exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	a06626c22f	DB: 2017-09-27 8 new exploits Supervisor 3.0a1 - 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit) Supervisor 3.0a1 < 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit) FLIR Thermal Camera F/FC/PT/D - SSH Backdoor NodeJS Debugger - Command Injection (Metasploit) Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes) FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution FLIR Thermal Camera F/FC/PT/D - Information Disclosure FLIR Thermal Camera FC-S/PT - Command Injection FLIR Thermal Camera F/FC/PT/D - Stream Disclosure Sitefinity CMS 9.2 - Cross-Site Scripting	2017-09-27 05:01:31 +00:00
Offensive Security	f27338c1f7	DB: 2017-09-26 12 new exploits Apache 2.0.52 - GET Request Denial of Service Apache 2.0.52 - GET Denial of Service CUPS Server 1.1 - GET Request Denial of Service CUPS Server 1.1 - GET Denial of Service BlueCoat WinProxy 6.0 R1c - GET Request Denial of Service BlueCoat WinProxy 6.0 R1c - GET Denial of Service TFTPD32 2.81 - GET Request Format String Denial of Service (PoC) TFTPD32 2.81 - GET Format String Denial of Service (PoC) ImgSvr 0.6.5 - (long http post) Denial of Service ImgSvr 0.6.5 - POST Denial of Service Multi-Threaded TFTP 1.1 - Long GET Request Denial of Service Multi-Threaded TFTP 1.1 - GET Denial of Service Essentia Web Server 2.15 - GET Request Remote Denial of Service Essentia Web Server 2.15 - GET Remote Denial of Service Sami HTTP Server 2.0.1 - POST Request Denial of Service Sami HTTP Server 2.0.1 - POST Denial of Service Xserver 0.1 Alpha - Post Request Remote Buffer Overflow Xserver 0.1 Alpha - POST Remote Buffer Overflow XBMC 8.10 - GET Requests Multiple Remote Buffer Overflow (PoC) XBMC 8.10 - GET Multiple Remote Buffer Overflow (PoC) Zervit Web Server 0.04 - GET Request Remote Buffer Overflow (PoC) Mereo 1.8.0 - GET Request Remote Denial of Service Zervit Web Server 0.04 - GET Remote Buffer Overflow (PoC) Mereo 1.8.0 - GET Remote Denial of Service ARD-9808 DVR Card Security Camera - GET Request Remote Denial of Service ARD-9808 DVR Card Security Camera - GET Remote Denial of Service Kolibri+ Web Server 2 - GET Request Denial of Service Kolibri+ Web Server 2 - GET Denial of Service Adobe InDesign CS3 - '.INDD' File Handling Buffer Overflow Adobe InDesign CS3 - '.INDD' Handling Buffer Overflow Sami HTTP Server 2.0.1 - GET Request Denial of Service Sami HTTP Server 2.0.1 - GET Denial of Service Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Request Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Exploit (Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service (Linux Kernel) ReiserFS 3.5.28 - Code Execution / Denial of Service WebTrends Reporting Center for Windows 4.0 d - GET Request Buffer Overflow WebTrends Reporting Center for Windows 4.0 d - GET Buffer Overflow Working Resources BadBlue 1.7.3 - GET Request Denial of Service Working Resources BadBlue 1.7.3 - GET Denial of Service PlanetWeb 1.14 - Long GET Request Buffer Overflow PlanetWeb 1.14 - GET Buffer Overflow My Web Server 1.0.1/1.0.2 - Long GET Request Denial of Service My Web Server 1.0.1/1.0.2 - GET Denial of Service Monkey HTTP Server 0.4/0.5 - Invalid POST Request Denial of Service Monkey HTTP Server 0.4/0.5 - Invalid POST Denial of Service Linksys Devices 1.42/1.43 - GET Request Buffer Overflow Linksys Devices 1.42/1.43 - GET Buffer Overflow Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service NETGEAR ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service VisNetic ActiveDefense 1.3.1 - Multiple GET Request Denial of Service VisNetic ActiveDefense 1.3.1 - GET Multiple Denial of Service Pi3Web 2.0.1 - GET Request Denial of Service Pi3Web 2.0.1 - GET Denial of Service Snowblind Web Server 1.0/1.1 - GET Request Buffer Overflow Snowblind Web Server 1.0/1.1 - GET Buffer Overflow ArGoSoft Mail Server 1.8.3.5 - Multiple GET Requests Denial of Service WebBBS Pro 1.18 - GET Request Denial of Service ArGoSoft Mail Server 1.8.3.5 - GET Multiple Denial of Service WebBBS Pro 1.18 - GET Denial of Service Proxomitron Proxy Server - Long GET Request Remote Denial of Service Proxomitron Proxy Server - GET Remote Denial of Service Armida Databased Web Server 1.0 - Remote GET Request Denial of Service Armida Databased Web Server 1.0 - GET Remote Denial of Service Twilight WebServer 1.3.3.0 - 'GET' Request Buffer Overflow Twilight WebServer 1.3.3.0 - GET Buffer Overflow Sami FTP Server 1.1.3 - Library Crafted GET Request Remote Denial of Service Sami FTP Server 1.1.3 - Library Crafted GET Remote Denial of Service Loom Software SurfNow 1.x/2.x - Remote GET Request Denial of Service Loom Software SurfNow 1.x/2.x - GET Remote Denial of Service Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow Sambar Server 6.0 - 'results.stm' POST Buffer Overflow Linksys PSUS4 PrintServer - POST Request Denial of Service Linksys PSUS4 PrintServer - POST Denial of Service Thomson TCW690 Cable Modem ST42.03.0a - Long GET Request Denial of Service Thomson TCW690 Cable Modem ST42.03.0a - GET Denial of Service Netgear ProSafe - Denial of Service NETGEAR ProSafe - Denial of Service Multiple IEA Software Products - POST Request Denial of Service Multiple IEA Software Products - POST Denial of Service Netgear WGR614 - Administration Interface Remote Denial of Service NETGEAR WGR614 - Administration Interface Remote Denial of Service Remote Help HTTP 0.0.7 - GET Request Format String Denial of Service Remote Help HTTP 0.0.7 - GET Format String Denial of Service Geo++ GNCASTER 1.4.0.7 - GET Request Denial of Service Geo++ GNCASTER 1.4.0.7 - GET Denial of Service D-Link WBR-2310 1.0.4 - GET Request Remote Buffer Overflow D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial of Service Polipo 1.0.4.1 - POST/PUT HTTP Header Processing Denial of Service CoDeSys 3.4 - HTTP POST Request Null Pointer Content-Length Parsing Remote Denial of Service CoDeSys 3.4 - HTTP POST Null Pointer Content-Length Parsing Remote Denial of Service Zoom Player - '.avi' File Divide-by-Zero Denial of Service Zoom Player - '.avi' Divide-by-Zero Denial of Service Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.SWF' File (1) Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.SWF' File (2) Adobe Flash - '.SWF' Out-of-Bounds Memory Read (1) Adobe Flash - '.SWF' Out-of-Bounds Memory Read (2) Microsoft Windows - Cursor Object Potential Memory Leak (MS15-115) Microsoft Windows - Cursor Object Memory Leak (MS15-115) Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (1) Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2) Adobe Photoshop CC & Bridge CC - '.iff' File Parsing Memory Corruption Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (1) Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (2) Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption Adobe Flash - '.MP4' File Stack Corruption Adobe Flash - '.MP4' Stack Corruption Adobe Photoshop CS2 / CS3 - Unspecified '.bmp' File Buffer Overflow Adobe Photoshop CS2 / CS3 - '.bmp' Buffer Overflow Zoom Player Pro 3.30 - '.m3u' File Buffer Overflow (SEH) Zoom Player Pro 3.30 - '.m3u' Buffer Overflow (SEH) Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Potential Information Disclosure Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Information Disclosure Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass) Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) (ASLR + DEP Bypass) Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation CyberLink LabelPrint < 2.5 - Buffer Overflow (SEH Unicode) LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Remote Exploit PMSoftware Simple Web Server - GET Request Remote Buffer Overflow PMSoftware Simple Web Server - GET Remote Buffer Overflow Fenice Oms 1.10 - Long GET Request Remote Buffer Overflow Fenice Oms 1.10 - GET Remote Buffer Overflow webdesproxy 0.0.1 - GET Request Remote Buffer Overflow webdesproxy 0.0.1 - GET Remote Buffer Overflow webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution webdesproxy 0.0.1 - (exec-shield) GET Remote Code Execution Savant Web Server 3.1 - GET Request Remote Overflow (Universal) Savant Web Server 3.1 - GET Remote Overflow (Universal) Belkin Wireless G Plus MIMO Router F5D9230-4 - Authentication Bypass Belkin F5D9230-4 Wireless G Plus MIMO Router - Authentication Bypass Netgear WG102 - Leaks SNMP Write Password With Read Access NETGEAR WG102 - Leaks SNMP Write Password With Read Access XBMC 8.10 (Windows) - GET Request Remote Buffer Overflow XBMC 8.10 (Windows) - GET Remote Buffer Overflow XBMC 8.10 - GET Request Remote Buffer Overflow (SEH) (Universal) XBMC 8.10 - GET Remote Buffer Overflow (SEH) (Universal) Netgear WNR2000 FW 1.2.0.8 - Information Disclosure NETGEAR WNR2000 FW 1.2.0.8 - Information Disclosure Kolibri+ Web Server 2 - GET Request Remote Overwrite (SEH) Kolibri+ Web Server 2 - GET Remote Overwrite (SEH) BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) BigAnt Server 2.50 - GET Remote Buffer Overflow (SEH) BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH) BigAnt Server 2.50 - GET Universal Remote Buffer Overflow (SEH) httpdx 1.4 - GET Request Buffer Overflow httpdx 1.4 - GET Buffer Overflow Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit) NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit) Proxy-Pro Professional GateKeeper 4.7 - GET Request Overflow (Metasploit) Proxy-Pro Professional GateKeeper 4.7 - GET Overflow (Metasploit) Linksys WRT54 (Access Point) - apply.cgi Buffer Overflow (Metasploit) Linksys WRT54 Access Point - apply.cgi Buffer Overflow (Metasploit) Oracle Weblogic Apache Connector - POST Request Buffer Overflow (Metasploit) Oracle Weblogic Apache Connector - POST Buffer Overflow (Metasploit) Berkeley Sendmail 5.58 - Debug exploit Berkeley Sendmail 5.58 - Debug Exploit A-V Tronics InetServ 3.0 - WebMail Long GET Request A-V Tronics InetServ 3.0 - WebMail GET Exploit Light HTTPD 0.1 - GET Request Buffer Overflow (1) Light HTTPD 0.1 - GET Request Buffer Overflow (2) Light HTTPD 0.1 - GET Buffer Overflow (1) Light HTTPD 0.1 - GET Buffer Overflow (2) Netgear FM114P Wireless Firewall - File Disclosure NETGEAR FM114P Wireless Firewall - File Disclosure Athttpd 0.4b - Remote GET Request Buffer Overrun Athttpd 0.4b - GET Remote Buffer Overrun IA WebMail Server 3.0/3.1 - Long GET Request Buffer Overrun IA WebMail Server 3.0/3.1 - GET Buffer Overrun Monit 1.4/2.x/3/4 - Overly Long HTTP Request Buffer Overrun Monit 1.4/2.x/3/4 - Long HTTP Request Buffer Overrun KarjaSoft Sami HTTP Server 1.0.4 - GET Request Buffer Overflow KarjaSoft Sami HTTP Server 1.0.4 - GET Buffer Overflow MyWeb HTTP Server 3.3 - GET Request Buffer Overflow MyWeb HTTP Server 3.3 - GET Buffer Overflow Omnicron OmniHTTPd 2.x/3.0 - GET Request Buffer Overflow Omnicron OmniHTTPd 2.x/3.0 - GET Buffer Overflow Netgear RP114 3.26 - Content Filter Bypass NETGEAR RP114 3.26 - Content Filter Bypass Netgear DGN1000B - setup.cgi Remote Command Execution (Metasploit) NETGEAR DGN1000B - setup.cgi Remote Command Execution (Metasploit) Netgear DGN2200B - pppoe.cgi Remote Command Execution (Metasploit) NETGEAR DGN2200B - pppoe.cgi Remote Command Execution (Metasploit) Netgear MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow NETGEAR MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow Netgear ReadyNAS - Perl Code Evaluation (Metasploit) NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit) Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting Zoom Player 3.30/5/6 - Crafted '.ZPL' File Error Message Arbitrary Code Execution Zoom Player 3.30/5/6 - '.ZPL' Error Message Arbitrary Code Execution Ultra Mini HTTPD 1.21 - POST Request Stack Buffer Overflow Ultra Mini HTTPD 1.21 - POST Stack Buffer Overflow Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow Kolibri Web Server 2.0 - GET Stack Buffer Overflow NetGear WNR2000 - Multiple Information Disclosure Vulnerabilities NETGEAR WNR2000 - Multiple Information Disclosure Vulnerabilities HTTP 1.1 - GET Request Directory Traversal HTTP 1.1 - GET Directory Traversal Kolibri Web Server 2.0 - GET Request (SEH) D-Link Devices - 'info.cgi' POST Request Buffer Overflow (Metasploit) Kolibri Web Server 2.0 - GET Exploit (SEH) D-Link Devices - 'info.cgi' POST Buffer Overflow (Metasploit) Belkin n750 - jump login Parameter Buffer Overflow Belkin N750 - jump login Parameter Buffer Overflow Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities Belkin Wireless Router Default - WPS PIN Security Belkin Wireless Router - Default WPS PIN Security Easy File Sharing Web Server 7.2 - GET Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET Buffer Overflow (SEH) Netgear D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution NETGEAR D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit) NETGEAR NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit) NUUO NVRmini2 / NVRsolo / Crystal Devices / Netgear ReadyNAS Surveillance Application - Multiple Vulnerabilities NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities NETGEAR ADSL Router JNR1010 - Authenticated Remote File Disclosure NETGEAR ADSL Router WNR500/WNR612v3/JNR1010/JNR2010 - Authenticated Remote File Disclosure NETGEAR JNR1010 ADSL Router - Authenticated Remote File Disclosure NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - Authenticated Remote File Disclosure Netgear R7000 and R6400 - 'cgi-bin' Command Injection (Metasploit) NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit) Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (SEH) Supervisor 3.0a1 - 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit) Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit) NETGEAR DGN2200 - dnslookup.cgi Command Injection (Metasploit) Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (DEP Bypass) Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (DEP Bypass) Belkin NetCam F7D7601 - Multiple Vulnerabilities Belkin F7D7601 NetCam - Multiple Vulnerabilities Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit) Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit) Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH) Oracle 9i XDB 9.2.0.1 - HTTP PASS Buffer Overflow Quezza BB 1.0 - (quezza_root_path) File Inclusion Quezza BB 1.0 - 'quezza_root_path' File Inclusion The Bible Portal Project 2.12 - (destination) File Inclusion The Bible Portal Project 2.12 - 'destination' File Inclusion Vivvo Article Manager 3.2 - (classified_path) File Inclusion Vivvo Article Manager 3.2 - 'classified_path' File Inclusion Forum82 < 2.5.2b - (repertorylevel) Multiple File Inclusion Forum82 < 2.5.2b - 'repertorylevel' Multiple File Inclusion OpenDock Easy Doc 1.4 - (doc_directory) File Inclusion OpenDock Easy Blog 1.4 - (doc_directory) File Inclusion WebYep 1.1.9 - (webyep_sIncludePath) File Inclusion OpenDock Easy Gallery 1.4 - (doc_directory) File Inclusion OpenDock Easy Doc 1.4 - 'doc_directory' File Inclusion OpenDock Easy Blog 1.4 - 'doc_directory' File Inclusion WebYep 1.1.9 - 'webyep_sIncludePath' File Inclusion OpenDock Easy Gallery 1.4 - 'doc_directory' File Inclusion Open Conference Systems 1.1.4 - (fullpath) File Inclusion Open Conference Systems 1.1.4 - 'fullpath' File Inclusion SpeedBerg 1.2beta1 - (SPEEDBERG_PATH) File Inclusion SpeedBerg 1.2beta1 - 'SPEEDBERG_PATH' File Inclusion PhpShop Core 0.9.0 RC1 - (PS_BASE) File Inclusion PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion Phpjobscheduler 3.0 - (installed_config_file) File Inclusion Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion Magic Photo Storage Website - _config[site_path] File Inclusion Magic Photo Storage Website - '_config[site_path]' File Inclusion Linksys Cisco WAG120N - Cross-Site Request Forgery Cisco Linksys WAG120N - Cross-Site Request Forgery Belkin G Wireless Router F5D7234-4 v5 - Exploit Belkin F5D7234-4 v5 G Wireless Router - Exploit Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery PHP-Nuke 6.x/7.x - Modpath Parameter Potential File Inclusion PHP-Nuke 6.x/7.x - 'Modpath' Parameter File Inclusion Netgear SPH200D - Multiple Vulnerabilities NETGEAR SPH200D - Multiple Vulnerabilities Netgear DGN1000B - Multiple Vulnerabilities NETGEAR DGN1000B - Multiple Vulnerabilities Netgear DGN2200B - Multiple Vulnerabilities NETGEAR DGN2200B - Multiple Vulnerabilities Netgear WNR1000 - Authentication Bypass NETGEAR WNR1000 - Authentication Bypass PHPMyVisites 1.3 - Set_Lang File Inclusion PHPMyVisites 1.3 - 'Set_Lang' File Inclusion PPA 0.5.6 - ppa_root_path File Inclusion PPA 0.5.6 - 'ppa_root_path' File Inclusion Netgear WPN824v3 - Unauthorized Config Download NETGEAR WPN824v3 - Unauthorized Config Download Netgear DGN1000 / DGN2200 - Multiple Vulnerabilities NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities Netgear ProSafe - Information Disclosure NETGEAR ProSafe - Information Disclosure Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit) NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit) Simple Machines Forum (SMF) 1.1.6 - POST Request Filter Security Bypass Simple Machines Forum (SMF) 1.1.6 - POST Filter Security Bypass Netgear N600 Wireless Dual Band WNDR3400 - Multiple Vulnerabilities NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass Belkin AC1200 Router Firmware 1.00.27 - Authentication Bypass Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure ManageEngine ADSelfService Plus 4.4 - POST Request Manipulation Security Question ManageEngine ADSelfService Plus 4.4 - POST Manipulation Security Question Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities Belkin Router N150 1.00.08/1.00.09 - Directory Traversal Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Potential Code Execution / Denial of Service) eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution / Denial of Service) Belkin N150 Wireless Home Router F9K1009 v1 - Multiple Vulnerabilities Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities Netgear WNR1000v4 - Authentication Bypass NETGEAR WNR1000v4 - Authentication Bypass Netgear ProSafe Network Management System NMS300 - Multiple Vulnerabilities NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities Netgear R7000 - Command Injection Netgear R7000 - Cross-Site Scripting NETGEAR R7000 - Command Injection NETGEAR R7000 - Cross-Site Scripting Tenda N3 Wireless N150 Home Router - Authentication Bypass Tenda N3 Wireless N150 Router - Authentication Bypass DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit) Lending And Borrowing - 'pid' Parameter SQL Injection Multi Level Marketing - SQL Injection Cash Back Comparison Script 1.0 - SQL Injection Claydip Airbnb Clone 1.0 - Arbitrary File Upload Secure E-commerce Script 1.02 - 'sid' Parameter SQL Injection PHP Auction Ecommerce Script 1.6 - SQL Injection JitBit HelpDesk < 9.0.2 - Authentication Bypass	2017-09-26 05:01:29 +00:00
Offensive Security	ef4c288da7	DB: 2017-09-19 16 new exploits Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1) Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (1) Cam2pc 4.6.2 - BMP Image Processing Integer Overflow Cam2pc 4.6.2 - '.BMP' Image Processing Integer Overflow Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering Unspecified Buffer Overflow Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering CMP Fencepost Denial of Service Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Unspecified Buffer Overflow Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering CMP Fencepost Denial of Service Apple QuickTime 6.4/6.5/7.0.x - PictureViewer JPEG/PICT File Buffer Overflow Apple QuickTime 6.4/6.5/7.0.x - PictureViewer '.JPEG'/.PICT' File Buffer Overflow Tony Cook Imager 0.4x - JPEG and TGA Images Denial of Service Tony Cook Imager 0.4x - '.JPEG' / '.TGA' Images Denial of Service Microsoft Windows Kernel - 'win32k!NtQueryCompositionSurfaceBinding' Stack Memory Disclosure Microsoft Windows Kernel - 'win32k!NtGdiGetFontResourceInfoInternalW' Stack Memory Disclosure Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure Adobe Reader X 10.1.4.38 - BMP/RLE Heap Corruption Adobe Reader X 10.1.4.38 - '.BMP'/'.RLE' Heap Corruption XV 3.x - BMP Parsing Local Buffer Overflow XV 3.x - '.BMP' Parsing Local Buffer Overflow Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2) GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized JPEG Image Access GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized '.JPEG' Image Access Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload (Metasploit) Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit) XOOPS 2.3.2 - (mydirname) Remote PHP Code Execution XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection Digirez 3.4 - Cross-Site Request Forgery (Update Admin) Digileave 1.2 - Cross-Site Request Forgery (Update Admin) DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin) UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass iBall ADSL2+ Home Router - Authentication Bypass Apache - HTTP OPTIONS Memory Leak	2017-09-19 05:01:33 +00:00
Offensive Security	183eb53e48	DB: 2017-09-14 44 new exploits Mako Web Server 2.5 - Multiple Vulnerabilities ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit) Trend Micro Control Manager - ImportFile Directory Traversal RCE (Metasploit) Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit) Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit) Motorola Netopia Netoctopus SDCS - Stack Buffer Overflow (Metasploit) Alienvault Open Source SIEM (OSSIM) < 4.7.0 - 'get_license' Remote Command Execution (Metasploit) Infinite Automation Mango Automation - Command Injection (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit) EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution (Metasploit) EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit) Dameware Mini Remote Control 4.0 - Username Stack Buffer Overflow (Metasploit) Cloudview NMS < 2.00b - Arbitrary File Upload (Metasploit) Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution (Metasploit) Alienvault OSSIM av-centerd 4.7.0 - 'get_log_line' Command Injection (Metasploit) Microsoft Windows .NET Framework - Remote Code Execution ICLowBidAuction 3.3 - SQL Injection ICMLM 2.1 - 'key' Parameter SQL Injection ICHotelReservation 3.3 - 'key' Parameter SQL Injection ICAuction 2.2 - 'id' Parameter SQL Injection ICDoctor Appointment 1.3 - 'key' Parameter SQL Injection ICRestaurant software 1.4 - 'key' Parameter SQL Injection ICDutchAuction 1.2 - SQL Injection ICAutosales 2.2 - SQL Injection ICTraveling 2.2 - Authentication Bypass ICStudents 1.2 - 'key' Parameter SQL Injection ICClassifieds 1.1 - SQL Injection ICSurvey 1.1 - SQL Injection ICJewelry 1.1 - 'key' Parameter SQL Injection IC-T-Shirt 1.2 - 'key' Parameter SQL Injection ICProductConfigurator 1.1 - 'key' Parameter SQL Injection ICGrocery 1.1 - 'key' Parameter SQL Injection ICCallLimousine 1.1 - 'key' Parameter SQL Injection ICProjectBidding 1.1 - SQL Injection ICDental Clinic 1.2 - 'key' Parameter SQL Injection ICEstate 1.1 - 'id' Parameter SQL Injection ICHelpDesk 1.1 - 'pk' Parameter SQL Injection ICSiteBuilder 1.1 - SQL Injection ICAffiliateTracking 1.1 - Authentication Bypass Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit) Carlo Gavazzi Powersoft 2.1.1.1 - Directory Traversal File Disclosure (Metasploit) Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit) Carel PlantVisor 2.4.4 - Directory Traversal	2017-09-14 05:01:22 +00:00
Offensive Security	c7b4bfd8e6	DB: 2017-08-23 23 new exploits Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit) IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit) BSD - Passive Connection Shellcode (124 bytes) BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes) BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes) BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh Shellcode (27 bytes) BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes) BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes) BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes) BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes) FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes) BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes) FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - kill all processes Shellcode (12 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes) FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Kill All Processes Shellcode (12 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes) FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes) FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) (Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode Linux/x86 - cmd Null-Free Shellcode (Generator) (Generator) - Alphanumeric Shellcode (Encoder/Decoder) Linux/x86 - Bind TCP Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) Linux/x86 - Command Null-Free Shellcode (Generator) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Win32 - Multi-Format Encoding Tool Shellcode (Generator) iOS - Version-independent Shellcode Cisco IOS - Connectback 21/TCP Shellcode Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) iOS Version-independent - Null-Free Shellcode Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/x86 - killall5 polymorphic Shellcode (61 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - reboot() polymorphic Shellcode (57 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator (Generator) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - /sbin/iptables -F Shellcode (40 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - executes command after setreuid Shellcode (49+ bytes) Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + executes command (49+ bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes) Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes) Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - TCP Proxy Shellcode (236 bytes) Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes) Linux/x86 - snoop /dev/dsp Shellcode (172 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - setreuid/execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - iptables -F Shellcode (45 bytes) Linux/x86 - iptables -F Shellcode (58 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - connect Shellcode (120 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - break chroot Shellcode (34 bytes) Linux/x86 - break chroot Shellcode (46 bytes) Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - chroot()/execve() code Shellcode (80 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes) Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes) BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes) OSX/PPC - sync()_ reboot() Shellcode (32 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes) OSX/PPC - sync() + reboot() Shellcode (32 bytes) OSX/PPC - Add user _r00t_ Shellcode (219 bytes) OSX/PPC - Add Root User (r00t) Shellcode (219 bytes) Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid/execve Shellcode (56 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid + execve Shellcode (56 bytes) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes) Win32 - SEH Omelet Shellcode Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - PEB!NtGlobalFlags Shellcode (14 bytes) Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes) Win32/XP SP2 - cmd.exe Shellcode (57 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Win32 - ConnectBack + Download A File + Save + Execute Shellcode Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes) Win32 - Download File + Execute Shellcode (192 bytes) Win32 - Download File + Execute Shellcode (124 bytes) Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box Shellcode (110 bytes) Win32 - WinExec() Command Parameter Shellcode (104+ bytes) Win32 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - SEH Omelet Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes) Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes) Windows x86 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP - Download File + Execute Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Windows XP - Download File + Execute Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Win32 XP SP3 - ShellExecuteA Shellcode Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Win32/XP SP2 - calc.exe Shellcode (45 bytes) Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - break chroot Shellcode (79 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Win32 XP SP2 (FR) - calc Shellcode (19 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes) Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes) Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - disabled modsecurity Shellcode (64 bytes) Win32 - JITed Stage-0 Shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Linux/x86 - Disabled modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes) Win32 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Generator) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes) Windows XP SP2 (FR) - Download File + Execute Shellcode Windows XP SP2 (French) - Download File + Execute Shellcode Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes) Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes) Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Win32 - Write-to-file Shellcode (278 bytes) Windows x86 - Write-to-file Null-Free Shellcode (278 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 English - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) Win32 - Checksum Routine Shellcode (18 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) Windows x86 - Checksum Routine Shellcode (18 bytes) Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes) Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes) Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader Port 0x1337 Shellcode ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader (0x1337/TCP) Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes) Win32 - Speaking 'You got pwned!' Shellcode FreeBSD/x86 - connect back Shellcode (81 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Win32 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes) Linux/x86 - ASLR deactivation Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes) Windows x86 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes) Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes) Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes) Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes) Windows x64 - Bind TCP Shell Shellcode (508 bytes) Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes) Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows - Messagebox Shellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Windows - Add Administrator 'BroK3n' Shellcode (194 bytes) Windows - Messagebox Null-FreeShellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes) Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - Disable ASLR Shellcode (84 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes) Win32/XP SP3 - Restart computer Shellcode (57 bytes) Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes) Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes) Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes) Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes) Linux/x86 - exec('/bin/dash') Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes) Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes) Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - /bin/sh Shellcode (34 bytes) Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Win32 .Net Framework - Execute Native x86 Shellcode Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes) Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x64 - WinExec() Shellcode (93 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes) Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Windows x86 - Executable Directory Search Shellcode (130 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Linux/x86 - Bind Shell Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes) Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Disable ASLR Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux x86 - /bin/sh Shellcode (24 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86_64 - kill All Processes Shellcode (19 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Php Cloud mining Script - Authentication Bypass (Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass	2017-08-23 05:01:29 +00:00
Offensive Security	0ef7d9b9ec	DB: 2017-06-07 8 new exploits Wireshark 2.2.6 - IPv6 Dissector Denial of Service Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service Apple Safari 10.1 - Spread Operator Integer Overflow Remote Code Execution Home Web Server 1.9.1 build 164 - Remote Code Execution Linux/x86-64 - /bin/sh Shellcode (31 bytes) Kronos Telestaff < 2.92EU29 - SQL Injection WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure	2017-06-07 05:01:18 +00:00
Offensive Security	0d43a7fe09	DB: 2017-01-05 2 new exploits Kaspersky 17.0.0 - Local CA root is Incorrectly Protected XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities XAMPP 1.7.4 - Cross-Site Scripting phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting ASPPortal 3.1.1 - (downloadid) SQL Injection ASPPortal 3.1.1 - 'downloadid' Parameter SQL Injection ASPPortal 4.0.0 - (default1.asp) SQL Injection ASPPortal 4.0.0 - 'default1.asp' SQL Injection ASPTicker 1.0 - (admin.asp) Login Bypass (SQL Injection) ASPTicker 1.0 - Authentication Bypass Active Photo Gallery - 'default.asp catid' SQL Injection Active Photo Gallery - 'catid' Parameter SQL Injection Active Trade 2 - 'default.asp catid' SQL Injection Active Trade 2 - 'catid' Parameter SQL Injection Active NewsLetter 4.3 - (ViewNewspapers.asp) SQL Injection Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection SailPlanner 0.3a - (Authentication Bypass) SQL Injection Bluo CMS 1.2 - (index.php id) Blind SQL Injection SailPlanner 0.3a - Authentication Bypass Bluo CMS 1.2 - Blind SQL Injection ReVou Twitter Clone - (Authentication Bypass) SQL Injection Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection Active Force Matrix 2 - (Authentication Bypass) SQL Injection ASPReferral 5.3 - 'AccountID' Blind SQL Injection ActiveVotes 2.2 - (Authentication Bypass) SQL Injection Active Test 2.1 - (Authentication Bypass) SQL Injection Active Websurvey 9.1 - (Authentication Bypass) SQL Injection Active Membership 2 - (Authentication Bypass) SQL Injection eWebquiz 8 - (Authentication Bypass) SQL Injection Active NewsLetter 4.3 - (Authentication Bypass) SQL Injection Active Web Mail 4 - (Authentication Bypass) SQL Injection Active Trade 2 - (Authentication Bypass) SQL Injection Active Price Comparison 4 - (Authentication Bypass) SQL Injection PHP TV Portal 2.0 - (index.php mid) SQL Injection ReVou Twitter Clone - Authentication Bypass Ocean12 FAQ Manager Pro - 'ID' Parameter Blind SQL Injection Active Force Matrix 2 - Authentication Bypass ASPReferral 5.3 - 'AccountID' Parameter Blind SQL Injection ActiveVotes 2.2 - Authentication Bypass Active Test 2.1 - Authentication Bypass Active Websurvey 9.1 - Authentication Bypass Active Membership 2 - Authentication Bypass eWebquiz 8 - Authentication Bypass Active NewsLetter 4.3 - Authentication Bypass Active Web Mail 4 - Authentication Bypass Active Trade 2 - Authentication Bypass Active Price Comparison 4 - Authentication Bypass PHP TV Portal 2.0 - 'mid' Parameter SQL Injection Active Price Comparison 4 - 'ProductID' Blind SQL Injection Active Bids 3.5 - 'itemID' Blind SQL Injection Active Price Comparison 4 - 'ProductID' Parameter Blind SQL Injection Active Bids 3.5 - 'itemID' Parameter Blind SQL Injection Active Web Helpdesk 2 - (Authentication Bypass) SQL Injection Lito Lite CMS - 'cate.php cid' SQL Injection Active Test 2.1 - 'QuizID' Blind SQL Injection Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection Active Photo Gallery 6.2 - (Authentication Bypass) SQL Injection Active Time Billing 3.2 - (Authentication Bypass) SQL Injection Active Web Helpdesk 2 - Authentication Bypass Lito Lite CMS - 'cid' Parameter SQL Injection Active Test 2.1 - 'QuizID' Parameter Blind SQL Injection Active Web Helpdesk 2 - 'categoryId' Parameter Blind SQL Injection Active Photo Gallery 6.2 - Authentication Bypass Active Time Billing 3.2 - Authentication Bypass Quick Tree View .NET 3.1 - (qtv.mdb) Database Disclosure Quick Tree View .NET 3.1 - Database Disclosure z1exchange 1.0 - (edit.php site) SQL Injection z1exchange 1.0 - 'site' Parameter SQL Injection E.Z. Poll 2 - (Authentication Bypass) SQL Injection ASPPortal 3.2.5 - (ASPPortal.mdb) Database Disclosure bcoos 1.0.13 - (viewcat.php cid) SQL Injection PacPoll 4.0 - (poll.mdb/poll97.mdb) Database Disclosure E.Z. Poll 2 - Authentication Bypass ASPPortal 3.2.5 - Database Disclosure bcoos 1.0.13 - 'viewcat.php' SQL Injection PacPoll 4.0 - Database Disclosure SunByte e-Flower - 'id' SQL Injection Rapid Classified 3.1 - (cldb.mdb) Database Disclosure Codefixer MailingListPro (MailingList.mdb) - Database Disclosure Gallery MX 2.0.0 - (pics_pre.asp ID) Blind SQL Injection SunByte e-Flower - 'id' Parameter SQL Injection Rapid Classified 3.1 - Database Disclosure Codefixer MailingListPro - Database Disclosure Gallery MX 2.0.0 - Blind SQL Injection Check New 4.52 - 'findoffice.php search' SQL Injection Joomla! Component com_jmovies 1.1 - 'id' SQL Injection Check New 4.52 - SQL Injection Joomla! Component JMovies 1.1 - 'id' Parameter SQL Injection Rae Media Contact MS - (Authentication Bypass) SQL Injection Multi SEO phpBB 1.1.0 - (pfad) Remote File Inclusion ccTiddly 1.7.4 - (cct_base) Multiple Remote File Inclusion Rae Media Contact MS - Authentication Bypass Multi SEO phpBB 1.1.0 - Remote File Inclusion ccTiddly 1.7.4 - 'cct_base' Parameter Remote File Inclusion Easy News Content Management - 'News.mdb' Database Disclosure Easy News Content Management - Database Disclosure My Simple Forum 3.0 - (index.php action) Local File Inclusion Joomla! Component mydyngallery 1.4.2 - (Directory) SQL Injection Gravity GTD 0.4.5 - (rpc.php objectname) Local File Inclusion / Remote Code Execution My Simple Forum 3.0 - Local File Inclusion Joomla! Component mydyngallery 1.4.2 - SQL Injection Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution RankEm - 'rankup.asp siteID' SQL Injection RankEm - (Authentication Bypass) SQL Injection RankEm - 'siteID' Parameter SQL Injection Rankem - Authentication Bypass Merlix Teamworx Server - (File Disclosure/Bypass) Multiple Remote Vulnerabilities Cold BBS - 'cforum.mdb' Remote Database Disclosure Tizag Countdown Creator .v.3 - Insecure Upload Merlix Teamworx Server - File Disclosure/Bypass Cold BBS - Remote Database Disclosure Tizag Countdown Creator 3 - Insecure Upload ASP PORTAL - Multiple SQL Injections ASPTicker 1.0 - (news.mdb) Remote Database Disclosure ASP Portal - Multiple SQL Injections ASPTicker 1.0 - Remote Database Disclosure ASP PORTAL - 'xportal.mdb' Remote Database Disclosure phpPgAdmin 4.2.1 - (_language) Local File Inclusion ASP PORTAL - Remote Database Disclosure phpPgAdmin 4.2.1 - '_language' Parameter Local File Inclusion PayPal eStore - Admin Password Changing Exploit Product Sale Framework 0.1b - (forum_topic_id) SQL Injection PayPal eStore - Admin Password Change Product Sale Framework 0.1b - SQL Injection Mini-CMS 1.0.1 - 'index.php' Multiple Local File Inclusion Mini-CMS 1.0.1 - 'index.php' Local File Inclusion MG2 0.5.1 - 'Filename' Remote Code Execution MG2 0.5.1 - 'filename' Parameter Remote Code Execution dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection Poll Pro 2.0 - (Authentication Bypass) SQL Injection Professional Download Assistant 0.1 - Authentication Bypass Poll Pro 2.0 - Authentication Bypass Peel Shopping 3.1 - (index.php rubid) SQL Injection Peel Shopping 3.1 - 'rubid' Parameter SQL Injection ProQuiz 1.0 - (Authentication Bypass) SQL Injection ProQuiz 1.0 - Authentication Bypass PHPmyGallery 1.5beta - (common-tpl-vars.php) Local File Inclusion / Remote File Inclusion PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion HTMPL 1.11 - (htmpl_admin.cgi help) Command Execution eZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation WebMaster Marketplace - 'member.php u' SQL Injection HTMPL 1.11 - Command Execution EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation WebMaster Marketplace - SQL Injection eZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required) EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required) eZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation EZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation ReVou Twitter Clone - Admin Password Changing Exploit ReVou Twitter Clone - Admin Password Change w3blabor CMS 3.3.0 - (Authentication Bypass) SQL Injection w3blabor CMS 3.3.0 - Authentication Bypass rankem - File Disclosure / Cross-Site Scripting / Cookie Rankem - File Disclosure / Cross-Site Scripting / Cookie revou twitter clone - Cross-Site Scripting / SQL Injection Revou Twitter Clone - Cross-Site Scripting / SQL Injection My Simple Forum 7.1 - (Local File Inclusion) Remote Command Execution My Simple Forum 7.1 - Remote Command Execution Mini-CMS 1.0.1 - (page.php id) SQL Injection Mini-CMS 1.0.1 - 'page.php' SQL Injection Texas Rankem - 'player.asp player_id' SQL Injection Texas Rankem - 'player_id' Parameter SQL Injection Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection Mini-CMS RibaFS 1.0 - Authentication Bypass reVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting Andy's PHP KnowledgeBase Project 0.95.4 - SQL Injection Andy's PHP KnowledgeBase 0.95.4 - SQL Injection Andy's PHP KnowledgeBase 0.95.2 - (viewusers.php) SQL Injection Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection Peel SHOPPING 2.8/ 2.9 - Cross-Site Scripting / SQL Injections Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections PluggedOut CMS 0.4.8 - admin.php contenttypeid Parameter SQL Injection PluggedOut CMS 0.4.8 - 'contenttypeid' Parameter SQL Injection Texas Rankem - player.asp selPlayer Parameter SQL Injection Texas Rankem - tournaments.asp tournament_id Parameter SQL Injection Texas Rankem - 'selPlayer' Parameter SQL Injection Texas Rankem - 'tournament_id' Parameter SQL Injection Rapid Classified 3.1 - viewad.asp id Parameter SQL Injection Rapid Classified 3.1 - view_print.asp id Parameter Cross-Site Scripting Rapid Classified 3.1 - search.asp SH1 Parameter Cross-Site Scripting Rapid Classified 3.1 - reply.asp Multiple Parameter Cross-Site Scripting Rapid Classified 3.1 - advsearch.asp Denial of Serviceearch Parameter Cross-Site Scripting Rapid Classified 3.1 - 'viewad.asp' SQL Injection Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting WebTester 5.0.20060927 - directions.php typeID Parameter SQL Injection WebTester 5.0.20060927 - 'typeID' Parameter SQL Injection phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting Rapid Classified - AgencyCatResult.asp SQL Injection Rapid Classified - 'AgencyCatResult.asp' SQL Injection bcoos 1.0.10 - /myalbum/ratephoto.php lid Parameter SQL Injection bcoos 1.0.10 - modules/mylinks/ratelink.php lid Parameter SQL Injection bcoos 1.0.10 - 'ratephoto.php' SQL Injection bcoos 1.0.10 - 'ratelink.php' SQL Injection bcoos 1.0.10 - adresses/ratefile.php SQL Injection bcoos 1.0.10 - 'ratefile.php' SQL Injection bcoos 1.0.13 - 'include/common.php' Remote File Inclusion bcoos 1.0.13 - 'common.php' Remote File Inclusion bcoos 1.0.13 - 'modules/banners/click.php' SQL Injection bcoos 1.0.13 - 'click.php' SQL Injection Z1Exchange 1.0 - showads.php id Parameter SQL Injection Z1Exchange 1.0 - showads.php id Parameter Cross-Site Scripting Z1Exchange 1.0 - 'id' Parameter SQL Injection Z1Exchange 1.0 - 'id' Parameter Cross-Site Scripting dotnetindex Professional Download Assistant 0.1 - SQL Injection Professional Download Assistant 0.1 - SQL Injection Active Bids - search.asp search Parameter Cross-Site Scripting Active Bids - search.asp search Parameter SQL Injection Active Bids - 'search' Parameter Cross-Site Scripting Active Bids - 'search' Parameter SQL Injection eZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting	2017-01-05 05:01:17 +00:00
Offensive Security	f8746c89a4	DB: 2016-12-29 4 new exploits analogx SimpleServer:WWW 1.0.6 - Directory Traversal AnalogX SimpleServer:WWW 1.0.6 - Directory Traversal My PHP Dating - 'success_story.php id' SQL Injection My PHP Dating - 'id' Parameter SQL Injection Roundcube 0.3.1 - Cross-Site Request Forgery / SQL Injection Roundcube Webmail 0.3.1 - Cross-Site Request Forgery / SQL Injection Roundcube 1.1.3 - Directory Traversal Roundcube Webmail 1.1.3 - Directory Traversal PHPMailer 5.2.17 - Remote Code Execution PHPMailer < 5.2.18 - Remote Code Execution (Bash) PHPMailer < 5.2.18 - Remote Code Execution (PHP) PHPMailer < 5.2.20 - Remote Code Execution WordPress Plugin Simply Poll 1.4.1 - SQL Injection SwiftMailer < 5.4.5-DEV - Remote Code Execution	2016-12-29 05:01:16 +00:00
Offensive Security	f88827eb1f	DB: 2016-12-10 4 new exploits Free MP3 CD Ripper 2.6 - Exploit (1) Free MP3 CD Ripper 2.6 - '.wav' PoC Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (1) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (1) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (2) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (3) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (2) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (3) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (1) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (PoC) Ascend R 4.5 Ci12 - Denial of Service (1) Ascend R 4.5 Ci12 - Denial of Service (2) Ascend R 4.5 Ci12 - Denial of Service (C) Ascend R 4.5 Ci12 - Denial of Service (Perl) Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (1) Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC) thttpd 2.2x - defang Remote Buffer Overflow (1) thttpd 2.2x - defang Remote Buffer Overflow (PoC) PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (1) PHP 3/4/5 - Multiple Local / Remote Vulnerabilities (1) Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC) (1) Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC) Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (3) Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2) Free MP3 CD Ripper 2.6 - (wav) Stack Buffer Overflow (PoC) Free MP3 CD Ripper 2.6 - '.wav' Stack Buffer Overflow Free MP3 CD Ripper 2.6 - Exploit (2) Free MP3 CD Ripper 2.6 - '.wav' Exploit Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (2) Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1) Free MP3 CD Ripper 2.6 - Local Buffer Overflow Free MP3 CD Ripper 2.6 - '.wav' Local Buffer Overflow Free MP3 CD Ripper 2.6 2.8 '.wav' - SEH Based Buffer Overflow (Windows 7 DEP Bypass) Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass) Alt-N SecurityGateway - 'Username' Buffer Overflow (Metasploit) Alt-N SecurityGateway 1.0.1 - 'Username' Buffer Overflow (Metasploit) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (2) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow thttpd 2.2x - defang Remote Buffer Overflow (2) thttpd 2.2x - defang Remote Buffer Overflow Windows x64 - Bind Shell TCP Shellcode (508 bytes) CuteNews 1.4.1 - (function.php) Local File Inclusion CuteNews 1.4.1 - 'function.php' Local File Inclusion CoreNews 2.0.1 - (userid) SQL Injection CoreNews 2.0.1 - 'userid' Parameter SQL Injection phpAuction 2.1 - (phpAds_path) Remote File Inclusion phpAuction 2.1 - 'phpAds_path' Parameter Remote File Inclusion Freenews 1.1 - (moteur.php) Remote File Inclusion Freenews 1.1 - 'moteur.php' Remote File Inclusion SH-News 3.1 - (scriptpath) Multiple Remote File Inclusion SH-News 3.1 - 'scriptpath' Parameter Remote File Inclusion JaxUltraBB 2.0 - (delete.php) Remote Auto Deface Exploit JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface Exploit JaxUltraBB 2.0 - Topic Reply Command Execution JaxUltraBB 2.0 - Command Execution Oxygen 1.1.3 - (O2PHP Bulletin Board) SQL Injection Oxygen 1.1.3 (O2PHP Bulletin Board) - SQL Injection cutenews aj-fork 167f - (cutepath) Remote File Inclusion cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion SH-News 0.93 - (misc.php) Remote File Inclusion SH-News 0.93 - 'misc.php' Remote File Inclusion aspWebCalendar 4.5 - (calendar.asp eventid) SQL Injection AspWebCalendar 4.5 - 'eventid' Parameter SQL Injection SH-News 3.0 - (comments.php id) SQL Injection SH-News 3.0 - 'comments.php' SQL Injection ClipShare - 'uprofile.php UID' SQL Injection ClipShare - 'UID' Parameter SQL Injection Lasernet CMS 1.5 - SQL Injection (2) LaserNet CMS 1.5 - SQL Injection (2) Oxygen 2.0 - (repquote) SQL Injection Oxygen 2.0 - 'repquote' Parameter SQL Injection Open Azimyt CMS 0.22 - 'lang' Local File Inclusion Open Azimyt CMS 0.22 - 'lang' Parameter Local File Inclusion Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection Joomla! Component Simple Shop Galore 3.x - 'catid' Parameter SQL Injection Bizon-CMS 2.0 - (index.php Id) SQL Injection Basic-CMS - 'index.php r' SQL Injection Bizon-CMS 2.0 - 'Id' Parameter SQL Injection Basic-CMS - 'index.php' SQL Injection ClipShare < 3.0.1 - (tid) SQL Injection easyTrade 2.x - (detail.php id) SQL Injection ThaiQuickCart - (sLanguage) Local File Inclusion ClipShare < 3.0.1 - 'tid' Parameter SQL Injection easyTrade 2.x - 'id' Parameter SQL Injection ThaiQuickCart 3 - 'sLanguage' Cookie Local File Inclusion eroCMS 1.4 - (index.php site) SQL Injection WebCalendar 1.0.4 - (includedir) Remote File Inclusion traindepot 0.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities doITlive CMS 2.50 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities AspWebCalendar 2008 - Arbitrary File Upload netBIOS - 'shownews.php newsid' SQL Injection Maxtrade AIO 1.3.23 - (categori) SQL Injection Mybizz-Classifieds - 'index.php cat' SQL Injection Easy Webstore 1.2 - (index.php postid) SQL Injection eroCMS 1.4 - 'site' Parameter SQL Injection WebCalendar 1.0.4 - 'includedir' Parameter Remote File Inclusion traindepot 0.1 - Local File Inclusion / Cross-Site Scripting doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting AspWebCalendar 2008 - Arbitrary File Upload netBIOS - 'newsid' Parameter SQL Injection Maxtrade AIO 1.3.23 - 'categori' Parameter SQL Injection Mybizz-Classifieds - 'cat' Parameter SQL Injection Easy Webstore 1.2 - SQL Injection Carscripts Classifieds - 'index.php cat' SQL Injection BoatScripts Classifieds - 'index.php type' SQL Injection Carscripts Classifieds - 'cat' Parameter SQL Injection BoatScripts Classifieds - 'type' Parameter SQL Injection ownrs blog beta3 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities samart-cms 2.0 - (contentsid) SQL Injection CMS-BRD - (menuclick) SQL Injection ownrs blog beta3 - SQL Injection / Cross-Site Scripting Yektaweb Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities samart-cms 2.0 - 'contentsid' Parameter SQL Injection CMS-BRD - 'menuclick' Parameter SQL Injection CaupoShop Classic 1.3 - (saArticle[ID]) SQL Injection CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities Lightweight news portal [lnp] 1.0b - Multiple Vulnerabilities Lightweight news portal (LNP) 1.0b - Multiple Vulnerabilities CiBlog 3.1 - (links-extern.php id) SQL Injection CiBlog 3.1 - 'id' Parameter SQL Injection jaxultrabb 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities emuCMS 0.3 - 'cat_id' SQL Injection phpAuction - 'profile.php user_id' SQL Injection SiteXS CMS 0.1.1 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities @CMS 2.1.1 - (readarticle.php article_id) SQL Injection eNews 0.1 - (delete.php) Arbitrary Delete Post PHP KnowledgeBase Script 2.4 - 'cat_id' SQL Injection jaxultrabb 2.0 - Local File Inclusion / Cross-Site Scripting emuCMS 0.3 - 'cat_id' Parameter SQL Injection phpAuction - 'profile.php' SQL Injection SiteXS CMS 0.1.1 - Arbitrary File Upload / Cross-Site Scripting @CMS 2.1.1 - SQL Injection eNews 0.1 - 'delete.php' Arbitrary Delete Post PHP KnowledgeBase Script 2.4 - 'cat_id' Parameter SQL Injection OFFL 0.2.6 - (teams.php fflteam) SQL Injection Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection phpAuction 3.2.1 - (item.php id) SQL Injection Joomla! Component EXP Shop - 'catid' SQL Injection DUdForum 3.0 - (forum.asp iFor) SQL Injection shibby shop 2.2 - (SQL Injection / update) Multiple Vulnerabilities phpAuction 3.2.1 - 'item.php' SQL Injection Joomla! Component EXP Shop - 'catid' Parameter SQL Injection DUdForum 3.0 - 'iFor' Parameter SQL Injection shibby shop 2.2 - Multiple Vulnerabilities LiteNews 0.1 - 'id' SQL Injection LiteNews 0.1 - 'id' Parameter SQL Injection ClipShare Pro 2006-2007 - (chid) SQL Injection ClipShare Pro 2006-2007 - 'chid' Parameter SQL Injection phpauctionsystem - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities phpauctionsystem - Cross-Site Scripting / SQL Injection Jamroom - 'index.php t' Local File Inclusion Jamroom 4.0.2 - 't' Parameter Local File Inclusion Oxygen2PHP 1.1.3 - (member.php) SQL Injection Oxygen2PHP 1.1.3 - 'member.php' SQL Injection Oxygen2PHP 1.1.3 - (post.php) Blind SQL Injection Oxygen2PHP 1.1.3 - (forumdisplay.php) Blind SQL Injection Oxygen2PHP 1.1.3 - 'post.php' Blind SQL Injection Oxygen2PHP 1.1.3 - 'forumdisplay.php' Blind SQL Injection MyPhpAuction 2010 - 'id' SQL Injection MyPhpAuction 2010 - 'id' Parameter SQL Injection CuteNews - 'index.php?page' Local File Inclusion CuteNews - 'page' Parameter Local File Inclusion Lasernet CMS 1.5 - SQL Injection (1) LaserNet CMS 1.5 - SQL Injection (1) WebCalendar 1.2.4 - (install/index.php) Remote Code Execution WebCalendar 1.2.4 - Remote Code Execution MyMarket 1.71 - Form_Header.php Cross-Site Scripting MyMarket 1.71 - 'Form_Header.php' Cross-Site Scripting CuteNews 0.88 - shownews.php Remote File Inclusion CuteNews 0.88 - search.php Remote File Inclusion CuteNews 0.88 - comments.php Remote File Inclusion CuteNews 0.88 - 'shownews.php' Remote File Inclusion CuteNews 0.88 - 'search.php' Remote File Inclusion CuteNews 0.88 - 'comments.php' Remote File Inclusion WebCalendar 0.9.x - colors.php color Cross-Site Scripting WebCalendar 0.9.x - week.php user Cross-Site Scripting CuteNews 0.88/1.3 - example1.php id Parameter Cross-Site Scripting CuteNews 0.88/1.3 - example2.php id Parameter Cross-Site Scripting CuteNews 0.88/1.3 - show_archives.php id Parameter Cross-Site Scripting CuteNews 0.88/1.3 - 'example1.php' Cross-Site Scripting CuteNews 0.88/1.3 - 'example2.php' Cross-Site Scripting CuteNews 0.88/1.3 - 'show_archives.php' Cross-Site Scripting CuteNews 1.3.1 - show_archives.php archive Parameter Cross-Site Scripting CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting ClipShare 4.1.1 - (gmembers.php gid Parameter) Blind SQL Injection ClipShare 4.1.1 - 'gid' Parameter Blind SQL Injection CutePHP CuteNews 1.3.6 - x-forwarded-for Script Injection CutePHP CuteNews 1.3.6 - 'x-forwarded-for' Script Injection CuteNews 1.4.1 - show_archives.php template Parameter Traversal Arbitrary File Access CuteNews 1.4.1 - show_news.php template Parameter Traversal Arbitrary File Access CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access CuteNews 1.4.1 - 'template' Parameter Traversal Arbitrary File Access WebCalendar 1.0.1 - Layers_Toggle.php HTTP Response Splitting WebCalendar 1.0.1 - 'Layers_Toggle.php' HTTP Response Splitting CuteNews 1.4.1 - show_news.php Cross-Site Scripting CuteNews 1.4.1 - 'show_news.php' Cross-Site Scripting O2PHP Oxygen 1.0/1.1 - post.php SQL Injection O2PHP Oxygen 1.0/1.1 - 'post.php' SQL Injection Freenews 1.1 - Aff_News.php Remote File Inclusion Freenews 1.1 - 'Aff_News.php' Remote File Inclusion ActiveNews Manager - activenews_view.asp articleId Parameter SQL Injection ActiveNews Manager - 'articleId' Parameter SQL Injection ActiveNews Manager - default.asp page Parameter SQL Injection ActiveNews Manager - activenews_search.asp query Parameter Cross-Site Scripting Active News Manager - activeNews_categories.asp catID Parameter SQL Injection Active News Manager - activeNews_comments.asp articleId Parameter SQL Injection ActiveNews Manager - 'page' Parameter SQL Injection ActiveNews Manager - 'query' Parameter Cross-Site Scripting Active News Manager - 'catID' Parameter SQL Injection Active News Manager - 'articleId' Parameter SQL Injection CuteNews 1.4.5 - show_news.php Query String Cross-Site Scripting CuteNews 1.4.5 - rss.php rss_title Parameter Cross-Site Scripting CuteNews 1.4.5 - 'show_news.php' Cross-Site Scripting CuteNews 1.4.5 - 'rss_title' Parameter Cross-Site Scripting CuteNews 1.3.6 - Result Parameter Cross-Site Scripting CuteNews 1.3.6 - 'result' Parameter Cross-Site Scripting ClipShare 1.5.3 - ADODB-Connection.Inc.php Remote File Inclusion ClipShare 1.5.3 - 'ADODB-Connection.Inc.php' Remote File Inclusion WebCalendar 1.1.6 - pref.php Query String Cross-Site Scripting WebCalendar 1.1.6 - search.php adv Parameter Cross-Site Scripting WebCalendar 1.1.6 - 'pref.php' Cross-Site Scripting WebCalendar 1.1.6 - 'search.php' Cross-Site Scripting SiteXS CMS 0.0.1 - 'upload.php' Arbitrary File Upload SiteXS CMS 0.1.1 - 'upload.php' Arbitrary File Upload Basic-CMS - 'index.php' SQL Injection Joomla! Component EXP Shop 1.0 'com_expshop' - SQL Injection Joomla! Component EXP Shop 1.0 - SQL Injection Jamroom 3.3.8 - (Cookie Authentication Bypass and Unspecified Security Issues) Multiple Vulnerabilities Jamroom 3.3.8 - Cookie Authentication Bypass CuteNews 1.4.6 - register.php result Parameter Cross-Site Scripting CuteNews 1.4.6 - 'result' Parameter Cross-Site Scripting CuteNews 1.4.6 - search.php from_date_day Parameter Full Path Disclosure CuteNews 1.4.6 - 'from_date_day' Parameter Full Path Disclosure ZeroCMS 1.0 - (zero_view_article.php article_id Parameter) SQL Injection ZeroCMS 1.0 - 'zero_view_article.php' SQL Injection ZeroCMS 1.0 - zero_transact_user.php Handling Privilege Escalation ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation ZeroCMS 1.0 - (zero_transact_article.php article_id POST Parameter) SQL Injection ZeroCMS 1.0 - 'zero_transact_article.php' SQL Injection WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities (1) WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities (2) Netgear R7000 - Command Injection	2016-12-10 05:01:16 +00:00
Offensive Security	855e59f932	DB: 2016-12-07 9 new exploits MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC) Asterisk - (SIP channel driver / in pedantic mode) Remote Crash Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC) Asterisk 1.2.x - (SIP channel driver / in pedantic mode) Remote Crash F5 BIG-IP - Remote Root Authentication Bypass (1) F5 BIG-IP - Authentication Bypass (1) Ntpd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow NetCat 0.7.1 - Denial of Service Microsoft Event Viewer 1.0 - XML External Entity Injection Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection Apache CouchDB 2.0.0 - Local Privilege Escalation Samba 2.2.8 - Remote Root Exploit Samba 2.2.8 - Remote Code Execution Microsoft Windows - WebDAV Remote Root Exploit (2) Microsoft Windows - WebDAV Remote Code Execution (2) Microsoft IIS 5.0 - WebDAV Remote Root Exploit (3) (xwdav) Microsoft IIS 5.0 - WebDAV Remote Code Execution (3) (xwdav) miniSQL (mSQL) 1.3 - Remote GID Root Exploit miniSQL (mSQL) 1.3 - GID Remote Code Execution Real Server 7/8/9 (Windows / Linux) - Remote Root Exploit GtkFtpd 1.0.4 - Remote Root Buffer Overflow Real Server 7/8/9 (Windows / Linux) - Remote Code Execution GtkFtpd 1.0.4 - Buffer Overflow Solaris Sadmind - Default Configuration Remote Root Exploit Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit Solaris Sadmind - Default Configuration Remote Code Execution Knox Arkeia Pro 5.1.12 - Backup Remote Code Execution ProFTPd 1.2.9rc2 - ASCII File Remote Root Exploit ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution ProFTPd 1.2.7 < 1.2.9rc2 - Remote Root / Brute Force Exploit ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execution / Brute Force Cyrus IMSPD 1.7 - abook_dbname Remote Root Exploit Cyrus IMSPD 1.7 - 'abook_dbname' Remote Code Execution Ethereal 0.10.0 < 0.10.2 - IGAP Overflow Remote Root Exploit Ethereal 0.10.0 < 0.10.2 - IGAP Overflow Monit 4.1 - Remote Root Buffer Overflow Monit 4.2 - Remote Root Buffer Overflow Monit 4.1 - Buffer Overflow Monit 4.2 - Buffer Overflow INND/NNRP < 1.6.x - Remote Root Overflow INND/NNRP < 1.6.x - Overflow Exploit LPRng (RedHat 7.0) - lpd Remote Root Format String LPRng (RedHat 7.0) - 'lpd' Format String BeroFTPD 1.3.4(1) (Linux/x86) - Remote Root Exploit BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution BIND 8.2.x - (TSIG) Remote Root Stack Overflow (1) BIND 8.2.x - (TSIG) Remote Root Stack Overflow (2) BIND 8.2.x - (TSIG) Remote Root Stack Overflow (3) BIND 8.2.x - (TSIG) Remote Root Stack Overflow (4) BIND 8.2.x - (TSIG) Stack Overflow (1) BIND 8.2.x - (TSIG) Stack Overflow (2) BIND 8.2.x - (TSIG) Stack Overflow (3) BIND 8.2.x - (TSIG) Stack Overflow (4) HP Web JetAdmin 6.5 - (connectedNodes.ovpl) Remote Root Exploit HP Web JetAdmin 6.5 - 'connectedNodes.ovpl' Remote Code Execution CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow Root Exploit CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow Solaris /bin/login (SPARC/x86) - Remote Root Exploit Solaris /bin/login (SPARC/x86) - Remote Code Execution Drcat 0.5.0-beta - (drcatd) Remote Root Exploit Drcat 0.5.0-beta - 'drcatd' Remote Code Execution Dropbear SSH 0.34 - Remote Root Exploit Dropbear SSH 0.34 - Remote Code Execution Apple Mac OSX 10.3.3 - AppleFileServer Remote Root Overflow Apple Mac OSX 10.3.3 - AppleFileServer Overflow Remote Code Execution Monit 4.2 - Basic Authentication Remote Root Exploit Monit 4.2 - Basic Authentication Remote Code Execution WvTFTPd 0.9 - Remote Root Heap Overflow WvTFTPd 0.9 - Heap Overflow Qwik SMTP 0.3 - Remote Root Format String Qwik SMTP 0.3 - Format String Citadel/UX 6.27 - Remote Root Format String Citadel/UX 6.27 - Format String Knox Arkeia Server Backup 5.3.x - Remote Root Exploit Knox Arkeia Server Backup 5.3.x - Remote Code Execution Smail 3.2.0.120 - Remote Root Heap Overflow mtftpd 0.0.3 - Remote Root Exploit Smail 3.2.0.120 - Heap Overflow mtftpd 0.0.3 - Remote Code Execution dSMTP Mail Server 3.1b - Linux Remote Root Format String dSMTP Mail Server 3.1b (Linux) - Format String Exploit IPSwitch IMail Server 8.15 - IMAPD Remote Root Exploit IPSwitch IMail Server 8.15 - IMAPD Remote Code Execution linux-ftpd-ssl 0.17 - (MKD/CWD) Remote Root Exploit linux-ftpd-ssl 0.17 - 'MKD'/'CWD' Remote Code Execution MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow GNU InetUtils ftpd 1.4.2 - (ld.so.preload) Remote Root Exploit GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution ProFTPd 1.2.9 rc2 - (ASCII File) Remote Root Exploit ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution dproxy-nexgen (Linux/x86) - Remote Root Buffer Overflow dproxy-nexgen (Linux/x86) - Buffer Overflow Kerberos 1.5.1 - Kadmind Remote Root Buffer Overflow Kerberos 1.5.1 - Kadmind Buffer Overflow webdesproxy 0.0.1 - GET Request Remote Root Exploit (exec-shield) webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Root Exploit VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow Alt-N MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow Sun Solaris 10 - rpc.ypupdated Remote Root Exploit Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Code Execution Sun Solaris 10 - rpc.ypupdated Remote Root Exploit (Metasploit) Sun Solaris 10 - rpc.ypupdated Remote Code Execution (Metasploit) Trixbox 2.6.1 - (langChoice) Remote Root Exploit (Python) Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python) Solaris 9 (UltraSPARC) - sadmind Remote Root Exploit Solaris 9 (UltraSPARC) - sadmind Remote Code Execution Apache SpamAssassin Milter Plugin 0.3.1 - Remote Root Command Execution Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution Microworld eScan AntiVirus < 3.x - Remote Root Command Execution Microworld eScan AntiVirus < 3.x - Remote Code Execution AIX5l with FTP-Server - Remote Root Hash Disclosure AIX5l with FTP-Server - Hash Disclosure McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Root Remote Code Execution) McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution) ProFTPd 1.3.3c - Compromised Source Remote Root Trojan ProFTPd 1.3.3c - Compromised Source (Trojan) Remote Code Execution Comtrend ADSL Router CT-5367 C01_R12 - Remote Root Exploit Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit) Alt-N MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit) ACTi ASOC 2200 Web Configurator 2.6 - Remote Root Command Execution ACTi ASOC 2200 Web Configurator 2.6 - Remote Command Execution DreamBox DM800 1.5rc1 - Remote Root File Disclosure DreamBox DM800 1.5rc1 - File Disclosure TelnetD encrypt_keyid - Remote Root Function Pointer Overwrite TelnetD encrypt_keyid - Function Pointer Overwrite F5 BIG-IP - Remote Root Authentication Bypass (2) MySQL - Remote Root Authentication Bypass F5 BIG-IP - Authentication Bypass (2) MySQL - Authentication Bypass ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection ManageEngine Security Manager Plus 5.5 build 5505 - Remote Root/SYSTEM SQL Injection WIDZ 1.0/1.5 - Remote Root Compromise WIDZ 1.0/1.5 - Remote Code Execution Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH) DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow proManager 0.73 - (note.php) SQL Injection ProManager 0.73 - 'note.php' SQL Injection pNews 1.1.0 - (nbs) Remote File Inclusion pNews 1.1.0 - 'nbs' Parameter Remote File Inclusion Power Phlogger 2.0.9 - (config.inc.php3) File Inclusion Power Phlogger 2.0.9 - 'config.inc.php3' File Inclusion eFiction 3.1.1 - (path_to_smf) Remote File Inclusion eFiction 3.1.1 - 'path_to_smf' Remote File Inclusion FlexPHPNews 0.0.5 - (news.php newsid) SQL Injection FlexPHPNews 0.0.5 - 'newsid' Parameter SQL Injection Achievo 1.1.0 - (atk.inc config_atkroot) Remote File Inclusion Achievo 1.1.0 - 'config_atkroot' Parameter Remote File Inclusion SimpNews 2.40.01 - (print.php newnr) SQL Injection SimpNews 2.40.01 - 'newnr' Parameter SQL Injection PHPNews 0.93 - (format_menue) Remote File Inclusion PHPNews 0.93 - 'format_menue' Parameter Remote File Inclusion meBiblio 0.4.5 - (index.php action) Remote File Inclusion meBiblio 0.4.5 - 'action' Parameter Remote File Inclusion Joomla! Component rapidrecipe 1.6.5 - SQL Injection Joomla! Component Rapid Recipe 1.6.5 - SQL Injection mebiblio 0.4.7 - (SQL Injection / Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities mebiblio 0.4.7 - SQL Injection / Arbitrary File Upload / Cross-Site Scripting pLog - 'albumID' SQL Injection smeweb 1.4b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities PLog 1.0.6 - 'albumID' Parameter SQL Injection smeweb 1.4b - SQL Injection / Cross-Site Scripting Joomla! Component joomradio 1.0 - 'id' SQL Injection Joomla! Component JoomRadio 1.0 - 'id' Parameter SQL Injection Battle Blog 1.25 - (comment.asp) SQL Injection Battle Blog 1.25 - 'comment.asp' SQL Injection 1Book Guestbook Script - Code Execution 1Book Guestbook Script 1.0.1 - Code Execution PHP-Address Book 3.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Joomla! Component EasyBook 1.1 - (gbid) SQL Injection 427bb 2.3.1 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting Joomla! Component EasyBook 1.1 - 'gbid' Parameter SQL Injection 427bb 2.3.1 - SQL Injection / Cross-Site Scripting Power Phlogger 2.2.5 - (css_str) SQL Injection pSys 0.7.0.a - (shownews) SQL Injection Joomla! Component JoomlaDate - (user) SQL Injection Power Phlogger 2.2.5 - 'css_str' Parameter SQL Injection pSys 0.7.0.a - 'shownews' Parameter SQL Injection Joomla! Component JoomlaDate 1.2 - 'user' Parameter SQL Injection JiRo?s FAQ Manager (read.asp fID) 1.0 - SQL Injection phpinv 0.8.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Joomla! Component yvcomment 1.16 - Blind SQL Injection JiRo's FAQ Manager eXperience 1.0 - 'fID' Parameter SQL Injection phpinv 0.8.0 - Local File Inclusion / Cross-Site Scripting Joomla! Component yvComment 1.16 - Blind SQL Injection BrowserCRM 5.002.00 - (clients.php) Remote File Inclusion BrowserCRM 5.002.00 - 'clients.php' Remote File Inclusion Joomla! Component rapidrecipe - SQL Injection Joomla! Component Rapid Recipe 1.6.6/1.6.7 - SQL Injection Joomla! Component iJoomla! News Portal - 'itemID' SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' Parameter SQL Injection real estate Web site 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities telephone directory 2008 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ASPilot Pilot Cart 7.3 - (article) SQL Injection real estate Web site 1.0 - SQL Injection / Cross-Site Scripting Telephone Directory 2008 - SQL Injection / Cross-Site Scripting ASPilot Pilot Cart 7.3 - 'article' Parameter SQL Injection Flux CMS 1.5.0 - (loadsave.php) Arbitrary File Overwrite pNews 2.08 - (shownews) SQL Injection Flux CMS 1.5.0 - 'loadsave.php' Arbitrary File Overwrite pNews 2.08 - 'shownews' Parameter SQL Injection ErfurtWiki R1.02b - (css) Local File Inclusion DCFM Blog 0.9.4 - (comments) SQL Injection yblog 0.2.2.2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Insanely Simple Blog 0.5 - (index) SQL Injection ASPPortal Free Version - 'Topic_Id' SQL Injection Experts 1.0.0 - (answer.php) SQL Injection SyndeoCMS 2.6.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ErfurtWiki R1.02b - Local File Inclusion DCFM Blog 0.9.4 - SQL Injection Yblog 0.2.2.2 - Cross-Site Scripting / SQL Injection Insanely Simple Blog 0.5 - SQL Injection ASPPortal Free Version - 'Topic_Id' Parameter SQL Injection Experts 1.0.0 - 'answer.php' SQL Injection SyndeoCMS 2.6.0 - Local File Inclusion / Cross-Site Scripting Yuhhu 2008 SuperStar - 'board' SQL Injection Yuhhu 2008 SuperStar - 'board' Parameter SQL Injection eFiction 3.0 - (toplists.php list) SQL Injection eFiction 3.0 - 'toplists.php' SQL Injection pSys 0.7.0 Alpha - (chatbox.php) SQL Injection pSys 0.7.0 Alpha - 'chatbox.php' SQL Injection pNews 2.03 - (newsid) SQL Injection pNews 2.03 - 'newsid' Parameter SQL Injection Joomla! Component JooBlog 0.1.1 - (PostID) SQL Injection Joomla! Component JooBlog 0.1.1 - 'PostID' Parameter SQL Injection FlexPHPNews 0.0.6 & PRO - (Authentication Bypass) SQL Injection FlexPHPNews 0.0.6 & PRO - Authentication Bypass E-ShopSystem - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities E-ShopSystem - Authentication Bypass / SQL Injection Battle Blog 1.25 - (uploadform.asp) Arbitrary File Upload Battle Blog 1.25 - 'uploadform.asp' Arbitrary File Upload 427BB Fourtwosevenbb 2.3.2 - SQL Injection 427BB 2.3.2 - SQL Injection Joomla! Component 'com_joomradio' - SQL Injection Joomla! Component JoomRadio 1.0 - SQL Injection Joomla! Component 'com_elite_experts' - SQL Injection Joomla! Component Elite Experts - SQL Injection ASPilot Pilot Cart 7.3 - newsroom.asp SQL Injection ASPilot Pilot Cart 7.3 - 'newsroom.asp' SQL Injection Contrexx ShopSystem 2.2 SP3 (catId) - Blind SQL Injection Contrexx ShopSystem 2.2 SP3 - 'catId' Parameter Blind SQL Injection Comtrend Router CT-5624 - Remote Root/Support Password Disclosure/Change Exploit Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit alt-n mdaemon free 12.5.4 - Persistent Cross-Site Scripting Alt-N MDaemon free 12.5.4 - Persistent Cross-Site Scripting SimpNews 2.0.1/2.13 - PATH_SIMPNEWS Remote File Inclusion SimpNews 2.0.1/2.13 - 'path_simpnews' Parameter Remote File Inclusion PHPNews 1.2.3/1.2.4 - auth.php Remote File Inclusion PHPNews 1.2.3/1.2.4 - 'auth.php' Remote File Inclusion PHPSysInfo 2.0/2.3 - 'index.php' sensor_program Parameter Cross-Site Scripting PHPSysInfo 2.0/2.3 - system_footer.php Multiple Parameter Cross-Site Scripting PHPSysInfo 2.0/2.3 - 'sensor_program' Parameter Cross-Site Scripting PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting Seowonintech Routers fw: 2.3.9 - Remote Root File Disclosure Seowonintech Routers fw: 2.3.9 - File Disclosure PHPNews 1.2.x - auth.php SQL Injection PHPNews 1.2.x - 'auth.php' SQL Injection efiction 1.0/1.1/2.0 - titles.php let Parameter Cross-Site Scripting efiction 1.0/1.1/2.0 - titles.php let Parameter SQL Injection efiction 1.0/1.1/2.0 - viewstory.php sid Parameter SQL Injection efiction 1.0/1.1/2.0 - viewuser.php uid Parameter SQL Injection efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting efiction 1.0/1.1/2.0 - 'titles.php' SQL Injection efiction 1.0/1.1/2.0 - 'sid' Parameter SQL Injection efiction 1.0/1.1/2.0 - 'uid' Parameter SQL Injection 427BB 2.2 - showthread.php SQL Injection 427BB 2.2 - 'showthread.php' SQL Injection BrowserCRM - results.php Cross-Site Scripting Simpnews 2.x - Wap_short_news.php Remote File Inclusion Simpnews 2.x - 'Wap_short_news.php' Remote File Inclusion ZYXEL Prestige 660H-61 ADSL Router - RPSysAdmin.HTML Cross-Site Scripting ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting Yblog - funk.php id Parameter Cross-Site Scripting Yblog - tem.php action Parameter Cross-Site Scripting Yblog - uss.php action Parameter Cross-Site Scripting Yblog - 'funk.php' Cross-Site Scripting Yblog - 'tem.php' Cross-Site Scripting Yblog - 'uss.php' Cross-Site Scripting Simpnews 2.x - admin/index.php Unspecified Cross-Site Scripting Simpnews 2.x - admin/pwlost.php Unspecified Cross-Site Scripting Simpnews 2.x - 'index.php' Cross-Site Scripting Simpnews 2.x - 'pwlost.php' Cross-Site Scripting PHPNews 1.3 - Link_Temp.php Multiple Cross-Site Scripting Vulnerabilities PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting Insanely Simple Blog 0.4/0.5 - 'index.php' current_subsection Parameter SQL Injection Insanely Simple Blog 0.4/0.5 - Blog Anonymous Blog Entry Cross-Site Scripting Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting SimpNews 2.41.3 - admin/layout2b.php l_username Parameter Cross-Site Scripting SimpNews 2.41.3 - comment.php backurl Parameter Cross-Site Scripting SimpNews 2.41.3 - 'l_username' Parameter Cross-Site Scripting SimpNews 2.41.3 - 'backurl' Parameter Cross-Site Scripting BrowserCRM 5.100.1 - modules/Documents/version_list.php parent_id Parameter SQL Injection BrowserCRM 5.100.1 - modules/Documents/index.php contact_id Parameter SQL Injection BrowserCRM 5.100.1 - Multiple Script URI Cross-Site Scripting BrowserCRM 5.100.1 - license/index.php framed Parameter Cross-Site Scripting BrowserCRM 5.100.1 - licence/view.php framed Parameter Cross-Site Scripting BrowserCRM 5.100.1 - pub/clients.php login[] Parameter Cross-Site Scripting BrowserCRM 5.100.1 - 'index.php' login[] Parameter Cross-Site Scripting BrowserCRM 5.100.1 - 'parent_id' Parameter SQL Injection BrowserCRM 5.100.1 - 'contact_id' Parameter SQL Injection BrowserCRM 5.100.1 - URI Cross-Site Scripting BrowserCRM 5.100.1 - 'framed' Parameter Cross-Site Scripting Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting	2016-12-07 05:01:17 +00:00
Offensive Security	b3a7c78388	DB: 2016-11-25 4 new exploits Groupwise 7.0 - (mailto: scheme) Buffer Overflow (PoC) Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC) Remote Utilities Host 6.3 - Denial of Service Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) GNU Wget < 1.18 - Access List Bypass / Race Condition miniBB - 'user' Input Validation Hole MiniBB 1.7f - 'user' Parameter SQL Injection TR Newsportal 0.36tr1 - (poll.php) Remote File Inclusion TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion miniBB keyword_replacer 1.0 - (pathToFiles) File Inclusion MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion miniBB 2.0.2 - (bb_func_txt.php) Remote File Inclusion MiniBB 2.0.2 - 'bb_func_txt.php' Remote File Inclusion W1L3D4 philboard 0.2 - (W1L3D4_bolum.asp forumid) SQL Injection W1L3D4 philboard 0.2 - 'W1L3D4_bolum.asp' SQL Injection miniBB 2.1 - (table) SQL Injection MiniBB 2.1 - 'table' Parameter SQL Injection Joovili 3.0.6 - (joovili.images.php) Remote File Disclosure Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure Apartment Search Script - 'listtest.php r' SQL Injection XOOPS Module Recipe - 'detail.php id' SQL Injection Aterr 0.9.1 - (class) Local File Inclusion (PHP5) W1L3D4 philboard 1.0 - (philboard_reply.asp) SQL Injection Apartment Search Script - 'listtest.php' SQL Injection XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection Aterr 0.9.1 - Local File Inclusion (PHP5) W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection KubeLance 1.6.4 - (ipn.php i) Local File Inclusion acidcat CMS 3.4.1 - Multiple Vulnerabilities BlogWorx 1.0 - (view.asp id) SQL Injection Crazy Goomba 1.2.1 - 'id' SQL Injection RedDot CMS 7.5 - (LngId) SQL Injection TR News 2.1 - (nb) SQL Injection KubeLance 1.6.4 - 'ipn.php' Local File Inclusion Acidcat CMS 3.4.1 - Multiple Vulnerabilities BlogWorx 1.0 - 'id' Parameter SQL Injection Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection RedDot CMS 7.5 - 'LngId' Parameter SQL Injection TR News 2.1 - 'nb' Parameter SQL Injection E RESERV 2.1 - (index.php ID_loc) SQL Injection Joomla! Component Filiale 1.0.4 - (idFiliale) SQL Injection E RESERV 2.1 - 'index.php' SQL Injection Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection minibb 2.2 - (Cross-Site Scripting / SQL Injection / Full Path Disclosure) Multiple Vulnerabilities PostNuke Module PostSchedule - (eid) SQL Injection MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting PHP Forge 3 Beta 2 - 'id' SQL Injection PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection megabbs forum 2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Jokes Site Script - 'jokes.php?catagorie' SQL Injection FluentCMS - 'view.php sid' SQL Injection megabbs forum 2.2 - SQL Injection / Cross-Site Scripting Jokes Site Script - 'jokes.php' SQL Injection FluentCMS - 'view.php' SQL Injection Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection Softbiz Web Host Directory Script (host_id) - SQL Injection Joovili 3.1 - (browse.videos.php category) SQL Injection Prozilla Hosting Index - 'cat_id' Parameter SQL Injection Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection Joovili 3.1 - 'browse.videos.php' SQL Injection w1l3d4 philboard 1.2 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting apartment search script - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities Apartment Search Script - Arbitrary File Upload / Cross-Site Scripting Mini Web Calendar 1.2 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting Prozilla Hosting Index - 'id' SQL Injection Prozilla Hosting Index - 'id' Parameter SQL Injection web Calendar system 3.12/3.30 - Multiple Vulnerabilities Web Calendar System 3.12/3.30 - Multiple Vulnerabilities Web Calendar 4.1 - (Authentication Bypass) SQL Injection Web Calendar 4.1 - Authentication Bypass web Calendar system 3.40 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection KubeLance - 'profile.php?id' SQL Injection KubeLance 1.7.6 - 'profile.php' SQL Injection Clever Copy 2.0 - calendar.php Cross-Site Scripting Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting Clever Copy 2.0 - results.php Multiple Parameter Cross-Site Scripting Clever Copy 2.0 - categorysearch.php Multiple Parameter Cross-Site Scripting Clever Copy 2.0 - 'results.php' Cross-Site Scripting Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting Acidcat CMS 2.1.13 - default.asp ID Parameter SQL Injection Acidcat CMS 2.1.13 - acidcat.mdb Remote Information Disclosure Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure ODFaq 2.1 - faq.php SQL Injection ODFaq 2.1 - 'faq.php' SQL Injection MiniBB 1.5 - news.php Remote File Inclusion MiniBB 1.5 - 'news.php' Remote File Inclusion W1L3D4 philboard 0.3 - W1L3D4_Aramasonuc.asp Cross-Site Scripting W1L3D4 philboard 0.3 - Cross-Site Scripting Proverbs Web Calendar 1.1 - Password Parameter SQL Injection Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection Chimaera Project Aterr 0.9.1 - Multiple Local File Inclusion miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting eZoneScripts Apartment Search Script - 'listtest.php' SQL Injection miniBB 3.1 - Blind SQL Injection MiniBB 3.1 - Blind SQL Injection Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting	2016-11-25 05:01:20 +00:00
Offensive Security	b22e31535e	DB: 2016-11-18 3 new exploits Winamp 5.21 - (Midi File Header Handling) Buffer Overflow (PoC) Winamp 5.21 - .Midi File Header Handling Buffer Overflow (PoC) Nullsoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC) NullSoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC) Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC) WinAmp GEN_MSN Plugin - Heap Buffer Overflow (PoC) Winamp GEN_MSN Plugin - Heap Buffer Overflow (PoC) Winamp 5.572 - whatsnew.txt Stack Overflow (PoC) Winamp 5.572 - 'whatsnew.txt' Stack Overflow (PoC) Nullsoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow WinAmp 5.63 - Invalid Pointer Dereference WinAmp 5.63 - Stack Based Buffer Overflow Winamp 5.63 - Invalid Pointer Dereference Winamp 5.63 - Stack Based Buffer Overflow Winamp 5.666 build 3516 - (Corrupted flv) Crash (PoC) Winamp 5.666 build 3516 - Corrupted .flv Crash (PoC) Microsoft Edge - 'eval' Type Confusion Nullsoft Winamp 5.32 - .MP4 Tags Stack Overflow NullSoft Winamp 5.32 - .MP4 Tags Stack Overflow SCO UnixWare < 7.1.4 p534589 - (pkgadd) Privilege Escalation SCO UnixWare Reliant HA - Privilege Escalation SCO UnixWare Merge - mcd Privilege Escalation Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Privilege Escalation SCO UnixWare Reliant HA 1.1.4 - Privilege Escalation SCO UnixWare Merge - 'mcd' Privilege Escalation Winamp 5.05-5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.05<5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.572 - whatsnew.txt Stack Overflow Winamp 5.572 - whatsnew.txt Local Buffer Overflow (Windows XP SP3 DE) Winamp 5.572 - 'whatsnew.txt' Stack Overflow Winamp 5.572 (Windows XP SP3 DE) - 'whatsnew.txt' Local Buffer Overflow Winamp 5.572 - whatsnew.txt SEH (Metasploit) Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit) Winamp 5.572 - Local Buffer Overflow (Windows 7 ASLR + DEP Bypass) Winamp 5.572 (Windows 7) - Local Buffer Overflow (ASLR + DEP Bypass) Nullsoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking NullSoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking WinAmp 5.63 - (winamp.ini) Local Exploit Winamp 5.63 - 'winamp.ini' Local Exploit Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1) Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2) Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1) Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2) Nullsoft Winamp 2.x - AIP Buffer Overflow NullSoft Winamp 2.x - AIP Buffer Overflow Nullsoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow NullSoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow winamp Web interface 7.5.13 - Multiple Vulnerabilities Winamp Web interface 7.5.13 - Multiple Vulnerabilities Nullsoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow NullSoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow LinPHA 1.3.1 - (new_images.php) Blind SQL Injection LinPHA 1.3.1 - 'new_images.php' Blind SQL Injection KwsPHP Module jeuxflash 1.0 - 'id' SQL Injection KwsPHP Module jeuxflash 1.0 - 'id' Parameter SQL Injection KwsPHP 1.0 - Newsletter Module SQL Injection KwsPHP 1.0 Module Newsletter - SQL Injection DaZPHP 0.1 - (prefixdir) Local File Inclusion PhpBlock a8.4 - (PATH_TO_CODE) Remote File Inclusion KwsPHP Module Galerie - (id_gal) SQL Injection KwsPHP Module Archives - 'id' SQL Injection KwsPHP Module jeuxflash (cat) 1.0 - SQL Injection KwsPHP Module ConcoursPhoto - (C_ID) SQL Injection XPOZE Pro 3.05 - (reed) SQL Injection Vastal I-Tech Software Zone - 'cat_id' SQL Injection sabros.us 1.75 - (thumbnails.php) Remote File Disclosure Comdev News Publisher - SQL Injection Affiliate Directory - 'cat_id' SQL Injection PHP Photo Gallery 1.0 - (photo_id) SQL Injection Blogator-script 0.95 - (incl_page) Remote File Inclusion PIGMy-SQL 1.4.1 - (getdata.php id) Blind SQL Injection Blogator-script 0.95 - (id_art) SQL Injection Dragoon 0.1 - (lng) Local File Inclusion DaZPHP 0.1 - 'prefixdir' Parameter Local File Inclusion PhpBlock a8.4 - 'PATH_TO_CODE' Parameter Remote File Inclusion KwsPHP 1.3.456 Module Galerie - 'id_gal' Parameter SQL Injection KwsPHP 1.3.456 Module Archives - 'id' Parameter SQL Injection KwsPHP Module jeuxflash 1.0 - 'cat' Parameter SQL Injection KwsPHP Module ConcoursPhoto 2.0 - 'C_ID' Parameter SQL Injection XPOZE Pro 3.05 - 'reed' Parameter SQL Injection Vastal I-Tech Software Zone - 'cat_id' Parameter SQL Injection Sabros.us 1.75 - 'thumbnails.php' Remote File Disclosure Comdev News Publisher 4.1.2 - SQL Injection Affiliate Directory - 'cat_id' Parameter SQL Injection PHP Photo Gallery 1.0 - 'photo_id' Parameter SQL Injection Blogator-script 0.95 - 'incl_page' Parameter Remote File Inclusion PIGMy-SQL 1.4.1 - 'getdata.php' Blind SQL Injection Blogator-script 0.95 - 'id_art' Parameter SQL Injection Dragoon 0.1 - 'lng' Parameter Local File Inclusion Easynet Forum Host - 'forum.php forum' SQL Injection CoBaLT 0.1 - Multiple SQL Injections Gaming Directory 1.0 - 'cat_id' SQL Injection Easynet Forum Host - 'forum.php' SQL Injection Cobalt 0.1 - Multiple SQL Injections Gaming Directory 1.0 - 'cat_id' Parameter SQL Injection Links Directory 1.1 - 'cat_id' SQL Injection Software Index 1.1 - 'cid' SQL Injection Links Directory 1.1 - 'cat_id' Parameter SQL Injection Software Index 1.1 - 'cid' Parameter SQL Injection Blog PixelMotion - 'index.php categorie' SQL Injection Site Sift Listings - 'id' SQL Injection Blog PixelMotion - 'categorie' Parameter SQL Injection Site Sift Listings - 'id' Parameter SQL Injection Prozilla Forum Service - 'forum.php forum' SQL Injection Prozilla Forum Service - 'forum' Parameter SQL Injection Prozilla Freelancers - (project) SQL Injection Prozilla Freelancers - 'project' Parameter SQL Injection LinPHA 1.3.3 - (maps plugin) Remote Command Execution Dragoon 0.1 - (root) Remote File Inclusion LinPHA 1.3.3 Plugin Maps - Remote Command Execution Dragoon 0.1 - 'root' Parameter Remote File Inclusion k-links directory - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities k-links directory - SQL Injection / Cross-Site Scripting SFS Affiliate Directory - 'id' SQL Injection Affiliate Directory - 'id' Parameter SQL Injection SFS EZ Gaming Directory - 'Directory.php id' SQL Injection SFS EZ Gaming Directory - 'directory.php' SQL Injection SFS EZ Gaming Directory - 'cat_id' SQL Injection SFS EZ Gaming Directory - 'cat_id' Parameter SQL Injection LinPHA 1.3.2 - (rotate.php) Remote Command Execution LinPHA 1.3.2 - 'rotate.php' Remote Command Execution cobalt qube webmail 1.0 - Directory Traversal Cobalt Qube Webmail 1.0 - Directory Traversal LinPHA 0.9.x/1.0 - 'index.php' lang Parameter Local File Inclusion LinPHA 0.9.x/1.0 - install.php language Parameter Local File Inclusion LinPHA 0.9.x/1.0 - sec_stage_install.php language Parameter Local File Inclusion LinPHA 0.9.x/1.0 - forth_stage_install.php language Variable POST Method Local File Inclusion LinPHA 0.9.x/1.0 - 'lang' Parameter Local File Inclusion LinPHA 0.9.x/1.0 - 'install.php' Parameter Local File Inclusion LinPHA 0.9.x/1.0 - 'sec_stage_install.php' Parameter Local File Inclusion LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion LinPHA 1.1 - Multiple Cross-Site Scripting Vulnerabilities Drake CMS 0.2 - 'index.php' Cross-Site Scripting Sabros.US 1.7 - 'index.php' Cross-Site Scripting Drake CMS 0.3.7 - 404.php Local File Inclusion Drake CMS 0.3.7 - '404.php' Local File Inclusion Drake CMS 0.4.9 - 'index.php' Cross-Site Scripting Blogator-script 0.95 - 'bs_auth.php' Cross-Site Scripting CoBaLT 2.0 - 'adminler.asp' SQL Injection Cobalt 2.0 - 'adminler.asp' SQL Injection VisualPic 0.3.1 - Cross-Site Scripting LinPHA 1.3.2/1.3.3 - 'login.php' Cross-Site Scripting LinPHA 1.3.2/1.3.3 - new_images.php Cross-Site Scripting Software Index - 'signinform.php' Cross-Site Scripting CMSimple 4.4.4 - Remote file Inclusion CMSimple 4.4.4 - Remote File Inclusion Wordpress Plugin Answer My Question 1.3 - SQL Injection Wordpress Plugin Sirv 1.3.1 - SQL Injection	2016-11-18 05:01:22 +00:00
Offensive Security	e1c4e9e1ec	DB: 2016-11-17 3 new exploits Redhat 6.1 / 6.2 - TTY Flood Users Exploit RedHat 6.1 / 6.2 - TTY Flood Users Exploit Microsoft Windows - Kernel ANI File Parsing Crash Microsoft Windows Kernel - '.ANI' File Parsing Crash PunBB 2.0.10 - (Register Multiple Users) Denial Of Service PunBB 2.0.10 - (Register Multiple Users) Denial of Service Apple Mac OSX 10.4.x - Kernel shared_region_map_file_np() Memory Corruption Apple Mac OSX 10.4.x Kernel - shared_region_map_file_np() Memory Corruption MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial Of Service MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial of Service MailEnable Professional/Enterprise 2.37 - Denial Of Service MailEnable Professional/Enterprise 2.37 - Denial of Service Apple Mac OSX 10.4.x - Kernel i386_set_ldt() Integer Overflow (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial Of Service Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial Of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial of Service snircd 1.3.4 - (send_user_mode) Denial of Service MPlayer - sdpplin_parse() Array Indexing Buffer Overflow (PoC) Snircd 1.3.4 - 'send_user_mode' Denial of Service MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC) LogMeIn Remote Access Utility - ActiveX Memory Corruption (Denial Of Service) LogMeIn Remote Access Utility - ActiveX Memory Corruption (Denial of Service) ZoIPer 2.22 - Call-Info Remote Denial Of Service ZoIPer 2.22 - Call-Info Remote Denial of Service Dualis 20.4 - '.bin' Local Denial Of Service Dualis 20.4 - '.bin' Local Denial of Service Dolphin 2.0 - '.elf' Local Denial Of Service Dolphin 2.0 - '.elf' Local Denial of Service Home FTP Server r1.10.3 (build 144) - Denial of Service Home FTP Server 1.10.3 (build 144) - Denial of Service Red Hat Linux - stickiness of /tmp Exploit RedHat Linux - Stickiness of /tmp Exploit Apple Mac OSX < 10.6.7 - Kernel Panic Exploit Apple Mac OSX < 10.6.7 - Kernel Panic Red Hat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service RedHat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service Titan FTP Server 3.0 - 'LIST' Command Denial Of Service Titan FTP Server 3.0 - 'LIST' Command Denial of Service Mozilla0.x / Netscape 3/4 / Firefox 1.0 - JavaScript IFRAME Rendering Denial Of Service Mozilla0.x / Netscape 3/4 / Firefox 1.0 - JavaScript IFRAME Rendering Denial of Service I Hear U 0.5.6 - Multiple Remote Denial Of Service Vulnerabilities I Hear U 0.5.6 - Multiple Remote Denial of Service Vulnerabilities Microsoft Windows Explorer - '.png' Image Local Denial Of Service Microsoft Windows Explorer - '.png' Image Local Denial of Service Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial Of Service Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service MySQL 5.1.23 - Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service MySQL 5.1.23 - Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial of Service PHP 5.2.5 - Multiple GetText functions Denial Of Service Vulnerabilities PHP 5.2.5 - Multiple GetText functions Denial of Service Vulnerabilities LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial Of Service LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial Of Service Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial of Service Sami FTP Server 2.0.x - Multiple Commands Remote Denial Of Service Vulnerabilities Sami FTP Server 2.0.x - Multiple Commands Remote Denial of Service Vulnerabilities SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial Of Service SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial of Service RemotelyAnywhere 8.0.668 - 'Accept-Charset' Parameter Null Pointer Denial Of Service RemotelyAnywhere 8.0.668 - 'Accept-Charset' Parameter Null Pointer Denial of Service MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial Of Service snircd 1.3.4 And ircu 2.10.12.12 - 'set_user_mode' Remote Denial of Service MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial of Service SLMail Pro 6.3.1.0 - Multiple Remote Denial Of Service / Memory Corruption Vulnerabilities Microsoft Windows XP/Vista/2000/2003/2008 - Kernel Usermode Callback Privilege Escalation (1) SLMail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (1) SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial Of Service SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial of Service Apple iCal 3.0.1 - 'ATTACH' Parameter Denial Of Service Apple iCal 3.0.1 - 'ATTACH' Parameter Denial of Service WinWebMail 3.7.3 - IMAP Login Data Handling Denial Of Service WinWebMail 3.7.3 - IMAP Login Data Handling Denial of Service Computer Associates ARCserve Backup Discovery Service Remote - Denial Of Service Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service Microsoft Excel 2007 - JavaScript Code Remote Denial Of Service Microsoft Excel 2007 - JavaScript Code Remote Denial of Service GNOME Rhythmbox 0.11.5 - Malformed Playlist File Denial Of Service GNOME Rhythmbox 0.11.5 - Malformed Playlist File Denial of Service GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial Of Service GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial of Service SWAT 4 - Multiple Denial Of Service Vulnerabilities SWAT 4 - Multiple Denial of Service Vulnerabilities Unreal Tournament 3 - Denial Of Service / Memory Corruption Unreal Tournament 3 - Denial of Service / Memory Corruption Combat Evolved 1.0.7.0615 - Multiple Denial Of Service Vulnerabilities Combat Evolved 1.0.7.0615 - Multiple Denial of Service Vulnerabilities Noticeware Email Server 4.6 - NG LOGIN Messages Denial Of Service Noticeware Email Server 4.6 - NG LOGIN Messages Denial of Service Ruby 1.9 - REXML Remote Denial Of Service Ruby 1.9 - REXML Remote Denial of Service Red Hat 8/9 - Directory Server Crafted Search Pattern Denial of Service RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service MySQL 6.0.4 - Empty Binary String Literal Remote Denial Of Service MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service Mass Downloader - Malformed Executable Denial Of Service Mass Downloader - Malformed Executable Denial of Service Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial Of Service Zope 2.11.2 - PythonScript Multiple Remote Denial Of Service Vulnerabilities Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service Zope 2.11.2 - PythonScript Multiple Remote Denial of Service Vulnerabilities GeSHi 1.0.x - XML Parsing Remote Denial Of Service GeSHi 1.0.x - XML Parsing Remote Denial of Service Symbian S60 - Malformed SMS/Mms Remote Denial Of Service Symbian S60 - Malformed SMS/Mms Remote Denial of Service InfraRecorder 0.53 - Memory Corruption (Denial Of Service) IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial Of Service InfraRecorder 0.53 - Memory Corruption (Denial of Service) IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service QNX RTOS 6.4 - Malformed ELF Binary File Local Denial Of Service QNX RTOS 6.4 - Malformed ELF Binary File Local Denial of Service Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial Of Service PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial Of Service Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial of Service PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial of Service Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial Of Service Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial of Service MySQL 6.0.9 - XPath Expression Remote Denial Of Service MySQL 6.0.9 - XPath Expression Remote Denial of Service MPlayer - Malformed AAC File Handling Denial of Service MPlayer - Malformed OGM File Handling Denial of Service MPlayer - '.AAC' File Handling Denial of Service MPlayer - '.OGM' File Handling Denial of Service Mani's Admin Plugin - Remote Denial Of Service Mani's Admin Plugin - Remote Denial of Service cFos Personal Net 3.09 - Remote Heap Memory Corruption (Denial Of Service) CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial Of Service cFos Personal Net 3.09 - Remote Heap Memory Corruption (Denial of Service) CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service Git 1.6.3 - Parameter Processing Remote Denial Of Service Git 1.6.3 - Parameter Processing Remote Denial of Service GUPnP 0.12.7 - Message Handling Denial Of Service GUPnP 0.12.7 - Message Handling Denial of Service ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial Of Service ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service FileCOPA FTP Server 5.01 - 'NOOP' Command Denial Of Service FileCOPA FTP Server 5.01 - 'NOOP' Command Denial of Service Snort 2.8.5 - Multiple Denial Of Service Vulnerabilities Snort 2.8.5 - Multiple Denial of Service Vulnerabilities lighttpd 1.4/1.5 - Slow Request Handling Remote Denial Of Service lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service Skybox Security 6.3.x < 6.4.x - Multiple Denial Of Service Issue Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Issue Hybserv2 - ':help' Command Denial Of Service Hybserv2 - ':help' Command Denial of Service Mozilla Firefox 3.5.x and SeaMonkey 2.0.1 - Remote Denial Of Service Apple Safari 4.0.4 - Remote Denial Of Service Mozilla Firefox 3.5.x and SeaMonkey 2.0.1 - Remote Denial of Service Apple Safari 4.0.4 - Remote Denial of Service FreeBSD 8.0 / OpenBSD 4.x - 'ftpd' Null Pointer Dereference Denial Of Service FreeBSD 8.0 / OpenBSD 4.x - 'ftpd' Null Pointer Dereference Denial of Service PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial Of Service PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service Remote Help HTTP 0.0.7 - GET Request Format String Denial Of Service Remote Help HTTP 0.0.7 - GET Request Format String Denial of Service netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial Of Service netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial of Service Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial Of Service Geo++ GNCASTER 1.4.0.7 NMEA-data - Denial Of Service Xitami 5.0 - '/AUX' Request Remote Denial Of Service Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial of Service Geo++ GNCASTER 1.4.0.7 NMEA-data - Denial of Service Xitami 5.0 - '/AUX' Request Remote Denial of Service Torque Game Engine - Multiple Denial Of Service Vulnerabilities Torque Game Engine - Multiple Denial of Service Vulnerabilities EA Battlefield 2 1.41 / Battlefield 2142 1.50 - Multiple Denial Of Service Vulnerabilities EA Battlefield 2 1.41 / Battlefield 2142 1.50 - Multiple Denial of Service Vulnerabilities Unreal Engine - 'ReceivedRawBunch()' Denial Of Service Unreal Engine - 'ReceivedRawBunch()' Denial of Service Chrome Engine 4 - Denial Of Service Chrome Engine 4 - Denial of Service Sagem Fast 3304-V1 - Denial Of Service Sagem Fast 3304-V1 - Denial of Service Sumatra PDF 1.1 - Denial Of Service Sumatra PDF 1.1 - Denial of Service Freeciv 2.2.1 - Multiple Remote Denial Of Service Vulnerabilities Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial Of Service Vulnerabilities Freeciv 2.2.1 - Multiple Remote Denial of Service Vulnerabilities Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial of Service Vulnerabilities Microsoft DirectX 8/9 DirectPlay - Multiple Denial Of Service Vulnerabilities Microsoft DirectX 8/9 DirectPlay - Multiple Denial of Service Vulnerabilities PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial Of Service PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial of Service Sniper Elite 1.0 - Null Pointer Dereference Denial Of Service Sniper Elite 1.0 - Null Pointer Dereference Denial of Service MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial Of Service MySQL 5.1.48 - 'EXPLAIN' Denial Of Service OraclMySQL 5.1.48 - 'LOAD DATA INFILE' Denial Of Service MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial of Service MySQL 5.1.48 - 'EXPLAIN' Denial of Service OraclMySQL 5.1.48 - 'LOAD DATA INFILE' Denial of Service Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial Of Service Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial Of Service Oracle MySQL < 5.1.49 - 'DDL' Statements Denial Of Service Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial of Service Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial of Service Oracle MySQL < 5.1.49 - 'DDL' Statements Denial of Service GNU glibc - 'regcomp()' Stack Exhaustion Denial Of Service GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial Of Service Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial of Service Microsoft Internet Explorer 11 - Denial Of Service Microsoft Internet Explorer 11 - Denial of Service Golden FTP Server 4.70 - Malformed Message Denial Of Service Golden FTP Server 4.70 - Malformed Message Denial of Service TP-Link TL-WR740N - Denial Of Service PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial Of Service TP-Link TL-WR740N - Denial of Service PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial of Service Battlefield 2/2142 - Malformed Packet Null Pointer Dereference Remote Denial Of Service Battlefield 2/2142 - Malformed Packet Null Pointer Dereference Remote Denial of Service Wireshark 1.4.3 - NTLMSSP Null Pointer Dereference Denial Of Service Air Contacts Lite - HTTP Packet Denial Of Service Wireshark 1.4.3 - NTLMSSP Null Pointer Dereference Denial of Service Air Contacts Lite - HTTP Packet Denial of Service TOTVS ERP Microsiga Protheus 8/10 - Memory Corruption (Denial Of Service) TOTVS ERP Microsiga Protheus 8/10 - Memory Corruption (Denial of Service) Perl 5.10 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities Perl 5.10 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities Novell eDirectory 8.8 and Netware LDAP-SSL Daemon - Denial Of Service Novell eDirectory 8.8 and Netware LDAP-SSL Daemon - Denial of Service Wireshark 1.4.5 - 'bytes_repr_len()' Null Pointer Dereference Denial Of Service Wireshark 1.4.5 - 'bytes_repr_len()' Null Pointer Dereference Denial of Service RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial Of Service RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial of Service PHP < 5.3.7 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities PHP < 5.3.7 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial Of Service Microsoft Host Integration Server 2004-2010 - Remote Denial Of Service Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial of Service Microsoft Host Integration Server 2004-2010 - Remote Denial of Service Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial Of Service Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial of Service Titan FTP Server 8.40 - 'APPE' Command Remote Denial Of Service Titan FTP Server 8.40 - 'APPE' Command Remote Denial of Service Apache APR - Hash Collision Denial Of Service PHP PDORow Object - Remote Denial Of Service Apache APR - Hash Collision Denial of Service PHP PDORow Object - Remote Denial of Service PHP 5.3.8 - Remote Denial Of Service PHP 5.3.8 - Remote Denial of Service Mercury MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerabilities Mercury MR804 Router - Multiple HTTP Header Fields Denial of Service Vulnerabilities Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial Of Service Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial of Service Universal Reader 1.16.740.0 - 'uread.exe' Denial Of Service Universal Reader 1.16.740.0 - 'uread.exe' Denial of Service Apache Sling - Denial Of Service Apache Sling - Denial of Service VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial Of Service VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial of Service Microsoft Windows - Kernel Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows - Kernel DeferWindowPos Use-After-Free (MS15-073) Microsoft Windows - Kernel UserCommitDesktopMemory Use-After-Free (MS15-073) Microsoft Windows - Kernel Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows - Kernel HmgAllocateObjectAttr Use-After-Free (MS15-061) Microsoft Windows - Kernel win32k!vSolidFillRect Buffer Overflow (MS15-061) Microsoft Windows - Kernel SURFOBJ Null Pointer Dereference (MS15-061) Microsoft Windows - Kernel Brush Object Use-After-Free (MS15-061) Microsoft Windows - Kernel WindowStation Use-After-Free (MS15-061) Microsoft Windows - Kernel Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows - Kernel Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows - Kernel FlashWindowEx Memory Corruption (MS15-097) Microsoft Windows - Kernel bGetRealizedBrush Use-After-Free (MS15-097) Microsoft Windows - Kernel Use-After-Free with Cursor Object (MS15-097) Microsoft Windows - Kernel Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows - Kernel NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073) Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073) Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061) Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061) Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - Brush Object Use-After-Free (MS15-061) Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061) Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows Kernel - FlashWindowEx Memory Corruption (MS15-097) Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097) Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Microsoft Windows - Kernel NtGdiBitBlt Buffer Overflow (MS15-097) Microsoft Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097) MySQL / MariaDB - Geometry Query Denial Of Service MySQL / MariaDB - Geometry Query Denial of Service Apple Mac OSX - Kernel IOAccelMemoryInfoUserClient Use-After-Free Apple Mac OSX Kernel - IOAccelMemoryInfoUserClient Use-After-Free Microsoft Windows - Kernel 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows - Kernel 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows Kernel - 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows Kernel - 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Blue Coat ProxySG 5.x - and Security Gateway OS Denial Of Service Blue Coat ProxySG 5.x - and Security Gateway OS Denial of Service Microsoft Windows - Kernel Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115) Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115) Apple Mac OSX - Kernel no-more-senders Use-After-Free Apple Mac OSX Kernel - no-more-senders Use-After-Free Apple Mac OSX - Kernel IOAccelDisplayPipeUserClient2 Use-After-Free Apple Mac OSX Kernel - IOAccelDisplayPipeUserClient2 Use-After-Free TFTPD32 / Tftpd64 - Denial Of Service TFTPD32 / Tftpd64 - Denial of Service Apple Mac OSX / iOS - Kernel IOHDIXControllUserClient::clientClose Use-After-Free/Double-Free Apple Mac OSX / iOS - Kernel iokit Registry Iterator Manipulation Double-Free Apple Mac OSX / iOS Kernel - IOHDIXControllUserClient::clientClose Use-After-Free/Double-Free Apple Mac OSX / iOS Kernel - iokit Registry Iterator Manipulation Double-Free Apple Mac OSX - Kernel Hypervisor Driver Use-After-Free Apple Mac OSX Kernel - Hypervisor Driver Use-After-Free Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026) Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026) Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026) Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026) Apple Mac OSX - Kernel Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort Apple Mac OSX - Kernel AppleKeyStore Use-After-Free Apple Mac OSX - Kernel Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver Apple Mac OSX - Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver Apple Mac OSX Kernel - AppleKeyStore Use-After-Free Apple Mac OSX Kernel - Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver Apple Mac OSX Kernel - Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver Microsoft Windows - Kernel Bitmap Use-After-Free Microsoft Windows - Kernel NtGdiGetTextExtentExW Out-of-Bounds Memory Read Microsoft Windows Kernel - Bitmap Use-After-Free Microsoft Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read Microsoft Windows - Kernel DrawMenuBarTemp Wild-Write (MS16-039) Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039) Microsoft Windows - Kernel 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039) Microsoft Windows Kernel - 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039) Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX - Kernel Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX - Kernel Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in IOAudioEngine Apple Mac OSX - Kernel OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type Apple Mac OSX - Kernel Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 Apple Mac OSX / iOS - Kernel UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient Apple Mac OSX - Kernel Stack Buffer Overflow in GeForce GPU Driver Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in IOAudioEngine Apple Mac OSX Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow Microsoft Windows - Kernel 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074) Microsoft Windows Kernel - 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074) Apple OS X - Kernel IOBluetoothFamily.kext Use-After-Free Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free Linux Kernel 2.2.x / 2.4.x (Redhat) - 'ptrace/kmod' Privilege Escalation Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation XGalaga 2.0.34 - Local game Exploit (Red Hat 9.0) xtokkaetama 1.0b - Local Game Exploit (Red Hat 9.0) XGalaga 2.0.34 (RedHat 9.0) - Local Game Exploit xtokkaetama 1.0b (RedHat 9.0) - Local Game Exploit hztty 2.0 - Privilege Escalation (Red Hat 9.0) hztty 2.0 (RedHat 9.0) - Privilege Escalation Redhat 6.2 /sbin/restore - Exploit RedHat 6.2 /sbin/restore - Exploit Redhat 6.2 Restore and Dump - Local Exploit (Perl) RedHat 6.2 Restore and Dump - Local Exploit (Perl) Redhat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit dump 0.4b15 (Redhat 6.2) - Exploit RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit dump 0.4b15 (RedHat 6.2) - Exploit Red Hat 6.2 xsoldier 0.96 - Exploit xsoldier 0.96 (RedHat 6.2) - Exploit Redhat 6.1 man - Local Exploit (egid 15) RedHat 6.1 man - Local Exploit (egid 15) Microsoft Windows 2000 - Kernel APC Data-Free Local Escalation Exploit (MS05-055) Microsoft Windows 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055) Microsoft Windows - Kernel Privilege Escalation (MS06-049) Microsoft Windows Kernel - Privilege Escalation (MS06-049) Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Kernel Privilege Escalation Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Privilege Escalation Linux Kernel 2.x (Redhat) - 'sock_sendpage()' Ring0 Privilege Escalation (1) Linux Kernel 2.x (RedHat) - 'sock_sendpage()' Ring0 Privilege Escalation (1) (Linux Kernel 2.6.34-rc3) ReiserFS (Redhat / Ubuntu 9.10) - xattr Privilege Escalation (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - xattr Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (Redhat x86_64) - 'compat' Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86_64) - 'compat' Privilege Escalation Linux Kernel < 2.6.36-rc6 (Redhat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1) Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1) Immunix OS 6.2/7.0 / Redhat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow Microsoft Windows - Kernel Intel x64 SYSRET (PoC) Microsoft Windows Kernel - Intel x64 SYSRET (PoC) Linux Kernel 3.7.6 (Redhat x86/x64) - 'MSR' Driver Privilege Escalation Linux Kernel 3.7.6 (RedHat x86/x64) - 'MSR' Driver Privilege Escalation Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation Microsoft Windows XP/7 - Kernel 'win32k.sys' Keyboard Layout Privilege Escalation Microsoft Windows XP/7 Kernel - 'win32k.sys' Keyboard Layout Privilege Escalation Microsoft Windows - Kernel 'win32k.sys' Privilege Escalation (MS14-058) Microsoft Windows Kernel - 'win32k.sys' Privilege Escalation (MS14-058) Apple OS X/iOS - Kernel IOSurface Use-After-Free Apple OS X/iOS Kernel - IOSurface Use-After-Free Linux Kernel (Ubuntu / Fedora / Redhat) - 'Overlayfs' Privilege Escalation (Metasploit) Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Privilege Escalation (Metasploit) Ruby 1.8.6 - (Webrick Httpd 1.3.1) Directory Traversal Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal mg-soft net Inspector 6.5.0.828 - Multiple Vulnerabilities MG-SOFT Net Inspector 6.5.0.828 - Multiple Vulnerabilities ZYXEL ZyWALL Quagga/Zebra - (Default Password) Remote Root Exploit ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit Red Hat Linux 7.0 Apache - Remote 'Username' Enumeration RedHat Linux 7.0 Apache - Remote 'Username' Enumeration Red Hat Interchange 4.8.x - Arbitrary File Read RedHat Interchange 4.8.x - Arbitrary File Read Red Hat Apache 2.0.40 - Directory Index Default Configuration Error RedHat Apache 2.0.40 - Directory Index Default Configuration Error Foreman (Red Hat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit) Foreman (RedHat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit) Red Hat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities RedHat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities Red Hat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit) RedHat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit) Katello (Red Hat Satellite) - users/update_roles Missing Authorisation (Metasploit) Katello (RedHat Satellite) - users/update_roles Missing Authorisation (Metasploit) Red Hat Stronghold Web Server 2.3 - Cross-Site Scripting RedHat Stronghold Web Server 2.3 - Cross-Site Scripting Red Hat Piranha - Remote Security Bypass RedHat Piranha - Remote Security Bypass KISGB 5.1.1 - (Authenticate.php) Remote File Inclusion KISGB 5.1.1 - 'Authenticate.php' Remote File Inclusion Jshop Server 1.3 - (fieldValidation.php) Remote File Inclusion Jshop Server 1.3 - 'fieldValidation.php' Remote File Inclusion phpBP RC3 - (2.204) (SQL Injection / cmd) Remote Code Execution phpBP RC3 (2.204) - SQL Injection / Remote Code Execution eXV2 Module MyAnnonces - (lid) SQL Injection eXV2 Module eblog 1.2 - (blog_id) SQL Injection eXV2 Module Viso 2.0.4.3 - (kid) SQL Injection eXV2 Module WebChat 1.60 - (roomid) SQL Injection eXV2 Module MyAnnonces - 'lid' Parameter SQL Injection eXV2 Module eblog 1.2 - 'blog_id' Parameter SQL Injection eXV2 Module Viso 2.0.4.3 - 'kid' Parameter SQL Injection eXV2 Module WebChat 1.60 - 'roomid' Parameter SQL Injection Fuzzylime CMS 3.01 - (admindir) Remote File Inclusion Fuzzylime CMS 3.01 - 'admindir' Parameter Remote File Inclusion Exero CMS 1.0.1 - (theme) Multiple Local File Inclusion Exero CMS 1.0.1 - 'theme' Parameter Multiple Local File Inclusion Joomla! Component Acajoom (com_acajoom) - SQL Injection Joomla! Component Acajoom 1.1.5 - SQL Injection ASPapp Knowledge Base - 'links.asp CatId' SQL Injection Joomla! Component joovideo 1.2.2 - 'id' SQL Injection Joomla! Component Alberghi 2.1.3 - 'id' SQL Injection Mambo Component 'com_accombo' 1.x - 'id' SQL Injection Joomla! Component Restaurante 1.0 - 'id' SQL Injection PEEL CMS - Admin Hash Extraction / Arbitrary File Upload RunCMS Module section - (artid) SQL Injection ASPapp Knowledge Base - SQL Injection ASPapp Knowledge Base - 'CatId' Parameter SQL Injection Joomla! Component joovideo 1.2.2 - 'id' Parameter SQL Injection Joomla! Component Alberghi 2.1.3 - 'id' Parameter SQL Injection Mambo Component Accombo 1.x - 'id' Parameter SQL Injection Joomla! Component Restaurante 1.0 - 'id' Parameter SQL Injection PEEL CMS 3.x - Admin Hash Extraction / Arbitrary File Upload RunCMS Module section - 'artid' Parameter SQL Injection ASPapp Knowledge Base - SQL Injection RunCMS Module Photo 3.02 - 'cid' SQL Injection D.E. Classifieds - 'cat_id' SQL Injection RunCMS Module Photo 3.02 - 'cid' Parameter SQL Injection D.E. Classifieds - 'cat_id' Parameter SQL Injection PHP-Nuke Platinum 7.6.b.5 - (dynamic_titles.php) SQL Injection PHP-Nuke Platinum 7.6.b.5 - 'dynamic_titles.php' SQL Injection Joomla! Component rekry 1.0.0 - (op_id) SQL Injection destar 0.2.2-5 - Arbitrary Add New User Exploit Joomla! Component rekry 1.0.0 - 'op_id' Parameter SQL Injection Destar 0.2.2-5 - Arbitrary Add New User Exploit destar 0.2.2-5 - Arbitrary Add Admin Destar 0.2.2-5 - Arbitrary Add Admin BolinOS 4.6.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Security Vulnerabilities Joomla! Component Alphacontent 2.5.8 - 'id' SQL Injection BolinOS 4.6.1 - Local File Inclusion / Cross-Site Scripting Joomla! Component Alphacontent 2.5.8 - 'id' Parameter SQL Injection TopperMod 1.0 - (mod.php) Local File Inclusion TopperMod 1.0 - 'mod.php' Local File Inclusion Joomla! Component MyAlbum 1.0 - (album) SQL Injection Joomla! Component MyAlbum 1.0 - 'album' Parameter SQL Injection Smoothflash - 'admin_view_image.php cid' SQL Injection Smoothflash - 'cid' Parameter SQL Injection JShop 1.x < 2.x - (page.php xPage) Local File Inclusion WordPress Plugin Download - (dl_id) SQL Injection PHPSpamManager 0.53b - (body.php) Remote File Disclosure Woltlab Burning Board Addon JGS-Treffen - SQL Injection Neat weblog 0.2 - 'articleId' SQL Injection EasyNews 40tr - (SQL Injection / Cross-Site Scripting / Local File Inclusion) SQL Injection FaScript FaPhoto 1.0 - (show.php id) SQL Injection Mambo Component 'com_ahsshop' 1.51 - 'vara' Parameter SQL Injection eggBlog 4.0 - Password Retrieve SQL Injection Joomla! Component actualite 1.0 - 'id' SQL Injection JShop 1.x < 2.x - 'xPage' Parameter Local File Inclusion WordPress Plugin Download - 'dl_id' Parameter SQL Injection PHPSpamManager 0.53b - 'body.php' Remote File Disclosure Woltlab Burning Board Addon JGS-Treffen 2.0.2 - SQL Injection Neat weblog 0.2 - 'articleId' Parameter SQL Injection EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion FaScript FaPhoto 1.0 - 'show.php' SQL Injection Mambo Component Ahsshop 1.51 - 'vara' Parameter SQL Injection eggBlog 4.0 - SQL Injection Joomla! Component actualite 1.0 - 'id' Parameter SQL Injection PHPAddressBook 2.11 - (view.php id) SQL Injection PHPAddressBook 2.11 - 'view.php' SQL Injection Joomla! Component com_alphacontent - Blind SQL Injection Joomla! Component Alphacontent 2.5.8 - Blind SQL Injection Joomla! Component 'com_eventbooking' 2.10.1 - SQL Injection Joomla! Component Event Booking 2.10.1 - SQL Injection Nuked-klaN 1.3 - Multiple Cross-Site Scripting Vulnerabilities JShop E-Commerce Suite - xSearch Cross-Site Scripting JShop E-Commerce Suite 3.0 - 'page.php' Cross-Site Scripting JShop E-Commerce Suite 1.2 - product.php Cross-Site Scripting Nuked-klaN 1.7 Sections Module - artid Parameter SQL Injection Nuked-klaN 1.7 Sections Module - 'artid' Parameter SQL Injection Nuked-klaN 1.7 Download Module - dl_id Parameter SQL Injection Nuked-klaN 1.7 Links Module - link_id Parameter SQL Injection Nuked-klaN 1.7 Download Module - 'dl_id' Parameter SQL Injection Nuked-klaN 1.7 Links Module - 'link_id' Parameter SQL Injection Nuked-klaN 1.7 - 'index.php' Cross-Site Scripting Foreman (Red Hat OpenStack/Satellite) - users/create Mass Assignment (Metasploit) Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit) Eggblog 3.1 - admin/articles.php edit Parameter Cross-Site Scripting Eggblog 3.1 - admin/comments.php edit Parameter Cross-Site Scripting Eggblog 3.1 - admin/users.php add Parameter Cross-Site Scripting Eggblog 3.1 - rss.php Cross-Site Scripting Nuked-klaN 1.7.5 - File Parameter News Module Cross-Site Scripting Cuteflow Bin 1.5 - pages/showtemplates.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/editmailinglist_step1.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/showcirculation.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/edittemplate_step2.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/showfields.php language Parameter Cross-Site Scripting Cuteflow Bin 1.5 - pages/showuser.php language Parameter Cross-Site Scripting CS-Cart 4.3.10 - XML External Entity Injection CoronaMatrix phpAddressBook 2.0 - 'Username' Cross-Site Scripting Cisco BBSM Captive Portal 5.3 - 'AccesCodeStart.asp' Cross-Site Scripting Cacti 0.8.7 (Red Hat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting Cacti 0.8.7 (RedHat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload Mambo Component 'com_ahsshop' - SQL Injection Mambo Component Ahsshop - SQL Injection Wordpress Plugin Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting Joomla 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation WordPress Plugin XCloner 3.1.5 - Multiple Vulnerabilities	2016-11-17 05:01:21 +00:00
Offensive Security	3c006aac19	DB: 2016-11-13	2016-11-13 05:01:17 +00:00
Offensive Security	d97b4f7c48	DB: 2016-10-28	2016-10-28 11:54:09 +00:00
Offensive Security	da85686a94	DB: 2016-10-28 6 new exploits Real Server < 8.0.2 - Remote Exploit (Windows Platforms) RealServer < 8.0.2 - Remote Exploit (Windows Platforms) OpenSSH/PAM 3.6.1p1 - Remote Users Ident (gossh.sh) OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident CdRecord 2.0 - Mandrake Privilege Escalation CDRTools CDRecord 2.0 - Mandrake Privilege Escalation LeapFTP 2.7.x - Remote Buffer Overflow LeapWare LeapFTP 2.7.x - Remote Buffer Overflow GNU Cfengine 2.-2.0.3 - Remote Stack Overflow GNU CFEngine 2.-2.0.3 - Remote Stack Overflow IA WebMail 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit Xsok 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit Serv-U FTPD 3.x/4.x - 'SITE CHMOD' Command Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow PSOProxy 0.91 - Remote Buffer Overflow (Windows 2000/XP) IPSwitch IMail LDAP Daemon - Remote Buffer Overflow Serv-U FTPD 3.x/4.x/5.x - (MDTM) Remote Overflow Proxy-Pro Professional GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow PSOProxy 0.91 (Windows 2000/XP) - Remote Buffer Overflow IPSwitch IMail LDAP Daemon/Service - Buffer Overflow RhinoSoft Serv-U FTPd Server 3.x/4.x/5.x - (MDTM) Remote Overflow Traceroute - Privilege Escalation LBL Traceroute - Privilege Escalation Perl (Redhat 6.2) - Restore and Dump Local Exploit Redhat 6.2 Restore and Dump - Local Exploit (Perl) HP-UX 11.00/10.20 - crontab Overwrite Files Exploit Solaris/SPARC 2.7 / 7 - locale Format String HP-UX 11.00/10.20 crontab - Overwrite Files Exploit Solaris/SPARC 2.7 / 7 locale - Format String Solaris - locale Format Strings (noexec stack) Exploit Solaris locale - Format Strings (noexec stack) Exploit glibc - locale bug mount Exploit GLIBC locale - bug mount Exploit Red Hat 6.2 xsoldier-0.96 - Exploit Red Hat 6.2 xsoldier 0.96 - Exploit OpenBSD 2.6 / 2.7 ftpd - Remote Exploit OpenBSD ftpd 2.6 / 2.7 - Remote Exploit GLIBC - Locale Format Strings Exploit GLIBC locale - Format Strings Exploit IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) - /usr/lib/print/netprint Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - /usr/lib/print/netprint Local Exploit SquirrelMail - chpasswd Buffer Overflow SquirrelMail - 'chpasswd' Buffer Overflow rlpr 2.04 - msg() Remote Format String Rlpr 2.04 - msg() Remote Format String Solaris 2.5.0/2.5.1 ps & chkey - Data Buffer Exploit Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer Exploit IRIX - Multiple Buffer Overflows (LsD) SGI IRIX - Multiple Buffer Overflows (LsD) IRIX - /bin/login Local Buffer Overflow SGI IRIX - /bin/login Local Buffer Overflow Solaris 2.4 - passwd & yppasswd & nispasswd Overflows Solaris 2.4 passwd / yppasswd / nispasswd - Overflows BlackJumboDog - Remote Buffer Overflow BlackJumboDog FTP Server - Remote Buffer Overflow Ollydbg 1.10 - Format String OllyDbg 1.10 - Format String SquirrelMail - (chpasswd) Privilege Escalation (Brute Force Exploit) SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit) CDRecord - '$RSH' exec() SUID Shell Creation CDRecord's ReadCD - '$RSH' exec() SUID Shell Creation MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow Alt-N MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow HP-UX 11.0/11.11 swxxx - Privilege Escalation HP-UX 11.0/11.11 - swxxx Privilege Escalation Zinf 2.2.1 - Local Buffer Overflow Zinf Audio Player 2.2.1 - Local Buffer Overflow ShixxNote 6.net - Remote Buffer Overflow ShixxNOTE 6.net - Remote Buffer Overflow MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow MailCarrier 2.51 - Remote Buffer Overflow SLMail 5.5 - POP3 PASS Buffer Overflow TABS MailCarrier 2.51 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow eZshopper - 'loadpage.cgi' Directory Traversal Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (1) Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1) Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (2) Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2) Microsoft Internet Explorer - '.ANI' files handling Universal Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Universal Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' files handling Downloader Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Downloader Exploit (MS05-002) Savant Web Server 3.1 - Remote Buffer Overflow (French Windows OS support) Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow Serv-U FTP Server 4.x - 'site chmod' Remote Buffer Overflow RhinoSoft Serv-U FTPd Server 4.x - 'site chmod' Remote Buffer Overflow Knet 1.04c - Buffer Overflow Denial of Service KNet Web Server 1.04c - Buffer Overflow Denial of Service Einstein 1.01 - Local Password Disclosure (asm) Einstein 1.01 - Local Password Disclosure (ASM) RealPlayer 10 - '.smil' Local Buffer Overflow RealNetworks RealPlayer 10 - '.smil' Local Buffer Overflow phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial 2) phpBB 2.0.12 - Session Handling Authentication Bypass UBB Threads < 6.5.2 Beta - (mailthread.php) SQL Injection UBBCentral UBB.Threads < 6.5.2 Beta - (mailthread.php) SQL Injection XML-RPC Library 1.3.0 - (xmlrpc.php) Remote Code Injection XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection xmlrpc.php Library 1.3.0 - Remote Command Execution (2) xmlrpc.php Library 1.3.0 - Remote Command Execution (3) XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2) XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3) wMailServer 1.0 - Remote Denial of Service SoftiaCom wMailServer 1.0 - Remote Denial of Service ZENworks 6.5 Desktop/Server Management - Remote Stack Overflow (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) BusinessMail 4.60.00 - Remote Buffer Overflow BusinessMail Server 4.60.00 - Remote Buffer Overflow WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit) Alt-N WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit) Wireless Tools 26 - (iwconfig) Privilege Escalation (some setuid) Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid) Mercury Mail 4.01a (Pegasus) - IMAP Buffer Overflow Mercury/32 Mail Server 4.01a (Pegasus) - IMAP Buffer Overflow CA iGateway - (debug mode) Remote Buffer Overflow CA iTechnology iGateway - (debug mode) Remote Buffer Overflow Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit) KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit) Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp) KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp) Zorum Forum 3.5 - (rollid) SQL Injection Zorum Forum 3.5 - 'rollid' SQL Injection SaphpLesson 2.0 - (forumid) SQL Injection saPHP Lesson 2.0 - (forumid) SQL Injection zawhttpd 0.8.23 - (GET) Remote Buffer Overflow Denial of Service zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service Zix Forum 1.12 - (layid) SQL Injection Zix Forum 1.12 - 'layid' SQL Injection QBik Wingate 6.1.1.1077 - (POST) Remote Buffer Overflow QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow INDEXU 5.0.1 - (admin_template_path) Remote File Inclusion Indexu 5.0.1 - (admin_template_path) Remote File Inclusion SmartSiteCMS 1.0 - (root) Multiple Remote File Inclusion SmartSite CMS 1.0 - (root) Multiple Remote File Inclusion Solaris 10 - sysinfo() Local Kernel Memory Disclosure Solaris 10 sysinfo() - Local Kernel Memory Disclosure SAPID CMS 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion SAPID 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion ZZ:FlashChat 3.1 - (adminlog) Remote File Inclusion ZZ:FlashChat 3.1 - 'adminlog' Remote File Inclusion WFTPD 3.23 - (SIZE) Remote Buffer Overflow Texas Imperial Software WFTPD 3.23 - (SIZE) Remote Buffer Overflow Apache < 1.3.37 / 2.0.59 / 2.2.3 - (mod_rewrite) Remote Overflow (PoC) Apache (mod_rewrite) < 1.3.37 / 2.0.59 / 2.2.3 - Remote Overflow (PoC) Tr Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit X11R6 <= 6.4 XKEYBOARD (solaris/x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco/x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion Telekorn Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion ZoomStats 1.0.2 - (mysql.php) Remote File Inclusion ZoomStats 1.0.2 - 'mysql.php' Remote File Inclusion Microsoft Internet Explorer (VML) - Remote Buffer Overflow (SP2) (Perl) Microsoft Internet Explorer - (VML) Remote Buffer Overflow (SP2) (Perl) PHPMyWebmin 1.0 - (window.php) Remote File Inclusion phpMyWebmin 1.0 - (window.php) Remote File Inclusion VideoDB 2.2.1 - (pdf.php) Remote File Inclusion VideoDB 2.2.1 - 'pdf.php' Remote File Inclusion Microsoft Office 2003 - PPT Local Buffer Overflow (PoC) Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC) Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 (libnspr) - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 libnspr - Constructor Privilege Escalation Solaris 10 (libnspr) - Constructor Privilege Escalation Microsoft Windows NAT Helper Components - 'ipnathlp.dll' Remote Denial of Service Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service 3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow (PoC) 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow (PoC) 3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit BlazeVideo HDTV Player 2.1 - Malformed PLF Buffer Overflow (PoC) BlazeVideo HDTV Player 2.1 - Malformed '.PLF' Buffer Overflow (PoC) AT-TFTP 1.9 - (Long Filename) Remote Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - (Long Filename) Remote Buffer Overflow DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow KDE 3.5 - (libkhtml) 4.2.0 / Unhandled HTML Parse Exception Exploit KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception Exploit Irokez CMS 0.7.1 - Multiple Remote File Inclusion Irokez Blog 0.7.1 - Multiple Remote File Inclusion PHP-update 2.7 - Multiple Vulnerabilities PHP-Update 2.7 - Multiple Vulnerabilities Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) TFTPDWIN 0.4.2 - Remote Buffer Overflow ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow 3Com TFTP Service 2.0.1 - Remote Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) 2.0.1 - Remote Buffer Overflow (Metasploit) FdScript 1.3.2 - 'download.php' Remote File Disclosure FD Script 1.3.2 - 'download.php' Remote File Disclosure Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit) Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit) SunOS 5.10/5.11 - in.TelnetD Remote Authentication Bypass SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass ZebraFeeds 1.0 - (zf_path) Remote File Inclusion ZebraFeeds 1.0 - 'zf_path' Remote File Inclusion MailEnable Enterprise 2.32 < 2.34 - Remote Buffer Overflow MailEnable Professional 2.35 - Remote Buffer Overflow MailEnable IMAPD Enterprise 2.32 < 2.34 - Remote Buffer Overflow MailEnable IMAPD Professional 2.35 - Remote Buffer Overflow Ipswitch WS_FTP 5.05 - (XMD5) Remote Buffer Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - (XMD5) Remote Buffer Overflow (Metasploit) Oracle 10g KUPW$WORKER.MAIN - SQL Injection (2) Oracle 10g - KUPW$WORKER.MAIN SQL Injection (2) 3Com TFTP Service 2.0.1 - (Long Transporting Mode) Exploit (Perl) madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow 3Com TFTP Service (3CTftpSvc) 2.0.1 - (Long Transporting Mode) Exploit (Perl) Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow TFTPDWIN Server 0.4.2 - (UDP) Denial of Service ProSysInfo TFTP Server TFTPDWIN 0.4.2 - (UDP) Denial of Service NetVios Portal - 'page.asp' SQL Injection NetVIOS Portal - 'page.asp' SQL Injection Mercury Mail 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow Mercury/32 Mail Server 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow Apache Mod_Rewrite (Windows x86) - Off-by-One Remote Overflow Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow Microsoft Windows GDI - Privilege Escalation (MS07-017) (1) Microsoft Windows - GDI Privilege Escalation (MS07-017) (1) qdblog 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Microsoft Windows GDI - Privilege Escalation (MS07-017) (2) Microsoft Windows - GDI Privilege Escalation (MS07-017) (2) Zomplog 3.8 - (force_download.php) Remote File Disclosure Zomplog 3.8 - 'force_download.php' Remote File Disclosure Versalsoft HTTP File Upload - ActiveX 6.36 (AddFile) Remote Denial of Service Versalsoft HTTP File Uploader - ActiveX 6.36 (AddFile) Remote Denial of Service Gimp 2.2.14 (Win x86) - '.ras' Download/Execute Buffer Overflow GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (PoC) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (PoC) Apache 2.0.58 Mod_Rewrite - Remote Overflow (Windows 2003) Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (1) UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (2) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (1) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (2) Microsoft Windows GDI+ - ICO File Remote Denial of Service Microsoft Windows - GDI+ '.ICO' File Remote Denial of Service Safari 3 for Windows Beta - Remote Command Execution (PoC) Apple Safari 3 for Windows Beta - Remote Command Execution (PoC) YourFreeScreamer 1.0 - (serverPath) Remote File Inclusion YourFreeScreamer 1.0 - 'serverPath' Remote File Inclusion BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow PHPEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection phpEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection Oracle 9i/10g Evil Views - Change Passwords Exploit Oracle 9i/10g - Evil Views Change Passwords Exploit Savant 3.1 - GET Request Remote Overflow (Universal) Savant Web Server 3.1 - GET Request Remote Overflow (Universal) Easy Chat Server 2.2 - Remote Denial of Service EFS Easy Chat Server 2.2 - Remote Denial of Service Mercury SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 3.32-4.51 - SMTP Unauthenticated EIP Overwrite Mercury/32 Mail Server 3.32<4.51 - SMTP Unauthenticated EIP Overwrite Thomson SIP phone ST 2030 - Remote Denial of Service Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service MSN messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft MSN Messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft Visual Basic Enterprise Edition 6.0 SP6 - Code Execution Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution AskJeeves Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow Ask.com/AskJeeves Toolbar Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow MDPro 1.0.76 - SQL Injection MD-Pro 1.0.76 - SQL Injection ZZ FlashChat 3.1 - (help.php) Local File Inclusion ZZ FlashChat 3.1 - 'help.php' Local File Inclusion PHP-AGTC membership system 1.1a - Remote Add Admin PHP-AGTC Membership System 1.1a - Remote Add Admin Quick and Dirty Blog 0.4 - (categories.php) Local File Inclusion Quick and Dirty Blog (qdblog) 0.4 - (categories.php) Local File Inclusion badblue 2.72b - Multiple Vulnerabilities BadBlue 2.72b - Multiple Vulnerabilities SquirrelMail G/PGP Plugin - deletekey() Command Injection SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection hp software update client 3.0.8.4 - Multiple Vulnerabilities HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities Microsoft Visual InterDev 6.0-SP6 - '.sln' Local Buffer Overflow Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow QuickTime Player 7.3.1.70 - RTSP Remote Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC) Gradman 0.1.3 - (agregar_info.php) Local File Inclusion Gradman 0.1.3 - 'agregar_info.php' Local File Inclusion mybulletinboard (MyBB) 1.2.10 - Multiple Vulnerabilities MyBulletinBoard (MyBB) 1.2.10 - Multiple Vulnerabilities Mini File Host 1.2 - (upload.php language) Local File Inclusion Crystal Reports XI Release 2 - (Enterprise Tree Control) ActiveX Buffer Overflow/Denial of Service Mini File Host 1.2 - 'language' Parameter Local File Inclusion Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow/Denial of Service Gradman 0.1.3 - (info.php tabla) Local File Inclusion Small Axe 0.3.1 - (linkbar.php cfile) Remote File Inclusion Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.dsr' File Handling Buffer Overflow Gradman 0.1.3 - 'info.php' Local File Inclusion Small Axe 0.3.1 - 'cfile' Parameter Remote File Inclusion Microsoft Visual Basic Enterprise 6 SP6 - '.dsr' File Handling Buffer Overflow Mini File Host 1.2.1 - (upload.php language) Local File Inclusion Mini File Host 1.2.1 - 'language' Parameter Local File Inclusion Frimousse 0.0.2 - explorerdir.php Local Directory Traversal 360 Web Manager 3.0 - (IDFM) SQL Injection bloofox 0.3 - (SQL Injection / File Disclosure) Multiple Vulnerabilities Frimousse 0.0.2 - 'explorerdir.php' Local Directory Traversal 360 Web Manager 3.0 - 'IDFM' Parameter SQL Injection bloofox 0.3 - SQL Injection / File Disclosure Mooseguy Blog System 1.0 - (blog.php month) SQL Injection Mooseguy Blog System 1.0 - 'month' Parameter SQL Injection IDM-OS 1.0 - (download.php Filename) File Disclosure IDM-OS 1.0 - 'Filename' Parameter File Disclosure MoinMoin 1.5.x - MOIND_ID cookie Bug Remote Exploit aflog 1.01 - comments.php Cross-Site Scripting / SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote Exploit aflog 1.01 - Cross-Site Scripting / SQL Injection Easysitenetwork Recipe - 'categoryId' SQL Injection Coppermine Photo Gallery 1.4.14 - SQL Injection Easysitenetwork Recipe - 'categoryId' Parameter SQL Injection Coppermine Photo Gallery 1.4.10 - SQL Injection web wiz rich text editor 4.0 - Multiple Vulnerabilities Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities Seagull 0.6.3 - (optimizer.php files) Remote File Disclosure Seagull 0.6.3 - 'optimizer.php' Remote File Disclosure Joomla! Component Marketplace 1.1.1 - SQL Injection Joomla! Component com_Marketplace 1.1.1 - SQL Injection ASPapp - 'links.asp CatId' SQL Injection ASPapp Knowledge Base - 'links.asp CatId' SQL Injection ZYXEL ZyWALL Quagga/Zebra - (default pass) Remote Root Exploit ZYXEL ZyWALL Quagga/Zebra - (Default Password) Remote Root Exploit Quick TFTP Pro 2.1 - Remote SEH Overflow Quick TFTP Server Pro 2.1 - Remote SEH Overflow Microsoft Office XP SP3 - PPT File Buffer Overflow (MS08-016) Microsoft Office XP SP3 - '.PPT' File Buffer Overflow (MS08-016) HP OpenView NNM 7.5.1 - OVAS.exe SEH Unauthenticated Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow Microsoft Visual InterDev 6.0 - (SP6) SLN File Local Buffer Overflow (PoC) Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC) Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.DSR' File Local Buffer Overflow Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow hp openview nnm 7.53 - Multiple Vulnerabilities HP OpenView Network Node Manager (OV NNM) 7.53 - Multiple Vulnerabilities PHPKB 1.5 Knowledge Base - 'ID' SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection Microsoft Windows GDI - Image Parsing Stack Overflow (MS08-021) Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021) HP OpenView NNM 7.5.1 - ovalarmsrv.exe Remote Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ZeusCart 2.0 - (category_list.php) SQL Injection ZeusCart 2.0 - 'category_list.php' SQL Injection Zomplog 3.8.2 - (newuser.php) Arbitrary Add Admin Zomplog 3.8.2 - 'newuser.php' Arbitrary Add Admin Zomplog 3.8.2 - (force_download.php) File Disclosure Zomplog 3.8.2 - 'force_download.php' File Disclosure PHP AGTC-Membership System 1.1a - Arbitrary Add Admin PHP-AGTC Membership System 1.1a - Arbitrary Add Admin PHP Booking Calendar 10 d - SQL Injection phpBookingCalendar 10 d - SQL Injection SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC) Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC) Yuhhu 2008 SuperStar - (board) SQL Injection Yuhhu 2008 SuperStar - 'board' SQL Injection gravity board x 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities gl-sh deaf forum 6.5.5 - Multiple Vulnerabilities GL-SH Deaf Forum 6.5.5 - Multiple Vulnerabilities Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow trixbox - (langChoice) Local File Inclusion (connect-back) (2) Trixbox - (langChoice) Local File Inclusion (connect-back) (2) Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow Artic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Ppim 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities pPIM 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities Cisco WebEx Meeting Manager - 'atucfobj.dll' ActiveX Remote Buffer Overflow Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX Remote Buffer Overflow Ppim 1.0 - (upload/change Password) Multiple Vulnerabilities pPIM 1.0 - (upload/change Password) Multiple Vulnerabilities z-breaknews 2.0 - (single.php) SQL Injection z-breaknews 2.0 - 'single.php' SQL Injection Ultra Office - ActiveX Control Remote Buffer Overflow Ultra Shareware Office Control - ActiveX Control Remote Buffer Overflow Micrsoft Windows GDI - (CreateDIBPatternBrushPt) Heap Overflow (PoC) Microsoft Windows - GDI (CreateDIBPatternBrushPt) Heap Overflow (PoC) phpvid 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - (page) SQL Injection phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection Microsoft Windows Media Encoder XP SP2 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) Microsoft Windows Media Encoder (Windows XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash Apple QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash Microsoft Windows GDI+ - '.ico' Remote Division By Zero Exploit Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit Microsoft Windows GDI - (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) opennms < 1.5.96 - Multiple Vulnerabilities OpenNMS < 1.5.96 - Multiple Vulnerabilities yerba sacphp 6.3 - Multiple Vulnerabilities Yerba SACphp 6.3 - Multiple Vulnerabilities Microsoft Windows GDI+ - PoC (MS08-052) (2) Microsoft Windows - GDI+ PoC (MS08-052) (2) zeeproperty - (adid) SQL Injection zeeproperty - 'adid' SQL Injection TUGzip 3.00 archiver - '.zip' Local Buffer Overflow TugZip 3.00 Archiver - '.zip' Local Buffer Overflow AJ ARTICLE - 'featured_article.php mode' SQL Injection AJ Article - 'featured_article.php mode' SQL Injection Article Publisher PRO 1.5 - Insecure Cookie Handling Graugon PHP Article Publisher Pro 1.5 - Insecure Cookie Handling YourFreeWorld Classifieds - (category) SQL Injection YourFreeWorld Classifieds - 'category' SQL Injection PG Roomate Finder Solution - (Authentication Bypass) SQL Injection Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) Apple iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) asp AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection phpmygallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Hex Workshop 6.0 - (ColorMap files .cmap) Invalid Memory Reference (PoC) Hex Workshop 6.0 - '.cmap' Invalid Memory Reference (PoC) ProFTPd with mod_mysql - Authentication Bypass ProFTPd - 'mod_mysql' Authentication Bypass ppim 1.0 - Multiple Vulnerabilities pPIM 1.0 - Multiple Vulnerabilities Orbit 2.8.4 - Long Hostname Remote Buffer Overflow Orbit Downloader 2.8.4 - Long Hostname Remote Buffer Overflow Merak Media PLayer 3.2 - '.m3u' File Local Buffer Overflow (SEH) Merak Media Player 3.2 - '.m3u' File Local Buffer Overflow (SEH) Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Files Local Heap Overflow (PoC) Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Local Heap Overflow (PoC) bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Racer 0.5.3b5 - Remote Stack Buffer Overflow Racer 0.5.3 Beta 5 - Remote Stack Buffer Overflow Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash Apple Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash Gravity Board X 2.0b - SQL Injection / Authenticated Code Execution Gravity Board X 2.0 Beta - SQL Injection / Authenticated Code Execution Online Guestbook Pro - (display) Blind SQL Injection Esoftpro Online Guestbook Pro - (display) Blind SQL Injection tematres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ZaoCMS - (user_id) SQL Injection ZaoCMS - 'user_id' SQL Injection Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC) Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC) ZeeCareers 2.0 - (addAdminmembercode.php) Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection Impact Software AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection WebBoard 2.90 Beta - Remote File Disclosure 212Cafe WebBoard 2.90 Beta - Remote File Disclosure ZeusCart 2.3 - (maincatid) SQL Injection ZeusCart 2.3 - 'maincatid' SQL Injection DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection Worldweaver DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) OtsAv DJ/TV/Radio - Multiple Local Heap Overflow PoCs otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs Microsoft Office Web Components (Spreadsheet) - ActiveX Buffer Overflow (PoC) Microsoft Office Web Components (OWC) Spreadsheet - ActiveX Buffer Overflow (PoC) DD-WRT - (httpd service) Remote Command Execution DD-WRT HTTPd Daemon/Service - Remote Command Execution GLinks 2.1 - (cat) Blind SQL Injection Groone's GLink ORGanizer 2.1 - (cat) Blind SQL Injection XOOPS celepar module qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Amaya 11.2 W3C Editor/Browser - (defer) Remote Buffer Overflow (SEH) Amaya 11.2 - W3C Editor/Browser (defer) Remote Buffer Overflow (SEH) Payment Processor Script - 'shop.htm cid' SQL Injection Payment Processor Script (PPScript) - 'shop.htm cid' SQL Injection Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) Apple Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) BandCMS 0.10 - news.php Multiple SQL Injection Rock Band CMS 0.10 - news.php Multiple SQL Injection Microsoft IIS 5.0 (Windows 2000 SP4) - FTP Server Remote Stack Overflow Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Eureka Mail Client 2.2q - PoC Buffer Overflow Eureka Email Client 2.2q - PoC Buffer Overflow Solaris 8.0 - LPD Command Execution (Metasploit) Solaris 8.0 LPD - Command Execution (Metasploit) Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit) Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) Apple Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit) Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) ntpd 4.0.99j-k readvar - Buffer Overflow (Metasploit) NTPd 4.0.99j-k readvar - Buffer Overflow (Metasploit) Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) PoPToP < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) BulletProof FTP 2.63 b56 - Client Malformed '.bps' File Stack Buffer Overflow BulletProof FTP Client 2.63 b56 - Malformed '.bps' File Stack Buffer Overflow Dopewars 1.5.12 Server - Denial of Service Dopewars Server 1.5.12 - Denial of Service Free Download Manager Torrent File Parsing - Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) HP LaserJet printers - Multiple Persistent Cross-Site Scripting Vulnerabilities HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Adobe Shockwave 11.5.1.601 Player - Multiple Code Execution Adobe Shockwave Player 11.5.1.601 - Multiple Code Execution HP Power Manager Administration - Universal Buffer Overflow Hewlett-Packard (HP) Power Manager Administration Power Manager Administration - Universal Buffer Overflow Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service HP Openview NNM 7.53 - Invalid DB Error Code HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code Quick.Cart 3.4 and Quick.CMS 2.4 - Cross-Site Request Forgery Quick.Cart 3.4 / Quick.CMS 2.4 - Cross-Site Request Forgery Eureka Mail Client - Remote Buffer Overflow Eureka Email Client - Remote Buffer Overflow IDEAL Administration 2009 9.7 - Local Buffer Overflow PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow phpshop 0.8.1 - Multiple Vulnerabilities phpShop 0.8.1 - Multiple Vulnerabilities IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) PointDev IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) HP NNM 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow DigitalHive - Multiple Vulnerabilities Digital Hive - Multiple Vulnerabilities zabbix server - Multiple Vulnerabilities Zabbix Server - Multiple Vulnerabilities freekot - (Authentication Bypass) SQL Injection Digiappz Freekot - (Authentication Bypass) SQL Injection TFTP Daemon 1.9 - Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Denial of Service B2B Trading Marketplace - SQL Injection SoftBiz B2B trading Marketplace Script - SQL Injection Mini-stream - Windows XP SP2 and SP3 Exploit Mini-stream Ripper (Windows XP SP2/SP3) - Exploit Audiotran 1.4.1 - (Win XP SP2/SP3 English) Buffer Overflow Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Buffer Overflow Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service Apple Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service iTunes 9.0.1 - '.pls' Handling Buffer Overflow Apple iTunes 9.0.1 - '.pls' Handling Buffer Overflow Apple Safari 4.0.4 & Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service/PoC Apple Safari 4.0.4 / Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service (PoC) Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service Apple Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service bild flirt system 2.0 - 'index.php' 'id' SQL Injection Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection SAFARI APPLE 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) iOS Safari - Bad 'VML' Remote Denial of Service iOS Safari - Remote Denial of Service Apple iOS Safari - Bad 'VML' Remote Denial of Service Apple iOS Safari - Remote Denial of Service HP OpenView NNM - OvWebHelp.exe CGI Topic Overflow HP OpenView Network Node Manager (OV NNM) - OvWebHelp.exe CGI Topic Overflow Adobe Reader - Escape From PDF Adobe Reader - Escape From '.PDF' TugZip 3.5 - '.ZIP' File Buffer Overflow TugZip 3.5 Archiver - '.ZIP' File Buffer Overflow Joomla! Component jp_jobs - SQL Injection Joomla! Component com_jp_jobs - SQL Injection Joomla! Component QPersonel - SQL Injection Joomla! Component com_QPersonel - SQL Injection Bild Flirt 1.0 - SQL Injection Bild Flirt System 1.0 - SQL Injection Safari 4.0.5 - (531.22.7) Denial of Service Apple Safari 4.0.5 - (531.22.7) Denial of Service Webkit (Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service Safari 4.0.3 / 4.0.4 - Stack Exhaustion Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion 724CMS Enterprise 4.59 - SQL Injection PHPKB Knowledge Base Software 2.0 - Multilanguage Support - Multiple SQL Injections 724CMS 4.59 Enterprise - SQL Injection PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections Joomla! Component JE Job - Local File Inclusion Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Joomla! Component com_jejob 1.0 - 'catid' SQL Injection Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection Savy Soda Documents - (Mobile Office Suite) XLS Denial of Service Office^2 iPhone - XLS Denial of Service GoodiWare GoodReader iPhone - XLS Denial of Service Savy Soda Documents - (Mobile Office Suite) '.XLS' Denial of Service Office^2 iPhone - '.XLS' Denial of Service GoodiWare GoodReader iPhone - '.XLS' Denial of Service Yamamah (news) - SQL Injection / Source Code Disclosure Yamamah - 'news' SQL Injection / Source Code Disclosure Unreal IRCD 3.2.8.1 - Remote Downloader/Execute Trojan UnrealIRCd 3.2.8.1 - Remote Downloader/Execute Trojan k-search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities YPNinc JokeScript - (ypncat_id) SQL Injection YPNinc JokeScript - 'ypncat_id' SQL Injection YPNinc PHP Realty Script - (docID) SQL Injection YPNinc PHP Realty Script - 'docID' SQL Injection HP OpenView NNM - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView NNM - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView NNM - getnnmdata.exe CGI Invalid Hostname Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution Apple Mac OSX (Snow Leopard) EvoCam Web Server - ROP Remote Exploit Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Exploit HP NNM 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) Safari Browser 4.0.2 - Clickjacking Apple Safari 4.0.2 - Clickjacking Barcodewiz 3.29 - Barcode ActiveX Control Remote Heap Spray Exploit (Internet Explorer 6/7' Barcodewiz Barcode ActiveX Control 3.29 - Remote Heap Spray Exploit (Internet Explorer 6/7) Apple iOS - pdf Jailbreak Exploit Apple iOS - '.pdf' Jailbreak Exploit HP OpenView NNM 7.53 OvJavaLocale - Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow Microsoft Power Point 2010 - 'pptimpconv.dll' DLL Hijacking Microsoft PowerPoint 2010 - 'pptimpconv.dll' DLL Hijacking Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking Apple Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking MediaPlayer Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking HP OpenView NNM - webappmon.exe execvp_nc Remote Code Execution HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution AdaptCMS 2.0.1 Beta Release - Remote File Inclusion (Metasploit) AdaptCMS 2.0.1 Beta - Remote File Inclusion (Metasploit) DATAC RealWin 2.0 (Build 6.1.8.10) - Buffer Overflow DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow FatPlayer 0.6b - '.wav' Buffer Overflow (SEH) Fat Player 0.6b - '.wav' Buffer Overflow (SEH) CubeCart 2.0.1 - SQL Injection Brooky CubeCart 2.0.1 - SQL Injection DATAC RealWin SCADA 1.06 - Buffer Overflow DATAC RealWin SCADA Server 1.06 - Buffer Overflow pilot cart 7.3 - Multiple Vulnerabilities ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities Mp3-Nator 2.0 - Buffer Overflow (SEH) MP3-Nator 2.0 - Buffer Overflow (SEH) Safari 5.02 - Stack Overflow Denial of Service Apple Safari 5.02 - Stack Overflow Denial of Service Microsoft Windows Task Scheduler - Privilege Escalation Microsoft Windows - Task Scheduler Privilege Escalation Pandora Fms 3.1 - Authentication Bypass Pandora FMS 3.1 - Authentication Bypass bugtracker.net 3.4.4 - Multiple Vulnerabilities BugTracker.NET 3.4.4 - Multiple Vulnerabilities Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow WMITools ActiveX - Remote Command Execution Microsoft WMITools ActiveX - Remote Command Execution VideoSpirit Pro 1.68 - Local Buffer Overflow VeryTools VideoSpirit Pro 1.68 - Local Buffer Overflow Apple Mac OSX iTunes 8.1.1 - ITms Overflow (Metasploit) Apple iTunes 8.1.1 (Mac OSX) - ITms Overflow (Metasploit) PeaZip 2.6.1 - Zip Processing Command Injection (Metasploit) PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit) Sun Java - System Web Server WebDAV OPTIONS Buffer Overflow (Metasploit) Sun Java Web Server - System WebDAV OPTIONS Buffer Overflow (Metasploit) Apache Tomcat Manager Application Deployer - Authenticated Code Execution (Metasploit) Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit) Solaris sadmind - Command Execution (Metasploit) Solaris Sadmind - Command Execution (Metasploit) Sun Solaris - Telnet Remote Authentication Bypass (Metasploit) Sun Solaris Telnet - Remote Authentication Bypass (Metasploit) Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit) Oracle 8i TNS Listener - 'ARGUMENTS' Buffer Overflow (Metasploit) Motorola Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit) Oracle 8i - TNS Listener 'ARGUMENTS' Buffer Overflow (Metasploit) TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3CTftpSvc TFTP - Long Mode Buffer Overflow (Metasploit) Quick FTP Pro 2.1 - Transfer-Mode Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - Long Mode Buffer Overflow (Metasploit) Quick TFTP Server Pro 2.1 - Transfer-Mode Overflow (Metasploit) Allied Telesyn TFTP Server 1.9 - Long Filename Overflow (Metasploit) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Long Filename Overflow (Metasploit) CA BrightStor - ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit) Eureka Email 2.2q - ERR Remote Buffer Overflow (Metasploit) (2) Eureka Email Client 2.2q - ERR Remote Buffer Overflow (Metasploit) (2) FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) Kerio Firewall 2.1.4 - Authentication Packet Overflow (Metasploit) Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Kerio Personal Firewall 2.1.4 - Authentication Packet Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Mercury/32 <= 4.01b - LOGIN Buffer Overflow (Metasploit) Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) MailEnable IMAPD (2.35) - Login Request Buffer Overflow (Metasploit) Mercur 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit) Mdaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit) Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) MailEnable IMAPD Professional (2.35) - Login Request Buffer Overflow (Metasploit) Mercur MailServer 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) IMail IMAP4D - Delete Overflow (Metasploit) IPSwitch IMail IMAP4D - Delete Overflow (Metasploit) Mercury/32 4.01a - IMAP RENAME Buffer Overflow (Metasploit) Mercury/32 Mail Server 4.01a - IMAP RENAME Buffer Overflow (Metasploit) Ipswitch IMail - IMAP SEARCH Buffer Overflow (Metasploit) Ipswitch IMail Server - IMAP SEARCH Buffer Overflow (Metasploit) AOL Instant Messenger - goaway Overflow (Metasploit) AOL Instant Messenger AIM - goaway Overflow (Metasploit) Microsoft OWC Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Zenturi ProgramChecker - ActiveX Control Arbitrary File Download (Metasploit) Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit) Tumbleweed FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) RKD Software 'BarCodeAx.dll' 4.9 - ActiveX Remote Stack Buffer Overflow (Metasploit) RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Stack Buffer Overflow (Metasploit) RealNetworks RealPlayer - SMIL Buffer Overflow (Metasploit) RealNetworks RealPlayer - '.SMIL' Buffer Overflow (Metasploit) Adobe Shockwave - rcsL Memory Corruption (Metasploit) Adobe Shockwave Player - rcsL Memory Corruption (Metasploit) Microsoft Internet Explorer - VML Fill Method Code Execution (Metasploit) Microsoft Internet Explorer - (VML) Fill Method Code Execution (Metasploit) WebEx UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) ACDSee - XPM File Section Buffer Overflow (Metasploit) ACDSee - '.XPM' File Section Buffer Overflow (Metasploit) HT-MP3Player 1.0 HT3 - File Parsing Buffer Overflow (Metasploit) HT-MP3Player 1.0 - '.HT3' File Parsing Buffer Overflow (Metasploit) Orbital Viewer - ORB File Parsing Buffer Overflow (Metasploit) Orbital Viewer - '.ORB' File Parsing Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - pls Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Qbik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit) QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit) Medal Of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit) Medal of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit) Cesar FTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) Serv-U FTPD - MDTM Overflow (Metasploit) RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - XMD5 Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - (XMD5) Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP - 'Username' Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit) FileCopa FTP Server pre 18 Jul Version - Exploit (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit) SentinelLM - UDP Buffer Overflow (Metasploit) Sentinel LM - UDP Buffer Overflow (Metasploit) Apache module Mod_Rewrite - LDAP protocol Buffer Overflow (Metasploit) Xitami 2.5c2 Web Server - If-Modified-Since Overflow (Metasploit) Apache (mod_rewrite) - LDAP protocol Buffer Overflow (Metasploit) Xitami Web Server 2.5c2 - If-Modified-Since Overflow (Metasploit) Sambar 6 - Search Results Buffer Overflow (Metasploit) Sambar Server 6 - Search Results Buffer Overflow (Metasploit) IA WebMail 3.x - Buffer Overflow (Metasploit) IA WebMail Server 3.x - Buffer Overflow (Metasploit) Savant 3.1 Web Server - Overflow Exploit (Metasploit) Savant Web Server 3.1 - Overflow Exploit (Metasploit) HP OpenView NNM 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) Hewlett-Packard Power Manager Administration - Buffer Overflow (Metasploit) Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit) Ipswitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) IPSwitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) PSO Proxy 0.91 - Stack Buffer Overflow (Metasploit) PSOProxy 0.91 - Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovalarm.exe CGI Buffer Overflow (Metasploit) Apache mod_jk 1.2.20 - Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit) Apache Tomcat mod_jk 1.2.20 - Buffer Overflow (Metasploit) NaviCOPA 2.0.1 - URL Handling Buffer Overflow (Metasploit) NaviCOPA Web Server 2.0.1 - URL Handling Buffer Overflow (Metasploit) MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) YPOPS 0.6 - Buffer Overflow (Metasploit) YahooPOPs (YPOPS) 0.6 - Buffer Overflow (Metasploit) Mercury Mail SMTP AUTH CRAM-MD5 - Buffer Overflow (Metasploit) Mercury/32 Mail SMTPD - AUTH CRAM-MD5 Buffer Overflow (Metasploit) IMail LDAP Service - Buffer Overflow (Metasploit) IPSwitch IMail LDAP Daemon/Service - Buffer Overflow (Metasploit) GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) Poptop - Negative Read Overflow (Metasploit) UoW IMAP server - LSUB Buffer Overflow (Metasploit) PoPToP - Negative Read Overflow (Metasploit) UoW IMAPd Server - LSUB Buffer Overflow (Metasploit) DD-WRT HTTP Daemon - Arbitrary Command Execution (Metasploit) DD-WRT HTTPd Daemon/Service - Arbitrary Command Execution (Metasploit) Samba (Linux/x86) - trans2open Overflow (Metasploit) iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) AppleFileServer - LoginExt PathName Overflow (Metasploit) Samba (Linux x86) - trans2open Overflow (Metasploit) Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) AppleFileServer (OSX) - LoginExt PathName Overflow (Metasploit) Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Safari - Archive Metadata Command Execution (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Apple Safari - Archive Metadata Command Execution (Metasploit) iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Mail.app - Image Attachment Command Execution (Metasploit) Apple Mail.app - Image Attachment Command Execution (Metasploit) Apple Mac OSX QuickTime - RTSP Content-Type Overflow (Metasploit) Apple Mac OSX EvoCam - HTTP GET Buffer Overflow (Metasploit) Apple QuickTime (Mac OSX) - RTSP Content-Type Overflow (Metasploit) Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit) Samba trans2open (BSD/x86) - Overflow Exploit (Metasploit) Samba (BSD x86) - trans2open Overflow Exploit (Metasploit) PHP XML-RPC - Arbitrary Code Execution (Metasploit) XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit) AWStats 6.4 < 6.5 migrate - Remote Command Execution (Metasploit) HP Openview - connectedNodes.ovpl Remote Command Execution (Metasploit) AWStats 6.4 < 6.5 - migrate Remote Command Execution (Metasploit) HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit) TWiki Search Function - Arbitrary Command Execution (Metasploit) TWiki - Search Function Arbitrary Command Execution (Metasploit) Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit) The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit) Novell iPrint Client ActiveX Control 5.52 - Buffer Overflow (Metasploit) Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit) Kolibri 2.0 - HTTP Server HEAD Buffer Overflow (Metasploit) Kolibri HTTP Server 2.0 - HEAD Buffer Overflow (Metasploit) 7-Technologies igss 9.00.00.11059 - Multiple Vulnerabilities 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities HP OpenView NNM - nnmRptConfig nameParams Buffer Overflow (Metasploit) HP NNM - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP NNM - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig nameParams Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP OpenView NNM - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) VeryTools Video Spirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) VeryTools VideoSpirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) eyeos 1.9.0.2 - Persistent Cross-Site Scripting using image files eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files Golden FTP 4.70 - PASS Stack Buffer Overflow (Metasploit) Golden FTP Server 4.70 - PASS Stack Buffer Overflow (Metasploit) manageengine support center plus 7.8 build 7801 - Directory Traversal ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal Safari 5.0.6/5.1 - SVG DOM Processing (PoC) Apple Safari 5.0.6/5.1 - SVG DOM Processing (PoC) Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass) Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass) TugZip 3.5 - '.ZIP' File Parsing Buffer Overflow (Metasploit) TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit) Sports PHool 1.0 - Remote File Inclusion SportsPHool 1.0 - Remote File Inclusion Mini-stream 3.0.1.1 - Buffer Overflow (3) Mini-stream Ripper 3.0.1.1 - Buffer Overflow (3) Log1CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Log1 CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Zabbix 1.8.4 - (popup.php) SQL Injection Zabbix 1.8.4 - 'popup.php' SQL Injection CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit '.m3u' (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow SEH Exploit (Metasploit) Serv-U FTP Server < 4.2 - Buffer Overflow (Metasploit) RhinoSoft Serv-U FTPd Server < 4.2 - Buffer Overflow (Metasploit) Family Connections - less.php Remote Command Execution (Metasploit) Family Connections CMS - 'less.php' Remote Command Execution (Metasploit) FCMS 2.7.2 CMS - Multiple Persistent Cross-Site Scripting Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting openemr 4 - Multiple Vulnerabilities Safari - GdiDrawStream BSoD OpenEMR 4 - Multiple Vulnerabilities Apple Safari - GdiDrawStream BSoD clip bucket 2.6 - Multiple Vulnerabilities Clipbucket 2.6 - Multiple Vulnerabilities Tube Ace(Adult PHP Tube Script) - SQL Injection Tube Ace (Adult PHP Tube Script) - SQL Injection Dolibarr CMS 3.2.0 < Alpha - File Inclusion Dolibarr 3.2.0 < Alpha - File Inclusion PBLang - Local File Inclusion PBLang Bulletin Board System - Local File Inclusion NetDecision 4.5.1 - HTTP Server Buffer Overflow (Metasploit) Netmechanica NetDecision HTTP Server 4.5.1 - Buffer Overflow (Metasploit) Ricoh DC Software DL-10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow Sitecom WLM-2501 new - Multiple Cross-Site Request Forgery Vulnerabilities Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities Ricoh DC DL-10 SR10 - FTP USER Command Buffer Overflow (Metasploit) Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit) TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam - ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow Quest InTrust Annotation Objects - Uninitialized Pointer (Metasploit) Quest InTrust - Annotation Objects Uninitialized Pointer (Metasploit) TFTP Server for Windows 1.4 - ST WRQ Buffer Overflow (Metasploit) TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit) samsung net-i ware 1.37 - Multiple Vulnerabilities Samsung NET-i ware 1.37 - Multiple Vulnerabilities iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) Apple iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) GIMP - script-fu Server Buffer Overflow (Metasploit) GIMP script-fu - Server Buffer Overflow (Metasploit) SugarCRM 6.3.1 - Unserialize() PHP Code Execution (Metasploit) SugarCRM CE 6.3.1 - Unserialize() PHP Code Execution (Metasploit) Openfire 3.6.0a - Admin Console Authentication Bypass (Metasploit) Openfire Server 3.6.0a - Admin Console Authentication Bypass (Metasploit) Tiki Wiki 8.3 - Unserialize() PHP Code Execution (Metasploit) Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution (Metasploit) Ipswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption Ipswitch IMail Server 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption UoW imapd 10.234/12.264 - Buffer Overflow UoW imapd 10.234/12.264 - LSUB Buffer Overflow (Metasploit) UoW imapd 10.234/12.264 - COPY Buffer Overflow (Metasploit) UoW IMAPd Server 10.234/12.264 - Buffer Overflow UoW IMAPd Server 10.234/12.264 - LSUB Buffer Overflow (Metasploit) UoW IMAPd Serve 10.234/12.264 - COPY Buffer Overflow (Metasploit) RedHat 6.2 - Piranha Virtual Server Package Default Account and Password RedHat 6.2 Piranha Virtual Server Package - Default Account and Password Microsoft Windows - Escalate Task Scheduler XML Privilege Escalation (Metasploit) Microsoft Windows - Task Scheduler XML Privilege Escalation (Metasploit) hp jetadmin 5.5.177/jetadmin 5.6 - Directory Traversal HP JetAdmin 5.5.177/jetadmin 5.6 - Directory Traversal Alienvault OSSIM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection RedHat 6 - glibc/locale Subsystem Format String Solaris 2.6/7.0 - /locale Subsystem Format String RedHat 6 GLIBC/locale - Subsystem Format String Solaris 2.6/7.0 /locale - Subsystem Format String Solaris 2.6/7.0 - 'eject' locale Subsystem Format String Solaris 2.6/7.0 'eject' locale - Subsystem Format String Microsoft IIS 4.0/5.0 and PWS Extended Unicode - Directory Traversal (5) Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (5) RedHat restore 0.4 b15 - Insecure Environment Variables RedHat 0.4 b15 restore - Insecure Environment Variables Viscosity OpenVPN Client (OSX) - Privilege Escalation Viscosity - Privilege Escalation Solaris 2.x/7.0/8 catman - Race Condition (1) Solaris 2.x/7.0/8 catman - Race Condition (2) Solaris 2.x/7.0/8 Catman - Race Condition (1) Solaris 2.x/7.0/8 Catman - Race Condition (2) sap NetWeaver dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities T-dah Webmail - Multiple Persistent Cross-Site Scripting T-dah Webmail Client - Multiple Persistent Cross-Site Scripting Ntpd - Remote Buffer Overflow NTPd - Remote Buffer Overflow Ipswitch WS_FTP 2.0 - Anonymous Multiple FTP Command Buffer Overflow Ipswitch WS_FTP Server 2.0 - Anonymous Multiple FTP Command Buffer Overflow Solaris 2.x/7.0/8 lpd - Remote Command Execution HP-UX 11.0 SWVerify - Buffer Overflow Solaris 2.x/7.0/8 LPD - Remote Command Execution HP-UX 11.0 - SWVerify Buffer Overflow phusion WebServer 1.0 - Directory Traversal (1) phusion WebServer 1.0 - Directory Traversal (2) Phusion WebServer 1.0 - Directory Traversal (1) Phusion WebServer 1.0 - Directory Traversal (2) Progress 9.1 - sqlcpp Local Buffer Overflow Progress Database 9.1 - sqlcpp Local Buffer Overflow PsyBNC 2.3 - Oversized Passwords Denial of Service psyBNC 2.3 - Oversized Passwords Denial of Service Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1) Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2) WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1) WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2) Midicart - PHP Arbitrary File Upload Midicart PHP - Arbitrary File Upload otrs 3.1 - Persistent Cross-Site Scripting OTRS 3.1 - Persistent Cross-Site Scripting EType EServ 2.9x POP3 - Remote Denial of Service EType EServ 2.9x - POP3 Remote Denial of Service Invision Power Board 3.3.4 - 'Unserialize()' PHP Code Execution Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution Invision Power Board 3.3.4 - Unserialize Regex Bypass Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass ttCMS 2.2 - / ttForum 1.1 news.php template Parameter Remote File Inclusion ttCMS 2.2 - / ttForum 1.1 install.php installdir Parameter Remote File Inclusion ttCMS 2.2 / ttForum 1.1 - news.php template Parameter Remote File Inclusion ttCMS 2.2 / ttForum 1.1 - install.php installdir Parameter Remote File Inclusion Invision IP.Board 3.3.4 - Unserialize() PHP Code Execution (Metasploit) Invision Power Board (IP.Board) 3.3.4 - Unserialize() PHP Code Execution (Metasploit) NFR Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit) Novell File Reporter (NFR) Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit) Kerio MailServer 5.6.3 - add_acl Module Overflow Kerio MailServer 5.6.3 add_acl Module - Overflow phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 - pagemaster Module PAGE_id Parameter Cross-Site Scripting phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module - PAGE_id Parameter Cross-Site Scripting IBM System Director - Remote System Level Exploit IBM System Director Agent - Remote System Level Exploit Tectia SSH - USERAUTH Change Request Password Reset (Metasploit) (SSH.com Communications) SSH Tectia - USERAUTH Change Request Password Reset (Metasploit) Oracle MySQL for Microsoft Windows - MOF Execution (Metasploit) Oracle MySQL (Windows) - MOF Execution (Metasploit) CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1) CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2) GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1) GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2) IWConfig - Local ARGV Command Line Buffer Overflow (1) IWConfig - Local ARGV Command Line Buffer Overflow (2) IWConfig - Local ARGV Command Line Buffer Overflow (3) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (1) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (2) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (3) Novell File Reporter Agent - XML Parsing Remote Code Execution Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (1) RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (2) RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (1) RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (2) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4) Alan Ward A-Cart 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Nagios - history.cgi Remote Command Execution Nagios3 - history.cgi Remote Command Execution phpshop 2.0 - SQL Injection phpShop 2.0 - SQL Injection Freesshd - Authentication Bypass (Metasploit) FreeSSHD - Authentication Bypass (Metasploit) RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Open Proxy Relay RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Arbitrary File Access RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Open Proxy Relay RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Arbitrary File Access SLMail 5.5 - POP3 PASS Remote Buffer Overflow SLMail 5.5 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow AT-TFTP Server 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Microsoft Windows Light HTTPD 0.1 - Buffer Overflow Light HTTPD 0.1 (Windows) - Buffer Overflow MSN Messenger 6.2.0137 - '.png' Buffer Overflow Microsoft MSN Messenger 6.2.0137 - '.png' Buffer Overflow Smail-3 - Multiple Remote and Local Vulnerabilities Smail 3 - Multiple Remote and Local Vulnerabilities Cisco Linksys E4200 Firmware - Multiple Vulnerabilities Cisco Linksys E4200 - Multiple Vulnerabilities Salim Gasmi GLD 1.x - Postfix Greylisting Daemon Buffer Overflow Salim Gasmi GLD (Greylisting Daemon) 1.x - Postfix Greylisting Daemon Buffer Overflow Claroline 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection Claroline E-Learning 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline E-Learning 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection PHPCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection phpCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection NPDS 4.8 - /5.0 admin.php language Parameter Cross-Site Scripting NPDS 4.8 - /5.0 powerpack_f.php language Parameter Cross-Site Scripting NPDS 4.8 - /5.0 sdv_infos.php sitename Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - admin.php language Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - powerpack_f.php language Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - sdv_infos.php sitename Parameter Cross-Site Scripting NPDS 4.8 - /5.0 reviews.php title Parameter Cross-Site Scripting NPDS 4.8 - /5.0 reply.php image_subject Parameter Cross-Site Scripting NPDS 4.8 - /5.0 Glossaire Module terme Parameter SQL Injection NPDS 4.8 - /5.0 links.php Query Parameter SQL Injection NPDS 4.8 - /5.0 faq.php categories Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - reviews.php title Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - reply.php image_subject Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - Glossaire Module terme Parameter SQL Injection NPDS 4.8 < 5.0 - links.php Query Parameter SQL Injection NPDS 4.8 < 5.0 - faq.php categories Parameter Cross-Site Scripting SlimServe httpd 1.0/1.1 - Directory Traversal WhitSoft SlimServe httpd 1.0/1.1 - Directory Traversal Quick TFTP Server 2.2 - Denial of Service Quick TFTP Server Pro 2.2 - Denial of Service aeNovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection XMB 1.9.3 - u2u.php Cross-Site Scripting XMB Forum 1.9.3 - u2u.php Cross-Site Scripting PHPAlbum 0.2.3/4.1 - Local File Inclusion PHP Photo Album 0.2.3/4.1 - Local File Inclusion Zoom X4/X5 ADSL Modem - Multiple Vulnerabilities Zoom Telephonics X4/X5 ADSL Modem - Multiple Vulnerabilities BlazeDVD Pro player 6.1 - Stack Based Buffer Overflow (Direct Ret) BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct Ret) NetBSD mail.local - Privilege Escalation (Metasploit) NetBSD mail.local(8) - Privilege Escalation (Metasploit) PCMAN FTP 2.07 - PASS Command Buffer Overflow PCMan FTP Server 2.07 - PASS Command Buffer Overflow PCMAN FTP 2.07 - STOR Command Buffer Overflow PCMan FTP Server 2.07 - STOR Command Buffer Overflow EImagePro - - subList.asp CatID Parameter SQL Injection EImagePro - subList.asp CatID Parameter SQL Injection OZJournals 1.2 - Vname Parameter Cross-Site Scripting OZJournals 1.2 - 'Vname' Parameter Cross-Site Scripting SoftBiz Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBiz Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBiz Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBiz Dating Script 1.0 - news_desc.php id Parameter SQL Injection SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection OZJournals 1.5 - Multiple Input Validation Vulnerabilities Baby FTP server 1.24 - Denial of Service PCMAN FTP 2.07 - STOR Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit) Sophos Web Protection Appliance sblistpack - Arbitrary Command Execution (Metasploit) Sophos Web Protection Appliance - 'sblistpack' Arbitrary Command Execution (Metasploit) Festalon 0.5 - '.HES' Files Remote Heap Buffer Overflow Festalon 0.5 - '.HES' Remote Heap Buffer Overflow EZContents 2.0. - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion EZContents 2.0 - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion Google Earth 4.0.2091 (Beta) - KML/KMZ Files Buffer Overflow Google Earth 4.0.2091 (Beta) - '.KML'/'.KMZ' Buffer Overflow A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk Denial of Service Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service Microsoft Windows NDPROXY - Local SYSTEM Privilege Escalation (MS14-002) Microsoft Windows - 'NDPROXY' Local SYSTEM Privilege Escalation (MS14-002) Fish - Multiple Remote Buffer Overflow Vulnerabilities FiSH-irssi - Multiple Remote Buffer Overflow Vulnerabilities Microsoft Windows XP/2000 - 'WinMM.dll' .WAV Files Remote Denial of Service Microsoft Windows XP/2000 - 'WinMM.dll' / '.WAV' Remote Denial of Service Comersus Cart 7.0.7 Cart - comersus_message.asp redirectUrl Cross-Site Scripting Comersus Cart 7.0.7 - comersus_message.asp redirectUrl Cross-Site Scripting LanDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow SAP DB 7.x - Web Server WAHTTP.exe Multiple Buffer Overflow Vulnerabilities SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities Lanius CMS 1.2.14 - FAQ Module mid Parameter SQL Injection Lanius CMS 1.2.14 - EZSHOPINGCART Module cid Parameter SQL Injection Lanius CMS 1.2.14 FAQ Module - 'mid' Parameter SQL Injection Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' Parameter SQL Injection Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal SafeNet Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal Thomson SpeedTouch 2030 - SIP Invite Message Remote Denial of Service Thomson SpeedTouch ST 2030 (SIP Phone) - SIP Invite Message Remote Denial of Service Uebimiau 2.7.x - 'index.php' Cross-Site Scripting Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting Seagate BlackArmor - Root Exploit Seagate BlackArmor NAS - Root Exploit Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering Apple Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering PCMAN FTP 2.07 - ABOR Command Buffer Overflow PCMAN FTP 2.07 - CWD Command Buffer Overflow PCMan FTP Server 2.07 - ABOR Command Buffer Overflow PCMan FTP Server 2.07 - CWD Command Buffer Overflow HP OpenView Network Node Manager 7.x - (OV NNM) OpenView5.exe Action Parameter Traversal Arbitrary File Access HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access amfphp 1.2 - browser/details class Parameter Cross-Site Scripting amfPHP 1.2 - browser/details class Parameter Cross-Site Scripting PCMAN FTP 2.07 - Buffer Overflow PCMan FTP Server 2.07 - Buffer Overflow Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit Ultra Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit SAFARI Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities Apple Safari Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities Novell Groupwise Messenger 2.0 - Client Buffer Overflow Novell Groupwise Messenger 2.0 Client - Buffer Overflow Meeting Room Booking System - (MRBS) 1.2.6 day.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 week.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 month.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - day.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - week.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - month.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 report.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 help.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - report.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - help.php area Parameter Cross-Site Scripting Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities Oracle VM VirtualBox 3D Acceleration - Multiple Vulnerabilities OpenNms 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNms 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNms 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNms 1.5.x - HTTP Response Splitting OpenNMS 1.5.x - HTTP Response Splitting Lynx 2.8 - '.mailcap' and '.mime.type' Files Local Code Execution Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution Zeeways SHAADICLONE 2.0 - 'admin/home.php' Authentication Bypass Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass Pilot Group PG Roommate - SQL Injection Pilot Group PG Roommate Finder Solution - SQL Injection OpenSSL TLS Heartbeat Extension - Memory Disclosure OpenSSL TLS Heartbeat Extension - ''Heartbleed' Memory Disclosure OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions) OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS versions) Heartbleed OpenSSL - Information Leak Exploit (1) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (1) IBM Director 5.20 - CIM Server Privilege Escalation IBM System Director Agent 5.20 - CIM Server Privilege Escalation Heartbleed OpenSSL - Information Leak Exploit (2) DTLS Support OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (2) (DTLS Support) Kolibri 2.0 - GET Request Stack Buffer Overflow Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow Easy Chat Server 3.1 - Stack Buffer Overflow EFS Easy Chat Server 3.1 - Stack Buffer Overflow Sphider 1.3.6 - Multiple Vulnerabilities Sphider Search Engine 1.3.6 - Multiple Vulnerabilities Kolibri WebServer 2.0 - GET Request SEH Exploit Kolibri Web Server 2.0 - GET Request SEH Exploit MQAC.sys - Arbitrary Write Privilege Escalation (Metasploit) Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) VirtualBox - 3D Acceleration Virtual Machine Escape (Metasploit) VirtualBox Guest Additions - 'VBoxGuest.sys' Privilege Escalation (Metasploit) Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit) Oracle VM VirtualBox Guest Additions 4.3.10r93012 - 'VBoxGuest.sys' Privilege Escalation (Metasploit) Impact Software Ad Peeps - Cross-Site Scripting / HTML Injection Impact Software AdPeeps - Cross-Site Scripting / HTML Injection PPScript - 'shop.htm' SQL Injection Payment Processor Script (PPScript) - 'shop.htm' SQL Injection ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution Microsoft Windows OLE - Remote Code Execution 'Sandworm' Exploit (MS14-060) Microsoft Windows - OLE Remote Code Execution 'Sandworm' Exploit (MS14-060) Eclipse 3.3.2 IDE Help Server - help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting Eclipse 3.3.2 IDE - Help Server help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting TaskFreak 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting TaskFreak 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting TaskFreak 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting TaskFreak! 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting TaskFreak! 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting TaskFreak! 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting WordPress Plugin Wp Symposium 14.11 - Unauthenticated Arbitrary File Upload WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload Pandora 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) Pandora FMS 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) Oracle MySQL for Microsoft Windows - FILE Privilege Abuse (Metasploit) Oracle MySQL (Windows) - FILE Privilege Abuse (Metasploit) Exim ESMTP 4.80 glibc gethostbyname - Denial of Service Exim ESMTP 4.80 - glibc gethostbyname Denial of Service Support Incident Tracker - (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection Support Incident Tracker (SiT!) 3.63 p1 - search.php search_string Parameter SQL Injection alitbang CMS 3.3 - alumni.php hal Parameter SQL Injection Balitbang CMS 3.3 - alumni.php hal Parameter SQL Injection HP Network Node Manager i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting Publish-It - PUI Buffer Overflow (SEH) Publish-It - '.PUI' Buffer Overflow (SEH) WordPress Plugin WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin) WordPress Plugin Marketplace 2.4.0 - Remote Code Execution (Add Admin) Yaws 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Yaws-Wiki 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities abrt (Fedora 21) - Race Condition Abrt (Fedora 21) - Race Condition Webgate WESP SDK 1.2 - ChangePassword Stack Overflow WebGate WESP SDK 1.2 - ChangePassword Stack Overflow Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Oracle - Outside-In DOCX File Parsing Memory Corruption Oracle - Outside-In '.DOCX' File Parsing Memory Corruption iTunes 10.6.1.7 - '.pls' Title Buffer Overflow Apple iTunes 10.6.1.7 - '.pls' Title Buffer Overflow WordPress Plugin Leaflet Maps Marker 0.0.1 for - leaflet_marker.php id Parameter Cross-Site Scripting WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_marker.php id Parameter Cross-Site Scripting Microsoft Windows 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Microsoft Windows Server 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Mozilla Firefox < 39.03 - pdf.js Same Origin Policy Exploit Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Exploit Mozilla Firefox - pdf.js Privileged JavaScript Injection (Metasploit) Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit) MiniUPnP - Multiple Denial of Service Vulnerabilities MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities Kaseya Virtual System Administrator - Multiple Vulnerabilities (2) Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2) Safari - User-Assisted Applescript Exec Attack (Metasploit) Apple Safari - User-Assisted Applescript Exec Attack (Metasploit) Acrobat Reader DC 15.008.20082.15957 - PDF Parsing Memory Corruption Acrobat Reader DC 15.008.20082.15957 - '.PDF' Parsing Memory Corruption Dynamic Biz Website Builder - (QuickWeb) 1.0 apps/news-events/newdetail.asp id Parameter SQL Injection Dynamic Biz Website Builder (QuickWeb) 1.0 - apps/news-events/newdetail.asp id Parameter SQL Injection Xangati XSR And XNR - 'gui_input_test.pl' Remote Command Execution Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap Based Out-of-Bounds Read pdfium CPDF_TextObject::CalcPositionData - Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium CPDF_Function::Call - Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Based Buffer Overflow Foxit Reader 7.2.8.1124 - PDF Parsing Memory Corruption Foxit Reader 7.2.8.1124 - '.PDF' Parsing Memory Corruption Netgear ProSafe Network Management System 300 - Arbitrary File Upload (Metasploit) Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit) Novell Service Desk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Novell ServiceDesk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass MiCasa VeraLite - Remote Code Execution MiCasaVerde VeraLite - Remote Code Execution SmallFTPd 1.0.3 - 'mkd' Command Denial of Service SmallFTPd 1.0.3 - 'mkd' Command Denial Of Service GNU GTypist 2.9.5-2 - Local Buffer Overflow uSQLite 1.0.0 - Denial Of Service HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation Joomla 3.4.4 - 3.6.4 - Account Creation / Privilege Escalation CherryTree 0.36.9 - Memory Corruption (PoC)	2016-10-28 05:01:21 +00:00
Offensive Security	07fdc778ee	DB: 2016-10-21 24 new exploits NetAuctionHelp 4.1 - search.asp SQL Injection Apple Mac OSX 10.4.11 2007-008 - i386_set_ldt System Call Local Arbitrary Code Execution Microsoft Edge - Array.map Heap Overflow (MS16-119) Microsoft Jet Database Engine - '.MDB' File Parsing Remote Buffer Overflow Microsoft Edge - Array.join Info Leak (MS16-119) Windows DeviceApi CMApi PiCMOpenDeviceKey - Arbitrary Registry Key Write Privilege Escalation (MS16-124) Windows DeviceApi CMApi - PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124) HikVision Security Systems - Activex Buffer Overflow Oracle Netbeans IDE 8.1 - Directory Traversal MiCasa VeraLite - Remote Code Execution Oracle BI Publisher 11.1.1.6.0 / 11.1.1.7.0 / 11.1.1.9.0 / 12.2.1.0.0 - XML External Entity Injection Classifieds Rental Script - SQL Injection SAP NetWeaver KERNEL 7.0 < 7.5 - Denial of Service SAP Adaptive Server Enterprise 16 - Denial of Service Event Calendar PHP 1.5 - SQL Injection SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution SPIP 3.1.1 / 3.1.2 - File Enumeration / Path Traversal SPIP 3.1.2 - Cross-Site Request Forgery Windows win32k.sys - TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read (MS16-120) Windows win32k.sys - TTF Processing win32k!sbit_Embolden / win32k!ttfdCloseFontContext Use-After-Free (MS16-120) Windows Kernel - Registry Hive Loading Negative RtlMoveMemory Size in nt!CmpCheckValueList (MS16-124) Windows Kernel - Registry Hive Loading Relative Arbitrary Read in nt!RtlValidRelativeSecurityDescriptor (MS16-123) Microsoft Edge - Function.apply Info Leak (MS16-119) Microsoft Edge - Spread Operator Stack Overflow (MS16-119) Windows Edge/IE - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118) Windows Edge/IE - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118) Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124) Hak5 WiFi Pineapple - Preconfiguration Command Injection (Metasploit) OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)	2016-10-21 05:01:17 +00:00
Offensive Security	751e61a6bf	DB: 2016-09-16 3 new exploits Avaya IP Office Phone Manager - Local Password Disclosure BT Voyager 2091 (Wireless ADSL) - Multiple Vulnerabilities PA168 Chipset IP Phones - Weak Session Management Exploit CUPS 1.3.7 - Cross-Site Request Forgery (add rss subscription) Remote Crash phpMyAdmin - '/scripts/setup.php' PHP Code Injection NScan 0.9.1 - (Target) Buffer Overflow NScan 0.9.1 - 'Target' Buffer Overflow Xerox WorkCentre - Multiple Models Denial of Service Xerox WorkCentre (Multiple Models) - Denial of Service Cisco EPC 3925 - Multiple Vulnerabilities httpdx 1.4 - h_handlepeer Buffer Overflow (Metasploit) Novell eDirectory 8.8sp5 - Buffer Overflow Uebimiau Webmail 3.2.0-2.0 - Email Disclosure ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x32/x64) - LZH archive parsing (PoC) Integard Home and Pro 2 - Remote HTTP Buffer Overflow Multiple D-Link Router Models - Authentication Bypass D-Link Router (Multiple Models) - Authentication Bypass iSO Air Files 2.6 - Directory Traversal iOS FtpDisc 1.0 - Directory Traversal iOS SideBooks 1.0 - Directory Traversal iOS FtpDisc 1.0 - Directory Traversal iOS SideBooks 1.0 - Directory Traversal iSO Filer Lite 2.1.0 - Directory Traversal iOS iDocManager 1.0.0 - Directory Traversal iOS myDBLite 1.1.10 - Directory Traversal iSO Filer Lite 2.1.0 - Directory Traversal iOS iDocManager 1.0.0 - Directory Traversal iOS myDBLite 1.1.10 - Directory Traversal iOS Share 1.0 - Directory Traversal iOS TIOD 1.3.3 - Directory Traversal Zapya Desktop 1.803 - (ZapyaService.exe) Privilege Escalation Zapya Desktop 1.803 - 'ZapyaService.exe' Privilege Escalation Dansie Shopping Cart - Server Error Message Installation Full Path Disclosure Apache/mod_ssl 2.0.x - Remote Denial of Service SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation Airlive IP Cameras - Multiple Vulnerabilities Monkey CMS - Multiple Vulnerabilities NetBSD mail.local - Privilege Escalation (Metasploit) Apache Mina 2.0.13 - Remote Command Execution Apache Mina 2.0.13 - Remote Command Execution DeepOfix SMTP Server 3.3 - Authentication Bypass xEpan 1.0.4 - Multiple Vulnerabilities Humhub 0.10.0-rc.1 - SQL Injection Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities Humhub 0.10.0-rc.1 - SQL Injection Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness Koha 3.20.1 - Multiple SQL Injections Koha 3.20.1 - Directory Traversal Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities Koha 3.20.1 - Multiple SQL Injections Koha 3.20.1 - Directory Traversal Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities 8 TOTOLINK Router Models - Backdoor and Remote Code Execution 8 TOTOLINK Router Models - Backdoor / Remote Code Execution Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow TestLink 1.9.14 - Cross-Site Request Forgery PaKnPost Pro 1.14 - Multiple Vulnerabilities zFTP Client 20061220 - (Connection Name) Local Buffer Overflow zFTP Client 20061220 - 'Connection Name' Local Buffer Overflow NUUO NVRmini 2 3.0.8 - (strong_user.php) Backdoor Remote Shell Access NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access Cisco ASA 8.x - Authentication Bypass (EXTRABACON) Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass Watchguard Firewalls - ifconfig Privilege Escalation (ESCALATEPLOWMAN) Cisco ASA / PIX - Privilege Escalation (EPICBANANA) TOPSEC Firewalls - Remote Code Execution (ELIGIBLECONTESTANT) TOPSEC Firewalls - Remote Code Execution (ELIGIBLECANDIDATE) TOPSEC Firewalls - Remote Code Execution (ELIGIBLEBOMBSHELL) TOPSEC Firewalls - Remote Exploit (ELIGIBLEBACHELOR) Fortigate Firewalls - Remote Code Execution (EGREGIOUSBLUNDER) Watchguard Firewalls - 'ESCALATEPLOWMAN' ifconfig Privilege Escalation Cisco ASA / PIX - 'EPICBANANA' Privilege Escalation TOPSEC Firewalls - 'ELIGIBLECONTESTANT' Remote Code Execution TOPSEC Firewalls - 'ELIGIBLECANDIDATE' Remote Code Execution TOPSEC Firewalls - 'ELIGIBLEBOMBSHELL' Remote Code Execution TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote Exploit Fortigate Firewalls - 'EGREGIOUSBLUNDER' Remote Code Execution tcPbX - (tcpbx_lang) Local File Inclusion tcPbX - 'tcpbx_lang' Local File Inclusion	2016-09-16 05:08:37 +00:00
Offensive Security	5e2fc10125	DB: 2016-09-03	2016-09-03 13:13:25 +00:00
Offensive Security	31a21bb68d	DB: 2016-09-03 14 new exploits Too many to list!	2016-09-03 05:08:42 +00:00
Offensive Security	4011b4f053	DB: 2016-08-27	2016-08-27 05:08:40 +00:00
Offensive Security	0d018828aa	DB: 2016-07-15	2016-07-15 06:29:45 +00:00
Offensive Security	858079a4fe	DB: 2016-06-08 5 new exploits Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root (2) Windows x86 WinExec(_cmd.exe__0) Shellcode Linux x86 /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) League of Legends Screensaver - Unquoted Service Path Privilege Escalation League of Legends Screensaver - Insecure File Permissions Privilege Escalation Cisco EPC 3928 - Multiple Vulnerabilities	2016-06-08 05:05:38 +00:00
Offensive Security	62962d90b0	DB: 2016-06-07 16 new exploits Linux Kernel < 2.6.34 (Ubuntu 11.10 x86 & x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2) Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2) Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit) Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit) Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root WordPress Simple Backup Plugin 2.7.11 - Multiple Vulnerabilities Dream Gallery 1.0 - CSRF Add Admin Exploit Apache Continuum 1.4.2 - Multiple Vulnerabilities Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - ShellShock Exploit Valve Steam 3.42.16.13 - Local Privilege Escalation ArticleSetup 1.00 - CSRF Change Admin Password Electroweb Online Examination System 1.0 - SQL Injection WordPress WP Mobile Detector Plugin 3.5 - Arbitrary File Upload WordPress Creative Multi-Purpose Theme 9.1.3 - Stored XSS WordPress WP PRO Advertising System Plugin 4.6.18 - SQL Injection WordPress Newspaper Theme 6.7.1 - Privilege Escalation WordPress Uncode Theme 1.3.1 - Arbitrary File Upload WordPress Double Opt-In for Download Plugin 2.0.9 - SQL Injection Notilus Travel Solution Software 2012 R3 - SQL Injection rConfig 3.1.1 - Local File Inclusion Nagios XI 5.2.7 - Multiple Vulnerabilities	2016-06-07 05:07:41 +00:00
Offensive Security	b189e25266	DB: 2016-05-25 1 new exploits AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XXE Injection	2016-05-25 05:01:52 +00:00
Offensive Security	5e229672a0	DB: 2016-05-14 3 new exploits Ethereal / tcpdump (rsvp_print) Infinite Loop Denial of Service Exploit Ethereal 0.10.10 / tcpdump 3.9.1 (rsvp_print) Infinite Loop Denial of Service Exploit Mozilla Firefox - Install Method Remote Arbitrary Code Execution Exploit Mozilla Firefox 1.0.3 - Install Method Remote Arbitrary Code Execution Exploit Active Price Comparison 4 - (ProductID) Blind SQL Injection Vulnerability Absolute Form Processor XE-V 1.5 - (auth Bypass) SQL Injection Vulnerability ipsec-tools racoon frag-isakmp Denial of Service PoC IPsec-Tools < 0.7.2 (racoon frag-isakmp) - Multiple Remote Denial of Service PoC PaoBacheca Guestbook 2.1 (login_ok) Auth Bypass Vulnerability PaoLiber 1.1 (login_ok) Authentication Bypass Vulnerability PaoBacheca Guestbook 2.1 - (login_ok) Auth Bypass Vulnerability PaoLiber 1.1 - (login_ok) Authentication Bypass Vulnerability IPsec-Tools < 0.7.2 - Multiple Remote Denial of Service Vulnerabilities ISC DHCP 'dhclient' 'script_write_params()' - Stack Buffer Overflow Vulnerability I-net Multi User Email Script SQLi Vulnerability linux/x86 - break chroot execve /bin/sh 80 bytes linux/x86 - break chroot execve /bin/sh (80 bytes) Sysax Multi Server 5.64 - Create Folder Buffer Overflow TikiWiki Project 1.8 tiki-read_article.php articleId Parameter XSS TikiWiki Project 1.8 - tiki-read_article.php articleId Parameter XSS TikiWiki Project 1.8 tiki-print_article.php articleId Parameter XSS TikiWiki Project 1.8 - tiki-print_article.php articleId Parameter XSS TikiWiki Project 1.8 tiki-list_faqs.php sort_mode Parameter SQL Injection TikiWiki Project 1.8 tiki-list_trackers.php sort_mode Parameter SQL Injection TikiWiki Project 1.8 - tiki-list_faqs.php sort_mode Parameter SQL Injection TikiWiki Project 1.8 - tiki-list_trackers.php sort_mode Parameter SQL Injection UBBCentral UBB.threads 6.2.3/6.5 login.php Cat Parameter XSS UBBCentral UBB.threads 6.2.3/6.5 online.php Cat Parameter XSS UBBCentral UBB.threads 6.2.3/6.5 - login.php Cat Parameter XSS UBBCentral UBB.threads 6.2.3/6.5 - online.php Cat Parameter XSS CityPost PHP Image Editor M1 URI Parameter Cross-Site Scripting Vulnerability CityPost PHP Image Editor M2 URI Parameter Cross-Site Scripting Vulnerability CityPost PHP Image Editor M3 URI Parameter Cross-Site Scripting Vulnerability CityPost PHP Image Editor Imgsrc URI Parameter Cross-Site Scripting Vulnerability CityPost PHP Image Editor M4 URI Parameter Cross-Site Scripting Vulnerability CityPost PHP Image Editor M1/M2/M3/Imgsrc/M4 - URI Parameter Cross-Site Scripting Vulnerability osCommerce 2.2 admin/countries.php page Parameter XSS osCommerce 2.2 admin/currencies.php page Parameter XSS osCommerce 2.2 - admin/countries.php page Parameter XSS osCommerce 2.2 - admin/currencies.php page Parameter XSS Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (1) Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (2) Microsoft Internet Explorer 6.0 - Unspecified Code Execution Vulnerability (1) Microsoft Internet Explorer 6.0 - Unspecified Code Execution Vulnerability (2) Joomla Gallery WD - SQL Injection Vulnerability Photoshop CC2014 and Bridge CC 2014 PNG Parsing Memory Corruption Vulnerabilities Photoshop CC2014 and Bridge CC 2014 PDF Parsing Memory Corruption Vulnerabilities Photoshop CC2014 and Bridge CC 2014 - .PNG Parsing Memory Corruption Vulnerabilities NRSS Reader 0.3.9 - Local Stack-Based Overflow runAV mod_security - Arbitrary Command Execution Wireshark - AirPDcapDecryptWPABroadcastKey Heap-Based Out-of-Bounds Read	2016-05-14 05:03:47 +00:00
Offensive Security	6fa97a6001	DB: 2016-05-07 6 new exploits RPCScan 2.03 - Hostname/IP Field Crash PoC CIScan 1.00 - Hostname/IP Field Crash PoC DotNetNuke 07.04.00 - Administration Authentication Bypass Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts Adobe Flash - MovieClip.duplicateMovieClip Use-After-Free ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities	2016-05-07 05:03:58 +00:00
Offensive Security	477bcbdcc0	DB: 2016-03-17 5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow	2016-03-17 07:07:56 +00:00
Offensive Security	f7b6199767	DB: 2016-02-23 7 new exploits	2016-02-23 05:02:07 +00:00
Offensive Security	477deae72e	DB: 2016-01-14 6 new exploits	2016-01-14 05:02:54 +00:00
Offensive Security	97940c47e2	DB: 2016-01-08 10 new exploits	2016-01-08 05:03:43 +00:00
Offensive Security	415f43407d	DB: 2015-12-27 9 new exploits	2015-12-27 05:02:11 +00:00
Offensive Security	855936a0eb	DB: 2015-12-13 23 new exploits	2015-12-13 05:02:04 +00:00
Offensive Security	cc3cd3f120	DB: 2015-12-08 10 new exploits	2015-12-08 05:03:12 +00:00
Offensive Security	04598bf305	DB: 2015-12-07 10 new exploits	2015-12-07 05:03:07 +00:00
Offensive Security	043724668f	DB: 2015-11-19 8 new exploits	2015-11-19 05:03:31 +00:00
Offensive Security	41bf68ffcd	DB: 2015-11-16 9 new exploits	2015-11-16 05:02:02 +00:00
Offensive Security	8a3d4b8a4b	DB: 2015-11-10 9 new exploits	2015-11-10 05:03:39 +00:00
Offensive Security	cf23aa54a7	DB: 2015-10-19 10 new exploits	2015-10-19 05:03:35 +00:00
Offensive Security	0f12501e2c	DB: 2015-10-08 6 new exploits	2015-10-08 05:02:23 +00:00
Offensive Security	99aa045746	DB: 2015-09-30 5 new exploits	2015-09-30 05:03:36 +00:00
Offensive Security	c14ed0e3ce	DB: 2015-09-26 11 new exploits	2015-09-26 05:01:39 +00:00
Offensive Security	d891c95c0e	DB: 2015-08-29 11 new exploits	2015-08-29 05:01:51 +00:00
Offensive Security	6dccd55e18	DB: 2015-08-21 6 new exploits	2015-08-21 05:02:09 +00:00
Offensive Security	a732415255	DB: 2015-08-13 1 new exploits	2015-08-13 05:06:40 +00:00
Offensive Security	95ce541193	DB: 2015-07-30 4 new exploits	2015-07-30 05:02:27 +00:00
Offensive Security	05f61b57bd	DB: 2015-07-28 13 new exploits	2015-07-28 05:02:23 +00:00
Offensive Security	c22dc8c9d4	DB: 2015-07-25 16 new exploits	2015-07-25 05:02:16 +00:00
Offensive Security	d6eaf56290	DB: 2015-07-24 7 new exploits	2015-07-24 05:02:14 +00:00
Offensive Security	5d9a8808ca	DB: 2015-07-14 30 new exploits	2015-07-14 05:03:24 +00:00

1 2 3 4

186 commits