bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
876 commits 1 branch 0 tags 348 MiB
Commit graph

39 commits

Author SHA1 Message Date
Offensive Security
076ef173f9 DB: 2016-06-11 
23 new exploits

Poison Ivy 2.1.x C2 Buffer Overflow (msf)
Matrix42 Remote Control Host 3.20.0031 - Unquoted Path Privilege Escalation
Dell OpenManage Server Administrator 8.3 - XML External Entity Exploit
Mobiketa 1.0 - CSRF Add Admin Exploit
miniMySQLAdmin 1.1.3 - CSRF Execute SQL Query
phpMyFAQ 2.9.0 - Stored XSS
Windows x86 system(_systeminfo_) Shellcode
Armadito Antimalware - Backdoor/Bypass
Riot Games League of Legends - Insecure File Permissions Privilege Escalation
IPFire proxy.cgi RCE
IPFire Bash Environment Variable Injection (Shellshock)
Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
OS X Kernel - Exploitable NULL Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext
Android - /system/bin/sdcard Stack Buffer Overflow
OS X Kernel - Exploitable NULL Pointer Dereference in AppleMuxControl.kext
OS X Kernel - Exploitable NULL Pointer Dereference in AppleGraphicsDeviceControl
OS X Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource
OS X Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value
OS X Kernel - Exploitable NULL Pointer Dereference in IOAudioEngine
OS X Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type
OS X Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2
OS X/iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient
OS X Kernel - Stack Buffer Overflow in GeForce GPU Driver
 2016-06-11 05:06:22 +00:00
Offensive Security
614fb1caf8 DB: 2016-05-12 
22 new exploits

PoPToP PPTP <= 1.1.4-b3 - Remote Root Exploit (poptop-sane.c)
PoPToP PPTP <= 1.1.4-b3 - 'poptop-sane.c' Remote Root Exploit

Atftpd 0.6 - Remote Root Exploit (atftpdx.c)
Atftpd 0.6 - 'atftpdx.c' Remote Root Exploit

Yahoo Messenger 5.5 - Remote Exploit (DSR-ducky.c)
Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Exploit

CCBILL CGI Remote Exploit for whereami.cgi (ccbillx.c)
CCBILL CGI - 'ccbillx.c' whereami.cgi Remote Exploit

Cisco IOS IPv4 Packet Denial of Service Exploit (cisco-bug-44020.c)
Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service Exploit

wu-ftpd 2.6.2 - Remote Denial of Service Exploit (wuftpd-freezer.c)
wu-ftpd 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service Exploit

Microsoft Windows - (Jolt2.c) Denial of Service Exploit
Microsoft Windows - 'Jolt2.c' Denial of Service Exploit

TCP SYN Denial of Service Exploit (bang.c)
TCP SYN - 'bang.c' Denial of Service Exploit

Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)
Apache HTTPd - Arbitrary Long HTTP Headers DoS

Linux Kernel <= 2.4.26- File Offset Pointer Handling Memory Disclosure Exploit
Linux Kernel <= 2.4.26 - File Offset Pointer Handling Memory Disclosure Exploit

Linux Kernel 2.6.x (Slackware 9.1/ Debian 3.0) - chown() Group Ownership Alteration Exploit
Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit

Veritas Backup Exec Agent 8.x/9.x - Browser Overflow (C)
Veritas Backup Exec Agent 8.x/9.x - Browser Overflow

Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
Apache OpenSSL - 'OpenFuckV2.c' Remote Exploit

CA License Server (GETCONFIG) Remote Buffer Overflow Exploit (c)
CA License Server (GETCONFIG) Remote Buffer Overflow Exploit

Aeon 0.2a - Local Linux Exploit (C)
Aeon 0.2a - Local Linux Exploit

Linux Kernel 2.4 / 2.6 - bluez Local Root Privilege Escalation Exploit (3)
Linux Kernel 2.4.x / 2.6.x - 'Bluez' Bluetooth Signed Buffer Index Local Root (3)

nbSMTP <= 0.99 (util.c) Client-Side Command Execution Exploit
nbSMTP <= 0.99 - 'util.c' Client-Side Command Execution Exploit

SuSE Linux <= 9.3 / 10 - (chfn) Local Root Privilege Escalation Exploit
Linux chfn (SuSE <= 9.3 / 10) - Local Privilege Escalation Exploit

SugarSuite Open Source <= 4.0beta Remote Code Execution Exploit (c)
SugarSuite Open Source <= 4.0beta - Remote Code Execution Exploit
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (c)
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (pl)
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (Perl)

OpenVMPSd <= 1.3 - Remote Format String Exploit (Multiple Targets)
OpenVMPSd <= 1.3 - Remote Format String Exploit

Ubuntu Breezy 5.10 Installer Password Disclosure Vulnerability
Ubuntu Breezy 5.10 - Installer Password Disclosure Vulnerability

X.Org X11 (X11R6.9.0/X11R7.0) - Local Root Privilege Escalation Exploit
X.Org X11 (X11R6.9.0/X11R7.0) - Local Privilege Escalation Exploit

DataLife Engine <= 4.1 - Remote SQL Injection Exploit (php)
DataLife Engine <= 4.1 - Remote SQL Injection Exploit (PHP)
Opera 9 IRC Client Remote Denial of Service Exploit (c)
Opera 9 IRC Client Remote Denial of Service Exploit (py)
Opera 9 - IRC Client Remote Denial of Service Exploit
Opera 9 IRC Client - Remote Denial of Service Exploit (Python)

Microsoft Windows PNG File IHDR Block Denial of Service Exploit PoC (c)
Microsoft Windows - PNG File IHDR Block Denial of Service Exploit PoC (1)

Microsoft Windows PNG File IHDR Block Denial of Service Exploit PoC (c) (2)
Microsoft Windows - PNG File IHDR Block Denial of Service Exploit PoC (2)

Microsoft Internet Explorer (VML) Remote Buffer Overflow Exploit (SP2) (pl)
Microsoft Internet Explorer (VML) - Remote Buffer Overflow Exploit (SP2) (Perl)

Microsoft Internet Explorer WebViewFolderIcon setSlice() Exploit (pl)
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (Perl)

Microsoft Internet Explorer WebViewFolderIcon setSlice() Exploit (c)
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit

cPanel <= 10.8.x - (cpwrap via mysqladmin) Local Root Exploit (php)
cPanel <= 10.8.x - (cpwrap via mysqladmin) Local Root Exploit (PHP)

Xfire <= 1.6.4 - Remote Denial of Service Exploit (pl)
Xfire <= 1.6.4 - Remote Denial of Service Exploit (Perl)

Microsoft Windows NetpManageIPCConnect Stack Overflow Exploit (py)
Microsoft Windows NetpManageIPCConnect - Stack Overflow Exploit (Python)

VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (c)
VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit

QK SMTP <= 3.01 (RCPT TO) Remote Buffer Overflow Exploit (pl)
QK SMTP <= 3.01 - (RCPT TO) Remote Buffer Overflow Exploit (Perl)

Ubuntu/Debian Apache 1.3.33/1.3.34 - (CGI TTY) Local Root Exploit
Apache 1.3.33/1.3.34 (Ubuntu / Debian) - (CGI TTY) Local Root Exploit

WarFTP 1.65 (USER) Remote Buffer Overlow Exploit (multiple targets)
WarFTP 1.65 (USER) Remote Buffer Overlow Exploit

XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit
XOOPS Module WF-Snippets <= 1.02 (c) - BLIND SQL Injection Exploit

IrfanView 3.99 - (.ani) Local Buffer Overflow Exploit (multiple targets)
IrfanView 3.99 - (.ani) Local Buffer Overflow Exploit

3proxy 0.5.3g logurl() Remote Buffer Overflow Exploit (Win32) (pl)
3proxy 0.5.3g logurl() - Remote Buffer Overflow Exploit (Win32) (Perl)

Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit (c)
Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit
fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (php)
fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (pl)
fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (PHP)
fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution Exploit (Perl)

IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (pl)
IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (Perl)

IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow Exploit (c)
IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow Exploit

BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (py)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (Python)

BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (c)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit

CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (py)
CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (Python)

Browser3D 3.5 - (.sfs) Local Stack Overflow Exploit (c)
Browser3D 3.5 - (.sfs) Local Stack Overflow Exploit

Microsoft Internet Explorer 7 - Memory Corruption Exploit (MS09-002) (py)
Microsoft Internet Explorer 7 - Memory Corruption Exploit (MS09-002) (Python)

EFS Easy Chat Server Authentication Request Buffer Overflow Exploit (pl)
EFS Easy Chat Server - Authentication Request Buffer Overflow Exploit (Perl)

CastRipper 2.50.70 - (.m3u) Universal Stack Overflow Exploit (py)
CastRipper 2.50.70 - (.m3u) Universal Stack Overflow Exploit (Python)

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php)
Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (PHP)

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl)
Microsoft IIS 6.0 WebDAV - Remote Authentication Bypass Exploit (Perl)

kloxo 5.75 - (24 issues) Multiple Vulnerabilities
kloxo 5.75 - Multiple Vulnerabilities

Mozilla Firefox 3.5 (Font tags) Remote Heap Spray Exploit (pl)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (Perl)

Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation Exploit (C)
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation Exploit

MailEnable 1.52 HTTP Mail Service Stack BoF Exploit PoC
MailEnable 1.52 - HTTP Mail Service Stack BoF Exploit PoC

(Ubuntu 9.10/10.04) PAM 1.1.0 - MOTD File Tampering (Privilege Escalation)
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (1)

Cacti 0.8.7e: Multiple Security Issues
Cacti 0.8.7e - Multiple Vulnerabilities

(Tod Miller's) Sudo/SudoEdit 1.6.x < 1.6.9p21 & 1.7.x < 1.7.2p4 - Local Root Exploit
(Tod Miller's) Sudo/SudoEdit 1.6.x / 1.7.x (<= 1.6.9p21 / <= 1.7.2p4) - Local Root Exploit

PAM 1.1.0 MOTD (Ubuntu 9.10/10.04) - Local Root Exploit
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (2)

Linux Kernel < 2.6.36-rc1 CAN BCM (Ubuntu 10.04 / 2.6.32-21) - Privilege Escalation Exploit
Linux Kernel < 2.6.36-rc1 CAN BCM (Ubuntu 10.04 / 2.6.32) - Privilege Escalation Exploit

Ubuntu Linux - 'mountall' - Local Privilege Escalation Vulnerability
mountall <= 2.15.2 (Ubuntu 10.04/10.10) - Local Privilege Escalation Vulnerability

Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (.py)
Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (Python)

PHP Hosting Directory 2.0 Database Disclosure Exploit (.py)
PHP Hosting Directory 2.0 Database Disclosure Exploit (Python)

systemtap - Local Root Privilege Escalation Vulnerability
systemtap - Local Privilege Escalation Vulnerability

Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 110.10) - Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 11.10) - Local Privilege Escalation Exploit (2)

Kunena < 1.5.13_ < 1.6.3 - SQL Injection Vulnerability
Kunena < 1.5.13 / < 1.6.3 - SQL Injection Vulnerability

HP OpenView NNM 7.53_ 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow
HP OpenView NNM 7.53/7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow

Safari 5.0.6_ 5.1 - SVG DOM Processing PoC
Safari 5.0.6/5.1 - SVG DOM Processing PoC

Ubuntu <= 11.04 ftp client Local Buffer Overflow Crash PoC
FTP Client (Ubuntu <= 11.04) - Local Buffer Overflow Crash PoC

Acpid 1:2.0.10-1ubuntu2 - Privilege Boundary Crossing Vulnerability
Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit
RedHat Linux <= 6.0_ Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (1)
RedHat Linux <= 6.0_ Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (2)
RedHat Linux <= 6.0 / Slackware Linux <= 4.0 - Termcap tgetent() Buffer Overflow (1)
RedHat Linux <= 6.0 / Slackware Linux <= 4.0 - Termcap tgetent() Buffer Overflow (2)
Linux Kernel 2.2.x/2.4 .0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1)
Linux Kernel 2.2.x/2.4 .0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2)
Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1)
Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2)

Debian 2.x_RedHat 6.2_IRIX 5/6_ Solaris 2.x Mail Reply-To Field Vulnerability
Debian 2.x_ RedHat 6.2_ IRIX 5/6_ Solaris 2.x - Mail Reply-To Field Vulnerability

Pure-FTPd 1.0.21 (CentOS 6.2 & Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (1)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (2)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (3)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (4)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (5)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (1)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (2)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (3)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (4)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (5)

cPanel 5.0 - Openwebmail Local Privileges Escalation Vulnerability
cPanel 5.0 - Openwebmail Local Privilege Escalation Vulnerability

Linux-PAM 0.77 - Pam_Wheel Module getlogin() Username Spoofing Privileged Escalation Vulnerability
Linux PAM 0.77 - Pam_Wheel Module getlogin() Username Spoofing Privilege Escalation Vulnerability

Totem Movie Player (Ubuntu) 3.4.3 - Stack Corruption
Totem Movie Player 3.4.3 (Ubuntu) - Stack Corruption

Flightgear 2.0_ 2.4 - Remote Format String Exploit
Flightgear 2.0/2.4 - Remote Format String Exploit

Opera 7.x_ Firefox 1.0_ Internet Explorer 6.0 - Information Disclosure Weakness
Opera 7.x/Firefox 1.0/Internet Explorer 6.0 - Information Disclosure Weakness
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC Vulnerability (1)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (2)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (3)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (4)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC (1)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root (2)
Linux Kernel <= 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root Vulnerability

Linux Kernel 2.6.37 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit
Linux Kernel 2.6.32 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit

Linux Kernel 3.8.x - open-time Capability file_ns_capable() Privilege Escalation
Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation

OSX <= 10.8.4 - Local Root Privilege Escalation (py)
OSX <= 10.8.4 - Local Privilege Escalation (Python)

Moodle 2.3.8_ 2.4.5 - Multiple Vulnerabilities
Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities

IBM AIX 6.1 / 7.1 - Local Root Privilege Escalation
IBM AIX 6.1 / 7.1 - Local Privilege Escalation

glibc and eglibc 2.5_ 2.7_ 2.13 - Buffer Overflow Vulnerability
glibc and eglibc 2.5/2.7/2.13 - Buffer Overflow Vulnerability

StatusNet/Laconica 0.7.4_ 0.8.2_ 0.9.0beta3 - Arbitrary File Reading
StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading

Links_ ELinks 'smbclient' Remote Command Execution Vulnerability
Links_ ELinks 'smbclient' - Remote Command Execution Vulnerability

Flyspray 0.9.9 - Information Disclosure_ HTML Injection and Cross-Site Scripting Vulnerabilities
Flyspray 0.9.9 - Information Disclosure/HTML Injection/Cross-Site Scripting

Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - Local Root (CONFIG_X86_X32=y)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Local Root Exploit

Symantec Endpoint Protection Manager 11.0_ 12.0_ 12.1 - Remote Command Execution Exploit
Symantec Endpoint Protection Manager 11.0/12.0/12.1 - Remote Command Execution Exploit

ownCloud 4.0.x_ 4.5.x (upload.php filename param) - Remote Code Execution
ownCloud 4.0.x/4.5.x (upload.php filename param) - Remote Code Execution
Procentia IntelliPen 1.1.12.1520 (Data.aspx_ value param) - Blind SQL Injection
Vtiger CRM 5.4.0_ 6.0 RC_ 6.0.0 GA (browse.php file param) - Local File Inclusion
Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection
Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA (browse.php file param) - Local File Inclusion
Haihaisoft HUPlayer 1.0.4.8 - (.m3u_ .pls_ .asx) Buffer Overflow (SEH)
Haihaisoft Universal Player 1.5.8 - (.m3u_ .pls_ .asx) Buffer Overflow (SEH)
Haihaisoft HUPlayer 1.0.4.8 - (.m3u/.pls/.asx) Buffer Overflow (SEH)
Haihaisoft Universal Player 1.5.8 - (.m3u/.pls/.asx) Buffer Overflow (SEH)

JIRA Issues Collector Directory Traversal
JIRA Issues Collector - Directory Traversal

CMSimple 4.4_ 4.4.2 - Remote File Inclusion
CMSimple 4.4/4.4.2 - Remote File Inclusion

Core FTP Server 1.2_ build 535_ 32-bit - Crash PoC
Core FTP Server 1.2 build 535 32-bit - Crash PoC

Samba <= 3.4.5 - Symlink Directory Traversal Vulnerability (C)
Samba <= 3.4.5 - Symlink Directory Traversal Vulnerability

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 4.1.x Bypass (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 4.1.x Bypass (MS12-037)

Linux Kernel < 3.2.0-23 (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation
Linux Kernel < 3.2.0-23  (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation

Symantec Endpoint Protection 11.x_ 12.x - Kernel Pool Overflow
Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow

Linux Kernel 3.16.1 - Remount FUSE Exploit
Linux Kernel < 3.16.1 - Remount FUSE Local Root Exploit

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 5.0 Bypass (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.0 Bypass (MS12-037)

Rejetto HTTP File Server (HFS) 2.3a_ 2.3b_ 2.3c - Remote Command Execution
Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 5.1 Bypass (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.1 Bypass (MS12-037)

Mac OS X - IOKit Keyboard Driver Root Privilege Escalation
Mac OS X - IOKit Keyboard Driver Privilege Escalation

Liferay Portal 7.0.0 M1_ 7.0.0 M2_ 7.0.0 M3 - Pre-Auth RCE
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Pre-Auth RCE

vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion_ SQL Injection & XSS
vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion/SQL Injection/XSS

MalwareBytes Anti-Exploit 1.03.1.1220_ 1.04.1.1012 Out-of-bounds Read DoS
MalwareBytes Anti-Exploit 1.03.1.1220/1.04.1.1012 Out-of-bounds Read DoS

JBoss AS 3_ 4_ 5_ 6 - Remote Command Execution
JBoss AS 3/4/5/6 - Remote Command Execution

Mac OS X < 10.7.5_ 10.8.2_ 10.9.5 10.10.2 - rootpipe Local Privilege Escalation
Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - rootpipe Local Privilege Escalation

Alienvault OSSIM/USM 4.14_ 4.15_ and 5.0 - Multiple Vulnerabilities
Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities

Pandora FMS 5.0_ 5.1 - Authentication Bypass
Pandora FMS 5.0/5.1 - Authentication Bypass

Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root (Shell)
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root Shell

Cisco AnyConnect Secure Mobility 2.x_ 3.x_ 4.x - Client DoS PoC
Cisco AnyConnect Secure Mobility 2.x/3.x/4.x - Client DoS PoC

Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root (Shadow File)
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Privilege Escalation (Access /etc/shadow)

Orchard CMS 1.7.3_ 1.8.2_ 1.9.0 - Stored XSS Vulnerability
Orchard CMS 1.7.3/1.8.2/1.9.0 - Stored XSS Vulnerability

Ubuntu 14.04 NetKit FTP Client - Crash/DoS PoC
NetKit FTP Client (Ubuntu 14.04) - Crash/DoS PoC

Interspire Email Marketer Cross Site Scripting_ HTML Injection_ and SQL Injection Vulnerabilities
Interspire Email Marketer - (Cross Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities

BigDump Cross Site Scripting_ SQL Injection_ and Arbitrary File Upload Vulnerabilities
BigDump - (Cross Site Scripting/SQL Injection/Arbitrary File Upload) Multiple Vulnerabilities

Elastix < 2.5 _ PHP Code Injection Exploit
Elastix < 2.5 - PHP Code Injection Exploit

Microsoft Office Excel 2007_ 2010_ 2013 - BIFFRecord Use-After-Free
Microsoft Office Excel 2007/2010/2013 - BIFFRecord Use-After-Free

OS X Regex Engine (TRE) - Integer Signedness and Overflow Issues
OS X Regex Engine (TRE) - (Integer Signedness and Overflow) Multiple Vulnerabilities

Linux Kernel 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability
Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability

Linux Kernel <=4.3.3 (Ubuntu 14.04_ 15.10) - overlayfs Local Root Exploit
Linux Kernel <= 4.3.3 (Ubuntu 14.04/15.10) - overlayfs Local Root Exploit

Exim < 4.86.2 - Local Root Privilege Escalation
Exim < 4.86.2 - Local Privilege Escalation
RHEL 7.1 (and CentOS) Kernel 3.10.0-229.x - snd-usb-audio Crash PoC
RHEL 7.1 (and CentOS) Kernel 3.10.0-229.x - iowarrior driver Crash PoC
Linux Kernel 3.10.0-229.x (RHEL 7.1. CentOS) - snd-usb-audio Crash PoC
Linux Kernel 3.10.0-229.x (RHEL 7.1. CentOS) - iowarrior driver Crash PoC

Trend Micro Deep Discovery Inspector 3.8_ 3.7 - CSRF Vulnerabilities
Trend Micro Deep Discovery Inspector 3.8/3.7 - CSRF Vulnerabilities

FireEye - Privilege Escalation to root from Malware Input Processor (uid=mip)
FireEye - Malware Input Processor (uid=mip) Privilege Escalation Exploit

Novell Service Desk 7.1.0_ 7.0.3 and 6.5 - Multiple Vulnerabilities
Novell Service Desk 7.1.0/7.0.3 and 6.5 - Multiple Vulnerabilities

Internet Explorer 9_ 10_ 11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)
Internet Explorer 9/10/11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)

Linux (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)
Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)

Linux (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Android Broadcom Wi-Fi Driver - Memory Corruption
CIScan 1.00 - Hostname/IP Field SEH Overwrite PoC
FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation
Intuit QuickBooks Desktop 2007 - 2016 - Arbitrary Code Execution
 2016-05-12 05:03:21 +00:00
Offensive Security
28f57d0dba DB: 2016-05-03 
5 new exploits

WordPress Ghost Plugin 0.5.5 - Unrestricted Export Download
.Net Framework Execute Native x86 Shellcode
Acunetix WVS 10 - Remote Command Execution (System)
Apache Struts Dynamic Method Invocation Remote Code Execution
QSEE - PRDiag* Commands Privilege Escalation Exploit
 2016-05-03 05:04:01 +00:00
Offensive Security
921bb6b2e3 DB: 2016-04-12 
9 new exploits

Hikvision Digital Video Recorder - Cross-Site Request Forgery
WPN-XM Serverstack 0.8.6 - Cross Site Request Forgery
OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution
CAM UnZip 5.1 - Archive Path Traversal
Axis Network Cameras - Multiple Vulnerabilities
Linux/x86_64 - bindshell (PORT: 5600) - 81 bytes
Android - IOMX getConfig/getParameter Information Disclosure
Android - IMemory Native Interface is Insecure for IPC Use
Novell Service Desk 7.1.0_ 7.0.3 and 6.5 - Multiple Vulnerabilities
 2016-04-12 05:04:12 +00:00
Offensive Security
6290e0021e DB: 2016-04-02 
8 new exploits

Microsoft Windows 2000/XP - (RPC DCOM) Remote Exploit
Microsoft Windows 2000/XP - (RPC DCOM) Remote Exploit (MS03-026)

Microsoft Windows NT/2000/XP/2003/Vista/2008/7 - User Mode to Ring Escalation Vulnerability (KiTrap0D)
Microsoft Windows NT/2000/XP/2003/Vista/2008/7 - User Mode to Ring Escalation Vulnerability (KiTrap0D) (MS10-015)
PHP <= 7.0.4/5.5.33 - SNMP Format String Exploit
Windows Kernel - Bitmap Use-After-Free
Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read
Adobe Flash - URLStream.readObject Use-After-Free
Adobe Flash - TextField.maxChars Use-After-Free
Android - ih264d_process_intra_mb Memory Corruption
Adobe Flash - Color.setTransform Use-After-Free
PHP 5.5.33 - Invalid Memory Write
 2016-04-02 05:02:51 +00:00
Offensive Security
5d20c14812 DB: 2016-03-31 
10 new exploits

Wordpress Plugin IMDb Profile Widget 1.0.8 - Local File Inclusion

WordPress Photocart Link Plugin 1.6 - Local File Inclusion
LShell <=  0.9.15 - Remote Code Execution
Apple Quicktime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 1
Apple Quicktime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 2
Apple Quicktime < 7.7.79.80.95 - PSD File Parsing Memory Corruption
CubeCart 6.0.10 - Multiple Vulnerabilities
Kamailio 4.3.4 - Heap-Based Buffer Overflow
ATutor 2.2.1 Directory Traversal / Remote Code Execution
Metaphor - Stagefright Exploit with ASLR Bypass
 2016-03-31 05:01:58 +00:00
Offensive Security
67cc75a29b DB: 2016-03-29 
9 new exploits

Serv-U 3x - 5.x - Local Privilege Escalation Exploit
Serv-U 3.x - 5.x - Local Privilege Escalation Exploit

SHOUTcast 1.9.4 File Request Format String Remote Exploit (win)
SHOUTcast 1.9.4 - File Request Format String Remote Exploit (Windows)

Monstra CMS 3.0.3 - Multiple Vulnerabilities
pragmaMX Module Landkarten 2.1 - Local File Inclusion Exploit (win)
GeBlog 0.1 - GLOBALS[tplname] Local File Inclusion Exploit (win)
pragmaMX Module Landkarten 2.1 - Local File Inclusion Exploit (Windows)
GeBlog 0.1 - GLOBALS[tplname] Local File Inclusion Exploit (Windows)

PicoFlat CMS 0.5.9 - Local File Inclusion Vulnerabilitty (win)
PicoFlat CMS 0.5.9 - Local File Inclusion Vulnerabilitty (Windows)

Tribiq CMS 5.0.10a - Local File Inclusion Vulnerability (win)
Tribiq CMS 5.0.10a - Local File Inclusion Vulnerability (Windows)

Apache Tomcat - runtime.getRuntime().exec() Privilege Escalation (win)
Apache Tomcat - runtime.getRuntime().exec() Privilege Escalation (Windows)

AJA Portal 1.2 - Local File Inclusion Vulnerabilities (win)
AJA Portal 1.2 - Local File Inclusion Vulnerabilities (Windows)

Microsoft Internet Explorer 7 (Windows 2003 SP2)  - Memory Corruption PoC (MS09-002)
Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption PoC (MS09-002)

XBMC 8.10 (Get Request) Remote Buffer Overflow Exploit (win)
XBMC 8.10 - (GET Request) Remote Buffer Overflow Exploit (Windows)

MonGoose 2.4 Webserver Directory Traversal Vulnerability (win)
MonGoose 2.4 - Webserver Directory Traversal Vulnerability (Windows)

Apple iTunes 8.1.1.10 - (itms/itcp) Remote Buffer Overflow Exploit (win)
Apple iTunes 8.1.1.10 - (itms/itcp) Remote Buffer Overflow Exploit (Windows)

Adobe Related Service - (getPlus_HelperSvc.exe) Local Privilege Escalation
Adobe 9.x Related Service - (getPlus_HelperSvc.exe) Local Privilege Escalation

PulseAudio setuid - Local Privilege Escalation Exploit

Adobe Acrobat 9.1.2 - NOS Local Privilege Escalation Exploit
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation Exploit (C)

Adobe Acrobat 9.1.2 - NOS Local Privilege Escalation Exploit (py)
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation Exploit (Python)

Serv-u Web client 9.0.0.5 - Buffer Overflow
Serv-U Web Client 9.0.0.5 - Buffer Overflow (2)

Serv-u Web client 9.0.0.5 - Buffer Overflow
Serv-U Web Client 9.0.0.5 - Buffer Overflow (1)

Qihoo 360 Security Guard breg device drivers Privilege Escalation Vulnerability
Qihoo 360 Security Guard 6.1.5.1009 - breg device drivers Privilege Escalation Vulnerability

Sysax Multi Server (SFTP module) Multiple Commands DoS Vulnerabilities
Sysax Multi Server < 5.25 - (SFTP Module) Multiple Commands DoS Vulnerabilities

Integard Pro 2.2.0.9026 - Windows 7 ROP-Code  (Metasploit)
Integard Pro 2.2.0.9026 - Windows 7 ROP-Code (Metasploit)

WordPress Plugin mingle forum  <= 1.0.26 - Multiple Vulnerabilities
WordPress Plugin mingle forum <= 1.0.26 - Multiple Vulnerabilities

Microsoft Windows Server  - Service Relative Path Stack Corruption (MS08-067)
Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067)

WordPress Plugin ajax category dropdown  0.1.5 - Multiple Vulnerabilities
WordPress Plugin ajax category dropdown 0.1.5 - Multiple Vulnerabilities

Sysax Multi Server 5.50 Create Folder BOF
Sysax Multi Server 5.50 - Create Folder BOF

Sysax Multi Server <= 5.52 File Rename BoF RCE (Egghunter)
Sysax Multi Server <= 5.52 - File Rename BoF RCE (Egghunter)
Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit
Sysax <= 5.53 SSH Username BoF Pre Auth RCE (Egghunter)
Sysax Multi Server 5.53 - SFTP Post Auth SEH Exploit
Sysax <= 5.53 - SSH Username BoF Pre Auth RCE (Egghunter)

Sysax 5.53 SSH Username Buffer Overflow (Metasploit)
Sysax 5.53 - SSH Username Buffer Overflow (Metasploit)

sysax <= 5.57 - Directory Traversal
Sysax <= 5.57 - Directory Traversal

Sysax <= 5.60 Create SSL Certificate Buffer Overflow
Sysax <= 5.60 - Create SSL Certificate Buffer Overflow

Sysax <= 5.62 Admin Interface Local Buffer Overflow
Sysax <= 5.62 - Admin Interface Local Buffer Overflow

Sysax Multi-Server 5.64 Create Folder Buffer Overflow

Sysax Multi Server 5.64 Create Folder Buffer Overflow
Sysax Multi Server 5.64 - Create Folder Buffer Overflow

ActFax 4.31 - Local Privilege Escalation Exploit
ActFax Server 4.31 Build 0225 - Local Privilege Escalation Exploit

PHP-Nuke  Search Module - Modules.PHP Remote Directory Traversal Vulnerability
PHP-Nuke Search Module - Modules.PHP Remote Directory Traversal Vulnerability
STHS v2 Web Portal prospects.php team Parameter SQL Injection
STHS v2 Web Portal prospect.php team Parameter SQL Injection
STHS v2 Web Portal team.php team Parameter SQL Injection
STHS v2 Web Portal - prospects.php team Parameter SQL Injection
STHS v2 Web Portal - prospect.php team Parameter SQL Injection
STHS v2 Web Portal - team.php team Parameter SQL Injection

WK UDID v1.0.1 iOS - Command Inject Vulnerability
WK UDID 1.0.1 iOS - Command Inject Vulnerability

Hawkeye-G v3.0.1.4912 CSRF Vulnerability
Hawkeye-G 3.0.1.4912 - CSRF Vulnerability

Hawkeye-G v3.0.1.4912 Persistent XSS & Information Leakage
Hawkeye-G 3.0.1.4912 - Persistent XSS & Information Leakage

Reaver Pro Local Privilege Escalation Vulnerability
Reaver Pro - Local Privilege Escalation Vulnerability

Sysax Multi Server 6.40  SSH Component Denial of Service
Sysax Multi Server 6.40 - SSH Component Denial of Service

WordPress CP Reservation Calendar Plugin 1.1.6  - SQL Injection
WordPress CP Reservation Calendar Plugin 1.1.6 - SQL Injection

w3tw0rk / Pitbul IRC Bot  Remote Code Execution
w3tw0rk / Pitbul IRC Bot - Remote Code Execution

Dropbox < 3.3.x  - OSX FinderLoadBundle Local Root Exploit
Dropbox < 3.3.x - OSX FinderLoadBundle Local Root Exploit

Hitron Router CGN3ACSMR 4.5.8.16  - Arbitrary Code Execution
Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution
WordPress Plugin Advanced uploader v2.10 - Multiple Vulnerabilities
WordPress Plugin Sell Download v1.0.16  - Local File Disclosure
WordPress Plugin TheCartPress v1.4.7  - Multiple Vulnerabilities
WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities
WordPress Plugin Sell Download 1.0.16 - Local File Disclosure
WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities

Cyclope Employee Surveillance  <= v8.6.1- Insecure File Permissions
Cyclope Employee Surveillance <= 8.6.1- Insecure File Permissions

XM Easy Personal FTP Server 5.8 - (HELP)  Remote DoS Vulnerability
XM Easy Personal FTP Server 5.8 - (HELP) Remote DoS Vulnerability

Liferay Portal 5.1.2 - Persistent XSS

Trend Micro Deep Discovery Inspector 3.8_ 3.7 - CSRF Vulnerabilities
Linux/x86_x64 - execve(/bin/sh) - 25 bytes
Linux/x86_x64 - execve(/bin/bash) - 33 bytes
TallSoft SNMP TFTP Server 1.0.0 - Denial of Service
FireEye - Privilege Escalation to root from Malware Input Processor (uid=mip)
Android One mt_wifi IOCTL_GET_STRUCT Privilege Escalation
Cogent Datahub <= 7.3.9 Gamma Script Elevation of Privilege
 2016-03-29 05:02:00 +00:00
Offensive Security
95bca4864b DB: 2016-03-19 2016-03-19 05:03:36 +00:00
Offensive Security
62a54b60c6 DB: 2016-02-27 
12 new exploits
 2016-02-27 05:02:14 +00:00
Offensive Security
c25db93691 DB: 2016-02-12 
4 new exploits
 2016-02-12 05:01:47 +00:00
Offensive Security
a5b96c2067 DB: 2016-01-28 
11 new exploits
 2016-01-28 05:02:01 +00:00
Offensive Security
67dd87a6f5 DB: 2016-01-27 
15 new exploits
 2016-01-27 05:03:06 +00:00
Offensive Security
ed1f034a74 DB: 2015-12-21 
4 new exploits
 2015-12-21 05:03:40 +00:00
Offensive Security
4ac8afedb7 DB: 2015-12-18 
26 new exploits
 2015-12-18 05:02:23 +00:00
Offensive Security
f25ba13a4f DB: 2015-11-28 
6 new exploits
 2015-11-28 05:03:37 +00:00
Offensive Security
c4e7f4ce3a DB: 2015-11-06 
21 new exploits
 2015-11-06 05:02:38 +00:00
Offensive Security
877373ae37 DB: 2015-11-04 
16 new exploits
 2015-11-04 05:03:17 +00:00
Offensive Security
6123605b39 DB: 2015-11-01 
10 new exploits
 2015-11-01 05:01:56 +00:00
Offensive Security
9005d315b8 DB: 2015-10-29 
12 new exploits
 2015-10-29 05:02:34 +00:00
Offensive Security
44c9eb6ea9 DB: 2015-09-25 
7 new exploits
 2015-09-25 05:02:19 +00:00
Offensive Security
b81cdc3a7b DB: 2015-09-18 
9 new exploits
 2015-09-18 05:02:42 +00:00
Offensive Security
fcfafebf3e DB: 2015-09-16 
24 new exploits
 2015-09-16 05:02:44 +00:00
Offensive Security
5a826c21cf DB: 2015-09-14 
6 new exploits
 2015-09-14 05:03:21 +00:00
Offensive Security
229204741f DB: 2015-09-10 
15 new exploits
 2015-09-10 05:04:12 +00:00
Offensive Security
9c07c0f3e0 DB: 2015-08-17 
17 new exploits
 2015-08-17 05:01:49 +00:00
Offensive Security
d724ef2617 DB: 2015-07-07 
10 new exploits
 2015-07-07 05:03:01 +00:00
Offensive Security
15dae7c288 DB: 2015-06-24 
12 new exploits
 2015-06-24 05:02:37 +00:00
Offensive Security
b3321b3426 DB: 2015-05-15 
17 new exploits
 2015-05-15 05:02:32 +00:00
Offensive Security
cc553d1147 DB: 2015-04-20 
11 new exploits
 2015-04-20 12:44:13 +00:00
Offensive Security
5924dde297 DB: 2015-03-19 
2 new exploits
 2015-03-19 09:39:10 +00:00
Offensive Security
40cfbfb905 Update: 2015-01-28 
24 new exploits
 2015-01-28 08:35:58 +00:00
Offensive Security
77291f0ca3 Update: 2015-01-19 
16 new exploits
 2015-01-19 08:35:52 +00:00
Offensive Security
5ab0a9cb63 Update: 2014-12-30 
7 new exploits
 2014-12-30 08:37:44 +00:00
Offensive Security
fa9aebca13 Update: 2014-12-29 
10 new exploits
 2014-12-29 10:19:37 +00:00
Offensive Security
9195172fad Updated 11_28_2014 2014-11-28 04:53:33 +00:00
Offensive Security
c195143ac6 Updated 11_20_2014 2014-11-20 04:47:03 +00:00
Offensive Security
bb76fb3805 Updated 07_18_2014 2014-07-18 04:40:01 +00:00
Offensive Security
46dd79985b Updated 04_18_2014 2014-04-18 04:35:42 +00:00
Offensive Security
637e59de55 Updated 04_09_2014 2014-04-09 04:32:27 +00:00