exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	a1eeba1263	DB: 2017-09-07 9 new exploits Sambar FTP Server 6.4 - (SIZE) Remote Denial of Service Sambar FTP Server 6.4 - 'SIZE' Remote Denial of Service Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC) Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC) 2WIRE DSL Router (xslt) - Denial of Service 2WIRE DSL Router - 'xslt' Denial of Service ooVoo 1.7.1.35 - (URL Protocol) Remote Unicode Buffer Overflow (PoC) ooVoo 1.7.1.35 - 'URL Protocol' Remote Unicode Buffer Overflow (PoC) Optimal Archive 1.38 - '.zip' File (SEH) (PoC) Optimal Archive 1.38 - '.zip' File Exploit (SEH) (PoC) Subtitle Translation Wizard 3.0.0 - (SEH) (PoC) Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC) Virtual DJ Trial 6.1.2 - Buffer Overflow (SEH) Crash (PoC) Virtual DJ Trial 6.1.2 - Buffer Overflow Crash (SEH) (PoC) VideoLAN VLC Media Player 1.1.9 - XSPF Local File Integer Overflow in XSPF Playlist parser VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow Winlog Lite SCADA HMI system - (SEH) Overwrite Winlog Lite SCADA HMI system - Overwrite (SEH) FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC) FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC) Sony PC Companion 2.1 - (DownloadURLToFile()) Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - (Load()) Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - (CheckCompatibility()) Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow Sambar Server 6.0 - results.stm Post Request Buffer Overflow Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow Samba nttrans Reply - Integer Overflow Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) Denial of Service Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service) i.FTP 2.21 - (SEH) Overflow Crash (PoC) i.FTP 2.21 - Overflow Crash (SEH) (PoC) Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC) Sam Spade 1.14 - Scan From IP Address Field Overflow Crash (SEH) (PoC) TECO SG2 FBD Client 3.51 - '.gfb' Overwrite (SEH) Buffer Overflow TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) Network Scanner 4.0.0.0 - (SEH)Crash (PoC) Network Scanner 4.0.0.0 - Crash (SEH) (PoC) Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service) Symantec AntiVirus - Remote Stack Buffer Overflow in dec2lha Library Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow Firebird 1.0.2 FreeBSD 4.7-RELEASE - Privilege Escalation Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Privilege Escalation CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH) CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode) Quick Player 1.2 - Unicode Buffer Overflow DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit Quick Player 1.2 - Unicode Buffer Overflow (1) DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) Quick Player 1.2 - Unicode Buffer Overflow (Bindshell) Quick Player 1.2 - Unicode Buffer Overflow (2) Winamp 5.572 - (SEH) Exploit Winamp 5.572 - Exploit (SEH) ZipScan 2.2c - (SEH) Exploit ZipScan 2.2c - Exploit (SEH) Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit) Winamp 5.572 - 'whatsnew.txt' Exploit (SEH) (Metasploit) Mediacoder 0.7.3.4672 - (SEH) Exploit Mediacoder 0.7.3.4672 - Exploit (SEH) SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow (PoC) SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC) MoreAmp - '.maf' Local Stack Buffer Overflow (SEH) (calc) BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow MoreAmp - '.maf' Local Stack Buffer Overflow (SEH) BlazeDVD 6.0 - '.plf' File Universal Buffer Overflow (SEH) ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit) ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass (SEH) (Metasploit) MP3 Workstation 9.2.1.1.2 - (SEH) Exploit MP3 Workstation 9.2.1.1.2 - Exploit (SEH) DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit DJ Studio Pro 8.1.3.2.1 - Exploit (SEH) MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit) MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit) iworkstation 9.3.2.1.4 - (SEH) Exploit iworkstation 9.3.2.1.4 - Exploit (SEH) Winamp 5.6 - Arbitrary Code Execution in MIDI Parser Winamp 5.6 - 'MIDI Parser' Arbitrary Code Execution BS.Player 2.57 - Buffer Overflow (Unicode SEH) BS.Player 2.57 - Buffer Overflow (SEH Unicode) Nokia MultiMedia Player 1.0 - (SEH Unicode) Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode) POP Peeper 3.7 - (SEH) Exploit POP Peeper 3.7 - Exploit (SEH) Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (Unicode SEH) Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (SEH Unicode) BS.Player 2.57 - Buffer Overflow (Unicode SEH) (Metasploit) BS.Player 2.57 - Buffer Overflow (SEH Unicode) (Metasploit) DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit) DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit) Samba 2.0.7 SWAT - Logfile Permissions Samba 2.0.7 - SWAT Logfile Permissions Static HTTP Server 1.0 - (SEH) Overflow Static HTTP Server 1.0 - Overflow (SEH) ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH) ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (SEH Unicode) Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH) 'UNICODE' Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH Unicode) GOM Player 2.2.53.5169 - Buffer Overflow (SEH) (.reg) GOM Player 2.2.53.5169 - '.reg' Buffer Overflow (SEH) Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter) Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter) Total Commander 8.52 - Overwrite (SEH) Buffer Overflow Total Commander 8.52 - Overwrite Buffer Overflow (SEH) TECO SG2 LAD Client 3.51 - '.gen' Overwrite (SEH) Buffer Overflow TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite (SEH) Buffer Overflow TECO SG2 LAD Client 3.51 - '.gen' Overwrite Buffer Overflow (SEH) TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite Buffer Overflow (SEH) Jungo DriverWizard WinDriver - Kernel Pool Overflow Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation Tor - Linux Sandbox Breakout via X11 Samba < 2.2.8 (Linux/BSD) - Remote Code Execution Samba 3.0.4 SWAT - Authorisation Buffer Overflow Samba 3.0.4 - SWAT Authorisation Buffer Overflow BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) Universal BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH) Samba 2.2.x - nttrans Overflow (Metasploit) Samba 2.2.x - 'nttrans' Overflow (Metasploit) BigAnt Server 2.52 - (SEH) Exploit BigAnt Server 2.52 - Exploit (SEH) File Sharing Wizard 1.5.0 - (SEH) Exploit File Sharing Wizard 1.5.0 - Exploit (SEH) Samba - 'Username' map script' Command Execution (Metasploit) Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit) Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Overflow Exploit (Metasploit) Samba 2.0.7 SWAT - Logging Failure Samba 2.0.7 - SWAT Logging Failure Sambar Server 4.4/5.0 - pagecount File Overwrite Sambar Server 4.4/5.0 - 'pagecount' File Overwrite Sambar Server 5.x - results.stm Cross-Site Scripting Sambar Server 5.x - 'results.stm' Cross-Site Scripting Samba SMB 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow Samba 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass) BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based Exploit (SEH) (ASLR + DEP Bypass) Sambar 5.x - Open Proxy / Authentication Bypass Sambar Server 5.x - Open Proxy / Authentication Bypass Sambar Server 6.1 Beta 2 - show.asp show Parameter Cross-Site Scripting Sambar Server 6.1 Beta 2 - showperf.asp title Parameter Cross-Site Scripting Sambar Server 6.1 Beta 2 - showini.asp Arbitrary File Access Sambar Server 6.1 Beta 2 - 'show.asp' show Parameter Cross-Site Scripting Sambar Server 6.1 Beta 2 - 'showperf.asp' title Parameter Cross-Site Scripting Sambar Server 6.1 Beta 2 - 'showini.asp' Arbitrary File Access Sambar Server 5.x/6.0/6.1 - results.stm indexname Cross-Site Scripting Sambar Server 5.x/6.0/6.1 - 'results.stm' indexname Cross-Site Scripting Ruby 1.9.1 - WEBrick Terminal Escape Sequence in Logs Command Injection Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection Varnish 2.0.6 - 'Terminal Escape Sequence in Logs' Command Injection Yaws 1.55 - Terminal Escape Sequence in Logs Command Injection Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection Orion Application Server 2.0.7 - 'Terminal Escape Sequence in Logs' Command Injection Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH) Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH) Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter) Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH) Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit) Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit) WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures PHP-Nuke 8.0 - Cross-Site Scripting / HTML Code Injection in News Module PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection PHP-decoda - Cross-Site Scripting In Video Tag PHP-decoda - 'Video Tag' Cross-Site Scripting vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin) WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear' WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation FineCMS 1.0 - Multiple Vulnerabilities FineCMS 1.0 - Multiple Vulnerabilities A2billing 2.x - SQL Injection Cory Support - 'pr' Parameter SQL Injection Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin) Pay Banner Text Link Ad 1.0.6.1 - SQL Injection	2017-09-07 05:01:26 +00:00
Offensive Security	9195172fad	Updated 11_28_2014	2014-11-28 04:53:33 +00:00
Offensive Security	fffbf04102	Updated	2013-12-03 19:44:07 +00:00

Author

SHA1

Message

Date

Offensive Security

a1eeba1263

DB: 2017-09-07

9 new exploits

Sambar FTP Server 6.4 - (SIZE) Remote Denial of Service
Sambar FTP Server 6.4 - 'SIZE' Remote Denial of Service

Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)
Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)

2WIRE DSL Router (xslt) - Denial of Service
2WIRE DSL Router - 'xslt' Denial of Service

ooVoo 1.7.1.35 - (URL Protocol) Remote Unicode Buffer Overflow (PoC)
ooVoo 1.7.1.35 - 'URL Protocol' Remote Unicode Buffer Overflow (PoC)

Optimal Archive 1.38 - '.zip' File (SEH) (PoC)
Optimal Archive 1.38 - '.zip' File Exploit (SEH) (PoC)

Subtitle Translation Wizard 3.0.0 - (SEH) (PoC)
Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC)

Virtual DJ Trial 6.1.2 - Buffer Overflow (SEH) Crash (PoC)
Virtual DJ Trial 6.1.2 - Buffer Overflow Crash (SEH) (PoC)

VideoLAN VLC Media Player 1.1.9 - XSPF Local File Integer Overflow in XSPF Playlist parser
VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow

Winlog Lite SCADA HMI system - (SEH) Overwrite
Winlog Lite SCADA HMI system - Overwrite (SEH)

FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC)
FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC)
Sony PC Companion 2.1 - (DownloadURLToFile()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Load()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (CheckCompatibility()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow

Sambar Server 6.0 - results.stm Post Request Buffer Overflow
Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow

Samba nttrans Reply - Integer Overflow
Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) Denial of Service
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service)

i.FTP 2.21 - (SEH) Overflow Crash (PoC)
i.FTP 2.21 - Overflow Crash (SEH) (PoC)

Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC)
Sam Spade 1.14 - Scan From IP Address Field Overflow Crash (SEH) (PoC)

TECO SG2 FBD Client 3.51 - '.gfb' Overwrite (SEH) Buffer Overflow
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH)

Network Scanner 4.0.0.0 - (SEH)Crash (PoC)
Network Scanner 4.0.0.0 - Crash (SEH) (PoC)

Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service)

Symantec AntiVirus - Remote Stack Buffer Overflow in dec2lha Library
Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow

WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales
WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow

Firebird 1.0.2 FreeBSD 4.7-RELEASE - Privilege Escalation
Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Privilege Escalation

CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH)
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode)
Quick Player 1.2 - Unicode Buffer Overflow
DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit
Quick Player 1.2 - Unicode Buffer Overflow (1)
DJ Studio Pro 5.1.6.5.2 - Exploit (SEH)

Quick Player 1.2 - Unicode Buffer Overflow (Bindshell)
Quick Player 1.2 - Unicode Buffer Overflow (2)

Winamp 5.572 - (SEH) Exploit
Winamp 5.572 - Exploit (SEH)

ZipScan 2.2c - (SEH) Exploit
ZipScan 2.2c - Exploit (SEH)

Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit)
Winamp 5.572 - 'whatsnew.txt' Exploit (SEH) (Metasploit)

Mediacoder 0.7.3.4672 - (SEH) Exploit
Mediacoder 0.7.3.4672 - Exploit (SEH)

SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow (PoC)
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC)
MoreAmp - '.maf' Local Stack Buffer Overflow (SEH) (calc)
BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow
MoreAmp - '.maf' Local Stack Buffer Overflow (SEH)
BlazeDVD 6.0 - '.plf' File Universal Buffer Overflow (SEH)

ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit)
ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass (SEH) (Metasploit)

MP3 Workstation 9.2.1.1.2 - (SEH) Exploit
MP3 Workstation 9.2.1.1.2 - Exploit (SEH)

DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit
DJ Studio Pro 8.1.3.2.1 - Exploit (SEH)

MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit)
MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit)

iworkstation 9.3.2.1.4 - (SEH) Exploit
iworkstation 9.3.2.1.4 - Exploit (SEH)

Winamp 5.6 - Arbitrary Code Execution in MIDI Parser
Winamp 5.6 - 'MIDI Parser' Arbitrary Code Execution

BS.Player 2.57 - Buffer Overflow (Unicode SEH)
BS.Player 2.57 - Buffer Overflow (SEH Unicode)

Nokia MultiMedia Player 1.0 - (SEH Unicode)
Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode)

POP Peeper 3.7 - (SEH) Exploit
POP Peeper 3.7 - Exploit (SEH)

Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (Unicode SEH)
Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (SEH Unicode)

BS.Player 2.57 - Buffer Overflow (Unicode SEH) (Metasploit)
BS.Player 2.57 - Buffer Overflow (SEH Unicode) (Metasploit)

DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit)
DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit)

Samba 2.0.7 SWAT - Logfile Permissions
Samba 2.0.7 - SWAT Logfile Permissions

Static HTTP Server 1.0 - (SEH) Overflow
Static HTTP Server 1.0 - Overflow (SEH)

ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (SEH Unicode)

Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH) 'UNICODE'
Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH Unicode)

GOM Player 2.2.53.5169 - Buffer Overflow (SEH) (.reg)
GOM Player 2.2.53.5169 - '.reg' Buffer Overflow (SEH)

Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter)
Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)

Total Commander 8.52 - Overwrite (SEH) Buffer Overflow
Total Commander 8.52 - Overwrite Buffer Overflow (SEH)
TECO SG2 LAD Client 3.51 - '.gen' Overwrite (SEH) Buffer Overflow
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite (SEH) Buffer Overflow
TECO SG2 LAD Client 3.51 - '.gen' Overwrite Buffer Overflow (SEH)
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite Buffer Overflow (SEH)
Jungo DriverWizard WinDriver - Kernel Pool Overflow
Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation
Tor - Linux Sandbox Breakout via X11

Samba < 2.2.8 (Linux/BSD) - Remote Code Execution

Samba 3.0.4 SWAT - Authorisation Buffer Overflow
Samba 3.0.4 - SWAT Authorisation Buffer Overflow

BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) Universal
BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH)

Samba 2.2.x - nttrans Overflow (Metasploit)
Samba 2.2.x - 'nttrans' Overflow (Metasploit)

BigAnt Server 2.52 - (SEH) Exploit
BigAnt Server 2.52 - Exploit (SEH)

File Sharing Wizard 1.5.0 - (SEH) Exploit
File Sharing Wizard 1.5.0 - Exploit (SEH)

Samba - 'Username' map script' Command Execution (Metasploit)
Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)

Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
Samba 2.2.8 (BSD x86) - 'trans2open' Overflow Exploit (Metasploit)

Samba 2.0.7 SWAT - Logging Failure
Samba 2.0.7 - SWAT Logging Failure

Sambar Server 4.4/5.0 - pagecount File Overwrite
Sambar Server 4.4/5.0 - 'pagecount' File Overwrite

Sambar Server 5.x - results.stm Cross-Site Scripting
Sambar Server 5.x - 'results.stm' Cross-Site Scripting

Samba SMB 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow
Samba 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow

BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass)
BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based Exploit (SEH) (ASLR + DEP Bypass)

Sambar 5.x - Open Proxy / Authentication Bypass
Sambar Server 5.x - Open Proxy / Authentication Bypass
Sambar Server 6.1 Beta 2 - show.asp show Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - showperf.asp title Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - showini.asp Arbitrary File Access
Sambar Server 6.1 Beta 2 - 'show.asp' show Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - 'showperf.asp' title Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - 'showini.asp' Arbitrary File Access

Sambar Server 5.x/6.0/6.1 - results.stm indexname Cross-Site Scripting
Sambar Server 5.x/6.0/6.1 - 'results.stm' indexname Cross-Site Scripting

Ruby 1.9.1 - WEBrick Terminal Escape Sequence in Logs Command Injection
Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection

Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection
Varnish 2.0.6 - 'Terminal Escape Sequence in Logs' Command Injection
Yaws 1.55 - Terminal Escape Sequence in Logs Command Injection
Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection
Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection
Orion Application Server 2.0.7 - 'Terminal Escape Sequence in Logs' Command Injection

Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH)
Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH)

Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH)

Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit)

WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures
WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures

PHP-Nuke 8.0 - Cross-Site Scripting / HTML Code Injection in News Module
PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection

PHP-decoda - Cross-Site Scripting In Video Tag
PHP-decoda - 'Video Tag' Cross-Site Scripting
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API
vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting
vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection

Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)

WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear'
WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation

FineCMS 1.0  - Multiple Vulnerabilities
FineCMS 1.0 - Multiple Vulnerabilities

A2billing 2.x - SQL Injection
Cory Support - 'pr' Parameter SQL Injection
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection

2017-09-07 05:01:26 +00:00

Offensive Security

9195172fad

Updated 11_28_2014

2014-11-28 04:53:33 +00:00

Offensive Security

fffbf04102

Updated

2013-12-03 19:44:07 +00:00

3 commits