bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1301 commits 1 branch 0 tags 351 MiB
Commit graph

957 commits

Author SHA1 Message Date
Offensive Security
79b3065b37 DB: 2017-08-05 
2 new exploits

Zookeeper 3.5.2 Client - Denial of Service

Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection
 2017-08-05 05:01:29 +00:00
Offensive Security
16dd4b9d6d DB: 2017-08-04 
7 new exploits

DNSTracer 1.8.1 - Buffer Overflow
DNSTracer 1.8.1 - Buffer Overflow (PoC)
DNSTracer 1.9 - Buffer Overflow
VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation
VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation
Premium Servers List Tracker 1.0 - SQL Injection
EDUMOD Pro 1.3 - SQL Injection
Muviko 1.0 - 'q' Parameter SQL Injection
Technicolor TC7337 - SSID Persistent Cross-Site Scripting
 2017-08-04 05:01:28 +00:00
Offensive Security
a600aa05cd DB: 2017-08-03 
9 new exploits

Solarwinds Kiwi Syslog 9.6.1.6 - Denial of Service

MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH)

Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit)
Entrepreneur B2B Script - 'pid' Parameter SQL Injection
Joomla! Component SIMGenealogy 2.1.5 - SQL Injection
Joomla! Component PHP-Bridge 1.2.3 - SQL Injection
Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection
Joomla! Component Event Registration Pro Calendar 4.1.3 - SQL Injection
Joomla! Component Ultimate Property Listing 1.0.2 - SQL Injection
 2017-08-03 05:01:30 +00:00
Offensive Security
baeaf13b13 DB: 2017-08-02 
9 new exploits

libmad 0.15.1b - 'mp3' Memory Corruption

iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation
SKILLS.com.au Industry App - MITM Remote Code Execution
Virtual Postage (VPA) - MITM Remote Code Execution
Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit)
Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload
VehicleWorkshop - Authentication Bypass
VehicleWorkshop - Arbitrary File Upload
SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection
 2017-08-02 05:01:31 +00:00
Offensive Security
5040eaef41 DB: 2017-07-31 
1 new exploits

VehicleWorkshop - SQL Injection
 2017-07-31 05:01:25 +00:00
Offensive Security
fb7bed6364 DB: 2017-07-29 
6 new exploits

GNU libiberty - Buffer Overflow
SoundTouch 1.9.2 - Multiple Vulnerabilities
LAME 3.99.5 - Multiple Vulnerabilities
libjpeg-turbo 1.5.1 - Denial of Service

Joomla! Component com_ccnewsletter - Directory Traversal
Joomla! Component CCNewsLetter - Directory Traversal

Joomla! Component com_ccnewsletter - Local File Inclusion
Joomla! Component CCNewsLetter - Local File Inclusion
Joomla! Component CCNewsLetter 2.1.9 - 'sbid' Parameter SQL Injection
FortiOS < 5.6.0 - Cross-Site Scripting
 2017-07-29 05:01:21 +00:00
Offensive Security
82b7d150c6 DB: 2017-07-28 
3 new exploits

MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH)
AudioCoder 0.8.46 - Local Buffer Overflow (SEH)

Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)
 2017-07-28 05:01:21 +00:00
Offensive Security
9d1eca86b2 DB: 2017-07-27 
4 new exploits

Microsoft Windows - LNK Shortcut File Code Execution (Metasploit)

Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)
Friends in War Make or Break 1.7 - Authentication Bypass
Friends in War Make or Break 1.7 - SQL Injection
 2017-07-27 05:01:22 +00:00
Offensive Security
2351348891 DB: 2017-07-26 
6 new exploits

WebKit JSC - 'DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry)' Incorrect Scope Register Handling
WebKit JSC - 'arrayProtoFuncSplice' Uninitialized Memory Reference
WebKit JSC - 'JSArray::appendMemcpy' Uninitialized Memory Copy
WebKit JSC - 'ArgumentsEliminationPhase::transform' Incorrect LoadVarargs Handling
WebKit JSC - 'ObjectPatternNode::appendEntry' Stack Use-After-Free

WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting
 2017-07-26 05:01:21 +00:00
Offensive Security
e27b6b8408 DB: 2017-07-25 
17 new exploits

Linux Kernel 2.6.32-642 /3.16.0-4 - 'inode' Integer Overflow
Linux Kernel 2.6.32-642/3.16.0-4 - 'inode' Integer Overflow
WebKit - 'WebCore::AccessibilityNodeObject::textUnderElement' Use-After-Free
WebKit - 'WebCore::AccessibilityRenderObject::handleAriaExpandedChanged' Use-After-Free
WebKit - 'WebCore::Node::nextSibling' Use-After-Free
WebKit - 'WebCore::RenderSearchField::addSearchResult' Heap Buffer Overflow
WebKit - 'WebCore::InputType::element' Use-After-Free
WebKit - 'WebCore::RenderObject' with Accessibility Enabled Use-After-Free
WebKit - 'WebCore::Node::getFlag' Use-After-Free
WebKit - 'WebCore::getCachedWrapper' Use-After-Free

Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - ScsiAccess Privilege Escalation
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Privilege Escalation
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (SUID)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (SUID Method)

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition Privilege Escalation (/etc/passwd)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (/etc/passwd)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)
MAWK 1.3.3-17 - Local Buffer Overflow
Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)
Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)
IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit)
VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit)
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit)
PaulShop - SQL Injection / Cross-Site Scripting
REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution
REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure
 2017-07-25 05:01:20 +00:00
Offensive Security
10a46aac45 DB: 2017-07-22 
1 new exploits

NEC UNIVERGE UM4730 < 11.8 - SQL Injection
 2017-07-22 05:01:21 +00:00
Offensive Security
994f3bcd63 DB: 2017-07-21 
2 new exploits

Eventum - 'hostname' Parameter Remote Code Execution
Eventum 2.3.4 - 'hostname' Parameter Remote Code Execution
Joomla! Component JoomRecipe 1.0.4 - 'search_author' Parameter SQL Injection
WordPress Plugin IBPS Online Exam 1.0 - SQL Injection / Cross-Site Scripting
 2017-07-21 05:01:23 +00:00
Offensive Security
9640473c86 DB: 2017-07-20 
23 new exploits

Linux Kernel 3.0.5 - 'test_root()' Function Local Denial of Service
Linux Kernel 3.0.5 - 'test_root()' Local Denial of Service

SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit)
SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force)

Kaspersky 17.0.0 - Local CA root Incorrectly Protected
Kaspersky 17.0.0 - Local CA Root Incorrectly Protected

Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow (DEP Bypass)

WICD - Local Privilege Esclation Exploit
WICD 1.7.1 - Local Privilege Escalation

Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions
Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions
Oracle Solaris 11.1/11.3 (RSH) - Local Privilege Escalation 'Stack Clash' Exploit
OpenBSD - 'at' Local Privilege Escalation 'Stack Clash' Exploit
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation
OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation

Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation
Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation

HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow

McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution

Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution

Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution

Trend Micro Interscan VirusWall localweb - Directory Traversal

Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)

Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting

Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)

XAMPP 1.6.x - 'showcode.php' Local File Inclusion

Yealink VoIP Phone SIP-T38G - Local File Inclusion

InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion

Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)

DreamBox DM800 - 'file' Parameter Local File Disclosure

Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting

TP-Link TL-WR841N Router - Local File Inclusion

Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities

Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure

Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes)

Vivvo Article Manager 3.4 - (root) Local File Inclusion
Vivvo Article Manager 3.4 - 'root' Local File Inclusion

60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion
60cycleCMS 2.5.2 - 'DOCUMENT_ROOT' Multiple Local File Inclusion

HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow

McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution

Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution

Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution

Trend Micro Interscan VirusWall localweb - Directory Traversal

Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)

Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting
Campsite 2.6.1 - 'LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion

Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)

XAMPP 1.6.x - 'showcode.php' Local File Inclusion

Yealink VoIP Phone SIP-T38G - Local File Inclusion

InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion

Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)

DreamBox DM800 - 'file' Parameter Local File Disclosure

Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting

TP-Link TL-WR841N Router - Local File Inclusion

Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities

Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure

Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit)
Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)
Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection
Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)
Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)
Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)
Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection
 2017-07-20 05:01:21 +00:00
Offensive Security
21f7dd8438 DB: 2017-07-19 
11 new exploits

Microsoft Internet Explorer 11.0.9600.18617 - 'CMarkup::DestroySplayTree' Memory Corruption
Microsoft Internet Explorer 11.1066.14393.0 - VBScript Arithmetic Functions Type Confusion
Microsoft Windows Kernel - 'IOCTL 0x120007 (NsiGetParameter)' nsiproxy/netio Pool Memory Disclosure

Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation

Belkin NetCam F7D7601 - Multiple Vulnerabilities
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)

Sophos Web Appliance 4.3.1.1 - Session Fixation
Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit)
Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit)
PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting
 2017-07-19 05:01:23 +00:00
Offensive Security
be3b49b643 DB: 2017-07-17 
2 new exploits

FTPGetter 5.89.0.85 - Buffer Overflow (SEH)

Orangescrum 1.6.1 - Multiple Vulnerabilities
 2017-07-17 05:01:20 +00:00
Offensive Security
635e0e935f DB: 2017-07-15 
4 new exploits

Counter Strike: Condition Zero - '.BSP' Map File Code Execution

Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution
Apache Struts 2.3.x Showcase - Remote Code Execution (PoC)
WDTV Live SMP 2.03.20 - Remote Password Reset
 2017-07-15 05:01:21 +00:00
Offensive Security
22bf5da098 DB: 2017-07-08 
2 new exploits

Firefox 54.0.1 - Denial of Service

Lepide Auditor Suite - 'createdb()' Web Console Database Injection Remote Code Execution
Lepide Auditor Suite - 'createdb()' Web Console Database Injection / Remote Code Execution
Yaws 1.91 - Remote File Disclosure
Price Comparison Script 2017.1.8 - SQL Injection
Clickbank Affiliate Marketplace Script 2017 - SQL Injection
 2017-07-08 05:01:21 +00:00
Offensive Security
9a0992d704 DB: 2017-07-06 
3 new exploits

GoAutoDial 3.3 - Authentication Bypass / Command Injection (Metasploit)
Lepide Auditor Suite - 'createdb()' Web Console Database Injection Remote Code Execution

(Generator) - /bin/sh Polymorphic Shellcode with printable ASCII characters
(Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode

(Generator) - Alphanumeric Shellcode Encoder/Decoder
(Generator) - Alphanumeric Shellcode (Encoder/Decoder)

Win32 - Multi-Format Shellcode Encoding Tool (Generator)
Win32 - Multi-Format Encoding Tool Shellcode (Generator)

Linux/x86 - Self-modifying Shellcode for IDS evasion (64 bytes)
Linux/x86 - Self-modifying for IDS evasion Shellcode (64 bytes)

Linux/x86 - Listens for Shellcode on 5555/TCP + Jumps to it (83 bytes)
Linux/x86 - Listens on 5555/TCP + Jumps to it Shellcode (83 bytes)

Linux/x86 - Shellcode Obfuscator
Linux/x86 - Shellcode Obfuscator (Generator)

Linux/x86 - Connectback Shellcode 127.0.0.1:31337/TCP (74 bytes)
Linux/x86 - Connectback 127.0.0.1:31337/TCP Shellcode (74 bytes)

OpenBSD/x86 - Add user _w00w00_ (112 Shellcode bytes)
OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes)

Solaris/SPARC - connect-bac Shellcode k (204 bytes)
Solaris/SPARC - connect-back Shellcode (204 bytes)

Win32 - Download + Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Download + Execute Shellcode (Browsers Edition) (Generator)  (275+ bytes)

Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - Reverse Generic without Loader Shellcode (249 bytes)

Windows XP/2000/2003 - Connect Back Shellcode for Overflow (275 bytes)
Windows XP/2000/2003 - Overflow Connect Back Shellcode (275 bytes)

Windows - Safari JS JITed Shellcode - exec calc (ASLR/DEP bypass)
Safari 4.0.5 - 5.0.0 (Windows XP /  7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode

ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic  Shellcode (Generator)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)

Win32 - Shellcode Checksum Routine (18 bytes)
Win32 - Checksum Routine Shellcode (18 bytes)

Linux/MIPS - XOR Shellcode Encoder (60 bytes)
Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes)
Linux/x86 - custom execve-Shellcode Encoder/Decoder
Linux/x86 - Execve /bin/sh Shellcode Via Push (21 bytes)
Linux/x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - Execve /bin/sh Via Push Shellcode (21 bytes)
Linux/x86-64 - Execve /bin/sh Via Push Shellcode (23 bytes)

Windows XP < 10 - WinExec Null-Free Shellcode (Python) (Generator)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python)

Linux/x86 - /bin/sh Shellcode + ASLR Bruteforce
Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode

Linux/x86 - Bind Netcat Shellcode with Port (44/52 bytes)
Linux/x86 - Bind Netcat with Port Shellcode (44/52 bytes)

Linux/x86 - Reverse TCP Shellcode (67 bytes)
 2017-07-06 05:01:24 +00:00
Offensive Security
28b54c9669 DB: 2017-06-28 
4 new exploits

OpenSSL ASN.1 < 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs
OpenSSL ASN.1 < 0.9.6j/0.9.7b - Brute Forcer for Parsing Bugs

Solaris 2.7 / 2.8 Catman - Local Insecure tmp Symlink Exploit
Solaris 2.7/2.8 Catman - Local Insecure tmp Symlink Exploit

RedHat 6.1 / 6.2 - TTY Flood Users Exploit
RedHat 6.1/6.2 - TTY Flood Users Exploit

Linux Kernel 2.4.x / 2.6.x - Assembler Inline Function Local Denial of Service
Linux Kernel 2.4.x/2.6.x - Assembler Inline Function Local Denial of Service
Linux Kernel 2.4.28 / 2.6.9 - 'scm_send Local' Denial of Service
Linux Kernel 2.6.9 / 2.4.22-28 - 'igmp.c' Local Denial of Service
Linux Kernel 2.4.28/2.6.9 - 'scm_send Local' Denial of Service
Linux Kernel 2.4.22-28/2.6.9 - 'igmp.c' Local Denial of Service
Linux Kernel 2.4.28 / 2.6.9 - vc_resize int Local Overflow
Linux Kernel 2.4.28 / 2.6.9 - Memory Leak Local Denial of Service
Linux Kernel 2.4.28 / 2.6.9 - 'ip_options_get' Local Overflow
Linux Kernel 2.4.28/2.6.9 - vc_resize int Local Overflow
Linux Kernel 2.4.28/2.6.9 - Memory Leak Local Denial of Service
Linux Kernel 2.4.28/2.6.9 - 'ip_options_get' Local Overflow

Apple Mac OSX 10.3.7 - Input Validation Flaw parse_machfile() Denial of Service
Apple Mac OSX 10.3.7 - Input Validation Flaw 'parse_machfile()' Denial of Service

Xaraya 1.0.0 RC4 - create() Denial of Service
Xaraya 1.0.0 RC4 - 'create()' Denial of Service

BitchX 1.1-final - do_hook() Remote Denial of Service
BitchX 1.1-final - 'do_hook()' Remote Denial of Service

Quake 3 Engine Client - CG_ServerCommand() Remote Overflow
Quake 3 Engine Client - 'CG_ServerCommand()' Remote Overflow

Apache (mod_rewrite) < 1.3.37 / 2.0.59 / 2.2.3 - Remote Overflow (PoC)
Apache (mod_rewrite) < 1.3.37/2.0.59/2.2.3 - Remote Overflow (PoC)

FreeBSD 5.4 / 6.0 - (ptrace PT_LWPINFO) Local Denial of Service
FreeBSD 5.4/6.0 - (ptrace PT_LWPINFO) Local Denial of Service

Asterisk 1.0.12 / 1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)
Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)

PHP 4.4.4/5.1.6 - htmlentities() Local Buffer Overflow (PoC)
PHP 4.4.4/5.1.6 - 'htmlentities()' Local Buffer Overflow (PoC)

Microsoft Windows - NetrWkstaUserEnum() Remote Denial of Service
Microsoft Windows - 'NetrWkstaUserEnum()' Remote Denial of Service

Apple Mac OSX 10.4.8 - AppleTalk ATPsndrsp() Heap Buffer Overflow (PoC)
Apple Mac OSX 10.4.8 - AppleTalk 'ATPsndrsp()' Heap Buffer Overflow (PoC)

Apple Mac OSX 10.4.x Kernel - shared_region_map_file_np() Memory Corruption
Apple Mac OSX 10.4.x Kernel - 'shared_region_map_file_np()' Memory Corruption
PHP 4.4.4 - Unserialize() ZVAL Reference Counter Overflow (PoC)
Netrek 2.12.0 - pmessage2() Remote Limited Format String
PHP 5 - wddx_deserialize() String Append Crash
Asterisk 1.2.15 / 1.4.0 - Unauthenticated Remote Denial of Service
PHP 4.4.4 - 'Unserialize()' ZVAL Reference Counter Overflow (PoC)
Netrek 2.12.0 - 'pmessage2()' Remote Limited Format String
PHP 5 - 'wddx_deserialize()' String Append Crash
Asterisk 1.2.15/1.4.0 - Unauthenticated Remote Denial of Service
Asterisk 1.2.16 / 1.4.1 - SIP INVITE Remote Denial of Service
PHP 4.4.5 / 4.4.6 - session_decode() Double-Free (PoC)
Asterisk 1.2.16/1.4.1 - SIP INVITE Remote Denial of Service
PHP 4.4.5/4.4.6 - 'session_decode()' Double-Free (PoC)

Opera 9.10 - alert() Remote Denial of Service
Opera 9.10 - 'alert()' Remote Denial of Service
PHP 5.2.3 - bz2 com_print_typeinfo() Denial of Service
PHP 5.2.3 - glob() Denial of Service
Asterisk < 1.2.22 / 1.4.8 / 2.2.1 - chan_skinny Remote Denial of Service
PHP 5.2.3 - 'bz2 com_print_typeinfo()' Denial of Service
PHP 5.2.3 - 'glob()' Denial of Service
Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service

Asterisk < 1.2.22 / 1.4.8 IAX2 channel driver - Remote Crash
Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash

HP ActiveX - 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)
HP - ActiveX 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)

EDraw Office Viewer Component 5.3 - FtpDownloadFile() Remote Buffer Overflow
EDraw Office Viewer Component 5.3 - 'FtpDownloadFile()' Remote Buffer Overflow

eXtremail 2.1.1 - memmove() Remote Denial of Service
eXtremail 2.1.1 - 'memmove()' Remote Denial of Service

Adobe Shockwave - ShockwaveVersion() Stack Overflow (PoC)
Adobe Shockwave - 'ShockwaveVersion()' Stack Overflow (PoC)

Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC)
Apple Mac OSX 10.4.x Kernel - 'i386_set_ldt()' Integer Overflow (PoC)
OpenSSL < 0.9.7l / 0.9.8d - SSLv2 Client Crash
SkyFex Client 1.0 - ActiveX Start() Method Remote Stack Overflow
DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service (PoC)
OpenSSL < 0.9.7l/0.9.8d - SSLv2 Client Crash
SkyFex Client 1.0 - ActiveX 'Start()' Method Remote Stack Overflow
DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC)

KingSoft - 'UpdateOcx2.dll' SetUninstallName() Heap Overflow (PoC)
KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC)

Adobe Acrobat Reader 8.1.2 - Malformed PDF Remote Denial of Service (PoC)
Adobe Acrobat Reader 8.1.2 - Malformed '.PDF' Remote Denial of Service (PoC)

Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - '.forward' Local Denial of Service
Postfix < 2.4.9/2.5.5/2.6-20080902 - '.forward' Local Denial of Service

fhttpd 0.4.2 un64() - Remote Denial of Service
fhttpd 0.4.2 - 'un64()' Remote Denial of Service

VBA32 Personal AntiVirus 3.12.8.x - (malformed archive) Denial of Service
VBA32 Personal AntiVirus 3.12.8.x - Malformed Archive Denial of Service

AyeView 2.20 - Malformed .GIF Image Local Crash
AyeView 2.20 - Malformed '.GIF' Image Local Crash

Solaris 9 PortBind - XDR-DECODE taddr2uaddr() Remote Denial of Service
Solaris 9 PortBind - XDR-DECODE 'taddr2uaddr()' Remote Denial of Service

Linux Kernel < 2.4.36.9 / 2.6.27.5 - Unix Sockets Local Kernel Panic Exploit
Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit

DesignWorks Professional 4.3.1 - Local '.CCT' File Stack Buffer Overflow (PoC)
DesignWorks Professional 4.3.1 - '.CCT' File Local Stack Buffer Overflow (PoC)

Vinagre < 2.24.2 - show_error() Remote Format String (PoC)
Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC)

Linux Kernel 2.6.27.7-generic / 2.6.18 / 2.6.24-1 - Local Denial of Service
Linux Kernel 2.6.27.7-generic/2.6.18/2.6.24-1 - Local Denial of Service

MW6 Barcode ActiveX - 'Barcode.dll' Remote Heap Overflow (PoC)
MW6 Barcode - ActiveX 'Barcode.dll' Remote Heap Overflow (PoC)

Multiple Vendors libc:fts_*() - Local Denial of Service
Multiple Vendors - 'libc:fts_*()' Local Denial of Service

Icewarp Merak Mail Server 9.4.1 - Base64FileEncode() Buffer Overflow (PoC)
Icewarp Merak Mail Server 9.4.1 - 'Base64FileEncode()' Buffer Overflow (PoC)

OpenSSL 0.9.8k / 1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service

Soulseek 157 NS x / 156.x - Remote Distributed Search Code Execution
Soulseek 157 NS x/156.x - Remote Distributed Search Code Execution

Notepad++ 5.4.5 - Local .C/CPP Stack Buffer Overflow (PoC)
Notepad++ 5.4.5 - '.C' / '.CPP' Local Stack Buffer Overflow (PoC)

Drupal 6.16 / 5.21 - Denial of Service
Drupal 5.21/6.16 - Denial of Service
SopCast SopCore Control ActiveX - Remote Execution (PoC)
UUSee ReliPlayer ActiveX - Remote Execution (PoC)
SopCast SopCore Control - ActiveX Remote Execution (PoC)
UUSee ReliPlayer - ActiveX Remote Execution (PoC)

Aqua Real 1.0 / 2.0 - Local Crash (PoC)
Aqua Real 1.0/2.0 - Local Crash (PoC)

iPhone - WebCore::CSSSelector() Remote Crash
iPhone - 'WebCore::CSSSelector()' Remote Crash

avtech software 'avc781viewer.dll' ActiveX - Multiple Vulnerabilities
Avtech Software - ActiveX 'avc781viewer.dll' Multiple Vulnerabilities

Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion
Apple Safari 4.0.3/4.0.4 - Stack Exhaustion
Multiple browsers - history.go() Denial of Service
Multiple browsers - window.print() Denial of Service
Multiple browsers - 'history.go()' Denial of Service
Multiple browsers - 'window.print()' Denial of Service

FreeBSD Kernel - mountnfs() Exploit
FreeBSD Kernel - 'mountnfs()' Exploit

Microsoft Internet Explorer 6 / 7 - Remote Denial of Service
Microsoft Internet Explorer 6/7 - Remote Denial of Service

PHP 5.3.3 - ibase_gen_id() Off-by-One Overflow
PHP 5.3.3 - 'ibase_gen_id()' Off-by-One Overflow
Microsoft DRM Technology 'msnetobj.dll' ActiveX - Multiple Vulnerabilities
RarCrack 0.2 - 'Filename' init() .bss (PoC)
Microsoft DRM Technology - 'msnetobj.dll' ActiveX Multiple Vulnerabilities
RarCrack 0.2 - 'Filename' 'init()' '.bss' (PoC)

Mozilla Firefox 3.5.10 / 3.6.6 - WMP Memory Corruption Using Popups
Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups

Microsoft Windows Mobile 6.1 / 6.5 - Double-Free Denial of Service
Microsoft Windows Mobile 6.1/6.5 - Double-Free Denial of Service
LeadTools 11.5.0.9 (ltdlg11n.ocx) - GetColorRes() Access Violation Denial of Service
LeadTools 11.5.0.9 (lttmb11n.ocx) - BrowseDir() Access Violation Denial of Service
LeadTools 11.5.0.9 - 'ltdlg11n.ocx' GetColorRes() Access Violation Denial of Service
LeadTools 11.5.0.9 - 'lttmb11n.ocx' BrowseDir() Access Violation Denial of Service

VideoLAN VLC Media Player 1.1 - Subtitle StripTags() Function Memory Corruption
VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Function Memory Corruption

PHP 5.3.5 - grapheme_extract() Null Pointer Dereference
PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference

Novell ZenWorks 10 / 11 - TFTPD Remote Code Execution
Novell ZenWorks 10/11 - TFTPD Remote Code Execution

PHP 5.3.6 - shmop_read() Integer Overflow Denial of Service
PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service
PHP 5.3.10 - spl_autoload_register() Local Denial of Service
PHP 5.3.10 - spl_autoload_call() Local Denial of Service
PHP 5.3.10 - 'spl_autoload_register()' Local Denial of Service
PHP 5.3.10 - 'spl_autoload_call()' Local Denial of Service

PHP 5.3.10 - spl_autoload() Local Denial of Service
PHP 5.3.10 - 'spl_autoload()' Local Denial of Service

Apple iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC)
Apple iOS 5.1.1 Safari Browser - 'JS match()' / 'search()' Crash (PoC)

Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process
Linux Kernel 2.0/2.1 - Send a SIGIO Signal To Any Process

Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.2 / 2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options
Linux Kernel 2.0 / 2.1 / 2.2 - autofs Exploit
Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1) - IP Options
Linux Kernel 2.0/2.1/2.2 - autofs Exploit

HP HP-UX 10.20 / IBM AIX 4.1.5 - connect() Denial of Service
HP HP-UX 10.20 / IBM AIX 4.1.5 - 'connect()' Denial of Service

Linux Kernel 2.0 / 2.0.33 - i_count Overflow (PoC)
Linux Kernel 2.0/2.0.33 - i_count Overflow (PoC)

FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - setsockopt() Denial of Service
FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - 'setsockopt()' Denial of Service

Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service

PHP 6.0 - openssl_verify() Local Buffer Overflow (PoC)
PHP 6.0 - 'openssl_verify()' Local Buffer Overflow (PoC)

Linux Kernel 2.1.89 / 2.2.x - Zero-Length Fragment
Linux Kernel 2.1.89/2.2.x - Zero-Length Fragment

Wireshark 1.8.2 / 1.6.0 - Buffer Overflow (PoC)
Wireshark 1.6.0/1.8.2 - Buffer Overflow (PoC)

MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2 / 5.2.1 - File Scanner Malicious Archive Denial of Service
MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service

Linux Kernel 2.2 / 2.4 - Deep Symbolic Link Denial of Service
Linux Kernel 2.2/2.4 - Deep Symbolic Link Denial of Service

Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion

Zlib 1.1.4 - Compression Library gzprintf() Buffer Overrun (1)
Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (1)

PHP 4.3 - socket_iovec_alloc() Integer Overflow
PHP 4.3 - 'socket_iovec_alloc()' Integer Overflow
PHP 4.x - socket_recv() Signed Integer Memory Corruption
PHP 4.x - socket_recvfrom() Signed Integer Memory Corruption
PHP 4.x - 'socket_recv()' Signed Integer Memory Corruption
PHP 4.x - 'socket_recvfrom()' Signed Integer Memory Corruption

Linux Kernel 2.4 / 2.6 - Sigqueue Blocking Denial of Service
Linux Kernel 2.4/2.6 - Sigqueue Blocking Denial of Service

Colloquy 1.3.5 / 1.3.6 - Denial of Service
Colloquy 1.3.5/1.3.6 - Denial of Service

FreeBSD 4.10/5.x - execve() Unaligned Memory Access Denial of Service
FreeBSD 4.10/5.x - 'execve()' Unaligned Memory Access Denial of Service

PHP 3/4/5 - Multiple Local / Remote Vulnerabilities (1)
PHP 3/4/5 - Local/Remote Multiple Vulnerabilities (1)

Linux Kernel 2.4.x / 2.6.x - Local Denial of Service / Memory Disclosure Vulnerabilities
Linux Kernel 2.4.x/2.6.x - Local Denial of Service / Memory Disclosure Vulnerabilities

PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (2)
PHP 3/4/5 - Local/Remote Multiple Vulnerabilities (2)

Linux Kernel 2.6.32-642 / 3.16.0-4 - 'inode' Integer Overflow
Linux Kernel 2.6.32-642 /3.16.0-4 - 'inode' Integer Overflow

Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities
Linux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities

Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC)
Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index (PoC)

Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow
Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow

SIEMENS Solid Edge ST4/ST5 SEListCtrlX ActiveX - SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution
SIEMENS Solid Edge ST4/ST5 SEListCtrlX - ActiveX SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution

Apache CXF < 2.5.10 / 2.6.7 / 2.7.4 - Denial of Service
Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service

Firebird 1.5 - Local Inet_Server Buffer Overflow
Firebird 1.5 - Inet_Server Local Buffer Overflow

Apple Mac OSX 10.x - '.zip' Parsing BOMStackPop() Function Overflow
Apple Mac OSX 10.x - '.zip' Parsing 'BOMStackPop()' Function Overflow

FreeBSD 5.x I386_Set_LDT() - Multiple Local Denial of Service Vulnerabilities
FreeBSD 5.x - 'I386_Set_LDT()' Multiple Local Denial of Service Vulnerabilities

FortKnox Personal Firewall 9.0.305.0 / 10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption
FortKnox Personal Firewall 9.0.305.0/10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption

PulseAudio 0.9.5 - Assert() Remote Denial of Service
PulseAudio 0.9.5 - 'Assert()' Remote Denial of Service

VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read
VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read

PHP openssl_x509_parse() - Memory Corruption
PHP - 'openssl_x509_parse()' Memory Corruption
MW6 Technologies Aztec ActiveX - (Data parameter) Buffer Overflow
MW6 Technologies Datamatrix ActiveX - (Data Parameter) - Buffer Overflow
MW6 Technologies MaxiCode ActiveX - (Data parameter) Buffer Overflow
MW6 Technologies Aztec - ActiveX 'Data Pparameter Buffer Overflow
MW6 Technologies Datamatrix - ActiveX 'Data' Parameter Buffer Overflow
MW6 Technologies MaxiCode - ActiveX 'Data' Parameter Buffer Overflow

MySQL 6.0.9 - GeomFromWKB() Function First Argument Geometry Value Handling Denial of Service
MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service

PHP 5.3.x  'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service

phpMyAdmin 4.0.x / 4.1.x / 4.2.x - Denial of Service
phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service

UltraPlayer 2.112 Malformed - '.avi' File Denial of Service
UltraPlayer 2.112 - Malformed '.avi' File Denial of Service

Linux Kernel 3.13 / 3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service
Linux Kernel 3.13/3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service
Advantech Webaccess 8.0 / 3.4.3 ActiveX - Multiple Vulnerabilities
PHP 5.4/5.5/5.6 - SplDoublyLinkedList Unserialize() Use-After-Free
PHP GMP unserialize() - Use-After-Free
PHP 5.4/5.5/5.6 - SplObjectStorage Unserialize() Use-After-Free
Advantech Webaccess 8.0 / 3.4.3 - ActiveX Multiple Vulnerabilities
PHP 5.4/5.5/5.6 - SplDoublyLinkedList 'Unserialize()' Use-After-Free
PHP GMP - 'unserialize()' Use-After-Free
PHP 5.4/5.5/5.6 - SplObjectStorage 'Unserialize()' Use-After-Free

PHP 5.4/5.5/5.6 - Unserialize() Use-After-Free Vulnerabilities
PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free Vulnerabilities
Python 2.7 strop.replace() Method - Integer Overflow
Python 3.3 < 3.5 product_setstate() Function - Out-of-Bounds Read
Python 2.7 - 'strop.replace()' Method Integer Overflow
Python 3.3 < 3.5 - 'product_setstate()' Function Out-of-Bounds Read

Linux Kernel 3.x / 4.x - prima WLAN Driver Heap Overflow
Linux Kernel 3.x/4.x - prima WLAN Driver Heap Overflow

NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow
NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow

Linux Kernel 3.10 / 3.18 / 4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption
Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption

ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
ImageMagick 6.9.3-9/7.0.1-0 - Multiple Vulnerabilities (ImageTragick)

Linux ARM/ARM64 - perf_event_open() Arbitrary Memory Read
Linux ARM/ARM64 - 'perf_event_open()' Arbitrary Memory Read

PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write
PHP 5.5.37/5.6.23/7.0.8 - 'bzread()' Out-of-Bounds Write
Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - PacketBB Dissector Denial of Service
Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - WSP Dissector Denial of Service
Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - RLC Dissector Denial of Service
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4- PacketBB Dissector Denial of Service
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - WSP Dissector Denial of Service
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - RLC Dissector Denial of Service

PHP 5.0.0 - hw_docbyanchor() Local Denial of Service
PHP 5.0.0 - 'hw_docbyanchor()' Local Denial of Service

Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference
Linux Kernel 3.10.0-327/4.8.0-22 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow
Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation
IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow
Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API
Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation

man-db 2.4.1 - open_cat_stream() Local uid=man Exploit
man-db 2.4.1 - 'open_cat_stream()' Local uid=man Exploit
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2)
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1)
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2)

Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (PoC)
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Privilege Escalation
Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC)
Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Privilege Escalation

xsplumber - strcpy() Buffer Overflow
xsplumber - 'strcpy()' Buffer Overflow

BSDi 3.0 / 4.0 - rcvtty[mh] Local Exploit
BSDi 3.0/4.0 - rcvtty[mh] Local Exploit

Solaris 2.5 / 2.5.1 - getgrnam() Local Overflow
Solaris 2.5/2.5.1 - 'getgrnam()' Local Overflow

Solaris 7 / 8-beta - arp Local Overflow
Solaris 7/8-beta - ARP Local Overflow

Solaris 2.6 / 2.7 - '/usr/bin/write' Local Overflow
Solaris 2.6/2.7 - '/usr/bin/write' Local Overflow

LibXt - XtAppInitialize() Overflow *xterm Exploit
LibXt - 'XtAppInitialize()' Overflow *xterm Exploit

SGI IRIX - '/bin/login Local' Buffer Overflow
SGI IRIX - '/bin/login' Local Buffer Overflow

LibPNG 1.2.5 - png_jmpbuf() Local Buffer Overflow
LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow

CDRecord's ReadCD - '$RSH' exec() SUID Shell Creation
CDRecord's ReadCD - '$RSH' 'exec()' SUID Shell Creation

Linux Kernel 2.4.27 / 2.6.8 - 'binfmt_elf' Executable File Read Exploit
Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read Exploit

Linux Kernel 2.6.x < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation
Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation

Setuid perl - PerlIO_Debug() Overflow
Setuid perl - 'PerlIO_Debug()' Overflow

Linux Kernel 2.4.x / 2.6.x - 'uselib()' Privilege Escalation (3)
Linux Kernel 2.4.x/2.6.x - 'uselib()' Privilege Escalation (3)

Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2)
Linux Kernel 2.4.x/2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2)

ePSXe 1.6.0 - nogui() Local Exploit
ePSXe 1.6.0 - 'nogui()' Local Exploit
Solaris 9 / 10 - ld.so Privilege Escalation (1)
Solaris 9 / 10 - ld.so Privilege Escalation (2)
Solaris 9/10 - 'ld.so' Privilege Escalation (1)
Solaris 9/10 - 'ld.so' Privilege Escalation (2)

Python 2.4.2 - realpath() Local Stack Overflow
Python 2.4.2 - 'realpath()' Local Stack Overflow

Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1)
Solaris 10 - 'sysinfo()' Local Kernel Memory Disclosure (1)

Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 - Multiple Buffer Overflow
Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflow
PHP 4.4.3 / 5.1.4 - (objIndex) Local Buffer Overflow (PoC)
PHP 4.4.3 / 5.1.4 - (sscanf) Local Buffer Overflow
PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC)
PHP 4.4.3/5.1.4 - 'sscanf' Local Buffer Overflow

Solaris 8 / 9 - '/usr/ucb/ps' Local Information Leak Exploit
Solaris 8/9 - '/usr/ucb/ps' Local Information Leak Exploit

OpenBSD 3.x < 4.0 - vga_ioctl() Privilege Escalation
OpenBSD 3.x < 4.0 - 'vga_ioctl()' Privilege Escalation
PHP < 4.4.5 / 5.2.1 - PHP_binary Session Deserialization Information Leak
PHP < 4.4.5 / 5.2.1 - WDDX Session Deserialization Information Leak
PHP 4.4.6 - mssql_[p]connect() Local Buffer Overflow
PHP 5.2.1 - substr_compare() Information Leak Exploit
PHP < 4.4.5 / 5.2.1 - (shmop functions) Local Code Execution
PHP < 4.4.5 / 5.2.1 - (shmop) SSL RSA Private-Key Disclosure
PHP < 4.4.5/5.2.1 - PHP_binary Session Deserialization Information Leak
PHP < 4.4.5/5.2.1 - WDDX Session Deserialization Information Leak
PHP 4.4.6 - 'mssql_[p]connect()' Local Buffer Overflow
PHP 5.2.1 - 'substr_compare()' Information Leak Exploit
PHP < 4.4.5/5.2.1 - 'shmop' Functions Local Code Execution
PHP < 4.4.5/5.2.1 - 'shmop' SSL RSA Private-Key Disclosure
PHP 4.4.6 - crack_opendict() Local Buffer Overflow (PoC)
PHP 4.4.6 - snmpget() object id Local Buffer Overflow (PoC)
PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC)
PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC)

PHP 4.4.6 - cpdf_open() Local Source Code Disclosure (PoC)
PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC)

PHP 5.2.1 - session_regenerate_id() Double-Free Exploit
PHP 5.2.1 - 'session_regenerate_id()' Double-Free Exploit
PHP 4.4.6 - ibase_connect() Local Buffer Overflow
PHP 4.4.6 / 5.2.1 - array_user_key_compare() ZVAL dtor Local Exploit
PHP 5.2.0 (OSX) - header() Space Trimming Buffer Underflow Exploit
PHP 4.4.6 / 5.2.1 - ext/gd Already Freed Resources Usage Exploit
PHP 5.2.1 - hash_update_file() Freed Resource Usage Exploit
PHP 5.2.1 - Unserialize() Local Information Leak Exploit
PHP < 4.4.5 / 5.2.1 - _SESSION unset() Local Exploit
PHP < 4.4.5 / 5.2.1 - _SESSION Deserialization Overwrite
PHP 4.4.6 - 'ibase_connect()' Local Buffer Overflow
PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Exploit
PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow Exploit
PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage Exploit
PHP 5.2.1 - 'hash_update_file()' Freed Resource Usage Exploit
PHP 5.2.1 - 'Unserialize()' Local Information Leak Exploit
PHP < 4.4.5/5.2.1 - '_SESSION' 'unset()' Local Exploit
PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite

PHP 5.2.3 - snmpget() object id Local Buffer Overflow
PHP 5.2.3 - 'snmpget()' Object id Local Buffer Overflow

IBM AIX 5.3 SP6 - FTP gets() Privilege Escalation
IBM AIX 5.3 SP6 - FTP 'gets()' Privilege Escalation

PHP 5.2.3 - snmpget() object id Local Buffer Overflow (EDI)
PHP 5.2.3 - 'snmpget()' object id Local Buffer Overflow (EDI)

PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local  Bypass Exploit
PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit

PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit
PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit

Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation
Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation

Numark Cue 5.0 rev 2 - Local '.m3u' File Stack Buffer Overflow
Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow
Adobe Reader - util.printf() JavaScript Function Stack Overflow (1)
Adobe Reader - util.printf() JavaScript Function Stack Overflow (2)
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1)
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2)

Microsoft SQL Server - sp_replwritetovarbin() Heap Overflow
Microsoft SQL Server - 'sp_replwritetovarbin()' Heap Overflow

PHP 5.2.8 gd library - imageRotate() Information Leak
PHP 5.2.8 gd library - 'imageRotate()' Information Leak

Adobe Acrobat Reader 8.1.2 < 9.0 - getIcon() Memory Corruption
Adobe Acrobat Reader 8.1.2 < 9.0 - 'getIcon()' Memory Corruption

PHP - mb_ereg(i)_replace() Evaluate Replacement String
PHP - 'mb_ereg(i)_replace()' Evaluate Replacement String

Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation
Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation

Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5)
Linux Kernel 2.4/2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5)
FreeBSD 6.1 - kqueue() Null Pointer Dereference Privilege Escalation
Multiple BSD Operating Systems - setusercontext() Vulnerabilities
Avast! 4.8.1335 Professional - Local Kernel Buffer Overflow
FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation
Multiple BSD Operating Systems - 'setusercontext()' Vulnerabilities
Avast! 4.8.1335 Professional - Kernel Local Buffer Overflow

Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Privilege Escalation
Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Privilege Escalation

OtsTurntables 1.00.027 - '.m3u' / '.ofl' Local Universal Buffer Overflow (SEH)
OtsTurntables 1.00.027 - '.m3u' / '.ofl' Universal Local Buffer Overflow (SEH)

Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Privilege Escalation (2)
Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Privilege Escalation (2)

Millenium MP3 Studio - (pls/mpf/m3u) Local Universal Buffer Overflows (SEH)
Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflows (SEH)

Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Privilege Escalation (3)
Linux Kernel 2.4/2.6 - 'sock_sendpage()' Privilege Escalation (3)

PlayMeNow 7.3 / 7.4 - Malformed '.M3U' Playlist File Buffer
PlayMeNow 7.3/7.4 - Malformed '.M3U' Playlist File Buffer

Mini-stream Ripper 3.0.1.1 - '.pls' Local Universal Buffer Overflow
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Local Buffer Overflow

PlayMeNow 7.3 / 7.4 - Buffer Overflow (Metasploit)
PlayMeNow 7.3/7.4 - Buffer Overflow (Metasploit)

HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow
HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow

(Tod Miller's) Sudo/SudoEdit 1.6.9p21 / 1.7.2p4 - Privilege Escalation
(Tod Miller's) Sudo/SudoEdit 1.6.9p21/1.7.2p4 - Privilege Escalation

PHP 6.0 Dev - str_transliterate() Buffer Overflow
PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow

Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - OpenSession() Buffer Overflow
Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - 'OpenSession()' Buffer Overflow

IP2location.dll 1.0.0.1 - Function Initialize() Buffer Overflow
IP2location.dll 1.0.0.1 - Function 'Initialize()' Buffer Overflow

FreeBSD Kernel - nfs_mount() Exploit
FreeBSD Kernel - 'nfs_mount()' Exploit
MUSE 4.9.0.006 - '.pls' Local Universal Buffer Overflow (SEH)
Triologic Media Player 8 - '.m3u' Local Universal Unicode Buffer Overflow (SEH)
MUSE 4.9.0.006 - '.pls' Universal Local Buffer Overflow (SEH)
Triologic Media Player 8 - '.m3u' Universal Unicode Local Buffer Overflow (SEH)

FreeBSD - mbufs() sendfile Cache Poisoning Privilege Escalation
FreeBSD - 'mbufs()' sendfile Cache Poisoning Privilege Escalation

Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - CAN BCM Privilege Escalation
Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Privilege Escalation

AOL 9.5 - Phobos.Playlist Import() Stack Based Buffer Overflow (Metasploit)
AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit)

Adobe - Collab.collectEmailInfo() Buffer Overflow (Metasploit)
Adobe - 'Collab.collectEmailInfo()' Buffer Overflow (Metasploit)

NetOp Remote Control 8.0 / 9.1 / 9.2 / 9.5 - Buffer Overflow
NetOp Remote Control 8.0/9.1/9.2/9.5 - Buffer Overflow

PHP 5.3.5 - socket_connect() Buffer Overflow
PHP 5.3.5 - 'socket_connect()' Buffer Overflow

Linux Kernel 2.6.28 / 3.0 (DEC Alpha Linux) - Privilege Escalation
Linux Kernel 2.6.28/3.0 (DEC Alpha Linux) - Privilege Escalation

mount.cifs - chdir() Arbitrary Root File Identification
mount.cifs - 'chdir()' Arbitrary Root File Identification
Slackware Linux 3.1 / 3.2 - color_xterm Buffer Overflow (1)
Slackware Linux 3.1 / 3.2 - color_xterm Buffer Overflow (2)
Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (1)
Slackware Linux 3.1/3.2 - color_xterm Buffer Overflow (2)

Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - vsyslog() Buffer Overflow
Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Buffer Overflow

Xi Graphics Accelerated X 4.0.x / 5.0 - Buffer Overflow
Xi Graphics Accelerated X 4.0.x/5.0 - Buffer Overflow

RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap tgetent() Buffer Overflow (2)
RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (2)

QSSL QNX 4.25 A - crypt() Exploit
QSSL QNX 4.25 A - 'crypt()' Exploit

Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (2)
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)

X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 - libX11 _XAsyncReply() Stack Corruption
X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 - libX11 '_XAsyncReply()' Stack Corruption

Linux Kernel 2.2.x - sysctl() Memory Reading (PoC)
Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 6.2/7.0 / 2.2.14/2.2.18/2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 6.2/7.0 / 2.2.14/2.2.18/2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)

Linux Kernel 2.2 / 2.4 - procfs Stream redirection to Process Memory Privilege Escalation
Linux Kernel 2.2/2.4 - procfs Stream redirection to Process Memory Privilege Escalation

Linux Kernel 2.2 / 2.4 - Ptrace/Setuid Exec Privilege Escalation
Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Privilege Escalation

Linux Kernel 2.2.x / 2.3 / 2.4.x - d_path() Path Truncation (PoC)
Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC)

Python 1.5.2 Pickle - Unsafe eval() Code Execution
Python 1.5.2 Pickle - Unsafe 'eval()' Code Execution
Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (1)
Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (2)
Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (3)
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (1)
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (2)
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3)

ESCPUtil 1.15.2 2 - Local Printer Name Buffer Overflow
ESCPUtil 1.15.2 2 - Printer Name Local Buffer Overflow
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (1)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (2)
Linux Kernel 2.2.x/2.4.x - Privileged Process Hijacking Privilege Escalation (1)
Linux Kernel 2.2.x/2.4.x - Privileged Process Hijacking Privilege Escalation (2)

Linux Kernel 2.2.x / 2.4.x - I/O System Call File Existence
Linux Kernel 2.2.x/2.4.x - I/O System Call File Existence

Zblast 1.2 - Local 'Username' Buffer Overrun
Zblast 1.2 - 'Username' Local Buffer Overrun

Linux PAM 0.77 - Pam_Wheel Module getlogin() 'Username' Spoofing Privilege Escalation
Linux PAM 0.77 - Pam_Wheel Module 'getlogin()' 'Username' Spoofing Privilege Escalation

Linux Kernel 2.2.x / 2.4.x - '/proc' Filesystem Potential Information Disclosure
Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Potential Information Disclosure
Tripbit Secure Code Analizer 1.0 - Local fgets() Buffer Overrun
Elm 2.3/2.4 - Local TERM Environment Variable Buffer Overrun
Tripbit Secure Code Analizer 1.0 - 'fgets()' Local Buffer Overrun
Elm 2.3/2.4 - TERM Environment Variable Local Buffer Overrun

GNU AN - Local Command Line Option Buffer Overflow
GNU AN - Command Line Option Local Buffer Overflow
OpenBSD 3.3 - Semget() Integer Overflow (1)
OpenBSD 3.3 - Semget() Integer Overflow (2)
OpenBSD 3.3 - 'Semget()' Integer Overflow (1)
OpenBSD 3.3 - 'Semget()' Integer Overflow (2)

Sendmail 8.12.9 - Prescan() Variant Remote Buffer Overrun
Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun
Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (1)
Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (2)
Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (3)
Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (1)
Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (2)
Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (3)

Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read
Linux Kernel 2.5.x/2.6.x - CPUFreq Proc Handler Integer Handling Memory Read

HP-UX 7-11 - Local X Font Server Buffer Overflow
HP-UX 7-11 - X Font Server Local Buffer Overflow

Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)
Linux Kernel 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)

Photodex ProShow Gold/Producer 5.0.3310 / 6.0.3410 - ScsiAccess Privilege Escalation
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - ScsiAccess Privilege Escalation

Newsgrab 0.5.0pre4 - Multiple Local And Remote Vulnerabilities
Newsgrab 0.5.0pre4 - Local/Remote Multiple Vulnerabilities
Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1)
Linux Kernel 2.4.30 / 2.6.11.5 - BlueTooth 'bluez_sock_create' Privilege Escalation
Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1)
Linux Kernel 2.4.30/2.6.11.5 - BlueTooth 'bluez_sock_create' Privilege Escalation

Ophcrack 3.5.0 - Local Code Execution Buffer Overflow
Ophcrack 3.5.0 - Code Execution Local Buffer Overflow

PHP 4.x/5.0/5.1 - mb_send_mail() Function Parameter Restriction Bypass
PHP 4.x/5.0/5.1 - 'mb_send_mail()' Function Parameter Restriction Bypass

Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities

IBM AIX 6.1 / 7.1 - Privilege Escalation
IBM AIX 6.1/7.1 - Privilege Escalation

Nodejs - js-yaml load() Code Exec (Metasploit)
Nodejs - 'js-yaml load()' Code Exec (Metasploit)

PHP 5.2.1 - Session.Save_Path() TMPDIR open_basedir Restriction Bypass
PHP 5.2.1 - 'Session.Save_Path()' TMPDIR open_basedir Restriction Bypass

ELinks Relative 0.10.6 / 011.1 - Path Arbitrary Code Execution
ELinks Relative 0.10.6/011.1 - Path Arbitrary Code Execution

suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit
suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass Exploit

Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3)
Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3)

Microsoft Office 2007 / 2010 - OLE Arbitrary Command Execution
Microsoft Office 2007/2010 - OLE Arbitrary Command Execution

MySQL / MariaDB / PerconaDB 5.5.51 / 5.6.32 / 5.7.14 - Code Execution / Privilege Escalation
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation

ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit)
ImageMagick 6.9.3-9/7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit)

Proxifier for Mac 2.17 / 2.18 - Privesc Escalation
Proxifier for Mac 2.17/2.18 - Privesc Escalation

Sendmail 8.12.8 - Prescan() BSD Remote Command Execution
Sendmail 8.12.8 (BSD) - 'Prescan()' Remote Command Execution

BFTPd - vsprintf() Format Strings Exploit
BFTPd - 'vsprintf()' Format Strings Exploit

OpenBSD ftpd 2.6 / 2.7 - Remote Exploit
OpenBSD ftpd 2.6/2.7 - Remote Exploit
Subversion 1.0.2 - svn_time_from_cstring() Remote Exploit
Rlpr 2.04 - msg() Remote Format String
Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Exploit
Rlpr 2.04 - 'msg()' Remote Format String

Courier-IMAP 3.0.2-r1 - auth_debug() Remote Format String
Courier-IMAP 3.0.2-r1 - 'auth_debug()' Remote Format String

PHP 4.3.7 - openlog() Buffer Overflow
PHP 4.3.7 - 'openlog()' Buffer Overflow

Apple iTunes - Playlist Local Parsing Buffer Overflow
Apple iTunes - Playlist Parsing Local Buffer Overflow

Newspost 2.1 - socket_getline() Remote Buffer Overflow (2)
Newspost 2.1 - 'socket_getline()' Remote Buffer Overflow (2)

CA Unicenter 3.1 - CAM log_security() Stack Overflow (Metasploit)
CA Unicenter 3.1 - CAM 'log_security()' Stack Overflow (Metasploit)

sobexsrv 1.0.0_pre3 Bluetooth - syslog() Remote Format String
sobexsrv 1.0.0_pre3 Bluetooth - 'syslog()' Remote Format String

Mozilla Firefox 1.04 - compareTo() Remote Code Execution
Mozilla Firefox 1.04 - 'compareTo()' Remote Code Execution
Mozilla Firefox 1.5 (Linux) - location.QueryInterface() Code Execution (Metasploit)
Mozilla Firefox 1.5 (OSX) - location.QueryInterface() Code Execution (Metasploit)
Mozilla Firefox 1.5 (Linux) - 'location.QueryInterface()' Code Execution (Metasploit)
Mozilla Firefox 1.5 (OSX) - 'location.QueryInterface()' Code Execution (Metasploit)

crossfire-server 1.9.0 - SetUp() Remote Buffer Overflow
crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow
MySQL 4.1.18 / 5.0.20 - Local+Remote Information Leakage Exploit
Quake 3 Engine 1.32b - R_RemapShader() Remote Client Buffer Overflow
MySQL 4.1.18/5.0.20 - Local/Remote Information Leakage Exploit
Quake 3 Engine 1.32b - 'R_RemapShader()' Remote Client Buffer Overflow

iShopCart - vGetPost() Remote Buffer Overflow (cgi)
iShopCart - 'vGetPost()' Remote Buffer Overflow (CGI)

Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - 'FTP' Remote Exploit
Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote Exploit
XMPlay 3.3.0.4 - (PLS) Local+Remote Buffer Overflow
Oracle 9i / 10g - (read/write/execute) Exploitation Suite
XMPlay 3.3.0.4 - '.PLS' Local/Remote Buffer Overflow
Oracle 9i/10g - (read/write/execute) Exploitation Suite
Oracle 9i / 10g (extproc) - Local / Remote Command Execution
Oracle 9i / 10g - 'utl_file' FileSystem Access Exploit
Oracle 9i/10g - 'extproc' Local/Remote Command Execution
Oracle 9i/10g - 'utl_file' FileSystem Access Exploit

Portable OpenSSH 3.6.1p-PAM / 4.1-SuSE - Timing Attack Exploit
Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack Exploit

PHP 4.4.3 < 4.4.6 - PHPinfo() Cross-Site Scripting
PHP 4.4.3 < 4.4.6 - 'PHPinfo()' Cross-Site Scripting

XAMPP for Windows 1.6.0a - mssql_connect() Remote Buffer Overflow
XAMPP for Windows 1.6.0a - 'mssql_connect()' Remote Buffer Overflow

IPIX Image Well ActiveX - 'iPIX-ImageWell-ipix.dll' Buffer Overflow
IPIX Image Well - ActiveX 'iPIX-ImageWell-ipix.dll' Buffer Overflow

Zenturi ProgramChecker ActiveX - 'sasatl.dll' Remote Buffer Overflow
Zenturi ProgramChecker - ActiveX 'sasatl.dll' Remote Buffer Overflow

Zenturi ProgramChecker - ActiveX NavigateUrl() Insecure Method Exploit
Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method Exploit

NCTAudioStudio2 - ActiveX DLL 2.6.1.148 CreateFile() Insecure Method
NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()/ Insecure Method

HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - SaveToFile() Exploit
HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' Exploit

NeoTracePro 3.25 - ActiveX TraceTarget() Remote Buffer Overflow
NeoTracePro 3.25 - ActiveX 'TraceTarget()' Remote Buffer Overflow

Versalsoft HTTP File Uploader - AddFile() Remote Buffer Overflow
Versalsoft HTTP File Uploader - 'AddFile()' Remote Buffer Overflow

Data Dynamics ActiveReport ActiveX - 'actrpt2.dll 2.5' Insecure Method
Data Dynamics ActiveReport - ActiveX 'actrpt2.dll 2.5' Insecure Method
Yahoo! Widget < 4.0.5 - GetComponentVersion() Remote Overflow
CHILKAT ASP String - 'CkString.dll 1.1' SaveToFile() Insecure Method
Yahoo! Widget < 4.0.5 - 'GetComponentVersion()' Remote Overflow
CHILKAT ASP String - 'CkString.dll 1.1' 'SaveToFile()' Insecure Method
NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - SetText() Remote Exploit
NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - SaveXMLFile() Insecure Method
NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - DeleteXMLFile() Insecure Method
NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote Exploit
NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - 'SaveXMLFile()' Insecure Method
NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - 'DeleteXMLFile()' Insecure Method

Microsoft MSN Messenger 7.x (8.0?) - Video Remote Heap Overflow
Microsoft MSN Messenger 7.x/8.0? - Video Remote Heap Overflow

GlobalLink 2.7.0.8 - 'glItemCom.dll' SetInfo() Heap Overflow
GlobalLink 2.7.0.8 - 'glItemCom.dll' 'SetInfo()' Heap Overflow
GlobalLink 2.7.0.8 - 'glitemflat.dll' SetClientInfo() Heap Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0' SaveToFile() Insecure Method
GlobalLink 2.7.0.8 - 'glitemflat.dll' 'SetClientInfo()' Heap Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0' 'SaveToFile()' Insecure Method

jetAudio 7.x - ActiveX DownloadFromMusicStore() Code Execution
jetAudio 7.x - ActiveX 'DownloadFromMusicStore()' Code Execution

Persits Software XUpload Control - AddFolder() Buffer Overflow
Persits Software XUpload Control - 'AddFolder()' Buffer Overflow

idautomation bar code ActiveX - Multiple Vulnerabilities
idautomation bar code - ActiveX Multiple Vulnerabilities

C6 Messenger ActiveX - Remote Download and Execute Exploit
C6 Messenger - ActiveX Remote Download and Execute Exploit

NuMedia Soft Nms DVD Burning SDK ActiveX - 'NMSDVDX.dll' Exploit
NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Exploit

GdPicture Pro ActiveX - 'gdpicture4s.ocx' File Overwrite / Exec Exploit
GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec Exploit
MW6 Aztec ActiveX - 'Aztec.dll' Remote Insecure Method Exploit
MW6 Barcode ActiveX - 'Barcode.dll' Insecure Method Exploit
MW6 Aztec - ActiveX 'Aztec.dll' Remote Insecure Method Exploit
MW6 Barcode - ActiveX 'Barcode.dll' Insecure Method Exploit

GE Fanuc Real Time Information Portal 2.6 - writeFile() API Exploit (Metasploit)
GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API Exploit (Metasploit)

EasyMail ActiveX - 'emmailstore.dll 6.5.0.3' Buffer Overflow
EasyMail - ActiveX 'emmailstore.dll 6.5.0.3' Buffer Overflow

Megacubo 5.0.7 - (mega://) Remote eval() Injection
Megacubo 5.0.7 - 'mega://' Remote 'eval()' Injection

Word Viewer OCX 3.2 ActiveX - (Save) Remote File Overwrite
Word Viewer OCX 3.2 - ActiveX 'Save' Remote File Overwrite

EDraw Office Viewer 5.4 - HttpDownloadFile() Insecure Method
EDraw Office Viewer 5.4 - 'HttpDownloadFile()' Insecure Method

Oracle Secure Backup 10g - exec_qr() Command Injection
Oracle Secure Backup 10g - 'exec_qr()' Command Injection

Linux Kernel 2.6.20 / 2.6.24 / 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit
Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit
Adobe Reader 8.1.4/9.1 - GetAnnots() Remote Code Execution
Adobe 8.1.4/9.1 - customDictionaryOpen() Code Execution
BaoFeng - ActiveX OnBeforeVideoDownload() Remote Buffer Overflow
Adobe Reader 8.1.4/9.1 - 'GetAnnots()' Remote Code Execution
Adobe 8.1.4/9.1 - 'customDictionaryOpen()' Code Execution
BaoFeng - ActiveX 'OnBeforeVideoDownload()' Remote Buffer Overflow

AOL IWinAmpActiveX Class ConvertFile() - Remote Buffer Overflow
AOL IWinAmpActiveX Class - 'ConvertFile()' Remote Buffer Overflow

Virtualmin < 3.703 - Multiple Local+Remote Vulnerabilities
Virtualmin < 3.703 - Local/Remote Multiple Vulnerabilities

Quiksoft EasyMail 6.0.3.0 - imap connect() ActiveX Buffer Overflow
Quiksoft EasyMail 6.0.3.0 - IMAP 'connect()' ActiveX Buffer Overflow

EnjoySAP 6.4 / 7.1 - File Overwrite
EnjoySAP 6.4/7.1 - File Overwrite

Blender 2.34 / 2.35a / 2.4 / 2.49b - '.blend' Command Injection
Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection

Solaris 10 / 11 Telnet - Remote Authentication Bypass (Metasploit)
Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit)

mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit)
mDNSResponder 10.4.0/10.4.8 (OSX) - UPnP Location Overflow (Metasploit)

Opera 9.50 / 9.61 historysearch - Command Execution (Metasploit)
Opera 9.50/9.61 historysearch - Command Execution (Metasploit)
Squid 2.5.x / 3.x - NTLM Buffer Overflow (Metasploit)
PoPToP < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit)
Squid 2.5.x/3.x - NTLM Buffer Overflow (Metasploit)
PoPToP < 1.1.3-b3/1.1.3-20030409 - Negative Read Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 sp2 - 'jrd8_create_database' Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit)
Borland Interbase 2007/2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit)
Borland Interbase 2007/2007 SP2 - 'jrd8_create_database' Buffer Overflow (Metasploit)
Borland Interbase 2007/2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit)

HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution (Metasploit)
HP-UX LPD 10.20/11.00/11.11 - Command Execution (Metasploit)

PHP 5.3 - preg_match() Full Path Disclosure
PHP 5.3 - 'preg_match()' Full Path Disclosure

Trend Micro Web-Deployment ActiveX - Remote Execution (PoC)
Trend Micro Web-Deployment - ActiveX Remote Execution (PoC)

Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' 'OpenFile()' Remote Overflow

Bigant Messenger 2.52 - 'AntCore.dll' RegisterCom() Remote Heap Overflow
Bigant Messenger 2.52 - 'AntCore.dll' 'RegisterCom()' Remote Heap Overflow

Apple Safari 4.0.5 - parent.close() (memory Corruption) Code Execution
Apple Safari 4.0.5 - 'parent.close()' Memory Corruption Code Execution

Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass)
Apple Safari 4.0.5 - 'parent.close()' Memory Corruption (ASLR + DEP Bypass)

ComponentOne VSFlexGrid 7 / 8 - 'Archive()' method Remote Buffer Overflow
ComponentOne VSFlexGrid 7/8 - 'Archive()' method Remote Buffer Overflow

Apple Mac OSX EvoCam Web Server 3.6.6 / 3.6.7 - Buffer Overflow
Apple Mac OSX EvoCam Web Server 3.6.6/3.6.7 - Buffer Overflow

Nginx 0.7.65 / 0.8.39 (dev) - Source Disclosure / Download
Nginx 0.7.65/0.8.39 (dev) - Source Disclosure / Download

SigPlus Pro 3.74 - ActiveX LCDWriteString() Remote Buffer Overflow JIT Spray (ASLR + DEP Bypass)
SigPlus Pro 3.74 - ActiveX 'LCDWriteString()' Remote Buffer Overflow JIT Spray (ASLR + DEP Bypass)

McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution)
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution

Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (2)
Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (2)

Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (Metasploit)

Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit)
Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Buffer Overflow (Metasploit)

Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow
Viscom Image Viewer CP Gold 6 - ActiveX 'TifMergeMultiFiles()' Buffer Overflow

Microsoft WMITools ActiveX - Remote Command Execution
Microsoft WMITools - ActiveX Remote Command Execution

Novell iPrint 5.52 - ActiveX GetDriverSettings() Remote Exploit (ZDI-10-256)
Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote Exploit

Apple QTJava - toQTPointer() Arbitrary Memory Access (Metasploit)
Apple QTJava - 'toQTPointer()' Arbitrary Memory Access (Metasploit)

Java - Statement.invoke() Trusted Method Chain Exploit (Metasploit)
Java - 'Statement.invoke()' Trusted Method Chain Exploit (Metasploit)

Mozilla Firefox 3.5 - escape() Return Value Memory Corruption (Metasploit)
Mozilla Firefox 3.5 - 'escape()' Return Value Memory Corruption (Metasploit)

Mozilla Suite/Firefox InstallVersion->compareTo() - Code Execution (Metasploit)
Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit)

Sun Solaris sadmind - adm_build_path() Buffer Overflow (Metasploit)
Sun Solaris sadmind - 'adm_build_path()' Buffer Overflow (Metasploit)

Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (MS07-029) (Metasploit)
Microsoft DNS RPC Service - 'extractQuotedChar()' Overflow 'SMB' (MS07-029) (Metasploit)

Firebird Relational Database - SVC_attach() Buffer Overflow (Metasploit)
Firebird Relational Database - 'SVC_attach()' Buffer Overflow (Metasploit)

Firebird Relational Database - isc_create_database() Buffer Overflow (Metasploit)
Firebird Relational Database - 'isc_create_database()' Buffer Overflow (Metasploit)

Firebird Relational Database - isc_attach_database() Buffer Overflow (Metasploit)
Firebird Relational Database - 'isc_attach_database()' Buffer Overflow (Metasploit)

Worldweaver DX Studio Player 3.0.29 - shell.execute() Command Execution (Metasploit)
Worldweaver DX Studio Player 3.0.29 - 'shell.execute()' Command Execution (Metasploit)

Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit)
Zenturi ProgramChecker - ActiveX Control Arbitrary File Download (Metasploit)
CA BrightStor ARCserve Backup - AddColumn() ActiveX Buffer Overflow (Metasploit)
Microsoft Internet Explorer - createTextRange() Code Execution (MS06-013) (Metasploit)
CA BrightStor ARCserve Backup - 'AddColumn()' ActiveX Buffer Overflow (Metasploit)
Microsoft Internet Explorer - 'createTextRange()' Code Execution (MS06-013) (Metasploit)

AOL Radio AmpX - ActiveX Control ConvertFile() Buffer Overflow (Metasploit)
AOL Radio AmpX - ActiveX Control 'ConvertFile()' Buffer Overflow (Metasploit)

NCTAudioFile2 2.x - ActiveX Control SetFormatLikeSample() Buffer Overflow (Metasploit)
NCTAudioFile2 2.x - ActiveX Control 'SetFormatLikeSample()' Buffer Overflow (Metasploit)

SasCam Webcam Server 2.6.5 - Get() method Buffer Overflow (Metasploit)
SasCam Webcam Server 2.6.5 - 'Get()' Method Buffer Overflow (Metasploit)

Microsoft DNS RPC Service - extractQuotedChar() TCP Overflow (MS07-029) (Metasploit)
Microsoft DNS RPC Service - 'extractQuotedChar()' TCP Overflow (MS07-029) (Metasploit)

httpdx - h_handlepeer() Function Buffer Overflow (Metasploit)
httpdx - 'h_handlepeer()' Function Buffer Overflow (Metasploit)

CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit)
CA CAM (Windows x86) - 'log_security()' Stack Buffer Overflow (Metasploit)

Trend Micro ServerProtect 5.58 - CreateBinding() Buffer Overflow (Metasploit)
Trend Micro ServerProtect 5.58 - 'CreateBinding()' Buffer Overflow (Metasploit)

XtreamerPRO Media-player 2.6.0 / 2.7.0 - Multiple Vulnerabilities
XtreamerPRO Media-player 2.6.0/2.7.0 - Multiple Vulnerabilities

Black Ice Cover Page SDK - insecure method DownloadImageFileURL() Exploit (Metasploit)
Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' Exploit (Metasploit)

CTEK SkyRouter 4200 / 4300 - Command Execution (Metasploit)
CTEK SkyRouter 4200/4300 - Command Execution (Metasploit)

Mozilla Firefox 4.0.1 - Array.reduceRight() Exploit
Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Exploit

LotusCMS 3.0 - eval() Remote Command Execution (Metasploit)
LotusCMS 3.0 - 'eval()' Remote Command Execution (Metasploit)

Apache Tomcat - Remote Exploit (PUT Request) and Account Scanner
Apache Tomcat - Account Scanner / 'PUT' Request Remote Exploit

Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Remote Code Execution)
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject() Exploit
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Exploit

Mozilla Firefox 8/9 - AttributeChildRemoved() Use-After-Free (Metasploit)
Mozilla Firefox 8/9 - 'AttributeChildRemoved()' Use-After-Free (Metasploit)

RabidHamster R4 - Log Entry sprintf() Buffer Overflow (Metasploit)
RabidHamster R4 - Log Entry 'sprintf()' Buffer Overflow (Metasploit)

Samsung NET-i viewer - Multiple ActiveX BackupToAvi() Remote Overflow (Metasploit)
Samsung NET-i viewer - Multiple ActiveX 'BackupToAvi()' Remote Overflow (Metasploit)

Microsoft IIS 6.0 / 7.5 (+ PHP) - Multiple Vulnerabilities
Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities

Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing
Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing

ETL Delegate 5.9.x / 6.0.x - Buffer Overflow
ETL Delegate 5.9.x/6.0.x - Buffer Overflow
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (1)
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (3)
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (1)
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (3)

Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Remote Command Execution)
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution

PHP IRC Bot pbot - eval() Remote Code Execution (Metasploit)
PHP IRC Bot pbot - 'eval()' Remote Code Execution (Metasploit)

Icecast 1.3.7/1.3.8 - print_client() Format String
Icecast 1.3.7/1.3.8 - 'print_client()' Format String
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - glob() Buffer Overflow
FreeBSD 4.2-stable ftpd - glob() Buffer Overflow Vulnerabilities
OpenBSD 2.x < 2.8 ftpd - glob() Buffer Overflow
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow
FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities
OpenBSD 2.x < 2.8 FTPd - 'glob()' Buffer Overflow

Apache Tomcat 3.2.3/3.2.4 - Source.jsp Malformed Request Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Malformed Request Information Disclosure

Apache Tomcat 3.2.3/3.2.4 - RealPath.jsp Malformed Request Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Malformed Request Information Disclosure

Working Resources BadBlue 1.7.3 - cleanSearchString() Cross-Site Scripting
Working Resources BadBlue 1.7.3 - 'cleanSearchString()' Cross-Site Scripting

NTR - ActiveX Control StopModule() Remote Code Execution (Metasploit)
NTR - ActiveX Control 'StopModule()' Remote Code Execution (Metasploit)
NTR - ActiveX Control Check() Method Buffer Overflow (Metasploit)
HP Application Lifecycle Management - XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution (Metasploit)
NTR - ActiveX Control 'Check()' Method Buffer Overflow (Metasploit)
HP Application Lifecycle Management - 'XGO.ocx' ActiveX 'SetShapeNodeType()' Remote Code Execution (Metasploit)

ghttpd 1.4.x - Log() Function Buffer Overflow
ghttpd 1.4.x - 'Log()' Function Buffer Overflow

zkfingerd 0.9.1 - say() Format String
zkfingerd 0.9.1 - 'say()' Format String

Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure

AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 gethostbyname() - Buffer Overflow
AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Buffer Overflow

Zlib 1.1.4 - Compression Library gzprintf() Buffer Overrun (2)
Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (2)

BitchX 1.0 - Remote Send_CTCP() Memory Corruption
BitchX 1.0 - Remote 'Send_CTCP()' Memory Corruption

PoPToP PPTP 1.0/1.1.x - Negative read() Argument Remote Buffer Overflow
PoPToP PPTP 1.0/1.1.x - Negative 'read()' Argument Remote Buffer Overflow

Invision Power Board (IP.Board) 3.3.4 - Unserialize() PHP Code Execution (Metasploit)
Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution (Metasploit)

NetIQ Privileged User Manager 2.3.1 - ldapagnt_eval() Remote Perl Code Execution (Metasploit)
NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Remote Perl Code Execution (Metasploit)

Valve Software Half-Life Server 1.1.1.0 / 3.1.1.1c1 / 4.1.1.1a - Multiplayer Request Buffer Overflow
Valve Software Half-Life Server 1.1.1.0/3.1.1.1c1/4.1.1.1a - Multiplayer Request Buffer Overflow
WU-FTPD 2.6.2 / 2.6.0 / 2.6.1 - 'realpath()' Off-by-One Buffer Overflow
FreeBSD 4.8 - realpath() Off-by-One Buffer Overflow
WU-FTPD 2.6.0/2.6.1/2.6.2 - 'realpath()' Off-by-One Buffer Overflow
FreeBSD 4.8 - 'realpath()' Off-by-One Buffer Overflow

InduSoft Web Studio - ISSymbol.ocx InternationalSeparator() Heap Overflow (Metasploit)
InduSoft Web Studio - 'ISSymbol.ocx' 'InternationalSeparator()' Heap Overflow (Metasploit)

GNU Anubis 3.6.x/3.9.x - auth.c auth_ident() Function Overflow
GNU Anubis 3.6.x/3.9.x - 'auth.c' 'auth_ident()' Function Overflow

Rlpr 2.0 - msg() Function Multiple Vulnerabilities
Rlpr 2.0 - 'msg()' Function Multiple Vulnerabilities

PHP 4.x/5.0 - Strip_Tags() Function Bypass
PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass

Movable Type 4.2x / 4.3x - Web Upgrade Remote Code Execution (Metasploit)
Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit)

NullSoft Winamp 2-5 - '.wsz' Remote Code Execution
NullSoft Winamp 2.4 < 5.0.4 - '.wsz' Remote Code Execution

Portable UPnP SDK - unique_service_name() Remote Code Execution (Metasploit)
Portable UPnP SDK - 'unique_service_name()' Remote Code Execution (Metasploit)

Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit)
Novell ZENworks Configuration Management 10 SP3/11 SP2 - Remote Execution (Metasploit)

PHP 4/5 - addslashes() Null Byte Bypass
PHP 4/5 - 'addslashes()' Null Byte Bypass

Smail 3 - Multiple Remote and Local Vulnerabilities
Smail 3 - Multiple Remote/Local Vulnerabilities

SIEMENS Solid Edge ST4/ST5 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx Remote Code Execution
SIEMENS Solid Edge ST4/ST5 WebPartHelper - ActiveX RFMSsvs!JShellExecuteEx Remote Code Execution

Novell Zenworks Mobile Device Managment 2.6.1 / 2.7.0 - Local File Inclusion (Metasploit)
Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)

Java Applet - Driver Manager Privileged toString() Remote Code Execution (Metasploit)
Java Applet - Driver Manager Privileged 'toString()' Remote Code Execution (Metasploit)

Oracle Java - storeImageArray() Invalid Array Indexing
Oracle Java - 'storeImageArray()' Invalid Array Indexing

PHP 4.x - tempnam() Function open_basedir Restriction Bypass
PHP 4.x - 'tempnam()' Function open_basedir Restriction Bypass

Oracle Java - IntegerInterleavedRaster.verify() Signed Integer Overflow
Oracle Java - 'IntegerInterleavedRaster.verify()' Signed Integer Overflow

Java - storeImageArray() Invalid Array Indexing (Metasploit)
Java - 'storeImageArray()' Invalid Array Indexing (Metasploit)

Oracle Java - BytePackedRaster.verify() Signed Integer Overflow
Oracle Java - 'BytePackedRaster.verify()' Signed Integer Overflow

Oracle Java - ShortComponentRaster.verify() Memory Corruption
Oracle Java - 'ShortComponentRaster.verify()' Memory Corruption

Apache 1.3.35 / 2.0.58 / 2.2.2 - Arbitrary HTTP Request Headers Security
Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security

Python 2.5 - PyLocale_strxfrm Function Remote Information Leak
Python 2.5 - 'PyLocale_strxfrm' Function Remote Information Leak
PHP 4.4.4 - Zip_Entry_Read() Integer Overflow
PHP 5.1.6 - Chunk_Split() Function Integer Overflow
PHP 4.4.4 - 'Zip_Entry_Read()' Integer Overflow
PHP 5.1.6 - 'Chunk_Split()' Function Integer Overflow
PHP 5.1.6 - Imap_Mail_Compose() Function Buffer Overflow
PHP 5.1.6 - Msg_Receive() Memory Allocation Integer Overflow
PHP 5.1.6 - 'Imap_Mail_Compose()' Function Buffer Overflow
PHP 5.1.6 - 'Msg_Receive()' Memory Allocation Integer Overflow

Zimbra Collaboration Server 7.2.2 / 8.0.2 - Local File Inclusion (Metasploit)
Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)

Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow
Ghostscript 8.0.1/8.15 - 'zseticcspace()' Function Buffer Overflow

VideoCharge Studio 2.12.3.685 - GetHttpResponse() MITM Remote Code Execution
VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution

Python socket.recvfrom_into() - Remote Buffer Overflow
Python - 'socket.recvfrom_into()' Remote Buffer Overflow

Vim 'mch_expand_wildcards()' - Heap Based Buffer Overflow
Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow

Boat Browser 8.0 / 8.0.1 - Remote Code Execution
Boat Browser 8.0/8.0.1 - Remote Code Execution

Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit)
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)

Pro Softnet IDrive Online Backup 3.4.0 - ActiveX SaveToFile() Arbitrary File Overwrite
Pro Softnet IDrive Online Backup 3.4.0 - ActiveX 'SaveToFile()' Arbitrary File Overwrite

RealVNC 4.1.0 / 4.1.1 - Authentication Bypass
RealVNC 4.1.0/4.1.1 - Authentication Bypass

PHP 5.5.33 / 7.0.4 - SNMP Format String
PHP 5.5.33/7.0.4 - SNMP Format String

Cisco ASA Software 8.x / 9.x - IKEv1 and IKEv2 Buffer Overflow
Cisco ASA Software 8.x/9.x - IKEv1 / IKEv2 Buffer Overflow

OpenSSHd 7.2p2 - Username Enumeration
OpenSSH 7.2p2 - Username Enumeration

Drupal Module Coder < 7.x-1.3 / 7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039)
Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039)

FreePBX 13 / 14 - Remote Command Execution / Privilege Escalation
FreePBX 13/14 - Remote Command Execution / Privilege Escalation

Subversion 1.6.6 / 1.6.12 - Code Execution
Subversion 1.6.6/1.6.12 - Code Execution

Ansible 2.1.4 / 2.2.1 - Command Execution
Ansible 2.1.4/2.2.1 - Command Execution

Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit)
Piwik 2.14.0/2.16.0/2.17.1/3.0.1 - Superuser Plugin Upload (Metasploit)
GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)
Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)
Ruby on Rails 4.0.x/4.1.x/4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)

Easy File Sharing Web Server 7.2 - GET HTTP Request (PassWD) Buffer Overflow (SEH)

Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit)
Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)
UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit
vBulletin - LAST.php SQL Injection
UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit
vBulletin - 'LAST.php' SQL Injection
phpBB 1.0.0 / 2.0.10 - admin_cash.php Remote Exploit
PHP 4.3.9 + phpBB 2.x - Unserialize() Remote Exploit (Compiled)
phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Exploit
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled)

e107 - include() Remote Exploit
e107 - 'include()' Remote Exploit

CuteNews 1.4.0 - Shell Inject Remote Command Execution
CuteNews 1.4.0 - Shell Injection / Remote Command Execution

CuteNews 1.4.1 - Shell Inject Remote Command Execution
CuteNews 1.4.1 - Shell Injection / Remote Command Execution

WebWiz Products 1.0 / 3.06 - Login Bypass (SQL Injection)
WebWiz Products 1.0/3.06 - Login Bypass (SQL Injection)

NOCC Webmail 1.0 - (Local Inclusion) Remote Code Execution
NOCC Webmail 1.0 - Local File Inclusion / Remote Code Execution

4Images 1.7.1 - (Local Inclusion) Remote Code Execution
4Images 1.7.1 - Local File Inclusion / Remote Code Execution

Fast Click 1.1.3 / 2.3.8 - 'show.php' Remote File Inclusion
Fast Click 1.1.3/2.3.8 - 'show.php' Remote File Inclusion

UBB Threads 6.4.x < 6.5.2 - (thispath) Remote File Inclusion
UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File Inclusion

UBB Threads 5.x / 6.x - Multiple Remote File Inclusion
UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusion
XMB 1.9.6 Final - basename() Remote Command Execution
PHPay 2.02 - 'nu_mail.inc.php' Remote mail() Injection
XMB 1.9.6 Final - 'basename()' Remote Command Execution
PHPay 2.02 - 'nu_mail.inc.php' 'mail()' Remote Injection

Phaos 0.9.2 - basename() Remote Command Execution
Phaos 0.9.2 - 'basename()' Remote Command Execution

Newsscript 0.5 - Remote File Inclusion / Local File Inclusion
Newsscript 0.5 - Local/Remote File Inclusion

exV2 < 2.0.4.3 - extract() Remote Command Execution
exV2 < 2.0.4.3 - 'extract()' Remote Command Execution

KGB 1.87 - (Local Inclusion) Remote Code Execution
KGB 1.87 - Local File Inclusion / Remote Code Execution

UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution
UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution

Invision Gallery 2.0.7 - readfile() & SQL Injection
Invision Gallery 2.0.7 - 'readfile()' / SQL Injection

Flatnuke 2.5.8 - file() Privilege Escalation / Code Execution
Flatnuke 2.5.8 - 'file()' Privilege Escalation / Code Execution

Invision Gallery 2.0.7 (Linux) - readfile() / SQL Injection
Invision Gallery 2.0.7 (Linux) - 'readfile()' / SQL Injection

Imageview 5 - 'Cookie/index.php' Remote / Local File Inclusion
Imageview 5 - 'Cookie/index.php' Local/Remote File Inclusion

Woltlab Burning Board Lite 1.0.2 - decode_cookie() SQL Injection
Woltlab Burning Board Lite 1.0.2 - 'decode_cookie()' SQL Injection

PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit
PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Injection

Cacti 0.8.6i - cmd.php popen() Remote Injection
Cacti 0.8.6i - 'cmd.php' 'popen()' Remote Injection

P-News 1.16 / 1.17 - 'user.dat' Remote Password Disclosure
P-News 1.16/1.17 - 'user.dat' Remote Password Disclosure
Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (1)
Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (2)
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (1)
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (2)

Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (3)
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (3)

Jupiter CMS 1.1.5 - 'index.php' Remote / Local File Inclusion
Jupiter CMS 1.1.5 - 'index.php' Local/Remote File Inclusion

PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 exec() eExploit
PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()' Exploit

MySpeach 3.0.7 - Remote / Local File Inclusion
MySpeach 3.0.7 - Local/Remote File Inclusion

YAAP 1.5 - __autoload() Remote File Inclusion
YAAP 1.5 - '__autoload()' Remote File Inclusion

Quick.Cart 2.2 - Remote File Inclusion / Local File Inclusion Remote Code Execution
Quick.Cart 2.2 - Local/Remote File Inclusion / Remote Code Execution

Sendcard 3.4.1 - (Local File Inclusion) Remote Code Execution
Sendcard 3.4.1 - Local File Inclusion / Remote Code Execution

Entertainment CMS - (Local Inclusion) Remote Command Execution
Entertainment CMS - Local File Inclusion / Remote Command Execution

iziContents rc6 - Remote File Inclusion / Local File Inclusion
iziContents rc6 - Local/Remote File Inclusion

PHP Project Management 0.8.10 - Multiple Remote File Inclusion / Local File Inclusion Vulnerabilities
PHP Project Management 0.8.10 - Multiple Local/Remote File Inclusions

Rayzz Script 2.0 - Remote File Inclusion / Local File Inclusion
Rayzz Script 2.0 - Local/Remote File Inclusion

SerWeb 2.0.0 dev1 2007-02-20 - Multiple Remote File Inclusion / Local File Inclusion Vulnerabilities
SerWeb 2.0.0 dev1 2007-02-20 - Multiple Local/Remote File Inclusion Vulnerabilities

SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection
SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection

Agares phpAutoVideo 2.21 - Remote / Local File Inclusion
Agares phpAutoVideo 2.21 - Local/Remote File Inclusion

TeamCalPro 3.1.000 - Multiple Remote / Local File Inclusion
TeamCalPro 3.1.000 - Multiple Local/Remote File Inclusions

NetRisk 1.9.7 - Remote / Local File Inclusion
NetRisk 1.9.7 - Local/Remote File Inclusion

AJchat 0.10 - unset() bug SQL Injection
AJchat 0.10 - 'unset()' bug SQL Injection

jspwiki 2.4.104 / 2.5.139 - Multiple Vulnerabilities
jspwiki 2.4.104/2.5.139 - Multiple Vulnerabilities

LookStrike Lan Manager 0.9 - Remote / Local File Inclusion
LookStrike Lan Manager 0.9 - Local/Remote File Inclusion

ExBB 0.22 - Local / Remote File Inclusion
ExBB 0.22 - Local/Remote File Inclusion

HomePH Design 2.10 RC2 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
HomePH Design 2.10 RC2 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting

ourvideo CMS 9.5 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
ourvideo CMS 9.5 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting

Pivot 1.40.5 - Dreamwind load_template() Credentials Disclosure
Pivot 1.40.5 - Dreamwind 'load_template()' Credentials Disclosure

1024 CMS 1.4.4 - Multiple Remote / Local File Inclusion
1024 CMS 1.4.4 - Multiple Local/Remote File Inclusion

Yourownbux 3.1 / 3.2 Beta - SQL Injection
Yourownbux 3.1/3.2 Beta - SQL Injection

Ol BookMarks Manager 0.7.5 - Remote File Inclusion / Local File Inclusion / SQL Injection
Ol BookMarks Manager 0.7.5 - Local File Inclusion / Remote File Inclusion / SQL Injection

wotw 5.0 - Local / Remote File Inclusion
wotw 5.0 - Local/Remote File Inclusion

PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion
PHPmyGallery 1.0beta2 - Local/Remote File Inclusion

PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion
PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local/Remote File Inclusion
ASPSiteWare Automotive Dealer 1.0 / 2.0 - SQL Injection
ASPSiteWare RealtyListing 1.0 / 2.0 - SQL Injection
ASPSiteWare Automotive Dealer 1.0/2.0 - SQL Injection
ASPSiteWare RealtyListing 1.0/2.0 - SQL Injection

phpskelsite 1.4 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
phpskelsite 1.4 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting

PlaySms 0.9.3 - Multiple Remote / Local File Inclusion
PlaySms 0.9.3 - Multiple Local/Remote File Inclusions

Simple Machines Forum (SMF) 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
Simple Machines Forum (SMF) 1.0.13/1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass

phpList 2.10.x - (Remote Code Execution by environ Inclusion) Local File Inclusion
phpList 2.10.x - Remote Code Execution / Local File Inclusion

GNUBoard 4.31.04 (09.01.30) - Multiple Local+Remote Vulnerabilities
GNUBoard 4.31.04 (09.01.30) - Local/Remote Multiple Vulnerabilities

OpenHelpDesk 1.0.100 - eval() Code Execution (Metasploit)
OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit)

Wili-CMS 0.4.0 - Remote File Inclusion / Local File Inclusion / Authentication Bypass
Wili-CMS 0.4.0 - Local File Inclusion / Remote File Inclusion / Authentication Bypass

PHP Director 0.21 - (SQL into outfile) eval() Injection
PHP Director 0.21 - (SQL Into Outfile) 'eval()' Injection

UBB.Threads 5.5.1 - (message) SQL Injection
UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection

Geeklog 1.5.2 - SEC_authenticate() SQL Injection
Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection

WebPortal CMS 0.8b - Multiple Remote / Local File Inclusion
WebPortal CMS 0.8b - Multiple Local/Remote File Inclusions
PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Inject
Bitweaver 2.6 - saveFeed() Remote Code Execution
PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Injection
Bitweaver 2.6 - 'saveFeed()' Remote Code Execution

School Data Navigator - (page) Local / Remote File Inclusion
School Data Navigator - 'page' Local/Remote File Inclusion

phpCollegeExchange 0.1.5c - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
phpCollegeExchange 0.1.5c - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting

ClearContent - 'image.php url' Remote File Inclusion / Local File Inclusion
ClearContent - 'image.php url' Local/Remote File Inclusion

e107 Plugin my_gallery 2.4.1 - readfile() Local File Disclosure
e107 Plugin my_gallery 2.4.1 - 'readfile()' Local File Disclosure

skadate dating - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
skadate dating - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting

Ultrize TimeSheet 1.2.2 - readfile() Local File Disclosure
Ultrize TimeSheet 1.2.2 - 'readfile()' Local File Disclosure

aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass/File Disclosure) Multiple Remote Vulnerabilities
aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass / File Disclosure) Multiple Remote Vulnerabilities
Facil Helpdesk - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Remote Vulnerabilities
IsolSoft Support Center 2.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Vulnerabilities
Facil Helpdesk - (Local File Inclusion / Remote File Inclusion / Cross-Site Scripting) Multiples Remote Vulnerabilities
IsolSoft Support Center 2.5 - (Local File Inclusion / Remote File Inclusion / Cross-Site Scripting) Multiples Vulnerabilities

ZeroBoard 4.1 pl7 - now_connect() Remote Code Execution
ZeroBoard 4.1 pl7 - 'now_connect()' Remote Code Execution

DedeCMS 5.1 - SQL Injection
DeDeCMS 5.1 - SQL Injection

TwonkyMedia Server 4.4.17 / 5.0.65 - Cross-Site Scripting
TwonkyMedia Server 4.4.17/5.0.65 - Cross-Site Scripting

Xerver 4.31 / 4.32 - HTTP Response Splitting
Xerver 4.31/4.32 - HTTP Response Splitting

sugar crm 5.5.0.rc2 / 5.2.0j - Multiple Vulnerabilities
Sugar CRM 5.5.0.rc2/5.2.0j - Multiple Vulnerabilities

Quate CMS 0.3.5 - Remote File Inclusion / Local File Inclusion
Quate CMS 0.3.5 - Local/Remote File Inclusion
Invision Power Board 3.0.4 / 3.0.4 / 2.3.6 - Local File Inclusion / SQL Injection
UBB.Threads 7.5.4 2 - Multiple File Inclusion
Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection
UBBCentral UBB.Threads 7.5.4 2 - Multiple File Inclusion

NAS Uploader 1.0 / 1.5 - Arbitrary File Upload
NAS Uploader 1.0/1.5 - Arbitrary File Upload

Pandora FMS Monitoring Application 2.1.x / 3.x - SQL Injection
Pandora FMS Monitoring Application 2.1.x /3.x - SQL Injection

UBB Threads 6.0 - Remote File Inclusion
UBBCentral UBB.Threads 6.0 - Remote File Inclusion

fileNice PHP file browser - Remote File Inclusion / Local File Inclusion
fileNice PHP file browser - Local/Remote File Inclusion

Pay Per Minute Video Chat Script 2.0 / 2.1 - Multiple Vulnerabilities
Pay Per Minute Video Chat Script 2.0/2.1 - Multiple Vulnerabilities

ProfitCode Shopping Cart - Multiple Local File Inclusion / Remote File Inclusion Vulnerabilities
ProfitCode Shopping Cart - Multiple Local/Remote File Inclusion Vulnerabilities

Izumi 1.1.0 - (Remote File Inclusion / Local File Inclusion) Multiple Include
Izumi 1.1.0 - (Local File Inclusion / Remote File Inclusion) Multiple Include

TSOKA:CMS 1.1 / 1.9 / 2.0 - SQL Injection / Cross-Site Scripting
TSOKA:CMS 1.1/1.9/2.0 - SQL Injection / Cross-Site Scripting

Facil-CMS 0.1RC2 - Local / Remote File Inclusion
Facil-CMS 0.1RC2 - Local/Remote File Inclusion

jevoncms - Local File Inclusion / Remote File Inclusion
jevoncms - Local/Remote File Inclusion

Vieassociative Openmairie 1.01 Beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Vieassociative Openmairie 1.01 Beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Openurgence vaccin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Police Municipale Open Main Courante 1.01beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openurgence vaccin 1.03 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Police Municipale Open Main Courante 1.01beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions

Openscrutin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openscrutin 1.03 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions

Openreglement 1.04 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openreglement 1.04 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions

Openregistrecil 1.02 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openregistrecil 1.02 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Openplanning 1.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openfoncier 2.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Madirish Webmail 2.01 - 'baseDir' Remote File Inclusion / Local File Inclusion
Openplanning 1.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Openfoncier 2.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Madirish Webmail 2.01 - 'baseDir' Local/Remote File Inclusion

Opencourrier 2.03beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Opencourrier 2.03beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions

AutoDealer 1.0 / 2.0 - MSSQL Injection
AutoDealer 1.0/2.0 - MSSQL Injection

Openannuaire Openmairie Annuaire 2.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openannuaire Openmairie Annuaire 2.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions

Waibrasil - Remote File Inclusion / Local File Inclusion
Waibrasil - Local/Remote File Inclusion

Spaw Editor 1.0 / 2.0 - Arbitrary File Upload
Spaw Editor 1.0/2.0 - Arbitrary File Upload

PHP SETI@home Web monitor - (PHPsetimon) Remote File Inclusion / Local File Inclusion
PHP SETI@home Web monitor - 'PHPsetimon' Local/Remote File Inclusion

vBulletin(R) 3.8.6 - faq.php Information Disclosure
vBulletin 3.8.6 - 'faq.php' Information Disclosure

Open Realty 2.x / 3.x - Persistent Cross-Site Scripting
Open Realty 2.x/3.x - Persistent Cross-Site Scripting

vBulletin 3.8.4 / 3.8.5 - Registration Bypass
vBulletin 3.8.4/3.8.5 - Registration Bypass

vbShout 5.2.2 - Remote / Local File Inclusion
vbShout 5.2.2 - Local/Remote File Inclusion

Zoopeer 0.1 / 0.2 - 'FCKeditor' Arbitrary File Upload
Zoopeer 0.1/0.2 - 'FCKeditor' Arbitrary File Upload

xt:Commerce Shopsoftware 3 / 4 - 'FCKeditor' Arbitrary File Upload
xt:Commerce Shopsoftware 3/4 - 'FCKeditor' Arbitrary File Upload

CakePHP 1.3.5 / 1.2.8 - Unserialize()
CakePHP 1.3.5/1.2.8 - 'Unserialize()' Exploit
vBSEO 3.5.2 / 3.2.2 - Persistent Cross-Site Scripting via LinkBacks
vBSEO Sitemap 2.5 / 3.0 - Multiple Vulnerabilities
vBSEO 3.2.2/3.5.2 - Persistent Cross-Site Scripting via LinkBacks
vBSEO Sitemap 2.5/3.0 - Multiple Vulnerabilities

Geomi CMS 1.2 / 3.0 - SQL Injection
Geomi CMS 1.2/3.0 - SQL Injection

cChatBox for vBulletin 3.6.8 / 3.7.x - SQL Injection
cChatBox for vBulletin 3.6.8/3.7.x - SQL Injection

Redmine SCM Repository 0.9.x / 1.0.x - Arbitrary Command Execution (Metasploit)
Redmine SCM Repository 0.9.x/1.0.x - Arbitrary Command Execution (Metasploit)

vBulletin - misc.php Template Name Arbitrary Code Execution (Metasploit)
vBulletin - 'misc.php' Template Name Arbitrary Code Execution (Metasploit)

CakePHP 1.3.5 / 1.2.8 - Cache Corruption Exploit (Metasploit)
CakePHP 1.3.5/1.2.8 - Cache Corruption Exploit (Metasploit)

SmarterMail 7.3 / 7.4 - Multiple Vulnerabilities
SmarterMail 7.3/7.4 - Multiple Vulnerabilities

WordPress Plugin BackWPup - Remote Code Execution /Local Code Execution
WordPress Plugin BackWPup - Remote Code Execution / Local Code Execution

WebSVN 2.3.2 - Unproper Metacharacters Escaping exec() Remote Command Injection
WebSVN 2.3.2 - Unproper Metacharacters Escaping 'exec()' Remote Command Injection

LuxCal Web Calendar 2.4.2 / 2.5.0 - SQL Injection
LuxCal Web Calendar 2.4.2/2.5.0 - SQL Injection

Joomla! Component 'com_virtuemart' 1.5 / 1.1.7 - Blind Time-Based SQL Injection (Metasploit)
Joomla! Component 'com_virtuemart' 1.1.7/1.5 - Blind Time-Based SQL Injection (Metasploit)
WSN Classifieds 6.2.12 / 6.2.18 - Multiple Vulnerabilities
Family Connections CMS 2.5.0 / 2.7.1 - 'less.php' Remote Command Execution
WSN Classifieds 6.2.12/6.2.18 - Multiple Vulnerabilities
Family Connections CMS 2.5.0/2.7.1 - 'less.php' Remote Command Execution

Typo3 4.5 < 4.7 - Remote Code Execution (Remote File Inclusion / Local File Inclusion)
Typo3 4.5 < 4.7 - Remote Code Execution / Local File Inclusion / Remote File Inclusion

phpMyAdmin 3.3.x / 3.4.x - Local File Inclusion via XXE Injection (Metasploit)
phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XXE Injection (Metasploit)

Log1 CMS - writeInfo() PHP Code Injection (Metasploit)
Log1 CMS - 'writeInfo()' PHP Code Injection (Metasploit)

MiniCMS 1.0 / 2.0 - PHP Code Inject
MiniCMS 1.0/2.0 - PHP Code Injection

4Images 1.7.6-9 - Cross-Site Request Forgery / Inject PHP Code
4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection

FreePBX 2.10.0 / 2.9.0 - Multiple Vulnerabilities
FreePBX 2.9.0/2.10.0 - Multiple Vulnerabilities

FreePBX 2.10.0 / 2.9.0 - callmenum Remote Code Execution (Metasploit)
FreePBX 2.9.0/2.10.0 - 'callmenum' Remote Code Execution (Metasploit)

Woltlab Burning Board 2.2 / 2.3 - [WN]KT KickTipp 3.1 - SQL Injection
Woltlab Burning Board 2.2/2.3 [WN]KT KickTipp 3.1 - SQL Injection
SugarCRM CE 6.3.1 - Unserialize() PHP Code Execution (Metasploit)
webERP 4.08.1 - Local / Remote File Inclusion
SugarCRM CE 6.3.1 - 'Unserialize()' PHP Code Execution (Metasploit)
webERP 4.08.1 - Local/Remote File Inclusion

Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution (Metasploit)
Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution (Metasploit)

House Style 0.1.2 - readfile() Local File Disclosure
House Style 0.1.2 - 'readfile()' Local File Disclosure

OTRS Open Technology Real Services 3.1.8 / 3.1.9 - Cross-Site Scripting
OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting

ServersCheck Monitoring Software 9.0.12 / 9.0.14 - Persistent Cross-Site Scripting
ServersCheck Monitoring Software 9.0.12/9.0.14 - Persistent Cross-Site Scripting

airVisionNVR 1.1.13 - readfile() Disclosure / SQL Injection
airVisionNVR 1.1.13 - 'readfile()' Disclosure / SQL Injection

Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabilities
Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities

IP.Gallery 4.2.x / 5.0.x - Persistent Cross-Site Scripting
IP.Gallery 4.2.x/5.0.x - Persistent Cross-Site Scripting

Alt-N MDaemon 13.0.3 / 12.5.6 - Email Body HTML/JS Injection
Alt-N MDaemon 12.5.6/13.0.3 - Email Body HTML/JS Injection

parachat 5.5 - Directory Traversal
Parachat 5.5 - Directory Traversal

DCP-Portal 3.7/4.x/5.x - calendar.php Multiple Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'calendar.php' Multiple Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - announcement.php cid Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - news.php cid Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - contents.php cid Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'announcement.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'news.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'contents.php' 'cid' Parameter Cross-Site Scripting

DCP-Portal 3.7/4.x/5.x - calendar.php HTTP Response Splitting
DCP-Portal 3.7/4.x/5.x - 'calendar.php' HTTP Response Splitting
UBBCentral UBB.Threads 6.2.3/6.5 - showflat.php Cat Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - calendar.php Cat Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' Cat Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - online.php Cat Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting

phpVms Virtual Airline Administration 2.1.934 / 2.1.935 - SQL Injection
phpVms Virtual Airline Administration 2.1.934/2.1.935 - SQL Injection

phpMyAdmin 3.5.8 / 4.0.0-RC2 - Multiple Vulnerabilities
phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities

UBBCentral UBB.Threads 6.0 - editpost.php SQL Injection
UBBCentral UBB.Threads 6.0 - 'editpost.php' SQL Injection

Wifi Photo Transfer 2.1 / 1.1 PRO - Multiple Vulnerabilities
Wifi Photo Transfer 2.1/1.1 PRO - Multiple Vulnerabilities

File Lite 3.3 / 3.5 PRO iOS - Multiple Vulnerabilities
File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities

IPB (Invision Power Board) 1.x? / 2.x / 3.x - Admin Account Takeover
IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover

UBBCentral 6.0 - UBB.threads Printthread.php SQL Injection
UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL Injection

Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x / 7.x) - Persistent Cross-Site Scripting
Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting

SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation
SPIP - CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation

YaPiG 0.9x - Remote File Inclusion / Local File Inclusion
YaPiG 0.9x - Local/Remote File Inclusion
UBBCentral UBB.Threads 5.5.1/6.x - download.php Number Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - calendar.php Multiple Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - modifypost.php Number Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - viewmessage.php message Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - addfav.php main Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - notifymod.php Number Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - grabnext.php posted Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection

Cuppa CMS - 'alertConfigField.php' Remote / Local File Inclusion
Cuppa CMS - 'alertConfigField.php' Local/Remote File Inclusion

Xibo 1.2.2 / 1.4.1 - 'index.php' p Parameter Directory Traversal
Xibo 1.2.2/1.4.1 - 'index.php' p Parameter Directory Traversal

UBB.Threads 6.3 - showflat.php SQL Injection
UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injection

Virtual Hosting Control System 2.2/2.4 - 'login.php' check_login() Function Authentication Bypass
Virtual Hosting Control System 2.2/2.4 - 'login.php' 'check_login()' Function Authentication Bypass

ATutor 1.5.x - admin/fix_content.php submit Parameter Cross-Site Scripting
ATutor 1.5.x - 'admin/fix_content.php' 'submit' Parameter Cross-Site Scripting

Mirapoint Web Mail - Expression() HTML Injection
Mirapoint Web Mail - 'Expression()' HTML Injection

Onpub CMS 1.4 / 1.5 - Multiple SQL Injections
Onpub CMS 1.4/1.5 - Multiple SQL Injections

ImpressPages CMS 3.6 - manage() Function Remote Code Execution
ImpressPages CMS 3.6 - 'manage()' Function Remote Code Execution

Coppermine Photo Gallery 1.4.10 - Multiple Remote File Inclusion / Local File Inclusion
Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusion

Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass (Metasploit)
Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass (Metasploit)

UBB.Threads 6.1.1 - UBBThreads.php SQL Injection
UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL Injection

WHMCompleteSolution (WHMCS) 4.x / 5.x - Multiple Web Vulnerabilities
WHMCompleteSolution (WHMCS) 4.x/5.x - Multiple Web Vulnerabilities

Jenkins 1.523 - Inject Persistent HTML Code
Jenkins 1.523 - Persistent HTML Code

CTERA 3.2.29.0 / 3.2.42.0 - Persistent Cross-Site Scripting
CTERA 3.2.29.0/3.2.42.0 - Persistent Cross-Site Scripting

UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection
UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection

Drupal < 6.16 / 5.22 - Multiple Vulnerabilities
Drupal < 5.22/6.16 - Multiple Vulnerabilities

AdvertisementManager 3.1 - 'req' Parameter Local File Inclusion / Remote File Inclusion
AdvertisementManager 3.1 - 'req' Parameter Local/Remote File Inclusion

Ultra Electronics 7.2.0.19 / 7.4.0.7 - Multiple Vulnerabilities
Ultra Electronics 7.2.0.19/7.4.0.7 - Multiple Vulnerabilities

net2ftp 0.98 (stable) - 'admin1.template.php' Local File Inclusion / Remote File Inclusion
net2ftp 0.98 (stable) - 'admin1.template.php' Local/Remote File Inclusion

MyBB 1.8.2 - unset_globals() Function Bypass / Remote Code Execution
MyBB 1.8.2 - 'unset_globals()' Function Bypass / Remote Code Execution

WordPress Plugin Spellchecker 3.1 - 'general.php' Local File Inclusion / Remote File Inclusion
WordPress Plugin Spellchecker 3.1 - 'general.php' Local/Remote File Inclusion
Pimcore 3.0 / 2.3.0 CMS - SQL Injection
phpList 3.0.6 / 3.0.10 - SQL Injection
Pimcore 2.3.0/3.0 CMS - SQL Injection
phpList 3.0.6/3.0.10 - SQL Injection

Guppy CMS 5.0.9 / 5.00.10 - Authentication Bypass/Change Email
Guppy CMS 5.0.9/5.00.10 - Authentication Bypass/Change Email

UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting
UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting

OSClass 2.3.3 - 'index.php' getParam() Function Multiple Parameter Cross-Site Scripting
OSClass 2.3.3 - 'index.php' 'getParam()' Function Multiple Parameter Cross-Site Scripting

OpenEMR 4.1 - 'Interface/fax/fax_dispatch.php' File Parameter exec() Call Arbitrary Shell Command Execution
OpenEMR 4.1 - 'Interface/fax/fax_dispatch.php' File Parameter 'exec()' Call Arbitrary Shell Command Execution

Fork CMS 3.x - backend/modules/error/actions/index.php parse() Function Multiple Parameter Error Display Cross-Site Scripting
Fork CMS 3.x - 'backend/modules/error/actions/index.php' 'parse()' Function Multiple Parameter Error Display Cross-Site Scripting

DedeCMS < 5.7-sp1 - Remote File Inclusion
DeDeCMS < 5.7-sp1 - Remote File Inclusion

WK UDID 1.0.1 iOS - Command Inject
WK UDID 1.0.1 iOS - Command Injection

MindTouch DekiWiki - Multiple Remote File Inclusion / Local File Inclusion
MindTouch DekiWiki - Multiple Local/Remote File Inclusions

PHP 5.5.9 - cgimode fpm writeprocmemfile Bypass disable function
PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function

Western Digital My Cloud 04.01.03-421 / 04.01.04-422 - Command Injection
Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection

Belkin Router N150 1.00.08 / 1.00.09 - Directory Traversal
Belkin Router N150 1.00.08/1.00.09 - Directory Traversal

b374k Web Shell 3.2.3 / 2.8 - Cross-Site Request Forgery / Command Injection
b374k Web Shell 3.2.3/2.8 - Cross-Site Request Forgery / Command Injection

CakePHP 2.2.8 / 2.3.7 - AssetDispatcher Class Local File Inclusion
CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion

AlegroCart 1.2.8 - Local File Inclusion / Remote File Inclusion
AlegroCart 1.2.8 - Local/Remote File Inclusion

HumHub 0.11.2 / 0.20.0-beta.2 - SQL Injection
HumHub 0.11.2/0.20.0-beta.2 - SQL Injection

xBoard 5.0 / 5.5 / 6.0 - 'view.php' Local File Inclusion
xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion

qEngine 4.1.6 / 6.0.0 - 'task.php' Local File Inclusion
qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion

Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 - Multiple Vulnerabilities
Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities

dotDefender Firewall 5.00.12865 / 5.13-13282 - Cross-Site Request Forgery
dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery

Chamilo LMS IDOR - (messageId) Delete POST Inject
Chamilo LMS IDOR - 'messageId' Delete POST Injection

WordPress Plugin Site Import 1.0.1 - Local File Inclusion / Remote File Inclusion
WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion

WordPress Plugin Brandfolder 3.0 - Remote File Inclusion / Local File Inclusion
WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion

PQI Air Pen Express 6W51-0000R2 / 6W51-0000R2XXX - Multiple Vulnerabilities
PQI Air Pen Express 6W51-0000R2/6W51-0000R2XXX - Multiple Vulnerabilities

Novell ServiceDesk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities
Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities

Totemomail 4.x / 5.x - Persistent Cross-Site Scripting
Totemomail 4.x/5.x - Persistent Cross-Site Scripting

Tiki Wiki CMS Calendar 14.2 / 12.5 LTS / 9.11 LTS / 6.15 - Remote Code Execution
Tiki Wiki CMS Calendar 6.15/9.11 LTS/12.5 LTS/14.2 - Remote Code Execution

Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated Arbitrary File Upload
Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Unauthenticated Arbitrary File Upload

Untangle NGFW 12.1.0 Beta - execEvil() Command Injection
Untangle NGFW 12.1.0 Beta - 'execEvil()' Command Injection

GSX Analyzer 10.12 / 11 - 'main.swf' Hard-Coded Superadmin Credentials
GSX Analyzer 10.12/11 - 'main.swf' Hard-Coded Superadmin Credentials

Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities

Trend Micro Deep Discovery 3.7 / 3.8 SP1 (3.81) / 3.8 SP2 (3.82) - hotfix_upload.cgi Filename Remote Code Execution
Trend Micro Deep Discovery 3.7/3.8 SP1 (3.81)/3.8 SP2 (3.82) - 'hotfix_upload.cgi' Filename Remote Code Execution

WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities
WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities

Zabbix 2.2.x / 3.0.x - SQL Injection
Zabbix 2.2.x/3.0.x - SQL Injection
Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal
Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection
Lepton CMS 2.2.0/2.2.1 - Directory Traversal
Lepton CMS 2.2.0/2.2.1 - PHP Code Injection

RSS News AutoPilot Script 1.0.1 / 3.1.0 - Admin Panel Authentication Bypass
RSS News AutoPilot Script 1.0.1/3.1.0 - Admin Panel Authentication Bypass

Oracle BI Publisher 11.1.1.6.0 / 11.1.1.7.0 / 11.1.1.9.0 / 12.2.1.0.0 - XML External Entity Injection
Oracle BI Publisher 11.1.1.6.0/11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 - XML External Entity Injection

SPIP 3.1.1 / 3.1.2 - File Enumeration / Path Traversal
SPIP 3.1.1/3.1.2 - File Enumeration / Path Traversal

WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery
WordPress Plugin Quiz And Survey Master 4.5.4/4.7.8 - Cross-Site Request Forgery

Zoneminder 1.29 / 1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery
Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery

RSS News AutoPilot Script 1.0.1 / 3.0.3 - Cross-Site Request Forgery
RSS News AutoPilot Script 1.0.1/3.0.3 - Cross-Site Request Forgery

Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'license.php' Remote Command Execution (Metasploit)
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'welcome' Remote Command Execution (Metasploit)
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)

Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution (Metasploit)
Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit)

Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution
Horde Groupware Webmail 3/4/5 - Multiple Remote Code Execution

Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities
Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities

I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
GLPI 0.90.4 - SQL Injection
WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection
 2017-06-28 05:01:23 +00:00
Offensive Security
df0343af6d DB: 2017-06-22 
13 new exploits

Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Pool Memory Disclosure
Microsoft Windows - 'IOCTL 0x390400_ operation code 0x00020000' Kernel KsecDD Pool Memory Disclosure
Microsoft Windows - 'IOCTL_MOUNTMGR_QUERY_POINTS' Kernel Mountmgr Pool Memory Disclosure
Microsoft Windows - '0x224000 IOCTL (WmiQueryAllData)' Kernel WMIDataDevice Pool Memory Disclosure
Microsoft Windows - 'win32k!NtGdiEnumFonts' Kernel Pool Memory Disclosure
Microsoft Windows - 'IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS' volmgr Pool Memory Disclosure
Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_GEOMETRY_EX' Kernel partmgr Pool Memory Disclosure
Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_LAYOUT_EX' Kernel partmgr Pool Memory Disclosure
Microsoft Windows - 'nt!NtQueryVolumeInformationFile (FileFsVolumeInformation)' Kernel Pool Memory Disclosure
Microsoft Windows - 'nt!NtNotifyChangeDirectoryFile' Kernel Pool Memory Disclosure
Microsoft Windows - 'nt!KiDispatchException' Kernel Stack Memory Disclosure in Exception Handling

sudo 1.8.0 < 1.8.3p1 (sudo_debug) - glibc FORTIFY_SOURCE Bypass + Privilege Escalation
sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation

Linux Kernel 3.14.5 (RHEL / CentOS 7) - 'libfutex' Privilege Escalation
Linux Kernel 3.14.5 (CentOS 7 / RHEL) - 'libfutex' Privilege Escalation

Sudo 1.8.14 - Unauthorized Privilege
Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - 'Sudoedit' Unauthorized Privilege Escalation

Linux/x86 - Reverse UDP Shellcode (668 bytes)

PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
 2017-06-22 05:01:27 +00:00
Offensive Security
b00ce2562c DB: 2017-06-21 
2 new exploits

Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service

Sudo - 'get_process_ttyname()' Privilege Escalation
Sudo 1.8.20 - 'get_process_ttyname()' Privilege Escalation

WonderCMS 2.1.0 - Cross-Site Request Forgery
 2017-06-21 05:01:28 +00:00
Offensive Security
380d33dd22 DB: 2017-06-20 
13 new exploits

GNU binutils - 'rx_decode_opcode' Buffer Overflow
GNU binutils - 'disassemble_bytes' Heap Overflow
GNU binutils - 'bfd_get_string' Stack Buffer Overflow
GNU binutils - 'decode_pseudodbg_assert_0' Buffer Overflow
GNU binutils - 'ieee_object_p' Stack Buffer Overflow
GNU binutils - 'print_insn_score16' Buffer Overflow
GNU binutils - 'aarch64_ext_ldst_reglist' Buffer Overflow
iBall Baton iB-WRA150N - Unauthenticated DNS Change
nuevoMailer 6.0 - SQL Injection
UTstarcom WA3002G4 - Unauthenticated DNS Change
D-Link DSL-2640U - Unauthenticated DNS Change
Beetel BCM96338 Router - Unauthenticated DNS Change
D-Link DSL-2640B - Unauthenticated Remote DNS Change
 2017-06-20 05:01:28 +00:00
Offensive Security
248f7e7480 DB: 2017-06-17 
7 new exploits

WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions
WebKit JSC - arrayProtoFuncSplice does not Initialize all Indices
WebKit JSC - JIT Optimization Check Failed in IntegerCheckCombiningPhase::handleBlock
WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales

Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow (DEP Bypass)
KBVault MySQL 0.16a - Arbitrary File Upload
Joomla! Component JoomRecipe 1.0.3 - SQL Injection
 2017-06-17 05:01:25 +00:00
Offensive Security
b946aa7e86 DB: 2017-06-15 
5 new exploits

Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Local Exploit
Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation

Easy MOV Converter 1.4.24 - 'Enter User Name' Buffer Overflow (SEH)

WarFTP 1.65 - (USER) Remote Buffer Overflow
WarFTP 1.65 - 'USER' Remote Buffer Overflow
Google Chrome - V8 Private Property Arbitrary Code Execution
HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution
WordPress Plugin WP Jobs < 1.5 - SQL Injection
WordPress Plugin Event List <= 0.7.8 - SQL Injection
 2017-06-15 05:01:27 +00:00
Offensive Security
2170122160 DB: 2017-06-14 
7 new exploits

MyServer 0.7.1 - (POST) Denial of Service
MyServer 0.7.1 - 'POST' Denial of Service

Foxmail 2.0 - (MAIL FROM:) Denial of Service
Foxmail 2.0 - 'MAIL FROM:' Denial of Service

Nokia Symbian 60 - (BlueTooth Nickname) Remote Restart (2)
Nokia Symbian 60 - 'BlueTooth Nickname' Remote Restart (2)
Ethereal 0.10.10 / tcpdump 3.9.1 - (rsvp_print) Infinite Loop Denial of Service
Tcpdump 3.8.x - (ldp_print) Infinite Loop Denial of Service
Tcpdump 3.8.x - (rt_routing_info) Infinite Loop Denial of Service
Tcpdump 3.8.x/3.9.1 - (isis_print) Infinite Loop Denial of Service
Ethereal 0.10.10 / tcpdump 3.9.1 - 'rsvp_print' Infinite Loop Denial of Service
Tcpdump 3.8.x - 'ldp_print' Infinite Loop Denial of Service
Tcpdump 3.8.x - 'rt_routing_info' Infinite Loop Denial of Service
Tcpdump 3.8.x/3.9.1 - 'isis_print' Infinite Loop Denial of Service

Ethereal 0.10.10 - (dissect_ipc_state) Remote Denial of Service
Ethereal 0.10.10 - 'dissect_ipc_state' Remote Denial of Service
phpBB 2.0.15 - Register Multiple Users Denial of Service (Perl)
phpBB 2.0.15 - Register Multiple Users Denial of Service (C)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)

Stream / Raped (Windows) - Denial of Service Attack
Stream / Raped (Windows) - Denial of Service
Ipswitch WS_FTP Server 5.03 - (RNFR) Buffer Overflow
Mercury/32 Mail Server 4.01a - (check) Buffer Overflow
Golden FTP Server Pro 2.52 - (USER) Remote Buffer Overflow
Ipswitch WS_FTP Server 5.03 - 'RNFR' Buffer Overflow
Mercury/32 Mail Server 4.01a - 'check' Buffer Overflow
Golden FTP Server Pro 2.52 - 'USER' Remote Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (SMTP) Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (FTP) Buffer Overflow
GTChat 0.95 Alpha - (adduser) Remote Denial of Service
Inframail Advantage Server Edition 6.0 < 6.37 - 'SMTP' Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - 'FTP' Buffer Overflow
GTChat 0.95 Alpha - 'adduser' Remote Denial of Service

P2P Pro 1.0 - (command) Denial of Service
P2P Pro 1.0 - 'command' Denial of Service

Mozilla Products - (Host:) Buffer Overflow Denial of Service String
Mozilla Products - 'Host:' Buffer Overflow Denial of Service String

Fastream NETFile Web Server 7.1.2 - (HEAD) Denial of Service
Fastream NETFile Web Server 7.1.2 - 'HEAD' Denial of Service

RBExplorer 1.0 - (Hijacking Command) Denial of Service
RBExplorer 1.0 - Hijacking Command Denial of Service

Freeciv 2.0.7 - (Jumbo Malloc) Denial of Service Crash
Freeciv 2.0.7 - (Jumbo Malloc) Crash (Denial of Service)
XChat 2.6.7 - (Windows) Remote Denial of Service (PHP)
XChat 2.6.7 - (Windows) Remote Denial of Service (Perl)
XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)
XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)

Nokia Symbian 60 3rd Edition - Browser Denial of Service Crash
Nokia Symbian 60 3rd Edition - Browser Crash (Denial of Service)

Macromedia Flash 9 - (IE Plugin) Remote Denial of Service Crash
Macromedia Flash 9 - (IE Plugin) Remote Crash (Denial of Service)

AIDeX Mini-WebServer 1.1 - Remote Denial of Service Crash
AIDeX Mini-WebServer 1.1 - Remote Crash (Denial of Service)

Microsoft Windows - NtRaiseHardError 'Csrss.exe/winsrv.dll' Double-Free
Microsoft Windows - 'Csrss.exe/winsrv.dll' NtRaiseHardError Double-Free

Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Denial of Service Hang / Crash
Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Hang / Crash (Denial of Service)

Half-Life CSTRIKE Server 1.6 - Denial of Service (no-steam)
Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service

AyeView 2.20 - (malformed gif image) Local Crash
AyeView 2.20 - Malformed .GIF Image Local Crash

Microsoft Windows - '.chm' Denial of Service (HTML compiled)
Microsoft Windows - '.chm' Denial of Service (HTML Compiled)

Winamp 5.541 - '.mp3'/'.aiff' Multiple Denial of Services
Winamp 5.541 - '.mp3'/'.aiff' File Multiple Denial of Service Vulnerabilities

Multiple HTTP Server - Low Bandwidth Denial of Service (slowloris.pl)
Multiple HTTP Server - 'slowloris.pl' Low Bandwidth Denial of Service

Google Picasa 3.5 - Local Denial of Service Buffer Overflow
Google Picasa 3.5 - Local Buffer Overflow (Denial of Service)

3Com OfficeConnect Routers - (Content-Type) Denial of Service
3Com OfficeConnect Routers - 'Content-Type' Denial of Service

VSO Medoa Player 1.0.2.2 - Local Denial of Services (PoC)
VSO Medoa Player 1.0.2.2 - Local Denial of Service (PoC)

QtWeb 3.0 - Remote Denial of Service/Crash
QtWeb 3.0 - Remote Crash (Denial of Service)

NovaPlayer 1.0 - '.mp3' Local Denial of Service (2)
NovaPlayer 1.0 - '.mp3' File Local Denial of Service (2)

Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' Denial of Service/Crash
Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' File Crash (Denial of Service)

eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash SEH (PoC)
eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash (SEH) (PoC)

Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Denial of Service (Crash)
Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Crash (Denial of Service)

Optimal Archive 1.38 - '.zip' SEH (PoC)
Optimal Archive 1.38 - '.zip' File (SEH) (PoC)
MovieLibrary 1.4.401 - Local Denial of Service (.dmv)
Book Library 1.4.162 - Local Denial of Service (.bkd)
MovieLibrary 1.4.401 - '.dmv' Local Denial of Service
Book Library 1.4.162 - '.bkd' Local Denial of Service

Huawei EchoLife HG520c - Denial of Service / Modem Reset
Huawei EchoLife HG520c - Modem Reset (Denial of Service)

CommView 6.1 (Build 636) - Local Denial of Service (Blue Screen of Death)
CommView 6.1 (Build 636) - Local Blue Screen of Death (Denial of Service)

QtWeb 3.3 - Remote Denial of Service/Crash
QtWeb 3.3 - Remote Crash (Denial of Service)

Subtitle Translation Wizard 3.0.0 - SEH (PoC)
Subtitle Translation Wizard 3.0.0 - (SEH) (PoC)

Opera - Denial of Service by canvas Element
Opera - Canvas Element (Denial of Service)

Microsoft IIS 6.0 - ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065)
Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065)

HP Data Protector Manager 6.11 - Remote Denial of Service in RDS Service
HP Data Protector Manager 6.11 - RDS Service Remote Denial of Service

FreeBSD 8.0 - Local Denial of Service (Forced Reboot)
FreeBSD 8.0 - Local Forced Reboot (Denial of Service)

Hanso Player 1.4.0.0 - Buffer Overflow Denial of Service Skinfile
Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service)

CiscoKits 1.0 - TFTP Server Denial of Service (Write command)
CiscoKits 1.0 - TFTP Server 'Write Command' Denial of Service

Apache - Remote Denial of Service (Memory Exhaustion)
Apache - Remote Memory Exhaustion (Denial of Service)

TOWeb 3.0 - Local Format String Denial of Service (TOWeb.MO file Corruption)
TOWeb 3.0 - Local Format String Denial of Service 'TOWeb.MO' File Corruption

BlueZone Desktop Multiple - Malformed files Local Denial of Service Vulnerabilities
BlueZone Desktop Multiple - Malformed Files Local Denial of Service Vulnerabilities

NJStar Communicator MiniSmtp - Buffer Overflow [ASLR Bypass]
NJStar Communicator MiniSmtp - Buffer Overflow (ASLR Bypass)

Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit)
Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit)

Qutecom SoftPhone 2.2.1 - Heap Overflow Denial of Service/Crash (PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)

Network Associates Gauntlet Firewall 5.0 - Denial of Service Attack
Network Associates Gauntlet Firewall 5.0 - Denial of Service
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (1)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (2)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (1)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (2)

Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service Attack
Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service

Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service Attack
Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service

(Linux Kernel) ReiserFS 3.5.28 - Denial of Service (Possible Code Execution)
(Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service

Winlog Lite SCADA HMI system - SEH 0verwrite
Winlog Lite SCADA HMI system - (SEH) Overwrite

FL Studio 10 Producer Edition - SEH Based Buffer Overflow (PoC)
FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC)

OptiSoft Blubster 2.5 - Remote Denial of Service Attack
OptiSoft Blubster 2.5 - Remote Denial of Service

ChatZilla 0.8.23 - Remote Denial of Service Attack
ChatZilla 0.8.23 - Remote Denial of Service

ACDSee 9.0 Photo Manager - Multiple BMP Denial of Service Vulnerabilities
ACDSee 9.0 Photo Manager - Multiple '.BMP' Denial of Service Vulnerabilities

Motorola SBG6580 Cable Modem & Wireless Router - Denial of Service Reboot
Motorola SBG6580 Cable Modem & Wireless Router - Reboot (Denial of Service)

Unreal Tournament 3 - Denial of Service / Memory Corruption
Unreal Tournament 3 - Memory Corruption (Denial of Service)

Gold MP4 Player 3.3 - Universal SEH Exploit (Metasploit)
Gold MP4 Player 3.3 - Universal Exploit (SEH) (Metasploit)

Jzip - SEH Unicode Buffer Overflow (Denial of Service)
Jzip - Buffer Overflow (SEH Unicode) (Denial of Service)

Symantec Endpoint Protection Manager 12.1.x - SEH Overflow (PoC)
Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC)

Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Issue
Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities

NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary memory read
NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary Memory Read

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow/Denial of Service EIP Overwrite
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite

JourneyMap 5.0.0RC2 Ultimate Edition - Denial of Service (Resource Consumption)
JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption (Denial of Service)

Mediacoder 0.8.33 build 5680 - Buffer Overflow (SEH) Denial of Service (.lst)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service

i.FTP 2.21 - SEH Overflow Crash (PoC)
i.FTP 2.21 - (SEH) Overflow Crash (PoC)

Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' Denial of service (Crush Application)
Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service)

Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash (PoC)
Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC)

Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service/Elevation of Privilege (MS15-111)
Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service / Privilege Escalation (MS15-111)

Sam Spade 1.14 - S-Lang Command Field SEH Overflow
Sam Spade 1.14 - S-Lang Command Field Overflow (SEH)

SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field SEH Overflow
SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field Overflow (SEH)

Network Scanner 4.0.0.0 - SEH Crash (PoC)
Network Scanner 4.0.0.0 - (SEH)Crash (PoC)

Zortam Mp3 Media Studio 20.15 - SEH Overflow Denial of Service
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service

i.FTP 2.21 - Host Address / URL Field SEH Exploit
i.FTP 2.21 - Host Address / URL Field (SEH)

Oracle VirtualBox Guest Additions 5.1.18 -  Unprivileged Windows User-Mode Guest Code Double-Free
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking

Microsoft Windows Server 2000 - Utility Manager Privilege Elevation Exploit (MS04-019)
Microsoft Windows Server 2000 - Utility Manager Privilege Escalation (MS04-019)

Microsoft Windows - 'keybd_event' Local Privilege Elevation Exploit
Microsoft Windows - 'keybd_event' Local Privilege Escalation

Microsoft Vista - (NtRaiseHardError) Privilege Escalation
Microsoft Vista - 'NtRaiseHardError' Privilege Escalation

Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation
Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Escalation

eTrust AntiVirus Agent r8 - Local Privilege Elevation Exploit
eTrust AntiVirus Agent r8 - Local Privilege Escalation

WinPcap 4.0 - 'NPF.SYS' Privilege Elevation (PoC)
WinPcap 4.0 - 'NPF.SYS' Privilege Escalation (PoC)

IntelliTamper (2.07/2.08) - Language Catalog SEH Overflow
IntelliTamper (2.07/2.08) - Language Catalog Overflow (SEH)

WINMOD 1.4 - '.lst' Local Stack Overflow XP SP3 (RET + SEH) (3)
WINMOD 1.4 - '.lst' File Local Stack Overflow XP SP3 (RET + SEH) (3)

CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH)

DJ Studio Pro 5.1.6.5.2 - SEH Exploit
DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit

Winamp 5.572 - SEH Exploit
Winamp 5.572 - (SEH) Exploit

Orbital Viewer 1.04 - '.orb' Local Universal SEH Overflow
Orbital Viewer 1.04 - '.orb' File Local Universal Overflow (SEH)

ZipScan 2.2c - SEH Exploit
ZipScan 2.2c - (SEH) Exploit
ZipCentral - '.zip' SEH Exploit
eZip Wizard 3.0 - '.zip' SEH Exploit
ZipCentral - '.zip' File (SEH)
eZip Wizard 3.0 - '.zip' File (SEH)

PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass)
PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow (NX + ASLR Bypass)

Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit)
Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit)

ZipWrangler 1.20 - '.zip' SEH Exploit
ZipWrangler 1.20 - '.zip' File (SEH)

Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' SEH Exploit
Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' File (SEH)

Mediacoder 0.7.3.4672 - SEH Exploit
Mediacoder 0.7.3.4672 - (SEH) Exploit

VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (1)
VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (1)

Castripper 2.50.70 - '.pls' Stack Buffer Overflow DEP Bypass
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass
BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass)
Winamp 5.572 - Local Buffer Overflow (EIP & SEH DEP Bypass)
BlazeDVD 5.1 - '.plf' File Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass)
Winamp 5.572 - Local Buffer Overflow (EIP + SEH DEP Bypass)

BlazeDVD 6.0 - '.plf' SEH Universal Buffer Overflow
BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow

RM Downloader 3.1.3 - Local SEH Exploit (Windows 7 ASLR + DEP Bypass)
RM Downloader 3.1.3 (Windows 7) - Local ASLR + DEP Bypass (SEH)

ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS ASLR + DEP Bypass) (Metasploit)
ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit)

A-PDF WAV to MP3 1.0.0 - Universal Local SEH Exploit
A-PDF WAV to MP3 1.0.0 - Universal Local (SEH)

Acoustica MP3 Audio Mixer 2.471 - Extended M3U directives SEH Exploit
Acoustica MP3 Audio Mixer 2.471 - Extended .M3U Directives (SEH)

MP3 Workstation 9.2.1.1.2 - SEH Exploit
MP3 Workstation 9.2.1.1.2 - (SEH) Exploit
DJ Studio Pro 8.1.3.2.1 - SEH Exploit
A-PDF All to MP3 Converter 1.1.0 - Universal Local SEH Exploit
DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit
A-PDF All to MP3 Converter 1.1.0 - Universal Local (SEH)

MP3 Workstation 9.2.1.1.2 - SEH Exploit (Metasploit)
MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit)

iworkstation 9.3.2.1.4 - SEH Exploit
iworkstation 9.3.2.1.4 - (SEH) Exploit
Quick Player 1.3 - Unicode SEH Exploit
AudioTran 1.4.2.4 - SafeSEH + SEHOP Exploit
Quick Player 1.3 - Unicode (SEH)
AudioTran 1.4.2.4 - (SafeSEH + SEHOP) Exploit

Microsoft Windows Vista/7 - Elevation of Privileges (UAC Bypass)
Microsoft Windows Vista/7 - Privilege Escalation (UAC Bypass)

Nokia MultiMedia Player 1.0 - SEH Unicode Exploit
Nokia MultiMedia Player 1.0 - (SEH Unicode)

WM Downloader 3.1.2.2 2010.04.15 - '.m3u' Buffer Overflow (DEP Bypass)
WM Downloader 3.1.2.2 2010.04.15 - '.m3u' File Buffer Overflow (DEP Bypass)

Adobe PDF - Escape EXE Social Engineering (No JavaScript)(Metasploit)
Adobe PDF - Escape EXE Social Engineering (No JavaScript) (Metasploit)

POP Peeper 3.7 - SEH Exploit
POP Peeper 3.7 - (SEH) Exploit

MPlayer Lite r33064 - '.m3u' SEH Overflow
MPlayer Lite r33064 - '.m3u' Overflow (SEH)

Wireshark 1.4.1 < 1.4.4 - SEH Overflow
Wireshark 1.4.1 < 1.4.4 - Overflow (SEH)

Subtitle Processor 7.7.1 - SEH Unicode Buffer Overflow
Subtitle Processor 7.7.1 - Buffer Overflow (SEH Unicode)

Subtitle Processor 7.7.1 - '.m3u' SEH Unicode Buffer Overflow (Metasploit)
Subtitle Processor 7.7.1 - '.m3u' File Buffer Overflow (SEH Unicode) (Metasploit)

The KMPlayer 3.0.0.1440 - '.mp3' Buffer Overflow (Windows XP SP3 DEP Bypass)
The KMPlayer 3.0.0.1440 - '.mp3' File Buffer Overflow (Windows XP SP3 DEP Bypass)

MPlayer Lite r33064 - m3u Buffer Overflow (DEP Bypass)
MPlayer Lite r33064 - '.m3u' Buffer Overflow (DEP Bypass)

DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass Exploit
DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass

MY MP3 Player 3.0 - '.m3u' Exploit DEP Bypass
MY MP3 Player 3.0 - '.m3u' DEP Bypass

TORCS 1.3.2 - xml Buffer Overflow /SAFESEH evasion
TORCS 1.3.2 - '.xml' File Buffer Overflow /SafeSEH Evasion

DJ Studio Pro 5.1.6.5.2 - SEH Exploit (Metasploit)
DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit)

BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass
BlazeVideo HDTV Player 6.6 Professional - (SEH + ASLR + DEP Bypass)

Corel Linux OS 1.0 - Denial of Serviceemu Distribution Configuration
Corel Linux OS 1.0 - Dosemu Distribution Configuration

MyMp3 Player Stack - '.m3u' DEP Bypass
MyMp3 Player Stack - '.m3u' File DEP Bypass

CoolPlayer+ Portable 2.19.2 - Buffer Overflow ASLR Bypass (Large Shellcode)
CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (Large Shellcode)
Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Elevation
Microsoft IIS 5.0 - In-Process Table Privilege Elevation
Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation
Microsoft IIS 5.0 - In-Process Table Privilege Escalation

Taylor UUCP 1.0.6 - Argument Handling Privilege Elevation
Taylor UUCP 1.0.6 - Argument Handling Privilege Escalation

Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation
Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Escalation

Huawei Technologies Internet Mobile - Unicode SEH Exploit
Huawei Technologies Internet Mobile - Unicode (SEH)

MySQL (Linux) - Database Privilege Elevation Exploit
MySQL (Linux) - Database Privilege Escalation

Man Utility 2.3.19 - Local Compression Program Privilege Elevation
Man Utility 2.3.19 - Local Compression Program Privilege Escalation

BlazeDVD 6.1 - PLF Exploit DEP/ASLR Bypass (Metasploit)
BlazeDVD 6.1 - PLF Exploit (DEP + ASLR Bypass) (Metasploit)

BOINC Manager (Seti@home) 7.0.64 - Field SEH based Buffer Overflow
BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH)

Static HTTP Server 1.0 - SEH Overflow
Static HTTP Server 1.0 - (SEH) Overflow

ALLPlayer 5.6.2 - '.m3u' Local Buffer Overflow (SEH/Unicode)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH)

VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (2)
VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (2)

Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) ASLR + DEP Bypass
Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass)

OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege
OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation

Nidesoft MP3 Converter 2.6.18 - SEH Local Buffer Overflow
Nidesoft MP3 Converter 2.6.18 - Local Buffer Overflow (SEH)

Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege
Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation

Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Elevation of Privilege
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation
Quick Search 1.1.0.189 - 'search textbox' Unicode SEH Egghunter Buffer Overflow
Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow
Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass)
Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter)
Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH) (Windows 7 DEP Bypass)

Microsoft HTML Help Compiler 4.74.8702.0 - SEH Based Overflow
Microsoft HTML Help Compiler 4.74.8702.0 - Overflow (SEH)

MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' SEH Based Buffer Overflow (ASLR & SAFESEH Bypass)
MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)

Mozilla - Maintenance Service Log File Overwrite Elevation of Privilege
Mozilla - Maintenance Service Log File Overwrite Privilege Escalation

Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow
Logitech Webcam Software 1.1 - 'eReg.exe' Buffer Overflow (SEH Unicode)

Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow
Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH)
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP_ Denial of Service 7/8.1/10)
KiTTY Portable 0.65.0.2p - Local kitty.ini Overflow (Wow64 Egghunter Windows 7)
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP / Denial of Service 7/8.1/10)
KiTTY Portable 0.65.0.2p (Windows 7) - Local kitty.ini Overflow (Wow64 Egghunter)

Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Elevation Exploit
Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Escalation

Internet Download Manager 6.25 Build 14 - 'Find file' Unicode SEH Exploit
Internet Download Manager 6.25 Build 14 - 'Find file' Unicode (SEH)

Cogent Datahub 7.3.9 Gamma Script - Elevation of Privilege
Cogent Datahub 7.3.9 Gamma Script - Privilege Escalation

Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal ASLR + DEP Bypass)
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File Exploit (Universal ASLR + DEP Bypass)

Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (Metasploit)
Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH) (Metasploit)
Mediacoder 0.8.43.5852 - '.m3u' SEH Exploit
CoolPlayer+ Portable 2.19.6 - '.m3u' Stack Overflow (Egghunter + ASLR Bypass)
Mediacoder 0.8.43.5852 - '.m3u' (SEH)
CoolPlayer+ Portable 2.19.6 - '.m3u' File Stack Overflow (Egghunter + ASLR Bypass)

VUPlayer 2.49 - '.pls' Stack Buffer Overflow (DEP Bypass)
VUPlayer 2.49 - '.pls' File Stack Buffer Overflow (DEP Bypass)

Netgear Genie 2.4.32 - Unquoted Service Path Elevation of Privilege
Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation

Network Scanner 4.0.0 - SEH Local Buffer Overflow
Network Scanner 4.0.0 - Local Buffer Overflow (SEH)

Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow

Microsoft Windows - '.ani' GDI Remote Elevation of Privilege Exploit (MS07-017)
Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017)

Move Networks Quantum Streaming Player - SEH Overflow
Move Networks Quantum Streaming Player - Overflow (SEH)

Quick TFTP Server Pro 2.1 - Remote SEH Overflow
Quick TFTP Server Pro 2.1 - Remote Overflow (SEH)

Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit
Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation

FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow
FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH Stack Overflow

PowerTCP FTP module - Multiple Technique Exploit (SEH/HeapSpray)
PowerTCP FTP module - Multiple Technique Exploit (SEH HeapSpray)

BigAnt Server 2.52 - SEH Exploit
BigAnt Server 2.52 - (SEH) Exploit

File Sharing Wizard 1.5.0 - SEH Exploit
File Sharing Wizard 1.5.0 - (SEH) Exploit

Kolibri 2.0 - Buffer Overflow RET + SEH Exploit (HEAD)
Kolibri 2.0 - (HEAD) Buffer Overflow RET + (SEH)

Easy File Sharing HTTP Server 7.2 - SEH Overflow (Metasploit)
Easy File Sharing HTTP Server 7.2 - Overflow (SEH) (Metasploit)

WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter)
WorldMail IMAPd 3.0 - Overflow (SEH) (Egg Hunter)

Sysax Multi Server 5.53 - SFTP Authenticated SEH Exploit
Sysax Multi Server 5.53 - SFTP Authenticated (SEH)

Simple Web Server 2.2-rc2 - ASLR Bypass Exploit
Simple Web Server 2.2-rc2 - ASLR Bypass

Microsoft SQL 2000/7.0 - Agent Jobs Privilege Elevation
Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation

BigAnt Server 2.52 SP5 - SEH Stack Overflow ROP-based Exploit (ASLR + DEP Bypass)
BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass)

Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution
Intrasrv Simple Web Server 1.0 - Remote Code Execution (SEH)

Apache suEXEC - Privilege Elevation / Information Disclosure
Apache suEXEC - Information Disclosure / Privilege Escalation

Easy Internet Sharing Proxy Server 2.2 - SEH Overflow (Metasploit)
Easy Internet Sharing Proxy Server 2.2 - Overflow (SEH) (Metasploit)

Kolibri Web Server 2.0 - GET Request SEH Exploit
Kolibri Web Server 2.0 - GET Request (SEH)

Microsoft Windows Kerberos - Elevation of Privilege (MS14-068)
Microsoft Windows Kerberos - Privilege Escalation (MS14-068)

X360 VideoPlayer ActiveX Control 2.6 - (ASLR + DEP Bypass)
X360 VideoPlayer ActiveX Control 2.6 - ASLR + DEP Bypass

i.FTP 2.21 - Time Field SEH Exploit
i.FTP 2.21 - Time Field (SEH)

Konica Minolta FTP Utility 1.00 - Authenticated CWD Command SEH Overflow (Metasploit)
Konica Minolta FTP Utility 1.00 - Authenticated CWD Command Overflow (SEH) (Metasploit)

Easy File Sharing Web Server 7.2 - Remote SEH Based Overflow
Easy File Sharing Web Server 7.2 - Remote Overflow (SEH)

Konica Minolta FTP Utility 1.00 - CWD Command SEH Overflow
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)

Sysax Multi Server 6.50 - HTTP File Share SEH Overflow Remote Code Execution
Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH)

TFTP Server 1.4 - WRQ Buffer Overflow (Egghunter)
TFTP Server 1.4 - 'WRQ' Buffer Overflow (Egghunter)

Easy File Sharing Web Server 7.2 - SEH Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter)

Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow

Win32 - SEH omelet Shellcode
Win32 - SEH Omelet Shellcode
dotWidget CMS 1.0.6 - (file_path) Remote File Inclusion
DreamAccount 3.1 - (da_path) Remote File Inclusion
dotWidget CMS 1.0.6 - 'file_path' Remote File Inclusion
DreamAccount 3.1 - 'da_path' Remote File Inclusion

AWF CMS 1.11 - (spaw_root) Remote File Inclusion
AWF CMS 1.11 - 'spaw_root' Remote File Inclusion

Download-Engine 1.4.2 - (spaw) Remote File Inclusion
Download-Engine 1.4.2 - 'spaw' Remote File Inclusion

Newsscript 1.0 - Administrative Privilege Elevation
Newsscript 1.0 - Administrative Privilege Escalation

UBBCentral UBB.Threads 3.4/3.5 - Denial of Serviceearch.php SQL Injection
UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL Injection

Cerberus Helpdesk 2.649 - cer_KnowledgebaseHandler.class.php _load_article_details Function SQL Injection
Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection

cPanel 10.9 - Denial of Serviceetmytheme theme Parameter Cross-Site Scripting
cPanel 10.9 - dosetmytheme 'theme' Parameter Cross-Site Scripting

WordPress < 2.1.2  - PHP_Self Cross-Site Scripting
WordPress < 2.1.2 - PHP_Self Cross-Site Scripting
WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection
Real Estate Classifieds Script - SQL Injection
 2017-06-14 05:01:26 +00:00
Offensive Security
dea52f68f5 DB: 2017-06-12 
8 new exploits

Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC)

Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
VMware vSphere Data Protection 5.x/6.x - Java Deserialization
EFS Easy Chat Server 3.1 - Buffer Overflow (SEH)
IPFire 2.19 - Remote Code Execution
eCom Cart 1.3 - SQL Injection
EFS Easy Chat Server 3.1 - Password Disclosure
EFS Easy Chat Server 3.1 - Password Reset
PaulShop - SQL Injection
 2017-06-12 05:01:24 +00:00
Offensive Security
fbe517f675 DB: 2017-06-10 
6 new exploits

Mapscrn 2.03 - Local Buffer Overflow
libcroco 0.6.12 - Denial of Service
libquicktime 1.2.4 - Denial of Service
Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition
Apple macOS - Disk Arbitration Daemon Race Condition

Craft CMS 2.6 - Cross-Site Scripting
 2017-06-10 05:01:19 +00:00
Offensive Security
b002e06bf6 DB: 2017-06-08 
9 new exploits

Linux Kernel - 'ping' Local Denial of Service
Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service
PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption
Artifex MuPDF - Null Pointer Dereference
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference

DC/OS Marathon UI - Docker Exploit (Metasploit)
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
Xavier 2.4 - SQL Injection
Robert 0.5 - Multiple Vulnerabilities
 2017-06-08 05:01:17 +00:00
Offensive Security
0ef7d9b9ec DB: 2017-06-07 
8 new exploits

Wireshark 2.2.6 - IPv6 Dissector Denial of Service
Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service
Apple Safari 10.1 - Spread Operator Integer Overflow Remote Code Execution
Home Web Server 1.9.1 build 164 - Remote Code Execution

Linux/x86-64 - /bin/sh Shellcode (31 bytes)
Kronos Telestaff < 2.92EU29 - SQL Injection
WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting
Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure
 2017-06-07 05:01:18 +00:00
Offensive Security
cd6e21e600 DB: 2017-06-06 
11 new exploits

Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
DNSTracer 1.8.1 - Buffer Overflow
Parallels Desktop - Virtual Machine Escape
Subsonic 6.1.1 - XML External Entity Injection
BIND 9.10.5 - Unquoted Service Path Privilege Escalation

Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
Subsonic 6.1.1 - Cross-Site Request Forgery
Subsonic 6.1.1 - Server-Side Request Forgery
Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
 2017-06-06 05:01:15 +00:00
Offensive Security
42e94b4366 DB: 2017-06-05 
26 new exploits

Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine

Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files
Microsoft MsMpEng - Use-After-Free via Saved Callers
WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit - 'Element::setAttributeNodeNS' Use-After-Free
reiserfstune 3.6.25 - Local Buffer Overflow

TiEmu 2.08 - Local Buffer Overflow
Octopus Deploy - Authenticated Code Execution (Metasploit)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)

CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities

Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes)

uc-http Daemon - Local File Inclusion / Directory Traversal
Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow

WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
Piwigo Plugin Facetag 0.0.3 - SQL Injection
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - SQL Injection
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
 2017-06-05 05:01:15 +00:00
Offensive Security
6351914249 DB: 2017-05-22 
5 new exploits

Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC)

Secure Auditor 3.0 - Directory Traversal
KMCIS CaseAware - Cross-Site Scripting
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
PlaySMs 1.4 - 'import.php' Remote Code Execution
 2017-05-22 05:01:18 +00:00
Offensive Security
3f846368c1 DB: 2017-05-20 
9 new exploits

Microsoft Windows - Unauthenticated SMB Remote Code Execution (MS17-010) (Metasploit)
Microsoft Windows - Unauthenticated SMB Remote Code Execution Scanner (MS17-010) (Metasploit)

Linux chfn (SuSE 9.3 / 10) - Privilege Escalation
Linux chfn (SuSE 9.3/10) - Privilege Escalation

Microsoft Windows XP SP3 x86 / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002)
Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002)

Microsoft Windows Server 2008 R2 SP1 (x64) (Standard) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)
Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)

Microsoft Windows Windows 8/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)

Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Joomla 3.7.0 - 'com_fields' SQL Injection
Oracle PeopleSoft - Server-Side Request Forgery
Belden Garrettcom 6K/10K Switches - Authentication Bypass / Memory Corruption
SAP Business One for Android 1.2.3 - XML External Entity Injection
ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass
PlaySMS 1.4 - Remote Code Execution
D-Link DIR-600M Wireless N 150 - Authentication Bypass
 2017-05-20 05:01:16 +00:00
Offensive Security
94f7a8c8f5 DB: 2017-05-18 
15 new exploits

Apple iOS < 10.3.2 - Notifications API Denial of Service
Adobe Flash - AVC Deblocking Out-of-Bounds Read
Adobe Flash - Margin Handling Heap Corruption
Adobe Flash - Out-of-Bounds Read in Getting TextField Width
Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Mozilla Firefox 50 - 55 - Stack Overflow Denial of Service

Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation
Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit)
Serviio Media Server - checkStreamUrl Command Execution (Metasploit)
WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit)
Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution

Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes)
INFOR EAM 11.0 Build 201410 - 'filtervalue' SQL Injection
INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields
 2017-05-18 05:01:18 +00:00
Offensive Security
7eac4c3a2c DB: 2017-05-16 
10 new exploits

Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH)
Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)
Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token
Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure
Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys

Quest Privilege Manager - pmmasterd Buffer Overflow (Metasploit)
PlaySms 1.4 - Remote Code Execution
Mailcow 0.14 - Cross-Site Request Forgery
Admidio 3.2.8 - Cross-Site Request Forgery
 2017-05-16 05:01:17 +00:00
Offensive Security
66b205e6c7 DB: 2017-05-13 
3 new exploits

Cerberus FTP Server 1.x - Buffer Overflow Denial of Service
Palo Alto Networks PanOS root_trace - Privilege Escalation
Palo Alto Networks PanOS - root_reboot Privilege Escalation
Palo Alto Networks PanOS - 'root_trace' Privilege Escalation
Palo Alto Networks PanOS - 'root_reboot' Privilege Escalation

Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation
Linux Kernel 4.8.0 (Ubuntu) - Packet Socket Local Privilege Escalation
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation

Microsoft IIS WebDav - ScStoragePathFromUrl Overflow (Metasploit)
Microsoft IIS - WebDav 'ScStoragePathFromUrl' Overflow (Metasploit)
Vanilla Forums < 2.3 - Remote Code Execution

N-able N-central - Cross-Site Request Forgery

CMS Made Simple 2.1.6 - Multiple Vulnerabilities
 2017-05-13 05:01:18 +00:00
Offensive Security
5aee851cfb DB: 2017-05-11 
5 new exploits

PocketPC Mms Composer - (WAPPush) Denial of Service
PocketPC Mms Composer - 'WAPPush' Denial of Service

BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs)
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoC)

DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoC)

otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoC)

KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service) (PoC)

Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service

Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service

Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion

Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035)
Microsoft Internet Explorer 8/9/10 - 'CInput' Use-After-Free Crash (PoC) (MS14-035)

SAP SAPCAR 721.510 - Heap-Based Buffer Overflow

Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1)
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Privilege Escalation (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)

HT Editor 2.0.20 - Buffer Overflow (ROP PoC)
HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC)

Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities

Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation
Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Privilege Escalation

Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2)

Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1)

Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution

Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow (Metasploit)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit)

Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing
Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing

Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities
Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities

Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3)

Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)

Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)

Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion

visual tools dvr 3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities
Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities

Microsoft Internet Explorer 8 / 9 - Steal Any Cookie
Microsoft Internet Explorer 8/9 - Steal Any Cookie

PHPOpenChat 2.3.4/3.0.1 - ENGLISH_poc.php Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion

COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change
COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change

Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities

C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S_ DVR - Credentials Disclosure / Authentication Bypass
C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass

AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities
AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass
BanManager WebUI 1.5.8 - PHP Code Injection
Gongwalker API Manager 1.1 - Cross-Site Request Forgery
 2017-05-11 05:01:18 +00:00
Offensive Security
4e3947178d DB: 2017-05-10 
10 new exploits

LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls
LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers
LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflows
wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One
Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution
Crypttech CryptoLog - Remote Code Execution (Metasploit)
BSD/x86 - portbind port 31337 Shellcode (83 bytes)
BSD/x86 - portbind port random Shellcode (143 bytes)
BSD/x86 - Portbind Port 31337 Shellcode (83 bytes)
BSD/x86 - Portbind Random Port Shellcode (143 bytes)

BSD/x86 - execve /bin/sh Crypt /bin/sh Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)

BSD/x86 - reverse 6969 portbind Shellcode (129 bytes)
BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)

FreeBSD/x86 - portbind 4883 with auth Shellcode (222 bytes)
FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes)

FreeBSD/x86 - connect (Port 31337) Shellcode (102 bytes)
FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
Linux/x86 - execve Null Free Shellcode (Generator)
Linux/x86 - Portbind Payload Shellcode (Generator)
Windows XP SP1 - Portbind Payload Shellcode (Generator)
Linux/x86 - execve Null-Free Shellcode (Generator)
Linux/x86 - Portbind Shellcode (Generator)
Windows XP SP1 - Portbind Shellcode (Generator)

Linux/x86 - cmd Null Free Shellcode (Generator)
Linux/x86 - cmd Null-Free Shellcode (Generator)

Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Connectback Port 21 Shellcode

Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind Shellcode (276 bytes)
Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes)

Linux/SPARC - portbind port 8975 Shellcode (284 bytes)
Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes)

Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes)
Linux/x86 - bindport 8000 & execve iptables -F Shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access Shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux Shellcode (179 bytes)
Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes)
Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture Shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)

Linux/x86 - Connect Back Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - setuid/portbind (Port 31337) Shellcode (96 bytes)
Linux/x86 - portbind (2707) Shellcode (84 bytes)
Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes)
Linux/x86 - Portbind 2707 Shellcode (84 bytes)

Linux/x86 - SET_PORT() portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) Shellcode (86 bytes)
Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes)
Linux/x86 - Portbind Port 64713 Shellcode (86 bytes)
Linux/x86 - portbind port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add user 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - portbind port 5074 Shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add user 't00r' Shellcode (82 bytes)
Linux/x86 - Portbind Port 5074 Shellcode (92 bytes)
Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add User 't00r' Shellcode (82 bytes)

Linux/x86-64 - bindshell port 4444 Shellcode (132 bytes)
Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes)

NetBSD/x86 - callback Shellcode (port 6666) (83 bytes)
NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes)

OpenBSD/x86 - portbind port 6969 Shellcode (148 bytes)
OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes)

Solaris/SPARC - portbind (port 6666) Shellcode (240 bytes)
Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes)

Solaris/SPARC - portbind port 6789 Shellcode (228 bytes)
Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes)
Solaris/SPARC - portbinding Shellcode (240 bytes)
Solaris/x86 - portbind/TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free Shellcode (39 bytes)
Solaris/SPARC - Portbind Shellcode (240 bytes)
Solaris/x86 - Portbind TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes)

Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 Shellcode
Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode

Win32 - telnetbind by Winexec 23 port Shellcode (111 bytes)
Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes)

Win32 XP SP2 FR - Sellcode cmd.exe Shellcode (32 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)

Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)

Win32 - download and execute Shellcode (124 bytes)
Win32 - Download & Execute Shellcode (124 bytes)

Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows XP - download and exec source Shellcode
Windows XP SP1 - Portshell on port 58821 Shellcode (116 bytes)
Windows XP - Download & Exec Shellcode
Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes)

Win64 - (URLDownloadToFileA) download and execute Shellcode (218+ bytes)
Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes)
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 Shellcode
FreeBSD/x86 - portbind (Port 1337) Shellcode (167 bytes)
Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode
FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes)
Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)
Windows XP Professional SP2 (English) - Message Box Null-Free Shellcode (16 bytes)
Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)

Win32 XP SP2 FR - calc Shellcode (19 bytes)
Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Win32 XP SP3 English - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe Shellcode (26 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Windows XP Home Edition SP2 English - calc.exe Shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe Shellcode (37 bytes)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)

Windows XP Professional SP2 ITA - calc.exe Shellcode (36 bytes)
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)

Windows XP SP2 FR - Download and Exec Shellcode
Windows XP SP2 (FR) - Download & Exec Shellcode

Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Windows 7 Professional SP1 x64 (FR) - (Beep) Shellcode (39 bytes)

Linux/x86 - netcat connect back port 8080 Shellcode (76 bytes)
Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ Shellcode (390 bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes)
Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)

Linux/x86 - bind shell port 64533 Shellcode (97 bytes)
Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes)
Linux - 125 bind port to 6778 XOR encoded polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic Shellcode (91 bytes)
Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes)
Linux/x86 - netcat bindshell port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)
Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)

BSD/x86 - bindshell on port 2525 Shellcode (167 bytes)
BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes)

Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Win32/XP Pro SP3 (EN) x86 - Add new local administrator _secuid0_ Shellcode (113 bytes)
Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)
ARM - Bindshell port 0x1337 Shellcode
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
ARM - Bindshell Port 0x1337 Shellcode

OSX/Intel (x86-64) - setuid shell  Shellcode (51 bytes)
OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)

Win32 - speaking Shellcode
Win32 - Speaking 'You got pwned!' Shellcode

BSD/x86 - 31337 portbind + fork Shellcode (111 bytes)
BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes)

Linux/x86 - netcat bindshell port 6666 Shellcode (69 bytes)
Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes)

Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)

Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)

Linux/MIPS - connect back Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)

Windows XP Pro SP3 - Full ROP calc Shellcode (428 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)

Windows RT ARM - Bind Shell (Port 4444) Shellcode
Windows RT ARM - Bind Shell Port 4444 Shellcode

Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)

Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes)

Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)

Windows XP x86-64 - Download & execute Shellcode (Generator)
Windows XP x86-64 - Download & Execute Shellcode (Generator)

Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)
Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes)

Win32/XP SP3 - Create (_file.txt_) Shellcode (83 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)

Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)

OSX/x86-64 - /bin/sh Null Free Shellcode (34 bytes)
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)

OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes)
OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes)

Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)

Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes)
Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes)

Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)
Windows XP < 10 - WinExec Null-Free Shellcode (Python) (Generator)

Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes)

Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes)

Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)
Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes)

Linux/x86-64 - bindshell (Port 5600) Shellcode (81 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes)

Linux/x86-64 - bindshell (Port 5600) Shellcode (86 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes)

Linux/x86 - Bind TCP Port 1472 (IPv6) Shellcode (1250 bytes)
Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes)

Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)
Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes)

Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes)

Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)
Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes)
Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes)
Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)
Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes)
Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes)

Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes)
LogRhythm Network Monitor - Authentication Bypass / Command Injection
I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
 2017-05-10 05:01:16 +00:00
Offensive Security
64159294a8 DB: 2017-05-06 
3 new exploits

CloudBees Jenkins 2.32.1 - Java Deserialization

Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free
Apple Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free

FOSS Gallery Public 1.0 - Arbitrary File Upload / Information (c99)
FOSS Gallery Public 1.0 - Arbitrary File Upload

1024 CMS 1.4.4 - Remote Command Execution with Remote File Inclusion (c99)
1024 CMS 1.4.4 - Remote Command Execution / Remote File Inclusion

ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion (c99)
ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion

C99Shell 1.0 Pre-Release build 16 - 'Ch99.php' Cross-Site Scripting
C99Shell 1.0 Pre-Release build 16 - 'ch99.php' Cross-Site Scripting

C99.php Shell - Authentication Bypass
C99 Shell - 'c99.php' Authentication Bypass
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection
ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery
 2017-05-06 05:01:18 +00:00
Offensive Security
8f3ada9286 DB: 2017-05-05 
3 new exploits

Internet Explorer 11 - CMarkup::DestroySplayTree Use-After-Free
Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-Free

Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free

WordPress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit
WordPress 2.6.1 - SQL Column Truncation Admin Takeover Exploit

WordPress Core & Plugins - Privileges Unchecked in admin.php / Multiple Information
WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures

WordPress 2.8.1 - (url) Cross-Site Scripting
WordPress 2.8.1 - 'url' Cross-Site Scripting

WordPress 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 NS8.1)
WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-comments-post.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-feed.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-trackback.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-comments-post.php' Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-feed.php' Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-trackback.php' Remote File Inclusion

WordPress 2.x - PHP_Self Cross-Site Scripting
WordPress < 2.1.2  - PHP_Self Cross-Site Scripting

WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection
WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection
WordPress 4.6 - Unauthenticated Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
 2017-05-05 05:01:18 +00:00
Offensive Security
4aa75d9fe9 DB: 2017-05-02 
5 new exploits

MySQL <= 5.6.35 / <= 5.7.17 - Integer Overflow
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Privilege Escalation
HideMyAss Pro VPN Client for macOS 3.x - Privilege Escalation
Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities
Tuleap Project Wiki 8.3 <= 9.6.99.86 - Command Injection
 2017-05-02 05:01:18 +00:00
Offensive Security
72f98fab1c DB: 2017-04-28 
5 new exploits

Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption

Microsoft Office Word - Malicious Hta Execution (Metasploit)
Microsoft Office Word - '.RTF' Malicious HTA Execution (Metasploit)

Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)
TYPO3 News Module - SQL Injection
Simple File Uploader - Arbitrary File Download
Easy File Uploader - Arbitrary File Upload
 2017-04-28 05:01:19 +00:00
Offensive Security
0278b1993d DB: 2017-04-27 
1 new exploits

Oracle VM VirtualBox 3D Acceleration - Multiple Vulnerabilities
Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities

Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery
 2017-04-27 05:01:18 +00:00
Offensive Security
9e9bf495c2 DB: 2017-04-26 
26 new exploits

PHP 5.4.0RC6 (x64t) - Denial of Service
PHP 5.4.0RC6 (x64) - Denial of Service

Evostream Media Server 1.7.1 (x64) - Denial of Service

PrivateTunnel Client 2.8 - Local Buffer Overflow (SEH)
VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Dmitry 1.3a - Local Buffer Overflow
Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Apple Safari - Array concat Memory Corruption
Oracle VirtualBox Guest Additions 5.1.18 -  Unprivileged Windows User-Mode Guest Code Double-Free
VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation
Dell Customer Connect 1.3.28.0 - Privilege Escalation
LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation

Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit
Nginx 1.4.0 (Generic Linux x64) - Remote Exploit
Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution
Microsoft Office Word - Malicious Hta Execution (Metasploit)
WePresent WiPG-1000 - Command Injection (Metasploit)

OSX/Intel - setuid shell x86_64 Shellcode (51 bytes)
OSX/Intel (x86-64) - setuid shell  Shellcode (51 bytes)

OSX/Intel (x86_64) - reverse_tcp shell Shellcode (131 bytes)
OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes)
Linux x86 / x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 / x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 / x86_64 - Read /etc/passwd Shellcode (156 bytes)
Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)

Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)

Linux/x86-64 - Egghunter Shellcode (38 bytes)

Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery
WordPress Plugin KittyCatfish 2.2 - SQL Injection
WordPress Plugin Car Rental System 2.5 - SQL Injection
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection
WordPress Plugin Wow Forms 2.1 - SQL Injection
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE
Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection
October CMS 1.0.412 - Multiple Vulnerabilities
 2017-04-26 05:01:18 +00:00
Offensive Security
cc2ec16c5d DB: 2017-04-18 
3 new exploits

WinSCP 5.9.4 - 'LIST' Denial of Service (Metasploit)

Microsoft Windows - Uncredentialed SMB RCE (MS17-010) (Metasploit)

Openexpert 0.5.17 - SQL Injection
Openexpert 0.5.17 - 'area_id' Parameter SQL Injection

Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset
 2017-04-18 05:01:21 +00:00
Offensive Security
8c4e598118 DB: 2017-04-15 
1 new exploits

Microsoft Windows Kernel win32k.sys - Multiple Bugs in the NtGdiGetDIBitsInternal System Call
Microsoft Windows Kernel - 'win32k.sys' Multiple Issues 'NtGdiGetDIBitsInternal' System Call

Adobe Creative Cloud Desktop Application <= 4.0.0.185 - Privilege Escalation
Adobe Creative Cloud Desktop Application < 4.0.0.185 - Privilege Escalation
Concrete5 - index.php/tools/required/files/replace searchInstance Parameter Cross-Site Scripting
Concrete5 - index.php/tools/required/files/add_to searchInstance Parameter Cross-Site Scripting
Concrete5 - index.php/tools/required/files/Permissions searchInstance Parameter Cross-Site Scripting
Concrete5 - index.php/tools/required/Dashboard/sitemap_data.php Multiple Parameter Cross-Site Scripting
Concrete5 - index.php/tools/required/files/search_dialog ocID Parameter Cross-Site Scripting
Concrete5 - index.php/tools/required/files/customize_search_columns searchInstance Parameter Cross-Site Scripting
Concrete5 - index.php/tools/required/files/search_results searchInstance Parameter Cross-Site Scripting
Concrete5 - index.php/tools/required/sitemap_search_selector Multiple Parameter Cross-Site Scripting
Concrete5 - index.php/tools/required/files/import Multiple Parameter Cross-Site Scripting
Concrete5 - index.php/tools/required/files/bulk_properties searchInstance Parameter Cross-Site Scripting

Concrete5 8.1.0 - 'Host' Header Injection
 2017-04-15 05:01:18 +00:00
Offensive Security
aabd4b35b3 DB: 2017-04-14 
12 new exploits

Microsoft Windows Kernel win32k.sys - Multiple Bugs in the NtGdiGetDIBitsInternal System Call
Microsoft Windows Kernel - 'win32kfull!SfnINLPUAHDRAWMENUITEM' Stack Memory Disclosure

PonyOS 3.0 - tty ioctl() Local Kernel Exploit
PonyOS 3.0 - TTY 'ioctl()' Local Kernel Exploit

Solaris 7 - 11 (x86 & SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation
Solaris 7 < 11 (x86 / SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation
GNS3 Mac OS-X 1.5.2 - 'ubridge' Privilege Escalation
PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Local Kernel Exploit
Adobe Creative Cloud Desktop Application <= 4.0.0.185 - Privilege Escalation

Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)
Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage Exploit

Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution

Linux/x86-64 - execve(_/bin/sh_) Shellcode (31 bytes)
Coppermine Gallery < 1.5.44 - Directory Traversal Weaknesses
SedSystems D3 Decimator - Multiple Vulnerabilities
agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery
agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)
 2017-04-14 05:01:15 +00:00
Offensive Security
814ba132f8 DB: 2017-04-12 
18 new exploits

Apple WebKit - 'JSC::B3::Procedure::resetReachability' Use-After-Free
Apple WebKit - 'Document::adoptNode' Use-After-Free
Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow
Proxifier for Mac 2.18 - Multiple Vulnerabilities
Proxifier for Mac 2.17 / 2.18 - Privesc Escalation
Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout

Quest Privilege Manager 6.0.0 - Arbitrary File Write
Adobe Multiple Products - XML Injection File Content Disclosure
MyClassifiedScript 5.1 - SQL Injection
Social Directory Script 2.0 - SQL Injection
FAQ Script 3.1.3 - 'category_id' Parameter SQL Injection
WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection
MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting
MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal
Brother MFC-J6520DW - Authentication Bypass / Password Change
Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element
 2017-04-12 05:01:16 +00:00
Offensive Security
341f44bf34 DB: 2017-04-11 
4 new exploits

Moxa MXview 2.8 - Denial of Service
Moxa MXview 2.8 - Private Key Disclosure
Moxa MX AOPC-Server 1.5 - XML External Entity Injection

Jobscript4Web 4.5 - Authentication Bypass
 2017-04-11 05:01:16 +00:00
Offensive Security
ddb02a2ec6 DB: 2017-04-08 
16 new exploits

Aztek Forum 4.00 - 'myadmin.php' User Privilege Escalation
Aztek Forum 4.0 - 'myadmin.php' User Privilege Escalation
Intellinet NFC-30IR Camera - Multiple Vulnerabilities
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery
Invoice Template - 'hash' Parameter SQL Injection
Document Management Template - 'hash' Parameter SQL Injection
Shopping Cart Template - 'item' Parameter SQL Injection
Calendar Template 2.0 - 'editid1' Parameter SQL Injection
Forum Template 1.0 - SQL Injection
Quiz Template 1.0 - 'testid' Parameter SQL Injection
Survey Template 1.1 - 'masterkey1' Parameter SQL Injection
My Gaming Ladder Combo System 7.5 - SQL Injection
Ladder System 6.0 - 'faqid' Parameter SQL Injection
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection
e107 CMS 2.1.4 - Cross-Site Request Forgery
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
 2017-04-08 05:01:18 +00:00