Request Remote Buffer Overflow D-Link WBR-2310 1.0.4 - GET Request Remote Buffer Overflow Pelco VideoXpert 1.12.105 - Privilege Escalation Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Information Disclosuree PlanetDNS PlanetWeb 1.14 - Malformed Request Remote Buffer Overflow PlanetDNS PlanetWeb 1.14 - Remote Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - Malformed SOCKS4 Request Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow Omnicron OmniHTTPd 2.x/3.0 - Get Request Buffer Overflow Omnicron OmniHTTPd 2.x/3.0 - GET Request Buffer Overflow JBoss 3.x/4.0.2 - Malformed HTTP Request Remote Information Disclosure JBoss 3.x/4.0.2 - HTTP Request Remote Information Disclosure Easy File Sharing Web Server 7.2 - GET HTTP Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - HEAD HTTP Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - HEAD Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH) Microsoft Windows Windows 8/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (DEP Bypass) NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (DEP Bypass) Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) (Generator) - HTTP/1.x requests Shellcode (18+ bytes / 26+ bytes) (Generator) - HTTP/1.x Requests Shellcode (18+ bytes / 26+ bytes) Linux/x86-64 - flush iptables rules Shellcode (84 bytes) Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86 - Self-modifying for IDS evasion Shellcode (64 bytes) Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes) Linux/x86 - Bind 8000/TCP + Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - File unlinker Shellcode (18+ bytes) Linux/x86 - Perl script execution Shellcode (99+ bytes) Linux/x86 - file reader Shellcode (65+ bytes) Linux/x86 - File Unlinker Shellcode (18+ bytes) Linux/x86 - Perl Script Execution Shellcode (99+ bytes) Linux/x86 - File Reader Shellcode (65+ bytes) Linux/x86 - Add Root User 'r00t' Without Password To /etc/passwd Shellcode (69 bytes) Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes) Linux/x86 - execve /bin/sh anti-ids Shellcode (40 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 - Add User 'xtz' without Password to /etc/passwd Shellcode (59 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) Shellcode (39 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Radically Self Modifying Code Shellcode (70 bytes) Linux/x86 - Magic Byte Self Modifying Code Shellcode (76 bytes) Linux/x86 - Radically Self-Modifying Shellcode (70 bytes) Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes) Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes) Linux/x86 - chmod 666 shadow ENCRYPT Shellcode (75 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - Add User 't00r' Shellcode (82 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - execve /bin/sh encrypted Shellcode (58 bytes) Linux/x86 - execve /bin/sh xor encrypted Shellcode (55 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - Add User 'z' Shellcode (70 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - hard / unclean reboot Shellcode (29 bytes) Linux/x86 - hard / unclean reboot Shellcode (33 bytes) Linux/x86 - Hard / Unclean Reboot Shellcode (29 bytes) Linux/x86 - Hard / Unclean Reboot Shellcode (33 bytes) Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes) Linux - Drop SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes) Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) Linux - Find all writeable folder in filesystem polymorphic Shellcode (91 bytes) Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes) Linux/x86 - setuid(0) + setgid(0) + add user 'iph' Without Password to /etc/passwd Polymorphic Shellcode Linux/x86 - Search For php/html Writable Files and Add Your Code Shellcode (380+ bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - Search For PHP/HTML Writable Files and Add Your Code Shellcode (380+ bytes) Linux/x86 - Remote Port Forwarding Shellcode (87 bytes) Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes) Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337) Shellcode (92 bytes) Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) Shellcode (77 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes) Linux/x86 - Add Map google.com to 127.1.1.1 Obfuscated Shellcode (98 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - /bin/sh ROT7 Encoded Shellcode Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Linux/x86 - /bin/sh ROL/ROR Encoded Shellcode Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux/x86-64 - Bind NetCat Shellcode (64 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Reverse zsh 9090/TCP Shellcode (80 bytes) Linux/x86 - Reverse ZSH 127.255.255.254:9090/TCP Shellcode (80 bytes) Linux - Multi/Dual mode execve(_/bin/sh__ NULL_ 0) Shellcode (37 bytes) Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes) Linux - execve(_/bin/sh__ NULL_ 0) Multi/Dual Mode Shellcode (37 bytes) Linux - Reverse Shell Multi/Dual Mode Shellcode (Genearator) (129 bytes) Linux - Dual/Multi mode Bind Shell Shellcode (156 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux/x86-64 - Reverse NetCat Shellcode (72 bytes) Linux/x86-64 - Reverse NetCat Polymorphic Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shellcode (106 bytes) Simple Machines Forum (SMF) 1.1.6 - HTTP POST Request Filter Security Bypass Simple Machines Forum (SMF) 1.1.6 - POST Request Filter Security Bypass NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access) Pelco Sarix/Spectra Cameras - Remote Code Execution Pelco VideoXpert 1.12.105 - Directory Traversal Pelco VideoXpert 1.12.105 - Information Disclosure NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection	2017-07-12 05:01:24 +00:00
Offensive Security	c89aecde1c	DB: 2017-07-05 5 new exploits Easy File Sharing WebServer 1.25 - Denial of Service Easy File Sharing Web Server 1.25 - Denial of Service Twilight WebServer 1.3.3.0 - (GET) Remote Denial of Service Twilight WebServer 1.3.3.0 - 'GET' Remote Denial of Service Kolibri+ WebServer 2 - GET Request Denial of Service Kolibri+ Web Server 2 - GET Request Denial of Service Microsoft FrontPage Personal WebServer 1.0 - PWS Denial of Service Microsoft FrontPage Personal Web Server 1.0 - PWS Denial of Service Michael Lamont Savant WebServer 2.0 - NULL Character Denial of Service Michael Lamont Savant Web Server 2.0 - NULL Character Denial of Service Savant WebServer 3.1 - Malformed Content-Length Denial of Service Savant Web Server 3.1 - Malformed Content-Length Denial of Service Twilight WebServer 1.3.3.0 - GET Request Buffer Overflow Twilight WebServer 1.3.3.0 - 'GET' Request Buffer Overflow Savant WebServer 3.1 - Denial of Service Savant Web Server 3.1 - Denial of Service Media Player Classic 1.5 - (MPC) WebServer Request Handling Remote Denial of Service Media Player Classic (MPC) 1.5 - WebServer Request Handling Remote Denial of Service Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow Savant Web Server 3.1 (French Windows)- Remote Buffer Overflow PMsoftware Simple Web Server 1.0 - Remote Stack Overflow PMSoftware Simple Web Server 1.0 - Remote Stack Overflow NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow NaviCOPA Web Server 2.01 - 'GET' Remote Buffer Overflow NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow (Metasploit) NaviCOPA Web Server 2.01 - 'GET' Remote Buffer Overflow (Metasploit) velocity Web-Server 1.0 - Directory Traversal Velocity Web-Server 1.0 - Directory Traversal Navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure NaviCOPA Web Server 3.0.1 - Buffer Overflow / Script Source Disclosure NaviCopa WebServer 3.01 - Remote Buffer Overflow NaviCOPA Web Server 3.01 - Remote Buffer Overflow Kolibri+ WebServer 2 - Source Code Disclosure kolibri+ WebServer 2 - Directory Traversal Kolibri+ WebServer 2 - GET Request Remote Overwrite (SEH) Kolibri+ Web Server 2 - Source Code Disclosure kolibri+ Web Server 2 - Directory Traversal Kolibri+ Web Server 2 - GET Request Remote Overwrite (SEH) mongoose Web server 2.11 - Directory Traversal Mongoose Web Server 2.11 - Directory Traversal quickphp Web server 1.9.1 - Directory Traversal QuickPHP Web Server 1.9.1 - Directory Traversal simple Web-Server 1.2 - Directory Traversal Simple Web Server 1.2 - Directory Traversal Microsoft FrontPage personal WebServer 1.0/personal Web server 4.0 - Directory Traversal Microsoft FrontPage Personal Web Server 1.0/4.0 - Directory Traversal Michael Lamont Savant WebServer 2.1 - CGI Source Code Disclosure Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure Michael Lamont Savant WebServer 2.1/3.0 - Buffer Overflow Michael Lamont Savant Web Server 2.1/3.0 - Buffer Overflow BEA Systems Weblogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow goahead WebServer 2.0/2.1 - Directory Traversal GoAhead Web Server 2.0/2.1 - Directory Traversal GoAhead WebServer 2.1.x - URL Encoded Slash Directory Traversal GoAhead WebServer 2.1.x - Error Page Cross-Site Scripting GoAhead Web Server 2.1.x - URL Encoded Slash Directory Traversal GoAhead Web Server 2.1.x - Error Page Cross-Site Scripting GoAhead WebServer 2.1 - Arbitrary Command Execution GoAhead Web Server 2.1 - Arbitrary Command Execution Savant WebServer 3.1 - File Disclosure Savant Web Server 3.1 - File Disclosure keyfocus kf Web server 1.0.8 - Directory Traversal Key Focus KF Web Server 1.0.8 - Directory Traversal MiniHTTPServer WebForums Server 1.x/2.0 - Directory Traversal MiniHTTPServer Web Forums Server 1.x/2.0 - Directory Traversal telcondex SimpleWebserver 2.13.31027 build 3289 - Directory Traversal TelCondex SimpleWebserver 2.13.31027 build 3289 - Directory Traversal GoAhead WebServer 2.1.x - ASP Script File Source Code Disclosure GoAhead Web Server 2.1.x - .ASP Script File Source Code Disclosure GoAhead WebServer 2.1.x - Directory Management Policy Bypass GoAhead Web Server 2.1.x - Directory Management Policy Bypass py software active webcam WebServer 4.3/5.5 - Multiple Vulnerabilities PY Software Active Webcam 4.3/5.5 - WebServer Multiple Vulnerabilities Oracle Weblogic Server 10.3 - 'console-help.portal' Cross-Site Scripting Oracle WebLogic Server 10.3 - 'console-help.portal' Cross-Site Scripting Boa Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection GoAhead WebServer 2.18 - addgroup.asp group Parameter Cross-Site Scripting GoAhead WebServer 2.18 - addlimit.asp url Parameter Cross-Site Scripting GoAhead WebServer 2.18 - adduser.asp Multiple Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addgroup.asp' 'group' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addlimit.asp' 'url' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'adduser.asp' Multiple Parameter Cross-Site Scripting GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities GoAhead Web Server 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities Home Web Server 1.9.1 build 164 - Remote Code Execution Home Web Server 1.9.1 (build 164) - Remote Code Execution Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) BSD/x86 - Portbind Port 31337 Shellcode (83 bytes) BSD/x86 - Portbind Random Port Shellcode (143 bytes) BSD/x86 - Bind 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes) BSD/x86 - Reverse Portbind 6969/TCP Shellcode (129 bytes) FreeBSD/x86 - setreuid_ execve(pfctl -d) Shellcode (56 bytes) FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes) FreeBSD/x86 - rev connect_ recv_ jmp_ return results Shellcode (90 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - Reverse Portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - encrypted Shellcode /bin/sh (48 bytes) FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Bind 4883/TCP with Auth Shellcode (222 bytes) FreeBSD/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh Shellcode (44 bytes) FreeBSD/x86 - chown 0:0 + chmod 6755 + execve /tmp/sh Shellcode (44 bytes) Linux/x86 - Portbind Shellcode (Generator) Windows XP SP1 - Portbind Shellcode (Generator) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) Cisco IOS - Bind Shellcode Password Protected (116 bytes) Cisco IOS - Bind Password Protected Shellcode (116 bytes) Linux/x86-64 - connect-back semi-stealth Shellcode (88+ bytes) Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes) Linux/x86-64 - Connect Back Semi-Stealth Shellcode (88+ bytes) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/PPC - read & exec Shellcode (32 bytes) Linux/PPC - read + exec Shellcode (32 bytes) Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/x86 - Forks a HTTP Server on port 8800/TCP Shellcode (166 bytes) Linux/x86 - Listens for Shellcode on 5555/TCP and jumps to it (83 bytes) Linux/x86 - Polymorphic Shellcode disable Network Card (75 bytes) Linux/x86 - Forks a HTTP Server on 8800/TCP Shellcode (166 bytes) Linux/x86 - Listens for Shellcode on 5555/TCP + Jumps to it (83 bytes) Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - /bin/sh polymorphic Shellcode (48 bytes) Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - Polymorphic chmod(_/etc/shadow__666) Shellcode (54 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial port shell binding & busybox Launching Shellcode (82 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) & exit(0) Shellcode (30 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode obfuscator Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes) Linux/x86 - Shellcode Obfuscator Linux/x86 - Connectback 54321/UDP Live Packet Capture Shellcode (151 bytes) Linux/x86 - setuid(0) & execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - Connect back (140.115.53.35:9999)_ download a file (cb) and execute Shellcode (149 bytes) Linux/x86 - Connectback (140.115.53.35:9999) + download a file (cb) + execute Shellcode (149 bytes) Linux/x86 - writes a php connectback shell (/var/www/cb.php) to the filesystem Shellcode (508 bytes) Linux/x86 - Writes A PHP connectback shell (/var/www/cb.php) To The Filesystem Shellcode (508 bytes) Linux/x86 - set system time to 0 and exit Shellcode (12 bytes) Linux/x86 - Add root user 'r00t' with no password to /etc/passwd Shellcode (69 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Add Root User 'r00t' Without Password To /etc/passwd Shellcode (69 bytes) Linux/x86 - forkbomb Shellcode (7 bytes) Linux/x86 - Fork Bomb Shellcode (7 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and execve() Shellcode (111+ bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - stdin re-open and /bin/sh exec Shellcode (39 bytes) Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes) Linux/x86 - setuid(0) and /bin/sh execve() Shellcode (30 bytes) Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes) Linux/x86 - Portbind 2707 Shellcode (84 bytes) Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - xor-encoded Connect Back (127.0.0.1:80) Shellcode (371 bytes) Linux/x86 - execve(/bin/sh) + ZIP Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + RTF Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + RIFF Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + Bitmap Header Shellcode (27 bytes) Linux/x86 - Connectback (127.0.0.1:80) (XOR Encoded) Shellcode (371 bytes) Linux/x86 - execve(/bin/sh) + .ZIP Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + .RTF Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + .RIFF Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + .BMP Bitmap Header Shellcode (27 bytes) Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes) Linux/x86 - Portbind Port 64713 Shellcode (86 bytes) Linux/x86 - Bind Password Authentication 64713/TCP Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and JMP Shellcode (68+ bytes) Linux/x86 - HTTP/1.x GET_ Downloads + JMP Shellcode (68+ bytes) Linux/x86 - execve /bin/sh Shellcode (encoded by +1) (39 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Connect-back Shellcode 127.0.0.1:31337/TCP (74 bytes) Linux/x86 - Connectback Shellcode 127.0.0.1:31337/TCP (74 bytes) Linux/x86 - Connect Back Shellcode (90 bytes) Linux/x86 - socket-proxy Shellcode (372 bytes) Linux/x86 - Connectback Shellcode (90 bytes) Linux/x86 - Socket-proxy Shellcode (372 bytes) Linux/x86 - chroot & standart Shellcode (66 bytes) Linux/x86 - upload & exec Shellcode (189 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - upload + exec Shellcode (189 bytes) Linux/x86 - alpha-numeric Shellcode (64 bytes) Linux/x86 - alpha-numeric using IMUL Method Shellcode (88 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - execve /bin/sh alphanumeric Shellcode (392 bytes) Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - shared memory exec Shellcode (50 bytes) Linux/x86 - Shared Memory exec Shellcode (50 bytes) Linux/x86 - Reverse telnet Shellcode (134 bytes) Linux/x86 - Reverse Telnet Shellcode (134 bytes) Linux/x86 - Portbind Port 5074 Shellcode (92 bytes) Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add user Shellcode (104 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - execve /bin/sh tolower() evasion Shellcode (41 bytes) Linux/x86 - execve of /bin/sh after setreuid(0_0) Shellcode (46+ bytes) Linux/x86 - execve /bin/sh (tolower() Evasion) Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve /bin/sh toupper() evasion Shellcode (55 bytes) Linux/x86 - execve /bin/sh (toupper() Evasion) Shellcode (55 bytes) Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes) NetBSD/x86 - Callback 6666/TCP Shellcode (83 bytes) OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OSX/PPC - execve(/bin/sh)_ exit() Shellcode (72 bytes) OSX/PPC - execve(/bin/sh) + exit() Shellcode (72 bytes) Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Portbind Shellcode (240 bytes) Solaris/x86 - Portbind TCP Shellcode (Generator) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) Shellcode (59 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/x86 - setuid(0) + execve(//bin/sh); + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(/bin/cat_ /etc/shadow) + exit(0) Shellcode (59 bytes) Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes) Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - Connectback_ receive_ save and execute Shellcode Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Tiny Download and Exec Shellcode (192 bytes) Win32 - Download & Execute Shellcode (124 bytes) Win32 - Connectback + receive + save + execute Shellcode Win32 - Download + Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Tiny Download + Exec Shellcode (192 bytes) Win32 - Download + Execute Shellcode (124 bytes) Win32 - Download & Exec Shellcode (226+ bytes) Win32 - Download + Exec Shellcode (226+ bytes) Windows XP/2000/2003 - Download File and Exec Shellcode (241 bytes) Windows XP - Download & Exec Shellcode Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes) Windows XP/2000/2003 - Download File + Exec Shellcode (241 bytes) Windows XP - Download + Exec Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) & execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) and cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) & exit() Shellcode (33 bytes) Linux/x86 - Linux/x86 execve() Shellcode (51 bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - execve() Shellcode (51 bytes) Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) Shellcode Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes) Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Linux/x86 - unlink(/etc/passwd) & exit() Shellcode (35 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Linux/x86 - fork bomb Shellcode (6 bytes) Linux/x86 - append '/etc/passwd' & exit() Shellcode (107 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - polymorphic Shellcode ip6tables -F (71 bytes) Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Windows XP/Vista/7 - JITed Egghunter Stage-0 Shellcode Adjusted Universal Linux/x86 - nc -lvve/bin/sh -p13377 Shellcode Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux - write() & exit(0) Shellcode genearator with customizable text Linux/x86 - polymorphic forkbombe Shellcode (30 bytes) Linux/x86 - forkbomb Shellcode (6 bytes) Linux/x86 - setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86 - sends 'Phuck3d!' to all terminals Shellcode (60 bytes) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) Shellcode (57 bytes) Windows XP SP2 (FR) - Download & Exec Shellcode Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Windows XP SP2 (FR) - Download + Exec Shellcode Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Linux/x86 - Polymorphic setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) Shellcode (39 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes) Linux/x86 - Netcat Connectback 8080/TCP Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() & exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) Shellcode (131 bytes) Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Linux/ARM - setuid(0) & kill(-1_ SIGKILL) Shellcode (28 bytes) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Linux/x86 - Polymorphic /bin/sh Shellcode (116 bytes) Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) Shellcode (84 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded Shellcode (78 bytes) Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (Generator) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) ARM - Bindshell Port 0x1337 Shellcode ARM - Bind Connect UDP Port 68 Shellcode ARM - Bind Shell Port 0x1337 Shellcode ARM - Bind Connect 68/UDP Shellcode BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Linux/SuperH (sh4) - setuid(0) / chmod(_/etc/shadow__ 0666) / exit(0) Shellcode (43 bytes) Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) Linux/x86 - egghunt Shellcode (29 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd Linux/x86 - setuid(0) + setgid(0) + add user 'iph' Without Password to /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add user _t0r_ with password _Winner_ Shellcode (189 bytes) Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86 - chmod 666 /etc/passwd & /etc/shadow Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes) Windows x86 - Password Protected TCP Bind Shellcode (637 bytes) Windows x86 - Bind TCP Password Protected Shellcode (637 bytes) Windows RT ARM - Bind Shell Port 4444 Shellcode Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows x86 - Persistent Reverse Shell TCP (494 Bytes) Windows x86 - Reverse Persistent TCP Shellcode (494 Bytes) Windows 7 x86 - Bind Shell TCP 4444 Shellcode (357 Bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Position independent & Alphanumeric execve(_/bin/sh\0__NULL_NULL); Shellcode (87 bytes) Linux/x86-64 - Position independent + execve(_/bin/sh\0__NULL_NULL); Alphanumeric Shellcode (87 bytes) Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Reverse TCP connect Shellcode (77 to 85 bytes / 90 to 98 bytes with password) Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Reverse TCP Connect Shellcode (77 to 85 bytes / 90 to 98 bytes with Password) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download & Execute Shellcode (Generator) Windows XP x86-64 - Download + Execute Shellcode (Generator) Linux/x86 - ROT13 encoded execve(_/bin/sh_) Shellcode (68 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - Obfuscated map google.com to 127.1.1.1 Shellcode (98 bytes) Linux/x86 - Obfuscated execve(_/bin/sh_) Shellcode (40 bytes) Linux/x86 - Add Map google.com to 127.1.1.1 Obfuscated Shellcode (98 bytes) Linux/x86 - execve(_/bin/sh_) Obfuscated Shellcode (40 bytes) Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow & exit() Shellcode (33 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - mkdir HACK & chmod 777 and exit(0) Shellcode (29 bytes) Linux/x86 - Netcat BindShell Port 5555 Shellcode (60 bytes) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86 - Download & Execute Shellcode Linux/x86 - Download + Execute Shellcode Linux/x86-64 - Encoded execve Shellcode (57 bytes) Linux/x86-64 - encoded execve Shellcode (57 bytes) Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86 - Egg Hunter Shellcode (19 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 and exit Shellcode (Generator) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes) Linux/x86-64 - egghunter Shellcode (24 bytes) Linux/x86-64 - Polymorphic execve Shellcode (31 bytes) Linux/x86-64 - Bind 31173/TCP Password Shellcode (92 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - Bind TCP Port Shellcode (103 bytes) Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bindshell 4444/TCP with Password Prompt Shellcode (162 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind 4444/TCP Password Prompt Shellcode (162 bytes) Linux/x86-64 - TCP Reverse Shell with Password Prompt Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password Prompt Shellcode (151 bytes) Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - shell_reverse_tcp with Password Polymorphic Shellcode (1) (122 bytes) Linux/x86-64 - shell_reverse_tcp with Password Polymorphic Shellcode (2) (135 bytes) Linux/x86 - Download & Execute Shellcode (135 bytes) Linux/x86-64 - Polymorphic Execve-Stack Shellcode (47 bytes) Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (1) (122 bytes) Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (2) (135 bytes) Linux/x86 - Download + Execute Shellcode (135 bytes) Linux/x86-64 - Execve-Stack Polymorphic Shellcode (47 bytes) Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes) Windows x86 - Download + Run via WebDAV Null-Free Shellcode (96 bytes) Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes) Linux/x86-64 - Bind Shell Shellcode (Generator) Linux/x86 - Bind 1472/TCP (IPv6) Shellcode (1250 bytes) Linux/x86-64 - Bind Shell Shellcode (Generator) Linux/x86 - Bindshell with Configurable Port Shellcode (87 bytes) Linux/x86 - Bind Shell Configurable Port Shellcode (87 bytes) Linux/x86 - Bind Shell Port 4444/TCP Shellcode (656 bytes) Linux/x86-64 - XOR Encode execve Shellcode (84 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Windows XP < 10 - Download & Execute Shellcode Windows XP < 10 - Download + Execute Shellcode Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes) Linux/x86 - Bind Shell Port 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind NetCat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86 - TCP Reverse Shellcode (75 bytes) Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password Shellcode (172 bytes) Linux/x86 - Reverse TCP Shellcode (75 bytes) Linux/x86-64 - Reverse Continuously Probing Shell via Socket + Port-range + Password Shellcode (172 bytes) Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes) Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes) Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes) Linux/x86 - Bind Netcat Shellcode with Port (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse zsh 9090/TCP Shellcode (80 bytes) Windows x86 - Keylogger Reverse UDP Shellcode (493 bytes) Windows x86 - Reverse UDP Keylogger Shellcode (493 bytes) Windows x64 - Download & Execute Shellcode (358 bytes) Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes) Windows x64 - Download + Execute Shellcode (358 bytes) Linux/x86 - Reverse Netcat (-e option disabled) Shell Shellcode (180 bytes) Windows x64 - Password Protected Bind Shellcode (825 bytes) Windows x64 - Bind Password Protected Shellcode (825 bytes) Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux - TCP Reverse Shell Shellcode (65 bytes) Linux/x86-64 - Reverse TCP Shellcode (65 bytes) Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes) Linux/x86-64 - Polymorphic Flush IPTables Shellcode (47 bytes) Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes) Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes) Linux/x86-64 - Setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse NetCat Shellcode (72 bytes) Linux/x86-64 - Reverse NetCat Polymorphic Shellcode (106 bytes) Linux/x86 - Encoded exceve(_/bin/sh_) Shellcode (44 Bytes) Linux/x86 - exceve(_/bin/sh_) Encoded Shellcode (44 Bytes) Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) simple WebServer 2.3-rc1 - Directory Traversal Simple Web Server 2.3-rc1 - Directory Traversal fastream netfile ftp/web server 6.5/6.7 - Directory Traversal Fastream NETFile FTP/Web Server 6.5/6.7 - Directory Traversal LiteWeb Server 2.5 - Authentication Bypass LiteWEB Web Server 2.5 - Authentication Bypass ActiveWeb Contentserver 5.6.2929 - Picture_Real_Edit.asp SQL Injection ActiveWeb Contentserver 5.6.2929 - 'Picture_Real_Edit.asp' SQL Injection Easy File Sharing WebServer 6.8 - Persistent Cross-Site Scripting Easy File Sharing Web Server 6.8 - Persistent Cross-Site Scripting CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning CMS Made Simple < 1.12.1 / < 2.1.3 - Web Server Cache Poisoning OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution	2017-07-05 05:01:23 +00:00
Offensive Security	6a2dd9562e	DB: 2017-07-04 6 new exploits Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - (Predictable PRNG) Brute Force SSH (Perl) OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - (Predictable PRNG) Brute Force SSH (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - (Predictable PRNG) Brute Force SSH (Python) Boa WebServer 0.94.x - Terminal Escape Sequence in Logs Command Injection Boa Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection eVestigator Forensic PenTester - MITM Remote Code Execution BestSafe Browser - MITM Remote Code Execution Personify360 7.5.2/7.6.1 - Improper Access Restrictions Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions Sophos Cyberoam - Cross-site scripting BOA Web Server 0.94.14rc21 - Arbitrary File Access	2017-07-04 05:01:21 +00:00
Offensive Security	da85974f2a	DB: 2017-07-01 3 new exploits LG MRA58K - 'ASFParser::SetMetaData' Stack Overflow Google Chrome - Out-of-Bounds Access in RegExp Stubs ActiveMQ < 5.14.0 - web shell upload (Metasploit) ActiveMQ < 5.14.0 - Web Shell Upload (Metasploit) Humax HG100R 2.0.6 - Backup File Download	2017-07-01 05:01:21 +00:00
Offensive Security	6ab9a26ee4	DB: 2017-06-27 10 new exploits PHP Exif Extension - 'exif_read_data()' Function Remote Denial of Service PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service PHP phar extension 1.1.1 - Heap Overflow PHP 'phar' Extension 1.1.1 - Heap Overflow PHP 5.2.1 GD Extension - '.WBMP' File Integer Overflow Vulnerabilities PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities PHP 5.3.1 - 'session_save_path()' 'Safe_mode' Restriction-Bypass PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot PHP 5.3.2 xmlrpc Extension - Multiple Remote Denial of Service Vulnerabilities PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities PHP 5.3.x - 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service PHP 5.3.x - 'Zip' Extension 'stream_get_contents()' Function Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service PHP < 5.3.6 OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak Denial of Service PHP < 5.3.6 OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write NTFS 3.1 - Master File Table Denial of Service LAME 3.99.5 - 'II_step_one' Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow PHP COM extensions - (inconsistent Win32) Safe_mode Bypass Exploit PHP 'COM' Extensions - (inconsistent Win32) 'safe_mode' Bypass Exploit PHP 5.2.3 Tidy extension - Local Buffer Overflow PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow PHP 5.2.3 - Win32std ext. Safe_mode/disable_functions Protections Bypass PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass PHP 5.x - (Win32service) Local Safe Mode Bypass Exploit PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit PHP FFI Extension 5.0.5 - Local Safe_mode Bypass PHP Perl Extension - Safe_mode BypassExploit PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass PHP 5.x - COM functions Safe_mode and disable_function Bypass PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass PHP 5.2.6 - (error_log) Safe_mode Bypass PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit PHP - Safe_mode Bypass via proc_open() and custom Environment PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment PHP python extension safe_mode - Bypass Local PHP 'python' Extension - 'safe_mode' Local Bypass Exploit PHP 3 < 5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass PHP 3 < 5 - Ini_Restore() 'Safe_mode' / 'open_basedir' Restriction Bypass PHP 5.2 - Session.Save_Path() Safe_mode and open_basedir Restriction Bypass PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass PHP 5.2 - FOpen Safe_mode Restriction-Bypass PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit PHP 5.2.9 cURL - 'Safe_mode' and 'open_basedir' Restriction-Bypass PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit JAD Java Decompiler 1.5.8e - Buffer Overflow Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass/RCI Exploit Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit Network Tool 0.2 PHP-Nuke Addon - MetaCharacter Filtering Command Execution PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution PHP 4.x/5.x - Html_Entity_Decode() Information Disclosure PHP 4.x/5.x - 'Html_Entity_Decode()' Information Disclosure PHP 4.x - copy() Function Safe Mode Bypass PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit PHP 5.2.5 - cURL 'safe mode' Security Bypass PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit PHP 5.x (5.3.x 5.3.2) - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit) Crypttech CryptoLog - Remote Code Execution (Metasploit) Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit) Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit) Linux/x86 - Bind Shell Shellcode (75 bytes) JiRos Banner Experience 1.0 - (Create Authentication Bypass) Remote Exploit JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit XOOPS myAds Module - (lid) SQL Injection XOOPS myAds Module - 'lid' SQL Injection PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit Kolang - proc_open PHP safe mode Bypass 4.3.10 - 5.3.0 Exploit Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit SmarterMail 7.x (7.2.3925) - Persistent Cross-Site Scripting SmarterMail 7.x (7.2.3925) - LDAP Injection SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting SmarterMail < 7.2.3925 - LDAP Injection MaticMarket 2.02 for PHP-Nuke - Local File Inclusion PHP-Nuke MaticMarket 2.02 - Local File Inclusion WordPress Plugin BuddyPress plugin 1.5.x < 1.5.5 - SQL Injection WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection Search Enhanced Module 1.1/2.0 for PHP-Nuke - HTML Injection PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Exploit Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock) PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock) phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection pragmaMx 1.12.1 - modules.php URI Cross-Site Scripting pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting Glossaire Module for XOOPS - '/modules/glossaire/glossaire-aff.php' SQL Injection XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection ATutor LMS - install_modules.php Cross-Site Request Forgery / Remote Code Execution ATutor LMS - 'install_modules.php' Cross-Site Request Forgery / Remote Code Execution vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API Eltek SmartPack - Backdoor Account	2017-06-27 05:01:26 +00:00
Offensive Security	380d33dd22	DB: 2017-06-20 13 new exploits GNU binutils - 'rx_decode_opcode' Buffer Overflow GNU binutils - 'disassemble_bytes' Heap Overflow GNU binutils - 'bfd_get_string' Stack Buffer Overflow GNU binutils - 'decode_pseudodbg_assert_0' Buffer Overflow GNU binutils - 'ieee_object_p' Stack Buffer Overflow GNU binutils - 'print_insn_score16' Buffer Overflow GNU binutils - 'aarch64_ext_ldst_reglist' Buffer Overflow iBall Baton iB-WRA150N - Unauthenticated DNS Change nuevoMailer 6.0 - SQL Injection UTstarcom WA3002G4 - Unauthenticated DNS Change D-Link DSL-2640U - Unauthenticated DNS Change Beetel BCM96338 Router - Unauthenticated DNS Change D-Link DSL-2640B - Unauthenticated Remote DNS Change	2017-06-20 05:01:28 +00:00
Offensive Security	a090330e55	DB: 2017-06-16 6 new exploits Avast aswSnx.sys Kernel Driver 11.1.2253 - Memory Corruption Privilege Escalation Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without Egg-Hunter) (Metasploit) Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without EggHunter) (Metasploit) VX Search Enterprise 9.7.18 - Local Buffer Overflow Sudo - 'get_process_ttyname()' Privilege Escalation Win32 - JITed stage-0 Shellcode Win32 - JITed Stage-0 Shellcode Windows - JITed egg-hunter stage-0 Shellcode Windows - JITed Egghunter Stage-0 Shellcode Windows XP/Vista/7 - JITed egg-hunter stage-0 Shellcode Adjusted Universal Windows XP/Vista/7 - JITed Egghunter Stage-0 Shellcode Adjusted Universal Linux/x86 - Egg-hunter Shellcode (31 bytes) Linux/x86 - Egghunter Shellcode (31 bytes) Linux/x86 - Egg-hunter Shellcode (20 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86 - Egg-hunter Shellcode (13 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86 - Egg-hunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes) Linux/x86_64 - execve(_/bin/sh_) Shellcode (24 bytes) AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit) AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit) Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution	2017-06-16 05:01:26 +00:00
Offensive Security	cd6e21e600	DB: 2017-06-06 11 new exploits Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow DNSTracer 1.8.1 - Buffer Overflow Parallels Desktop - Virtual Machine Escape Subsonic 6.1.1 - XML External Entity Injection BIND 9.10.5 - Unquoted Service Path Privilege Escalation Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution Subsonic 6.1.1 - Cross-Site Request Forgery Subsonic 6.1.1 - Server-Side Request Forgery Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting	2017-06-06 05:01:15 +00:00
Offensive Security	42e94b4366	DB: 2017-06-05 26 new exploits Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files Microsoft MsMpEng - Use-After-Free via Saved Callers WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope WebKit - 'Element::setAttributeNodeNS' Use-After-Free reiserfstune 3.6.25 - Local Buffer Overflow TiEmu 2.08 - Local Buffer Overflow Octopus Deploy - Authenticated Code Execution (Metasploit) Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit) CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes) Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes) uc-http Daemon - Local File Inclusion / Directory Traversal Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root Piwigo Plugin Facetag 0.0.3 - SQL Injection OV3 Online Administration 3.0 - Directory Traversal OV3 Online Administration 3.0 - Remote Code Execution OV3 Online Administration 3.0 - SQL Injection Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting	2017-06-05 05:01:15 +00:00
Offensive Security	b1d5f96f79	DB: 2017-05-27 6 new exploits Sandboxie 5.18 - Local Denial of Service JAD java Decompiler 1.5.8e - Local Buffer Overflow Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write D-Link DCS Series Cameras - Insecure Crossdomain QWR-1104 Wireless-N Router - Cross-Site Scripting	2017-05-27 05:01:15 +00:00
Offensive Security	3f846368c1	DB: 2017-05-20 9 new exploits Microsoft Windows - Unauthenticated SMB Remote Code Execution (MS17-010) (Metasploit) Microsoft Windows - Unauthenticated SMB Remote Code Execution Scanner (MS17-010) (Metasploit) Linux chfn (SuSE 9.3 / 10) - Privilege Escalation Linux chfn (SuSE 9.3/10) - Privilege Escalation Microsoft Windows XP SP3 x86 / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002) Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002) Microsoft Windows Server 2008 R2 SP1 (x64) (Standard) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 8/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Joomla 3.7.0 - 'com_fields' SQL Injection Oracle PeopleSoft - Server-Side Request Forgery Belden Garrettcom 6K/10K Switches - Authentication Bypass / Memory Corruption SAP Business One for Android 1.2.3 - XML External Entity Injection ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass PlaySMS 1.4 - Remote Code Execution D-Link DIR-600M Wireless N 150 - Authentication Bypass	2017-05-20 05:01:16 +00:00
Offensive Security	cf40ee3ab5	DB: 2017-05-17 3 new exploits LabF nfsAxe 3.7 FTP Client - Buffer Overflow (SEH) Sophos Web Appliance 4.3.1.1 - Session Fixation Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities	2017-05-17 05:01:16 +00:00
Offensive Security	2ac6fc17c2	DB: 2017-04-13 3 new exploits Solaris 7 - 11 (x86 & SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation Cisco Catalyst 2960 IOS 12.2(55)SE11 - 'ROCEM' Remote Code Execution D-Link DWR-116 / DWR-116A1 - Arbitrary File Download	2017-04-13 05:01:16 +00:00
Offensive Security	814ba132f8	DB: 2017-04-12 18 new exploits Apple WebKit - 'JSC::B3::Procedure::resetReachability' Use-After-Free Apple WebKit - 'Document::adoptNode' Use-After-Free Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow Proxifier for Mac 2.18 - Multiple Vulnerabilities Proxifier for Mac 2.17 / 2.18 - Privesc Escalation Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout Quest Privilege Manager 6.0.0 - Arbitrary File Write Adobe Multiple Products - XML Injection File Content Disclosure MyClassifiedScript 5.1 - SQL Injection Social Directory Script 2.0 - SQL Injection FAQ Script 3.1.3 - 'category_id' Parameter SQL Injection WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal Brother MFC-J6520DW - Authentication Bypass / Password Change Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element	2017-04-12 05:01:16 +00:00
Offensive Security	ddb02a2ec6	DB: 2017-04-08 16 new exploits Aztek Forum 4.00 - 'myadmin.php' User Privilege Escalation Aztek Forum 4.0 - 'myadmin.php' User Privilege Escalation Intellinet NFC-30IR Camera - Multiple Vulnerabilities Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery Invoice Template - 'hash' Parameter SQL Injection Document Management Template - 'hash' Parameter SQL Injection Shopping Cart Template - 'item' Parameter SQL Injection Calendar Template 2.0 - 'editid1' Parameter SQL Injection Forum Template 1.0 - SQL Injection Quiz Template 1.0 - 'testid' Parameter SQL Injection Survey Template 1.1 - 'masterkey1' Parameter SQL Injection My Gaming Ladder Combo System 7.5 - SQL Injection Ladder System 6.0 - 'faqid' Parameter SQL Injection WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection e107 CMS 2.1.4 - Cross-Site Request Forgery WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery	2017-04-08 05:01:18 +00:00
Offensive Security	eed6486b7b	DB: 2017-04-06 6 new exploits macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow Apple macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability Apple macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution Apple macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free Apple macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking Apple macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption Apple macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking Apple macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device Apple macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free Apple macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read ImagePro Lazygirls Clone Script - SQL Injection Airbnb Crashpadder Clone Script - SQL Injection Premium Penny Auction Script - SQL Injection Sweepstakes Pro Software - SQL Injection Appointment Script - SQL Injection D-Link DIR-615 - Cross-Site Request Forgery	2017-04-06 05:01:18 +00:00
Offensive Security	8ce122cbaf	DB: 2017-04-04 3 new exploits BackBox OS - Denial of Service Apache Tomcat 6/7/8/9 - Information Disclosure Zyxel_ EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection	2017-04-04 05:01:25 +00:00
Offensive Security	8b5b662af9	DB: 2017-03-23 8 new exploits SpyCamLizard 1.230 - Denial of Service APNGDis 2.8 - 'chunk size descriptor' Heap Buffer Overflow APNGDis 2.8 - 'image width / height chunk' Heap Buffer Overflow APNGDis 2.8 - 'filename' Stack Buffer Overflow Disk Sorter Enterprise 9.5.12 - 'GET' Buffer Overflow (SEH) SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit) GLink Word Link Script 1.2.3 - SQL Injection Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities	2017-03-23 05:01:16 +00:00
Offensive Security	07432556e0	DB: 2017-03-21 26 new exploits FTPShell Client 6.53 - Local Buffer Overflow FTPShell Client 6.53 - 'Session name' Local Buffer Overflow FTPShell Server 6.56 - 'ChangePassword' Buffer Overflow ExtraPuTTY 0.29-RC2 - Denial of Service Google Nest Cam 5.2.1  - Buffer Overflow Conditions Over Bluetooth LE Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017) Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011) Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - Uniscribe Font Processing Buffer Overflow in 'USP10!FillAlternatesList' (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011) Microsoft GDI+ - 'gdiplus!GetRECTSForPlayback' Out-of-Bounds Read (MS17-013) Microsoft Color Management Module 'icm32.dll' - 'icm32!Fill_ushort_ELUTs_from_lut16Tag' Out-of-Bounds Read (MS17-013) Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) Microsoft Color Management Module 'icm32.dll' - 'icm32!LHCalc3toX_Di16_Do16_Lut8_G32' Out-of-Bounds Read (MS17-013) Mozilla Firefox - 'table' Use-After-Free Microsoft Internet Explorer - 'textarea.defaultValue' Memory Disclosure (MS17-006) HttpServer 1.0 - Directory Traversal Cobbler 2.8.0 - Authenticated Remote Code Execution Joomla! Component JooCart 2.x - 'product_id' Parameter SQL Injection Joomla! Component jCart for OpenCart 2.0 - 'product_id' Parameter SQL Injection phplist 3.2.6 - SQL Injection D-Link DGS-1510 - Multiple Vulnerabilities	2017-03-21 05:01:17 +00:00
Offensive Security	e3778e5508	DB: 2017-03-20 5 new exploits Linux/x86 - Bind Shell Shellcode (51 bytes) Linux/x86 - Bind Shell Shellcode (42 bytes) Linux/x86 - File Reader Shellcode (54 Bytes) iFdate Social Dating Script 2.0 - SQL Injection DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation Omegle Clone - SQL Injection Secure Download Links - 'dc' Parameter SQL Injection	2017-03-20 05:01:17 +00:00
Offensive Security	4da96605a4	DB: 2017-03-18 8 new exploits Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow FTPShell Client 6.53 - Local Buffer Overflow Linux/x86 - Encoded exceve(_/bin/sh_) Shellcode (44 Bytes) Linux/x86 - Bind Shell Shellcode (51 bytes) Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download AXIS Communications - Cross-Site Scripting / Content Injection AXIS Multiple Products - Cross-Site Request Forgery Departmental Store Management System 1.2 - SQL Injection	2017-03-18 05:01:24 +00:00
Offensive Security	c7382d10cd	DB: 2017-03-15 4 new exploits MikroTik Router - ARP Table OverFlow Denial Of Service Netgear R7000 and R6400 - cgi-bin Command Injection (Metasploit) Netgear R7000 and R6400 - 'cgi-bin' Command Injection (Metasploit) D-Link DI-524 - Cross-Site Request Forgery Joomla! Component Simple Membership 3.3.3 - 'userId' Parameter SQL Injection Joomla! Component Advertisement Board 3.0.4 - 'id' Parameter SQL Injection	2017-03-15 05:01:18 +00:00
Offensive Security	6e7ec5be32	DB: 2017-03-10 20 new exploits Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service Apache Struts2 - Skill Name Remote Code Execution Apache Struts 2 - Skill Name Remote Code Execution Linux - Reverse Shell Shellcode (65 bytes) Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Linux - TCP Reverse Shell Shellcode (65 bytes) Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Windows x86 - Executable Directory Search Shellcode (130 bytes) Apache Struts2 < 2.3.1 - Multiple Vulnerabilities Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities Country on Sale Script - SQL Injection Media Search Engine Script - 'search' Parameter SQL Injection Soundify 1.1 - 'tid' Parameter SQL Injection BistroStays 3.0 - 'guests' Parameter SQL Injection Nlance 2.2 - SQL Injection Busewe 1.2 - SQL Injection Fashmark 1.2 - 'category' Parameter SQL Injection TradeMart 1.1 - SQL Injection Drupal 7.x Module Services - Remote Code Execution WordPress Plugin Mac Photo Gallery 3.0 - Arbitrary File Download WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download WordPress Plugin PICA Photo Gallery 1.0 - SQL Injection Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery	2017-03-10 05:01:18 +00:00
Offensive Security	4811e36301	DB: 2017-03-06 9 new exploits Linux/x86-64 - Polymorphic Flush IPTables Shellcode (47 bytes) Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes) Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes) Joomla! Component com_jumi - (fileid) Blind SQL Injection Joomla! Component Jumi - 'fileid' Parameter Blind SQL Injection EPSON TMNet WebConfig 1.00 - Cross-Site Scripting Joomla! Component JUX EventOn 1.0.1 - 'id' Parameter SQL Injection Joomla! Component Monthly Archive 3.6.4 - 'author_form' Parameter SQL Injection Joomla! Component AYS Quiz 1.0 - 'id' Parameter SQL Injection Joomla! Component Content ConstructionKit 1.1 - SQL Injection Joomla! Component AltaUserPoints 1.1 - 'userid' Parameter SQL Injection	2017-03-06 05:01:18 +00:00
Offensive Security	846ce42eca	DB: 2017-03-02 14 new exploits SysGauge 1.5.18 - Buffer Overflow WePresent WiPG-1500 - Backdoor Account Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes) DLink DSL-2730U Wireless N 150 - Cross-Site Request Forgery Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery SchoolDir - SQL Injection Rage Faces Script 1.3 - SQL Injection Meme Maker Script 2.1 - 'user' Parameter SQL Injection	2017-03-02 05:01:19 +00:00
Offensive Security	7fa7a111c4	DB: 2017-03-01 5 new exploits BlueIris 4.5.1.4 - Denial of Service Synchronet BBS 3.16c - Denial of Service Cisco AnyConnect Secure Mobility Client 4.3.04027 - Privilege Escalation Linux/x86-64 - Reverse Shell Shellcode (84 bytes) NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery	2017-03-01 05:01:18 +00:00
Offensive Security	026ded7298	DB: 2017-02-28 12 new exploits MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit) Windows x86 - Executable Directory Search Shellcode (130 bytes) Linux/x86_64 - Random Listener Shellcode (54 bytes) NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution Joomla! Component Gnosis 1.1.2 - 'id' Parameter SQL Injection Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit) Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection Joomla! Component My MSG 3.2.1 - SQL Injection Joomla! Component Spinner 360 1.3.0 - SQL Injection Joomla! Component JomSocial - SQL Injection Grails PDF Plugin 0.6 - XML External Entity Injection Joomla! Component OneVote! 1.0 - SQL Injection	2017-02-28 05:01:17 +00:00
Offensive Security	ad7bd81657	DB: 2017-02-22 21 new exploits Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption Microsoft Office PowerPoint 2010 - MSO/OART Heap Out-of-Bounds Access Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check Adobe Flash - MP4 AMF Parsing Overflow Adobe Flash - SWF Stack Corruption Adobe Flash - Use-After-Free in Applying Bitmap Filter Adobe Flash - YUVPlane Decoding Heap Overflow DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery Joomla! Component J-HotelPortal 6.0.2 - 'review_id' Parameter SQL Injection Joomla! Component J-CruiseReservation Standard 3.0 - 'city' Parameter SQL Injection Joomla! Component Eventix Events Calendar 1.0 - SQL Injection Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' Parameter SQL Injection Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection Joomla! Component Magic Deals Web 1.2.0 - SQL Injection Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit) Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit) Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metasploit) Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit) AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit)	2017-02-22 05:01:19 +00:00
Offensive Security	4195f70ade	DB: 2017-02-21 6 new exploits EFS Easy Chat Server - Authentication Request Buffer Overflow (SEH) EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (SEH) EFS Easy Chat Server - Cross-Site Request Forgery (Change Admin Password) EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password) EFS Easy Chat Server - Authentication Request Buffer Overflow (Perl) EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl) yaws 1.89 - Directory Traversal Yaws 1.89 - Directory Traversal Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Jogjacamp JProfile Gold - (id_news) SQL Injection Jogjacamp JProfile Gold - 'id_news' Parameter SQL Injection RSS News AutoPilot Script 1.0.1 / 3.0.3 - Cross-Site Request Forgery Joomla! Component MaQma Helpdesk 4.2.7 - 'id' Parameter SQL Injection Joomla! Component PayPal IPN for DOCman 3.1 - 'id' Parameter SQL Injection Album Lock 4.0 iOS - Directory Traversal Tenda N3 Wireless N150 Home Router - Authentication Bypass	2017-02-21 05:01:20 +00:00
Offensive Security	ae0dd9fa7c	DB: 2017-02-20 14 new exploits Linux - Reverse Shell Shellcode (66 bytes) Joomla! Component com_Joomlaoc - 'id' SQL Injection Joomla! Component Joomloc 1.0 - 'id' Parameter SQL Injection Joomla! Component com_awdwall 1.5.4 - Local File Inclusion / SQL Injection Joomla! Component AWDwall 1.5.4 - Local File Inclusion / SQL Injection Joomla! Component 'com_osproperty' 2.0.2 - Unrestricted Arbitrary File Upload Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload Horde 3.3.5 - Administration Interface admin/PHPshell.php PATH_INFO Parameter Cross-Site Scripting Horde 3.3.5 - Cross-Site Scripting Joomla! Component Joomloc-CAT 4.1.3 - 'ville' Parameter SQL Injection Joomla! Component Joomloc-Lite 1.3.2 - 'site_id' Parameter SQL Injection Joomla! Component JomWALL 4.0 - 'wuid' Parameter SQL Injection Joomla! Component OS Property 3.0.8 - SQL Injection Joomla! Component EShop 2.5.1 - 'id' Parameter SQL Injection Joomla! Component OS Services Booking 2.5.1 - SQL Injection Joomla! Component Room Management 1.0 - SQL Injection Joomla! Component Bazaar Platform 3.0 - SQL Injection Joomla! Component Google Map Store Locator 4.4 - SQL Injection Joomla! Component Most Wanted Real Estate 1.1.0 - SQL Injection NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution Sawmill Enterprise 8.7.9 - Authentication Bypass PHPShell 2.4 - Session Fixation	2017-02-20 05:01:17 +00:00
Offensive Security	d9f5d919c6	DB: 2017-02-16 10 new exploits Microsoft Windows gdi32.dll - EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure NVIDIA Driver 375.70 - DxgkDdiEscape 0x100008b Out-of-Bounds Read/Write NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission GOM Player 2.3.10.5266 - '.fpx' Denial of Service Cisco ASA - WebVPN CIFS Handling Buffer Overflow OpenText Documentum D2 - Remote Code Execution Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit) Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 - Multiple Vulnerabilities Joomla! Component JoomBlog 1.3.1 - SQL Injection Joomla! Component JSP Store Locator 2.2 - 'id' Parameter SQL Injection	2017-02-16 05:01:17 +00:00
Offensive Security	dcc7720ad6	DB: 2017-02-11 18 new exploits Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection (Metasploit) F5 BIG-IP SSL Virtual Server - Memory Disclosure CMS Lite 1.3.1 - SQL Injection Tiger Post 3.0.1 - SQL Injection Gram Post 1.0 - SQL Injection Youtube Analytics Multi Channel 3.0 - SQL Injection Collabo - Arbitrary File Download Takas Classified 1.1 - SQL Injection Zigaform - SQL Injection Multilanguage Estate Agency Pro 1.2 - SQL Injection QWIKIA 1.1.1 - SQL Injection Automated Job Portal Script - SQL Injection CLUB-8 EMS - SQL Injection Uploadr - SQL Injection CodePaul ClipMass - SQL Injection Video Subscription - SQL Injection D-link DIR-600M - Cross-Site Request Forgery HotelCMS with Booking Engine - SQL Injection	2017-02-11 05:01:16 +00:00
Offensive Security	1a4e6f50a9	DB: 2017-02-01 65 new exploits Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC) Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x32/x64) - LZH archive parsing (PoC) ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x86/x64) - LZH archive parsing (PoC) Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read Samba < 3.6.2 (x86) - Denial of Serviec (PoC) Adobe Flash - Bad Dereference at 0x23c on Linux x64 Adobe Flash (Linux x64) - Bad Dereference at 0x23c Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited Core FTP Server 32-bit Build 587 - Heap Overflow Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC) Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC) RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation RedHat 6.2 /usr/bin/rcp - 'SUID' Privilege Escalation Setuid perl - PerlIO_Debug() Root Owned File Creation Privilege Escalation Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid) Qpopper 4.0.8 (Linux) - (poppassd) Privilege Escalation Wireless Tools 26 (IWConfig) - Privilege Escalation Qpopper 4.0.8 (Linux) - 'poppassd' Privilege Escalation Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure Rocks Clusters 4.1 - (umount-loop) Privilege Escalation Rocks Clusters 4.1 - (mount-loop) Privilege Escalation Rocks Clusters 4.1 - 'umount-loop' Privilege Escalation Rocks Clusters 4.1 - 'mount-loop' Privilege Escalation PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation Postfix 2.6-20080814 - (symlink) Privilege Escalation Postfix 2.6-20080814 - 'symlink' Privilege Escalation Oracle Database Vault - ptrace(2) Privilege Escalation Oracle Database Vault - 'ptrace(2)' Privilege Escalation Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off-by-One Local Exploit Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Local Exploit Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1) Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load (Privilege Escalation) GNU C Library 2.x (libc6) - (Dynamic Linker LD_AUDIT Arbitrary DSO Load) Privilege Escalation Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Privilege Escalation (1) Free Download Manager - Torrent Parsing Buffer Overflow (Metasploit) Free Download Manager 3.0 Build 844 - Torrent Parsing Buffer Overflow (Metasploit) VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit) PolicyKit polkit-1 < 0.101 - Linux Privilege Escalation PolicyKit polkit-1 < 0.101 - Privilege Escalation Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail) (1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail 8.10.1) (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) QNX RTOS 4.25/6.1 - phgrafxPrivilege Escalation QNX RTOS 4.25/6.1 - phgrafx-startup Privilege Escalation QNX RTOS 4.25/6.1 - 'phgrafx' Privilege Escalation QNX RTOS 4.25/6.1 - 'phgrafx-startup' Privilege Escalation Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure Microsoft Windows 10 10586 (x32/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111) Microsoft Windows 10 10586 (x86/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111) MySQL 3.23.x - mysqld Privilege Escalation MySQL 3.23.x - 'mysqld' Privilege Escalation Platform Load Sharing Facility 4/5/6 - EAuth Privilege Escalation MTools 3.9.x - MFormat Privilege Escalation Platform Load Sharing Facility 4/5/6 - 'EAuth' Privilege Escalation MTools 3.9.x - 'MFormat' Privilege Escalation Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1) sudo 1.8.0 < 1.8.3p1 (sudo_debug) - Privilege Escalation + glibc FORTIFY_SOURCE Bypass sudo 1.8.0 < 1.8.3p1 (sudo_debug) - glibc FORTIFY_SOURCE Bypass + Privilege Escalation Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2) ZABBIX 1.1.4/1.4.2 - daemon_start Privilege Escalation ZABBIX 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3) LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit) Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3) TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure Linux Kernel 3.13 - Privilege Escalation PoC (SGID) Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC) OSSEC 2.8 - hosts.deny Privilege Escalation OSSEC 2.8 - 'hosts.deny' Privilege Escalation Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Privilege Escalation Linux espfix64 - Privilege Escalation (Nested NMIs Interrupting) Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) RHEL 7.0/7.1 - abrt/sosreport Privilege Escalation RHEL 7.0/7.1 - 'abrt/sosreport' Privilege Escalation MySQL 5.5.45 (x64) - Local Credentials Disclosure Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Privilege Escalation Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' bpf(BPF_PROG_LOAD) Privilege Escalation ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation Microsoft Windows 7 (x32/x64) - Group Policy Privilege Escalation (MS16-072) Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072) Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) Viscosity 1.6.7 - Privilege Escalation BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution Solaris /bin/login (SPARC/x86) - Remote Code Execution gpsdrive 2.09 (x86) - (friendsd2) Remote Format String PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit) dproxy-nexgen (Linux/x86) - Buffer Overflow dproxy-nexgen (Linux x86) - Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit) AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit) 32bit FTP Client - Stack Buffer Overflow (Metasploit) Free Download Manager - Remote Control Server Buffer Overflow (Metasploit) Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit) CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit) Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit) Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit) Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit) Webmin 0.x - RPC Function Privilege Escalation Webmin 0.x - 'RPC' Function Privilege Escalation Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit Nginx 1.4.0 (x64) - (Generic Linux) Remote Exploit Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit technote 7.2 - Remote File Inclusion Technote 7.2 - Remote File Inclusion JAWS 0.2/0.3 - 'index.php' gadget Parameter Traversal Arbitrary File Access JAWS 0.2/0.3 - Cookie Manipulation Authentication Bypass JAWS 0.2/0.3 - 'index.php' action Parameter Cross-Site Scripting Jaws 0.2/0.3 - 'gadget' Parameter Traversal Arbitrary File Access Jaws 0.2/0.3 - Cookie Manipulation Authentication Bypass Jaws 0.2/0.3 - 'action' Parameter Cross-Site Scripting JAWS 0.2/0.3/0.4 - ControlPanel.php SQL Injection Jaws 0.2/0.3/0.4 - ControlPanel.php SQL Injection JAWS Glossary 0.4/0.5 - Cross-Site Scripting Jaws Glossary 0.4/0.5 - Cross-Site Scripting JAWS 0.x - Remote File Inclusion Jaws 0.x - Remote File Inclusion FlatNux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities Multiple Netgear Routers - Password Disclosure Video Sharing Script 4.94 - 'uid' Parameter SQL Injection Netman 204 - Backdoor Account / Password Reset	2017-02-01 05:01:19 +00:00
Offensive Security	d0b74905e8	DB: 2017-01-27 17 new exploits Google Android - 'pm_qos' KASLR Bypass macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free Systemd 228 - Privilege Escalation (PoC) OpenSSH 6.8 < 6.9 - 'PTY' Privilege Escalation Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference Denial of Service Haraka < 2.8.9 - Remote Command Execution Linux/x86_64 - execve /bin/sh Shellcode (22 bytes) Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (1) Drupal 7.0 < 7.31 - SQL Injection (1) Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (2) Drupal 7.0 < 7.31 - SQL Injection (2) Pear HTTP_Upload 1.0.0b3 - Arbitrary File Upload KB Affiliate Referral Script 1.0 - Authentication Bypass KB Login Authentication Script 1.1 - Authentication Bypass KB Messages PHP Script 1.0 - Authentication Bypass Web Based TimeSheet Script - Authentication Bypass TM RG4332 Wireless Router - Arbitrary File Disclosure PHPBack < 1.3.1 - SQL Injection / Cross-Site Scripting Polycom VVX Web Interface - Change Admin Password	2017-01-27 05:01:17 +00:00
Offensive Security	763b417a35	DB: 2017-01-25 6 new exploits Mozilla Firefox 1.5 - (history.dat) Looping (PoC) Mozilla Firefox 1.5 - 'history.dat' Looping (PoC) Microsoft Internet Explorer 6 - (script action handlers) 'mshtml.dll' Denial of Service Microsoft Windows Server 2003/XP - (IGMP v3) Denial of Service (MS06-007) (1) Microsoft Internet Explorer 6 - Script Action Handlers 'mshtml.dll' Denial of Service Microsoft Windows Server 2003/XP - IGMP v3 Denial of Service (MS06-007) (1) Microsoft Windows Server 2003/XP - (IGMP v3) Denial of Service (MS06-007) (2) Microsoft Windows Server 2003/XP - IGMP v3 Denial of Service (MS06-007) (2) Apple Mac OSX Safari 2.0.3 - (417.9.2) (ROWSPAN) Denial of Service (PoC) Apple Mac OSX Safari 2.0.3 (417.9.2) - 'ROWSPAN' Denial of Service (PoC) acFTP FTP Server 1.4 - (USER) Remote Buffer Overflow (PoC) acFTP FTP Server 1.4 - 'USER' Remote Buffer Overflow (PoC) 0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash (PoC) 0verkill 0.16 - ASCII-ART Game Remote Integer Overflow Crash (PoC) Clam AntiVirus 0.88.4 - (rebuildpe) Remote Heap Overflow (PoC) Asterisk 1.0.12 / 1.2.12.1 - (chan_skinny) Remote Heap Overflow (PoC) Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC) Asterisk 1.0.12 / 1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC) AT-TFTP 1.9 - (Long Filename) Remote Buffer Overflow (PoC) AT-TFTP 1.9 - 'Long Filename' Remote Buffer Overflow (PoC) LeadTools ISIS Control - (ltisi14E.ocx v.14.5.0.44) Remote Denial of Service LeadTools ISIS Control - 'ltisi14E.ocx 14.5.0.44' Remote Denial of Service Microsoft Visual FoxPro 6.0 - (FPOLE.OCX 6.0.8450.0) - Remote (PoC) Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC) Castle Rock Computing SNMPc < 7.1.1 - (Community) Remote Buffer Overflow (PoC) Castle Rock Computing SNMPc < 7.1.1 - 'Community' Remote Buffer Overflow (PoC) BitDefender - (module pdf.xmd) Infinite Loop Denial of Service (PoC) BitDefender - Module pdf.xmd Infinite Loop Denial of Service (PoC) ClamAV < 0.94.2 - (JPEG Parsing) Recursive Stack Overflow (PoC) ClamAV < 0.94.2 - JPEG Parsing Recursive Stack Overflow (PoC) Amaya Web Browser 10.0.1/10.1-pre5 - (html tag) Buffer Overflow (PoC) Amaya Web Browser 10.0.1/10.1-pre5 - HTML Tag Buffer Overflow (PoC) Amaya Web Editor - XML and HTML parser Vulnerabilities Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities Elecard AVC HD PLAYER - '.m3u' / '.xpl' Local Stack Overflow (PoC) RealVNC 4.1.2 - (vncviewer.exe) RFB Protocol Remote Code Execution (PoC) Elecard AVC HD player - '.m3u' / '.xpl' Local Stack Overflow (PoC) RealVNC 4.1.2 - 'vncviewer.exe' RFB Protocol Remote Code Execution (PoC) Apple Mac OSX xnu 1228.3.13 - (zip-notify) Remote Kernel Overflow (PoC) Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC) Apple Mac OSX xnu 1228.3.13 - (profil) Kernel Memory Leak/Denial of Service (PoC) Apple Mac OSX xnu 1228.x - (vfssysctl) Local Kernel Denial of Service (PoC) Apple Mac OSX xnu 1228.3.13 - 'Profil' Kernel Memory Leak/Denial of Service (PoC) Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC) AIMP 2.51 build 330 - (ID3v1/ID3v2 Tag) Remote Stack Buffer Overflow PoC (SEH) AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow PoC (SEH) eEye Retina WiFi Security Scanner 1.0 - (.rws Parsing) Buffer Overflow (PoC) AwingSoft Web3D Player - (WindsPly.ocx) Remote Buffer Overflow (PoC) eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC) AwingSoft Web3D Player - 'WindsPly.ocx' Remote Buffer Overflow (PoC) Apple Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) Apple Safari 4.0.2 - WebKit Parsing of Floating Point Numbers Buffer Overflow (PoC) Cerberus FTP 3.0.1 - (ALLO) Remote Overflow Denial of Service (Metasploit) Cerberus FTP 3.0.1 - 'ALLO' Remote Overflow Denial of Service (Metasploit) Nginx 0.7.0 < 0.7.61 / 0.6.0 < 0.6.38 / 0.5.0 < 0.5.37 / 0.4.0 < 0.4.14 - (PoC) Nginx 0.7.0 < 0.7.61 / 0.6.0 < 0.6.38 / 0.5.0 < 0.5.37 / 0.4.0 < 0.4.14 - Denial of Service (PoC) Spider Solitaire - Denial of Service (PoC) Ofilter Player - (skin.ini) Local Crash (PoC) Ofilter Player - 'skin.ini' Local Crash (PoC) NPlayer - (.dat Skin) Local Heap Overflow (PoC) NPlayer - '.dat Skin' Local Heap Overflow (PoC) MediaMonkey Player - Local Denial of Service MediaMonkey 3.2.0 - Local Denial of Service Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Denial of Service (Crash) RPM Select/Elite 5.0 - (.xml config parsing) Unicode Buffer Overflow (PoC) RPM Select/Elite 5.0 - '.xml config parsing' Unicode Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - (EDImage.ocx) Remote Denial of Service (IE) EDraw Flowchart ActiveX Control 2.3 - 'EDImage.ocx' Remote Denial of Service (IE) Apple Safari 4.0.5 - (531.22.7) Denial of Service Apple Safari 4.0.5 (531.22.7) - Denial of Service Savy Soda Documents - (Mobile Office Suite) '.XLS' Denial of Service Savy Soda Documents - Mobile Office Suite '.XLS' Denial of Service Corel WordPerfect Office X5 15.0.0.357 - (wpd) Buffer Overflow (PoC) Corel Presentations X5 15.0.0.357 - (shw) Buffer Preoccupation (PoC) Corel WordPerfect Office X5 15.0.0.357 - 'wpd' Buffer Overflow (PoC) Corel Presentations X5 15.0.0.357 - 'shw' Buffer Preoccupation (PoC) Barcodewiz BarCode ActiveX 3.29 - (PoC) Barcodewiz BarCode ActiveX 3.29 - Denial of Service (PoC) LeadTools 11.5.0.9 - (ltisi11n.ocx) DriverName() Access Violation Denial of Service LeadTools 11.5.0.9 - (ltlst11n.ocx) Insert() Access Violation Denial of Service LeadTools 11.5.0.9 - 'ltisi11n.ocx' DriverName() Access Violation Denial of Service LeadTools 11.5.0.9 - 'ltlst11n.ocx' Insert() Access Violation Denial of Service LeadTools 11.5.0.9 - (ltdlg11n.ocx) Bitmap Access Violation Denial of Service LeadTools 11.5.0.9 - 'ltdlg11n.ocx' Bitmap Access Violation Denial of Service MediaMonkey 3.2.4.1304 - 'mp3' Buffer Overflow (PoC) MediaMonkey 3.2.4.1304 - '.mp3' Buffer Overflow (PoC) Flash Player - (Flash6.ocx) AllowScriptAccess Denial of Service (PoC) Flash Player - 'Flash6.ocx' AllowScriptAccess Denial of Service (PoC) Microsoft IIS 7.5 (Windows 7) - FTPSVC UNAUTH'D Remote Denial of Service (PoC) Microsoft IIS 7.5 (Windows 7) - FTPSVC Unauthorized Remote Denial of Service (PoC) Avira AntiVir QUA file - (avcenter.exe) Local Crash (PoC) Avira AntiVir - '.QUA' File 'avcenter.exe' Local Crash (PoC) SlimPDF Reader - (PoC) SlimPDF Reader - Denial of Service (PoC) VideoLAN VLC Media Player 1.1.11 - (libav) 'libavcodec_plugin.dll' Denial of Service VideoLAN VLC Media Player 1.1.11 - libav 'libavcodec_plugin.dll' Denial of Service PHP Hash Table Collision - (PoC) PHP Hash Table Collision - Denial of Service (PoC) EdrawSoft Office Viewer Component ActiveX 5.6 - (officeviewermme.ocx) Buffer Overflow (PoC) EdrawSoft Office Viewer Component ActiveX 5.6 - 'officeviewermme.ocx' Buffer Overflow (PoC) PowerNet Twin Client 8.9 - (RFSync 1.0.0.1) Crash (PoC) PowerNet Twin Client 8.9 - 'RFSync 1.0.0.1' Crash (PoC) Spytech NetVizor 6.1 - (services.exe) Denial of Service Spytech NetVizor 6.1 - 'services.exe' Denial of Service Microsoft Windows Help program - (WinHlp32.exe) Crash (PoC) Microsoft Windows Help program - 'WinHlp32.exe' Crash (PoC) Easy DVD Player 3.5.1 - (libav) 'libavcodec_plugin.dll' Denial of Service Easy DVD Player 3.5.1 - libav 'libavcodec_plugin.dll' Denial of Service TeraCopy 2.3 - (default.mo) Language File Integer Overflow TeraCopy 2.3 - 'default.mo' Language File Integer Overflow Samba < 3.6.2 (x86) - (PoC) Samba < 3.6.2 (x86) - Denial of Serviec (PoC) Acoustica Pianissimo 1.0 Build 12 - (Registration ID) Buffer Overflow (PoC) Acoustica Pianissimo 1.0 Build 12 - 'Registration ID' Buffer Overflow (PoC) WHMCS 5.12 - 'cart.php' Denial of Service WHMCompleteSolution (WHMCS) 5.12 - 'cart.php' Denial of Service BSD chpass - (pw_error(3)) Privilege Escalation BSD chpass - 'pw_error(3)' Privilege Escalation Solaris 2.6/7/8/9 (sparc) - (ld.so.1) Privilege Escalation Solaris 2.6/7/8/9 (sparc) - 'ld.so.1' Privilege Escalation Tru64 UNIX 5.0 - (Rev. 910) rdist NLSPATH Buffer Overflow Tru64 UNIX 5.0 - (Rev. 910) edauth NLSPATH Buffer Overflow Tru64 UNIX 5.0 (Rev. 910) - rdist NLSPATH Buffer Overflow Tru64 UNIX 5.0 (Rev. 910) - edauth NLSPATH Buffer Overflow Kerio WebSTAR 5.4.2 (OSX) - (libucache.dylib) Privilege Escalation Kerio WebSTAR 5.4.2 (OSX) - 'libucache.dylib' Privilege Escalation Apache 1.3.33/1.3.34 (Ubuntu / Debian) - (CGI TTY) Privilege Escalation Apache 1.3.33/1.3.34 (Ubuntu / Debian) - CGI TTY Privilege Escalation East Wind Software - (advdaudio.ocx 1.5.1.1) Local Buffer Overflow East Wind Software - 'advdaudio.ocx 1.5.1.1' Local Buffer Overflow Total Video Player 1.31 - (DefaultSkin.ini) Local Stack Overflow Total Video Player 1.31 - 'DefaultSkin.ini' Local Stack Overflow Mp3-Nator 2.0 - (ListData.dat) Universal Buffer Overflow (SEH) Mp3-Nator 2.0 - 'ListData.dat' Universal Buffer Overflow (SEH) Adobe 9.x Related Service - (getPlus_HelperSvc.exe) Privilege Escalation Adobe 9.x Related Service - 'getPlus_HelperSvc.exe' Privilege Escalation Easy Music Player 1.0.0.2 - (wav) Universal Local Buffer Exploit (SEH) (1) Easy Music Player 1.0.0.2 - (wav) Universal Local Buffer Exploit (SEH) (2) Easy Music Player 1.0.0.2 - (wav) Universal Local Buffer Exploit (SEH) (3) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (1) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (2) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (3) Hamster Audio Player 0.3a - (Associations.cfg) Local Buffer Exploit (SEH) (1) Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer Exploit (SEH) (1) Hamster Audio Player 0.3a - (Associations.cfg) Local Buffer Exploit (SEH) (2) Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer Exploit (SEH) (2) Spider Solitaire - (PoC) EDraw Flowchart ActiveX Control 2.3 - (.edd parsing) Remote Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC) Gesytec ElonFmt ActiveX 1.1.14 - (ElonFmt.ocx) pid Item Buffer Overflow (SEH) Gesytec ElonFmt ActiveX 1.1.14 - 'ElonFmt.ocx' pid Item Buffer Overflow (SEH) SopCast 3.4.7 - (Diagnose.exe) Improper Permissions SopCast 3.4.7 - 'Diagnose.exe' Improper Permissions ACE Stream Media 2.1 - (acestream://) Format String (PoC) ACE Stream Media 2.1 - 'acestream://' Format String (PoC) Total Video Player 1.3.1 - (Settings.ini) Buffer Overflow (SEH) (Metasploit) Total Video Player 1.3.1 - 'Settings.ini' Buffer Overflow (SEH) (Metasploit) RedStar 2.0 Desktop - (World-writeable rc.sysinit) Privilege Escalation RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation RedStar 2.0 Desktop - 'World-writeable rc.sysinit' Privilege Escalation RedStar 3.0 Desktop - 'Software Manager swmng.app' Privilege Escalation MASM321 11 Quick Editor - (.qeditor) 4.0g- .qse SEH Based Buffer Overflow (ASLR & SAFESEH Bypass) MASM321 11 Quick Editor - '.qeditor' 4.0g - .qse SEH Based Buffer Overflow (ASLR & SAFESEH Bypass) ACROS Security 0patch 2016.05.19.539 - (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution Solaris 2.6/7/8 - (TTYPROMPT in.telnet) Remote Authentication Bypass Solaris 2.6/7/8 - 'TTYPROMPT in.telnet' Remote Authentication Bypass BIND 8.2.x - (TSIG) Stack Overflow (1) BIND 8.2.x - (TSIG) Stack Overflow (2) BIND 8.2.x - (TSIG) Stack Overflow (3) BIND 8.2.x - (TSIG) Stack Overflow (4) BIND 8.2.x - 'TSIG' Stack Overflow (1) BIND 8.2.x - 'TSIG' Stack Overflow (2) BIND 8.2.x - 'TSIG' Stack Overflow (3) BIND 8.2.x - 'TSIG' Stack Overflow (4) Microsoft IIS 5.0 - (500-100.asp) Server Name Spoof Exploit Microsoft IIS 5.0 - '500-100.asp' Server Name Spoof Exploit phpBB 2.0.13 - (admin_styles.php) Remote Command Execution e107 <= 0.6172 - (resetcore.php) SQL Injection phpBB 2.0.13 - 'admin_styles.php' Remote Command Execution e107 <= 0.6172 - 'resetcore.php' SQL Injection Apple Mac OSX Safari Browser - (Safe File) Remote Code Execution (Metasploit) Apple Mac OSX Safari Browser - 'Safe File' Remote Code Execution (Metasploit) Darwin Streaming Server 4.1.2 - (parse_xml.cgi) Code Execution Darwin Streaming Server 4.1.2 - 'parse_xml.cgi' Code Execution Cyrus IMAPD 2.3.2 - (pop3d) Remote Buffer Overflow (1) Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (1) CesarFTP 0.99g - (MKD) Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) Cyrus IMAPD 2.3.2 - (pop3d) Remote Buffer Overflow (2) Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (2) AIM Triton 1.0.4 - (SipXtapi) Remote Buffer Overflow (PoC) AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow (PoC) Microsoft Internet Explorer - (MDAC) Remote Code Execution (MS06-014) (Metasploit) (2) Cyrus IMAPD 2.3.2 - (pop3d) Remote Buffer Overflow (3) Microsoft Internet Explorer - 'MDAC' Remote Code Execution (MS06-014) (Metasploit) (2) Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (3) IBM Director < 5.10 - (Redirect.bat) Directory Traversal IBM Director < 5.10 - 'Redirect.bat' Directory Traversal Microsoft Internet Explorer - (VML) Remote Buffer Overflow (SP2) (Perl) Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2) (Perl) Omni-NFS Server 5.2 - (nfsd.exe) Remote Stack Overflow (Metasploit) Omni-NFS Server 5.2 - 'nfsd.exe' Remote Stack Overflow (Metasploit) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - (Long Filename) Remote Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - 'Long Filename' Remote Buffer Overflow CA BrightStor ARCserve - (msgeng.exe) Remote Heap Overflow (1) CA BrightStor ARCserve - (msgeng.exe) Remote Heap Overflow (2) CA BrightStor ARCserve - 'msgeng.exe' Remote Heap Overflow (1) CA BrightStor ARCserve - 'msgeng.exe' Remote Heap Overflow (2) Mozilla Firefox 2.0.0.1 - (location.hostname) Cross-Domain Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain 3Com TFTP Service (3CTftpSvc) 2.0.1 - (Long Transporting Mode) Exploit (Perl) 3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode Exploit (Perl) CA BrightStor Backup 11.5.2.0 - (Mediasvr.exe) Remote Code Exploit CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Remote Code Exploit Aircrack-NG 0.7 - (Specially Crafted 802.11 Packets) Remote Buffer Overflow Aircrack-NG 0.7 - 'Specially Crafted 802.11 Packets' Remote Buffer Overflow eCentrex VOIP Client module - (uacomx.ocx 2.0.1) Remote Buffer Overflow eCentrex VOIP Client module - 'uacomx.ocx 2.0.1' Remote Buffer Overflow Microsoft Visual Studio 6.0 - (PDWizard.ocx) Remote Command Execution Microsoft Visual Studio 6.0 - 'PDWizard.ocx' Remote Command Execution MySpace Uploader - (MySpaceUploader.ocx 1.0.0.4) Buffer Overflow MySpace Uploader - 'MySpaceUploader.ocx 1.0.0.4' Buffer Overflow Philips VOIP841 'Firmware 1.0.4.800' - Multiple Vulnerabilities Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities Linksys WRT54G (Firmware 1.00.9) - Security Bypass Vulnerabilities (1) Linksys WRT54G Firmware 1.00.9 - Security Bypass Vulnerabilities (1) Black Ice Software Annotation Plugin - (BiAnno.ocx) Buffer Overflow (2) Black Ice Software Annotation Plugin - 'BiAnno.ocx' Buffer Overflow (2) Linksys WRT54G (Firmware 1.00.9) - Security Bypass Vulnerabilities (2) Linksys WRT54G Firmware 1.00.9 - Security Bypass Vulnerabilities (2) Microsoft Access - (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote Exploit Amaya Web Browser 11 - (bdo tag) Remote Stack Overflow (Windows XP) Amaya Web Browser 11 - (bdo tag) Remote Stack Overflow (Windows Vista) Amaya Web Browser 11 (Windows XP) - bdo tag Remote Stack Overflow Amaya Web Browser 11 (Windows Vista) - bdo tag Remote Stack Overflow Steamcast - (HTTP Request) Remote Buffer Overflow (SEH) (1) Steamcast - (HTTP Request) Remote Buffer Overflow (SEH) (2) Steamcast - HTTP Request Remote Buffer Overflow (SEH) (1) Steamcast - HTTP Request Remote Buffer Overflow (SEH) (2) 32bit FTP (09.04.24) - (CWD Response) Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - (CWD Response) Universal Overwrite (SEH) 32bit FTP - (PASV) Reply Client Remote Overflow (Metasploit) 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) Apple iTunes 8.1.1 - (ITMS) Multiple Protocol Handler Buffer Overflow (Metasploit) Apple iTunes 8.1.1 - 'ITMS' Multiple Protocol Handler Buffer Overflow (Metasploit) Apple iTunes 8.1.1.10 (Windows) - (itms/itcp) Remote Buffer Overflow Apple iTunes 8.1.1.10 (Windows) - 'itms/itcp' Remote Buffer Overflow THOMSON TG585n 7.4.3.2 - (user.ini) Arbitrary Download THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Download Adobe Flash and Reader - (PoC) Adobe Flash and Reader - Live Malware (PoC) Microsoft Internet Explorer - (VML) Fill Method Code Execution (MS06-055) (Metasploit) Microsoft Internet Explorer - 'VML' Fill Method Code Execution (MS06-055) (Metasploit) WinZip FileView - (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow (Metasploit) WinZip FileView - 'WZFILEVIEW.FileViewCtrl.61' ActiveX Buffer Overflow (Metasploit) CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Command Buffer Overflow (Metasploit) UltraVNC 1.0.2 Client - (vncviewer.exe) Buffer Overflow (Metasploit) UltraVNC 1.0.2 Client - 'vncviewer.exe' Buffer Overflow (Metasploit) Audio File Library 0.2.6 - (libaudiofile) 'msadpcm.c' WAV File Processing Buffer Overflow Audio File Library 0.2.6 - libaudiofile 'msadpcm.c' .WAV File Processing Buffer Overflow Linksys WRT54GC 1.5.7 - (Firmware) 'administration.cgi' Access Validation Linksys WRT54GC 1.5.7 Firmware - 'administration.cgi' Access Validation Cisco WebEx - 'nativeMessaging' Arbitrary Remote Command Execution Mozilla Firefox < 50.0.2 - nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution (Metasploit) Aztek Forum 4.0 - (myadmin.php) Database Dumper Exploit Aztek Forum 4.0 - 'myadmin.php' Database Dumper Exploit E-Cart 1.1 - (index.cgi) Remote Command Execution E-Cart 1.1 - 'index.cgi' Remote Command Execution UBBCentral UBB.Threads < 6.5.2 Beta - (mailthread.php) SQL Injection ASPNuke 0.80 - (article.asp) SQL Injection ASPNuke 0.80 - (comment_post.asp) SQL Injection UBBCentral UBB.Threads < 6.5.2 Beta - 'mailthread.php' SQL Injection ASPNuke 0.80 - 'article.asp' SQL Injection ASPNuke 0.80 - 'comment_post.asp' SQL Injection w-Agora 4.2.0 - (quicklist.php) Remote Code Execution w-Agora 4.2.0 - 'quicklist.php' Remote Code Execution Cyphor 0.19 - (show.php id) SQL Injection Cyphor 0.19 - 'show.php id' SQL Injection eFiction 2.0 - (Fake .gif) Arbitrary File Upload eFiction 2.0 - 'Fake .gif' Arbitrary File Upload CuteNews 1.4.1 - (categories.mdu) Remote Command Execution CuteNews 1.4.1 - 'categories.mdu' Remote Command Execution FlatCMS 1.01 - (file_editor.php) Remote Command Execution FlatCMS 1.01 - 'file_editor.php' Remote Command Execution FCKEditor 2.0 <= 2.2 - (FileManager connector.php) Arbitrary File Upload FCKEditor 2.0 <= 2.2 - 'FileManager connector.php' Arbitrary File Upload FlySpray 0.9.7 - (install-0.9.7.php) Remote Commands Execution Exploit FlySpray 0.9.7 - 'install-0.9.7.php' Remote Commands Execution Exploit GeekLog 1.x - (error.log) Remote Commands Execution Exploit (gpc = Off) GeekLog 1.x - 'error.log' (gpc = Off) Remote Commands Execution Exploit phpWebSite 0.10.0-full - (topics.php) SQL Injection phpWebSite 0.10.0-full - 'topics.php' SQL Injection iGENUS WebMail 2.0.2 - (config_inc.php) Remote Code Execution iGENUS WebMail 2.0.2 - 'config_inc.php' Remote Code Execution TotalECommerce 1.0 - (index.asp id) SQL Injection TotalECommerce 1.0 - 'index.asp id' SQL Injection CilemNews System 1.1 - (yazdir.asp haber_id) SQL Injection CilemNews System 1.1 - 'yazdir.asp haber_id' SQL Injection ShoutLIVE 1.1.0 - (savesettings.php) Remote Code Execution ShoutLIVE 1.1.0 - 'savesettings.php' Remote Code Execution FreeWPS 2.11 - (images.php) Remote Code Execution FreeWPS 2.11 - 'images.php' Remote Code Execution phpBookingCalendar 1.0c - (details_view.php) SQL Injection phpBookingCalendar 1.0c - 'details_view.php' SQL Injection Aztek Forum 4.00 - (myadmin.php) User Privilege Escalation Aztek Forum 4.00 - 'myadmin.php' User Privilege Escalation Claroline 1.7.4 - (scormExport.inc.php) Remote Code Execution Claroline 1.7.4 - 'scormExport.inc.php' Remote Code Execution Sire 2.0 - (lire.php) Remote File Inclusion / Arbitrary File Upload Sire 2.0 - 'lire.php' Remote File Inclusion / Arbitrary File Upload Sphider 1.3 - (configset.php) Arbitrary Remote File Inclusion Sphider 1.3 - 'configset.php' Arbitrary Remote File Inclusion Censtore 7.3.x - (censtore.cgi) Remote Command Execution quizz 1.01 - (quizz.pl) Remote Command Execution Censtore 7.3.x - 'censtore.cgi' Remote Command Execution quizz 1.01 - 'quizz.pl' Remote Command Execution SysInfo 1.21 - (sysinfo.cgi) Remote Command Execution SysInfo 1.21 - 'sysinfo.cgi' Remote Command Execution FlexBB 0.5.5 - (/inc/start.php _COOKIE) SQL Bypass Exploit FlexBB 0.5.5 - '/inc/start.php _COOKIE' SQL Bypass Exploit ASPSitem 1.83 - (Haberler.asp) SQL Injection ASPSitem 1.83 - 'Haberler.asp' SQL Injection FlexBB 0.5.5 - (function/showprofile.php) SQL Injection BK Forum 4.0 - (member.asp) SQL Injection FlexBB 0.5.5 - 'function/showprofile.php' SQL Injection BK Forum 4.0 - 'member.asp' SQL Injection Fast Click 1.1.3 / 2.3.8 - (show.php) Remote File Inclusion Fast Click 1.1.3 / 2.3.8 - 'show.php' Remote File Inclusion HiveMail 1.3 - (addressbook.add.php) Remote Code Execution VP-ASP 6.00 - (shopcurrency.asp) SQL Injection HiveMail 1.3 - 'addressbook.add.php' Remote Code Execution VP-ASP 6.00 - 'shopcurrency.asp' SQL Injection Dokeos Lms 1.6.4 - (authldap.php) Remote File Inclusion Claroline E-Learning 1.75 - (ldap.inc.php) Remote File Inclusion Dokeos Lms 1.6.4 - 'authldap.php' Remote File Inclusion Claroline E-Learning 1.75 - 'ldap.inc.php' Remote File Inclusion Squirrelcart 2.2.0 - (cart_content.php) Remote File Inclusion Squirrelcart 2.2.0 - 'cart_content.php' Remote File Inclusion Woltlab Burning Board 2.3.5 - (links.php) SQL Injection Woltlab Burning Board 2.3.5 - 'links.php' SQL Injection open-medium.CMS 0.25 - (404.php) Remote File Inclusion Back-End CMS 0.7.2.2 - (BE_config.php) Remote File Inclusion open-medium.CMS 0.25 - '404.php' Remote File Inclusion Back-End CMS 0.7.2.2 - 'BE_config.php' Remote File Inclusion DoceboLms 2.0.5 - (help.php) Remote File Inclusion DoceboLms 2.0.5 - 'help.php' Remote File Inclusion PrideForum 1.0 - (forum.asp) SQL Injection PrideForum 1.0 - 'forum.asp' SQL Injection Bytehoard 2.1 - (server.php) Remote File Inclusion Bytehoard 2.1 - 'server.php' Remote File Inclusion Igloo 0.1.9 - (Wiki.php) Remote File Inclusion Igloo 0.1.9 - 'Wiki.php' Remote File Inclusion Informium 0.12.0 - (common-menu.php) Remote File Inclusion Informium 0.12.0 - 'common-menu.php' Remote File Inclusion DotClear 1.2.4 - (prepend.php) Arbitrary Remote File Inclusion DotClear 1.2.4 - 'prepend.php' Arbitrary Remote File Inclusion Wikiwig 4.1 - (wk_lang.php) Remote File Inclusion myNewsletter 1.1.2 - (adminLogin.asp) Login Bypass Wikiwig 4.1 - 'wk_lang.php' Remote File Inclusion myNewsletter 1.1.2 - 'adminLogin.asp' Login Bypass Xtreme/Ditto News 1.0 - (post.php) Remote File Inclusion Back-End CMS 0.7.2.1 - (jpcache.php) Remote File Inclusion Xtreme/Ditto News 1.0 - 'post.php' Remote File Inclusion Back-End CMS 0.7.2.1 - 'jpcache.php' Remote File Inclusion aWebNews 1.5 - (visview.php) Remote File Inclusion aWebNews 1.5 - 'visview.php' Remote File Inclusion PHP Blue Dragon CMS 2.9.1 - (template.php) File Inclusion PHP Blue Dragon CMS 2.9.1 - 'template.php' File Inclusion DreamAccount 3.1 - (auth.api.php) Remote File Inclusion DreamAccount 3.1 - 'auth.api.php' Remote File Inclusion RsGallery2 <= 1.11.2 - (rsgallery.html.php) File Inclusion RsGallery2 <= 1.11.2 - 'rsgallery.html.php' File Inclusion Plume CMS 1.1.3 - (dbinstall.php) Remote File Inclusion Randshop 1.1.1 - (header.inc.php) Remote File Inclusion Plume CMS 1.1.3 - 'dbinstall.php' Remote File Inclusion Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion SQuery 4.5 - (gore.php) Remote File Inclusion SQuery 4.5 - 'gore.php' Remote File Inclusion FlushCMS 1.0.0-pre2 - (class.rich.php) Remote File Inclusion FlushCMS 1.0.0-pre2 - 'class.rich.php' Remote File Inclusion Etomite CMS 0.6.1 - (rfiles.php) Remote Command Execution Etomite CMS 0.6.1 - 'rfiles.php' Remote Command Execution TSEP 0.942 - (copyright.php) Remote File Inclusion TSEP 0.942 - 'copyright.php' Remote File Inclusion WoW Roster 1.70 - (/lib/phpBB.php) Remote File Inclusion WoW Roster 1.70 - '/lib/phpBB.php' Remote File Inclusion TSEP 0.942 - (colorswitch.php) Remote File Inclusion TSEP 0.942 - 'colorswitch.php' Remote File Inclusion SQLiteWebAdmin 0.1 - (tpl.inc.php) Remote File Inclusion SQLiteWebAdmin 0.1 - 'tpl.inc.php' Remote File Inclusion PHPCodeCabinet 0.5 - (Core.php) Remote File Inclusion PHPCodeCabinet 0.5 - 'Core.php' Remote File Inclusion See-Commerce 1.0.625 - (owimg.php3) Remote File Inclusion See-Commerce 1.0.625 - 'owimg.php3' Remote File Inclusion PHPMyRing 4.2.0 - (view_com.php) SQL Injection PHPMyRing 4.2.0 - 'view_com.php' SQL Injection VWar 1.50 R14 - (online.php) SQL Injection VWar 1.50 R14 - 'online.php' SQL Injection Wheatblog 1.1 - (session.php) Remote File Inclusion Wheatblog 1.1 - 'session.php' Remote File Inclusion PHPay 2.02 - (nu_mail.inc.php) Remote mail() Injection PHPay 2.02 - 'nu_mail.inc.php' Remote mail() Injection WEBInsta CMS 0.3.1 - (users.php) Remote File Inclusion WEBInsta CMS 0.3.1 - 'users.php' Remote File Inclusion WTcom 0.2.4-alpha - (torrents.php) SQL Injection WTcom 0.2.4-alpha - 'torrents.php' SQL Injection PHlyMail Lite 3.4.4 - (mod.listmail.php) Remote File Inclusion PHlyMail Lite 3.4.4 - 'mod.listmail.php' Remote File Inclusion LBlog 1.05 - (comments.asp) SQL Injection LBlog 1.05 - 'comments.asp' SQL Injection PHlyMail Lite 3.4.4 - (folderprops.php) Remote File Inclusion (2) Empire CMS 3.7 - (checklevel.php) Remote File Inclusion PHlyMail Lite 3.4.4 - 'folderprops.php' Remote File Inclusion (2) Empire CMS 3.7 - 'checklevel.php' Remote File Inclusion VistaBB 2.x - (functions_mod_user.php) Remote File Inclusion VistaBB 2.x - 'functions_mod_user.php' Remote File Inclusion PHPCOIN 1.2.3 - (session_set.php) Remote File Inclusion PHPCOIN 1.2.3 - 'session_set.php' Remote File Inclusion FlashChat 4.5.7 - (aedating4CMS.php) Remote File Inclusion FlashChat 4.5.7 - 'aedating4CMS.php' Remote File Inclusion Beautifier 0.1 - (Core.php) Remote File Inclusion Beautifier 0.1 - 'Core.php' Remote File Inclusion Q-Shop 3.5 - (browse.asp) SQL Injection Q-Shop 3.5 - 'browse.asp' SQL Injection Charon Cart 3.0 - (Review.asp) SQL Injection CMtextS 1.0 - (users_logins/admin.txt) Credentials Disclosure Charon Cart 3.0 - 'Review.asp' SQL Injection CMtextS 1.0 - 'users_logins/admin.txt' Credentials Disclosure PHPartenaire 1.0 - (dix.php3) Remote File Inclusion PHPartenaire 1.0 - 'dix.php3' Remote File Inclusion ProgSys 0.156 - (RR.php) Remote File Inclusion ProgSys 0.156 - 'RR.php' Remote File Inclusion xweblog 2.1 - (kategori.asp) SQL Injection xweblog 2.1 - 'kategori.asp' SQL Injection Web-News 1.6.3 - (template.php) Remote File Inclusion Web-News 1.6.3 - 'template.php' Remote File Inclusion Advaced-Clan-Script 3.4 - (mcf.php) Remote File Inclusion Advaced-Clan-Script 3.4 - 'mcf.php' Remote File Inclusion SyntaxCMS 1.3 - (0004_init_urls.php) Remote File Inclusion Polaring 0.04.03 - (general.php) Remote File Inclusion SyntaxCMS 1.3 - '0004_init_urls.php' Remote File Inclusion Polaring 0.04.03 - 'general.php' Remote File Inclusion BrudaNews 1.1 - (admin/index.php) Remote File Inclusion BrudaGB 1.1 - (admin/index.php) Remote File Inclusion faceStones personal 2.0.42 - (fs_form_links.php) File Inclusion BrudaNews 1.1 - 'admin/index.php' Remote File Inclusion BrudaGB 1.1 - 'admin/index.php' Remote File Inclusion faceStones personal 2.0.42 - 'fs_form_links.php' File Inclusion Kietu? <= 4.0.0b2 - (hit.php) Remote File Inclusion Newswriter SW 1.42 - (editfunc.inc.php) File Inclusion Kietu? <= 4.0.0b2 - 'hit.php' Remote File Inclusion Newswriter SW 1.42 - 'editfunc.inc.php' File Inclusion Newswriter SW 1.4.2 - (main.inc.php) Remote File Inclusion PPA Gallery 1.0 - (functions.inc.php) Remote File Inclusion Newswriter SW 1.4.2 - 'main.inc.php' Remote File Inclusion PPA Gallery 1.0 - 'functions.inc.php' Remote File Inclusion phpMyWebmin 1.0 - (window.php) Remote File Inclusion PHPSecurePages 0.28b - (secure.php) Remote File Inclusion phpMyWebmin 1.0 - 'window.php' Remote File Inclusion PHPSecurePages 0.28b - 'secure.php' Remote File Inclusion PHP Krazy Image Hosting 0.7a - (display.php) SQL Injection UBB.Threads 6.5.1.1 - (doeditconfig.php) Code Execution PHP Krazy Image Hosting 0.7a - 'display.php' SQL Injection UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution VAMP Webmail 2.0beta1 - (yesno.phtml) Remote File Inclusion VAMP Webmail 2.0beta1 - 'yesno.phtml' Remote File Inclusion BBaCE 3.5 - (includes/functions.php) Remote File Inclusion BBaCE 3.5 - 'includes/functions.php' Remote File Inclusion Klinza Professional CMS 5.0.1 - (show_hlp.php) File Inclusion Klinza Professional CMS 5.0.1 - 'show_hlp.php' File Inclusion PHPGreetz 0.99 - (footer.php) Remote File Inclusion PHPGreetz 0.99 - 'footer.php' Remote File Inclusion phpBB Security Suite Mod 1.0.0 - (logger_engine.php) Remote File Inclusion phpBB Security Suite Mod 1.0.0 - 'logger_engine.php' Remote File Inclusion Cahier de texte 2.0 - (lire.php) SQL Injection Cahier de texte 2.0 - 'lire.php' SQL Injection PHPPC 1.03 RC1 - (/lib/functions.inc.php) Remote File Inclusion docmint 2.0 - (engine/require.php) Remote File Inclusion PHPPC 1.03 RC1 - '/lib/functions.inc.php' Remote File Inclusion docmint 2.0 - 'engine/require.php' Remote File Inclusion phpMyAgenda 3.1 - (templates/header.php3) Local File Inclusion TribunaLibre 3.12 Beta - (ftag.php) Remote File Inclusion phpMyAgenda 3.1 - 'templates/header.php3' Local File Inclusion TribunaLibre 3.12 Beta - 'ftag.php' Remote File Inclusion compteur 2.0 - (param_editor.php) Remote File Inclusion compteur 2.0 - 'param_editor.php' Remote File Inclusion Foafgen 0.3 - (redir.php) Local Source Disclosure Foafgen 0.3 - 'redir.php' Local Source Disclosure Exhibit Engine 1.5 RC 4 - (photo_comment.php) File Inclusion Claroline 1.8.0 rc1 - (import.lib.php) Remote File Inclusion PHPLibrary 1.5.3 - (grid3.lib.php) Remote File Inclusion Jinzora 2.1 - (media.php) Remote File Inclusion ae2 - (standart.inc.php) Remote File Inclusion n@board 3.1.9e - (naboard_pnr.php) Remote File Inclusion CommunityPortals 1.0 - (import-archive.php) File Inclusion PHP News Reader 2.6.4 - (phpBB.inc.php) Remote File Inclusion Exhibit Engine 1.5 RC 4 - 'photo_comment.php' File Inclusion Claroline 1.8.0 rc1 - 'import.lib.php' Remote File Inclusion PHPLibrary 1.5.3 - 'grid3.lib.php' Remote File Inclusion Jinzora 2.1 - 'media.php' Remote File Inclusion ae2 - 'standart.inc.php' Remote File Inclusion n@board 3.1.9e - 'naboard_pnr.php' Remote File Inclusion CommunityPortals 1.0 - 'import-archive.php' File Inclusion PHP News Reader 2.6.4 - 'phpBB.inc.php' Remote File Inclusion Minichat 6.0 - (ftag.php) Remote File Inclusion Minichat 6.0 - 'ftag.php' Remote File Inclusion PHPMyConferences 8.0.2 - (menu.inc.php) File Inclusion PHPMyConferences 8.0.2 - 'menu.inc.php' File Inclusion maluinfo 206.2.38 - (bb_usage_stats.php) Remote File Inclusion phpBB PlusXL 2.0_272 - (constants.php) Remote File Inclusion Genepi 1.6 - (genepi.php) Remote File Inclusion Cdsagenda 4.2.9 - (SendAlertEmail.php) File Inclusion maluinfo 206.2.38 - 'bb_usage_stats.php' Remote File Inclusion phpBB PlusXL 2.0_272 - 'constants.php' Remote File Inclusion Genepi 1.6 - 'genepi.php' Remote File Inclusion Cdsagenda 4.2.9 - 'SendAlertEmail.php' File Inclusion phpBB lat2cyr Mod 1.0.1 - (lat2cyr.php) Remote File Inclusion phpBB lat2cyr Mod 1.0.1 - 'lat2cyr.php' Remote File Inclusion phpBB Security 1.0.1 - (PHP_security.php) Remote File Inclusion YaBBSM 3.0.0 - (Offline.php) Remote File Inclusion phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion YaBBSM 3.0.0 - 'Offline.php' Remote File Inclusion IncCMS Core 1.0.0 - (settings.php) Remote File Inclusion Jinzora 2.6 - (extras/mt.php) Remote File Inclusion CyberBrau 0.9.4 - (forum/track.php) Remote File Inclusion IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion Jinzora 2.6 - 'extras/mt.php' Remote File Inclusion CyberBrau 0.9.4 - 'forum/track.php' Remote File Inclusion NuralStorm Webmail 0.98b - (process.php) Remote File Inclusion NuralStorm Webmail 0.98b - 'process.php' Remote File Inclusion Def-Blog 1.0.3 - (comadd.php) SQL Injection Def-Blog 1.0.3 - 'comadd.php' SQL Injection PHPMyManga 0.8.1 - (template.php) Multiple File Inclusion PHPMyManga 0.8.1 - 'template.php' Multiple File Inclusion WSN Forum 1.3.4 - (prestart.php) Remote Code Execution WSN Forum 1.3.4 - 'prestart.php' Remote Code Execution PHPPowerCards 2.10 - (txt.inc.php) Remote Code Execution PHP AMX 0.90 - (plugins/main.php) Remote File Inclusion PHPPowerCards 2.10 - 'txt.inc.php' Remote Code Execution PHP AMX 0.90 - 'plugins/main.php' Remote File Inclusion YapBB 1.2 Beta2 - (yapbb_session.php) Remote File Inclusion LoCal Calendar 1.1 - (lcUser.php) Remote File Inclusion EPNadmin 0.7 - (constantes.inc.php) Remote File Inclusion PH Pexplorer 0.24 - (explorer_load_lang.php) Local File Inclusion YapBB 1.2 Beta2 - 'yapbb_session.php' Remote File Inclusion LoCal Calendar 1.1 - 'lcUser.php' Remote File Inclusion EPNadmin 0.7 - 'constantes.inc.php' Remote File Inclusion PH Pexplorer 0.24 - 'explorer_load_lang.php' Local File Inclusion Lou Portail 1.4.1 - (admin_module.php) Remote File Inclusion WGCC 0.5.6b - (quiz.php) SQL Injection Lou Portail 1.4.1 - 'admin_module.php' Remote File Inclusion WGCC 0.5.6b - 'quiz.php' SQL Injection CASTOR 1.1.1 - (lib/rs.php) Remote File Inclusion CASTOR 1.1.1 - 'lib/rs.php' Remote File Inclusion Net_DNS 0.3 - (DNS/RR.php) Remote File Inclusion Net_DNS 0.3 - 'DNS/RR.php' Remote File Inclusion SourceForge 1.0.4 - (database.php) Remote File Inclusion SourceForge 1.0.4 - 'database.php' Remote File Inclusion Jaws 0.5.2 - (include/JawsDB.php) Remote File Inclusion JumbaCMS 0.0.1 - (includes/functions.php) Remote File Inclusion InteliEditor 1.2.x - (lib.editor.inc.php) Remote File Inclusion Ascended Guestbook 1.0.0 - (embedded.php) File Inclusion Jaws 0.5.2 - 'include/JawsDB.php' Remote File Inclusion JumbaCMS 0.0.1 - 'includes/functions.php' Remote File Inclusion InteliEditor 1.2.x - 'lib.editor.inc.php' Remote File Inclusion Ascended Guestbook 1.0.0 - 'embedded.php' File Inclusion UeberProject 1.0 - (login/secure.php) Remote File Inclusion UeberProject 1.0 - 'login/secure.php' Remote File Inclusion TextPattern 1.19 - (publish.php) Remote File Inclusion TextPattern 1.19 - 'publish.php' Remote File Inclusion ask_rave 0.9 PR - (end.php footfile) Remote File Inclusion ask_rave 0.9 PR - 'end.php footfile' Remote File Inclusion PHP League 0.82 - (classement.php) SQL Injection PHP League 0.82 - 'classement.php' SQL Injection PHPMyDesk 1.0 Beta - (viewticket.php) Local File Inclusion PHPMyDesk 1.0 Beta - 'viewticket.php' Local File Inclusion mp3SDS 3.0 - (Core/core.inc.php) Remote File Inclusion mp3SDS 3.0 - 'Core/core.inc.php' Remote File Inclusion MiraksGalerie 2.62 - (pcltar.lib.php) Remote File Inclusion Free Image Hosting 1.0 - (forgot_pass.php) File Inclusion Free File Hosting 1.1 - (forgot_pass.php) File Inclusion MiraksGalerie 2.62 - 'pcltar.lib.php' Remote File Inclusion Free Image Hosting 1.0 - 'forgot_pass.php' File Inclusion Free File Hosting 1.1 - 'forgot_pass.php' File Inclusion MySource CMS 2.16.2 - (init_mysource.php) Remote File Inclusion MySource CMS 2.16.2 - 'init_mysource.php' Remote File Inclusion Faq Administrator 2.1 - (faq_reply.php) Remote File Inclusion PHPMyRing 4.2.1 - (cherche.php) SQL Injection Faq Administrator 2.1 - 'faq_reply.php' Remote File Inclusion PHPMyRing 4.2.1 - 'cherche.php' SQL Injection PwsPHP 1.1 - (themes/fin.php) Remote File Inclusion T.G.S. CMS 0.1.7 - (logout.php) SQL Injection PwsPHP 1.1 - 'themes/fin.php' Remote File Inclusion T.G.S. CMS 0.1.7 - 'logout.php' SQL Injection Innovate Portal 2.0 - (acp.php) Remote Code Execution Innovate Portal 2.0 - 'acp.php' Remote Code Execution Lithium CMS 4.04c - (classes/index.php) Local File Inclusion Article System 0.6 - (volume.php) Remote File Inclusion Lithium CMS 4.04c - 'classes/index.php' Local File Inclusion Article System 0.6 - 'volume.php' Remote File Inclusion Ultimate PHP Board 2.0 - (header_simple.php) File Inclusion Ultimate PHP Board 2.0 - 'header_simple.php' File Inclusion iWare Pro 5.0.4 - (chat_panel.php) Remote Code Execution PHPAdventure 1.1 - (ad_main.php) Remote File Inclusion iWare Pro 5.0.4 - 'chat_panel.php' Remote Code Execution PHPAdventure 1.1 - 'ad_main.php' Remote File Inclusion IrayoBlog 0.2.4 - (inc/irayofuncs.php) Remote File Inclusion IrayoBlog 0.2.4 - 'inc/irayofuncs.php' Remote File Inclusion AspPired2Poll 1.0 - (MoreInfo.asp) SQL Injection MyAlbum 3.02 - (language.inc.php) Remote File Inclusion PHPManta 1.0.2 - (view-sourcecode.php) Local File Inclusion EncapsCMS 0.3.6 - (core/core.php) Remote File Inclusion AspPired2Poll 1.0 - 'MoreInfo.asp' SQL Injection MyAlbum 3.02 - 'language.inc.php' Remote File Inclusion PHPManta 1.0.2 - 'view-sourcecode.php' Local File Inclusion EncapsCMS 0.3.6 - 'core/core.php' Remote File Inclusion NuCommunity 1.0 - (cl_CatListing.asp) SQL Injection NuRems 1.0 - (propertysdetails.asp) SQL Injection NuStore 1.0 - (Products.asp) SQL Injection NuSchool 1.0 - (CampusNewsDetails.asp) SQL Injection NuCommunity 1.0 - 'cl_CatListing.asp' SQL Injection NuRems 1.0 - 'propertysdetails.asp' SQL Injection NuStore 1.0 - 'Products.asp' SQL Injection NuSchool 1.0 - 'CampusNewsDetails.asp' SQL Injection Munch Pro 1.0 - (switch.asp) SQL Injection Munch Pro 1.0 - 'switch.asp' SQL Injection UStore 1.0 - (detail.asp) SQL Injection USupport 1.0 - (detail.asp) SQL Injection UPublisher 1.0 - (viewarticle.asp) SQL Injection UStore 1.0 - 'detail.asp' SQL Injection USupport 1.0 - 'detail.asp' SQL Injection UPublisher 1.0 - 'viewarticle.asp' SQL Injection Quick.Cart 2.0 - (actions_client/gallery.php) Local File Inclusion Online Event Registration 2.0 - (save_profile.asp) Pass Change Exploit Quick.Cart 2.0 - 'actions_client/gallery.php' Local File Inclusion Online Event Registration 2.0 - 'save_profile.asp' Pass Change Exploit Property Pro 1.0 - (vir_Login.asp) Remote Login Bypass Property Pro 1.0 - 'vir_Login.asp' Remote Login Bypass PHPPeanuts 1.3 Beta - (Inspect.php) Remote File Inclusion PHPPeanuts 1.3 Beta - 'Inspect.php' Remote File Inclusion NetVIOS 2.0 - (page.asp) SQL Injection NetVIOS 2.0 - 'page.asp' SQL Injection Etomite CMS 0.6.1.2 - (manager/index.php) Local File Inclusion Etomite CMS 0.6.1.2 - 'manager/index.php' Local File Inclusion miniCWB 1.0.0 - (contact.php) Local File Inclusion miniCWB 1.0.0 - 'contact.php' Local File Inclusion Powies MatchMaker 4.05 - (matchdetail.php) SQL Injection mxBB Module calsnails 1.06 - (mx_common.php) File Inclusion Powies MatchMaker 4.05 - 'matchdetail.php' SQL Injection mxBB Module calsnails 1.06 - 'mx_common.php' File Inclusion Dicshunary 0.1a - (check_status.php) Remote File Inclusion Dicshunary 0.1a - 'check_status.php' Remote File Inclusion PHPWebThings 1.5.2 - (editor.php) Remote File Inclusion PHPWebThings 1.5.2 - 'editor.php' Remote File Inclusion ASPNuke 0.80 - (register.asp) SQL Injection ASPNuke 0.80 - 'register.asp' SQL Injection Photo Cart 3.9 - (adminprint.php) Remote File Inclusion e-Ark 1.0 - (src/ark_inc.php) Remote File Inclusion Photo Cart 3.9 - 'adminprint.php' Remote File Inclusion e-Ark 1.0 - 'src/ark_inc.php' Remote File Inclusion fipsGallery 1.5 - (index1.asp) SQL Injection fipsForum 2.6 - (default2.asp) SQL Injection fipsGallery 1.5 - 'index1.asp' SQL Injection fipsForum 2.6 - 'default2.asp' SQL Injection JiRos FAQ Manager 1.0 - (index.asp) SQL Injection HSRS 1.0 - (addcode.php) Remote File Inclusion OWLLib 1.0 - (OWLMemoryProperty.php) Remote File Inclusion JiRos FAQ Manager 1.0 - 'index.asp' SQL Injection HSRS 1.0 - 'addcode.php' Remote File Inclusion OWLLib 1.0 - 'OWLMemoryProperty.php' Remote File Inclusion Basic Forum 1.1 - (edit.asp) SQL Injection Basic Forum 1.1 - 'edit.asp' SQL Injection Exhibit Engine 1.22 - (styles.php) Remote File Inclusion Exhibit Engine 1.22 - 'styles.php' Remote File Inclusion SimpleBlog 2.3 - (admin/edit.asp) SQL Injection SimpleBlog 2.3 - 'admin/edit.asp' SQL Injection P-News 2.0 - (user.txt) Remote Password Disclosure P-News 2.0 - 'user.txt' Remote Password Disclosure b2evolution 1.8.5 < 1.9b - (import-mt.php) Remote File Inclusion b2evolution 1.8.5 < 1.9b - 'import-mt.php' Remote File Inclusion LDU 8.x - (polls.php) SQL Injection LDU 8.x - 'polls.php' SQL Injection ContentServ 4.x - (admin/FileServer.php) File Disclosure ContentServ 4.x - 'admin/FileServer.php' File Disclosure PHP Upload Center 2.0 - (activate.php) File Inclusion PHP Upload Center 2.0 - 'activate.php' File Inclusion QuickCart 2.0 - (categories.php) Local File Inclusion QuickCart 2.0 - 'categories.php' Local File Inclusion ThinkEdit 1.9.2 - (render.php) Remote File Inclusion ThinkEdit 1.9.2 - 'render.php' Remote File Inclusion TorrentFlux 2.2 - (downloaddetails.php) Local File Disclosure TorrentFlux 2.2 - (maketorrent.php) Remote Command Execution TorrentFlux 2.2 - 'downloaddetails.php' Local File Disclosure TorrentFlux 2.2 - 'maketorrent.php' Remote Command Execution HR Assist 1.05 - (vdateUsr.asp) Remote Login Bypass PHPAlbum 0.4.1 Beta 6 - (language.php) Local File Inclusion HR Assist 1.05 - 'vdateUsr.asp' Remote Login Bypass PHPAlbum 0.4.1 Beta 6 - 'language.php' Local File Inclusion Barman 0.0.1r3 - (Interface.php) Remote File Inclusion Barman 0.0.1r3 - 'Interface.php' Remote File Inclusion Blog:CMS 4.1.3 - (NP_UserSharing.php) Remote File Inclusion Blog:CMS 4.1.3 - 'NP_UserSharing.php' Remote File Inclusion PHPMyCMS 0.3 - (basic.inc.php) Remote File Inclusion yaplap 0.6.1b - (ldap.php) Remote File Inclusion PHPMyCMS 0.3 - 'basic.inc.php' Remote File Inclusion yaplap 0.6.1b - 'ldap.php' Remote File Inclusion Azucar CMS 1.3 - (admin/index_sitios.php) File Inclusion Azucar CMS 1.3 - 'admin/index_sitios.php' File Inclusion RateMe 1.3.2 - (main.inc.php) Remote File Inclusion RateMe 1.3.2 - 'main.inc.php' Remote File Inclusion Paristemi 0.8.3b - (buycd.php) Remote File Inclusion Paristemi 0.8.3b - 'buycd.php' Remote File Inclusion cwmVote 1.0 - (archive.php) Remote File Inclusion cwmCounter 5.1.1 - (statistic.php) Remote File Inclusion cwmVote 1.0 - 'archive.php' Remote File Inclusion cwmCounter 5.1.1 - 'statistic.php' Remote File Inclusion TextSend 1.5 - (config/sender.php) Remote File Inclusion TextSend 1.5 - 'config/sender.php' Remote File Inclusion PHP/Mysql Site Builder 0.0.2 - (htm2PHP.php) File Disclosure Newxooper-PHP 0.9.1 - (mapage.php) Remote File Inclusion PHP/Mysql Site Builder 0.0.2 - 'htm2PHP.php' File Disclosure Newxooper-PHP 0.9.1 - 'mapage.php' Remote File Inclusion inertianews 0.02b - (inertianews_main.php) Remote File Inclusion inertianews 0.02b - 'inertianews_main.php' Remote File Inclusion EternalMart Guestbook 1.10 - (admin/auth.php) Remote File Inclusion EternalMart Guestbook 1.10 - 'admin/auth.php' Remote File Inclusion b2 Blog 0.5 - (b2verifauth.php) Remote File Inclusion b2 Blog 0.5 - 'b2verifauth.php' Remote File Inclusion Enthrallweb ePhotos 1.0 - (subLevel2.asp) SQL Injection Enthrallweb ePhotos 1.0 - 'subLevel2.asp' SQL Injection Enthrallweb eCars 1.0 - (types.asp) SQL Injection Enthrallweb emates 1.0 - (newsdetail.asp) SQL Injection Enthrallweb eCars 1.0 - 'types.asp' SQL Injection Enthrallweb emates 1.0 - 'newsdetail.asp' SQL Injection Enthrallweb eCoupons 1.0 - (myprofile.asp) Remote Pass Change Exploit Enthrallweb eCoupons 1.0 - 'myprofile.asp' Remote Pass Change Exploit File Upload Manager 1.0.6 - (detail.asp) SQL Injection File Upload Manager 1.0.6 - 'detail.asp' SQL Injection Ultimate PHP Board 2.0b1 - (chat/login.php) Code Execution Pagetool CMS 1.07 - (pt_upload.php) Remote File Inclusion Ultimate PHP Board 2.0b1 - 'chat/login.php' Code Execution Pagetool CMS 1.07 - 'pt_upload.php' Remote File Inclusion HLStats 1.34 - (hlstats.php) SQL Injection HLStats 1.34 - 'hlstats.php' SQL Injection eNdonesia 8.4 - (mod.php/friend.php/admin.php) Multiple Vulnerabilities MTCMS 2.0 - (admin/admin_settings.php) Remote File Inclusion eNdonesia 8.4 - 'mod.php/friend.php/admin.php' Multiple Vulnerabilities MTCMS 2.0 - 'admin/admin_settings.php' Remote File Inclusion Okul Merkezi Portal 1.0 - (ataturk.php) Remote File Inclusion Okul Merkezi Portal 1.0 - 'ataturk.php' Remote File Inclusion PHP-Update 2.7 - (admin/uploads.php) Remote Code Execution Yrch 1.0 - (plug.inc.php path Variable) Remote File Inclusion Bubla 1.0.0rc2 - (bu/process.php) Remote File Inclusion PHP-Update 2.7 - 'admin/uploads.php' Remote Code Execution Yrch 1.0 - 'plug.inc.php path Variable' Remote File Inclusion Bubla 1.0.0rc2 - 'bu/process.php' Remote File Inclusion aFAQ 1.0 - (faqDsp.asp catcode) SQL Injection aFAQ 1.0 - 'faqDsp.asp catcode' SQL Injection x-news 1.1 - (users.txt) Remote Password Disclosure Voodoo chat 1.0RC1b - (users.dat) Password Disclosure x-news 1.1 - 'users.txt' Remote Password Disclosure Voodoo chat 1.0RC1b - 'users.dat' Password Disclosure SoftArtisans SAFileUp 5.0.14 - (viewsrc.asp) Script Source Disclosure FreeStyle Wiki 3.6.2 - (user.dat) Password Disclosure SoftArtisans SAFileUp 5.0.14 - 'viewsrc.asp' Script Source Disclosure FreeStyle Wiki 3.6.2 - 'user.dat' Password Disclosure P-News 1.16 / 1.17 - (user.dat) Remote Password Disclosure P-News 1.16 / 1.17 - 'user.dat' Remote Password Disclosure RBlog 1.0 - (admin.mdb) Remote Password Disclosure RBlog 1.0 - 'admin.mdb' Remote Password Disclosure AutoDealer 2.0 - (detail.asp iPro) SQL Injection WWWBoard 2.0 - (passwd.txt) Remote Password Disclosure AutoDealer 2.0 - 'detail.asp iPro' SQL Injection WWWBoard 2.0 - 'passwd.txt' Remote Password Disclosure TaskTracker 1.5 - (Customize.asp) Remote Add Administrator Exploit TaskTracker 1.5 - 'Customize.asp' Remote Add Administrator Exploit VerliAdmin 0.3 - (language.php) Local File Inclusion VerliAdmin 0.3 - 'language.php' Local File Inclusion Aratix 0.2.2b11 - (inc/init.inc.php) Remote File Inclusion Aratix 0.2.2b11 - 'inc/init.inc.php' Remote File Inclusion iG Calendar 1.0 - (user.php id Variable) SQL Injection iG Calendar 1.0 - 'user.php id Variable' SQL Injection LunarPoll 1.0 - (show.php PollDir) Remote File Inclusion TLM CMS 1.1 - (i-accueil.php chemin) Remote File Inclusion Mint Haber Sistemi 2.7 - (duyuru.asp id) SQL Injection LunarPoll 1.0 - 'show.php PollDir' Remote File Inclusion TLM CMS 1.1 - 'i-accueil.php chemin' Remote File Inclusion Mint Haber Sistemi 2.7 - 'duyuru.asp id' SQL Injection KGB 1.9 - (sesskglogadmin.php) Local File Inclusion KGB 1.9 - 'sesskglogadmin.php' Local File Inclusion MGB 0.5.4.5 - (email.php id Variable) SQL Injection MGB 0.5.4.5 - 'email.php id Variable' SQL Injection PHPMyphorum 1.5a - (mep/frame.php) Remote File Inclusion PHPMyphorum 1.5a - 'mep/frame.php' Remote File Inclusion Oreon 1.2.3 RC4 - (lang/index.php) Remote File Inclusion ComVironment 4.0 - (grab_globals.lib.php) Remote File Inclusion Oreon 1.2.3 RC4 - 'lang/index.php' Remote File Inclusion ComVironment 4.0 - 'grab_globals.lib.php' Remote File Inclusion PHPSherpa - (include/config.inc.php) Remote File Inclusion Bradabra 2.0.5 - (include/includes.php) Remote File Inclusion Neon Labs Website 3.2 - (nl.php g_strRootDir) Remote File Inclusion PHPSherpa - 'include/config.inc.php' Remote File Inclusion Bradabra 2.0.5 - 'include/includes.php' Remote File Inclusion Neon Labs Website 3.2 - 'nl.php g_strRootDir' Remote File Inclusion MySpeach 2.1b - (up.php) Remote File Inclusion WebChat 0.77 - (defines.php WEBCHATPATH) Remote File Inclusion Mafia Scum Tools 2.0.0 - (index.php gen) Remote File Inclusion MySpeach 2.1b - 'up.php' Remote File Inclusion WebChat 0.77 - 'defines.php WEBCHATPATH' Remote File Inclusion Mafia Scum Tools 2.0.0 - 'index.php gen' Remote File Inclusion Upload Service 1.0 - (top.php maindir) Remote File Inclusion Upload Service 1.0 - 'top.php maindir' Remote File Inclusion Vote-Pro 4.0 - (poll_frame.php poll_id) Remote Code Execution BBClone 0.31 - (selectlang.php) Remote File Inclusion Vote-Pro 4.0 - 'poll_frame.php poll_id' Remote Code Execution BBClone 0.31 - 'selectlang.php' Remote File Inclusion RPW 1.0.2 - (config.php sql_language) Remote File Inclusion ASP EDGE 1.2b - (user.asp) SQL Injection ASP NEWS 3.0 - (news_detail.asp) SQL Injection RPW 1.0.2 - 'config.php sql_language' Remote File Inclusion ASP EDGE 1.2b - 'user.asp' SQL Injection ASP NEWS 3.0 - 'news_detail.asp' SQL Injection GPS CMS 1.2 - (print.asp) SQL Injection GPS CMS 1.2 - 'print.asp' SQL Injection Virtual Path 1.0 - (vp/configure.php) Remote File Inclusion MyPHPcommander 2.0 - (package.php) Remote File Inclusion AINS 0.02b - (ains_main.php ains_path) Remote File Inclusion Virtual Path 1.0 - 'vp/configure.php' Remote File Inclusion MyPHPcommander 2.0 - 'package.php' Remote File Inclusion AINS 0.02b - 'ains_main.php ains_path' Remote File Inclusion nsGalPHP - (includes/config.inc.php racineTBS) Remote File Inclusion nsGalPHP - 'includes/config.inc.php racineTBS' Remote File Inclusion PHPMyReports 3.0.11 - (lib_head.php) Remote File Inclusion PHPMyReports 3.0.11 - 'lib_head.php' Remote File Inclusion xNews 1.3 - (xNews.php) SQL Injection xNews 1.3 - 'xNews.php' SQL Injection Webfwlog 0.92 - (debug.php) Remote File Disclosure Galeria Zdjec 3.0 - (zd_numer.php) Local File Inclusion Webfwlog 0.92 - 'debug.php' Remote File Disclosure Galeria Zdjec 3.0 - 'zd_numer.php' Local File Inclusion MyNews 4.2.2 - (themefunc.php) Remote File Inclusion MyNews 4.2.2 - 'themefunc.php' Remote File Inclusion SIPS 0.3.1 - (box.inc.php) Remote File Inclusion SIPS 0.3.1 - 'box.inc.php' Remote File Inclusion Epistemon 1.0 - (common.php inc_path) Remote File Inclusion WebBuilder 2.0 - (StageLoader.php) Remote File Inclusion Epistemon 1.0 - 'common.php inc_path' Remote File Inclusion WebBuilder 2.0 - 'StageLoader.php' Remote File Inclusion Flipper Poll 1.1.0 - (poll.php root_path) Remote File Inclusion Flipper Poll 1.1.0 - 'poll.php root_path' Remote File Inclusion Photo Galerie Standard 1.1 - (view.php) SQL Injection Woltlab Burning Board Lite 1.0.2pl3e - (pms.php) SQL Injection KDPics 1.11 - (exif.php lib_path) Remote File Inclusion Flip 2.01 final - (previewtheme.php inc_path) Remote File Inclusion Photo Galerie Standard 1.1 - 'view.php' SQL Injection Woltlab Burning Board Lite 1.0.2pl3e - 'pms.php' SQL Injection KDPics 1.11 - 'exif.php lib_path' Remote File Inclusion Flip 2.01 final - 'previewtheme.php inc_path' Remote File Inclusion SMA-DB 0.3.9 - (settings.php) Remote File Inclusion SMA-DB 0.3.9 - 'settings.php' Remote File Inclusion LightRO CMS 1.0 - (inhalt.php) Remote File Inclusion LightRO CMS 1.0 - 'inhalt.php' Remote File Inclusion AgerMenu 0.01 - (top.inc.php rootdir) Remote File Inclusion WebMatic 2.6 - (index_album.php) Remote File Inclusion AgerMenu 0.01 - 'top.inc.php rootdir' Remote File Inclusion WebMatic 2.6 - 'index_album.php' Remote File Inclusion LightRO CMS 1.0 - (index.php projectid) SQL Injection LightRO CMS 1.0 - 'index.php projectid' SQL Injection LushiWarPlaner 1.0 - (register.php) SQL Injection LushiWarPlaner 1.0 - 'register.php' SQL Injection philboard 1.14 - (philboard_forum.asp) SQL Injection philboard 1.14 - 'philboard_forum.asp' SQL Injection Xaran CMS 2.0 - (xarancms_haupt.php) SQL Injection PHPCC 4.2 Beta - (nickpage.php npid) SQL Injection Xaran CMS 2.0 - 'xarancms_haupt.php' SQL Injection PHPCC 4.2 Beta - 'nickpage.php npid' SQL Injection PollMentor 2.0 - (pollmentorres.asp id) SQL Injection PollMentor 2.0 - 'pollmentorres.asp id' SQL Injection nabopoll 1.2 - (survey.inc.php path) Remote File Inclusion nabopoll 1.2 - 'survey.inc.php path' Remote File Inclusion Snitz Forums 2000 3.1 SR4 - (pop_profile.asp) SQL Injection Snitz Forums 2000 3.1 SR4 - 'pop_profile.asp' SQL Injection Xpression News 1.0.1 - (archives.php) Remote File Disclosure Xpression News 1.0.1 - 'archives.php' Remote File Disclosure Ultimate Fun Book 1.02 - (function.php) Remote File Inclusion NukeSentinel 2.5.05 - (nsbypass.php) Blind SQL Injection NukeSentinel 2.5.05 - (nukesentinel.php) File Disclosure Ultimate Fun Book 1.02 - 'function.php' Remote File Inclusion NukeSentinel 2.5.05 - 'nsbypass.php' Blind SQL Injection NukeSentinel 2.5.05 - 'nukesentinel.php' File Disclosure Nabopoll 1.2 - (result.php surv) Blind SQL Injection Nabopoll 1.2 - 'result.php surv' Blind SQL Injection FlashGameScript 1.5.4 - (index.php func) Remote File Inclusion FlashGameScript 1.5.4 - 'index.php func' Remote File Inclusion FCRing 1.31 - (fcring.php s_fuss) Remote File Inclusion Sinapis 2.2 Gastebuch - (sinagb.php fuss) Remote File Inclusion Sinapis Forum 2.2 - (sinapis.php fuss) Remote File Inclusion FCRing 1.31 - 'fcring.php s_fuss' Remote File Inclusion Sinapis 2.2 Gastebuch - 'sinagb.php fuss' Remote File Inclusion Sinapis Forum 2.2 - 'sinapis.php fuss' Remote File Inclusion CS-Gallery 2.0 - (index.php album) Remote File Inclusion CS-Gallery 2.0 - 'index.php album' Remote File Inclusion PHP-MIP 0.1 - (top.php laypath) Remote File Inclusion STWC-Counter 3.4.0 - (downloadcounter.php) Remote File Inclusion Admin Phorum 3.3.1a - (del.php include_path) Remote File Inclusion vBulletin 3.6.4 - (inlinemod.php postids) SQL Injection Angel Lms 7.1 - (default.asp id) SQL Injection PHP-MIP 0.1 - 'top.php laypath' Remote File Inclusion STWC-Counter 3.4.0 - 'downloadcounter.php' Remote File Inclusion Admin Phorum 3.3.1a - 'del.php include_path' Remote File Inclusion vBulletin 3.6.4 - 'inlinemod.php postids' SQL Injection Angel Lms 7.1 - 'default.asp id' SQL Injection News-Letterman 1.1 - (eintrag.php sqllog) Remote File Inclusion News-Letterman 1.1 - 'eintrag.php sqllog' Remote File Inclusion AJ Dating 1.0 - (view_profile.php) SQL Injection AJ Dating 1.0 - 'view_profile.php' SQL Injection AJ Forum 1.0 - (topic_title.php) SQL Injection AJ Forum 1.0 - 'topic_title.php' SQL Injection Flat Chat 2.0 - (include online.txt) Remote Code Execution netForo! 0.1 - (down.php file_to_download) Remote File Disclosure Flat Chat 2.0 - 'include online.txt' Remote Code Execution netForo! 0.1 - 'down.php file_to_download' Remote File Disclosure Magic CMS 4.2.747 - (mysave.php) Remote File Inclusion Magic CMS 4.2.747 - 'mysave.php' Remote File Inclusion HC Newssystem 1.0-1.4 - (index.php ID) SQL Injection HC Newssystem 1.0-1.4 - 'index.php ID' SQL Injection Top Auction 1.0 - (viewcat.php) SQL Injection Top Auction 1.0 - 'viewcat.php' SQL Injection X-ice News System 1.0 - (devami.asp id) SQL Injection JGBBS 3.0beta1 - (search.asp author) SQL Injection X-ice News System 1.0 - 'devami.asp id' SQL Injection JGBBS 3.0beta1 - 'search.asp author' SQL Injection Woltlab Burning Board 2.x - (usergroups.php) SQL Injection Woltlab Burning Board 2.x - 'usergroups.php' SQL Injection Absolute Image Gallery 2.0 - (gallery.asp categoryId) SQL Injection Absolute Image Gallery 2.0 - 'gallery.asp categoryId' SQL Injection Creative Files 1.2 - (kommentare.php) SQL Injection Particle Blogger 1.2.0 - (post.php postid) SQL Injection Creative Files 1.2 - 'kommentare.php' SQL Injection Particle Blogger 1.2.0 - 'post.php postid' SQL Injection PHP-Stats 0.1.9.1b - (PHP-stats-options.php) Admin 2 exec() eExploit MPM Chat 2.5 - (view.php logi) Local File Inclusion PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 exec() eExploit MPM Chat 2.5 - 'view.php logi' Local File Inclusion ScriptMagix Jokes 2.0 - (index.php catid) SQL Injection ScriptMagix Recipes 2.0 - (index.php catid) SQL Injection ScriptMagix Jokes 2.0 - 'index.php catid' SQL Injection ScriptMagix Recipes 2.0 - 'index.php catid' SQL Injection ScriptMagix Lyrics 2.0 - (index.php recid) SQL Injection ScriptMagix Lyrics 2.0 - 'index.php recid' SQL Injection PHP-Nuke Module htmltonuke 2.0alpha - (htmltonuke.php) Remote File Inclusion PHPRaid < 3.0.7 - (rss.php PHPraid_dir) Remote File Inclusion Monster Top List 1.4.2 - (functions.php root_path) Remote File Inclusion PHP-Nuke Module htmltonuke 2.0alpha - 'htmltonuke.php' Remote File Inclusion PHPRaid < 3.0.7 - 'rss.php PHPraid_dir' Remote File Inclusion Monster Top List 1.4.2 - 'functions.php root_path' Remote File Inclusion Digital Eye CMS 0.1.1b - (module.php) Remote File Inclusion Digital Eye CMS 0.1.1b - 'module.php' Remote File Inclusion ActiveBuyandSell 6.2 - (buyersend.asp catid) SQL Injection Active Auction Pro 7.1 - (default.asp catid) SQL Injection ActiveBuyandSell 6.2 - 'buyersend.asp catid' SQL Injection Active Auction Pro 7.1 - 'default.asp catid' SQL Injection Net-Side.net CMS - (index.php cms) Remote File Inclusion Net-Side.net CMS - 'index.php cms' Remote File Inclusion XOOPS module Articles 1.02 - (print.php id) SQL Injection XOOPS module Articles 1.02 - 'print.php id' SQL Injection XOOPS module Articles 1.03 - (index.php cat_id) SQL Injection XOOPS module Articles 1.03 - 'index.php cat_id' SQL Injection XOOPS Module Friendfinder 3.3 - (view.php id) SQL Injection MangoBery CMS 0.5.5 - (quotes.php) Remote File Inclusion XOOPS Module Friendfinder 3.3 - 'view.php id' SQL Injection MangoBery CMS 0.5.5 - 'quotes.php' Remote File Inclusion sBLOG 0.7.3 Beta - (inc/lang.php) Local File Inclusion sBLOG 0.7.3 Beta - 'inc/lang.php' Local File Inclusion Picture-Engine 1.2.0 - (wall.php cat) SQL Injection Picture-Engine 1.2.0 - 'wall.php cat' SQL Injection JSBoard 2.0.10 - (login.php table) Local File Inclusion JSBoard 2.0.10 - 'login.php table' Local File Inclusion XOOPS Module eCal 2.24 - (display.php) SQL Injection BT-sondage 1.12 - (gestion_sondage.php) Remote File Inclusion XOOPS Module eCal 2.24 - 'display.php' SQL Injection BT-sondage 1.12 - 'gestion_sondage.php' Remote File Inclusion XOOPS Module debaser 0.92 - (genre.php) Blind SQL Injection XOOPS Module debaser 0.92 - 'genre.php' Blind SQL Injection XOOPS Module Zmagazine 1.0 - (print.php) SQL Injection XOOPS Module Zmagazine 1.0 - 'print.php' SQL Injection XOOPS Module Rha7 Downloads 1.0 - (visit.php) SQL Injection XOOPS Module Rha7 Downloads 1.0 - 'visit.php' SQL Injection WebSPELL 4.01.02 - (picture.php) File Disclosure Beryo 2.0 - (downloadpic.php chemin) Remote File Disclosure cattaDoc 2.21 - (download2.php fn1) Remote File Disclosure WebSPELL 4.01.02 - 'picture.php' File Disclosure Beryo 2.0 - 'downloadpic.php chemin' Remote File Disclosure cattaDoc 2.21 - 'download2.php fn1' Remote File Disclosure Scorp Book 1.0 - (smilies.php config) Remote File Inclusion Scorp Book 1.0 - 'smilies.php config' Remote File Inclusion WitShare 0.9 - (index.php menu) Local File Inclusion WitShare 0.9 - 'index.php menu' Local File Inclusion Pathos CMS 0.92-2 - (warn.php) Remote File Inclusion Pathos CMS 0.92-2 - 'warn.php' Remote File Inclusion PHPGalleryScript 1.0 - (init.gallery.php include_class) Remote File Inclusion PHPGalleryScript 1.0 - 'init.gallery.php include_class' Remote File Inclusion Expow 0.8 - (autoindex.php cfg_file) Remote File Inclusion Request It 1.0b - (index.php id) Remote File Inclusion Chatness 2.5.3 - (options.php/save.php) Remote Code Execution Expow 0.8 - 'autoindex.php cfg_file' Remote File Inclusion Request It 1.0b - 'index.php id' Remote File Inclusion Chatness 2.5.3 - 'options.php/save.php' Remote Code Execution Pixaria Gallery 1.x - (class.Smarty.php) Remote File Inclusion Pixaria Gallery 1.x - 'class.Smarty.php' Remote File Inclusion CNStats 2.9 - (who_r.php bj) Remote File Inclusion NMDeluxe 1.0.1 - (footer.php template) Local File Inclusion CNStats 2.9 - 'who_r.php bj' Remote File Inclusion NMDeluxe 1.0.1 - 'footer.php template' Local File Inclusion openMairie 1.10 - (scr/soustab.php) Local File Inclusion openMairie 1.10 - 'scr/soustab.php' Local File Inclusion Anthologia 0.5.2 - (index.php ads_file) Remote File Inclusion Anthologia 0.5.2 - 'index.php ads_file' Remote File Inclusion Joomla! Component JoomlaPack 1.0.4a2 RE - (CAltInstaller.php) Remote File Inclusion Joomla! Component JoomlaPack 1.0.4a2 RE - 'CAltInstaller.php' Remote File Inclusion ShoutPro 1.5.2 - (shout.php) Remote Code Injection ShoutPro 1.5.2 - 'shout.php' Remote Code Injection AimStats 3.2 - (process.php update) Remote Code Execution AimStats 3.2 - 'process.php update' Remote Code Execution CreaDirectory 1.2 - (error.asp id) SQL Injection CreaDirectory 1.2 - 'error.asp id' SQL Injection JChit counter 1.0.0 - (imgsrv.php ac) Remote File Disclosure JChit counter 1.0.0 - 'imgsrv.php ac' Remote File Disclosure Joomla! 1.5.0 Beta - (pcltar.php) Remote File Inclusion Pagode 0.5.8 - (navigator_ok.php asolute) Remote File Disclosure Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion Pagode 0.5.8 - 'navigator_ok.php asolute' Remote File Disclosure wavewoo 0.1.1 - (loading.php path_include) Remote File Inclusion JulmaCMS 1.4 - (file.php) Remote File Disclosure Ext 1.0 - (feed-proxy.php feed) Remote File Disclosure PHPBandManager 0.8 - (index.php pg) Remote File Inclusion PHPOracleView - (include_all.inc.php page_dir) Remote File Inclusion wavewoo 0.1.1 - 'loading.php path_include' Remote File Inclusion JulmaCMS 1.4 - 'file.php' Remote File Disclosure Ext 1.0 - 'feed-proxy.php feed' Remote File Disclosure PHPBandManager 0.8 - 'index.php pg' Remote File Inclusion PHPOracleView - 'include_all.inc.php page_dir' Remote File Inclusion EsForum 3.0 - (forum.php idsalon) SQL Injection EsForum 3.0 - 'forum.php idsalon' SQL Injection Imageview 5.3 - (fileview.php album) Local File Inclusion The Merchant 2.2.0 - (index.php show) Remote File Inclusion psipuss 1.0 - (editusers.php) Remote Change Admin Password Imageview 5.3 - 'fileview.php album' Local File Inclusion The Merchant 2.2.0 - 'index.php show' Remote File Inclusion psipuss 1.0 - 'editusers.php' Remote Change Admin Password Sendcard 3.4.1 - (sendcard.php form) Local File Inclusion Sendcard 3.4.1 - 'sendcard.php form' Local File Inclusion PStruh-CZ 1.3/1.5 - (download.asp) File Disclosure PStruh-CZ 1.3/1.5 - 'download.asp' File Disclosure Open Translation Engine (OTE) 0.7.8 - (header.php ote_home) Remote File Inclusion Open Translation Engine (OTE) 0.7.8 - 'header.php ote_home' Remote File Inclusion Censura 1.15.04 - (censura.php vendorid) SQL Injection E-GADS! 2.2.6 - (common.php locale) Remote File Inclusion Versado CMS 1.07 - (ajax_listado.php urlModulo) Remote File Inclusion workbench 0.11 - (header.php path) Remote File Inclusion Censura 1.15.04 - 'censura.php vendorid' SQL Injection E-GADS! 2.2.6 - 'common.php locale' Remote File Inclusion Versado CMS 1.07 - 'ajax_listado.php urlModulo' Remote File Inclusion workbench 0.11 - 'header.php path' Remote File Inclusion PHPtree 1.3 - (cms2.php s_dir) Remote File Inclusion NoAh 0.9 pre 1.2 - (mfa_theme.php) Remote File Inclusion PHPtree 1.3 - 'cms2.php s_dir' Remote File Inclusion NoAh 0.9 pre 1.2 - 'mfa_theme.php' Remote File Inclusion ACGVAnnu 1.3 - (acgv.php rubrik) Local File Inclusion ACGVAnnu 1.3 - 'acgv.php rubrik' Local File Inclusion LaVague 0.3 - (printbar.php views_path) Remote File Inclusion LaVague 0.3 - 'printbar.php views_path' Remote File Inclusion Miplex2 - (SmartyFU.class.php) Remote File Inclusion Miplex2 - 'SmartyFU.class.php' Remote File Inclusion SimpleNews 1.0.0 FINAL - (print.php news_id) SQL Injection TutorialCMS 1.00 - (search.php search) SQL Injection SimpleNews 1.0.0 FINAL - 'print.php news_id' SQL Injection TutorialCMS 1.00 - 'search.php search' SQL Injection maGAZIn 2.0 - (PHPThumb.php src) Remote File Disclosure R2K Gallery 1.7 - (galeria.php lang2) Local File Inclusion maGAZIn 2.0 - 'PHPThumb.php src' Remote File Disclosure R2K Gallery 1.7 - 'galeria.php lang2' Local File Inclusion PHP FirstPost 0.1 - (block.php Include) Remote File Inclusion iG Shop 1.4 - (page.php) SQL Injection PHP FirstPost 0.1 - 'block.php Include' Remote File Inclusion iG Shop 1.4 - 'page.php' SQL Injection Beacon 0.2.0 - (splash.lang.php) Remote File Inclusion Beacon 0.2.0 - 'splash.lang.php' Remote File Inclusion BlogMe 3.0 - (archshow.asp var) SQL Injection BlogMe 3.0 - 'archshow.asp var' SQL Injection NagiosQL 2005 2.00 - (prepend_adm.php) Remote File Inclusion Feindt Computerservice News 2.0 - (newsadmin.php action) Remote File Inclusion NagiosQL 2005 2.00 - 'prepend_adm.php' Remote File Inclusion Feindt Computerservice News 2.0 - 'newsadmin.php action' Remote File Inclusion FAQEngine 4.16.03 - (question.php questionref) SQL Injection FAQEngine 4.16.03 - 'question.php questionref' SQL Injection Libstats 1.0.3 - (template_csv.php) Remote File Inclusion MolyX BOARD 2.5.0 - (index.php lang) Local File Inclusion Libstats 1.0.3 - 'template_csv.php' Remote File Inclusion MolyX BOARD 2.5.0 - 'index.php lang' Local File Inclusion Dokeos 1.8.0 - (my_progress.php course) SQL Injection Dokeos 1.6.5 - (courseLog.php scormcontopen) SQL Injection Dokeos 1.8.0 - 'my_progress.php course' SQL Injection Dokeos 1.6.5 - 'courseLog.php scormcontopen' SQL Injection Webavis 0.1.1 - (class.php root) Remote File Inclusion Webavis 0.1.1 - 'class.php root' Remote File Inclusion My Little Forum 1.7 - (user.php id) SQL Injection My Little Forum 1.7 - 'user.php id' SQL Injection TROforum 0.1 - (admin.php site_url) Remote File Inclusion TROforum 0.1 - 'admin.php site_url' Remote File Inclusion Fundanemt 2.2.0 - (spellcheck.php) Remote Code Execution Fundanemt 2.2.0 - 'spellcheck.php' Remote Code Execution Madirish Webmail 2.0 - (addressbook.php) Remote File Inclusion Madirish Webmail 2.0 - 'addressbook.php' Remote File Inclusion Fuzzylime Forum 1.0 - (low.php topic) SQL Injection Fuzzylime Forum 1.0 - 'low.php topic' SQL Injection Sitellite CMS 4.2.12 - (559668.php) Remote File Inclusion PHP::HTML 0.6.4 - (PHPhtml.php) Remote File Inclusion PHPMyInventory 2.8 - (global.inc.php) Remote File Inclusion Sitellite CMS 4.2.12 - '559668.php' Remote File Inclusion PHP::HTML 0.6.4 - 'PHPhtml.php' Remote File Inclusion PHPMyInventory 2.8 - 'global.inc.php' Remote File Inclusion MiniBill 1.2.5 - (run_billing.php) Remote File Inclusion MiniBill 1.2.5 - 'run_billing.php' Remote File Inclusion LiveCMS 3.4 - (categoria.php cid) SQL Injection LiveCMS 3.4 - 'categoria.php cid' SQL Injection SerWeb 0.9.4 - (load_lang.php) Remote File Inclusion Powl 0.94 - (htmledit.php) Remote File Inclusion SerWeb 0.9.4 - 'load_lang.php' Remote File Inclusion Powl 0.94 - 'htmledit.php' Remote File Inclusion Pharmacy System 2.0 - (index.php ID) SQL Injection Pharmacy System 2.0 - 'index.php ID' SQL Injection b1gbb 2.24.0 - (footer.inc.php tfooter) Remote File Inclusion b1gbb 2.24.0 - 'footer.inc.php tfooter' Remote File Inclusion SiteDepth CMS 3.44 - (ShowImage.php name) File Disclosure DreamLog 0.5 - (upload.php) Arbitrary File Upload SiteDepth CMS 3.44 - 'ShowImage.php name' File Disclosure DreamLog 0.5 - 'upload.php' Arbitrary File Upload PHPSiteBackup 0.1 - (pcltar.lib.php) Remote File Inclusion EVA-Web 1.1 <= 2.2 - (index.php3) Remote File Inclusion PHPSiteBackup 0.1 - 'pcltar.lib.php' Remote File Inclusion EVA-Web 1.1 <= 2.2 - 'index.php3' Remote File Inclusion WebChat 0.78 - (login.php rid) SQL Injection Buddy Zone 1.5 - (view_sub_cat.php cat_id) SQL Injection WebChat 0.78 - 'login.php rid' SQL Injection Buddy Zone 1.5 - 'view_sub_cat.php cat_id' SQL Injection TotalCalendar 2.402 - (view_event.php) SQL Injection XCMS 1.1 - (Galerie.php) Local File Inclusion TotalCalendar 2.402 - 'view_event.php' SQL Injection XCMS 1.1 - 'Galerie.php' Local File Inclusion phpEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection phpEventCalendar 0.2.3 - 'eventdisplay.php' SQL Injection AV Arcade 2.1b - (index.php id) SQL Injection PHPDirector 0.21 - (videos.php id) SQL Injection vbzoom 1.x - (forum.php MainID) SQL Injection AV Arcade 2.1b - 'index.php id' SQL Injection PHPDirector 0.21 - 'videos.php id' SQL Injection vbzoom 1.x - 'forum.php MainID' SQL Injection Girlserv ads 1.5 - (details_news.php) SQL Injection Girlserv ads 1.5 - 'details_news.php' SQL Injection AsteriDex 3.0 - (callboth.php) Remote Code Execution AsteriDex 3.0 - 'callboth.php' Remote Code Execution vBulletin Mod RPG Inferno 2.4 - (inferno.php) SQL Injection OpenLD 1.2.2 - (index.php id) SQL Injection FlashBB 1.1.8 - (sendmsg.php) Remote File Inclusion vBulletin Mod RPG Inferno 2.4 - 'inferno.php' SQL Injection OpenLD 1.2.2 - 'index.php id' SQL Injection FlashBB 1.1.8 - 'sendmsg.php' Remote File Inclusion PsNews 1.1 - (show.php newspath) Local File Inclusion PsNews 1.1 - 'show.php newspath' Local File Inclusion QuickEStore 8.2 - (insertorder.cfm) SQL Injection QuickEStore 8.2 - 'insertorder.cfm' SQL Injection phpBB Module SupaNav 1.0.0 - (link_main.php) Remote File Inclusion phpBB Module SupaNav 1.0.0 - 'link_main.php' Remote File Inclusion Blog System 1.x - (index.php news_id) SQL Injection Blog System 1.x - 'index.php news_id' SQL Injection Confixx Pro 3.3.1 - (saveserver.php) Remote File Inclusion Confixx Pro 3.3.1 - 'saveserver.php' Remote File Inclusion SimpleBlog 3.0 - (comments_get.asp id) SQL Injection SimpleBlog 3.0 - 'comments_get.asp id' SQL Injection paBugs 2.0 Beta 3 - (main.php cid) SQL Injection paBugs 2.0 Beta 3 - 'main.php cid' SQL Injection YNP Portal System 2.2.0 - (showpage.cgi p) Remote File Disclosure YNP Portal System 2.2.0 - 'showpage.cgi p' Remote File Disclosure FishCart 3.2 RC2 - (fc_example.php) Remote File Inclusion Ncaster 1.7.2 - (archive.php) Remote File Inclusion FishCart 3.2 RC2 - 'fc_example.php' Remote File Inclusion Ncaster 1.7.2 - 'archive.php' Remote File Inclusion Pixlie 1.7 - (pixlie.php root) Remote File Disclosure Pixlie 1.7 - 'pixlie.php root' Remote File Disclosure Squirrelcart 1.x.x - (cart.php) Remote File Inclusion Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion SomeryC 0.2.4 - (include.php skindir) Remote File Inclusion SomeryC 0.2.4 - 'include.php skindir' Remote File Inclusion Micro CMS 3.5 - (revert-content.php) SQL Injection Micro CMS 3.5 - 'revert-content.php' SQL Injection DL PayCart 1.01 - (viewitem.php ItemID) Blind SQL Injection VWar 1.5.0 R15 - (mvcw.php) Remote File Inclusion DL PayCart 1.01 - 'viewitem.php ItemID' Blind SQL Injection VWar 1.5.0 R15 - 'mvcw.php' Remote File Inclusion xGB 2.0 - (xGB.php) Remote Security Bypass xGB 2.0 - 'xGB.php' Remote Security Bypass PHPNS 1.1 - (shownews.php id) SQL Injection PHPNS 1.1 - 'shownews.php id' SQL Injection Ourspace 2.0.9 - (uploadmedia.cgi) Arbitrary File Upload Ourspace 2.0.9 - 'uploadmedia.cgi' Arbitrary File Upload Yvora CMS 1.0 - (error_view.php ID) SQL Injection Yvora CMS 1.0 - 'error_view.php ID' SQL Injection PHPOF 20040226 - (DB_adodb.class.php) Remote File Inclusion AnyInventory 2.0 - (Environment.php) Remote File Inclusion PHPOF 20040226 - 'DB_adodb.class.php' Remote File Inclusion AnyInventory 2.0 - 'Environment.php' Remote File Inclusion Webace-Linkscript 1.3 SE - (start.php) SQL Injection RW::Download 2.0.3 lite - (index.php dlid) SQL Injection Webace-Linkscript 1.3 SE - 'start.php' SQL Injection RW::Download 2.0.3 lite - 'index.php dlid' SQL Injection Sisfo Kampus 2006 - (blanko.preview.php) Local File Disclosure Sisfo Kampus 2006 - 'blanko.preview.php' Local File Disclosure PHPress 0.2.0 - (adisplay.php lang) Local File Inclusion PHPress 0.2.0 - 'adisplay.php lang' Local File Inclusion Ajax File Browser 3b - (settings.inc.php approot) Remote File Inclusion Ajax File Browser 3b - 'settings.inc.php approot' Remote File Inclusion JBlog 1.0 - (index.php id) SQL Injection JBlog 1.0 - 'index.php id' SQL Injection neuron news 1.0 - (index.php q) Local File Inclusion neuron news 1.0 - 'index.php q' Local File Inclusion Wordsmith 1.1b - (config.inc.php _path) Remote File Inclusion Wordsmith 1.1b - 'config.inc.php _path' Remote File Inclusion helplink 0.1.0 - (show.php) Remote File Inclusion helplink 0.1.0 - 'show.php' Remote File Inclusion Novus 1.0 - (notas.asp nota_id) SQL Injection Novus 1.0 - 'notas.asp nota_id' SQL Injection lustig.cms Beta 2.5 - (forum.php view) Remote File Inclusion lustig.cms Beta 2.5 - 'forum.php view' Remote File Inclusion Ossigeno CMS 2.2a3 - (footer.php) Remote File Inclusion Ossigeno CMS 2.2a3 - 'footer.php' Remote File Inclusion Picturesolution 2.1 - (config.php path) Remote File Inclusion Picturesolution 2.1 - 'config.php path' Remote File Inclusion xKiosk 3.0.1i - (xkurl.php PEARPATH) Remote File Inclusion xKiosk 3.0.1i - 'xkurl.php PEARPATH' Remote File Inclusion LimeSurvey 1.52 - (language.php) Remote File Inclusion LimeSurvey 1.52 - 'language.php' Remote File Inclusion emagiC CMS.Net 4.0 - (emc.asp) SQL Injection FireConfig 0.5 - (dl.php) Remote File Disclosure emagiC CMS.Net 4.0 - 'emc.asp' SQL Injection FireConfig 0.5 - 'dl.php' Remote File Disclosure Ax Developer CMS 0.1.1 - (index.php module) Local File Inclusion GuppY 4.6.3 - (includes.inc selskin) Remote File Inclusion Quick and Dirty Blog (qdblog) 0.4 - (categories.php) Local File Inclusion scWiki 1.0 Beta 2 - (common.php pathdot) Remote File Inclusion Ax Developer CMS 0.1.1 - 'index.php module' Local File Inclusion GuppY 4.6.3 - 'includes.inc selskin' Remote File Inclusion Quick and Dirty Blog (qdblog) 0.4 - 'categories.php' Local File Inclusion scWiki 1.0 Beta 2 - 'common.php pathdot' Remote File Inclusion Content Injector 1.52 - (index.php cat) SQL Injection Content Injector 1.52 - 'index.php cat' SQL Injection Amber Script 1.0 - (show_content.php id) Local File Inclusion Amber Script 1.0 - 'show_content.php id' Local File Inclusion project alumni 1.0.9 - (index.php act) Local File Inclusion project alumni 1.0.9 - 'index.php act' Local File Inclusion Web-MeetMe 3.0.3 - (play.php) Remote File Disclosure Web-MeetMe 3.0.3 - 'play.php' Remote File Disclosure KML share 1.1 - (region.php layer) Remote File Disclosure KML share 1.1 - 'region.php layer' Remote File Disclosure EZContents 1.4.5 - (index.php link) Remote File Disclosure EZContents 1.4.5 - 'index.php link' Remote File Disclosure PolDoc CMS 0.96 - (download_file.php) File Disclosure PolDoc CMS 0.96 - 'download_file.php' File Disclosure xml2owl 0.1.1 - (filedownload.php) Remote File Disclosure xml2owl 0.1.1 - 'filedownload.php' Remote File Disclosure Wallpaper Site 1.0.09 - (category.php) SQL Injection Wallpaper Site 1.0.09 - 'category.php' SQL Injection PHP ZLink 0.3 - (go.php) SQL Injection PHP ZLink 0.3 - 'go.php' SQL Injection ThemeSiteScript 1.0 - (index.php loadadminpage) Remote File Inclusion ThemeSiteScript 1.0 - 'index.php loadadminpage' Remote File Inclusion ZenPhoto 1.1.3 - (rss.php albumnr) SQL Injection ZenPhoto 1.1.3 - 'rss.php albumnr' SQL Injection Docebo 3.5.0.3 - (lib.regset.php) Command Execution Docebo 3.5.0.3 - 'lib.regset.php' Command Execution Docebo 3.5.0.3 - (lib.regset.php/non-blind) SQL Injection Docebo 3.5.0.3 - 'lib.regset.php/non-blind' SQL Injection Quinsonnas Mail Checker 1.55 - (footer.php) Remote File Inclusion Quinsonnas Mail Checker 1.55 - 'footer.php' Remote File Inclusion PHPMesFilms 1.0 - (index.php id) SQL Injection PHPMesFilms 1.0 - 'index.php id' SQL Injection CuteNews 1.4.6 - (ip ban) Cross-Site Scripting / Command Execution (Administrator Required) CuteNews 1.4.6 - 'ip ban' Authorized Cross-Site Scripting / Command Execution GNUBoard 4.31.03 - (08.12.29) Local File Inclusion GNUBoard 4.31.03 (08.12.29) - Local File Inclusion Gazelle CMS - 'template' Local File Inclusion Gazelle CMS 1.0 - 'template' Local File Inclusion Social Engine - (category_id) SQL Injection SmartSiteCMS 1.0 - (articles.php var) Blind SQL Injection Social Engine 3.06 - 'category_id' Parameter SQL Injection SmartSiteCMS 1.0 - Blind SQL Injection Star Articles 6.0 - (admin.manage) Remote Contents Change Star Articles 6.0 - Remote Contents Change PLE CMS 1.0 Beta 4.2 - (login.php school) Blind SQL Injection PLE CMS 1.0 Beta 4.2 - Blind SQL Injection GNUBoard 4.31.04 - (09.01.30) Multiple Local+Remote Vulnerabilities GNUBoard 4.31.04 (09.01.30) - Multiple Local+Remote Vulnerabilities eVision CMS 2.0 - (field) SQL Injection eVision CMS 2.0 - SQL Injection phpBLASTER 1.0 RC1 - (blaster_user) Blind SQL Injection phpBLASTER 1.0 RC1 - Blind SQL Injection phpslash 0.8.1.1 - Remote Code Execution PHPSlash 0.8.1.1 - Remote Code Execution WEBalbum 2.4b - (photo.php id) Blind SQL Injection WEBalbum 2.4b - 'photo.php id' Blind SQL Injection PHPbbBook 1.3 - (bbcode.php l) Local File Inclusion PHPbbBook 1.3 - 'bbcode.php l' Local File Inclusion IF-CMS 2.0 - (frame.php id) Blind SQL Injection IF-CMS 2.0 - 'frame.php id' Blind SQL Injection ZeroBoardXE 1.1.5 - (09.01.22) Cross-Site Scripting ZeroBoardXE 1.1.5 (09.01.22) - Cross-Site Scripting Gaeste 1.6 - (gastbuch.php) Remote File Disclosure Gaeste 1.6 - 'gastbuch.php' Remote File Disclosure Bloggeruniverse 2.0 Beta - (editcomments.php id) SQL Injection Den Dating 9.01 - (searchmatch.php) SQL Injection Bloggeruniverse 2.0 Beta - 'editcomments.php id' SQL Injection Den Dating 9.01 - 'searchmatch.php' SQL Injection PHP Krazy Image Host Script 1.01 - (viewer.php id) SQL Injection PHP Krazy Image Host Script 1.01 - 'viewer.php id' SQL Injection phpBB 3 - (autopost bot mod 0.1.3) Remote File Inclusion i-dreams Mailer 1.2 Final - (admin.dat) File Disclosure i-dreams GB 5.4 Final - (admin.dat) File Disclosure phpBB 3 - 'autopost bot mod 0.1.3' Remote File Inclusion i-dreams Mailer 1.2 Final - 'admin.dat' File Disclosure i-dreams GB 5.4 Final - 'admin.dat' File Disclosure Osmodia Bulletin Board 1.x - (admin.txt) File Disclosure Osmodia Bulletin Board 1.x - 'admin.txt' File Disclosure Supernews 1.5 - (valor.php noticia) SQL Injection X-BLC 0.2.0 - (get_read.php section) SQL Injection Supernews 1.5 - 'valor.php noticia' SQL Injection X-BLC 0.2.0 - 'get_read.php section' SQL Injection SurfMyTV Script 1.0 - (view.php id) SQL Injection SurfMyTV Script 1.0 - 'view.php id' SQL Injection WeBid 0.7.3 RC9 - (upldgallery.php) Arbitrary File Upload WeBid 0.7.3 RC9 - 'upldgallery.php' Arbitrary File Upload vsp stats processor 0.45 - (gamestat.php gameID) SQL Injection vsp stats processor 0.45 - 'gamestat.php gameID' SQL Injection Back-End CMS 5.0 - (main.asp id) SQL Injection Back-End CMS 5.0 - 'main.asp id' SQL Injection GuestCal 2.1 - (index.php lang) Local File Inclusion GuestCal 2.1 - 'index.php lang' Local File Inclusion W2B Restaurant 1.2 - (conf.inc) Config File Disclosure W2B Restaurant 1.2 - 'conf.inc' Config File Disclosure NetHoteles 3.0 - (ficha.php) SQL Injection eLitius 1.0 - (manage-admin.php) Add Admin/Change Password Exploit NetHoteles 3.0 - 'ficha.php' SQL Injection eLitius 1.0 - 'manage-admin.php' Add Admin/Change Password Exploit Dokeos Lms 1.8.5 - (whoisonline.php) PHP Code Injection Dokeos Lms 1.8.5 - 'whoisonline.php' PHP Code Injection Flatchat 3.0 - (pmscript.php with) Local File Inclusion Flatchat 3.0 - 'pmscript.php with' Local File Inclusion VisionLms 1.0 - (changePW.php) Remote Password Change Exploit VisionLms 1.0 - 'changePW.php' Remote Password Change Exploit eLitius 1.0 - (banner-details.php id) SQL Injection ProjectCMS 1.0b - (index.php sn) SQL Injection eLitius 1.0 - 'banner-details.php id' SQL Injection ProjectCMS 1.0b - 'index.php sn' SQL Injection pecio CMS 1.1.5 - (index.php language) Local File Inclusion pecio CMS 1.1.5 - 'index.php language' Local File Inclusion Uguestbook 1.0b - (Guestbook.mdb) Arbitrary Database Disclosure Uguestbook 1.0b - 'Guestbook.mdb' Arbitrary Database Disclosure beLive 0.2.3 - (arch.php arch) Local File Inclusion beLive 0.2.3 - 'arch.php arch' Local File Inclusion PHPenpals 1.1 - (mail.php ID) SQL Injection PHPenpals 1.1 - 'mail.php ID' SQL Injection MaxCMS 2.0 - (inc/ajax.asp) SQL Injection MaxCMS 2.0 - 'inc/ajax.asp' SQL Injection Realty Web-Base 1.0 - (list_list.php id) SQL Injection Realty Web-Base 1.0 - 'list_list.php id' SQL Injection vBulletin vbBux/vbPlaza 2.x - (vbplaza.php) Blind SQL Injection vBulletin vbBux/vbPlaza 2.x - 'vbplaza.php' Blind SQL Injection ShaadiClone 2.0 - (addAdminmembercode.php) Add Admin ShaadiClone 2.0 - 'addAdminmembercode.php' Add Admin ecsportal rel 6.5 - (article_view_photo.php id) SQL Injection ecsportal rel 6.5 - 'article_view_photo.php id' SQL Injection Supernews 2.6 - (index.php noticia) SQL Injection Supernews 2.6 - 'index.php noticia' SQL Injection Movie PHP Script 2.0 - (init.php anticode) Code Execution Movie PHP Script 2.0 - 'init.php anticode' Code Execution VT-Auth 1.0 - (zHk8dEes3.txt) File Disclosure VT-Auth 1.0 - 'zHk8dEes3.txt' File Disclosure PHPWebThings 1.5.2 - (help.php module) Local File Inclusion PHPWebThings 1.5.2 - 'help.php module' Local File Inclusion DB Top Sites 1.0 - (index.php u) Local File Inclusion DB Top Sites 1.0 - 'index.php u' Local File Inclusion PHPCollegeExchange 0.1.5c - (listing_view.php itemnr) SQL Injection PHPCollegeExchange 0.1.5c - 'listing_view.php itemnr' SQL Injection XOOPS 2.3.3 - (.htaccess) Remote File Disclosure PHPFK 7.03 - (page_bottom.php) Local File Inclusion XOOPS 2.3.3 - '.htaccess' Remote File Disclosure PHPFK 7.03 - 'page_bottom.php' Local File Inclusion Glossword 1.8.11 - (index.php x) Local File Inclusion Glossword 1.8.11 - 'index.php x' Local File Inclusion LightOpenCMS 0.1 - (smarty.php cwd) Local File Inclusion LightOpenCMS 0.1 - 'smarty.php cwd' Local File Inclusion Messages Library 2.0 - (cat.php CatID) SQL Injection Messages Library 2.0 - 'cat.php CatID' SQL Injection PHP-Sugar 0.80 - (index.php t) Local File Inclusion PHP-Sugar 0.80 - 'index.php t' Local File Inclusion Universe CMS 1.0.6 - (vnews.php id) SQL Injection Universe CMS 1.0.6 - 'vnews.php id' SQL Injection Phenotype CMS 2.8 - (login.php user) Blind SQL Injection Phenotype CMS 2.8 - 'login.php user' Blind SQL Injection webLeague 2.2.0 - (install.php) Remote Change Password Exploit webLeague 2.2.0 - 'install.php' Remote Change Password Exploit VS PANEL 7.5.5 - (results.php Cat_ID) SQL Injection VS PANEL 7.5.5 - 'results.php Cat_ID' SQL Injection WebVision 2.1 - (news.php n) SQL Injection WebVision 2.1 - 'news.php n' SQL Injection Silentum Guestbook 2.0.2 - (silentum_Guestbook.php) SQL Injection Silentum Guestbook 2.0.2 - 'silentum_Guestbook.php' SQL Injection Basilic 1.5.13 - (index.php idAuthor) SQL Injection Basilic 1.5.13 - 'index.php idAuthor' SQL Injection ProjectButler 1.5.0 - (pda_projects.php offset) Remote File Inclusion ProjectButler 1.5.0 - 'pda_projects.php offset' Remote File Inclusion Netpet CMS 1.9 - (confirm.php language) Local File Inclusion Netpet CMS 1.9 - 'confirm.php language' Local File Inclusion simplePHPWeb 0.2 - (files.php) Authentication Bypass simplePHPWeb 0.2 - 'files.php' Authentication Bypass Discloser 0.0.4-rc2 - (index.php more) SQL Injection Discloser 0.0.4-rc2 - 'index.php more' SQL Injection elgg 1.5 - (/_css/js.php) Local File Inclusion elgg 1.5 - '/_css/js.php' Local File Inclusion In-portal 4.3.1 - (index.php env) Local File Inclusion In-portal 4.3.1 - 'index.php env' Local File Inclusion E CMS 1.0 - (index.php s) SQL Injection E CMS 1.0 - 'index.php s' SQL Injection New5starRating 1.0 - (rating.php) SQL Injection New5starRating 1.0 - 'rating.php' SQL Injection Moa Gallery 1.2.0 - (index.php action) SQL Injection Moa Gallery 1.2.0 - 'index.php action' SQL Injection PAD Site Scripts 3.6 - (list.php string) SQL Injection PAD Site Scripts 3.6 - 'list.php string' SQL Injection PHPSANE 0.5.0 - (save.php) Remote File Inclusion PHPSANE 0.5.0 - 'save.php' Remote File Inclusion Modern Script 5.0 - (index.php s) SQL Injection Re-Script 0.99 Beta - (listings.php op) SQL Injection Modern Script 5.0 - 'index.php s' SQL Injection Re-Script 0.99 Beta - 'listings.php op' SQL Injection KingCMS 0.6.0 - (menu.php) Remote File Inclusion KingCMS 0.6.0 - 'menu.php' Remote File Inclusion Ve-EDIT 0.1.4 - (debug_PHP.php) Local File Inclusion Ve-EDIT 0.1.4 - 'debug_PHP.php' Local File Inclusion OBOphiX 2.7.0 - (fonctions_racine.php) Remote File Inclusion OBOphiX 2.7.0 - 'fonctions_racine.php' Remote File Inclusion PHPNagios 1.2.0 - (menu.php) Local File Inclusion PHPNagios 1.2.0 - 'menu.php' Local File Inclusion An image Gallery 1.0 - (navigation.php) Local Directory Traversal An image Gallery 1.0 - 'navigation.php' Local Directory Traversal Image voting 1.0 - (index.php show) SQL Injection Image voting 1.0 - 'index.php show' SQL Injection Aurora CMS 1.0.2 - (install.plugin.php) Remote File Inclusion Aurora CMS 1.0.2 - 'install.plugin.php' Remote File Inclusion efront 3.5.4 - (database.php path) Remote File Inclusion efront 3.5.4 - 'database.php path' Remote File Inclusion OpenSiteAdmin 0.9.7b - (pageHeader.php path) Remote File Inclusion OpenSiteAdmin 0.9.7b - 'pageHeader.php path' Remote File Inclusion ActiveBuyandSell 6.2 - (buyersend.asp catid) Blind SQL Injection ActiveBuyandSell 6.2 - 'buyersend.asp catid' Blind SQL Injection V.H.S. Booking - (hotel_habitaciones.php HotelID) SQL Injection V.H.S. Booking - 'hotel_habitaciones.php HotelID' SQL Injection Datenator 0.3.0 - (event.php id) SQL Injection Datenator 0.3.0 - 'event.php id' SQL Injection XlentCMS 1.0.4 - (downloads.php?cat) SQL Injection XlentCMS 1.0.4 - 'downloads.php?cat' SQL Injection Rezervi 3.0.2 - (mail.inc.php) Remote File Inclusion Rezervi 3.0.2 - 'mail.inc.php' Remote File Inclusion LightOpenCMS 0.1 - (smarty.php) Remote File Inclusion LightOpenCMS 0.1 - 'smarty.php' Remote File Inclusion ULoki Community Forum 2.1 - (usercp.php) Cross-Site Scripting ULoki Community Forum 2.1 - 'usercp.php' Cross-Site Scripting PHPCOIN 1.2.1 - (mod.php) SQL Injection PHPCOIN 1.2.1 - 'mod.php' SQL Injection PHPCOIN 1.2.1 - (mod.php) Local File Inclusion PHPCOIN 1.2.1 - 'mod.php' Local File Inclusion Anantasoft Gazelle CMS - Cross-Site Request Forgery Gazelle CMS - Cross-Site Request Forgery SiteX CMS 0.7.4 Beta - (/photo.php) SQL Injection SiteX CMS 0.7.4 Beta - '/photo.php' SQL Injection FCKEditor Core - (FileManager test.html) Arbitrary File Upload (1) FCKEditor Core - 'FileManager test.html' Arbitrary File Upload (1) WHMCS control (WHMCompleteSolution) - SQL Injection WHMCompleteSolution (WHMCS) control (WHMCompleteSolution) - SQL Injection WHMCS Control 2 - 'announcements.php' SQL Injection WHMCompleteSolution (WHMCS) Control 2 - 'announcements.php' SQL Injection tekno.Portal 0.1b - (makale.php id) SQL Injection tekno.Portal 0.1b - 'makale.php id' SQL Injection Heaven Soft CMS 4.7 - (photogallery_open.php) SQL Injection Heaven Soft CMS 4.7 - 'photogallery_open.php' SQL Injection Multi Vendor Mall - (itemdetail.php & shop.php) SQL Injection Multi Vendor Mall - 'itemdetail.php & shop.php' SQL Injection PPhlogger 2.2.5 - (trace.php) Remote Command Execution PPhlogger 2.2.5 - 'trace.php' Remote Command Execution Eyeland Studio Inc. - (game.php) SQL Injection Eyeland Studio Inc. - 'game.php' SQL Injection PHPDirector 0.30 - (videos.php) SQL Injection PHPDirector 0.30 - 'videos.php' SQL Injection PHPaaCMS 0.3.1 - (show.php?id=) SQL Injection PHPaaCMS 0.3.1 - 'show.php?id=' SQL Injection BS Business Directory - (articlesdetails.php) SQL Injection (PoC) BS Classifieds Ads - (articlesdetails.php) SQL Injection (PoC) BS Events Directory - (articlesdetails.php) SQL Injection (PoC) BS Business Directory - 'articlesdetails.php' SQL Injection (PoC) BS Classifieds Ads - 'articlesdetails.php' SQL Injection (PoC) BS Events Directory - 'articlesdetails.php' SQL Injection (PoC) Mayasan Portal 2.0 - (makaledetay.asp) SQL Injection Mayasan Portal 2.0 - (haberdetay.asp) SQL Injection Mayasan Portal 2.0 - 'makaledetay.asp' SQL Injection Mayasan Portal 2.0 - 'haberdetay.asp' SQL Injection PhotoPost PHP 4.6.5 - (ecard.php) SQL Injection PhotoPost PHP 4.6.5 - 'ecard.php' SQL Injection sNews 1.7 - (index.php?category) SQL Injection sNews 1.7 - 'index.php?category' SQL Injection Ananta Gazelle CMS - Multiple Vulnerabilities Gazelle CMS - Multiple Vulnerabilities CF Image Hosting Script 1.3 - (settings.cdb) Information Disclosure CF Image Hosting Script 1.3 - 'settings.cdb' Information Disclosure mBlogger 1.0.04 - (viewpost.php) SQL Injection mBlogger 1.0.04 - 'viewpost.php' SQL Injection mBlogger 1.0.04 - (addcomment.php) Persistent Cross-Site Scripting mBlogger 1.0.04 - 'addcomment.php' Persistent Cross-Site Scripting Chipmunk Board 1.3 - (index.php?forumID) SQL Injection Chipmunk Board 1.3 - 'index.php?forumID' SQL Injection SmarterMail 7.x - (7.2.3925) LDAP Injection SmarterMail 7.x (7.2.3925) - LDAP Injection xWeblog 2.2 - (oku.asp?makale_id) SQL Injection xWeblog 2.2 - (arsiv.asp tarih) SQL Injection xWeblog 2.2 - 'oku.asp?makale_id' SQL Injection xWeblog 2.2 - 'arsiv.asp tarih' SQL Injection FCKEditor Core 2.x 2.4.3 - (FileManager upload.php) Arbitrary File Upload FCKEditor Core 2.x 2.4.3 - 'FileManager upload.php' Arbitrary File Upload WebRCSdiff 0.9 - (viewver.php) Remote File Inclusion WebRCSdiff 0.9 - 'viewver.php' Remote File Inclusion Ananda Real Estate 3.4 - (list.asp) Multiple SQL Injection Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injection SquareCMS 0.3.1 - (post.php) SQL Injection SquareCMS 0.3.1 - 'post.php' SQL Injection PHP-AddressBook 6.2.4 - (group.php) SQL Injection PHP-AddressBook 6.2.4 - 'group.php' SQL Injection Ignition 1.3 - (page.php) Local File Inclusion Ignition 1.3 - 'page.php' Local File Inclusion AWBS 2.9.2 - (cart.php) Blind SQL Injection AWBS 2.9.2 - 'cart.php' Blind SQL Injection Woltlab Burning Board 2.3.6 Addon - (hilfsmittel.php) SQL Injection Woltlab Burning Board 2.3.6 Addon - 'hilfsmittel.php' SQL Injection WordPress Plugin PHP Speedy 0.5.2 - (admin_container.php) Remote Code Execution WordPress Plugin PHP Speedy 0.5.2 - 'admin_container.php' Remote Code Execution ilchClan 1.0.5 - (regist.php) SQL Injection ilchClan 1.0.5 - 'regist.php' SQL Injection OrangeHRM 2.6.3 - (PluginController.php) Local File Inclusion OrangeHRM 2.6.3 - 'PluginController.php' Local File Inclusion Traidnt UP 2.0 - (view.php) SQL Injection Traidnt UP 2.0 - 'view.php' SQL Injection osCommerce 2.3.1 - (banner_manager.php) Arbitrary File Upload osCommerce 2.3.1 - 'banner_manager.php' Arbitrary File Upload Extcalendar 2.0b2 - (cal_search.php) SQL Injection Extcalendar 2.0b2 - 'cal_search.php' SQL Injection WeBid 1.0.2 - (converter.php) Remote Code Execution WeBid 1.0.2 - 'converter.php' Remote Code Execution FCKEditor Core - (FileManager test.html) Arbitrary File Upload (2) FCKEditor Core - 'FileManager test.html' Arbitrary File Upload (2) MyBB Advanced Forum Signatures - (afsignatures-2.0.4) SQL Injection MyBB Advanced Forum Signatures - 'afsignatures-2.0.4' SQL Injection Ruubikcms 1.1.0 - (/extra/image.php) Local File Inclusion Ruubikcms 1.1.0 - '/extra/image.php' Local File Inclusion Dolphin 7.0.7 - (member_menu_queries.php) Remote PHP Code Injection Dolphin 7.0.7 - 'member_menu_queries.php' Remote PHP Code Injection WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - (cart.php) Local File Disclosure WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - 'cart.php' Local File Disclosure CMSmini 0.2.2 - Local File Inclusion CMS mini 0.2.2 - Local File Inclusion WHMCS 3.x.x - (clientarea.php) Local File Disclosure ZenPhoto 1.4.1.4 - (ajax_create_folder.php) Remote Code Execution PHPMyFAQ 2.7.0 - (ajax_create_folder.php) Remote Code Execution aidiCMS 3.55 - (ajax_create_folder.php) Remote Code Execution WHMCompleteSolution (WHMCS) 3.x.x - 'clientarea.php' Local File Disclosure ZenPhoto 1.4.1.4 - 'ajax_create_folder.php' Remote Code Execution PHPMyFAQ 2.7.0 - 'ajax_create_folder.php' Remote Code Execution aidiCMS 3.55 - 'ajax_create_folder.php' Remote Code Execution WordPress Plugin Zingiri 2.2.3 - (ajax_save_name.php) Remote Code Execution Support Incident Tracker 3.65 - (translate.php) Remote Code Execution WordPress Plugin Zingiri 2.2.3 - 'ajax_save_name.php' Remote Code Execution Support Incident Tracker 3.65 - 'translate.php' Remote Code Execution FreeWebShop 2.2.9 R2 - (ajax_save_name.php) Remote Code Execution FreeWebShop 2.2.9 R2 - 'ajax_save_name.php' Remote Code Execution Log1 CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Log1 CMS 2.0 - 'ajax_create_folder.php' Remote Code Execution PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (2) (Metasploit) PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (2) (Metasploit) Tiki Wiki CMS Groupware 8.2 - (snarf_ajax.php) Remote PHP Code Injection Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection Mnews 1.1 - (view.php) SQL Injection Mnews 1.1 - 'view.php' SQL Injection appRain CMF 0.1.5 - (Uploadify.php) Unrestricted Arbitrary File Upload appRain CMF 0.1.5 - 'Uploadify.php' Unrestricted Arbitrary File Upload BASE 1.4.5 - (base_qry_main.php t_view) SQL Injection BASE 1.4.5 - 'base_qry_main.php t_view' SQL Injection Ananta Gazelle CMS - Update Statement SQL Injection Gazelle CMS 1.0 - Update Statement SQL Injection PHPFox 3.0.1 - (ajax.php) Remote Command Execution PHPFox 3.0.1 - 'ajax.php' Remote Command Execution OpenConf 4.11 - (author/edit.php) Blind SQL Injection OpenConf 4.11 - 'author/edit.php' Blind SQL Injection NewsAdd 1.0 - (lerNoticia.php id) SQL Injection Supernews 2.6.1 - (noticias.php cat) SQL Injection NewsAdd 1.0 - 'lerNoticia.php id' SQL Injection Supernews 2.6.1 - 'noticias.php cat' SQL Injection SN News 1.2 - (visualiza.php) SQL Injection SN News 1.2 - 'visualiza.php' SQL Injection PHPNet 1.8 - (ler.php) SQL Injection PHPNet 1.8 - 'ler.php' SQL Injection X-Cart Gold 4.5 - (products_map.php symb Parameter) Cross-Site Scripting X-Cart Gold 4.5 - 'products_map.php symb Parameter' Cross-Site Scripting Dell SonicWALL Scrutinizer 9.0.1 - (statusFilter.php q Parameter) SQL Injection Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php q Parameter' SQL Injection Symantec Web Gateway 5.0.2 - (blocked.php id Parameter) Blind SQL Injection Symantec Web Gateway 5.0.2 - 'blocked.php id Parameter' Blind SQL Injection Symantec Web Gateway 5.0.3.18 - (deptUploads_data.php groupid Parameter) Blind SQL Injection Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid Parameter' Blind SQL Injection YourArcadeScript 2.4 - (index.php id Parameter) SQL Injection YourArcadeScript 2.4 - 'index.php id Parameter' SQL Injection vlinks 2.0.3 - (site.php id Parameter) SQL Injection vlinks 2.0.3 - 'site.php id Parameter' SQL Injection Blog Mod 0.1.9 - (index.php month Parameter) SQL Injection Blog Mod 0.1.9 - 'index.php month Parameter' SQL Injection MyBB Profile Albums Plugin 0.9 - (albums.php album Parameter) SQL Injection MyBB Profile Albums Plugin 0.9 - 'albums.php album Parameter' SQL Injection YeaLink IP Phone SIP-TxxP firmware 9.70.0.100 - Multiple Vulnerabilities YeaLink IP Phone SIP-TxxP Firmware 9.70.0.100 - Multiple Vulnerabilities Linksys WRT54GL (Firmware 4.30.15 build 2) - Multiple Vulnerabilities Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities NConf 1.3 - (detail.php detail_admin_items.php id Parameter) SQL Injection NConf 1.3 - 'detail.php detail_admin_items.php id Parameter' SQL Injection DataLife Engine 9.7 - (preview.php) PHP Code Injection DataLife Engine 9.7 - 'preview.php' PHP Code Injection AdaptCMS 2.0.4 - (config.php question Parameter) SQL Injection AdaptCMS 2.0.4 - 'config.php question Parameter' SQL Injection CubeCart 5.2.0 - (cubecart.class.php) PHP Object Injection CubeCart 5.2.0 - 'cubecart.class.php' PHP Object Injection Piwigo 2.4.6 - (install.php) Arbitrary File Read/Delete Piwigo 2.4.6 - 'install.php' Arbitrary File Read/Delete OpenEMR 4.1.1 - (ofc_upload_image.php) Arbitrary File Upload OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload PHPMyRecipes 1.2.2 - (viewrecipe.php r_id Parameter) SQL Injection PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id Parameter' SQL Injection MTP Image Gallery 1.0 - (edit_photos.php title Parameter) Cross-Site Scripting MTP Image Gallery 1.0 - 'edit_photos.php title Parameter' Cross-Site Scripting WordPress Plugin Count Per Day 3.2.5 - (counter.php) Cross-Site Scripting WordPress Plugin Count Per Day 3.2.5 - 'counter.php' Cross-Site Scripting AWS Xms 2.5 - (importer.php what Parameter) Directory Traversal Pollen CMS 0.6 - (index.php p Parameter) Local File Disclosure AWS Xms 2.5 - 'importer.php what Parameter' Directory Traversal Pollen CMS 0.6 - 'index.php p Parameter' Local File Disclosure WHMCS Group Pay Plugin 1.5 - (grouppay.php hash Parameter) SQL Injection WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash Parameter' SQL Injection WHMCS 4.x - (invoicefunctions.php id Parameter) SQL Injection WHMCS 4.x - 'invoicefunctions.php id Parameter' SQL Injection AVE.CMS 2.09 - (index.php module Parameter) Blind SQL Injection AVE.CMS 2.09 - 'index.php module Parameter' Blind SQL Injection RadioCMS 2.2 - (menager.php playlist_id Parameter) SQL Injection RadioCMS 2.2 - 'menager.php playlist_id Parameter' SQL Injection NEXTWEB - (i)Site 'login.asp' SQL Injection NEXTWEB (i)Site - 'login.asp' SQL Injection Ruubikcms 1.1.1 - (tinybrowser.php folder Parameter) Directory Traversal Ruubikcms 1.1.1 - 'tinybrowser.php folder Parameter' Directory Traversal Simple PHP Agenda 2.2.8 - (edit_event.php eventid Parameter) SQL Injection Simple PHP Agenda 2.2.8 - 'edit_event.php eventid Parameter' SQL Injection Top Games Script 1.2 - (play.php gid Parameter) SQL Injection Top Games Script 1.2 - 'play.php gid Parameter' SQL Injection Elemata CMS RC3.0 - (global.php id Parameter) SQL Injection Elemata CMS RC3.0 - 'global.php id Parameter' SQL Injection PHP-Charts 1.0 - (index.php type Parameter) Remote Code Execution PHP-Charts 1.0 - 'index.php type Parameter' Remote Code Execution PHPSlash 0.8.1 - article.php SQL Injection PHPSlash 0.8.1 - 'article.php' SQL Injection Telmanik CMS Press 1.01b - (pages.php page_name Parameter) SQL Injection Telmanik CMS Press 1.01b - 'pages.php page_name Parameter' SQL Injection glFusion 1.3.0 - (search.php cat_id Parameter) SQL Injection glFusion 1.3.0 - 'search.php cat_id Parameter' SQL Injection Vtiger CRM 5.4.0 - (index.php onlyforuser Parameter) SQL Injection Vtiger CRM 5.4.0 - 'index.php onlyforuser Parameter' SQL Injection XAMPP 1.8.1 - (lang.php WriteIntoLocalDisk method) Local Write Access XAMPP 1.8.1 - 'lang.php WriteIntoLocalDisk method' Local Write Access WHMCS 5.2.7 - SQL Injection WHMCompleteSolution (WHMCS) 5.2.7 - SQL Injection PHPList 2.10.2 - 'index.php' Cross-Site Scripting phpList 2.10.2 - 'index.php' Cross-Site Scripting Dolibarr ERP/CMS 3.4.0 - (exportcsv.php sondage Parameter) SQL Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage Parameter' SQL Injection WHMCS 5.2.8 - SQL Injection WHMCompleteSolution (WHMCS) 5.2.8 - SQL Injection Vanilla Forums 2.0 < 2.0.18.5 - (class.utilitycontroller.php) PHP Object Injection Vanilla Forums 2.0 < 2.0.18.5 - 'class.utilitycontroller.php' PHP Object Injection Project'Or RIA 3.4.0 - (objectDetail.php objectId Parameter) SQL Injection Project'Or RIA 3.4.0 - 'objectDetail.php objectId Parameter' SQL Injection Chamilo Lms 1.9.6 - (profile.php password0 Parameter) SQL Injection Dokeos 2.2 RC2 - (index.php language Parameter) SQL Injection Chamilo Lms 1.9.6 - 'profile.php password0 Parameter' SQL Injection Dokeos 2.2 RC2 - 'index.php language Parameter' SQL Injection WHMCS 4.x / 5.x - Multiple Web Vulnerabilities WHMCompleteSolution (WHMCS) 4.x / 5.x - Multiple Web Vulnerabilities SiteBar 3.3.8 - (translator.php) upd cmd Action edit Variable Arbitrary PHP Code Execution SiteBar 3.3.8 - 'translator.php' upd cmd Action edit Variable Arbitrary PHP Code Execution osCommerce 2.3.3.4 - (geo_zones.php zID Parameter) SQL Injection osCommerce 2.3.3.4 - 'geo_zones.php zID Parameter' SQL Injection Concrete5 5.6.2.1 - (index.php cID Parameter) SQL Injection Concrete5 5.6.2.1 - 'index.php cID Parameter' SQL Injection D-Link DIR-615 Hardware vE4 Firmware v5.10 - Cross-Site Request Forgery D-Link DIR-615 Hardware vE4 Firmware 5.10 - Cross-Site Request Forgery WordPress Plugin AdRotate 3.9.4 - (clicktracker.php track Parameter) SQL Injection WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php track Parameter' SQL Injection Chipmunk Blog - members.php membername Parameter Cross-Site Scripting Chipmunk Blog - comments.php membername Parameter Cross-Site Scripting Chipmunk Blog - photos.php membername Parameter Cross-Site Scripting Chipmunk Blog - archive.php membername Parameter Cross-Site Scripting Chipmunk Blog - cat.php membername Parameter Cross-Site Scripting Chipmunk Blog - 'members.php' Cross-Site Scripting Chipmunk Blog - 'comments.php' Cross-Site Scripting Chipmunk Blog - 'photos.php' Cross-Site Scripting Chipmunk Blog - 'archive.php' Cross-Site Scripting Chipmunk Blog - 'cat.php' Cross-Site Scripting webERP 4.11.3 - (SalesInquiry.php SortBy Parameter) SQL Injection webERP 4.11.3 - 'SalesInquiry.php SortBy Parameter' SQL Injection ownCloud 4.0.x/4.5.x - (upload.php Filename Parameter) Remote Code Execution ownCloud 4.0.x/4.5.x - 'upload.php Filename Parameter' Remote Code Execution InterWorx Control Panel 5.0.13 build 574 - (xhr.php i Parameter) SQL Injection InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i Parameter' SQL Injection kitForm CRM Extension 0.43 - (sorter.php sorter_value Parameter) SQL Injection kitForm CRM Extension 0.43 - 'sorter.php sorter_value Parameter' SQL Injection dompdf 0.6.0 - (dompdf.php read Parameter) Arbitrary File Read dompdf 0.6.0 - 'dompdf.php read Parameter' Arbitrary File Read ArticleFR 11.06.2014 - (data.php) Privilege Escalation ArticleFR 11.06.2014 - 'data.php' Privilege Escalation vBulletin 4.0.x < 4.1.2 - (search.php cat Parameter) SQL Injection vBulletin 4.0.x < 4.1.2 - 'search.php cat Parameter' SQL Injection Bacula-Web 5.2.10 - (joblogs.php jobid Parameter) SQL Injection Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter' SQL Injection net2ftp 0.98 - (stable) 'admin1.template.php' Local File Inclusion / Remote File Inclusion net2ftp 0.98 (stable) - 'admin1.template.php' Local File Inclusion / Remote File Inclusion Piwigo 2.6.0 - (picture.php rate Parameter) SQL Injection Piwigo 2.6.0 - 'picture.php rate Parameter' SQL Injection PHPMyRecipes 1.2.2 - (dosearch.php words_exact Parameter) SQL Injection PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter' SQL Injection Anantasoft Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection PHPMyRecipes 1.2.2 - (browse.php category Parameter) SQL Injection PHPMyRecipes 1.2.2 - 'browse.php category Parameter' SQL Injection u5CMS 3.9.3 - (deletefile.php) Arbitrary File Deletion u5CMS 3.9.3 - 'deletefile.php' Arbitrary File Deletion WordPress Plugin Freshmail 1.5.8 - (shortcode.php) SQL Injection WordPress Plugin Freshmail 1.5.8 - 'shortcode.php' SQL Injection CreateVision CreateVision CMS - 'id' Parameter SQL Injection CreateVision CMS - 'id' Parameter SQL Injection PHPCollab 2.5 - (deletetopics.php) SQL Injection PHPCollab 2.5 - 'deletetopics.php' SQL Injection Acuity CMS 2.6.2 - (ASP) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution WHMCS - 'boleto_bb.php' SQL Injection WHMCompleteSolution (WHMCS) - 'boleto_bb.php' SQL Injection PHPList 2.10.9 - 'Sajax.php' PHP Code Injection phpList 2.10.9 - 'Sajax.php' PHP Code Injection WHMCompleteSolution - (WHMCS) 5.0 'KnowledgeBase.php' search Parameter Cross-Site Scripting WHMCompleteSolution (WHMCS) 5.0 - 'KnowledgeBase.php' search Parameter Cross-Site Scripting FCKEditor Core - (Editor 'spellchecker.php') Cross-Site Scripting FCKEditor Core - 'Editor 'spellchecker.php'' Cross-Site Scripting PHPList 2.10.18 - 'index.php' SQL Injection phpList 2.10.18 - 'index.php' SQL Injection WHMCS 4.5.2 - 'googlecheckout.php' SQL Injection WHMCompleteSolution (WHMCS) 4.5.2 - 'googlecheckout.php' SQL Injection SolarWinds Orion IP Address Manager - (IPAM) 'search.aspx' Cross-Site Scripting SolarWinds Orion IP Address Manager (IPAM) - 'search.aspx' Cross-Site Scripting PHP gettext 1.0.12 - (gettext.php) Unauthenticated Code Execution PHP gettext 1.0.12 - 'gettext.php' Unauthenticated Code Execution WHMCS Addon VMPanel 2.7.4 - SQL Injection WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection WD My Cloud Mirror 2.11.153 - Authentication Bypass / Remote Code Execution MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution	2017-01-25 05:01:18 +00:00
Offensive Security	1441edc4aa	DB: 2017-01-20 13 new exploits Google Android TSP sysfs - 'cmd_store' Multiple Overflows Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes) Tenda ADSL2/2+ Modem D820R - Unauthenticated DNS Change Pirelli DRG A115 v3 ADSL Router - Unauthenticated DNS Change Viral Image & Video Sharing GagZone Script - SQL Injection Image and Video Script - SQL Injection Social News and Bookmarking Script - SQL Injection Viral Image Sharing Script - SQL Injection Vine VideoSite Creator Script - SQL Injection Job Vacancy Script - SQL Injection Home of Viral Images_ Videos and Articles Script - SQL Injection Video Site Creator Script - SQL Injection Classifieds Script - SQL Injection	2017-01-20 05:01:18 +00:00
Offensive Security	7c1c496c25	DB: 2017-01-17 11 new exploits Nofeel FTP Server 3.6 - (CWD) Remote Memory Consumption Exploit Nofeel FTP Server 3.6 - 'CWD' Command Remote Memory Consumption Mozilla Firefox < 50.1.0 - Use After Free Mozilla Firefox < 50.1.0 - Use-After-Free HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (1) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (1) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4) iSelect v1.4 - Local Buffer Overflow Word Viewer OCX 3.2 - ActiveX (Save) Remote File Overwrite Word Viewer OCX 3.2 ActiveX - (Save) Remote File Overwrite WinaXe Plus 8.7 - Buffer Overflow DiskBoss Enterprise - GET Buffer Overflow (Metasploit) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Photobase 1.2 - 'Language' Local File Inclusion Joomla! Component Portfol - (vcatid) SQL Injection Photobase 1.2 - 'Language' Parameter Local File Inclusion Joomla! Component Portfol 1.2 - 'vcatid' Parameter SQL Injection dMx READY (25 - Products) Remote Database Disclosure dMx READY (25 - Products) - Remote Database Disclosure Joomla! Component com_gigcal (gigcal_gigs_id) 1.0 - SQL Injection Joomla! Component GigCalendar 1.0 - SQL Injection HSPell 1.1 - (cilla.cgi) Remote Command Execution HSPell 1.1 - 'cilla.cgi' Remote Command Execution PHP Photo Album 0.8b - (index.php preview) Local File Inclusion PHP Photo Album 0.8b - 'preview' Parameter Local File Inclusion Huawei Flybox B660 - Cross-Site Request Forgery Business Networking Script 8.11 - SQL Injection / Cross-Site Scripting Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change Image Sharing Script 4.13 - Multiple Vulnerabilities Million Pixels 3 - Authentication Bypass ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities	2017-01-17 05:01:17 +00:00

1 2 3 4 5

238 commits