Offensive Security
7de3f31675
DB: 2017-10-21
...
9 new exploits
Too many to list!
2017-10-21 05:01:31 +00:00
Offensive Security
5d67bcf186
DB: 2017-10-19
...
5 new exploits
Too many to list!
2017-10-19 05:01:29 +00:00
Offensive Security
519f2f59ba
DB: 2017-10-18
...
19 new exploits
Mozilla (Firefox 1.0.7) (Mozilla 1.7.12) - Denial of Service
Mozilla Firefox 1.0.7 (Mozilla 1.7.12) - Denial of Service
Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution
Microsoft Excel - OLE Arbitrary Code Execution
Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass
Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns
Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box'
Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags
Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure
Linux Kernel - 'AF_PACKET' Use-After-Free
shadowsocks-libev 3.1.0 - Command Execution
Shadowsocks - Log File Command Execution
ModSecurity - POST Parameters Security Bypass
ModSecurity - 'POST' Security Bypass
Apple iOS 10.2 (14C92) - Remote Code Execution
Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)
Windows x64 - API Hooking Shellcode (117 bytes)
ALiCE-CMS 0.1 - (CONFIG[local_root]) Remote File Inclusion
ALiCE-CMS 0.1 - 'CONFIG[local_root]' Remote File Inclusion
PHPRecipeBook 2.35 - (g_rb_basedir) Remote File Inclusion
PHPRecipeBook 2.35 - 'g_rb_basedir' Remote File Inclusion
Brim 1.2.1 - (renderer) Multiple Remote File Inclusion
Brim 1.2.1 - 'renderer' Multiple Remote File Inclusion
GNUBoard 4.33.02 - 'tp.php' PATH_INFO SQL Injection
GNUBoard 4.33.02 - 'tp.php PATH_INFO' SQL Injection
3CX Phone System 15.5.3554.1 - Directory Traversal
OpenText Documentum Content Server - Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
OpenText Documentum Content Server - dmr_content Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
2017-10-18 05:01:30 +00:00
Offensive Security
3cfdd1cc27
DB: 2017-10-12
...
5 new exploits
MultiTheftAuto 0.5 patch 1 - Server Crash and MOTD Deletion Exploit
MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit
Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities
Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities
Apple Safari & QuickTime - Denial of Service
Apple Safari / QuickTime - Denial of Service
Real Helix DNA - RTSP and SETUP Request Handler Vulnerabilities
Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities
Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities
Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities
Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service
Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service
Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities
Multiple Adobe Products - XML External Entity / XML Injection Vulnerabilities
Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow
Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow
Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption
Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption
Mozilla Firefox - Interleaving document.write and appendChild Denial of Service
Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Denial of Service
Avirt Mail 4.0/4.2 - 'Mail From:' and 'Rcpt to:' Denial of Service
Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service
BRS Webweaver 1.0 4 - POST and HEAD Denial of Service
BRS Webweaver 1.0 4 - POST / HEAD Denial of Service
Microsoft IIS 5.0 - WebDAV PROPFIND and SEARCH Method Denial of Service
Microsoft IIS 5.0 - WebDAV PROPFIND / SEARCH Method Denial of Service
Microsoft Internet Explorer 5.0.1 - Malformed IMG and XML Parsing Denial of Service
Microsoft Internet Explorer 5.0.1 - Malformed .IMG / .XML Parsing Denial of Service
Extended Module Player (xmp) 2.5.1 - 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
Extended Module Player (xmp) 2.5.1 - 'oxm.c' / 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)
Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow
Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow
Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption
Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption
Nitro Pro 10.5.7.32 & Nitro Reader 5.5.3.1 - Heap Memory Corruption
Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption
Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys
binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow
BSD & Linux umount - Privilege Escalation
BSD / Linux - 'umount' Privilege Escalation
BSD & Linux lpr - Privilege Escalation
BSD / Linux - 'lpr' Privilege Escalation
DelphiTurk CodeBank 3.1 - Local 'Username' and Password Disclosure
DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure
SystemTap 1.0/1.1 - '__get_argv()' and '__get_compat_argv()' Local Memory Corruption
SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption
Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation
Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation
ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass)
ASX to MP3 converter < 3.1.3.7 - '.asx' Stack Overflow (DEP Bypass)
ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow
Microsoft Windows - WINS Vulnerability and OS/SP Scanner
Microsoft Windows - WINS Vulnerability + OS/SP Scanner
Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving document.write and appendChild Exploit (From the Wild)
Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit
Mozilla Firefox - Interleaving document.write and appendChild Exploit (Metasploit)
Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit)
Quest InTrust 10.4.x - ReportTree and SimpleTree Classes
Quest InTrust 10.4.x - ReportTree / SimpleTree Classes
SunOS 4.1.3 - LD_LIBRARY_PATH and LD_OPTIONS
SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit
RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd
RedHat Linux 5.1 / Caldera OpenLinux Standard 1.2 - Mountd
Microsoft IIS 3.0/4.0 - Using ASP And FSO To Read Server Files
Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
tcpdump 3.4 - Protocol Four and Zero Header Length
tcpdump 3.4 - Protocol Four / Zero Header Length
Symantec pcAnywhere 12.5.0 - Login and Password Field Buffer Overflow
Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow
Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Exploit
Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit
Internet Security Systems ICECap Manager 2.0.23 - Default 'Username' and Password
Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password
Technote 2000/2001 - 'Filename' Parameter Command Execution And File Disclosure
Technote 2000/2001 - 'Filename' Parameter Command Execution and File Disclosure
WFTPD 3.0 - 'RETR' and 'CWD' Buffer Overflow
WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow
EFTP Server 2.0.7.337 - Directory and File Existence
EFTP Server 2.0.7.337 - Directory Existence / File Existence
Bajie HTTP Server 0.95 - Example Scripts And Servlets Cross-Site Scripting
Bajie HTTP Server 0.95 - Example Scripts and Servlets Cross-Site Scripting
InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities
InternetNow ProxyNow 2.6/2.75 - Multiple Stack / Heap Overflow Vulnerabilities
Microsoft Windows XP - Help And Support Center Interface Spoofing
Microsoft Windows XP - Help and Support Center Interface Spoofing
BigAnt Server 2.97 - SCH And DUPF Buffer Overflow (Metasploit)
BigAnt Server 2.97 - SCH / DUPF Buffer Overflow (Metasploit)
Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence and Disclosure
Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence / File Disclosure
Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting
Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting
3D-FTP 8.01 - 'LIST' and 'MLSD' Directory Traversal
3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal
Apache Tomcat 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting
Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting
Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read
Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read
Github Enterprise - Default Session Secret And Deserialization (Metasploit)
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
VX Search Enterprise 10.1.12 - Buffer Overflow
QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities
Quote&Ordering System 1.0 - 'ordernum' Multiple Vulnerabilities
Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion
Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion
FlexPHPNews 0.0.6 & PRO - Authentication Bypass
FlexPHPNews 0.0.6 / PRO - Authentication Bypass
click&rank - SQL Injection / Cross-Site Scripting
Click&Rank - SQL Injection / Cross-Site Scripting
WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures
WordPress Core / MU / Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures
PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass
Pre Hotels&Resorts Management System - Authentication Bypass
PHP-Nuke CMS - (Survey and Poll) SQL Injection
PHP-Nuke CMS (Survey and Poll) - SQL Injection
60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)
60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)
XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup
XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup
Allomani Songs & Clips Script 2.7.0 - Cross-Site Request Forgery (Add Admin)
Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin)
Sun i-Runbook 2.5.2 - Directory And File Content Disclosure
Sun i-Runbook 2.5.2 - Directory and File Content Disclosure
DUclassmate 1.x - account.asp MM-recordId Parameter Arbitrary Password Modification
DUclassmate 1.x - 'account.asp MM-recordId' Arbitrary Password Modification
DUforum 3.x - messages.asp FOR_ID Parameter SQL Injection
DUforum 3.x - messageDetail.asp MSG_ID Parameter SQL Injection
DUforum 3.x - 'messages.asp FOR_ID' SQL Injection
DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection
SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation And Input Validation
SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation
JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Inclusion
JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusion
WordPress Plugin WP BackupPlus - Database And Files Backup Download
WordPress Plugin WP BackupPlus - Database and Files Backup Download
WebsiteKit Gbplus - Name and Body Fields HTML Injection Vulnerabilities
WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection
Gogs - (users and repos q pararm) SQL Injection
Gogs - users and repos q SQL Injection
WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection
WebFileExplorer 3.6 - 'user' / 'pass' SQL Injection
Joomla! Component 'com_tree' - 'key' Parameter SQL Injection
Joomla! Component com_tree - 'key' Parameter SQL Injection
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
WeBid - Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities
WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities
Squiz CMS - Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities
Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities
TOTOLINK Routers - Backdoor and Remote Code Execution (PoC)
TOTOLINK Routers - Backdoor / Remote Code Execution (PoC)
up.time 7.5.0 - Arbitrary File Disclose And Delete Exploit
up.time 7.5.0 - Upload And Execute File Exploit
up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit
up.time 7.5.0 - Upload and Execute Exploit
Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass
WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting
WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting
WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting
WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
2017-10-12 05:01:34 +00:00
Offensive Security
ecfeb57577
DB: 2017-10-03
...
15 new exploits
Linux Kernel < 4.14.rc3 - Local Denial of Service
Dnsmasq < 2.78 - 2-byte Heap-Based Overflow
Dnsmasq < 2.78 - Heap-Based Overflow
Dnsmasq < 2.78 - Stack-Based Overflow
Dnsmasq < 2.78 - Information Leak
Dnsmasq < 2.78 - Lack of free() Denial of Service
Dnsmasq < 2.78 - Integer Underflow
UCOPIA Wireless Appliance < 5.1.8 - Privilege Escalation
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape
Qmail SMTP - Bash Environment Variable Injection (Metasploit)
NPM-V (Network Power Manager) 2.4.1 - Password Reset
phpCollab 2.5.1 - Arbitrary File Upload
phpCollab 2.5.1 - SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection
2017-10-03 05:01:26 +00:00
Offensive Security
92bfb7616d
DB: 2017-09-22
...
7 new exploits
Linux Kernel <= 4.13.1 - BlueTooth Buffer Overflow (PoC)
Microsoft Edge - Chakra Incorrectly Parses Object Patterns
Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes
Microsoft Edge Chakra - 'Parser::ParseCatch' does not Handle 'eval'
Microsoft Edge Chakra - 'JavascriptFunction::ReparseAsmJsModule' Incorrectly Re-parses
Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit)
PHPMyFAQ 2.9.8 - Cross-Site Scripting
2017-09-22 05:01:23 +00:00
Offensive Security
590c03106b
DB: 2017-09-13
...
15 new exploits
tcprewrite - Heap-Based Buffer Overflow
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization
Docker Daemon - Unprotected TCP Socket
Jungo DriverWizard WinDriver <= 12.4.0 - Kernel Pool Overflow
Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
osTicket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
PHP Dashboards NEW 4.4 - Arbitrary File Read
PHP Dashboards NEW 4.4 - SQL Injection
JobStar Monster Clone Script 1.0 - SQL Injection
iTech Book Store Script 2.02 - SQL Injection
iTech StockPhoto Script 2.02 - SQL Injection
EduStar Udemy Clone Script 1.0 - SQL Injection
AirStar Airbnb Clone Script 1.0 - SQL Injection
osTicket 1.10 - SQL Injection
FoodStar 1.0 - SQL Injection
Gr8 Multiple Search Engine Script 1.0 - SQL Injection
inClick Cloud Server 5.0 - SQL Injection
2017-09-13 05:01:22 +00:00
Offensive Security
a160bc0c68
DB: 2017-09-02
...
2 new exploits
Mozilla Firefox 3.6.3 - Fork Bomb Denial of Service
Mozilla Firefox 3.6.3 - Fork Bomb (Denial of Service)
OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Git <= 2.7.5 - Command Injection (Metasploit)
Git < 2.7.5 - Command Injection (Metasploit)
Joomla! 1.0.7 / Mambo 4.5.3 - (feed) Full Path Disclosure / Denial of Service
Joomla! 1.0.7 / Mambo 4.5.3 - 'feed' Full Path Disclosure / Denial of Service
Joomla! 1.0.9 - (Weblinks) Blind SQL Injection
Joomla! 1.0.9 - 'Weblinks' Blind SQL Injection
Joomla! 1.5.x - (Token) Remote Admin Change Password
Joomla! 1.5.x - 'Token' Remote Admin Change Password
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
Joomla! Component & Plugin 'JE Tooltip' 1.0 - Local File Inclusion
Joomla! 'com_djClassifieds' 0.9.1 - Arbitrary File Upload
Joomla! Component 'com_djClassifieds' 0.9.1 - Arbitrary File Upload
Joomla! 1.6.0-Alpha2 - Cross-Site Scripting
Joomla! 1.6.0 Alpha2 - Cross-Site Scripting
Joomla! - Spam Mail Relay
Joomla! 1.5.22 / 1.6.0 - 'com_mailto' Spam Mail Relay
Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection
Joomla! Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection
Joomla Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection
Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection
Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection
2017-09-02 05:01:21 +00:00
Offensive Security
dd6e8a4e4c
DB: 2017-08-24
...
13 new exploits
libgig 4.0.0 - LinuxSampler Multiple Vulnerabilities
Microsoft Internet Explorer - wshom.ocx (Run) ActiveX Remote Code Execution (Add Admin)
Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin)
Automated Logic WebCTRL 6.5 - Local Privilege Escalation
Microsoft Internet Explorer - (createTextRang) Download Shellcode Exploit (1)
Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (1)
Microsoft Internet Explorer - wshom.ocx ActiveX Control Remote Code Execution
Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution
Easy File Management Web Server 5.3 - UserID Remote Buffer Overflow (ROP)
Easy File Management Web Server 5.3 - 'UserID' Remote Buffer Overflow (ROP)
Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow
Easy File Management Web Server 5.6 - 'USERID' Remote Buffer Overflow
BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes)
BSD/x86 - Bind TCP Shell (Random TCP Port) Shellcode (143 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)
Linux/x86 - Bind TCP Shellcode (Generator)
Linux/x86 - Bind TCP Shell Shellcode (Generator)
Linux/x86 - Command Null-Free Shellcode (Generator)
Linux/x86 - Command Generator Null-Free Shellcode (Generator)
Cisco IOS/PowerPC - Bind Password (1rmp455) Shellcode (116 bytes)
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve Shellcode (60 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes)
Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes)
Linux/x86 - Forks a HTTP Server on 8800/TCP Shellcode (166 bytes)
Linux/x86 - Listens on 5555/TCP + Jumps to it Shellcode (83 bytes)
Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)
Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes)
Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)
Linux/x86 - File Reader Shellcode (65+ bytes)
Linux/x86 - Read /etc/passwd Shellcode (65+ bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access Shellcode (86 bytes)
Linux/x86 - Ho' Detector - Promiscuous mode detector Shellcode (56 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)
Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)
Linux/x86 - system-beep Shellcode (45 bytes)
Linux/x86 - System Beep Shellcode (45 bytes)
Linux/x86 - rm -rf / Attempts To Block The Process From Being Stopped Shellcode (132 bytes)
Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes)
Linux/x86 - raw-socket ICMP/checksum shell Shellcode (235 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - kill all processes Shellcode (11 bytes)
Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - Kill All Processes Shellcode (11 bytes)
Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A ) + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - re-use of /bin/sh string in .rodata Shellcode (16 bytes)
Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh) + .ZIP Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + .RTF Header Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + .RIFF Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + .BMP Bitmap Header Shellcode (27 bytes)
Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes)
Linux/x86 - SWAP store from /tmp/sws Shellcode (99 bytes)
Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)
Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads + JMP Shellcode (68+ bytes)
Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes)
Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin ) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)
Linux/x86 - TCP Proxy (192.168.1.16:1280) All Connect() Null-Free Shellcode (236 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() Shellcode (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) Shellcode (45 bytes)
Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes)
Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes)
Linux/x86 - normal exit with random (so to speak) return value Shellcode (5 bytes)
Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)
Linux/x86 - Socket-proxy Shellcode (372 bytes)
Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)
Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (187+ bytes)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes)
Linux/x86 - Radically Self-Modifying Shellcode (70 bytes)
Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes)
Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)
Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less Shellcode (45 bytes)
Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)
Linux/x86 - kill snort Shellcode (151 bytes)
Linux/x86 - Kill Snort Shellcode (151 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - eject /dev/cdrom Shellcode (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 Shellcode (132 bytes)
Linux/x86 - ipchains -F Shellcode (49 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes)
Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)
Linux/x86 - execve /bin/sh (tolower() Evasion) Shellcode (41 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh (toupper() Evasion) Shellcode (55 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)
NetBSD/x86 - kill all processes Shellcode (23 bytes)
NetBSD/x86 - Callback 6666/TCP Shellcode (83 bytes)
NetBSD/x86 - Kill All Processes Shellcode (23 bytes)
NetBSD/x86 - Reverse TCP Shell (6666/TCP) Shellcode (83 bytes)
OSX/PPC - Add inetd backdoor Shellcode (222 bytes)
OSX/PPC - reboot Shellcode (28 bytes)
OSX/PPC - Add inetd (/etc/inetd.conf) Backdoor (Bind 6969/TCP Shell) Shellcode (222 bytes)
OSX/PPC - Reboot Shellcode (28 bytes)
OSX/PPC - create /tmp/suid Shellcode (122 bytes)
OSX/PPC - simple write() Shellcode (75 bytes)
OSX/PPC - Create /tmp/suid Shellcode (122 bytes)
OSX/PPC - Simple write() Shellcode (75 bytes)
Solaris/SPARC - Download File + Execute Shellcode (278 bytes)
Solaris/SPARC - Download File (http://evil-dl/ ) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes)
Solaris/SPARC - Bind TCP /bin/sh Shell (6789/TCP) Shellcode (228 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Solaris/x86 - Bind TCP Shell Shellcode (Generator)
Solaris/x86 - execve /bin/sh toupper evasion Shellcode (84 bytes)
Solaris/x86 - Add services and execve inetd Shellcode (201 bytes)
Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes)
Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Linux/x86 - kill all processes Shellcode (9 bytes)
Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe ) + Execute Shellcode (218+ bytes)
Linux/x86 - Kill All Processes Shellcode (9 bytes)
Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Linux/x86 - eject /dev/cdrom Shellcode (42 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Linux/x86 - Disabled modsecurity Shellcode (64 bytes)
Linux/x86 - Disable modsecurity Shellcode (64 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Solaris/x86 - Download File Shellcode (79 bytes)
Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes)
Solaris/x86 - Download File (http://shell-storm.org/exemple-solaris ) Shellcode (79 bytes)
Linux/x86 - Disable ASLR Security Shellcode (106 bytes)
Linux/x86 - kill all running process Shellcode (11 bytes)
Linux/x86 - Kill All Running Process Shellcode (11 bytes)
Solaris/x86 - SystemV killall command Shellcode (39 bytes)
Solaris/x86 - SystemV killall Command Shellcode (39 bytes)
Windows x86 - Checksum Routine Shellcode (18 bytes)
Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes)
ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader (0x1337/TCP) Shellcode
ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/UDP) Shellcode
ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
OSX - Universal ROP Shellcode
Linux/MIPS - execve Shellcode (52 bytes)
OSX - Universal ROP + Reverse TCP Shell Shellcode
Linux/MIPS - execve /bin/sh Shellcode (52 bytes)
Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes)
Windows - URLDownloadToFile + WinExec + ExitProcess Shellcode
Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt ) + WinExec + ExitProcess Shellcode
Linux/x86 - Socket Re-use Shellcode (50 bytes)
Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)
Linux/x86-64 - Position independent + execve(_/bin/sh\0__NULL_NULL); Alphanumeric Shellcode (87 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes)
Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile Shellcode (118 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x86 - execve _/bin/sh_ Shellcode (35 bytes)
Linux/x86 - execve /bin/sh Shellcode (35 bytes)
Linux/x86 - Execve /bin/sh Via Push Shellcode (21 bytes)
Linux/x86-64 - Execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - execve /bin/sh Via Push Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - execve _/bin/sh_ Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (26 bytes)
Linux/x86 - /etc/passwd Reader Shellcode (58 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 bytes)
Linux/x86 - execve _/bin/sh_ Shellcode (24 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes)
Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes)
Linux x86/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (251 bytes)
Linux/x86-64 - Execve-Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Bind Shell Shellcode (Generator)
Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes)
Linux/x86-64 - Bind TCP Shell Shellcode (Generator)
Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes)
Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes)
Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes)
Linux/x86-64 - Information Stealer Shellcode (399 bytes)
Linux/x86-64 - Download File (http://192.168.30.129/pri.sh ) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444) Shellcode (75 bytes)
Windows x64 - Download File + Execute Shellcode (358 bytes)
Windows x64 - Download File (http://192.168.10.129/pl.exe ) + Execute (C:\Users\Public\p.exe) Shellcode (358 bytes)
Linux/x86-64 - Random Listener Shellcode (54 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes)
Linux/x86-64 - Setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86-64 - setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes)
Linux/x86 - File Reader Shellcode (54 Bytes)
Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 Bytes)
Matrimonial Script - SQL Injection
Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution
Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write
iTech B2B Script 4.42 - SQL Injection
iTech Business Networking Script 8.26 - SQL Injection
iTech Caregiver Script 2.71 - SQL Injection
iTech Classifieds Script 7.41 - SQL Injection
iTech Image Sharing Script 4.13 - SQL Injection
iTech Freelancer Script 5.27 - SQL Injection
iTech Travel Script 9.49 - SQL Injection
iTech Multi Vendor Script 6.63 - SQL Injection
2017-08-24 05:01:22 +00:00
Offensive Security
c7b4bfd8e6
DB: 2017-08-23
...
23 new exploits
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow
Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow
VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow
Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit)
IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit)
BSD - Passive Connection Shellcode (124 bytes)
BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)
BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes)
BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes)
BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes)
BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes)
BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes)
BSD/x86 - Bind Random Port Shellcode (143 bytes)
BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes)
BSD/x86 - execve /bin/sh Shellcode (27 bytes)
BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes)
BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)
BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes)
BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes)
BSD/x86 - cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes)
BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes)
BSD/x86 - execve /bin/cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes)
FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes)
BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes)
FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes)
FreeBSD/x86 - kill all processes Shellcode (12 bytes)
FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes)
FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes)
FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes)
FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes)
FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes)
FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes)
FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)
FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes)
Linux/x86 - Bind Shellcode (Generator)
Windows XP SP1 - Bind Shellcode (Generator)
(Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode
Linux/x86 - cmd Null-Free Shellcode (Generator)
(Generator) - Alphanumeric Shellcode (Encoder/Decoder)
Linux/x86 - Bind TCP Shellcode (Generator)
Windows XP SP1 - Bind TCP Shell Shellcode (Generator)
Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator)
Linux/x86 - Command Null-Free Shellcode (Generator)
Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Win32 - Multi-Format Encoding Tool Shellcode (Generator)
iOS - Version-independent Shellcode
Cisco IOS - Connectback 21/TCP Shellcode
Windows x86 - Multi-Format Encoding Tool Shellcode (Generator)
iOS Version-independent - Null-Free Shellcode
Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode
Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes)
Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes)
Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes)
Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes)
Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes)
Linux/x86 - killall5 polymorphic Shellcode (61 bytes)
Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes)
Linux/x86 - reboot() polymorphic Shellcode (57 bytes)
Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes)
Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes)
Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)
Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes)
Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)
Linux/x86 - Shellcode Obfuscator (Generator)
Linux/x86 - Shellcode Obfuscator Null-Free (Generator)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)
Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes)
Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)
Linux/x86 - /sbin/iptables -F Shellcode (40 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes)
Linux/x86 - executes command after setreuid Shellcode (49+ bytes)
Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + executes command (49+ bytes)
Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes)
Linux/x86 - Bind 2707/TCP Shellcode (84 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)
Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes)
Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)
Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)
Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes)
Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes)
Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind 64713/TCP Shellcode (86 bytes)
Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - TCP Proxy Shellcode (236 bytes)
Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes)
Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes)
Linux/x86 - snoop /dev/dsp Shellcode (172 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes)
Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - chroot + standart Shellcode (66 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - setreuid/execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Shellcode (64 bytes)
Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes)
Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)
Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes)
Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - iptables -F Shellcode (45 bytes)
Linux/x86 - iptables -F Shellcode (58 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - connect Shellcode (120 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind 5074/TCP Shellcode (92 bytes)
Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes)
Linux/x86 - Add User (t00r) Shellcode (82 bytes)
Linux/x86 - Add User Shellcode (104 bytes)
Linux/x86 - break chroot Shellcode (34 bytes)
Linux/x86 - break chroot Shellcode (46 bytes)
Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes)
Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)
Linux/x86 - Add Root User Shellcode (104 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - chroot()/execve() code Shellcode (80 bytes)
Linux/x86 - Add User (z) Shellcode (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes)
Linux/x86 - Add Root User (z) Shellcode (70 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)
OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)
Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)
OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes)
OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes)
OSX/PPC - sync()_ reboot() Shellcode (32 bytes)
OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes)
OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes)
OSX/PPC - sync() + reboot() Shellcode (32 bytes)
OSX/PPC - Add user _r00t_ Shellcode (219 bytes)
OSX/PPC - Add Root User (r00t) Shellcode (219 bytes)
Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes)
Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid/execve Shellcode (56 bytes)
Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes)
Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes)
Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve Shellcode (56 bytes)
Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes)
Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode
Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes)
Win32 - SEH Omelet Shellcode
Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes)
Win32 - PEB!NtGlobalFlags Shellcode (14 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)
Win32/XP SP2 - cmd.exe Shellcode (57 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Win32 - ConnectBack + Download A File + Save + Execute Shellcode
Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes)
Win32 - Download File + Execute Shellcode (192 bytes)
Win32 - Download File + Execute Shellcode (124 bytes)
Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box Shellcode (110 bytes)
Win32 - WinExec() Command Parameter Shellcode (104+ bytes)
Win32 - Download File + Execute Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - SEH Omelet Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode
Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes)
Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes)
Windows x86 - Download File + Execute Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)
Windows XP - Download File + Execute Shellcode
Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes)
Windows XP - Download File + Execute Null-Free Shellcode
Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)
Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes)
Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Win32 XP SP3 - ShellExecuteA Shellcode
Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode
FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes)
Win32/XP SP2 - calc.exe Shellcode (45 bytes)
Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode
FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes)
Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes)
Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)
Linux/x86 - break chroot Shellcode (79 bytes)
Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes)
Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)
Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - disabled modsecurity Shellcode (64 bytes)
Win32 - JITed Stage-0 Shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Linux/x86 - Disabled modsecurity Shellcode (64 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes)
Win32 - MessageBox Shellcode (Metasploit)
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode
Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes)
Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode
Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes)
Linux - write() + exit(0) Shellcode (Genearator With Customizable Text)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)
Linux - write() + exit(0) Shellcode (Generator)
Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)
Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes)
Windows XP SP2 (FR) - Download File + Execute Shellcode
Windows XP SP2 (French) - Download File + Execute Shellcode
Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes)
Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes)
Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes)
Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes)
Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes)
Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes)
Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes)
Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)
Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes)
Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind Shell 64533 Shellcode (97 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)
Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode
Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes)
Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode
Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Win32 - Write-to-file Shellcode (278 bytes)
Windows x86 - Write-to-file Null-Free Shellcode (278 bytes)
Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 English - MessageBoxA Shellcode (87 bytes)
BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes)
Win32 - Checksum Routine Shellcode (18 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)
Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes)
BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes)
Windows x86 - Checksum Routine Shellcode (18 bytes)
Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader Port 0x1337 Shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode
ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader (0x1337/TCP) Shellcode
ARM - ifconfig eth0 192.168.0.2 up Shellcode
ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes)
Win32 - Speaking 'You got pwned!' Shellcode
FreeBSD/x86 - connect back Shellcode (81 bytes)
BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes)
Win32 - eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)
Linux/x86 - ASLR deactivation Shellcode (83 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)
Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator)
BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes)
Windows x86 - eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)
Linux/x86 - Disable ASLR Security Shellcode (83 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)
Linux/x86 - Egghunter Shellcode (29 bytes)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes)
Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator)
Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes)
Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes)
Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes)
Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes)
Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes)
Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)
Windows x64 - Bind TCP Shell Shellcode (508 bytes)
Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes)
Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)
Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes)
Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes)
Windows RT ARM - Bind Shell 4444/TCP Shellcode
Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode
Windows - Messagebox Shellcode (113 bytes)
Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)
Windows - Messagebox Null-FreeShellcode (113 bytes)
Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)
Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)
Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes)
Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes)
Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes)
Linux/x86 - Disable ASLR Shellcode (84 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)
Linux/x86 - Disable ASLR Security Shellcode (84 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)
Win32/XP SP3 - Restart computer Shellcode (57 bytes)
Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes)
Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)
Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes)
Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)
Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)
Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes)
Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes)
Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes)
Linux/x86 - exec('/bin/dash') Shellcode (45 bytes)
Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)
Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)
Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes)
Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode
Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)
Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)
Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes)
OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes)
Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes)
Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator)
Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator)
OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes)
Linux/x86-64 - /bin/sh Shellcode (34 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)
OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)
Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes)
Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python)
Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes)
Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)
Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes)
Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes)
Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)
Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes)
Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes)
Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)
Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)
Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)
Win32 .Net Framework - Execute Native x86 Shellcode
Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator)
Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes)
Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)
Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes)
Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shellcode (64 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes)
Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes)
Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)
Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)
Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)
Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes)
Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes)
Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Windows x64 - WinExec() Shellcode (93 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)
Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes)
Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes)
Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Windows x86 - Executable Directory Search Shellcode (130 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)
Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Linux/x86 - Bind Shell Shellcode (44 bytes)
Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes)
Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes)
Linux/x86 - Disable ASLR Security Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)
Linux/x86-64 - /bin/sh Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes)
Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)
Linux x86 - /bin/sh Shellcode (24 bytes)
Linux x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86_64 - kill All Processes Shellcode (19 bytes)
Linux/x86_64 - Kill All Processes Shellcode (19 bytes)
Php Cloud mining Script - Authentication Bypass
(Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass
2017-08-23 05:01:29 +00:00
Offensive Security
3f58d5334c
DB: 2017-08-09
...
4 new exploits
WildMIDI 0.4.2 - Multiple Vulnerabilities
Comodo Backup 4.4.0.0 - Null Pointer Dereference EOP
Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation
Microsoft Windows - LNK Shortcut File Code Execution
Microsoft Windows - '.LNK' Shortcut File Code Execution
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Oracle E-Business Suite 12.x - Server-Side Request Forgery
Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit)
Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload
Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit)
Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload
Technicolor TC7337 - SSID Persistent Cross-Site Scripting
Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting
Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution
2017-08-09 05:01:29 +00:00
Offensive Security
baeaf13b13
DB: 2017-08-02
...
9 new exploits
libmad 0.15.1b - 'mp3' Memory Corruption
iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation
SKILLS.com.au Industry App - MITM Remote Code Execution
Virtual Postage (VPA) - MITM Remote Code Execution
Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit)
Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload
VehicleWorkshop - Authentication Bypass
VehicleWorkshop - Arbitrary File Upload
SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection
2017-08-02 05:01:31 +00:00
Offensive Security
c116e6f563
DB: 2017-08-01
...
7 new exploits
DivFix++ 0.34 - Denial of Service
Vorbis Tools oggenc 1.4.0 - '.wav' Denial of Service
Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities
libvorbis 1.3.5 - Multiple Vulnerabilities
libao 1.2.0 - Denial of Service
Jenkins < 1.650 - Java Deserialization
DiskBoss Enterprise 8.2.14 - Buffer Overflow
2017-08-01 05:01:29 +00:00
Offensive Security
fb7bed6364
DB: 2017-07-29
...
6 new exploits
GNU libiberty - Buffer Overflow
SoundTouch 1.9.2 - Multiple Vulnerabilities
LAME 3.99.5 - Multiple Vulnerabilities
libjpeg-turbo 1.5.1 - Denial of Service
Joomla! Component com_ccnewsletter - Directory Traversal
Joomla! Component CCNewsLetter - Directory Traversal
Joomla! Component com_ccnewsletter - Local File Inclusion
Joomla! Component CCNewsLetter - Local File Inclusion
Joomla! Component CCNewsLetter 2.1.9 - 'sbid' Parameter SQL Injection
FortiOS < 5.6.0 - Cross-Site Scripting
2017-07-29 05:01:21 +00:00
Offensive Security
635e0e935f
DB: 2017-07-15
...
4 new exploits
Counter Strike: Condition Zero - '.BSP' Map File Code Execution
Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution
Apache Struts 2.3.x Showcase - Remote Code Execution (PoC)
WDTV Live SMP 2.03.20 - Remote Password Reset
2017-07-15 05:01:21 +00:00
Offensive Security
d3536f6bef
DB: 2017-07-07
...
3 new exploits
LibTIFF - 'tif_dirwrite.c' Denial of Service
LibTIFF - 'tif_jbig.c' Denial of Service
LibTIFF - '_TIFFVGetField (tiffsplit)' Out-of-Bounds Read
2017-07-07 05:01:20 +00:00
Offensive Security
6ab9a26ee4
DB: 2017-06-27
...
10 new exploits
PHP Exif Extension - 'exif_read_data()' Function Remote Denial of Service
PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service
PHP phar extension 1.1.1 - Heap Overflow
PHP 'phar' Extension 1.1.1 - Heap Overflow
PHP 5.2.1 GD Extension - '.WBMP' File Integer Overflow Vulnerabilities
PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities
PHP 5.3.1 - 'session_save_path()' 'Safe_mode' Restriction-Bypass
PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot
PHP 5.3.2 xmlrpc Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.x - 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x - 'Zip' Extension 'stream_get_contents()' Function Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service
unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write
unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write
NTFS 3.1 - Master File Table Denial of Service
LAME 3.99.5 - 'II_step_one' Buffer Overflow
LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow
PHP COM extensions - (inconsistent Win32) Safe_mode Bypass Exploit
PHP 'COM' Extensions - (inconsistent Win32) 'safe_mode' Bypass Exploit
PHP 5.2.3 Tidy extension - Local Buffer Overflow
PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow
PHP 5.2.3 - Win32std ext. Safe_mode/disable_functions Protections Bypass
PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
PHP 5.x - (Win32service) Local Safe Mode Bypass Exploit
PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit
PHP FFI Extension 5.0.5 - Local Safe_mode Bypass
PHP Perl Extension - Safe_mode BypassExploit
PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit
PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit
PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass
PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit
PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass
PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
PHP 5.x - COM functions Safe_mode and disable_function Bypass
PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
PHP 5.2.6 - (error_log) Safe_mode Bypass
PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit
PHP - Safe_mode Bypass via proc_open() and custom Environment
PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment
PHP python extension safe_mode - Bypass Local
PHP 'python' Extension - 'safe_mode' Local Bypass Exploit
PHP 3 < 5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass
PHP 3 < 5 - Ini_Restore() 'Safe_mode' / 'open_basedir' Restriction Bypass
PHP 5.2 - Session.Save_Path() Safe_mode and open_basedir Restriction Bypass
PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass
PHP 5.2 - FOpen Safe_mode Restriction-Bypass
PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities
suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass
suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit
PHP 5.2.9 cURL - 'Safe_mode' and 'open_basedir' Restriction-Bypass
PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit
JAD Java Decompiler 1.5.8e - Buffer Overflow
Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass/RCI Exploit
Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit
Network Tool 0.2 PHP-Nuke Addon - MetaCharacter Filtering Command Execution
PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution
PHP 4.x/5.x - Html_Entity_Decode() Information Disclosure
PHP 4.x/5.x - 'Html_Entity_Decode()' Information Disclosure
PHP 4.x - copy() Function Safe Mode Bypass
PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit
PHP 5.2.5 - cURL 'safe mode' Security Bypass
PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit
PHP 5.x (5.3.x 5.3.2) - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution
Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution
Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)
Crypttech CryptoLog - Remote Code Execution (Metasploit)
Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)
Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit)
Linux/x86 - Bind Shell Shellcode (75 bytes)
JiRos Banner Experience 1.0 - (Create Authentication Bypass) Remote Exploit
JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit
XOOPS myAds Module - (lid) SQL Injection
XOOPS myAds Module - 'lid' SQL Injection
PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit
PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit
Kolang - proc_open PHP safe mode Bypass 4.3.10 - 5.3.0 Exploit
Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit
SmarterMail 7.x (7.2.3925) - Persistent Cross-Site Scripting
SmarterMail 7.x (7.2.3925) - LDAP Injection
SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting
SmarterMail < 7.2.3925 - LDAP Injection
MaticMarket 2.02 for PHP-Nuke - Local File Inclusion
PHP-Nuke MaticMarket 2.02 - Local File Inclusion
WordPress Plugin BuddyPress plugin 1.5.x < 1.5.5 - SQL Injection
WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection
Search Enhanced Module 1.1/2.0 for PHP-Nuke - HTML Injection
PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection
SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit
SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Exploit
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit
PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock)
PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock)
phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection
pragmaMx 1.12.1 - modules.php URI Cross-Site Scripting
pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting
Glossaire Module for XOOPS - '/modules/glossaire/glossaire-aff.php' SQL Injection
XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection
ATutor LMS - install_modules.php Cross-Site Request Forgery / Remote Code Execution
ATutor LMS - 'install_modules.php' Cross-Site Request Forgery / Remote Code Execution
vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
Eltek SmartPack - Backdoor Account
2017-06-27 05:01:26 +00:00
Offensive Security
b00ce2562c
DB: 2017-06-21
...
2 new exploits
Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service
Sudo - 'get_process_ttyname()' Privilege Escalation
Sudo 1.8.20 - 'get_process_ttyname()' Privilege Escalation
WonderCMS 2.1.0 - Cross-Site Request Forgery
2017-06-21 05:01:28 +00:00
Offensive Security
380d33dd22
DB: 2017-06-20
...
13 new exploits
GNU binutils - 'rx_decode_opcode' Buffer Overflow
GNU binutils - 'disassemble_bytes' Heap Overflow
GNU binutils - 'bfd_get_string' Stack Buffer Overflow
GNU binutils - 'decode_pseudodbg_assert_0' Buffer Overflow
GNU binutils - 'ieee_object_p' Stack Buffer Overflow
GNU binutils - 'print_insn_score16' Buffer Overflow
GNU binutils - 'aarch64_ext_ldst_reglist' Buffer Overflow
iBall Baton iB-WRA150N - Unauthenticated DNS Change
nuevoMailer 6.0 - SQL Injection
UTstarcom WA3002G4 - Unauthenticated DNS Change
D-Link DSL-2640U - Unauthenticated DNS Change
Beetel BCM96338 Router - Unauthenticated DNS Change
D-Link DSL-2640B - Unauthenticated Remote DNS Change
2017-06-20 05:01:28 +00:00
Offensive Security
117f75fdfc
DB: 2017-06-13
...
5 new exploits
GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference
DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow
Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow
Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution
Easy File Sharing Web Server 7.2 - Authentication Bypass
2017-06-13 05:01:23 +00:00
Offensive Security
fbe517f675
DB: 2017-06-10
...
6 new exploits
Mapscrn 2.03 - Local Buffer Overflow
libcroco 0.6.12 - Denial of Service
libquicktime 1.2.4 - Denial of Service
Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition
Apple macOS - Disk Arbitration Daemon Race Condition
Craft CMS 2.6 - Cross-Site Scripting
2017-06-10 05:01:19 +00:00
Offensive Security
bed1811f1d
DB: 2017-06-09
...
4 new exploits
Linux Kernel - 'ping' Local Denial of Service
VMware Workstation 12 Pro - Denial of Service
Net Monitor for Employees Pro < 5.3.4 - Unquoted Service Path Privilege Escalation
Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
2017-06-09 05:01:17 +00:00
Offensive Security
b002e06bf6
DB: 2017-06-08
...
9 new exploits
Linux Kernel - 'ping' Local Denial of Service
Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service
PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption
Artifex MuPDF - Null Pointer Dereference
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference
DC/OS Marathon UI - Docker Exploit (Metasploit)
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
Xavier 2.4 - SQL Injection
Robert 0.5 - Multiple Vulnerabilities
2017-06-08 05:01:17 +00:00
Offensive Security
cd6e21e600
DB: 2017-06-06
...
11 new exploits
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
DNSTracer 1.8.1 - Buffer Overflow
Parallels Desktop - Virtual Machine Escape
Subsonic 6.1.1 - XML External Entity Injection
BIND 9.10.5 - Unquoted Service Path Privilege Escalation
Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
Subsonic 6.1.1 - Cross-Site Request Forgery
Subsonic 6.1.1 - Server-Side Request Forgery
Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
2017-06-06 05:01:15 +00:00
Offensive Security
42e94b4366
DB: 2017-06-05
...
26 new exploits
Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine
Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files
Microsoft MsMpEng - Use-After-Free via Saved Callers
WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit - 'Element::setAttributeNodeNS' Use-After-Free
reiserfstune 3.6.25 - Local Buffer Overflow
TiEmu 2.08 - Local Buffer Overflow
Octopus Deploy - Authenticated Code Execution (Metasploit)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities
Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes)
uc-http Daemon - Local File Inclusion / Directory Traversal
Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
Piwigo Plugin Facetag 0.0.3 - SQL Injection
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - SQL Injection
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
2017-06-05 05:01:15 +00:00
Offensive Security
bc7f6091d4
DB: 2017-05-23
...
4 new exploits
Apple macOS - '32-bit syscall exit' Kernel Register Leak
Apple macOS - 'stackshot' Raw Frame Pointers
Linux Kernel 4.11 - eBPF Verifier Log Leaks Lower Half of map Pointer
VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Config Host Root Privilege Escalation
Joomla! 3.7.0 - 'com_fields' SQL Injection
Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC)
2017-05-23 05:01:15 +00:00
Offensive Security
5aee851cfb
DB: 2017-05-11
...
5 new exploits
PocketPC Mms Composer - (WAPPush) Denial of Service
PocketPC Mms Composer - 'WAPPush' Denial of Service
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs)
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoC)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoC)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service) (PoC)
Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion
Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035)
Microsoft Internet Explorer 8/9/10 - 'CInput' Use-After-Free Crash (PoC) (MS14-035)
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1)
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Privilege Escalation (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
HT Editor 2.0.20 - Buffer Overflow (ROP PoC)
HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC)
Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation
Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Privilege Escalation
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2)
Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1)
Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow (Metasploit)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit)
Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing
Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing
Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities
Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3)
Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)
Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion
visual tools dvr 3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities
Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities
Microsoft Internet Explorer 8 / 9 - Steal Any Cookie
Microsoft Internet Explorer 8/9 - Steal Any Cookie
PHPOpenChat 2.3.4/3.0.1 - ENGLISH_poc.php Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion
COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change
COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change
Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities
C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S_ DVR - Credentials Disclosure / Authentication Bypass
C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass
AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities
AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass
BanManager WebUI 1.5.8 - PHP Code Injection
Gongwalker API Manager 1.1 - Cross-Site Request Forgery
2017-05-11 05:01:18 +00:00
Offensive Security
6f37b94a66
DB: 2017-05-09
...
5 new exploits
RPCBind / libtirpc - Denial of Service
Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH)
Xen 64bit PV Guest - pagetable use-after-type-change Breakout
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
2017-05-09 04:46:38 +00:00
Offensive Security
9e9bf495c2
DB: 2017-04-26
...
26 new exploits
PHP 5.4.0RC6 (x64t) - Denial of Service
PHP 5.4.0RC6 (x64) - Denial of Service
Evostream Media Server 1.7.1 (x64) - Denial of Service
PrivateTunnel Client 2.8 - Local Buffer Overflow (SEH)
VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Dmitry 1.3a - Local Buffer Overflow
Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Apple Safari - Array concat Memory Corruption
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free
VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation
Dell Customer Connect 1.3.28.0 - Privilege Escalation
LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation
Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit
Nginx 1.4.0 (Generic Linux x64) - Remote Exploit
Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution
Microsoft Office Word - Malicious Hta Execution (Metasploit)
WePresent WiPG-1000 - Command Injection (Metasploit)
OSX/Intel - setuid shell x86_64 Shellcode (51 bytes)
OSX/Intel (x86-64) - setuid shell Shellcode (51 bytes)
OSX/Intel (x86_64) - reverse_tcp shell Shellcode (131 bytes)
OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes)
Linux x86 / x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 / x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 / x86_64 - Read /etc/passwd Shellcode (156 bytes)
Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)
Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86-64 - Egghunter Shellcode (38 bytes)
Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery
WordPress Plugin KittyCatfish 2.2 - SQL Injection
WordPress Plugin Car Rental System 2.5 - SQL Injection
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection
WordPress Plugin Wow Forms 2.1 - SQL Injection
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE
Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection
October CMS 1.0.412 - Multiple Vulnerabilities
2017-04-26 05:01:18 +00:00
Offensive Security
3c86b861c2
DB: 2017-04-19
...
4 new exploits
Microsoft Windows - Uncredentialed SMB RCE (MS17-010) (Metasploit)
Microsoft Windows - Unauthenticated SMB Remote Code Execution (MS17-010) (Metasploit)
pinfo 0.6.9 - Local Buffer Overflow
Tenable Appliance < 4.5 - Unauthenticated Remote Root Code Execution
Microsoft Word - .RTF Remote Code Execution
Huawei HG532n - Command Injection (Metasploit)
2017-04-19 05:01:17 +00:00
Offensive Security
8ce122cbaf
DB: 2017-04-04
...
3 new exploits
BackBox OS - Denial of Service
Apache Tomcat 6/7/8/9 - Information Disclosure
Zyxel_ EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection
2017-04-04 05:01:25 +00:00
Offensive Security
0320cba051
DB: 2017-04-02
...
6 new exploits
Microsoft Internet Explorer 11 - Crash PoC (1)
Microsoft Internet Explorer 11 - Crash (PoC) (1)
Microsoft Windows SQL Server - Denial of Service Remote Exploit (MS03-031)
Microsoft Windows SQL Server - Remote Denial of Service (MS03-031)
Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow PoC (MS03-046)
Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (PoC) (MS03-046)
Microsoft Windows - MSDTC Service Remote Memory Modification PoC (MS05-051)
Microsoft Windows - MSDTC Service Remote Memory Modification (PoC) (MS05-051)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (1)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1)
Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (1)
Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (1)
Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (3)
Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (3)
Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (2)
Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (2)
Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC (Metasploit)
Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)
Microsoft Windows - DNS Resolution Remote Denial of Service PoC (MS06-041)
Microsoft Windows - DNS Resolution Remote Denial of Service (PoC) (MS06-041)
Microsoft Excel - Malformed Palette Record Denial of Service PoC (MS07-002)
Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002)
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow PoCs
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs)
Visual Basic - 'vbe6.dll' Local Stack Overflow PoC / Denial of Service
Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service
freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC)
Microsoft Internet Explorer GDI+ - PoC (MS08-052)
Microsoft Internet Explorer GDI+ - (PoC) (MS08-052)
Microsoft Windows - GDI+ PoC (MS08-052) (2)
Microsoft Windows - GDI+ (PoC) (MS08-052) (2)
Microsoft Windows - InternalOpenColorProfile Heap Overflow PoC (MS08-046)
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption PoC/Denial of Service
Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service
Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray)
Apple Safari - 'ARGUMENTS' Array Integer Overflow (PoC) (New Heap Spray)
Adobe Acrobat Reader - JBIG2 Local Buffer Overflow PoC (2)
Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC) (2)
eZip Wizard 3.0 - Local Stack Buffer Overflow PoC (SEH)
eZip Wizard 3.0 - Local Stack Buffer Overflow (PoC) (SEH)
Chasys Media Player 1.1 - '.pls' Local Buffer Overflow PoC (SEH)
Chasys Media Player 1.1 - '.pls' Local Buffer Overflow (PoC) (SEH)
Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (1)
Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (1)
Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (2)
Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (2)
Microsoft Internet Explorer - EMBED Memory Corruption PoC (MS09-014)
Microsoft Internet Explorer - EMBED Memory Corruption (PoC) (MS09-014)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow PoCs
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs)
AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow PoC (SEH)
AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow (PoC) (SEH)
MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC
MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs)
JetAudio 7.5.3 COWON Media Center - '.wav' Crash
Streaming Audio Player 0.9 - (skin) Local Stack Overflow PoC (SEH)
Soritong MP3 Player 1.0 - (SKIN) Local Stack Overflow PoC (SEH)
Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (PoC) (SEH)
Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH)
Tuniac 090517c - '.m3u' Local File Crash (PoC)
HTML Email Creator & Sender 2.3 - Local Buffer Overflow PoC (SEH)
HTML Email Creator & Sender 2.3 - Local Buffer Overflow (PoC) (SEH)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (1)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (2)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (1)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (2)
BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow PoC (2)
BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow (PoC) (2)
Eureka Email Client 2.2q - PoC Buffer Overflow
Eureka Email Client 2.2q - Buffer Overflow (PoC)
Microsoft Windows 7 / Server 2008 R2 - Remote Kernel Crash
Microsoft Windows 7 / 2008 R2 - Remote Kernel Crash
Picpuz 2.1.1 - Buffer Overflow Denial of Service/PoC
Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC)
Total MultiMedia Features - Denial of Service PoC for Sony Ericsson Phones
Total MultiMedia Features - Sony Ericsson Phones Denial of Service (PoC)
Mozilla Firefox 3.6 - (XML parser) Memory Corruption PoC/Denial of Service
Mozilla Firefox 3.6 - (XML parser) Memory Corruption (PoC) / Denial of Service
iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service/PoC
iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service (PoC)
RCA DCM425 Cable Modem - micro_httpd Denial of Service/PoC
RCA DCM425 Cable Modem - 'micro_httpd' Denial of Service (PoC)
Free MP3 CD Ripper 2.6 - '.wav' PoC
Free MP3 CD Ripper 2.6 - '.wav' (PoC)
Anyzip 1.1 - '.zip' PoC (SEH)
Anyzip 1.1 - '.zip' (PoC) (SEH)
Microsoft Windows - SMB Client-Side Bug PoC (MS10-006)
Microsoft Windows - SMB Client-Side Bug (PoC) (MS10-006)
Webby WebServer - PoC SEH control
Webby WebServer - SEH Control (PoC)
FreeBSD 8.0 ftpd - off-by one PoC (FreeBSD-SA-10:05)
FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off- By One (PoC)
Microsoft Windows Vista/Server 2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
AoAAudioExtractor 2.0.0.0 - ActiveX PoC (SEH)
AoAAudioExtractor 2.0.0.0 - ActiveX (PoC) (SEH)
Mozilla Firefox - Memory Corruption PoC (Simplified)
Mozilla Firefox - (Simplified) Memory Corruption (PoC)
Microsoft Windows - Win32k Pointer Dereferencement PoC (MS10-098)
Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098)
Elecard MPEG Player 5.7 - Local Buffer Overflow PoC (SEH)
Elecard MPEG Player 5.7 - Local Buffer Overflow (PoC) (SEH)
Microsoft Windows XP - WmiTraceMessageVa Integer Truncation PoC (MS11-011)
Microsoft Windows XP - WmiTraceMessageVa Integer Truncation (PoC) (MS11-011)
Real player 14.0.2.633 - Buffer Overflow / Denial of ServiceExploit
Real player 14.0.2.633 - Buffer Overflow / Denial of Service
IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - '.ICO' With Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - '.ICO' Without Transparent Colour Denial of Service / Remote Denial of Service
Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel Denial of Service
Microsoft Windows Vista/2008 - 'nsiproxy.sys' Local Kernel Denial of Service
D-Link DSL-2650U - Denial of Service/PoC
D-Link DSL-2650U - Denial of Service (PoC)
Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun PoC (MS11-077)
Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun (PoC) (MS11-077)
Opera 11.52 - PoC Denial of Service
Opera 11.52 - Denial of Service (PoC)
Microsoft Win32k - Null Pointer De-reference PoC (MS11-077)
Microsoft Win32k - Null Pointer De-reference (PoC) (MS11-077)
Microsoft Windows - 'afd.sys' PoC (MS11-046)
Microsoft Windows - 'afd.sys' (PoC) (MS11-046)
Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (MS12-034)
Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE (PoC) (MS12-034)
Wyse - Machine Remote Power off (DOS) without any Privilege (Metasploit)
Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit)
Microsoft Windows Server 2000/NT 4.0 - TCP/IP Printing Service Denial of Service
Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service
Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (PoC)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5)
Microsoft Windows Server 2000/NT - Terminal Server Service RDP Denial of Service
Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service
Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (1)
Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (2)
Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1)
Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2)
Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft PoCket Internet Explorer 3.0 - Denial of Service
Microsoft Pocket Internet Explorer 3.0 - Denial of Service
Microsoft Windows - HWND_BROADCAST PoC (MS13-005)
Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005)
Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash PoC
Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash (PoC)
Apple Safari 3 for Windows - Document.Location Denial of Service
Apple Safari 3 for Windows - 'Document.Location' Denial of Service
PotPlayer 1.5.42509 Beta - Denial of Service (Integer Division by Zero Exploit)
PotPlayer 1.5.42509 Beta - Integer Division by Zero Denial of Service
Apple Safari 3.0.x - for Windows Document.Location.Hash Buffer Overflow
Apple Safari 3.0.x for Windows - 'Document.Location.Hash' Buffer Overflow
Android Web Browser - GIF File Heap Based Buffer Overflow
Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow
Android Web Browser - BMP File Integer Overflow
Google Android Web Browser - '.BMP' File Integer Overflow
Gold MP4 Player 3.3 - Buffer Overflow PoC (SEH)
Gold MP4 Player 3.3 - Buffer Overflow (PoC) (SEH)
Microsoft Windows Server 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service
Microsoft Windows Vista/2003 - 'UnhookWindowsHookEx' Local Denial of Service
Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035)
Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035)
Microsoft Internet Explorer - Memory Corruption PoC (MS14-029)
Microsoft Internet Explorer - Memory Corruption (PoC) (MS14-029)
UniPDF 1.1 - Crash (PoC) (SEH)
Brasero CD/DVD Burner 3.4.1 - '.m3u' Buffer Overflow Crash (PoC)
Microsoft Windows - 'HTTP.sys' PoC (MS15-034)
Microsoft Windows - 'HTTP.sys' (PoC) (MS15-034)
UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC)
Microsoft Internet Explorer 11 - Crash PoC (2)
Microsoft Internet Explorer 11 - Crash (PoC) (2)
Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow
Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow
QNX RTOS 6.3.0 - Insecure rc.local Permissions Plus System Crash
QNX RTOS 6.3.0 - Insecure 'rc.local' Permissions System Crash / Privilege Escalation
Microsoft Windows - NtClose DeadLock PoC (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030)
Microsoft Windows - NtClose DeadLock (PoC) (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation (PoC) (MS06-030)
PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - zip:// URL Wrapper Buffer Overflow
PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - 'zip://' URL Wrapper Buffer Overflow
Apache Tomcat (Windows) - runtime.getRuntime().exec() Privilege Escalation
Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Privilege Escalation
Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow PoC (SEH)
Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow (PoC) (SEH)
Streaming Audio Player 0.9 - (skin) Local Stack Overflow (SEH)
Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (SEH)
Tuniac 090517c - '.m3u' Local File Crash (PoC)
Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (1)
Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit)
Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (1)
Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit)
Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3)
Microsoft HTML Help Workshop 4.74 - '.hhp' Index Buffer Overflow (Metasploit) (3)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (2)
Microsoft HTML Help Workshop 4.74 - '.hhp' Cotent Buffer Overflow (Metasploit) (2)
Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (2)
Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (2)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4)
Microsoft HTML Help Workshop 4.74 - '.hhp' compiled Buffer Overflow (Metasploit) (4)
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (without egg-hunter) (Metasploit)
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without Egg-Hunter) (Metasploit)
PHP 5.3.6 - Buffer Overflow PoC (ROP)
PHP 5.3.6 - Buffer Overflow (ROP) (PoC)
Microsoft Windows Server 2000/NT 4 - DLL Search Path
Microsoft Windows NT 4/2000 - DLL Search Path
Microsoft Windows Server 2000/NT 4 - NTFS File Hiding
Microsoft Windows NT 4/2000 - NTFS File Hiding
Microsoft Windows Server 2000/NT 4.0 - Process Handle Local Privilege Elevation
Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (1)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (2)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (3)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (4)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (5)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (6)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (7)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (8)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8)
Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (1)
Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (2)
Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1)
Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2)
Microsoft Windows Server 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows Server 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation
PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_parameters' Argument Arbitrary File Creation
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Microsoft Windows Server 2003/2008/XP/Vista - WMI Service Isolation Privilege Escalation
Microsoft Windows XP/Vista/2003/2008 - WMI Service Isolation Privilege Escalation
Adobe Reader for Android - addJavascriptInterface Exploit (Metasploit)
Adobe Reader for Android - 'addJavascriptInterface' Exploit (Metasploit)
UniPDF 1.1 - Crash PoC (SEH overwritten)
Brasero CD/DVD Burner 3.4.1 - 'm3u' Buffer Overflow Crash (PoC)
UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC)
Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass PoC (MS15-052)
Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052)
Android - get_user/put_user Exploit (Metasploit)
Google Android - get_user/put_user Exploit (Metasploit)
Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell)
Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell)
Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#)
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#)
Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (2)
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)
MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit)
ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (1)
Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit)
Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (1)
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit)
Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit)
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2)
Ultr@VNC 1.0.1 - client Log::ReallyPrint Buffer Overflow
Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow
Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow (Metasploit)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (1)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (1)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit)
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2)
Microsoft Internet Explorer 7 - Arbitrary File Rewrite PoC (MS07-027)
Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (1)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit)
ImageStation - 'SonyISUpload.cab 1.0.0.38' ActiveX Buffer Overflow
ImageStation - 'SonyISUpload.cab' 1.0.0.38 ActiveX Buffer Overflow
IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow
Microsoft XML Core Services DTD - Cross-Domain Scripting PoC (MS08-069)
Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069)
Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption PoC (MS09-002)
Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002)
Apple Mac OSX - Java applet Remote Deserialization Remote PoC (2)
Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2)
Microsoft Windows live messenger plus! fileserver 1.0 - Directory Traversal
Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal
JetAudio 7.5.3 COWON Media Center - '.wav' Crash
DistCC Daemon - Command Execution (Metasploit) (1)
DistCC Daemon - Command Execution (Metasploit)
Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit)
mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit)
Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit)
mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit)
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (1)
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit)
Veritas NetBackup - Remote Command Execution (Metasploit) (1)
Veritas NetBackup - Remote Command Execution (Metasploit)
Pegasus Mail Client 4.51 - PoC Buffer Overflow
Pegasus Mail Client 4.51 - Buffer Overflow (PoC)
Irix LPD tagprinter - Command Execution (Metasploit) (1)
Irix LPD tagprinter - Command Execution (Metasploit)
Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (1)
Xtacacsd 4.1.2 - 'report()' Buffer Overflow (Metasploit)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (1)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)
Tandberg E & EX & C Series Endpoints - Default Credentials for Root Account
Tandberg E & EX & C Series Endpoints - Default Root Account Credentials
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (2)
Veritas NetBackup - Remote Command Execution (Metasploit) (2)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (2)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (2)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (1)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (2)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (1)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (2)
httpdx - tolog() Function Format String (Metasploit) (1)
httpdx - 'tolog()' Function Format String (Metasploit) (1)
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1)
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit)
httpdx - tolog() Function Format String (Metasploit) (2)
httpdx - 'tolog()' Function Format String (Metasploit) (2)
Irix LPD tagprinter - Command Execution (Metasploit) (2)
Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (2)
DistCC Daemon - Command Execution (Metasploit) (2)
HP Data Protector Client 6.11 - EXEC_SETUP Remote Code Execution PoC (ZDI-11-056)
HP Data Protector Client 6.11 - EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC)
HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC)
Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (1)
Mozilla Firefox 3.6.16 (Windows) - mChannel Use-After-Free (Metasploit) (1)
Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit)
Opera 10/11 - Bad Nesting with Frameset Tag Memory Corruption (Metasploit)
Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (2)
Mozilla Firefox 3.6.16 (OSX) - mChannel Use-After-Free (Metasploit) (2)
HP SiteScope - Remote Code Execution (Metasploit) (1)
HP SiteScope (Linux/Windows) - Remote Code Execution (Metasploit)
Microsoft Windows Server 2000/NT 4/XP - Help Facility ActiveX Control Buffer Overflow
Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow
Microsoft Windows Server 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow
Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow
thttpd 2.2x - defang Remote Buffer Overflow
thttpd 2.2x - 'defang' Remote Buffer Overflow
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (2)
Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit)
Dovecot with Exim - sender_address Parameter Remote Command Execution
Dovecot with Exim - 'sender_address' Parameter Remote Command Execution
HP SiteScope - Remote Code Execution (Metasploit) (2)
HP SiteScope (Windows) - Remote Code Execution (Metasploit)
Western Digital Arkeia - Remote Code Execution (Metasploit) (1)
Western Digital Arkeia < 10.0.10 - Remote Code Execution (Metasploit)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (2)
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (1)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
Western Digital Arkeia - Remote Code Execution (Metasploit) (2)
Western Digital Arkeia < 11.0.12 - Remote Code Execution (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1)
E-Uploader Pro 1.0 - Image Upload with Code Execution
E-Uploader Pro 1.0 - Image Upload / Code Execution
ASPapp Knowledge Base - 'CatId' Parameter SQL Injection
ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (1)
ASPapp KnowledgeBase - 'catid' Parameter SQL Injection
ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (2)
ea-gBook 0.1 - Remote Command Execution with Remote File Inclusion (c99)
ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion (c99)
Flatchat 3.0 - 'pmscript.php with' Local File Inclusion
Flatchat 3.0 - 'pmscript.php' Local File Inclusion
Joomla! Component huruhelpdesk - SQL Injection
Joomla! Component Huru Helpdesk - SQL Injection (1)
PGAUTOPro - SQL Injection / Cross-Site Scripting
PGAUTOPro - SQL Injection / Cross-Site Scripting (1)
Joomla! Component Huru Helpdesk - SQL Injection
Joomla! Component Huru Helpdesk - SQL Injection (2)
SoftwareDEP Classified Script 2.5 - SQL Injection
SoftwareDEP Classified Script 2.5 - SQL Injection (1)
WordPress Plugin pay with tweet 1.1 - Multiple Vulnerabilities
WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities
Software DEP Classified Script 2.5 - SQL Injection
SoftwareDEP Classified Script 2.5 - SQL Injection (2)
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (1)
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (2)
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1)
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2)
OnlineArts DailyDose 1.1 - Denial of Servicee.pl Remote Command Execution
OnlineArts DailyDose 1.1 - 'dose.pl' Remote Command Execution
PHPOpenChat 2.3.4/3.0.1 - PoC_loginform.php phpbb_root_path Parameter Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - PoC.php Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php' phpbb_root_path Parameter Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion
ActiveNews Manager - 'articleId' Parameter SQL Injection
ActiveNews Manager - 'articleId' Parameter SQL Injection (1)
Active News Manager - 'articleId' Parameter SQL Injection
ActiveNews Manager - 'articleId' Parameter SQL Injection (2)
Sagem Fast 3304-V2 - Authentication Bypass
Sagem Fast 3304-V2 - Authentication Bypass (1)
PG Auto Pro - SQL Injection / Cross-Site Scripting
PGAUTOPro - SQL Injection / Cross-Site Scripting (2)
Sagem FAST3304-V2 - Authentication Bypass
Sagem FAST3304-V2 - Authentication Bypass (2)
Trend Micro - Multiple HTTP Problems with CoreServiceShell.exe
Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues
phpATM 1.32 - Arbitrary File Upload / Remote Command Execution (Windows Servers)
phpATM 1.32 (Windows) - Arbitrary File Upload / Remote Command Execution
Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)
2017-04-02 05:01:18 +00:00
Offensive Security
6d17bc529d
DB: 2017-03-31
...
4 new exploits
dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow (PoC)
dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow (PoC)
Spider Solitaire - Denial of Service (PoC)
Spider Solitaire - Denial of Service (PoC)
Baby FTP Server 1.24 - Denial of Service
Baby FTP Server 1.24 - Denial of Service (1)
Baby FTP server 1.24 - Denial of Service
Baby FTP server 1.24 - Denial of Service (2)
Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation
Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation
Evostream Media Server 1.7.1 (x64) - Denial of Service
Evostream Media Server 1.7.1 (x64) - Denial of Service
Cerberus FTP Server 8.0.10.1 - Denial of Service
Cerberus FTP Server 8.0.10.1 - Denial of Service
Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
Solaris 10 sysinfo() - Local Kernel Memory Disclosure
Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1)
Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure
Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC)
Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC)
Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation
Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (1)
Forticlient 5.2.3 Windows 10 x64 (Pre Anniversary) - Privilege Escalation
Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Privilege Escalation
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation
Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation
Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation
Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (2)
Yahoo! Music Jukebox 2.2 - AddImage() ActiveX Remote Buffer Overflow (1)
Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (1)
dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow
dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow
Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (1)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2)
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1)
Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2)
Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2)
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2)
D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (2)
D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit)
D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (1)
D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit)
Azure Data Expert Ultimate 2.2.16 - Buffer Overflow
Azure Data Expert Ultimate 2.2.16 - Buffer Overflow
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1)
Article Script 1.6.3 - 'rss.php' SQL Injection (1)
Article Script 1.6.3 - 'rss.php' SQL Injection
DBHcms 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - 'code' Remote File Inclusion
LaserNet CMS 1.5 - SQL Injection (2)
LaserNet CMS 1.5 - SQL Injection
Clever Copy 3.0 - 'postview.php' SQL Injection (1)
Clever Copy 3.0 - 'postview.php' SQL Injection
phpAuction - 'profile.php' SQL Injection
phpAuction - 'profile.php' SQL Injection (1)
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (1)
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (2)
Matterdaddy Market 1.1 - Multiple SQL Injections (1)
Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections
PHPWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection (1)
PHPWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection (2)
Zeeways Shaadi Clone 2.0 - Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass (1)
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1)
DBHcms 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - 'dbhcms_core_dir' Remote File Inclusion
E-book Store - Multiple Vulnerabilities (1)
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)
E-book Store - Multiple Vulnerabilities (2)
E-book Store - Multiple Vulnerabilities
Classifieds Script - SQL Injection
Classifieds Script - 'rate' SQL Injection
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (2)
DBHcms 1.1.4 - SQL Injection
DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection
LaserNet CMS 1.5 - SQL Injection (1)
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (2)
Article Script 1.6.3 - 'rss.php' SQL Injection (2)
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (1)
Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (1)
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (2)
Fonality trixbox 2.4.2 - Cross-Site Scripting
Fonality trixbox 2.4.2 - Cross-Site Scripting (1)
Fonality trixbox 2.4.2 - Cross-Site Scripting (2)
Clever Copy 3.0 - 'postview.php' SQL Injection (2)
phpAuction - 'profile.php' SQL Injection
phpAuction - 'profile.php' SQL Injection (2)
Zeeways Shaadi Clone 2.0 - Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass (2)
DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2)
Matterdaddy Market 1.1 - Multiple SQL Injections (2)
Matterdaddy Market 1.1 - 'cat_name' Multiple SQL Injections
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)
Huawei Flybox B660 - Cross-Site Request Forgery
Huawei Flybox B660 - Cross-Site Request Forgery (1)
Huawei Flybox B660 - Cross-Site Request Forgery
Huawei Flybox B660 - Cross-Site Request Forgery (2)
Classifieds Script - SQL Injection
Classifieds Script - 'term' SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)
2017-03-31 05:01:16 +00:00
Offensive Security
8e03027ae5
DB: 2017-03-30
...
18 new exploits
FUSE fusermount Tool - Race Condition
Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure
Apache 2.2 - Scoreboard Invalid Free On Shutdown
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
FUSE fusermount Tool - Race Condition
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation
AUFS (Ubuntu 15.10) - 'allow_userns' Fuse/Xattr User Namespaces Privilege Escalation
Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation
Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation
NTP - Privilege Escalation
Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation
Disk Sorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow
DiskBoss Enterprise 7.8.16 - 'Import Command' Buffer Overflow
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow
Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH)
Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Just Dial Clone Script - 'fid' SQL Injection
Just Dial Clone Script - 'fid' Parameter SQL Injection
Just Dial Clone Script - 'srch' SQL Injection
Just Dial Clone Script - 'srch' Parameter SQL Injection
Opensource Classified Ads Script - 'keyword' Parameter SQL Injection
EyesOfNetwork (EON) 5.1 - SQL Injection
2017-03-30 05:01:15 +00:00
Offensive Security
570f8aec26
DB: 2017-03-25
...
6 new exploits
wifirxpower - Local Buffer Overflow
Miele Professional PG 8528 - Directory Traversal
NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow (Metasploit)
Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit)
Gr8 Tutorial Script - SQL Injection
Gr8 Gallery Script - SQL Injection
2017-03-25 05:01:17 +00:00
Offensive Security
3f1035a488
DB: 2017-02-27
...
2 new exploits
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation
2017-02-27 05:01:20 +00:00
Offensive Security
2f4b2745b1
DB: 2017-02-15
...
11 new exploits
Linux Kernel 3.10.0 (CentOS7) - Denial of Service
LG G4 - lgdrmserver Binder Service Multiple Race Conditions
LG G4 - lghashstorageserver Directory Traversal
LG G4 - Touchscreen Driver write_log Kernel Read/Write
Google Android - Inter-process munmap in android.util.MemoryIntArray
Google Android - android.util.MemoryIntArray Ashmem Race Conditions
Microsoft Edge - TypedArray.sort Use-After-Free (MS16-145)
ShadeYouVPN Client 2.0.1.11 - Privilege Escalation
ntfs-3g - Unsanitized modprobe Environment Privilege Escalation
MLdonkey 2.9.7 - HTTP DOUBLE SLASH Arbitrary File Disclosure
MLdonkey 2.9.7 - Arbitrary File Disclosure
Mldonkey 2.5 -4 - Web Interface Error Message Cross-Site Scripting
MLdonkey 2.5-4 - Cross-Site Scripting
Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit)
Joomla! Component NeoRecruit 1.4 - 'id' SQL Injection
Joomla! Component NeoRecruit 1.4 - 'id' Parameter SQL Injection
taifajobs 1.0 - (jobid) SQL Injection
taifajobs 1.0 - 'jobid' Parameter SQL Injection
Pyrophobia 2.1.3.1 - modules/out.php id Parameter Cross-Site Scripting
Pyrophobia 2.1.3.1 - admin/index.php Multiple Parameter Traversal Arbitrary File Access
Pyrophobia 2.1.3.1 - Cross-Site Scripting
Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access
Itech B2B Script 4.29 - Multiple Vulnerabilities
2017-02-15 05:01:16 +00:00
Offensive Security
d1a0e8f9fd
DB: 2017-02-09
...
3 new exploits
Zookeeper 3.5.2 - Denial of Service
Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes)
YapBB 1.2 - (forumID) Blind SQL Injection
YapBB 1.2 - 'forumID' Parameter Blind SQL Injection
ClearBudget 0.6.1 - (Misspelled htaccess) Insecure DD
ClearBudget 0.6.1 - Insecure Database Download
phpYabs 0.1.2 - (Azione) Remote File Inclusion
phpYabs 0.1.2 - 'Azione' Parameter Remote File Inclusion
IF-CMS 2.0 - 'frame.php id' Blind SQL Injection
IF-CMS 2.0 - 'id' Parameter Blind SQL Injection
BusinessSpace 1.2 - 'id' SQL Injection
A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection
BusinessSpace 1.2 - 'id' Parameter SQL Injection
A Better Member-Based ASP Photo Gallery - 'entry' Parameter SQL Injection
FlexCMS - (catId) SQL Injection
FlexCMS 2.5 - 'catId' Parameter SQL Injection
Thyme 1.3 - (export_to) Local File Inclusion
Papoo CMS 3.x - (pfadhier) Local File Inclusion
q-news 2.0 - Remote Command Execution
Potato News 1.0.0 - (user) Local File Inclusion
Thyme 1.3 - 'export_to' Parameter Local File Inclusion
Papoo CMS 3.x - 'pfadhier' Parameter Local File Inclusion
Q-News 2.0 - Remote Command Execution
Potato News 1.0.0 - Local File Inclusion
Mynews 0_10 - Authentication Bypass
Mynews 0.10 - Authentication Bypass
Muviko Video CMS - SQL Injection
Multi Outlets POS 3.1 - 'id' Parameter SQL Injection
2017-02-09 05:01:17 +00:00
Offensive Security
2ff74c7c1b
DB: 2017-02-08
...
9 new exploits
Zookeeper 3.5.2 - Denial of Service
OpenBSD HTTPd < 6.0 - Memory Exhaustion Denial of Service
ThisIsWhyImBroke Clone Script 4.0.0 - 'id' Parameter SQL Injection
Fully Featured News CMS 1.0 - 'id' Parameter SQL Injection
MySQL File Uploader 1.0 - 'id' Parameter SQL Injection
Easy Support Tools 1.0 - 'stt' Parameter SQL Injection
Easy Web Search 3 - 'id' Parameter SQL Injection
FTP Made Easy PRO 1.2 - Arbitrary File Download
Easy File Uploader 1.2 - Arbitrary File Download
Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure
2017-02-08 05:01:17 +00:00
Offensive Security
1a4e6f50a9
DB: 2017-02-01
...
65 new exploits
Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow
Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service
PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow
PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC)
Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service
Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service
Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service
ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x32/x64) - LZH archive parsing (PoC)
ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x86/x64) - LZH archive parsing (PoC)
Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service
VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
Samba < 3.6.2 (x86) - Denial of Serviec (PoC)
Adobe Flash - Bad Dereference at 0x23c on Linux x64
Adobe Flash (Linux x64) - Bad Dereference at 0x23c
Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Core FTP Server 32-bit Build 587 - Heap Overflow
Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC)
Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC)
RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation
RedHat 6.2 /usr/bin/rcp - 'SUID' Privilege Escalation
Setuid perl - PerlIO_Debug() Root Owned File Creation Privilege Escalation
Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation
Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid)
Qpopper 4.0.8 (Linux) - (poppassd) Privilege Escalation
Wireless Tools 26 (IWConfig) - Privilege Escalation
Qpopper 4.0.8 (Linux) - 'poppassd' Privilege Escalation
Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure
Rocks Clusters 4.1 - (umount-loop) Privilege Escalation
Rocks Clusters 4.1 - (mount-loop) Privilege Escalation
Rocks Clusters 4.1 - 'umount-loop' Privilege Escalation
Rocks Clusters 4.1 - 'mount-loop' Privilege Escalation
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation
Postfix 2.6-20080814 - (symlink) Privilege Escalation
Postfix 2.6-20080814 - 'symlink' Privilege Escalation
Oracle Database Vault - ptrace(2) Privilege Escalation
Oracle Database Vault - 'ptrace(2)' Privilege Escalation
Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off-by-One Local Exploit
Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Local Exploit
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1)
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation
GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load (Privilege Escalation)
GNU C Library 2.x (libc6) - (Dynamic Linker LD_AUDIT Arbitrary DSO Load) Privilege Escalation
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Privilege Escalation (1)
Free Download Manager - Torrent Parsing Buffer Overflow (Metasploit)
Free Download Manager 3.0 Build 844 - Torrent Parsing Buffer Overflow (Metasploit)
VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit)
PolicyKit polkit-1 < 0.101 - Linux Privilege Escalation
PolicyKit polkit-1 < 0.101 - Privilege Escalation
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail) (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail 8.10.1) (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
QNX RTOS 4.25/6.1 - phgrafxPrivilege Escalation
QNX RTOS 4.25/6.1 - phgrafx-startup Privilege Escalation
QNX RTOS 4.25/6.1 - 'phgrafx' Privilege Escalation
QNX RTOS 4.25/6.1 - 'phgrafx-startup' Privilege Escalation
Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure
Microsoft Windows 10 10586 (x32/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)
Microsoft Windows 10 10586 (x86/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)
MySQL 3.23.x - mysqld Privilege Escalation
MySQL 3.23.x - 'mysqld' Privilege Escalation
Platform Load Sharing Facility 4/5/6 - EAuth Privilege Escalation
MTools 3.9.x - MFormat Privilege Escalation
Platform Load Sharing Facility 4/5/6 - 'EAuth' Privilege Escalation
MTools 3.9.x - 'MFormat' Privilege Escalation
Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)
sudo 1.8.0 < 1.8.3p1 (sudo_debug) - Privilege Escalation + glibc FORTIFY_SOURCE Bypass
sudo 1.8.0 < 1.8.3p1 (sudo_debug) - glibc FORTIFY_SOURCE Bypass + Privilege Escalation
Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2)
ZABBIX 1.1.4/1.4.2 - daemon_start Privilege Escalation
ZABBIX 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3)
LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure
Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation
Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit)
Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation
Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3)
TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure
Linux Kernel 3.13 - Privilege Escalation PoC (SGID)
Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC)
OSSEC 2.8 - hosts.deny Privilege Escalation
OSSEC 2.8 - 'hosts.deny' Privilege Escalation
Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition
Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Privilege Escalation
Linux espfix64 - Privilege Escalation (Nested NMIs Interrupting)
Linux (x86) - Memory Sinkhole Privilege Escalation (PoC)
Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation
Linux (x86) - Memory Sinkhole Privilege Escalation (PoC)
RHEL 7.0/7.1 - abrt/sosreport Privilege Escalation
RHEL 7.0/7.1 - 'abrt/sosreport' Privilege Escalation
MySQL 5.5.45 (x64) - Local Credentials Disclosure
Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Privilege Escalation
Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' bpf(BPF_PROG_LOAD) Privilege Escalation
ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation
Microsoft Windows 7 (x32/x64) - Group Policy Privilege Escalation (MS16-072)
Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072)
Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak
Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098)
Viscosity 1.6.7 - Privilege Escalation
BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution
BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution
Solaris /bin/login (SPARC/x86) - Remote Code Execution
gpsdrive 2.09 (x86) - (friendsd2) Remote Format String
PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit)
dproxy-nexgen (Linux/x86) - Buffer Overflow
dproxy-nexgen (Linux x86) - Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)
32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)
32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)
32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)
Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)
AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit)
32bit FTP Client - Stack Buffer Overflow (Metasploit)
Free Download Manager - Remote Control Server Buffer Overflow (Metasploit)
Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)
Apache (Windows x86) - Chunked Encoding (Metasploit)
PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit)
CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit)
Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)
Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)
Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
Webmin 0.x - RPC Function Privilege Escalation
Webmin 0.x - 'RPC' Function Privilege Escalation
Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit
Nginx 1.4.0 (x64) - (Generic Linux) Remote Exploit
Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit
technote 7.2 - Remote File Inclusion
Technote 7.2 - Remote File Inclusion
JAWS 0.2/0.3 - 'index.php' gadget Parameter Traversal Arbitrary File Access
JAWS 0.2/0.3 - Cookie Manipulation Authentication Bypass
JAWS 0.2/0.3 - 'index.php' action Parameter Cross-Site Scripting
Jaws 0.2/0.3 - 'gadget' Parameter Traversal Arbitrary File Access
Jaws 0.2/0.3 - Cookie Manipulation Authentication Bypass
Jaws 0.2/0.3 - 'action' Parameter Cross-Site Scripting
JAWS 0.2/0.3/0.4 - ControlPanel.php SQL Injection
Jaws 0.2/0.3/0.4 - ControlPanel.php SQL Injection
JAWS Glossary 0.4/0.5 - Cross-Site Scripting
Jaws Glossary 0.4/0.5 - Cross-Site Scripting
JAWS 0.x - Remote File Inclusion
Jaws 0.x - Remote File Inclusion
FlatNux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities
Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities
Multiple Netgear Routers - Password Disclosure
Video Sharing Script 4.94 - 'uid' Parameter SQL Injection
Netman 204 - Backdoor Account / Password Reset
2017-02-01 05:01:19 +00:00
Offensive Security
bac881f89a
DB: 2017-01-03
...
3 new exploits
QNAP NAS Devices - Heap Overflow
Castle Rock Computing SNMPc 7.0.19 - Community String Stack Based Buffer Overflow
Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH)
PHPFanBase 2.x - (protection.php) Remote File Inclusion
PHPFanBase 2.x - 'protection.php' Remote File Inclusion
DigiAffiliate 1.4 - (visu_user.asp id) SQL Injection
DigiAffiliate 1.4 - 'id' Parameter SQL Injection
ExoPHPDesk 1.2.1 - (faq.php) SQL Injection
ExoPHPDesk 1.2.1 - 'faq.php' SQL Injection
MiniGal b13 - (image backdoor) Remote Code Execution
MiniGal b13 - Remote Code Execution
PHP Auto Listings - 'moreinfo.php pg' SQL Injection
Pre Simple CMS - SQL Injection (Authentication Bypass)
PHP Auto Listings - 'pg' Parameter SQL Injection
Pre Simple CMS - Authentication Bypass
Harlandscripts drinks - (recid) SQL Injection
Harlandscripts drinks - 'recid' Parameter SQL Injection
Mole Group Taxi Calc Dist Script - (Authentication Bypass) SQL Injection
Mole Group Taxi Calc Dist Script - Authentication Bypass
DevelopItEasy Membership System 1.3 - (Authentication Bypass) SQL Injection
DevelopItEasy Membership System 1.3 - Authentication Bypass
NICE FAQ Script - (Authentication Bypass) SQL Injection
NICE FAQ Script - Authentication Bypass
SoftComplex PHP Image Gallery 1.0 - (Authentication Bypass) SQL Injection
SoftComplex PHP Image Gallery 1.0 - Authentication Bypass
DELTAScripts PHP Classifieds 7.5 - (Authentication Bypass) SQL Injection
DELTAScripts PHP Links 1.3 - (Authentication Bypass) SQL Injection
DELTAScripts PHP Shop 1.0 - (Authentication Bypass) SQL Injection
SoftComplex PHP Image Gallery - (ctg) SQL Injection
DELTAScripts PHP Classifieds 7.5 - Authentication Bypass
DELTAScripts PHP Links 1.3 - Authentication Bypass
DELTAScripts PHP Shop 1.0 - Authentication Bypass
SoftComplex PHP Image Gallery - 'ctg' Parameter SQL Injection
TurnkeyForms Business Survey Pro 1.0 - 'id' SQL Injection
Mole Group Pizza - (manufacturers_id) Script SQL Injection
TurnkeyForms Business Survey Pro 1.0 - 'id' Parameter SQL Injection
Mole Group Pizza - 'manufacturers_id' Parameter SQL Injection
E-topbiz Online Store 1 - (Authentication Bypass) SQL Injection
PHP Auto Listings Script - (Authentication Bypass) SQL Injection
Mole Group Rental Script - (Authentication Bypass) SQL Injection
MyioSoft Ajax Portal 3.0 - (Authentication Bypass) SQL Injection
MyioSoft EasyBookMarker - (Authentication Bypass) SQL Injection
MyioSoft EasyCalendar - (Authentication Bypass) SQL Injection
E-topbiz Online Store 1 - Authentication Bypass
PHP Auto Listings Script - Authentication Bypass
Mole Group Rental Script - Authentication Bypass
MyioSoft Ajax Portal 3.0 - Authentication Bypass
MyioSoft EasyBookMarker 4.0 - Authentication Bypass
MyioSoft EasyCalendar - Authentication Bypass
E-topbiz Online Store 1 - 'cat_id' SQL Injection
E-topbiz Online Store 1 - 'cat_id' Parameter SQL Injection
Myiosoft EasyBookMarker 4 - (Parent) SQL Injection
Myiosoft EasyBookMarker 4 - 'Parent' Parameter SQL Injection
Enthusiast 3.1.4 - (show_joined.php path) Remote File Inclusion
V3 Chat Profiles/Dating Script 3.0.2 - (Authentication Bypass) SQL Injection
Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion
V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass
DigiAffiliate 1.4 - (Authentication Bypass) SQL Injection
Mole Group Airline Ticket Script - (Authentication Bypass) SQL Injection
DigiAffiliate 1.4 - Authentication Bypass
Mole Group Airline Ticket Script - Authentication Bypass
ExoPHPDesk 1.2 Final - (Authentication Bypass) SQL Injection
ZEEMATRI 3.0 - (bannerclick.php adid) SQL Injection
ExoPHPDesk 1.2 Final - Authentication Bypass
ZEEMATRI 3.0 - 'adid' Parameter SQL Injection
Joomla! Component com_books - (book_id) SQL Injection
Joomla! Component com_books - 'book_id' Parameter SQL Injection
Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection
Joomla! / Mambo Component com_catalogproduction - 'id' Parameter SQL Injection
PozScripts Business Directory Script - 'cid' SQL Injection
PozScripts Business Directory Script - 'cid' Parameter SQL Injection
Alstrasoft Web Host Directory - (Authentication Bypass) SQL Injection
Quick Poll Script - 'code.php id' SQL Injection
Alstrasoft Web Host Directory - Authentication Bypass
Quick Poll Script - 'id' Parameter SQL Injection
Bankoi Webhost Panel 1.20 - (Authentication Bypass) SQL Injection
Bankoi Webhost Panel 1.20 - Authentication Bypass
Minigal b13 - 'index.php list' Remote File Disclosure
yahoo answers - 'id' SQL Injection
Minigal b13 - Remote File Disclosure
yahoo answers - 'id' Parameter SQL Injection
PHPstore Wholesale - 'track.php?id' SQL Injection
PHPstore Wholesale - 'id' Parameter SQL Injection
E-topbiz ADManager 4 - (group) Blind SQL Injection
E-topbiz ADManager 4 - 'group' Parameter Blind SQL Injection
PHPfan 3.3.4 - (init.php includepath) Remote File Inclusion
Jadu Galaxies - 'categoryId' Blind SQL Injection
PHPfan 3.3.4 - 'init.php' Remote File Inclusion
Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection
MemHT Portal 4.0.1 - (avatar) Remote Code Execution
MemHT Portal 4.0.1 - Remote Code Execution
MemHT Portal 4.0.1 - (pvtmsg) Delete All Private Messages Exploit
MemHT Portal 4.0.1 - Delete All Private Messages Exploit
MyioSoft Ajax Portal 3.0 - (page) SQL Injection
MyioSoft Ajax Portal 3.0 - 'page' Parameter SQL Injection
X10media Mp3 Search Engine < 1.6.2 Admin Access
X10media Mp3 Search Engine < 1.6.2 - Admin Access
Arab Portal 2.2 - (Authentication Bypass) SQL Injection
Arab Portal 2.2 - Authentication Bypass
Arab Portal 2.x - (forum.php qc) SQL Injection
Arab Portal 2.x - 'forum.php' SQL Injection
Arab Portal 2.2 - (mod.php module) Local File Inclusion
Arab Portal 2.2 - 'mod.php' Local File Inclusion
Collabtive - SQL Injection
Collabtive 0.65 - SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - showproduct.php SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - showcat.php SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - 'showproduct.php' SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - 'showcat.php' SQL Injection
All Enthusiast PhotoPost PHP Pro 5.0 - adm-photo.php Arbitrary Image Manipulation
All Enthusiast PhotoPost PHP Pro 5.0 - 'adm-photo.php' Arbitrary Image Manipulation
Collabtive 1.0 - (manageuser.php task Parameter) SQL Injection
Collabtive 1.0 - 'manageuser.php' SQL Injection
Arab Portal 2.0 - Link.php SQL Injection
Arab Portal 2.0 - 'Link.php' SQL Injection
Arab Portal System 2.0 - online.php title Parameter Cross-Site Scripting
Arab Portal System 2.0 - download.php title Parameter Cross-Site Scripting
Arab Portal 2.0 - 'online.php' Cross-Site Scripting
Arab Portal 2.0 - 'download.php' Cross-Site Scripting
ExoPHPDesk 1.2 - Pipe.php Remote File Inclusion
ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion
Collabtive 1.1 - (managetimetracker.php id Parameter) SQL Injection
Collabtive 1.1 - 'managetimetracker.php' SQL Injection
Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution
2017-01-03 05:01:17 +00:00
Offensive Security
18d8085c6d
DB: 2016-12-18
...
13 new exploits
Microsoft Internet Explorer 9 MSHTML - CMarkup::ReloadInCompatView Use-After-Free
Microsoft Internet Explorer 9 IEFRAME - CMarkup::RemovePointerPos Use-After-Free (MS13-055)
Orthanc DICOM Server 1.1.0 - Memory Corruption
Microsoft Internet Explorer 9 - MSHTML CMarkup::ReloadInCompatView Use-After-Free
Microsoft Internet Explorer 9 - IEFRAME CMarkup::RemovePointerPos Use-After-Free (MS13-055)
OsiriX DICOM Viewer 8.0.1 - Memory Corruption
ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow
DCMTK 3.6.0 storescp - Stack Buffer Overflow
Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service
Microsoft Internet Explorer 9 IEFRAME - CMarkupPointer::MoveToGap Use-After-Free
Microsoft Internet Explorer 9 IEFRAME - CView::EnsureSize Use-After-Free (MS13-021)
Nagios < 4.2.4 - Privilege Escalation
iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free
Alienvault OSSIM - SQL Injection / Remote Code Execution (Metasploit)
Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit)
Alienvault OSSIM < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution
Alienvault Open Source SIEM (OSSIM) < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution
Alienvault OSSIM - av-centerd Command Injection (Metasploit)
Alienvault Open Source SIEM (OSSIM) - av-centerd Command Injection (Metasploit)
Horos 2.1.0 Web Portal - Directory Traversal
Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)
Alienvault OSSIM Open Source SIEM 3.1 - Multiple Security Vulnerabilities
Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Security Vulnerabilities
Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
Alienvault OSSIM 4.1.2 - Multiple SQL Injections
Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections
Alienvault OSSIM Open Source SIEM 4.1 - Multiple SQL Vulnerabilities
Alienvault Open Source SIEM (OSSIM) 4.1 - Multiple SQL Vulnerabilities
Alienvault 4.3.1 - Unauthenticated SQL Injection
Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting
Alienvault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit)
Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit)
Alienvault OSSIM 4.3 - Cross-Site Request Forgery
Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery
WHMCS Addon VMPanel 2.7.4 - SQL Injection
WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery
2016-12-18 05:01:16 +00:00
Offensive Security
32e86030d5
DB: 2016-12-15
...
3 new exploits
minix 3.1.2a - tty panic Local Denial of Service
minix 3.1.2a - tty panic Remote Denial of Service
Minix 3.1.2a - tty panic Local Denial of Service
Minix 3.1.2a - tty panic Remote Denial of Service
Microsoft IIS 5.0 - WebDav Lock Method Memory Leak Denial of Service
Microsoft IIS 5.0 - WebDAV Lock Method Memory Leak Denial of Service
MINIX 3.3.0 - Local Denial of Service (PoC)
Minix 3.3.0 - Local Denial of Service (PoC)
MINIX 3.3.0 - Remote TCP/IP Stack Denial of Service
Minix 3.3.0 - Remote TCP/IP Stack Denial of Service
Apache 2.4.23 (mod_http2) - Denial of Service
Adobe Animate 15.2.1.95 - Memory Corruption
CoolPlayer - m3u File Local Buffer Overflow
CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow
Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit)
Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDAV Privilege Escalation (MS16-016) (Metasploit)
Apache Tomcat (WebDAV) - Remote File Disclosure
Apache Tomcat - (WebDAV) Remote File Disclosure
Apache Tomcat (WebDAV) - Remote File Disclosure (SSL)
Apache Tomcat - (WebDAV) Remote File Disclosure (SSL)
APT - Repository Signing Bypass via Memory Allocation Failure
PHPFootball 1.6 - (show.php) Remote Database Disclosure
PHPFootball 1.6 - Remote Database Disclosure
Aprox CMS Engine 5 (1.0.4) - Local File Inclusion
Aprox CMS Engine 5.1.0.4 - Local File Inclusion
PHP Help Agent 1.1 - (content) Local File Inclusion
PHP Help Agent 1.1 - 'content' Parameter Local File Inclusion
Alstrasoft Affiliate Network Pro - (pgm) SQL Injection
Alstrasoft Affiliate Network Pro - 'pgm' Parameter SQL Injection
PHPHoo3 <= 5.2.6 - (PHPHoo3.php viewCat) SQL Injection
Alstrasoft Video Share Enterprise 4.5.1 - (UID) SQL Injection
PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection
Alstrasoft Video Share Enterprise 4.5.1 - 'UID' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection
Aprox CMS Engine 5.(1.0.4) - 'index.php' SQL Injection
Siteframe - 'folder.php id' SQL Injection
PHPFootball 1.6 - (show.php) SQL Injection
DigiLeave 1.2 - (info_book.asp book_id) Blind SQL Injection
HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Aprox CMS Engine 5.1.0.4 - 'index.php' SQL Injection
Siteframe CMS 3.2.3 - 'folder.php' SQL Injection
PHPFootball 1.6 - SQL Injection
DigiLeave 1.2 - 'book_id' Parameter Blind SQL Injection
HRS Multi - 'key' Parameter Blind SQL Injection
MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection
MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection
MojoAuto - 'mojoAuto.cgi mojo' Blind SQL Injection
EZWebAlbum (dlfilename) - Remote File Disclosure
Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection
ShopCartDx 4.30 - 'pid' SQL Injection
MojoPersonals - Blind SQL Injection
MojoJobs - Blind SQL Injection
MojoAuto - Blind SQL Injection
EZWebAlbum - Remote File Disclosure
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
ShopCartDx 4.30 - 'pid' Parameter SQL Injection
YouTube blog 0.1 - (Remote File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Pre Survey Poll - 'default.asp catid' SQL Injection
Atom Photoblog 1.1.5b1 - (photoId) SQL Injection
ibase 2.03 - 'download.php' Remote File Disclosure
YouTube blog 0.1 - Remote File Inclusion / SQL Injection / Cross-Site Scripting
Pre Survey Poll - 'catid' Parameter SQL Injection
Atom Photoblog 1.1.5b1 - 'photoId' Parameter SQL Injection
ibase 2.03 - Remote File Disclosure
Live Music Plus 1.1.0 - 'id' SQL Injection
xrms 1.99.2 - (Remote File Inclusion / Cross-Site Scripting / Information Gathering) Multiple Vulnerabilities
Live Music Plus 1.1.0 - 'id' Parameter SQL Injection
XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering
FizzMedia 1.51.2 - (comment.php mid) SQL Injection
PHPTest 0.6.3 - (picture.php image_id) SQL Injection
FizzMedia 1.51.2 - SQL Injection
PHPTest 0.6.3 - SQL Injection
Mobius 1.4.4.1 - (browse.php id) SQL Injection
EPShop < 3.0 - 'pid' SQL Injection
Mobius 1.4.4.1 - SQL Injection
EPShop < 3.0 - 'pid' Parameter SQL Injection
TriO 2.1 - (browse.php id) SQL Injection
CMScout 2.05 - (common.php bit) Local File Inclusion
Getacoder clone - (sb_protype) SQL Injection
GC Auction Platinum - (cate_id) SQL Injection
SiteAdmin CMS - (art) SQL Injection
TriO 2.1 - 'browse.php' SQL Injection
CMScout 2.05 - 'bit' Parameter Local File Inclusion
Getacoder clone - 'sb_protype' Parameter SQL Injection
GC Auction Platinum - 'cate_id' Parameter SQL Injection
SiteAdmin CMS - 'art' Parameter SQL Injection
Youtuber Clone - 'ugroups.php UID' SQL Injection
Youtuber Clone - SQL Injection
PixelPost 1.7.1 - (language_full) Local File Inclusion
PixelPost 1.7.1 - 'language_full' Parameter Local File Inclusion
ViArt Shop 3.5 - (category_id) SQL Injection
Minishowcase 09b136 - 'lang' Local File Inclusion
ViArt Shop 3.5 - 'category_id' Parameter SQL Injection
Minishowcase 09b136 - 'lang' Parameter Local File Inclusion
Gregarius 0.5.4 - rsargs[] SQL Injection
PHP Hosting Directory 2.0 - (admin.php rd) Remote File Inclusion
HIOX Random Ad 1.3 - (hioxRandomAd.php hm) Remote File Inclusion
hiox browser Statistics 2.0 - Remote File Inclusion
Gregarius 0.5.4 - SQL Injection
PHP Hosting Directory 2.0 - Remote File Inclusion
HIOX Random Ad 1.3 - Remote File Inclusion
HIOX Browser Statistics 2.0 - Remote File Inclusion
nzFotolog 0.4.1 - (action_file) Local File Inclusion
ZeeReviews - 'comments.php ItemID' SQL Injection
nzFotolog 0.4.1 - 'action_file' Parameter Local File Inclusion
ZeeReviews - SQL Injection
Article Friendly Pro/Standard - (Cat) SQL Injection
Article Friendly Pro/Standard - SQL Injection
PozScripts Classified Ads Script - 'cid' SQL Injection
TubeGuru Video Sharing Script - (UID) SQL Injection
PozScripts Classified Ads Script - 'cid' Parameter SQL Injection
TubeGuru Video Sharing Script - 'UID' Parameter SQL Injection
pligg 9.9.0 - (Cross-Site Scripting / Local File Inclusion / SQL Injection) Multiple Vulnerabilities
pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
camera life 2.6.2b4 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting
Alstrasoft Article Manager Pro - (Authentication Bypass) SQL Injection
Alstrasoft Article Manager Pro 1.6 - Authentication Bypass
viart shopping cart 3.5 - Multiple Vulnerabilities
Viart shopping cart 3.5 - Multiple Vulnerabilities
PHPFootball 1.6 - (filter.php) Remote Hash Disclosure
PHPFootball 1.6 - Remote Hash Disclosure
talkback 2.3.14 - Multiple Vulnerabilities
Siteframe CMS 3.2.x - (SQL Injection / phpinfo()) Multiple Vulnerabilities
TalkBack 2.3.14 - Multiple Vulnerabilities
Siteframe CMS 3.2.x - SQL Injection / phpinfo()
CMScout - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
CMScout - Cross-Site Scripting / HTML Injection
ShopCartDx 4.30 - (products.php) Blind SQL Injection
ShopCartDx 4.30 - 'products.php' Blind SQL Injection
viart shop 4.0.5 - Multiple Vulnerabilities
ViArt Shop 4.0.5 - Multiple Vulnerabilities
Siteframe 3.2.3 - (user.php) SQL Injection
Siteframe CMS 3.2.3 - 'user.php' SQL Injection
viart shop 4.0.5 - Cross-Site Request Forgery
ViArt Shop 4.0.5 - Cross-Site Request Forgery
Siteframe 2.2.4 - search.php Cross-Site Scripting
Siteframe 2.2.4 - download.php Information Disclosure
Siteframe CMS 2.2.4 - 'download.php' Information Disclosure
phpx 3.2.3 - Multiple Vulnerabilities
PHPX 3.2.3 - Multiple Vulnerabilities
PHPX 3.x - admin/page.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/news.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/user.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/images.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/forums.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'page.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'news.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'user.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'images.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'forums.php' Cross-Site Request Forgery / Arbitrary Command Execution
Alstrasoft Video Share Enterprise 4.x - MyajaxPHP.php Remote File Inclusion
Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion
Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php Multiple Parameter Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - merchants/temp.php rowid Parameter Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php uploadProducts Action pgmid Parameter SQL Injection
Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection
PHPX 3.5.15/3.5.16 - print.php news_id Parameter SQL Injection
PHPX 3.5.15/3.5.16 - forums.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - users.php user_id Parameter SQL Injection
PHPX 3.5.15/3.5.16 - news.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - gallery.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - 'print.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'users.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'news.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'gallery.php' SQL Injection
XRms 1.99.2 - activities/some.php title Parameter Cross-Site Scripting
XRms 1.99.2 - companies/some.php company_name Parameter Cross-Site Scripting
XRms 1.99.2 - contacts/some.php last_name Parameter Cross-Site Scripting
XRms 1.99.2 - campaigns/some.php campaign_title Parameter Cross-Site Scripting
XRms 1.99.2 - opportunities/some.php opportunity_title Parameter Cross-Site Scripting
XRms 1.99.2 - cases/some.php case_title Parameter Cross-Site Scripting
XRms 1.99.2 - files/some.php file_id Parameter Cross-Site Scripting
XRms 1.99.2 - reports/custom/mileage.php starting Parameter Cross-Site Scripting
XRms 1.99.2 - 'title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'company_name' Parameter Cross-Site Scripting
XRms 1.99.2 - 'last_name' Parameter Cross-Site Scripting
XRms 1.99.2 - 'campaign_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'opportunity_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'case_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'file_id' Parameter Cross-Site Scripting
XRms 1.99.2 - 'starting' Parameter Cross-Site Scripting
Pligg 1.0.4 - 'install1.php' Cross-Site Scripting
Joomla! Component DT Register - 'cat' SQL Injection
Joomla! Component DT Register - 'cat' Parameter SQL Injection
2016-12-15 13:07:17 +00:00
Offensive Security
b080c70f8b
DB: 2016-12-14
...
7 new exploits
Microsoft Internet Explorer 9 IEFRAME - CSelectionInteractButtonBehavior::_UpdateButtonLocation Use-After-Free (MS13-047)
Xitami Web Server 5.0a0 - Denial of Service
OpenSSL 1.1.0a/1.1.0b - Denial of Service
Serva 3.0.0 HTTP Server - Denial of Service
iOS 10.1.x - Certificate File Memory Corruption
OpenBSD 4.0 - (vga) Privilege Escalation
OpenBSD 4.0 - 'vga' Privilege Escalation
10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow
MyBloggie 2.1.4 - (trackback.php) Multiple SQL Injections
MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injections
AShop Deluxe 4.x - (catalogue.php cat) SQL Injection
AShop Deluxe 4.x - 'catalogue.php' SQL Injection
HIOX Banner Rotator 1.3 - (hm) Remote File Inclusion
HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion
CAT2 - (spaw_root) Local File Inclusion
CAT2 - 'spaw_root' Parameter Local File Inclusion
MyBloggie 2.1.3 - search.php SQL Injection
MyBloggie 2.1.2/2.1.3 - upload.php Multiple Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - delcomment.php Multiple Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - deluser.php 'id' Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - addcat.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - edituser.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - adduser.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - editcat.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - add.php trackback_url Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - delcat.php cat_id Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - del.php post_id Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'delcomment.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'deluser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'addcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'trackback_url' Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scripting
MyBloggie 2.1.x - Multiple Remote File Inclusion
MyBloggie 2.1.x - MyBloggie_Root_Path Parameter Multiple Remote File Inclusion
MyBloggie 2.1.x - 'MyBloggie_Root_Path' Parameter Remote File Inclusion
AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter Cross-Site Scripting
AShop Deluxe 4.5 - ashop/basket.php cat Parameter Cross-Site Scripting
AShop Deluxe 4.5 - ashop/search.php SearchString Parameter Cross-Site Scripting
AShop Deluxe 4.5 - shipping.php Multiple Parameter Cross-Site Scripting
AShop Deluxe 4.5 - admin/editcatalogue.php cat Parameter Cross-Site Scripting
AShop Deluxe 4.5 - admin/salesadmin.php resultpage Parameter Cross-Site Scripting
AShop Deluxe 4.5 - 'catalogue.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'basket.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'search.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'shipping.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'editcatalogue.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'salesadmin.php' Cross-Site Scripting
MyBloggie 2.1.5 - 'index.php' PATH_INFO Parameter Cross-Site Scripting
MyBloggie 2.1.5 - 'index.php' Cross-Site Scripting
MyBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting
MyBloggie 2.1.5 - 'login.php' Cross-Site Scripting
Smart Guard Network Manager 6.3.2 - SQL Injection
WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery
2016-12-14 05:01:23 +00:00
Offensive Security
0231ae9ba7
DB: 2016-12-09
...
5 new exploits
Dual DHCP DNS Server 7.29 - Denial of Service
TP-LINK TD-W8951ND - Denial of Service
OpenSSH 7.2 - Denial of Service
Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Advanced Webhost Billing System (AWBS) - cart2.php Remote File Inclusion
Advanced Webhost Billing System (AWBS) 2.4.0 - 'cart2.php' Remote File Inclusion
AWBS 2.7.1 - (news.php viewnews) SQL Injection
Anata CMS 1.0b5 - (change.php) Arbitrary Add Admin
Advanced Webhost Billing System (AWBS) 2.7.1 - 'news.php' SQL Injection
Anata CMS 1.0b5 - 'change.php' Arbitrary Add Admin
Simple Machines Forum 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
Simple Machines Forum (SMF) 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
Simple Machines Forum (SMF) - Multiple Security Vulnerabilities
Simple Machines Forum (SMF) 1.1.10/2.0 RC2 - Multiple Security Vulnerabilities
Advanced Webhost Billing System 2.2.2 - contact.php Multiple Cross-Site Scripting Vulnerabilities
Advanced Webhost Billing System 2.9.2 - 'oid' Parameter SQL Injection
Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' Parameter SQL Injection
Simple Machines Forum (SMF) 2.0.2 - 'index.php' scheduled Parameter Cross-Site Scripting
Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Parameter Cross-Site Scripting
Cisco Unified Communications Manager 7/8/9 - Directory Traversal
2016-12-09 05:01:19 +00:00
Offensive Security
855e59f932
DB: 2016-12-07
...
9 new exploits
MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)
Asterisk - (SIP channel driver / in pedantic mode) Remote Crash
Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)
Asterisk 1.2.x - (SIP channel driver / in pedantic mode) Remote Crash
F5 BIG-IP - Remote Root Authentication Bypass (1)
F5 BIG-IP - Authentication Bypass (1)
Ntpd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow
NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow
NetCat 0.7.1 - Denial of Service
Microsoft Event Viewer 1.0 - XML External Entity Injection
Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection
Apache CouchDB 2.0.0 - Local Privilege Escalation
Samba 2.2.8 - Remote Root Exploit
Samba 2.2.8 - Remote Code Execution
Microsoft Windows - WebDAV Remote Root Exploit (2)
Microsoft Windows - WebDAV Remote Code Execution (2)
Microsoft IIS 5.0 - WebDAV Remote Root Exploit (3) (xwdav)
Microsoft IIS 5.0 - WebDAV Remote Code Execution (3) (xwdav)
miniSQL (mSQL) 1.3 - Remote GID Root Exploit
miniSQL (mSQL) 1.3 - GID Remote Code Execution
Real Server 7/8/9 (Windows / Linux) - Remote Root Exploit
GtkFtpd 1.0.4 - Remote Root Buffer Overflow
Real Server 7/8/9 (Windows / Linux) - Remote Code Execution
GtkFtpd 1.0.4 - Buffer Overflow
Solaris Sadmind - Default Configuration Remote Root Exploit
Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit
Solaris Sadmind - Default Configuration Remote Code Execution
Knox Arkeia Pro 5.1.12 - Backup Remote Code Execution
ProFTPd 1.2.9rc2 - ASCII File Remote Root Exploit
ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution
ProFTPd 1.2.7 < 1.2.9rc2 - Remote Root / Brute Force Exploit
ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execution / Brute Force
Cyrus IMSPD 1.7 - abook_dbname Remote Root Exploit
Cyrus IMSPD 1.7 - 'abook_dbname' Remote Code Execution
Ethereal 0.10.0 < 0.10.2 - IGAP Overflow Remote Root Exploit
Ethereal 0.10.0 < 0.10.2 - IGAP Overflow
Monit 4.1 - Remote Root Buffer Overflow
Monit 4.2 - Remote Root Buffer Overflow
Monit 4.1 - Buffer Overflow
Monit 4.2 - Buffer Overflow
INND/NNRP < 1.6.x - Remote Root Overflow
INND/NNRP < 1.6.x - Overflow Exploit
LPRng (RedHat 7.0) - lpd Remote Root Format String
LPRng (RedHat 7.0) - 'lpd' Format String
BeroFTPD 1.3.4(1) (Linux/x86) - Remote Root Exploit
BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (1)
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (2)
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (3)
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (4)
BIND 8.2.x - (TSIG) Stack Overflow (1)
BIND 8.2.x - (TSIG) Stack Overflow (2)
BIND 8.2.x - (TSIG) Stack Overflow (3)
BIND 8.2.x - (TSIG) Stack Overflow (4)
HP Web JetAdmin 6.5 - (connectedNodes.ovpl) Remote Root Exploit
HP Web JetAdmin 6.5 - 'connectedNodes.ovpl' Remote Code Execution
CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow Root Exploit
CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow
Solaris /bin/login (SPARC/x86) - Remote Root Exploit
Solaris /bin/login (SPARC/x86) - Remote Code Execution
Drcat 0.5.0-beta - (drcatd) Remote Root Exploit
Drcat 0.5.0-beta - 'drcatd' Remote Code Execution
Dropbear SSH 0.34 - Remote Root Exploit
Dropbear SSH 0.34 - Remote Code Execution
Apple Mac OSX 10.3.3 - AppleFileServer Remote Root Overflow
Apple Mac OSX 10.3.3 - AppleFileServer Overflow Remote Code Execution
Monit 4.2 - Basic Authentication Remote Root Exploit
Monit 4.2 - Basic Authentication Remote Code Execution
WvTFTPd 0.9 - Remote Root Heap Overflow
WvTFTPd 0.9 - Heap Overflow
Qwik SMTP 0.3 - Remote Root Format String
Qwik SMTP 0.3 - Format String
Citadel/UX 6.27 - Remote Root Format String
Citadel/UX 6.27 - Format String
Knox Arkeia Server Backup 5.3.x - Remote Root Exploit
Knox Arkeia Server Backup 5.3.x - Remote Code Execution
Smail 3.2.0.120 - Remote Root Heap Overflow
mtftpd 0.0.3 - Remote Root Exploit
Smail 3.2.0.120 - Heap Overflow
mtftpd 0.0.3 - Remote Code Execution
dSMTP Mail Server 3.1b - Linux Remote Root Format String
dSMTP Mail Server 3.1b (Linux) - Format String Exploit
IPSwitch IMail Server 8.15 - IMAPD Remote Root Exploit
IPSwitch IMail Server 8.15 - IMAPD Remote Code Execution
linux-ftpd-ssl 0.17 - (MKD/CWD) Remote Root Exploit
linux-ftpd-ssl 0.17 - 'MKD'/'CWD' Remote Code Execution
MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow
Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow
GNU InetUtils ftpd 1.4.2 - (ld.so.preload) Remote Root Exploit
GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution
ProFTPd 1.2.9 rc2 - (ASCII File) Remote Root Exploit
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution
dproxy-nexgen (Linux/x86) - Remote Root Buffer Overflow
dproxy-nexgen (Linux/x86) - Buffer Overflow
Kerberos 1.5.1 - Kadmind Remote Root Buffer Overflow
Kerberos 1.5.1 - Kadmind Buffer Overflow
webdesproxy 0.0.1 - GET Request Remote Root Exploit (exec-shield)
webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution
VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Root Exploit
VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution
MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow
Alt-N MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow
Sun Solaris 10 - rpc.ypupdated Remote Root Exploit
Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution
ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit
ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Code Execution
Sun Solaris 10 - rpc.ypupdated Remote Root Exploit (Metasploit)
Sun Solaris 10 - rpc.ypupdated Remote Code Execution (Metasploit)
Trixbox 2.6.1 - (langChoice) Remote Root Exploit (Python)
Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python)
Solaris 9 (UltraSPARC) - sadmind Remote Root Exploit
Solaris 9 (UltraSPARC) - sadmind Remote Code Execution
Apache SpamAssassin Milter Plugin 0.3.1 - Remote Root Command Execution
Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution
Microworld eScan AntiVirus < 3.x - Remote Root Command Execution
Microworld eScan AntiVirus < 3.x - Remote Code Execution
AIX5l with FTP-Server - Remote Root Hash Disclosure
AIX5l with FTP-Server - Hash Disclosure
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Root Remote Code Execution)
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution)
ProFTPd 1.3.3c - Compromised Source Remote Root Trojan
ProFTPd 1.3.3c - Compromised Source (Trojan) Remote Code Execution
Comtrend ADSL Router CT-5367 C01_R12 - Remote Root Exploit
Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution
MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)
Alt-N MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)
ACTi ASOC 2200 Web Configurator 2.6 - Remote Root Command Execution
ACTi ASOC 2200 Web Configurator 2.6 - Remote Command Execution
DreamBox DM800 1.5rc1 - Remote Root File Disclosure
DreamBox DM800 1.5rc1 - File Disclosure
TelnetD encrypt_keyid - Remote Root Function Pointer Overwrite
TelnetD encrypt_keyid - Function Pointer Overwrite
F5 BIG-IP - Remote Root Authentication Bypass (2)
MySQL - Remote Root Authentication Bypass
F5 BIG-IP - Authentication Bypass (2)
MySQL - Authentication Bypass
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection
ManageEngine Security Manager Plus 5.5 build 5505 - Remote Root/SYSTEM SQL Injection
WIDZ 1.0/1.5 - Remote Root Compromise
WIDZ 1.0/1.5 - Remote Code Execution
Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities
Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH)
DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow
proManager 0.73 - (note.php) SQL Injection
ProManager 0.73 - 'note.php' SQL Injection
pNews 1.1.0 - (nbs) Remote File Inclusion
pNews 1.1.0 - 'nbs' Parameter Remote File Inclusion
Power Phlogger 2.0.9 - (config.inc.php3) File Inclusion
Power Phlogger 2.0.9 - 'config.inc.php3' File Inclusion
eFiction 3.1.1 - (path_to_smf) Remote File Inclusion
eFiction 3.1.1 - 'path_to_smf' Remote File Inclusion
FlexPHPNews 0.0.5 - (news.php newsid) SQL Injection
FlexPHPNews 0.0.5 - 'newsid' Parameter SQL Injection
Achievo 1.1.0 - (atk.inc config_atkroot) Remote File Inclusion
Achievo 1.1.0 - 'config_atkroot' Parameter Remote File Inclusion
SimpNews 2.40.01 - (print.php newnr) SQL Injection
SimpNews 2.40.01 - 'newnr' Parameter SQL Injection
PHPNews 0.93 - (format_menue) Remote File Inclusion
PHPNews 0.93 - 'format_menue' Parameter Remote File Inclusion
meBiblio 0.4.5 - (index.php action) Remote File Inclusion
meBiblio 0.4.5 - 'action' Parameter Remote File Inclusion
Joomla! Component rapidrecipe 1.6.5 - SQL Injection
Joomla! Component Rapid Recipe 1.6.5 - SQL Injection
mebiblio 0.4.7 - (SQL Injection / Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
mebiblio 0.4.7 - SQL Injection / Arbitrary File Upload / Cross-Site Scripting
pLog - 'albumID' SQL Injection
smeweb 1.4b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PLog 1.0.6 - 'albumID' Parameter SQL Injection
smeweb 1.4b - SQL Injection / Cross-Site Scripting
Joomla! Component joomradio 1.0 - 'id' SQL Injection
Joomla! Component JoomRadio 1.0 - 'id' Parameter SQL Injection
Battle Blog 1.25 - (comment.asp) SQL Injection
Battle Blog 1.25 - 'comment.asp' SQL Injection
1Book Guestbook Script - Code Execution
1Book Guestbook Script 1.0.1 - Code Execution
PHP-Address Book 3.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Joomla! Component EasyBook 1.1 - (gbid) SQL Injection
427bb 2.3.1 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting
Joomla! Component EasyBook 1.1 - 'gbid' Parameter SQL Injection
427bb 2.3.1 - SQL Injection / Cross-Site Scripting
Power Phlogger 2.2.5 - (css_str) SQL Injection
pSys 0.7.0.a - (shownews) SQL Injection
Joomla! Component JoomlaDate - (user) SQL Injection
Power Phlogger 2.2.5 - 'css_str' Parameter SQL Injection
pSys 0.7.0.a - 'shownews' Parameter SQL Injection
Joomla! Component JoomlaDate 1.2 - 'user' Parameter SQL Injection
JiRo?s FAQ Manager (read.asp fID) 1.0 - SQL Injection
phpinv 0.8.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Joomla! Component yvcomment 1.16 - Blind SQL Injection
JiRo's FAQ Manager eXperience 1.0 - 'fID' Parameter SQL Injection
phpinv 0.8.0 - Local File Inclusion / Cross-Site Scripting
Joomla! Component yvComment 1.16 - Blind SQL Injection
BrowserCRM 5.002.00 - (clients.php) Remote File Inclusion
BrowserCRM 5.002.00 - 'clients.php' Remote File Inclusion
Joomla! Component rapidrecipe - SQL Injection
Joomla! Component Rapid Recipe 1.6.6/1.6.7 - SQL Injection
Joomla! Component iJoomla! News Portal - 'itemID' SQL Injection
Joomla! Component iJoomla News Portal 1.0 - 'itemID' Parameter SQL Injection
real estate Web site 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
telephone directory 2008 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ASPilot Pilot Cart 7.3 - (article) SQL Injection
real estate Web site 1.0 - SQL Injection / Cross-Site Scripting
Telephone Directory 2008 - SQL Injection / Cross-Site Scripting
ASPilot Pilot Cart 7.3 - 'article' Parameter SQL Injection
Flux CMS 1.5.0 - (loadsave.php) Arbitrary File Overwrite
pNews 2.08 - (shownews) SQL Injection
Flux CMS 1.5.0 - 'loadsave.php' Arbitrary File Overwrite
pNews 2.08 - 'shownews' Parameter SQL Injection
ErfurtWiki R1.02b - (css) Local File Inclusion
DCFM Blog 0.9.4 - (comments) SQL Injection
yblog 0.2.2.2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Insanely Simple Blog 0.5 - (index) SQL Injection
ASPPortal Free Version - 'Topic_Id' SQL Injection
Experts 1.0.0 - (answer.php) SQL Injection
SyndeoCMS 2.6.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
ErfurtWiki R1.02b - Local File Inclusion
DCFM Blog 0.9.4 - SQL Injection
Yblog 0.2.2.2 - Cross-Site Scripting / SQL Injection
Insanely Simple Blog 0.5 - SQL Injection
ASPPortal Free Version - 'Topic_Id' Parameter SQL Injection
Experts 1.0.0 - 'answer.php' SQL Injection
SyndeoCMS 2.6.0 - Local File Inclusion / Cross-Site Scripting
Yuhhu 2008 SuperStar - 'board' SQL Injection
Yuhhu 2008 SuperStar - 'board' Parameter SQL Injection
eFiction 3.0 - (toplists.php list) SQL Injection
eFiction 3.0 - 'toplists.php' SQL Injection
pSys 0.7.0 Alpha - (chatbox.php) SQL Injection
pSys 0.7.0 Alpha - 'chatbox.php' SQL Injection
pNews 2.03 - (newsid) SQL Injection
pNews 2.03 - 'newsid' Parameter SQL Injection
Joomla! Component JooBlog 0.1.1 - (PostID) SQL Injection
Joomla! Component JooBlog 0.1.1 - 'PostID' Parameter SQL Injection
FlexPHPNews 0.0.6 & PRO - (Authentication Bypass) SQL Injection
FlexPHPNews 0.0.6 & PRO - Authentication Bypass
E-ShopSystem - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities
E-ShopSystem - Authentication Bypass / SQL Injection
Battle Blog 1.25 - (uploadform.asp) Arbitrary File Upload
Battle Blog 1.25 - 'uploadform.asp' Arbitrary File Upload
427BB Fourtwosevenbb 2.3.2 - SQL Injection
427BB 2.3.2 - SQL Injection
Joomla! Component 'com_joomradio' - SQL Injection
Joomla! Component JoomRadio 1.0 - SQL Injection
Joomla! Component 'com_elite_experts' - SQL Injection
Joomla! Component Elite Experts - SQL Injection
ASPilot Pilot Cart 7.3 - newsroom.asp SQL Injection
ASPilot Pilot Cart 7.3 - 'newsroom.asp' SQL Injection
Contrexx ShopSystem 2.2 SP3 (catId) - Blind SQL Injection
Contrexx ShopSystem 2.2 SP3 - 'catId' Parameter Blind SQL Injection
Comtrend Router CT-5624 - Remote Root/Support Password Disclosure/Change Exploit
Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit
alt-n mdaemon free 12.5.4 - Persistent Cross-Site Scripting
Alt-N MDaemon free 12.5.4 - Persistent Cross-Site Scripting
SimpNews 2.0.1/2.13 - PATH_SIMPNEWS Remote File Inclusion
SimpNews 2.0.1/2.13 - 'path_simpnews' Parameter Remote File Inclusion
PHPNews 1.2.3/1.2.4 - auth.php Remote File Inclusion
PHPNews 1.2.3/1.2.4 - 'auth.php' Remote File Inclusion
PHPSysInfo 2.0/2.3 - 'index.php' sensor_program Parameter Cross-Site Scripting
PHPSysInfo 2.0/2.3 - system_footer.php Multiple Parameter Cross-Site Scripting
PHPSysInfo 2.0/2.3 - 'sensor_program' Parameter Cross-Site Scripting
PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting
Seowonintech Routers fw: 2.3.9 - Remote Root File Disclosure
Seowonintech Routers fw: 2.3.9 - File Disclosure
PHPNews 1.2.x - auth.php SQL Injection
PHPNews 1.2.x - 'auth.php' SQL Injection
efiction 1.0/1.1/2.0 - titles.php let Parameter Cross-Site Scripting
efiction 1.0/1.1/2.0 - titles.php let Parameter SQL Injection
efiction 1.0/1.1/2.0 - viewstory.php sid Parameter SQL Injection
efiction 1.0/1.1/2.0 - viewuser.php uid Parameter SQL Injection
efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting
efiction 1.0/1.1/2.0 - 'titles.php' SQL Injection
efiction 1.0/1.1/2.0 - 'sid' Parameter SQL Injection
efiction 1.0/1.1/2.0 - 'uid' Parameter SQL Injection
427BB 2.2 - showthread.php SQL Injection
427BB 2.2 - 'showthread.php' SQL Injection
BrowserCRM - results.php Cross-Site Scripting
Simpnews 2.x - Wap_short_news.php Remote File Inclusion
Simpnews 2.x - 'Wap_short_news.php' Remote File Inclusion
ZYXEL Prestige 660H-61 ADSL Router - RPSysAdmin.HTML Cross-Site Scripting
ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting
Yblog - funk.php id Parameter Cross-Site Scripting
Yblog - tem.php action Parameter Cross-Site Scripting
Yblog - uss.php action Parameter Cross-Site Scripting
Yblog - 'funk.php' Cross-Site Scripting
Yblog - 'tem.php' Cross-Site Scripting
Yblog - 'uss.php' Cross-Site Scripting
Simpnews 2.x - admin/index.php Unspecified Cross-Site Scripting
Simpnews 2.x - admin/pwlost.php Unspecified Cross-Site Scripting
Simpnews 2.x - 'index.php' Cross-Site Scripting
Simpnews 2.x - 'pwlost.php' Cross-Site Scripting
PHPNews 1.3 - Link_Temp.php Multiple Cross-Site Scripting Vulnerabilities
PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting
Insanely Simple Blog 0.4/0.5 - 'index.php' current_subsection Parameter SQL Injection
Insanely Simple Blog 0.4/0.5 - Blog Anonymous Blog Entry Cross-Site Scripting
Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection
Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting
SimpNews 2.41.3 - admin/layout2b.php l_username Parameter Cross-Site Scripting
SimpNews 2.41.3 - comment.php backurl Parameter Cross-Site Scripting
SimpNews 2.41.3 - 'l_username' Parameter Cross-Site Scripting
SimpNews 2.41.3 - 'backurl' Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - modules/Documents/version_list.php parent_id Parameter SQL Injection
BrowserCRM 5.100.1 - modules/Documents/index.php contact_id Parameter SQL Injection
BrowserCRM 5.100.1 - Multiple Script URI Cross-Site Scripting
BrowserCRM 5.100.1 - license/index.php framed Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - licence/view.php framed Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - pub/clients.php login[] Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - 'index.php' login[] Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - 'parent_id' Parameter SQL Injection
BrowserCRM 5.100.1 - 'contact_id' Parameter SQL Injection
BrowserCRM 5.100.1 - URI Cross-Site Scripting
BrowserCRM 5.100.1 - 'framed' Parameter Cross-Site Scripting
Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection
BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting
BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting
2016-12-07 05:01:17 +00:00
Offensive Security
aa4fced35c
DB: 2016-12-05
2016-12-05 05:01:20 +00:00
Offensive Security
91b12c469e
DB: 2016-11-29
...
16 new exploits
rdesktop 1.5.0 - iso_recv_msg() Integer Underflow (PoC)
rdesktop 1.5.0 - process_redirect_pdu() BSS Overflow (PoC)
rdesktop 1.5.0 - 'iso_recv_msg()' Integer Underflow (PoC)
rdesktop 1.5.0 - 'process_redirect_pdu()' BSS Overflow (PoC)
NTP 4.2.8p3 - Denial of Service
Microsoft Internet Explorer 8 MSHTML - 'SRunPointer::SpanQualifier/RunType' Out-Of-Bounds Read (MS15-009)
Microsoft Internet Explorer 11 MSHTML - 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion
Microsoft Internet Explorer 10 MSHTML - 'CEditAdorner::Detach' Use-After-Free (MS13-047)
Microsoft Internet Explorer 8 / 9 / 10 / 11 MSHTML - 'DOMImplementation' Type Confusion (MS16-009)
Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation
Linux Kernel 2.6.x < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation
Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Privilege Escalation
Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86_64) - 'compat' Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation
Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86_64) - 'sock_diag_handlers[]' Privilege Escalation (1)
Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)
Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Privilege Escalation (2)
Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation
TFTP Server 1.4 - Buffer Overflow Remote Exploit (2)
TFTP Server 1.4 - Remote Buffer Overflow (2)
TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit)
TFTP Server 1.4 - ST WRQ Buffer Overflow (Metasploit)
Android - 'BadKernel' Remote Code Execution
VX Search Enterprise 9.1.12 - Buffer Overflow
Sync Breeze Enterprise 9.1.16 - Buffer Overflow
Disk Sorter Enterprise 9.1.12 - Buffer Overflow
Dup Scout Enterprise 9.1.14 - Buffer Overflow
Disk Savvy Enterprise 9.1.14 - Buffer Overflow
Disk Pulse Enterprise 9.1.16 - Buffer Overflow
Linux/x86 - Egg-hunter Shellcode (25 bytes)
Linux/x86 - Egg-hunter Shellcode (31 bytes)
RunCMS 1.2 - (class.forumposts.php) Arbitrary Remote File Inclusion
RunCMS 1.2 - 'class.forumposts.php' Arbitrary Remote File Inclusion
CMS Faethon 1.3.2 - (mainpath) Remote File Inclusion
CMS Faethon 1.3.2 - 'mainpath' Parameter Remote File Inclusion
CMS Faethon 2.0 - (mainpath) Remote File Inclusion
CMS Faethon 2.0 - 'mainpath' Parameter Remote File Inclusion
SazCart 1.5 - (cart.php) Remote File Inclusion
SazCart 1.5 - 'cart.php' Remote File Inclusion
Cyberfolio 2.0 RC1 - (av) Remote File Inclusion
Cyberfolio 2.0 RC1 - 'av' Parameter Remote File Inclusion
FipsCMS 4.5 - (index.asp) SQL Injection
FipsCMS 4.5 - 'index.asp' SQL Injection
AJ Classifieds 1.0 - (postingdetails.php) SQL Injection
AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection
RunCMS 1.5.2 - (debug_show.php) SQL Injection
RunCMS 1.5.2 - 'debug_show.php' SQL Injection
OneCMS 2.4 - (userreviews.php abc) SQL Injection
OneCMS 2.4 - 'abc' Parameter SQL Injection
RunCMS 1.6 - disclaimer.php Remote File Overwrite
RunCMS 1.6 - 'disclaimer.php' Remote File Overwrite
PHPEasyData 1.5.4 - 'cat_id' SQL Injection
FipsCMS - 'print.asp lg' SQL Injection
Galleristic 1.0 - (index.php cat) SQL Injection
gameCMS Lite 1.0 - (index.php systemId) SQL Injection
PHPEasyData 1.5.4 - 'cat_id' Parameter SQL Injection
FipsCMS 2.1 - 'print.asp' SQL Injection
Galleristic 1.0 - 'cat' Parameter SQL Injection
GameCMS Lite 1.0 - 'systemId' Parameter SQL Injection
CMS Faethon 2.2 Ultimate - (Remote File Inclusion / Cross-Site Scripting) Multiple Remote Vulnerabilities
CMS Faethon 2.2 Ultimate - Remote File Inclusion / Cross-Site Scripting
MusicBox 2.3.7 - (artistId) SQL Injection
RunCMS 1.6.1 - (msg_image) SQL Injection
MusicBox 2.3.7 - 'artistId' Parameter SQL Injection
RunCMS 1.6.1 - 'msg_image' Parameter SQL Injection
vShare YouTube Clone 2.6 - (tid) SQL Injection
vShare YouTube Clone 2.6 - 'tid' Parameter SQL Injection
Cyberfolio 7.12 - (rep) Remote File Inclusion
miniBloggie 1.0 - (del.php) Arbitrary Delete Post
Cyberfolio 7.12 - 'rep' Parameter Remote File Inclusion
miniBloggie 1.0 - 'del.php' Arbitrary Delete Post
SazCart 1.5.1 - (prodid) SQL Injection
SazCart 1.5.1 - 'prodid' Parameter SQL Injection
Phoenix View CMS Pre Alpha2 - (SQL Injection / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Phoenix View CMS Pre Alpha2 - SQL Injection / Local File Inclusion / Cross-Site Scripting
Ktools Photostore 3.5.1 - (gallery.php gid) SQL Injection
Ktools Photostore 3.5.1 - 'gid' Parameter SQL Injection
Joomla! Component com_datsogallery 1.6 - Blind SQL Injection
Joomla! Component Datsogallery 1.6 - Blind SQL Injection
Vortex CMS - 'index.php pageid' Blind SQL Injection
AJ Article 1.0 - (featured_article.php) SQL Injection
AJ Auction 6.2.1 - (classifide_ad.php) SQL Injection
Vortex CMS - 'pageid' Parameter Blind SQL Injection
AJ Article 1.0 - 'featured_article.php' SQL Injection
AJ Auction 6.2.1 - 'classifide_ad.php' SQL Injection
clanlite 2.x - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ClanLite 2.x - SQL Injection / Cross-Site Scripting
OneCMS 2.5 - (install_mod.php) Local File Inclusion
OneCMS 2.5 - 'install_mod.php' Local File Inclusion
AJ Auction Web 2.0 - (cate_id) SQL Injection
AJ Auction 1.0 - 'id' SQL Injection
AJ Auction Web 2.0 - 'cate_id' Parameter SQL Injection
AJ Auction 1.0 - 'id' Parameter SQL Injection
FipsCMS Light 2.1 - (r) SQL Injection
FipsCMS Light 2.1 - 'r' Parameter SQL Injection
AJ Auction Pro Platinum Skin - 'detail.php item_id' SQL Injection
AJ Auction Pro Platinum Skin - 'item_id' Parameter SQL Injection
AJ Auction Pro Platinum - (seller_id) SQL Injection
AJ Auction Pro Platinum - 'seller_id' Parameter SQL Injection
miniBloggie 1.0 - (del.php) Blind SQL Injection
miniBloggie 1.0 - 'del.php' Blind SQL Injection
AJ Article - 'featured_article.php mode' SQL Injection
AJ ARTICLE - (Authentication Bypass) SQL Injection
AJ Article 1.0 - Authentication Bypass
Cyberfolio 7.12.2 - (css.php theme) Local File Inclusion
Cyberfolio 7.12.2 - 'theme' Parameter Local File Inclusion
AJ ARTICLE - Remote Authentication Bypass
AJ Article 1.0 - Remote Authentication Bypass
MusicBox 2.3.8 - (viewalbums.php artistId) SQL Injection
MusicBox 2.3.8 - 'viewalbums.php' SQL Injection
AJ Auction Pro OOPD 2.3 - 'id' SQL Injection
AJ Auction Pro OOPD 2.3 - 'id' Parameter SQL Injection
BigACE CMS 2.5 - 'Username' SQL Injection
BigACE 2.5 - SQL Injection
ZeusCart 2.3 - 'maincatid' SQL Injection
ZeusCart 2.3 - 'maincatid' Parameter SQL Injection
BigACE CMS 2.6 - (cmd) Local File Inclusion
BigACE 2.6 - 'cmd' Parameter Local File Inclusion
RunCMS 1.6.3 - (double ext) Remote Shell Injection
RunCMS 1.6.3 - Remote Shell Injection
AJ Auction Pro OOPD 2.x - (store.php id) SQL Injection
AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection
RunCMS 2m1 - store() SQL Injection
RunCMS 2ma - post.php SQL Injection
RunCMS 2m1 - 'store()' SQL Injection
RunCMS 2ma - 'post.php' SQL Injection
AJ Article - Persistent Cross-Site Scripting
AJ Article 3.0 - Cross-Site Scripting
admidio 2.3.5 - Multiple Vulnerabilities
Admidio 2.3.5 - Multiple Vulnerabilities
RunCMS 1.1/1.2 Newbb_plus and Messages Modules - Multiple SQL Injections
RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection
MusicBox 2.3 - Type Parameter SQL Injection
MusicBox 2.3 - 'type' Parameter SQL Injection
RunCMS 1.x - Bigshow.php Cross-Site Scripting
RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting
RunCMS 1.2/1.3 - PMLite.php SQL Injection
RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection
RunCMS 1.x - Ratefile.php Cross-Site Scripting
RunCMS 1.x - 'Ratefile.php' Cross-Site Scripting
BigACE CMS 2.7.8 - Cross-Site Request Forgery (Add Admin)
BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)
MusicBox 2.3 - 'index.php' Multiple Parameter SQL Injection
MusicBox 2.3 - 'index.php' Multiple Parameter Cross-Site Scripting
MusicBox 2.3 - cart.php Multiple Parameter Cross-Site Scripting
MusicBox 2.3 - 'index.php' SQL Injection
MusicBox 2.3 - 'index.php' Cross-Site Scripting
MusicBox 2.3 - 'cart.php' Cross-Site Scripting
MusicBox 2.3.4 - Page Parameter SQL Injection
MusicBox 2.3.4 - 'page' Parameter SQL Injection
MyWebland miniBloggie 1.0 - Fname Remote File Inclusion
miniBloggie 1.0 - 'Fname' Remote File Inclusion
BigACE 1.8.2 - item_main.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - upload_form.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - download.cmd.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - admin.cmd.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - 'item_main.php' Remote File Inclusion
BigACE 1.8.2 - 'upload_form.php' Remote File Inclusion
BigACE 1.8.2 - 'download.cmd.php' Remote File Inclusion
BigACE 1.8.2 - 'admin.cmd.php' Remote File Inclusion
ClanLite - Config-PHP.php Remote File Inclusion
ClanLite - 'conf-php.php' Remote File Inclusion
FipsCMS 2.1 - PID Parameter SQL Injection
FipsCMS 2.1 - 'pid' Parameter SQL Injection
RunCMS 1.6.1 - votepolls.php bbPath[path] Parameter Remote File Inclusion
RunCMS 1.6.1 - config.php bbPath[root_theme] Parameter Remote File Inclusion
RunCMS 1.6.1 - 'bbPath[path]' Parameter Remote File Inclusion
RunCMS 1.6.1 - 'bbPath[root_theme]' Parameter Remote File Inclusion
FipsCMS 2.1 - 'forum/neu.asp' SQL Injection
FipsCMS 2.1 - 'neu.asp' SQL Injection
OneCMS 2.6.1 - admin/admin.php cat Parameter Cross-Site Scripting
OneCMS 2.6.1 - search.php search Parameter SQL Injection
OneCMS 2.6.1 - admin/admin.php Short1 Parameter Cross-Site Scripting
OneCMS 2.6.1 - 'cat' Parameter Cross-Site Scripting
OneCMS 2.6.1 - 'search' Parameter SQL Injection
OneCMS 2.6.1 - 'short1' Parameter Cross-Site Scripting
RunCMS 'partners' Module - 'id' Parameter SQL Injection
RunCMS Module Partners - 'id' Parameter SQL Injection
Zeuscart v.4 - Multiple Vulnerabilities
Zeuscart 4.0 - Multiple Vulnerabilities
BigACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal
BigACE 2.7.5 - 'LANGUAGE' Parameter Directory Traversal
Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting
Red Hat JBoss EAP - Deserialization of Untrusted Data
2016-11-29 05:01:20 +00:00
Offensive Security
38038a7128
DB: 2016-11-24
...
6 new exploits
Linux Kernel 2.6.32-642 / 3.16.0-4 - 'inode' Integer Overflow
UCanCode - Multiple Vulnerabilities
Linux Kernel 2.6.9 <= 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (1)
Linux Kernel 2.6.9 <= 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (2)
Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (1)
Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (2)
Microsoft Windows Server 2008/2012 - LDAP RootDSE Netlogon Denial of Service (PoC)
Microsoft Windows Server 2008/2012 - LDAP RootDSE Netlogon Denial of Service
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (PoC) (1)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (PoC) (2)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation (3)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (PoC) (1)
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Privilege Escalation (2)
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (PoC)
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Privilege Escalation
Linux Kernel 2.6.9 / 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Privilege Escalation
Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow Privilege Escalation
Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Privilege Escalation
Linux Kernel 2.6.30 < 2.6.30.1 / SELinux (RHEL 5) - Privilege Escalation
Linux Kernel 2.6.9 / 2.6.11 (RHEL4) - SYS_EPoll_Wait Local Integer Overflow Privilege Escalation (2)
Linux Kernel 2.6.18 - 'move_pages()' Information Leak
Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak
Linux Kenrel 2.6.10 < 2.6.31.5 - 'pipe.c' Privilege Escalation
Windows x64 - Download & Execute Shellcode (358 bytes)
2016-11-24 05:01:19 +00:00
Offensive Security
dab1517032
DB: 2016-11-22
...
13 new exploits
Borland Interbase 2007 - ibserver.exe Buffer Overflow (PoC)
Borland Interbase 2007 - 'ibserver.exe' Buffer Overflow (PoC)
Linux Kernel (Ubuntu / RedHat) - 'keyctl' Null Pointer Dereference
Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference
Microsoft Edge Scripting Engine - Memory Corruption (MS16-129)
Microsoft Edge - 'CTextExtractor::GetBlockText' Out-of-Bounds Read (MS16-104)
Microsoft Internet Explorer 8 jscript - 'RegExpBase::FBadHeader' Use-After-Free (MS15-018)
NTP 4.2.8p8 - Denial of Service
Tumbleweed SecureTransport FileTransfer - ActiveX Buffer Overflow
Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow
Borland Interbase 2007 - PWD_db_aliased Buffer Overflow (Metasploit)
Borland Interbase 2007 - 'PWD_db_aliased' Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 sp2 - 'jrd8_create_database' Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit)
Borland Interbase - isc_create_database() Buffer Overflow (Metasploit)
Borland Interbase - 'isc_create_database()' Buffer Overflow (Metasploit)
Borland Interbase - isc_attach_database() Buffer Overflow (Metasploit)
Borland Interbase - 'isc_attach_database()' Buffer Overflow (Metasploit)
Borland Interbase - SVC_attach() Buffer Overflow (Metasploit)
Borland Interbase - 'SVC_attach()' Buffer Overflow (Metasploit)
Borland Interbase - Create-Request Buffer Overflow (Metasploit)
Borland Interbase - 'Create-Request' Buffer Overflow (Metasploit)
Borland Interbase - PWD_db_aliased() Buffer Overflow (Metasploit)
Borland Interbase - open_marker_file() Buffer Overflow (Metasploit)
Borland Interbase - 'PWD_db_aliased()' Buffer Overflow (Metasploit)
Borland Interbase - 'open_marker_file()' Buffer Overflow (Metasploit)
Borland Interbase - jrd8_create_database() Buffer Overflow (Metasploit)
Borland Interbase - INET_connect() Buffer Overflow (Metasploit)
Borland Interbase - 'jrd8_create_database()' Buffer Overflow (Metasploit)
Borland Interbase - 'INET_connect()' Buffer Overflow (Metasploit)
Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit)
phpunity.postcard - (gallery_path) Remote File Inclusion
phpunity.postcard - 'gallery_path' Parameter Remote File Inclusion
CcMail 1.0.1 - (update.php functions_dir) Remote File Inclusion
CcMail 1.0.1 - 'functions_dir' Parameter Remote File Inclusion
1024 CMS 0.7 - (download.php item) Remote File Disclosure
1024 CMS 0.7 - 'download.php' Remote File Disclosure
cpCommerce 1.1.0 - (category.php id_category) SQL Injection
CPCommerce 1.1.0 - 'id_category' Parameter SQL Injection
1024 CMS 1.3.1 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
1024 CMS 1.3.1 - Local File Inclusion / SQL Injection
Mole 2.1.0 - (viewsource.php) Remote File Disclosure
ChartDirector 4.1 - (viewsource.php) File Disclosure
724CMS 4.01 Enterprise - (index.php ID) SQL Injection
My Gaming Ladder 7.5 - (ladderid) SQL Injection
Mole 2.1.0 - 'viewsource.php' Remote File Disclosure
ChartDirector 4.1 - 'viewsource.php' File Disclosure
724CMS 4.01 Enterprise - 'index.php' SQL Injection
My Gaming Ladder 7.5 - 'ladderid' Parameter SQL Injection
exbb 0.22 - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities
Pligg CMS 9.9.0 - (editlink.php id) SQL Injection
ExBB 0.22 - Local / Remote File Inclusion
Pligg CMS 9.9.0 - 'editlink.php' SQL Injection
Prediction Football 1.x - (matchid) SQL Injection
Prediction Football 1.x - 'matchid' Parameter SQL Injection
Free Photo Gallery Site Script - (path) File Disclosure
Free Photo Gallery Site Script - 'path' Parameter File Disclosure
LiveCart 1.1.1 - (category id) Blind SQL Injection
Ksemail - 'index.php language' Local File Inclusion
LiveCart 1.1.1 - 'id' Parameter Blind SQL Injection
Ksemail - Local File Inclusion
RX Maxsoft - 'popup_img.php fotoID' SQL Injection
PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection
RX Maxsoft - 'fotoID' Parameter SQL Injection
PHPKB Knowledge Base Software 1.5 - 'ID' Parameter SQL Injection
Pollbooth 2.0 - (pollID) SQL Injection
cpcommerce 1.1.0 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
Pollbooth 2.0 - 'pollID' Parameter SQL Injection
CPCommerce 1.1.0 - Cross-Site Scripting / Local File Inclusion
SmallBiz eShop - (content_id) SQL Injection
SmallBiz eShop - 'content_id' Parameter SQL Injection
lightneasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
PostcardMentor - 'step1.asp cat_fldAuto' SQL Injection
PostcardMentor - 'cat_fldAuto' Parameter SQL Injection
Pligg CMS 9.9.0 - (story.php id) SQL Injection
Pligg CMS 9.9.0 - 'story.php' SQL Injection
LokiCMS 0.3.4 - writeconfig() Remote Command Execution
LokiCMS 0.3.4 - 'writeconfig()' Remote Command Execution
cpCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass
CPCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass
cpCommerce 1.2.8 - (id_document) Blind SQL Injection
CPCommerce 1.2.8 - 'id_document' Parameter Blind SQL Injection
cpCommerce 1.2.x - GLOBALS[prefix] Arbitrary File Inclusion
CPCommerce 1.2.x - 'GLOBALS[prefix]' Arbitrary File Inclusion
ChartDirector 5.0.1 - (cacheId) Arbitrary File Disclosure
ChartDirector 5.0.1 - 'cacheId' Parameter Arbitrary File Disclosure
Pligg CMS 1.0.4 - (story.php?id) SQL Injection
Pligg CMS 1.0.4 - 'story.php' SQL Injection
724CMS 4.59 Enterprise - SQL Injection
724CMS Enterprise 4.59 - SQL Injection
lightneasy 3.2.2 - Multiple Vulnerabilities
LightNEasy 3.2.2 - Multiple Vulnerabilities
My Postcards 6.0 - MagicCard.cgi Arbitrary File Disclosure
My Postcards 6.0 - 'MagicCard.cgi' Arbitrary File Disclosure
Mambo Open Source 4.0.14 - PollBooth.php Multiple SQL Injection
Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injection
PhotoKorn 1.53/1.54 - postcard.php id Parameter SQL Injection
PhotoKorn 1.53/1.54 - 'id' Parameter SQL Injection
CPCommerce 1.1 - Manufacturer.php SQL Injection
CPCommerce 1.1 - 'manufacturer.php' SQL Injection
LiveCart 1.0.1 - user/remindPassword return Parameter Cross-Site Scripting
LiveCart 1.0.1 - category q Parameter Cross-Site Scripting
LiveCart 1.0.1 - order return Parameter Cross-Site Scripting
LiveCart 1.0.1 - user/remindComplete email Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'q' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'email' Parameter Cross-Site Scripting
Pligg CMS 1.x - module.php Multiple Parameter Cross-Site Scripting
Pligg CMS 1.x - 'module.php' Multiple Parameter Cross-Site Scripting
Pligg CMS 2.0.2 - (load_data_for_search.php) SQL Injection
Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection
CMS Made Simple 2.1.5 - Cross-Site Scripting
Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal
WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery
Mezzanine 4.2.0 - Cross-Site Scripting
LEPTON 2.2.2 - SQL Injection
LEPTON 2.2.2 - Remote Code Execution
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
FUDforum 3.0.6 - Local File Inclusion
Wordpress Plugin Olimometer 2.56 - SQL Injection
2016-11-22 05:01:18 +00:00
Offensive Security