exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	c7b4bfd8e6	DB: 2017-08-23 23 new exploits Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit) IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit) BSD - Passive Connection Shellcode (124 bytes) BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes) BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes) BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh Shellcode (27 bytes) BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes) BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes) BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes) BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes) FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes) BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes) FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - kill all processes Shellcode (12 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes) FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Kill All Processes Shellcode (12 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes) FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes) FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) (Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode Linux/x86 - cmd Null-Free Shellcode (Generator) (Generator) - Alphanumeric Shellcode (Encoder/Decoder) Linux/x86 - Bind TCP Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) Linux/x86 - Command Null-Free Shellcode (Generator) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Win32 - Multi-Format Encoding Tool Shellcode (Generator) iOS - Version-independent Shellcode Cisco IOS - Connectback 21/TCP Shellcode Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) iOS Version-independent - Null-Free Shellcode Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/x86 - killall5 polymorphic Shellcode (61 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - reboot() polymorphic Shellcode (57 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator (Generator) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - /sbin/iptables -F Shellcode (40 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - executes command after setreuid Shellcode (49+ bytes) Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + executes command (49+ bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes) Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes) Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - TCP Proxy Shellcode (236 bytes) Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes) Linux/x86 - snoop /dev/dsp Shellcode (172 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - setreuid/execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - iptables -F Shellcode (45 bytes) Linux/x86 - iptables -F Shellcode (58 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - connect Shellcode (120 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - break chroot Shellcode (34 bytes) Linux/x86 - break chroot Shellcode (46 bytes) Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - chroot()/execve() code Shellcode (80 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes) Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes) BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes) OSX/PPC - sync()_ reboot() Shellcode (32 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes) OSX/PPC - sync() + reboot() Shellcode (32 bytes) OSX/PPC - Add user _r00t_ Shellcode (219 bytes) OSX/PPC - Add Root User (r00t) Shellcode (219 bytes) Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid/execve Shellcode (56 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid + execve Shellcode (56 bytes) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes) Win32 - SEH Omelet Shellcode Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - PEB!NtGlobalFlags Shellcode (14 bytes) Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes) Win32/XP SP2 - cmd.exe Shellcode (57 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Win32 - ConnectBack + Download A File + Save + Execute Shellcode Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes) Win32 - Download File + Execute Shellcode (192 bytes) Win32 - Download File + Execute Shellcode (124 bytes) Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box Shellcode (110 bytes) Win32 - WinExec() Command Parameter Shellcode (104+ bytes) Win32 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - SEH Omelet Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes) Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes) Windows x86 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP - Download File + Execute Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Windows XP - Download File + Execute Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Win32 XP SP3 - ShellExecuteA Shellcode Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Win32/XP SP2 - calc.exe Shellcode (45 bytes) Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - break chroot Shellcode (79 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Win32 XP SP2 (FR) - calc Shellcode (19 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes) Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes) Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - disabled modsecurity Shellcode (64 bytes) Win32 - JITed Stage-0 Shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Linux/x86 - Disabled modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes) Win32 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Generator) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes) Windows XP SP2 (FR) - Download File + Execute Shellcode Windows XP SP2 (French) - Download File + Execute Shellcode Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes) Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes) Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Win32 - Write-to-file Shellcode (278 bytes) Windows x86 - Write-to-file Null-Free Shellcode (278 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 English - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) Win32 - Checksum Routine Shellcode (18 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) Windows x86 - Checksum Routine Shellcode (18 bytes) Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes) Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes) Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader Port 0x1337 Shellcode ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader (0x1337/TCP) Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes) Win32 - Speaking 'You got pwned!' Shellcode FreeBSD/x86 - connect back Shellcode (81 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Win32 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes) Linux/x86 - ASLR deactivation Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes) Windows x86 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes) Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes) Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes) Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes) Windows x64 - Bind TCP Shell Shellcode (508 bytes) Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes) Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows - Messagebox Shellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Windows - Add Administrator 'BroK3n' Shellcode (194 bytes) Windows - Messagebox Null-FreeShellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes) Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - Disable ASLR Shellcode (84 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes) Win32/XP SP3 - Restart computer Shellcode (57 bytes) Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes) Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes) Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes) Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes) Linux/x86 - exec('/bin/dash') Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes) Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes) Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - /bin/sh Shellcode (34 bytes) Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Win32 .Net Framework - Execute Native x86 Shellcode Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes) Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x64 - WinExec() Shellcode (93 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes) Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Windows x86 - Executable Directory Search Shellcode (130 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Linux/x86 - Bind Shell Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes) Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Disable ASLR Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux x86 - /bin/sh Shellcode (24 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86_64 - kill All Processes Shellcode (19 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Php Cloud mining Script - Authentication Bypass (Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass	2017-08-23 05:01:29 +00:00
Offensive Security	94f7a8c8f5	DB: 2017-05-18 15 new exploits Apple iOS < 10.3.2 - Notifications API Denial of Service Adobe Flash - AVC Deblocking Out-of-Bounds Read Adobe Flash - Margin Handling Heap Corruption Adobe Flash - Out-of-Bounds Read in Getting TextField Width Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation Mozilla Firefox 50 - 55 - Stack Overflow Denial of Service Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit) Serviio Media Server - checkStreamUrl Command Execution (Metasploit) WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit) Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes) INFOR EAM 11.0 Build 201410 - 'filtervalue' SQL Injection INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields	2017-05-18 05:01:18 +00:00
Offensive Security	b51e0f27d5	DB: 2016-07-17 52 new exploits Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes) Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes) Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes) Linux i686 - pacman -R <package> (59 bytes) Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes) Linux i686 - pacman -R <package> (59 bytes) JITed stage-0 shellcode JITed exec notepad Shellcode Win32 - JITed stage-0 shellcode Win32 - JITed exec notepad Shellcode Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) JITed egg-hunter stage-0 shellcode Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Windows - JITed egg-hunter stage-0 shellcode Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes) Linux/x86 - nc -lvve/bin/sh -p13377 shellcode Linux/x86 - polymorphic forkbombe - (30 bytes) Linux/x86 - forkbomb Linux/x86 - polymorphic forkbombe (30 bytes) Linux/x86 - forkbomb Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes) Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes) Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes) Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes) Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes) Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes) Linux/x86 - Disable randomize stack addresse (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83 Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes) Linux/x86 - Disable randomize stack addresse (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83 Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes) Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes) Linux/x86 - kill all running process (11 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes) Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes) Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes) Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes) Linux/x86 - hard / unclean reboot (29 bytes) Linux/x86 - hard / unclean reboot (33 bytes) Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes) Linux/x86 - hard / unclean reboot (29 bytes) Linux/x86 - hard / unclean reboot (33 bytes) Linux/x86 - chown root:root /bin/sh shellcode (48 bytes) Linux/x86 - give all user root access when execute /bin/sh (45 bytes) Linux/x86 - chown root:root /bin/sh shellcode (48 bytes) Linux/x86 - give all user root access when execute /bin/sh (45 bytes) Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes) Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes) Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/ARM - Disable ASLR Security (102 bytes) Linux/x86 - bind shell port 64533 (97 bytes) Safari JS JITed shellcode - exec calc (ASLR/DEP bypass) Windows - Safari JS JITed shellcode - exec calc (ASLR/DEP bypass) Win32 - Write-to-file Shellcode Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes) Linux/x86 - netcat bindshell port 8080 (75 bytes) Shellcode Checksum Routine (18 bytes) Win32 - Shellcode Checksum Routine (18 bytes) Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes) Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes) Win32 - add new local administrator (326 bytes) Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes) Win32 - add new local administrator (326 bytes) Win32 - speaking shellcode Linux/x86 - netcat bindshell port 6666 (69 bytes) DNS Reverse Download and Exec Shellcode Windows - DNS Reverse Download and Exec Shellcode Linux/x86_32 - ConnectBack with SSL connection (422 bytes) Linux/x86 - ConnectBack with SSL connection (422 bytes) Linux/x86 - egghunt shellcode (29 bytes) Linux/MIPS - execve /bin/sh (48 bytes) Linux/MIPS - add user(UID 0) with password (164 bytes) Linux/MIPS - execve /bin/sh (48 bytes) Linux/MIPS - add user(UID 0) with password (164 bytes) Linux/x86 - execve(/bin/dash) (42 bytes) Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes) Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes) Linux/x86 - rmdir (37 bytes) Linux/MIPS - execve (36 bytes) Windows XP x86-64 - Download & execute (Generator) Linux/x86 - /etc/passwd Reader (58 bytes) Linux - execve /bin/sh (23 bytes) Linux/x86 - execve /bin/sh (23 bytes) Linux/x86/x86_64 - reverse_tcp Shellcode Linux x86 & x86_64 - reverse_tcp Shellcode Linux/x86/x86_64 - tcp_bind Shellcode Linux/x86/x86_64 - Read etc/passwd Shellcode Linux x86 & x86_64 - tcp_bind Shellcode Linux x86 & x86_64 - Read etc/passwd Shellcode .Net Framework - Execute Native x86 Shellcode Win32 .Net Framework - Execute Native x86 Shellcode	2016-07-17 05:07:02 +00:00
Offensive Security	0a9242663c	DB: 2016-07-16 2 new exploits BSD Passive Connection Shellcode BSD - Passive Connection Shellcode FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging FreeBSD i386/AMD64 - Execve /bin/sh (Anti-Debugging) freebsd/x86 rev connect_ recv_ jmp_ return results (90 bytes) freebsd/x86 - rev connect_ recv_ jmp_ return results (90 bytes) freebsd/x86 portbind 4883 with auth shellcode freebsd/x86 - portbind 4883 with auth shellcode freebsd/x86 - execve /bin/sh (23 bytes) (2) freebsd/x86 - execve /bin/sh (2) (23 bytes) freebsd/x86 chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes) freebsd/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes) Windows xp/sp1 generate portbind payload Windows XP SP1 - portbind payload (Generator) Linux/x86 - shellcode generator / null free Alphanumeric Shellcode Encoder Decoder Utility for generating HTTP/1.x requests for shellcodes Multi-Format Shellcode Encoding Tool - Beta 2.0 (w32) Linux/x86 - shellcode null free (Generator) Alphanumeric Shellcode Encoder/Decoder HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes) Multi-Format Shellcode Encoding Tool - Beta 2.0 (Win32) (Generator) Cisco IOS Connectback Shellcode 1.0 Cisco IOS Bind Shellcode 1.0 Cisco IOS Tiny Shellcode 1.0 Cisco IOS Shellcode And Exploitation Techniques (BlackHat) Cisco IOS - Connectback Shellcode Cisco IOS - Bind Shellcode 1.0 (116 bytes) Cisco IOS - Tiny Shellcode Cisco IOS - Shellcode And Exploitation Techniques (BlackHat) Linux/mips - (Linksys WRT54G/GL) port bind shellcode (276 bytes) Linux/mips - (Linksys WRT54G/GL) execve shellcode (60 bytes) Linux/mips - execve /bin/sh (56 bytes) Linux/ppc - execve /bin/sh (60 bytes) Linux/ppc - read & exec shellcode (32 bytes) Linux/ppc - connect back execve /bin/sh (240 bytes) Linux/ppc - execve /bin/sh (112 bytes) Linux/MIPS (Linksys WRT54G/GL) - port bind shellcode (276 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve shellcode (60 bytes) Linux/MIPS - execve /bin/sh (56 bytes) Linux/PPC - execve /bin/sh (60 bytes) Linux/PPC - read & exec shellcode (32 bytes) Linux/PPC - connect back execve /bin/sh (240 bytes) Linux/PPC - execve /bin/sh (112 bytes) Linux/x86 - listens for shellcode on tcp/5555 and jumps to it Linux/x86 - listens for shellcode on tcp/5555 and jumps to it (83 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) (49 bytes) Linux/x86_64 - setuid(0) + execve(/bin/sh) (49 bytes) Linux/x86 - File unlinker (18 bytes + file path length) Linux/x86 - Perl script execution (99 bytes + script length) Linux/x86 - file reader (65 bytes + pathname) Linux/x86 - File unlinker (18+ bytes) Linux/x86 - Perl script execution (99+ bytes) Linux/x86 - file reader (65+ bytes) Linux x86 shellcode obfuscator Linux/x86 - shellcode obfuscator Linux/86 setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode Linux/x86 - rm -rf / attempts to block the process from being stopped Linux/x86 - rm -rf / attempts to block the process from being stopped (132 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111 bytes+) Linux/x86 - executes command after setreuid (9 + 40 bytes + cmd) Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111+ bytes) Linux/x86 - executes command after setreuid (49+ bytes) Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68 bytes+) Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68+ bytes) Linux/x86 - examples of long-term payloads hide-wait-change (.s) Linux/x86 - examples of long-term payloads hide-wait-change 187 bytes+ Linux/x86 - examples of long-term payloads hide-wait-change (.s) (187+ bytes) Linux/x86 - examples of long-term payloads hide-wait-change (187+ bytes) Linux - chroot()/execve() code Linux - chroot()/execve() code (80 bytes) Linux/x86-64 - bindshell port:4444 shellcode (132 bytes) Linux/x86-64 - execve(/bin/sh) (33 bytes) Linux/PPC/x86 execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes) OS-X/PPC/x86 execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes) Linux/x86 - unix/SPARC irix/mips execve /bin/sh irx.mips (141 bytes) Linux/x86 - unix/SPARC execve /bin/sh (80 bytes) Linux/x86 - bsd/x86 execve /bin/sh (38 bytes) netbsd/x86 kill all processes shellcode (23 bytes) netbsd/x86 callback shellcode (port 6666) (83 bytes) netbsd/x86 setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes) netbsd/x86 setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes) netbsd/x86 execve /bin/sh (68 bytes) openbsd/x86 execve(/bin/sh) (23 bytes) openbsd/x86 portbind port 6969 (148 bytes) openbsd/x86 add user w00w00 (112 bytes) OS-X/ppc sync()_ reboot() (32 bytes) OS-X/PPC execve(/bin/sh)_ exit() (72 bytes) OS-X/PPC Add user r00t (219 bytes) OS-X/PPC execve /bin/sh (72 bytes) OS-X/PPC add inetd backdoor (222 bytes) OS-X/PPC reboot (28 bytes) OS-X/PPC setuid(0) + execve /bin/sh (88 bytes) OS-X/PPC create /tmp/suid (122 bytes) OS-X/PPC simple write() (75 bytes) OS-X/PPC execve /usr/X11R6/bin/xterm (141 bytes) sco/x86 execve(_/bin/sh__ ..._ NULL); (43 bytes) Solaris/sparc download and execute (278 bytes) Solaris/sparc executes command after setreuid (92 bytes + cmd) Solaris/sparc connect-back (with XNOR encoded session) (600 bytes) Solaris/sparc setreuid/execve (56 bytes) Solaris/sparc portbind (port 6666) (240 bytes) Solaris/SPARC execve /bin/sh (52 bytes) Solaris/SPARC portbind port 6789 (228 bytes) Solaris/SPARC connect-back (204 bytes) Solaris/SPARC portbinding shellcode Solaris/x86 portbind/tcp shellcode generator Solaris/x86 setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes) Solaris/x86 setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes) Solaris/x86 execve /bin/sh toupper evasion (84 bytes) Solaris/x86 add services and execve inetd (201 bytes) Linux/x86_64 - bindshell port:4444 shellcode (132 bytes) Linux/x86_64 - execve(/bin/sh) (33 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes) OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes) Linux/x86 & unix/SPARC & irix/mips - execve /bin/sh irx.mips (141 bytes) Linux/x86 & unix/SPARC - execve /bin/sh (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh (38 bytes) netbsd/x86 - kill all processes shellcode (23 bytes) netbsd/x86 - callback shellcode (port 6666) (83 bytes) netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes) netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes) netbsd/x86 - execve /bin/sh (68 bytes) openbsd/x86 - execve(/bin/sh) (23 bytes) openbsd/x86 - portbind port 6969 (148 bytes) openbsd/x86 - add user w00w00 (112 bytes) OS-X/ppc - sync()_ reboot() (32 bytes) OS-X/PPC - execve(/bin/sh)_ exit() (72 bytes) OS-X/PPC - Add user r00t (219 bytes) OS-X/PPC - execve /bin/sh (72 bytes) OS-X/PPC - add inetd backdoor (222 bytes) OS-X/PPC - reboot (28 bytes) OS-X/PPC - setuid(0) + execve /bin/sh (88 bytes) OS-X/PPC - create /tmp/suid (122 bytes) OS-X/PPC - simple write() (75 bytes) OS-X/PPC - execve /usr/X11R6/bin/xterm (141 bytes) sco/x86 - execve(_/bin/sh__ ..._ NULL); (43 bytes) Solaris/SPARC - download and execute (278 bytes) Solaris/SPARC - executes command after setreuid (92+ bytes) Solaris/SPARC - connect-back (with XNOR encoded session) (600 bytes) Solaris/SPARC - setreuid/execve (56 bytes) Solaris/SPARC - portbind (port 6666) (240 bytes) Solaris/SPARC - execve /bin/sh (52 bytes) Solaris/SPARC - portbind port 6789 (228 bytes) Solaris/SPARC - connect-back (204 bytes) Solaris/SPARC - portbinding shellcode Solaris/x86 - portbind/tcp shellcode (Generator) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes) Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes) Solaris/x86 - execve /bin/sh toupper evasion (84 bytes) Solaris/x86 - add services and execve inetd (201 bytes) Win32/XP SP2 (En) - cmd.exe (23 bytes) Win32/XP SP2 (EN) - cmd.exe (23 bytes) Win32 SEH omelet shellcode 0.1 Win32 -SEH omelet shellcode Win32 PEB!NtGlobalFlags shellcode (14 bytes) Win32 - PEB!NtGlobalFlags shellcode (14 bytes) Win32 PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes) Win32 PEB Kernel32.dll ImageBase Finder (Ascii Printable) (49 bytes) Win32 connectback_ receive_ save and execute shellcode Win32 Download and Execute Shellcode Generator (browsers edition) Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes) Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) (49 bytes) Win32 - connectback_ receive_ save and execute shellcode Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 IsDebuggerPresent ShellCode (NT/XP) (39 bytes) Win32 (NT/XP) - IsDebuggerPresent ShellCode (39 bytes) Win32 - Download & Exec Shellcode (226 bytes+) Win32 - Download & Exec Shellcode (226+ bytes) Windows 9x/NT/2000/XP Reverse Generic Shellcode without Loader (249 bytes) Windows 9x/NT/2000/XP PEB method (29 bytes) Windows 9x/NT/2000/XP PEB method (31 bytes) Windows 9x/NT/2000/XP PEB method (35 bytes) Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes) Windows 9x/NT/2000/XP - PEB method (29 bytes) Windows 9x/NT/2000/XP - PEB method (31 bytes) Windows 9x/NT/2000/XP - PEB method (35 bytes) Windows/XP download and exec source Windows XP - download and exec source Microsoft Windows - (DCOM RPC2) Universal Shellcode Windows - (DCOM RPC2) Universal Shellcode Linux - setuid(0) & execve(_/sbin/poweroff -f_) Linux - setuid(0) & execve(_/sbin/poweroff -f_) (47 bytes) Win xp sp2 PEB ISbeingdebugged shellcode Windows XP SP2 - PEB ISbeingdebugged shellcode Win32 XP SP3 ShellExecuteA shellcode Win32 XP SP3 - ShellExecuteA shellcode Win32 XP SP3 addFirewallRule freebsd/x86 portbind shellcode (167 bytes) Win32 XP SP3 - addFirewallRule freebsd/x86 - portbind shellcode (167 bytes) Win32/XP SP2 (En + Ar) - cmd.exe (23 bytes) Win32/XP SP2 (EN + AR) - cmd.exe (23 bytes) Windows XP Pro Sp2 English _Message-Box_ Shellcode Windows XP Pro Sp2 English _Wordpad_ Shellcode Windows XP Pro SP2 English - _Message-Box_ Shellcode Null-Free (16 bytes) Windows XP Pro SP2 English - _Wordpad_ Shellcode Null Free (12 bytes) Linux x86 - polymorphic shellcode ip6tables -F (71 bytes) Linux x86 - ip6tables -F (47 bytes) Linux/x86 - polymorphic shellcode ip6tables -F (71 bytes) Linux/x86 - ip6tables -F (47 bytes) Linux x86 - /bin/sh (8 bytes) Linux x86 - execve /bin/sh (21 bytes) Linux/x86 - /bin/sh (8 bytes) Linux/x86 - execve /bin/sh (21 bytes) Linux x86 - disabled modsecurity (64 bytes) Linux/x86 - disabled modsecurity (64 bytes) Win32 Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Win32/XP SP3 (Ru) - WinExec+ExitProcess cmd shellcode (12 bytes) Shellcode - Win32 MessageBox (Metasploit) JITed egg-hunter stage-0 shellcode Adjusted universal for XP/Vista/Windows 7 Linux x86 - nc -lvve/bin/sh -p13377 shellcode Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes) Win32 - MessageBox (Metasploit) Windows XP/Vista/Windows 7 - JITed egg-hunter stage-0 shellcode Adjusted universal Linux/x86 - nc -lvve/bin/sh -p13377 shellcode Linux write() & exit(0) shellcode genearator with customizable text Linux x86 - polymorphic forkbombe - (30 bytes) Linux x86 forkbombe Linux - write() & exit(0) shellcode genearator with customizable text Linux/x86 - polymorphic forkbombe - (30 bytes) Linux/x86 - forkbomb Linux/x86_64 execve(_/bin/sh_); shellcode (30 bytes) Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes) Linux x86 - execve(_/bin/bash___-p__NULL) (33 bytes) Linux x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) (33 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes) Linux x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes) Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes) Windows 7 Pro SP1 64 Fr (Beep) Shellcode (39 bytes) Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes) change mode 0777 of _/etc/shadow_ with sys_chmod syscall Linux/x86 - kill all running process change mode 0777 of _/etc/passwd_ with sys_chmod syscall Linux x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes) Linux x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes) Windows 7 x64 (cmd) Shellcode (61 bytes) Linux x86 - unlink _/etc/shadow_ shellcode (33 bytes) Linux x86 - hard / unclean reboot (29 bytes) Linux x86 - hard / unclean reboot (33 bytes) change mode 0777 of _/etc/shadow_ with sys_chmod syscall (39 bytes) Linux/x86 - kill all running process (11 bytes) change mode 0777 of _/etc/passwd_ with sys_chmod syscall (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes) Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes) Linux/x86 - hard / unclean reboot (29 bytes) Linux/x86 - hard / unclean reboot (33 bytes) Linux - chown root:root /bin/sh x86 shellcode (48 bytes) Linux/x86 - chown root:root /bin/sh shellcode (48 bytes) Linux x86 - netcat connect back port 8080 (76 bytes) Linux/x86 - netcat connect back port 8080 (76 bytes) Allwin MessageBoxA Shellcode Windows - MessageBoxA Shellcode Linux/x86-64 - Disable ASLR Security (143 bytes) Linux/x86_64 - Disable ASLR Security (143 bytes) Polymorphic Bindport 31337 with setreuid (0_0) linux/x86 Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) (131 bytes) Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes) Linux/x86_64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes) Linux/x86-64 - Add root user with password (390 bytes) Linux/x86_64 - Add root user with password (390 bytes) ShellCode WinXP SP3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess (176+ bytes) Polymorphic /bin/sh x86 linux shellcode Linux/x86 - Polymorphic /bin/sh shellcode (116 bytes) Linux/ARM chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux x86 - bind shell port 64533 (97 bytes) Linux/x86 - bind shell port 64533 (97 bytes) 125 bind port to 6778 XOR encoded polymorphic linux shellcode Linux - 125 bind port to 6778 XOR encoded polymorphic ARM Polymorphic - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode Generator ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (Generator) Win32 - Write-to-file Shellcode Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes) Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes) Linux x86 - netcat bindshell port 8080 (75 bytes) Linux/x86 - netcat bindshell port 8080 (75 bytes) Linux x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes) Linux/x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes) Shellcode Checksum Routine Shellcode Checksum Routine (18 bytes) Win32/XP SP3 (Tr) - Add Admin Account Shellcode (127 bytes) Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes) Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM) Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM) Windows Mobile 6.5 TR Phone Call Shellcode Windows Mobile 6.5 TR - Phone Call Shellcode Win32/xp pro sp3 (EN) 32-bit - add new local administrator (113 bytes) Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes) ARM Bindshell port 0x1337 ARM Bind Connect UDP Port 68 ARM Loader Port 0x1337 ARM ifconfig eth0 and Assign Address ARM - Bindshell port 0x1337 ARM - Bind Connect UDP Port 68 ARM - Loader Port 0x1337 ARM - ifconfig eth0 and Assign Address w32 speaking shellcode Win32 - speaking shellcode BSD x86 connect back Shellcode (81 bytes) BSD x86 portbind + fork shellcode (111 bytes) bds/x86 - connect back Shellcode (81 bytes) bds/x86 - portbind + fork shellcode (111 bytes) OS-X/Intel reverse_tcp shell x86_64 (131 bytes) OS-X/Intel - reverse_tcp shell x86_64 (131 bytes) Allwin WinExec add new local administrator + ExitProcess Shellcode Windows - WinExec add new local administrator + ExitProcess Shellcode (279 bytes) Linux x86 - ASLR deactivation (83 bytes) Linux/x86 - ASLR deactivation (83 bytes) Linux/x86-32 - ConnectBack with SSL connection (422 bytes) Linux/x86_32 - ConnectBack with SSL connection (422 bytes) SuperH (sh4) Add root user with password SuperH (sh4) - Add root user with password (143 bytes) Linux x86 egghunt shellcode Linux/x86 - egghunt shellcode (29 bytes) OSX - Universal ROP shellcode OS-X - Universal ROP shellcode 52 byte Linux MIPS execve Linux/MIPS - execve (52 bytes) MIPS Linux XOR Shellcode Encoder (60 bytes) Linux/MIPS - XOR Shellcode Encoder (60 bytes) Linux/x86-64 - execve(/bin/sh) (52 bytes) Linux/x86_64 - execve(/bin/sh) (52 bytes) Linux/x86 - Search For php/html Writable Files and Add Your Code Linux/x86 - Search For php/html Writable Files and Add Your Code (380+ bytes) Linux x86_64 - add user with passwd (189 bytes) Linux/x86_64 - add user with passwd (189 bytes) Linux x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes) Linux/x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes) ntop 1.x - -i Local Format String ntop 1.x - i Local Format String (Raspberry Pi) Linux/ARM - reverse_shell (tcp_10.1.1.2_0x1337) (Raspberry Pi) Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes) (Raspberry Pi) Linux/ARM - chmod(_/etc/shadow__ 0777) (41 bytes) Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) (72 bytes) Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) (41 bytes) Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode Windows - URLDownloadToFile + WinExec + ExitProcess Shellcode MIPS Little Endian Shellcode MIPS Little Endian - Shellcode Media Player Classic 6.4.9 - - FLI File Remote Buffer Overflow Media Player Classic 6.4.9 - FLI File Remote Buffer Overflow Linux x86 - Socket Re-use Shellcode (50 bytes) Linux/x86 - Socket Re-use Shellcode (50 bytes) Linux x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes) Obfuscated Shellcode Linux x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes) Mouse Media Script 1.6 - - Stored XSS Mouse Media Script 1.6 - Stored XSS Linux x86 - rmdir (37 bytes) Linux/x86 - rmdir (37 bytes) Linux x64 - Bind TCP port shellcode (81 bytes_ 96 with password) Linux/x64 - Bind TCP port shellcode (81 bytes / 96 bytes with password) Linux x64 - Reverse TCP connect (77 to 85 bytes_ 90 to 98 with password) Linux/x64 - Reverse TCP connect (77 to 85 bytes / 90 to 98 bytes with password) Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 Bytes) Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 Bytes) Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Linux MIPS - execve (36 bytes) Linux/MIPS - execve (36 bytes) Win x86-64 - Download & execute (Generator) Windows XP x86-64 - Download & execute (Generator) Linux x86 - Egg-hunter (20 bytes) Linux x86 - Typewriter Shellcode Generator Linux/x86 - Egg-hunter (20 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - execve _/bin/sh_ - shellcode (35 bytes) Linux/x86 - execve _/bin/sh_ shellcode (35 bytes) Linux custom execve-shellcode Encoder/Decoder Linux - custom execve-shellcode Encoder/Decoder Linux x86 - Execve /bin/sh Shellcode Via Push (21 bytes) Linux x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes) Linux/x86 - Execve /bin/sh Shellcode Via Push (21 bytes) Linux/x86_64 - Execve /bin/sh Shellcode Via Push (23 bytes) Linux x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - execve /bin/sh shellcode (21 bytes) (2) Linux/x86 - execve /bin/sh shellcode (2) (21 bytes) Linux - execve(/bin/sh) (30 bytes) Linux/x86_64 - execve(/bin/sh) (30 bytes) Linux 64 bit - Encoded execve shellcode Linux 64bit - Encoded execve shellcode Linux x86 /bin/sh ROT7 Encoded Shellcode Linux/x86 - /bin/sh ROT7 Encoded Shellcode Win32/xp[TR] sp3 - MessageBox (24 bytes) Win32/XP SP3 (TR) - MessageBox (24 bytes) Linux x86 - Egg Hunter Shellcode (19 bytes) Linux/x86 - Egg Hunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ (199 Bytes Null-Free) Windows x86 - user32!MessageBox _Hello World!_ Null-Free (199 bytes) Linux x86 - /bin/sh ROL/ROR Encoded Shellcode Linux/x86 - /bin/sh ROL/ROR Encoded Shellcode OS X x64 /bin/sh Shellcode - NULL Byte Free (34 bytes) OS-X x64 - /bin/sh Shellcode - NULL Byte Free (34 bytes) Mainframe/System Z Bind Shell Mainframe/System Z - Bind Shell Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) (75 bytes) OS X x64 - tcp bind shellcode_ NULL byte free (144 bytes) OS-X x64 - tcp bind shellcode_ NULL byte free (144 bytes) Linux x86_64 - /bin/sh Linux/x86_64 - /bin/sh Linux x86_64 - execve Shellcode (22 bytes) Linux/x86_64 - execve Shellcode (22 bytes) Linux x86_64 - Bindshell with Password (92 bytes) Linux/x86_64 - Bindshell with Password (92 bytes) Linux x64 - egghunter (24 bytes) Linux/x64 - egghunter (24 bytes) Linux x86_64 - Polymorphic execve Shellcode (31 bytes) Linux/x86_64 - Polymorphic execve Shellcode (31 bytes) Windows XP-10 - Null-Free WinExec Shellcode (Python) Windows XP<10 - Null-Free WinExec Shellcode (Python) x64 Linux Bind TCP Port Shellcode Linux/x64 - Bind TCP Port Shellcode (103 bytes) x86_64 Linux bind TCP port shellcode Linux/x86_64 - bind TCP port shellcode (103 bytes) Linux/x86 - execve _/bin/sh_ - shellcode 24 byte Linux/x86 - execve _/bin/sh_ shellcode (24 bytes) Linux x86_64 - Egghunter (18 bytes) Linux x86 - Egg-hunter (13 bytes) Linux/x86_64 - Egghunter (18 bytes) Linux/x86 - Egg-hunter (13 bytes) WordPress Booking Calendar Contact Form Plugin <=1.1.23 - Unauthenticated SQL injection WordPress Booking Calendar Contact Form Plugin <= 1.1.23 - Unauthenticated SQL injection x86_64 Linux xor/not/div Encoded execve Shellcode Linux/x86_64 - xor/not/div Encoded execve Shellcode (54 bytes) WordPress Booking Calendar Contact Form Plugin <=1.1.23 - Shortcode SQL Injection WordPress Booking Calendar Contact Form Plugin <= 1.1.23 - Shortcode SQL Injection Linux x86/x86_64 reverse_tcp Shellcode Linux/x86/x86_64 - reverse_tcp Shellcode Linux x86/x86_64 tcp_bind Shellcode Linux x86/x86_64 Read etc/passwd Shellcode Linux/x86/x86_64 - tcp_bind Shellcode Linux/x86/x86_64 - Read etc/passwd Shellcode WordPress Booking Calendar Contact Form <=1.1.24 - Multiple Vulnerabilities WordPress Booking Calendar Contact Form <= 1.1.24 - Multiple Vulnerabilities x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version (1) Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (1) (122 bytes) x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version (2) Linux x86 Download & Execute Shellcode Linux x86_64 - Polymorphic Execve-Stack (47 bytes) Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (2) (135 bytes) Linux/x86 - Download & Execute Shellcode Linux/x86_64 - Polymorphic Execve-Stack (47 bytes) Linux x86_64 - Reverse Shell Shellcode Linux/x86_64 - Reverse Shell Shellcode Linux/x86_x64 - execve(/bin/sh) (26 bytes) Linux/x86_64 - execve(/bin/sh) (26 bytes) Linux/x86_x64 - execve(/bin/sh) (25 bytes) Linux/x86_x64 - execve(/bin/bash) (33 bytes) Linux/x86_64 - execve(/bin/sh) (25 bytes) Linux/x86_64 - execve(/bin/bash) (33 bytes) Linux/x86_64 - bindshell (PORT: 5600) (81 bytes) Linux/x86_64 - bindshell (Pori: 5600) (81 bytes) Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode Linux x86 Reverse TCP Shellcode (ipv6) Linux x86 Shellcode - Bind TCP Port 1472 (ipv6) Linux/x86 - Reverse TCP Shellcode (IPv6) Linux/x86 - Bind TCP Port 1472 (IPv6) (1250 bytes) Linux x64 - Bind Shell Shellcode Generator Linux/x64 - Bind Shell Shellcode (Generator) Windows Null-Free Shellcode - Primitive Keylogger to File (431 (0x01AF) bytes) Windows - Null-Free Shellcode Primitive Keylogger to File (431 (0x01AF) bytes) .Net Framework Execute Native x86 Shellcode .Net Framework - Execute Native x86 Shellcode Linux x86_64 Shellcode - Bind TCP Port 1472 (ipv6) Linux/x86_64 - Bind TCP Port 1472 (IPv6) Linux x86_64 Shellcode - Reverse TCP (ipv6) Linux/x86_64 - Reverse TCP (IPv6) Windows - Null-Free Shellcode - Functional Keylogger to File (601 (0x0259) bytes) Windows - Null-Free Shellcode Functional Keylogger to File (601 (0x0259) bytes) Linux x86_64 Shellcode Null-Free Reverse TCP Shell Linux/x86_64 - Null-Free Reverse TCP Shell Linux x86_64 Information Stealer Shellcode Linux/x86_64 - Information Stealer Shellcode Linux x86 - TCP Bind Shell Port 4444 (656 bytes) Linux/x86 - TCP Bind Shell Port 4444 (656 bytes) Linux x86_64 XOR Encode execve Shellcode Linux/x86_64 - XOR Encode execve Shellcode Linux/Windows/BSD x86_64 execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Windows x86 WinExec(_cmd.exe__0) Shellcode Linux x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode Linux/x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Windows x86 system(_systeminfo_) Shellcode Windows x86 - system(_systeminfo_) Shellcode Windows x86 ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode Linux x86 /bin/sh Shellcode + ASLR Bruteforce Linux/x86 - /bin/sh Shellcode + ASLR Bruteforce Linux x86_64 /etc/passwd File Sender Shellcode Linux/x86_64 - /etc/passwd File Sender Shellcode Linux x86 - TCP Bind Shell Port 4444 (98 bytes) Linux/x86 - TCP Bind Shell Port 4444 (98 bytes) Linux x86 - TCP Reverse Shellcode (75 bytes) Linux/x86 - TCP Reverse Shellcode (75 bytes) Linux x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes) Linux/x86_64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes) Linux x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure	2016-07-16 05:06:26 +00:00
Offensive Security	0d018828aa	DB: 2016-07-15	2016-07-15 06:29:45 +00:00
Offensive Security	da158cde92	DB: 2016-06-21 11 new exploits Linux Kernel 2.2. / 2.4.x - /proc Filesystem Potential Information Disclosure Vulnerability Linux Kernel 2.2.x / 2.4.x - /proc Filesystem Potential Information Disclosure Vulnerability WordPress Ultimate Product Catalog Plugin 3.8.1 - Privilege Escalation Linux x86_64 execve Shellcode - 15 bytes sNews CMS 1.7.1 - Multiple Vulnerabilities Joomla BT Media (com_bt_media) Component - SQL Injection Premium SEO Pack 1.9.1.3 - wp_options Overwrite Windows XP - 10 - Download & Execute Shellcode Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (msf) Airia - (Add Content) CSRF Airia - Webshell Upload Exploit Symphony CMS 2.6.7 - Session Fixation ACROS Security 0patch 2016.05.19.539 - (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation	2016-06-21 05:03:48 +00:00
Offensive Security	52e862d62a	DB: 2016-05-11 9 new exploits Linux Kernel 2.2.x - 2.4.x - ptrace/kmod Local Root Exploit Linux Kernel 2.2.x / 2.4.x (Redhat) - ptrace/kmod Local Root Exploit Sendmail <= 8.12.8 prescan() BSD Remote Root Exploit Sendmail <= 8.12.8 - prescan() BSD Remote Root Exploit Gopherd <= 3.0.5 FTP Gateway Remote Overflow Exploit Gopherd <= 3.0.5 - FTP Gateway Remote Overflow Exploit mIRC 6.1 - _IRC_ Protocol Remote Buffer Overflow Exploit mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow Exploit Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit Apache mod_gzip (with debug_mode) <= 1.2.26.1a - Remote Exploit Linux Kernel 2.4.22 - _do_brk()_ Local Root Exploit (PoC) Linux Kernel 2.4.22 - 'do_brk()' Local Root Exploit (Proof of Concept) Linux Kernel <= 2.4.22 - (do_brk) Local Root Exploit (working) Linux Kernel <= 2.4.22 - 'do_brk' Local Root Exploit Xsok 1.02 - _-xsokdir_ Local Buffer Overflow Game Exploit Linux Kernel <= 2.4.23 / <= 2.6.0 - _do_mremap_ Local Proof of Concept (1) Linux Kernel <= 2.4.23 / <= 2.6.0 - _do_mremap_ Local Proof of Concept (2) Xsok 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap' Local Proof of Concept (1) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap' Local Proof of Concept (2) Linux Kernel <= 2.4.23 / <= 2.6.0 - mremap() Bound Checking Root Exploit Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit Serv-U FTPD 3.x/4.x _SITE CHMOD_ Command Remote Exploit Serv-U FTPD 3.x/4.x- 'SITE CHMOD' Command Remote Exploit Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - _mremap()_ Local Proof-of-Concept (2) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Proof of Concept (2) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - _mremap()_ Missing _do_munmap_ Exploit Red Faction <= 1.20 Server Reply Remote Buffer Overflow Exploit Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit Red Faction <= 1.20 - Server Reply Remote Buffer Overflow Exploit eMule <= 0.42d IRC Remote Buffer Overflow Exploit eMule <= 0.42d - IRC Remote Buffer Overflow Exploit GnomeHack Local Buffer Overflow Exploit (gid=games) GnomeHack - Local Buffer Overflow Exploit (gid=games) Kwintv Local Buffer Overflow Exploit (gid=video(33)) Kwintv - Local Buffer Overflow Exploit (gid=video(33)) Redhat 6.1 man Local Exploit (egid 15) Redhat 6.1 man - Local Exploit (egid 15) Linux Kernel <= 2.6.3 - (setsockopt) Local Denial of Service Exploit Linux Kernel <= 2.6.3 - 'setsockopt' Local Denial of Service Exploit Linux Kernel 2.4.x - 2.6.x - Assembler Inline Function Local DoS Exploit rlpr <= 2.04 msg() Remote Format String Exploit MPlayer <= 1.0pre4 GUI filename handling Overflow Exploit Linux Kernel 2.4.x / 2.6.x - Assembler Inline Function Local DoS Exploit rlpr <= 2.04 - msg() Remote Format String Exploit MPlayer <= 1.0pre4 GUI - filename handling Overflow Exploit Samba <= 3.0.4 SWAT Authorization Buffer Overflow Exploit Samba <= 3.0.4 - SWAT Authorization Buffer Overflow Exploit OpenFTPD <= 0.30.1 (message system) Remote Shell Exploit OpenFTPD <= 0.30.1 - (message system) Remote Shell Exploit Linux Kernel - File Offset Pointer Handling Memory Disclosure Exploit Linux Kernel <= 2.4.26- File Offset Pointer Handling Memory Disclosure Exploit Ollydbg <= 1.10 Format String Bug Ollydbg <= 1.10 - Format String Bug Mac OS X <= 10.3.3 AppleFileServer Remote Root Overflow Exploit Remote CVS <= 1.11.15 (error_prog_name) Remote Exploit LibPNG <= 1.2.5 png_jmpbuf() Local Buffer Overflow Exploit Mac OS X <= 10.3.3 - AppleFileServer Remote Root Overflow Exploit Remote CVS <= 1.11.15 - (error_prog_name) Remote Exploit LibPNG <= 1.2.5 - png_jmpbuf() Local Buffer Overflow Exploit AOL Instant Messenger AIM _Away_ Message Local Exploit AOL Instant Messenger AIM - 'Away' Message Local Exploit Ground Control <= 1.0.0.7 (Server/Client) Denial of Service Exploit Ground Control <= 1.0.0.7 - (Server/Client) Denial of Service Exploit AOL Instant Messenger AIM _Away_ Message Remote Exploit AOL Instant Messenger AIM - 'Away' Message Remote Exploit (2) Silent Storm Portal Multiple Vulnerabilities Silent Storm Portal - Multiple Vulnerabilities YahooPOPs <= 1.6 SMTP Port Buffer Overflow Exploit YahooPOPs <= 1.6 - SMTP Port Buffer Overflow Exploit Monit <= 4.2 Basic Authentication Remote Root Exploit Monit <= 4.2 - Basic Authentication Remote Root Exploit YahooPOPs <= 1.6 SMTP Remote Buffer Overflow Exploit YahooPOPs <= 1.6 - SMTP Remote Buffer Overflow Exploit Ability Server <= 2.34 (APPE) Remote Buffer Overflow Exploit Ability Server <= 2.34 - (APPE) Remote Buffer Overflow Exploit Chatman <= 1.5.1 RC1 Broadcast Crash Exploit Flash Messaging <= 5.2.0g Remote Denial of Service Exploit Chatman <= 1.5.1 RC1 - Broadcast Crash Exploit Flash Messaging <= 5.2.0g - Remote Denial of Service Exploit CoffeeCup FTP Clients (Direct <= 6.2.0.62) (Free <= 3.0.0.10) BoF Exploit Halo <= 1.05 Broadcast Client Crash Exploit CoffeeCup FTP Clients (Direct <= 6.2.0.62) (Free <= 3.0.0.10) - BoF Exploit Halo <= 1.05 - Broadcast Client Crash Exploit Soldier of Fortune II <= 1.3 Server/Client Denial of Service Exploit Soldier of Fortune II <= 1.3 Server/Client - Denial of Service Exploit Star Wars Battlefront <= 1.1 Fake Players Denial of Service Exploit Star Wars Battlefront <= 1.1 - Fake Players Denial of Service Exploit PHP <= 4.3.7/ 5.0.0RC3 memory_limit Remote Exploit PHP <= 4.3.7/ 5.0.0RC3 - memory_limit Remote Exploit WS_FTP Server <= 5.03 MKD Remote Buffer Overflow Exploit WS_FTP Server <= 5.03 - MKD Remote Buffer Overflow Exploit Jana Server <= 2.4.4 (http/pna) Denial of Service Exploit Jana Server <= 2.4.4 - (http/pna) Denial of Service Exploit Kreed <= 1.05 Format String and Denial of Service Exploit Kreed <= 1.05 - Format String and Denial of Service Exploit Codename Eagle <= 1.42 Socket Unreacheable DoS Exploit Codename Eagle <= 1.42 - Socket Unreacheable DoS Exploit Linux Kernel <= 2.6.9 / 2.4.22-28 - (igmp.c) Local Denial of Service Exploit Linux Kernel <= 2.6.9 / 2.4.22-28 - 'igmp.c' Local Denial of Service Exploit WinRAR <= 3.4.1 Corrupt ZIP File Vulnerability PoC Cscope <= 15.5 Symlink Vulnerability Exploit WinRAR <= 3.4.1 - Corrupt ZIP File Vulnerability PoC Cscope <= 15.5 - Symlink Vulnerability Exploit Linux Kernel 2.6.x - chown() Group Ownership Alteration Exploit Linux Kernel 2.6.x (Slackware 9.1/ Debian 3.0) - chown() Group Ownership Alteration Exploit Netcat 1.1 - _-e_ Switch Remote Buffer Overflow Exploit PHP <= 4.3.7 openlog() Buffer Overflow Exploit Netcat 1.1 - '-e' Switch Remote Buffer Overflow Exploit PHP <= 4.3.7 - openlog() Buffer Overflow Exploit phpBB <= 2.0.10 Bot Install (Altavista) (ssh.D.Worm) phpBB <= 2.0.10 - Bot Install (Altavista) (ssh.D.Worm) Gore <= 1.50 Socket Unreacheable Denial of Service Exploit Gore <= 1.50 - Socket Unreacheable Denial of Service Exploit Exim <= 4.41 dns_build_reverse Local Exploit PoC Exim <= 4.41 - dns_build_reverse Local Exploit PoC Peer2Mail <= 1.4 Encrypted Password Dumper Exploit Peer2Mail <= 1.4 - Encrypted Password Dumper Exploit Mac OS X <= 10.3.7 Input Validation Flaw parse_machfile() DoS Mac OS X <= 10.3.7 - Input Validation Flaw parse_machfile() DoS Xpand Rally <= 1.0.0.0 (Server/Clients) Crash Exploit Xpand Rally <= 1.0.0.0 (Server/Clients) - Crash Exploit Painkiller <= 1.35 in-game cd-key alpha-numeric Buffer Overflow Exploit Painkiller <= 1.35 - in-game cd-key alpha-numeric Buffer Overflow Exploit Armagetron Advanced <= 0.2.7.0 Server Crash Exploit Armagetron Advanced <= 0.2.7.0 - Server Crash Exploit MercuryBoard <= 1.1.1 Working SQL Injection MercuryBoard <= 1.1.1 - SQL Injection GNU a2ps _Anything to PostScript_ Local Exploit (not suid) GNU a2ps - 'Anything to PostScript' Local Exploit (Not SUID) vBulletin <= 3.0.4 - _forumdisplay.php_ Code Execution vBulletin <= 3.0.4 - 'forumdisplay.php' Code Execution (1) vBulletin <= 3.0.4 - _forumdisplay.php_ Code Execution (part 2) Serv-U 4.x _site chmod_ Remote Buffer Overflow Exploit vBulletin <= 3.0.4 - 'forumdisplay.php' Code Execution (2) Serv-U 4.x - 'site chmod' Remote Buffer Overflow Exploit 3Com 3CDaemon FTP Unauthorized _USER_ Remote BoF Exploit 3Com 3CDaemon FTP - Unauthorized 'USER' Remote BoF Exploit vBulletin <= 3.0.6 php Code Injection vBulletin <= 3.0.6 - PHP Code Injection Soldier of Fortune 2 <= 1.03 - _cl_guid_ - Server Crash Soldier of Fortune 2 <= 1.03 - 'cl_guid' - Server Crash Knet <= 1.04c Buffer Overflow Denial of Service Exploit Knet <= 1.04c - Buffer Overflow Denial of Service Exploit Scrapland <= 1.0 Server Termination Denial of Service Exploit Scrapland <= 1.0 - Server Termination Denial of Service Exploit Apache <= 2.0.52 HTTP GET request Denial of Service Exploit Nokia Symbian 60 (Bluetooth Nickname) Remote Restart (update) Apache <= 2.0.52 - HTTP GET request Denial of Service Exploit Nokia Symbian 60 (Bluetooth Nickname) Remote Restart (2) Microsoft Internet Explorer _mshtml.dll_ CSS Parsing Buffer Overflow Microsoft Internet Explorer - 'mshtml.dll' CSS Parsing Buffer Overflow Ethereal <= 0.10.9 - _3G-A11_ - Remote Buffer Overflow Exploit (2) Ethereal <= 0.10.9 - '3G-A11' Remote Buffer Overflow Exploit (Windows) Ethereal <= 0.10.9 - _3G-A11_ Remote Buffer Overflow Exploit Ethereal <= 0.10.9 - '3G-A11' Remote Buffer Overflow Exploit (Linux) PHP-Nuke 6.x - 7.6 Top module Remote SQL Injection Exploit (working) PHP-Nuke 6.x - 7.6 Top module - Remote SQL Injection Exploit HP-UX FTPD <= 1.1.214.4 - _REST_ Remote Brute Force Exploit HP-UX FTPD <= 1.1.214.4 - 'REST' Remote Brute Force Exploit Invision Power Board <= 2.0.3 Login.PHP SQL Injection Exploit Invision Power Board <= 2.0.3 Login.PHP SQL Injection (tutorial) Invision Power Board <= 2.0.3 - Login.PHP SQL Injection Exploit Invision Power Board <= 2.0.3 - Login.PHP SQL Injection (tutorial) phpStat <= 1.5 (setup.php) Authentication Bypass Exploit (perl) phpStat <= 1.5 (setup.php) Authentication Bypass Exploit (php) phpStat <= 1.5 (setup.php) Authentication Bypass Exploit (php 2) phpStat <= 1.5 - (setup.php) Authentication Bypass Exploit (Perl) phpStat <= 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (1) phpStat <= 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (2) Ethereal <= 0.10.10 (SIP) Protocol Dissector Remote BoF Exploit MyBulletinBoard (MyBB) <= 1.00 RC4 SQL Injection Exploit Ethereal <= 0.10.10 - (SIP) Protocol Dissector Remote BoF Exploit MyBulletinBoard (MyBB) <= 1.00 RC4 - SQL Injection Exploit Microsoft Internet Explorer - javascript _window()_ Crash Microsoft Internet Explorer - javascript 'window()' Crash Kaspersky AntiVirus - _klif.sys_ Privilege Escalation Vulnerability Kaspersky AntiVirus - 'klif.sys' Privilege Escalation Vulnerability Invision Power Board <= 1.3.1 Login.PHP SQL Injection (working) Invision Power Board <= 1.3.1 - Login.PHP SQL Injection WordPress <= 1.5.1.1 - _add new admin_ SQL Injection Exploit WordPress <= 1.5.1.1 - 'add new admin' SQL Injection Exploit Mozilla Firefox <= 1.0.4 - _Set As Wallpaper_ Code Execution Exploit Mozilla Firefox <= 1.0.4 - 'Set As Wallpaper' Code Execution Exploit Scorched 3D <= 39.1 - Multiple Vulnerabilities (All-in-One) (PoC) Scorched 3D <= 39.1 - Multiple Vulnerabilities (PoC) XOOPS (wfdownloads) 2.05 Module Multiple Vulnerabilities Exploit XOOPS (wfdownloads) 2.05 Module - Multiple Vulnerabilities Linux Kernel <= 2.6.11 - 'k-rad3.c' (CPL 0) Local Root Exploit Linux Kernel <= 2.6.9 / <= 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Local Root Exploit Alien Arena 2006 Gold Edition <= 5.00 - Multiple Vulnerabilities Exploit Alien Arena 2006 Gold Edition <= 5.00 - Multiple Vulnerabilities nodez <= 4.6.1.1 mercury Multiple Vulnerabilities nodez <= 4.6.1.1 mercury - Multiple Vulnerabilities gCards <= 1.45 - Multiple Vulnerabilities All-In-One Exploit gCards <= 1.45 - Multiple Vulnerabilities Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Path Disclosure / Denial of Service Exploit Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit OpenTTD <= 0.4.7 - (multiple vulnerabilities) Denial of Service Exploit OpenTTD <= 0.4.7 - Multiple Vulnerabilities/Denial of Service Exploit Apple Mac OS X Safari <= 2.0.3 (417.9.2) Multiple Vulnerabilities PoC Apple Mac OS X Safari <= 2.0.3 (417.9.2) - Multiple Vulnerabilities (PoC) PHP-Fusion <= 6.00.306 - Multiple Vulnerabilities Exploit PHP-Fusion <= 6.00.306 - Multiple Vulnerabilities outgun <= 1.0.3 bot 2 - Multiple Vulnerabilities Exploit outgun <= 1.0.3 bot 2 - Multiple Vulnerabilities raydium <= svn 309 - Multiple Vulnerabilities Exploit raydium <= svn 309 - Multiple Vulnerabilities PunkBuster < 1.229 (WebTool Service) Remote Buffer Overflow DoS PunkBuster < 1.229 - (WebTool Service) Remote Buffer Overflow DoS Ultimate PHP Board <= 1.96 GOLD Multiple Vulnerabilities Exploit Ultimate PHP Board <= 1.96 GOLD - Multiple Vulnerabilities Light Blog Remote Multiple Vulnerabilities Exploit Light Blog Remote - Multiple Vulnerabilities Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC Apple Airport - 802.11 Probe Response Kernel Memory Corruption Proof of Concept contentnow 1.30 (local/upload/delete) Multiple Vulnerabilities contentnow 1.30 - (local/upload/delete) Multiple Vulnerabilities contentnow 1.30 (upload/XSS) Multiple Vulnerabilities contentnow 1.30 - (Upload/XSS) Multiple Vulnerabilities torrentflux <= 2.2 (create/exec/delete) Multiple Vulnerabilities torrentflux <= 2.2 - (create/exec/delete) Multiple Vulnerabilities Messagerie Locale (centre.php) Remote File Inclusion Vulnerability Site News (centre.php) Remote File Inclusion Vulnerability Messagerie Locale (centre.php) - Remote File Inclusion Vulnerability Site News (centre.php) - Remote File Inclusion Vulnerability kubix <= 0.7 - Multiple Vulnerabilities Exploit kubix <= 0.7 - Multiple Vulnerabilities BBS E-Market Professional (Path Disclosure/Include) Multiple Vulnerabilities BBS E-Market Professional - (Path Disclosure/Include) Multiple Vulnerabilities F-Prot Antivirus 4.6.6 (ACE) Denial of Service Exploit F-Prot Antivirus 4.6.6 - (ACE) Denial of Service Exploit open newsletter <= 2.5 - Multiple Vulnerabilities Exploit (update) open newsletter <= 2.5 - Multiple Vulnerabilities (2) eNdonesia 8.4 (mod.php/friend.php/admin.php) Multiple Vulnerabilities eNdonesia 8.4 - (mod.php/friend.php/admin.php) Multiple Vulnerabilities php-update <= 2.7 - Multiple Vulnerabilities Exploit php-update <= 2.7 - Multiple Vulnerabilities ig shop 1.0 (eval/SQL Injection) Multiple Vulnerabilities ig shop 1.0 - (eval/SQL Injection) Multiple Vulnerabilities QUOTE&ORDERING SYSTEM 1.0 (ordernum) Multiple Vulnerabilities QUOTE&ORDERING SYSTEM 1.0 - (ordernum) Multiple Vulnerabilities vp-asp shopping cart 6.09 (SQL/XSS) Multiple Vulnerabilities vp-asp shopping cart 6.09 - (SQL/XSS) Multiple Vulnerabilities Aztek Forum 4.0 - Multiple Vulnerabilities Exploit Aztek Forum 4.0 - Multiple Vulnerabilities otscms <= 2.1.5 (SQL/XSS) Multiple Vulnerabilities otscms <= 2.1.5 - (SQL/XSS) Multiple Vulnerabilities uTorrent 1.6 build 474 (announce) Key Remote Heap Overflow Exploit uTorrent 1.6 build 474 - (announce) Key Remote Heap Overflow Exploit Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit Connectix Boards <= 0.7 - (p_skin) Multiple Vulnerabilities qdblog 0.4 (SQL Injection/LFI) Multiple Vulnerabilities qdblog 0.4 - (SQL Injection/LFI) Multiple Vulnerabilities Censura 1.15.04 (censura.php vendorid) SQL Injection Vulnerability Censura 1.15.04 - (censura.php vendorid) SQL Injection Vulnerability runawaysoft haber portal 1.0 (tr) Multiple Vulnerabilities runawaysoft haber portal 1.0 - (tr) Multiple Vulnerabilities netclassifieds (SQL/XSS/full path) Multiple Vulnerabilities netclassifieds - (SQL/XSS/full path) Multiple Vulnerabilities bugmall shopping cart 2.5 (SQL/XSS) Multiple Vulnerabilities bugmall shopping cart 2.5 - (SQL/XSS) Multiple Vulnerabilities Linux Kernel < 2.6.20.2 - IPv6_Getsockopt_Sticky Memory Leak PoC Linux Kernel < 2.6.20.2 - IPv6_Getsockopt_Sticky Memory Leak Proof of Concept Pictures Rating (index.php msgid) Remote SQL Injection Vulnerbility Pictures Rating - (index.php msgid) Remote SQL Injection Vulnerbility Joomla Component Nice Talk <= 0.9.3 (tagid) SQL Injection Vulnerability Joomla Component Nice Talk <= 0.9.3 - (tagid) SQL Injection Vulnerability Xitami Web Server 2.5 (If-Modified-Since) Remote BoF Exploit (0day) Xitami Web Server 2.5 - (If-Modified-Since) Remote BoF Exploit (0day) Linux Kernel 2.4/2.6 - x86-64 System Call Emulation Exploit Linux Kernel 2.4 / 2.6 x86-64 - System Call Emulation Exploit else if CMS 0.6 - Multiple Vulnerabilities / Exploit else if CMS 0.6 - Multiple Vulnerabilities Php-Stats 0.1.9.2 - Multiple Vulnerabilities Exploit Php-Stats 0.1.9.2 - Multiple Vulnerabilities Apple Mac OS X 10.4.x Kernel - i386_set_ldt() Integer Overflow PoC Apple Mac OS X 10.4.x Kernel - i386_set_ldt() Integer Overflow Proof of Concept WorkingOnWeb 2.0.1400 events.php Remote SQL Injection Vulnerability WorkingOnWeb 2.0.1400 - events.php Remote SQL Injection Vulnerability Apple Mac OS X xnu <= 1228.0 - mach-o Local Kernel Denial of Service PoC Apple Mac OS X xnu <= 1228.0 - mach-o Local Kernel Denial of Service Proof of Concept portalapp 4.0 (SQL/XSS/auth bypasses) Multiple Vulnerabilities portalapp 4.0 - (SQL/XSS/auth bypasses) Multiple Vulnerabilities evilboard 0.1a (SQL/XSS) Multiple Vulnerabilities evilboard 0.1a - (SQL/XSS) Multiple Vulnerabilities Evilsentinel <= 1.0.9 (multiple vulnerabilities) Disable Exploit Evilsentinel <= 1.0.9 - (Multiple Vulnerabilities) Disable Exploit blogcms 4.2.1b (SQL/XSS) Multiple Vulnerabilities blogcms 4.2.1b - (SQL/XSS) Multiple Vulnerabilities bloofox 0.3 (SQL/fd) Multiple Vulnerabilities bloofox 0.3 - (SQL/fd) Multiple Vulnerabilities Liquid-Silver CMS 0.1 (update) Local File Inclusion Vulnerability Liquid-Silver CMS 0.1 - (update) Local File Inclusion Vulnerability simple forum 3.2 (fd/XSS) Multiple Vulnerabilities simple forum 3.2 - (fd/XSS) Multiple Vulnerabilities Mambo Component Sermon 0.2 (gid) SQL Injection Vulnerability Mambo Component Sermon 0.2 - (gid) SQL Injection Vulnerability Philips VOIP841 (Firmware <= 1.0.4.800) Multiple Vulnerabilities Philips VOIP841 - (Firmware <= 1.0.4.800) Multiple Vulnerabilities pigyard art gallery Multiple Vulnerabilities pigyard art gallery - Multiple Vulnerabilities XOOPS Module Gallery 0.2.2 (gid) Remote SQL Injection Vulnerability XOOPS Module My_eGallery 3.04 (gid) SQL Injection Vulnerability XOOPS Module Gallery 0.2.2 - (gid) Remote SQL Injection Vulnerability XOOPS Module My_eGallery 3.04 - (gid) SQL Injection Vulnerability easycalendar <= 4.0tr Multiple Vulnerabilities easygallery <= 5.0tr Multiple Vulnerabilities easycalendar <= 4.0tr - Multiple Vulnerabilities easygallery <= 5.0tr - Multiple Vulnerabilities Nuked-Klan <= 1.7.6 - Multiple Vulnerabilities Exploit Nuked-Klan <= 1.7.6 - Multiple Vulnerabilities RedDot CMS 7.5 (LngId) Remote SQL Injection Exploit RedDot CMS 7.5 - (LngId) Remote SQL Injection Exploit minibb 2.2 (css/SQL/fpd) Multiple Vulnerabilities minibb 2.2 - (css/SQL/fpd) Multiple Vulnerabilities siteman 2.x (exec/LFI/XSS) Multiple Vulnerabilities siteman 2.x - (exec/LFI/XSS) Multiple Vulnerabilities megabbs forum 2.2 (SQL/XSS) Multiple Vulnerabilities megabbs forum 2.2 - (SQL/XSS) Multiple Vulnerabilities Joomla Component paxxgallery 0.2 (gid) Blind SQL Injection Exploit Joomla Component paxxgallery 0.2 - (gid) Blind SQL Injection Exploit cplinks 1.03 (bypass/SQL/xxs) Multiple Vulnerabilities cplinks 1.03 - (bypass/SQL/xxs) Multiple Vulnerabilities deluxebb <= 1.2 - Multiple Vulnerabilities Exploit deluxebb <= 1.2 - Multiple Vulnerabilities Phoenix View CMS <= Pre Alpha2 (SQL/LFI/XSS) Multiple Vulnerabilities Phoenix View CMS <= Pre Alpha2 - (SQL/LFI/XSS) Multiple Vulnerabilities Ktools PhotoStore <= 3.5.1 (gallery.php gid) SQL Injection Vulnerability Ktools PhotoStore <= 3.5.1 - (gallery.php gid) SQL Injection Vulnerability idautomation bar code ActiveX Multiple Vulnerabilities idautomation bar code ActiveX - Multiple Vulnerabilities ecms 0.4.2 (SQL/pb) Multiple Vulnerabilities Mantis Bug Tracker 1.1.1 (CE/XSS/CSRF) Multiple Vulnerabilities ecms 0.4.2 - (SQL/pb) Multiple Vulnerabilities Mantis Bug Tracker 1.1.1 - (CE/XSS/CSRF) Multiple Vulnerabilities mebiblio 0.4.7 (SQL/upload/XSS) Multiple Vulnerabilities mebiblio 0.4.7 - (SQL/upload/XSS) Multiple Vulnerabilities smeweb 1.4b (SQL/XSS) Multiple Vulnerabilities smeweb 1.4b - (SQL/XSS) Multiple Vulnerabilities PHP-Address Book <= 3.1.5 (SQL/XSS) Multiple Vulnerabilities PHP-Address Book <= 3.1.5 - (SQL/XSS) Multiple Vulnerabilities 427bb 2.3.1 (SQL/XSS) Multiple Vulnerabilities 427bb 2.3.1 - (SQL/XSS) Multiple Vulnerabilities Black Ice Software Inc Barcode SDK (BIDIB.ocx) Multiple Vulnerabilities Black Ice Software Inc Barcode SDK - (BIDIB.ocx) Multiple Vulnerabilities real estate Web site 1.0 (SQL/XSS) Multiple Vulnerabilities telephone directory 2008 (SQL/XSS) Multiple Vulnerabilities real estate Web site 1.0 - (SQL/XSS) Multiple Vulnerabilities telephone directory 2008 - (SQL/XSS) Multiple Vulnerabilities gravity board x 2.0 beta (SQL/XSS) Multiple Vulnerabilities gravity board x 2.0 beta - (SQL/XSS) Multiple Vulnerabilities butterfly organizer 2.0.0 (SQL/XSS) Multiple Vulnerabilities butterfly organizer 2.0.0 - (SQL/XSS) Multiple Vulnerabilities doITlive CMS <= 2.50 (SQL Injection/XSS) Multiple Vulnerabilities doITlive CMS <= 2.50 - (SQL Injection/XSS) Multiple Vulnerabilities ownrs blog beta3 (SQL/XSS) Multiple Vulnerabilities ownrs blog beta3 - (SQL/XSS) Multiple Vulnerabilities sitexs CMS 0.1.1 (upload/XSS) Multiple Vulnerabilities sitexs CMS 0.1.1 - (upload/XSS) Multiple Vulnerabilities shibby shop <= 2.2 (SQL/update) Multiple Vulnerabilities shibby shop <= 2.2 - (SQL/update) Multiple Vulnerabilities polypager <= 1.0rc2 (SQL/XSS) Multiple Vulnerabilities polypager <= 1.0rc2 - (SQL/XSS) Multiple Vulnerabilities otmanager CMS 24a (LFI/XSS) Multiple Vulnerabilities w1l3d4 philboard 1.2 (blind sql/XSS) Multiple Vulnerabilities otmanager CMS 24a - (LFI/XSS) Multiple Vulnerabilities w1l3d4 philboard 1.2 - (blind sql/XSS) Multiple Vulnerabilities Thelia 1.3.5 - Multiple Vulnerabilities Exploit Thelia 1.3.5 - Multiple Vulnerabilities contentnow 1.4.1 (upload/XSS) Multiple Vulnerabilities contentnow 1.4.1 - (upload/XSS) Multiple Vulnerabilities trixbox (langChoice) - Local File Inclusion Exploit (connect-back) (2) trixbox - (langChoice) Local File Inclusion Exploit (connect-back) (2) Trixbox 2.6.1 - (langChoice) Remote Root Exploit (py) Trixbox 2.6.1 - (langChoice) Remote Root Exploit (Python) jsite 1.0 oe (SQL/LFI) Multiple Vulnerabilities jsite 1.0 oe - (SQL/LFI) Multiple Vulnerabilities Bea Weblogic Apache Connector - Code Execution / Denial of Service Exploit Bea Weblogic Apache Connector - Code Execution and Denial of Service Exploit e-vision CMS <= 2.02 (SQL/upload/ig) Multiple Vulnerabilities k-links directory (SQL/XSS) Multiple Vulnerabilities e-vision CMS <= 2.02 - (SQL/upload/ig) Multiple Vulnerabilities k-links directory - (SQL/XSS) Multiple Vulnerabilities Ppim <= 1.0 (Arbitrary File Delete/XSS) Multiple Vulnerabilities Ppim <= 1.0 - (Arbitrary File Delete/XSS) Multiple Vulnerabilities Ppim <= 1.0 (upload/change password) Multiple Vulnerabilities Ppim <= 1.0 - (upload/change password) Multiple Vulnerabilities k-rate (SQL/XSS) Multiple Vulnerabilities k-rate - (SQL/XSS) Multiple Vulnerabilities Invision Power Board <= 2.3.5 - Multiple Vulnerabilities Exploit (revised) Invision Power Board <= 2.3.5 - Multiple Vulnerabilities (2) brim 2.0.0 (SQL/XSS) Multiple Vulnerabilities brim 2.0.0 - (SQL/XSS) Multiple Vulnerabilities aspwebalbum 3.2 (upload/SQL/XSS) Multiple Vulnerabilities aspwebalbum 3.2 - (upload/SQL/XSS) Multiple Vulnerabilities qwicsite pro (SQL/XSS) Multiple Vulnerabilities qwicsite pro - (SQL/XSS) Multiple Vulnerabilities Hot Links SQL-PHP 3 (report.php) Multiple Vulnerabilities Hot Links SQL-PHP 3 - (report.php) Multiple Vulnerabilities Availscript Article Script (articles.php) Multiple Vulnerabilities Availscript Article Script - (articles.php) Multiple Vulnerabilities Availscript Photo Album (pics.php) Multiple Vulnerabilities Availscript Photo Album - (pics.php) Multiple Vulnerabilities phpvid 1.1 0- (XSS/SQL) Multiple Vulnerabilities phpvid 1.1 0 - (XSS/SQL) Multiple Vulnerabilities php infoboard 7 - plus Multiple Vulnerabilities php infoboard 7 plus - Multiple Vulnerabilities camera life 2.6.2b4 (SQL/XSS) Multiple Vulnerabilities camera life 2.6.2b4 - (SQL/XSS) Multiple Vulnerabilities mini-pub 0.3 (lfd/ce) Multiple Vulnerabilities mini-pub 0.3 - (LFD/CE) Multiple Vulnerabilities Nuked-klaN <= 1.7.7 / <= SP4.4 - Multiple Vulnerabilities Exploit Nuked-klaN <= 1.7.7 / <= SP4.4 - Multiple Vulnerabilities mystats (hits.php) Multiple Vulnerabilities Exploit mystats - (hits.php) Multiple Vulnerabilities Vivvo CMS <= 3.4 - Multiple Vulnerabilities Destroyer Exploit Vivvo CMS <= 3.4 - Multiple Vulnerabilities websvn <= 2.0 - (XSS/fh/ce) Multiple Vulnerabilities websvn <= 2.0 - (XSS/fh/CE) Multiple Vulnerabilities db Software Laboratory VImpX (VImpX.ocx) Multiple Vulnerabilities db Software Laboratory VImpX - (VImpX.ocx) Multiple Vulnerabilities phpdaily (SQL/XSS/lfd) Multiple Vulnerabilities phpdaily - (SQL/XSS/lfd) Multiple Vulnerabilities questcms - (XSS/directory traversal/SQL) Multiple Vulnerabilities questcms - (XSS/Directory Traversal/SQL) Multiple Vulnerabilities apartment search script (rfu/XSS) Multiple Vulnerabilities apartment search script - (RFU/XSS) Multiple Vulnerabilities MatPo Link 1.2b (Blind SQL Injection/XSS) Multiple Vulnerabilities MatPo Link 1.2b - (Blind SQL Injection/XSS) Multiple Vulnerabilities WEBBDOMAIN WebShop 1.02 (SQL/XSS) Multiple Vulnerabilities WEBBDOMAIN WebShop 1.02 - (SQL/XSS) Multiple Vulnerabilities pre multi-vendor shopping malls Multiple Vulnerabilities pre multi-vendor shopping malls - Multiple Vulnerabilities Pre ADS Portal <= 2.0 (Auth Bypass/XSS) Multiple Vulnerabilities Pre ADS Portal <= 2.0 - (Auth Bypass/XSS) Multiple Vulnerabilities Mini Web Calendar 1.2 (File Disclosure/XSS) Multiple Vulnerabilities Mini Web Calendar 1.2 - (File Disclosure/XSS) Multiple Vulnerabilities zeeproperty 1.0 (upload/XSS) Multiple Vulnerabilities zeeproperty 1.0 - (upload/XSS) Multiple Vulnerabilities Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerabilities Openfire Server <= 3.6.0a - (Auth Bypass/SQL/XSS) Multiple Vulnerabilities AJSquare Free Polling Script (DB) Multiple Vulnerabilities AJSquare Free Polling Script - (DB) Multiple Vulnerabilities turnkeyforms Web Hosting Directory Multiple Vulnerabilities turnkeyforms Web Hosting Directory - Multiple Vulnerabilities GS Real Estate Portal US/International Module Multiple Vulnerabilities GS Real Estate Portal US/International Module - Multiple Vulnerabilities bandwebsite 1.5 (SQL/XSS) Multiple Vulnerabilities bandwebsite 1.5 - (SQL/XSS) Multiple Vulnerabilities chipmunk topsites (auth bypass/XSS) Multiple Vulnerabilities clean CMS 1.5 (blind SQL Injection/XSS) Multiple Vulnerabilities chipmunk topsites - (auth bypass/XSS) Multiple Vulnerabilities clean CMS 1.5 - (blind SQL Injection/XSS) Multiple Vulnerabilities Ocean12 Contact Manager Pro (SQL/XSS/DDV) Multiple Vulnerabilities Ocean12 Contact Manager Pro - (SQL/XSS/DDV) Multiple Vulnerabilities comersus asp shopping cart (dd/XSS) Multiple Vulnerabilities comersus asp shopping cart - (DD/XSS) Multiple Vulnerabilities minimal ablog 0.4 (SQL/fu/bypass) Multiple Vulnerabilities minimal ablog 0.4 - (SQL/fu/bypass) Multiple Vulnerabilities Ocean12 Mailing List Manager Gold (DD/SQL/XSS) Vulnerabilities Ocean12 Mailing List Manager Gold - (DD/SQL/XSS) Vulnerabilities wbstreet 1.0 (SQL/dd) Multiple Vulnerabilities wbstreet 1.0 - (SQL/DD) Multiple Vulnerabilities template creature (SQL/dd) Multiple Vulnerabilities template creature - (SQL/DD) Multiple Vulnerabilities merlix educate servert (bypass/dd) Multiple Vulnerabilities merlix educate servert - (bypass/DD) Multiple Vulnerabilities nightfall personal diary 1.0 - (XSS/dd) Multiple Vulnerabilities Merlix Teamworx Server (DD/Bypass) Multiple Remote Vulnerabilities nightfall personal diary 1.0 - (XSS/DD) Multiple Vulnerabilities Merlix Teamworx Server - (DD/Bypass) Multiple Remote Vulnerabilities asp autodealer (SQL/dd) Multiple Vulnerabilities asp autodealer - (SQL/DD) Multiple Vulnerabilities aspmanage banners (rfu/dd) Multiple Vulnerabilities aspmanage banners - (RFU/DD) Multiple Vulnerabilities asp talk (SQL/css) Multiple Vulnerabilities asp talk - (SQL/css) Multiple Vulnerabilities siu guarani Multiple Vulnerabilities siu guarani - Multiple Vulnerabilities webcaf <= 1.4 - (LFI/rce) Multiple Vulnerabilities webcaf <= 1.4 - (LFI/RCE) Multiple Vulnerabilities postecards (SQL/dd) Multiple Vulnerabilities postecards - (SQL/DD) Multiple Vulnerabilities living Local 1.1 - (XSS-rfu) Multiple Vulnerabilities living Local 1.1 - (XSS/rfu) Multiple Vulnerabilities cf shopkart 5.2.2 (SQL/dd) Multiple Vulnerabilities cf shopkart 5.2.2 - (SQL/DD) Multiple Vulnerabilities the net guys aspired2blog (SQL/dd) Multiple Vulnerabilities the net guys aspired2blog - (SQL/dd) Multiple Vulnerabilities joomla live chat (SQL/proxy) Multiple Vulnerabilities joomla live chat - (SQL/proxy) Multiple Vulnerabilities isweb CMS 3.0 (SQL/XSS) Multiple Vulnerabilities isweb CMS 3.0 - (SQL/XSS) Multiple Vulnerabilities clickandemail (SQL/XSS) Multiple Vulnerabilities click&rank (SQL/XSS) Multiple Vulnerabilities clickandemail - (SQL/XSS) Multiple Vulnerabilities click&rank - (SQL/XSS) Multiple Vulnerabilities Liberum Help Desk 0.97.3 (SQL/DD) Remote Vulnerabilities Zelta E Store (RFU/BYPASS/R-SQL/B-SQL) Multiple Vulnerabilities Liberum Help Desk 0.97.3 - (SQL/DD) Remote Vulnerabilities Zelta E Store - (RFU/BYPASS/R-SQL/B-SQL) Multiple Vulnerabilities 2532/gigs 1.2.2 - stable Multiple Vulnerabilities 2532/gigs 1.2.2 stable - Multiple Vulnerabilities constructr CMS <= 3.02.5 stable Multiple Vulnerabilities constructr CMS <= 3.02.5 stable - Multiple Vulnerabilities chicomas <= 2.0.4 (DB Backup/DD/XSS) Multiple Vulnerabilities chicomas <= 2.0.4 - (DB Backup/DD/XSS) Multiple Vulnerabilities yourplace <= 1.0.2 - Multiple Vulnerabilities + rce Exploit yourplace <= 1.0.2 - Multiple Vulnerabilities + RCE Exploit doop CMS <= 1.4.0b (CSRF/upload shell) Multiple Vulnerabilities doop CMS <= 1.4.0b - (CSRF/upload shell) Multiple Vulnerabilities Nokia S60 SMS/Mms (Curse of Silence) Denial of Service Vulnerability Nokia S60 SMS/MMS (Curse of Silence) - Denial of Service Vulnerability Seo4SMF for SMF forums Multiple Vulnerabilities Seo4SMF for SMF forums - Multiple Vulnerabilities mkportal <= 1.2.1 () Multiple Vulnerabilities mkportal <= 1.2.1 - Multiple Vulnerabilities rankem (dd/XSS/cm) Multiple Vulnerabilities blogit! (SQL/dd/XSS) Multiple Vulnerabilities rankem - (DD/XSS/cm) Multiple Vulnerabilities blogit! - (SQL/DD/XSS) Multiple Vulnerabilities E-ShopSystem Auth Bypass / SQL Injection Multiple Vulnerabilities E-ShopSystem - (Auth Bypass / SQL Injection) Multiple Vulnerabilities Motorola Wimax modem CPEi300 (FD/XSS) Multiple Vulnerabilities Motorola Wimax modem CPEi300 - (FD/XSS) Multiple Vulnerabilities navicopa webserver 3.0.1 (bof/sd) Multiple Vulnerabilities navicopa webserver 3.0.1 - (bof/sd) Multiple Vulnerabilities Power System Of Article Management 3.0 - (DD/XSS) Vulnerabilities team 1.x - (dd/XSS) Multiple Vulnerabilities Power System Of Article Management 3.0 - (DD/XSS) Multiple Vulnerabilities team 1.x - (DD/XSS) Multiple Vulnerabilities gr blog 1.1.4 (upload/bypass) Multiple Vulnerabilities gr blog 1.1.4 - (upload/bypass) Multiple Vulnerabilities zeroboard4 pl8 (07.12.17) Multiple Vulnerabilities zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities SilverNews 2.04 (Auth Bypass/LFI/RCE) Multiple Vulnerabilities SilverNews 2.04 - (Auth Bypass/LFI/RCE) Multiple Vulnerabilities w3bcms <= 3.5.0 - Multiple Vulnerabilities Exploit w3bcms <= 3.5.0 - Multiple Vulnerabilities powermovielist 0.14b (SQL/XSS) Multiple Vulnerabilities powermovielist 0.14b - (SQL/XSS) Multiple Vulnerabilities ritsblog 0.4.2 (ab/XSS) Multiple Vulnerabilities Zabbix 1.6.2 Frontend Multiple Vulnerabilities blindblog 1.3.1 (SQL/ab/LFI) Multiple Vulnerabilities ritsblog 0.4.2 - (ab/XSS) Multiple Vulnerabilities Zabbix 1.6.2 - Frontend - Multiple Vulnerabilities blindblog 1.3.1 - (SQL/ab/LFI) Multiple Vulnerabilities phpCommunity 2.1.8 (SQL/DT/XSS) Multiple Vulnerabilities phpCommunity 2.1.8 - (SQL/DT/XSS) Multiple Vulnerabilities Telnet-Ftp Service Server 1.x - Multiple Vulnerabilities (Post Auth) Telnet-Ftp Service Server 1.x - (Post Auth) Multiple Vulnerabilities Femitter FTP Server 1.x - Multiple Vulnerabilities (post auth) Femitter FTP Server 1.x - (Post Auth) Multiple Vulnerabilities Diskos CMS Manager (SQL/DB/Auth Bypass) Multiple Vulnerabilities Diskos CMS Manager - (SQL/DB/Auth Bypass) Multiple Vulnerabilities Linux Kernel 2.6 - UDEV Local Privilege Escalation Exploit Linux Kernel 2.6 (Debian / Ubuntu / Gentoo) - UDEV Local Privilege Escalation Exploit flatnux 2009-03-27 (upload/id) Multiple Vulnerabilities flatnux 2009-03-27 - (upload/id) Multiple Vulnerabilities fungamez rc1 (ab/LFI) Multiple Vulnerabilities fungamez rc1 - (ab/LFI) Multiple Vulnerabilities mixedcms 1.0b (LFI/su/ab/fd) Multiple Vulnerabilities mixedcms 1.0b - (LFI/su/ab/fd) Multiple Vulnerabilities fowlcms 1.1 (ab/LFI/su) Multiple Vulnerabilities fowlcms 1.1 - (ab/LFI/su) Multiple Vulnerabilities dwebpro 6.8.26 (dt/fd) Multiple Vulnerabilities dwebpro 6.8.26 - (dt/fd) Multiple Vulnerabilities Linux Kernel 2.6.x - SCTP FWD Memory Corruption Remote Exploit Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Linux Kernel 2.6 UDEV < 141 - Local Privilege Escalation Exploit Linux Kernel 2.6 UDEV < 141 (Gentoo / Ubuntu 8.10/9.04) - Local Privilege Escalation Exploit leap CMS 0.1.4 (SQL/XSS/su) Multiple Vulnerabilities leap CMS 0.1.4 - (SQL/XSS/su) Multiple Vulnerabilities tematres 1.0.3 (auth bypass/SQL/XSS) Multiple Vulnerabilities tematres 1.0.3 - (auth bypass/SQL/XSS) Multiple Vulnerabilities Linux Kernel 2.6.x - ptrace_attach Local Privilege Escalation Exploit Linux Kernel 2.6.x (Gentoo 2.6.29rc1) - ptrace_attach Local Privilege Escalation Exploit 2daybiz business community script Multiple Vulnerabilities Easy Scripts Answer and Question Script Multiple Vulnerabilities 2daybiz business community script - Multiple Vulnerabilities Easy Scripts Answer and Question Script - Multiple Vulnerabilities my-colex 1.4.2 (ab/XSS/SQL) Multiple Vulnerabilities my-gesuad 0.9.14 (ab/SQL/XSS) Multiple Vulnerabilities my-colex 1.4.2 - (ab/XSS/SQL) Multiple Vulnerabilities my-gesuad 0.9.14 - (ab/SQL/XSS) Multiple Vulnerabilities vidshare pro (SQL/XSS) Multiple Vulnerabilities vidshare pro - (SQL/XSS) Multiple Vulnerabilities Mac OS X - Java applet Remote Deserialization Remote PoC (updated) Mac OS X - Java applet Remote Deserialization Remote PoC (Updated) asp inline corporate calendar (SQL/XSS) Multiple Vulnerabilities asp inline corporate calendar - (SQL/XSS) Multiple Vulnerabilities minitwitter 0.3-beta (SQL/XSS) Multiple Vulnerabilities minitwitter 0.3-beta - (SQL/XSS) Multiple Vulnerabilities elitecms 1.01 (SQL/XSS) Multiple Vulnerabilities elitecms 1.01 - (SQL/XSS) Multiple Vulnerabilities flashlight free edition (LFI/SQL) Multiple Vulnerabilities flashlight free edition - (LFI/SQL) Multiple Vulnerabilities propertymax pro free (SQL/XSS) Multiple Vulnerabilities propertymax pro free - (SQL/XSS) Multiple Vulnerabilities podcast generator <= 1.2 - globals[] Multiple Vulnerabilities podcast generator <= 1.2 - globals[] - Multiple Vulnerabilities kloxo 5.75 (24 issues) Multiple Vulnerabilities kloxo 5.75 - (24 issues) Multiple Vulnerabilities virtue news (SQL/XSS) Multiple Vulnerabilities virtue news - (SQL/XSS) Multiple Vulnerabilities mrcgiguy the ticket system 2.0 php Multiple Vulnerabilities mrcgiguy the ticket system 2.0 php - Multiple Vulnerabilities mrcgiguy freeticket (ch/SQL) Multiple Vulnerabilities mrcgiguy freeticket - (ch/SQL) Multiple Vulnerabilities impleo music collection 2.0 (SQL/XSS) Multiple Vulnerabilities impleo music collection 2.0 - (SQL/XSS) Multiple Vulnerabilities kasseler CMS (fd/XSS) Multiple Vulnerabilities kasseler CMS - (fd/XSS) Multiple Vulnerabilities tribiq CMS 5.0.12c (XSS/LFI) Multiple Vulnerabilities tribiq CMS 5.0.12c - (XSS/LFI) Multiple Vulnerabilities Virtue Online Test Generator (AB/SQL/XSS) Multiple Vulnerabilities Virtue Online Test Generator - (AB/SQL/XSS) Multiple Vulnerabilities Linux Kernel <= 2.6.28.3 - set_selection() UTF-8 Off By One Local Exploit (x86-64) Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10) (x86-64) - set_selection() UTF-8 Off By One Local Exploit Siteframe CMS 3.2.x SQL Injection/phpinfo() Multiple Vulnerabilities Siteframe CMS 3.2.x - (SQL Injection/phpinfo()) Multiple Vulnerabilities citrix xencenterweb - (XSS/SQL/rce) Multiple Vulnerabilities citrix xencenterweb - (XSS/SQL/RCE) Multiple Vulnerabilities FreeBSD 6/8 (ata device) Local Denial of Service Exploit FreeBSD 6/8 - (ata device) Local Denial of Service Exploit good/bad vote (XSS/LFI) Multiple Vulnerabilities good/bad vote - (XSS/LFI) Multiple Vulnerabilities Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux / RHEL5 - Test Kernel Local Root Exploit (0day) Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Kernel Local Root Exploit (0day) mcshoutbox 1.1 (SQL/XSS/shell) Multiple Vulnerabilities mcshoutbox 1.1 - (SQL/XSS/shell) Multiple Vulnerabilities DD-WRT (httpd service) Remote Command Execution Vulnerability DD-WRT - (httpd service) Remote Command Execution Vulnerability tenrok 1.1.0 (udd/rce) Multiple Vulnerabilities tenrok 1.1.0 - (udd/RCE) Multiple Vulnerabilities logoshows bbs 2.0 (dd/ich) Multiple Vulnerabilities logoshows bbs 2.0 - (DD/ich) Multiple Vulnerabilities Linux Kernel 2.x - sock_sendpage() Local Ring0 Root Exploit (1) Linux Kernel 2.x (Redhat) - sock_sendpage() Ring0 Local Root Exploit (1) Linux Kernel 2.4 / 2.6 - sock_sendpage() ring0 Root Exploit (1) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - sock_sendpage() ring0 Root Exploit (1) Linux Kernel <= 2.6.31-rc7 - AF_LLC getsockname 5-Byte Stack Disclosure Linux Kernel <= 2.6.31-rc7 - AF_LLC getsockname 5-Byte Stack Disclosure Proof of Concept Linux Kernel 2.6 < 2.6.19 - (32-bit) ip_append_data() ring0 Root Exploit Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6) - (32-bit) ip_append_data() ring0 Root Exploit Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (PPC Edition) Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SUSE 10 SP2/11 / Ubuntu 8.10) - sock_sendpage() Local Root (PPC) Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit (x86/x64) Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit Linux Kernel < 2.6.19 (x86/x64) - udp_sendmsg Local Root Exploit Linux Kernel < 2.6.19 (Debian 4) - udp_sendmsg Local Root Exploit Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (2) Linux Kernel 2.4 / 2.6 (Fedora 11) - sock_sendpage() Local Root Exploit (2) Joomla Hotel Booking System - XSS/SQL Injection Multiple Vulnerabilities Joomla Hotel Booking System - (XSS/SQL Injection) Multiple Vulnerabilities Alteon OS BBI (Nortell) - Multiple Vulnerabilities XSS and CSRF Alteon OS BBI (Nortell) - (XSS and CSR) Multiple Vulnerabilities Linux Kernel - 'fput()' NULL Pointer Dereference Local Denial of Service Vulnerabilty Linux Kernel - 'pipe.c' Local Privilege Escalation Vulnerability Linux Kernel 2.6.x - 'fput()' NULL Pointer Dereference Local Denial of Service Vulnerabilty Linux Kernel <= 2.6.32 - 'pipe.c' Local Privilege Escalation Vulnerability Linux Kernel - 'unix_stream_connect()' Local Denial of Service Vulnerability Linux Kernel <= 2.6.31.4 - 'unix_stream_connect()' Local Denial of Service Vulnerability Unreal Tournament 2004 - _Secure_ Overflow Unreal Tournament 2004 - 'Secure' Overflow VMWare Fusion <= 2.0.5 - vmx86 kext Local kernel Root Exploit VMWare Fusion <= 2.0.5 - vmx86 kext Kernel Local Root Exploit PHP < 5.3.1 - _multipart/form-data_ Denial of Service Exploit (Python) PHP < 5.3.1 - 'multipart/form-data' Denial of Service Exploit (Python) sugar crm 5.5.0.rc2 and 5.2.0j Multiple Vulnerabilities sugar crm 5.5.0.rc2 and 5.2.0j - Multiple Vulnerabilities Huawei MT882 Modem/Router Multiple Vulnerabilities Huawei MT882 Modem/Router - Multiple Vulnerabilities DigitalHive Multiple Vulnerabilities DigitalHive - Multiple Vulnerabilities zabbix server Multiple Vulnerabilities zabbix server - Multiple Vulnerabilities Ez Faq Maker Multiple Vulnerabilities Ez Faq Maker - Multiple Vulnerabilities Ez Blog 1.0 - XSS/CSRF Multiple Vulnerabilities Ez Blog 1.0 - (XSS/CSRF) Multiple Vulnerabilities Recipe Script 5.0 - Shell Upload/CSRF/XSS Multiple Vulnerabilities Recipe Script 5.0 - (Shell Upload/CSRF/XSS) Multiple Vulnerabilities eUploader PRO 3.1.1 - CSRF/XSS Multiple Vulnerabilities eUploader PRO 3.1.1 - (CSRF/XSS) Multiple Vulnerabilities Horde 3.3.5 - _PHP_SELF_ XSS Vulnerability Horde 3.3.5 - 'PHP_SELF' XSS Vulnerability Lizard Cart Upload Shell Vulnerability Lizard Cart - Upload Shell Vulnerability Mega Upload Upload Shell Vulnerability Mega Upload 1.45 - Upload Shell Vulnerability MyCart shopping cart Upload Shell Vulnerability oscommerce <= 2.2rc2a Bypass/Create and Download Backup Vulnerability MyCart shopping cart - Upload Shell Vulnerability osCommerce <= 2.2rc2a - Bypass/Create and Download Backup Vulnerability gallery_show.asp GID suffer from Blind SQL Injection Vulnerability gallery_show.asp - GID Blind SQL Injection Vulnerability Mini-NUKE 2.3 - Freehost Multiple Vulnerabilities Mini-NUKE 2.3 Freehost - Multiple Vulnerabilities VirtualDJ Trial 6.0.6 - _New Year Edition_ - (.m3u) Exploit (0day) VirtualDJ Trial 6.0.6 - 'New Year Edition' - (.m3u) Exploit (0day) PHPDirector Game Edition 0.1 - Multiple Vulnerabilities (LFI/SQLi/XSS) PHPDirector Game Edition 0.1 - (LFI/SQLi/XSS) Multiple Vulnerabilities Docebo 3.6.0.2 (stable) Local File Inclusion Docebo 3.6.0.2 (stable) - Local File Inclusion CLONEBID B2B Marketplace Multiple Vulnerabilities ITechSctipts Alibaba Clone Multiple Vulnerabilities CLONEBID B2B Marketplace - Multiple Vulnerabilities ITechSctipts Alibaba Clone - Multiple Vulnerabilities ManageEngine OpUtils 5 - _Login.DO_ SQL Injection Vulnerability ManageEngine OpUtils 5 - 'Login.DO' SQL Injection Vulnerability CMS by MyWorks Multiple Vulnerabilities CMS by MyWorks - Multiple Vulnerabilities DZ Auktionshaus _V4.rgo_ (id) news.php - SQL Injection Vulnerability DZ Auktionshaus 'V4.rgo' (id) news.php - SQL Injection Vulnerability PhpCityPortal Multiple Vulnerabilities PhpCityPortal - Multiple Vulnerabilities Joomla Component com_ckforms Multiple Vulnerabilities Joomla Component com_ckforms - Multiple Vulnerabilities Joomla Component com_vxdate Multiple Vulnerabilities Joomla Component com_vxdate - Multiple Vulnerabilities Adult Video Site Script Multiple Vulnerabilities Adult Video Site Script - Multiple Vulnerabilities iOS Safari - Bad _VML_ Remote DoS iOS Safari - Bad 'VML' Remote DoS Linux Kernel <= 2.6.34-rc3 ReiserFS xattr - Privilege Escalation Linux Kernel <= 2.6.34-rc3 ReiserFS xattr (Redhat/Ubuntu 9.10) - Privilege Escalation vBulletin _Cyb - Advanced Forum Statistics_ DoS vBulletin 'Cyb - Advanced Forum Statistics' DoS dl_stats Multiple Vulnerabilities dl_stats - Multiple Vulnerabilities avtech software (avc781viewer.dll) ActiveX Multiple Vulnerabilities avtech software (avc781viewer.dll) ActiveX - Multiple Vulnerabilities lanewsfactory Multiple Vulnerabilities lanewsfactory - Multiple Vulnerabilities MacOS X 10.6 HFS File System Attack (Denial of Service) MacOS X 10.6 - HFS File System Attack (Denial of Service) WFTPD Server 3.30 - Multiple Vulnerabilities (0day) WFTPD Server 3.30 - (0day) Multiple Vulnerabilities CompactCMS 1.4.0 (tiny_mce) Remote File Upload CompactCMS 1.4.0 (tiny_mce) - Remote File Upload Tainos Multiple Vulnerabilities Tainos - Multiple Vulnerabilities Joomla Component com_event Multiple Vulnerabilities Joomla Component com_event - Multiple Vulnerabilities B-Hind CMS (tiny_mce) Remote File Upload B-Hind CMS (tiny_mce) - Remote File Upload ComponentOne VSFlexGrid 7 & 8 - _Archive()_ method Remote Buffer Overflow Exploit ComponentOne VSFlexGrid 7 & 8 - 'Archive()' method Remote Buffer Overflow Exploit (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - _PORT_ Command Remote DoS (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - 'PORT' Command Remote DoS Blaze Apps Multiple Vulnerabilities Blaze Apps - Multiple Vulnerabilities Joomla Component My Car Multiple Vulnerabilities Joomla Component My Car - Multiple Vulnerabilities Marketing Web Design Multiple Vulnerabilities Marketing Web Design - Multiple Vulnerabilities Aim Web Design Multiple Vulnerabilities Aim Web Design - Multiple Vulnerabilities Zeeways Script Multiple Vulnerabilities Zeeways Script - Multiple Vulnerabilities QuickTalk 1.2 - Multiple Vulnerabilities (Source Code Disclosure) QuickTalk 1.2 - (Source Code Disclosure) Multiple Vulnerabilities Joomla Component ChronoConnectivity Joomla Component ChronoForms (com_chronocontact) Joomla Component ChronoConnectivity (com_chronoconnectivity) - Blind SQL Injection Vulnerability Joomla Component ChronoForms (com_chronocontact) - Blind SQL Injection Vulnerability Simple Posting System Multiple Vulnerabilities Simple Posting System - Multiple Vulnerabilities Joomla Component com_djartgallery Multiple Vulnerabilities Joomla Component com_djartgallery - Multiple Vulnerabilities Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection Miniweb 2.0 Business Portal and Social Networking Platform - SQL Injection E-PHP B2B Marketplace Multiple Vulnerabilities E-PHP B2B Marketplace - Multiple Vulnerabilities DaLogin Multiple Vulnerabilities DaLogin - Multiple Vulnerabilities Novell iManager Multiple Vulnerabilities Novell iManager - Multiple Vulnerabilities 2DayBiz Video Community portal - _user-profile.php_ SQL Injection Vulnerability 2DayBiz Real Estate Portal - _viewpropertydetails.php_ SQL injection 2DayBiz Video Community portal - 'user-profile.php' SQL Injection Vulnerability 2DayBiz Real Estate Portal - 'viewpropertydetails.php' SQL injection NO-IP.com Dynamic DNS Update Client 2.2.1 - _Request_ Insecure Encoding Algorithm NO-IP.com Dynamic DNS Update Client 2.2.1 - 'Request' Insecure Encoding Algorithm TCW PHP Album Multiple Vulnerabilities Esoftpro Online Guestbook Pro Multiple Vulnerabilities TCW PHP Album - Multiple Vulnerabilities Esoftpro Online Guestbook Pro - Multiple Vulnerabilities Esoftpro Online Contact Manager Multiple Vulnerabilities Esoftpro Online Contact Manager - Multiple Vulnerabilities Joomla Component Sef (com_sef) - LFI Vulnerability Joomla Component SEF (com_sef) - Local File Inclusion Vulnerability artforms 2.1b7.2 rc2 joomla component Multiple Vulnerabilities artforms 2.1b7.2 rc2 joomla component - Multiple Vulnerabilities Qt 4.6.3 - _QSslSocketBackendPrivate::transmit()_ Denial of Service Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service Macs CMS 1.1.4 - Multiple Vulnerabilities (XSS/CSRF) Macs CMS 1.1.4 - (XSS/CSRF) Multiple Vulnerabilities GetSimple CMS 2.01 - Multiple Vulnerabilities (XSS/CSRF) Ubuntu 9.10 (Karmic Koala) & 10.04 LTS (Lucid Lynx) PAM 1.1.0 MOTD - Local Root Exploit GetSimple CMS 2.01 - (XSS/CSRF) Multiple Vulnerabilities PAM 1.1.0 MOTD (Ubuntu 9.10/10.04) - Local Root Exploit Joomla Component QContacts (com_qcontacts) SQL Injection Vulnerability Joomla Component QContacts (com_qcontacts) - SQL Injection Vulnerability Ubuntu 10.04 LTS - Lucid Lynx ftp Client 0.17-19build1 ACCT - Buffer Overflow ftp Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow Microsoft Windows - Win32k.sys Driver _CreateDIBPalette()_ Buffer Overflow Microsoft Windows - Win32k.sys Driver 'CreateDIBPalette()' Buffer Overflow Easy FTP - BoF Vulnerabilities in NLST & NLST -al & APPE & RETR & SIZE & XCWD Commands Zendesk Multiple Vulnerabilities Easy FTP 1.7.0.11 - BoF Vulnerabilities in NLST & NLST -al & APPE & RETR & SIZE & XCWD Commands Zendesk - Multiple Vulnerabilities Mediacoder 0.7.5.4710 - _Universal_ SEH Buffer Overflow Exploit Mediacoder 0.7.5.4710 - 'Universal' SEH Buffer Overflow Exploit Simple Forum PHP Multiple Vulnerabilities Simple Forum PHP - Multiple Vulnerabilities Linux Kernel < 2.6.36-rc1 CAN BCM - Privilege Escalation Exploit Linux Kernel < 2.6.36-rc1 CAN BCM (Ubuntu 10.04 / 2.6.32-21) - Privilege Escalation Exploit Apple QuickTime __Marshaled_pUnk_ Backdoor Param Client-Side Arbitrary Code Execution Apple QuickTime '_Marshaled_pUnk' Backdoor Param Client-Side Arbitrary Code Execution Adobe Acrobat Reader and Flash Player - _newclass_ invalid pointer Adobe Acrobat Reader and Flash Player - 'newclass' invalid pointer Shop a la Cart Multiple Vulnerabilities Shop a la Cart - Multiple Vulnerabilities ifnuke - Multiple Vulnerabilities (0day) ifnuke - (0day) Multiple Vulnerabilities dynpage <= 1.0 - Multiple Vulnerabilities (0day) dynpage <= 1.0 - (0day) Multiple Vulnerabilities sirang web-based d-control Multiple Vulnerabilities sirang web-based d-control - Multiple Vulnerabilities Microsoft Office Visio - .DXF File Stack based Overflow Microsoft Office Visio 2002 - .DXF File Stack based Overflow Mozilla Firefox - XSLT Sort Remote Code Execution Vulnerability Mozilla Firefox 3.6.3 - XSLT Sort Remote Code Execution Vulnerability Zeeways Adserver Multiple Vulnerabilities Zeeways Adserver - Multiple Vulnerabilities Microsoft Office Word 2007 - sprmCMajority Buffer Overflow Microsoft Office Word 2007 SP2 - sprmCMajority Buffer Overflow Adobe Acrobat and Reader - _pushstring_ Memory Corruption Adobe Acrobat and Reader - 'pushstring' Memory Corruption Linux Kernel 2.6.27 < 2.6.36 - x86_64 compat Local Root Exploit Linux Kernel 2.6.27 < 2.6.36 (x86_64) (Redhat) - compat Local Root Exploit Firefox Plugin Parameter EnsureCachedAttrParamArrays - Remote Code Execution Firefox 3.6.4 - Plugin Parameter EnsureCachedAttrParamArrays - Remote Code Execution xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection _reviews.php_ xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection 'reviews.php' Java CMM readMabCurveData - Stack Overflow Java 6.19 CMM readMabCurveData - Stack Overflow Microsoft drm technology (msnetobj.dll) ActiveX Multiple Vulnerabilities RarCrack 0.2 - _filename_ init() .bss PoC Microsoft drm technology (msnetobj.dll) ActiveX - Multiple Vulnerabilities RarCrack 0.2 - 'filename' init() .bss PoC je guestbook 1.0 joomla component Multiple Vulnerabilities je guestbook 1.0 joomla component - Multiple Vulnerabilities Allpc 2.5 osCommerce SQL/XSS Multiple Vulnerabilities Allpc 2.5 osCommerce - (SQL/XSS) Multiple Vulnerabilities Linux Kernel < 2.6.36-rc6 - pktcdvd Kernel Memory Disclosure Linux Kernel < 2.6.36-rc6 (Redhat/Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept TradeMC E-Ticaret SQL and XSS Multiple Vulnerabilities TradeMC E-Ticaret (SQL/XSS) Multiple Vulnerabilities Cag CMS 0.2 - XSS & Blind SQL Injection Multiple Vulnerabilities Cag CMS 0.2 - (XSS/Blind SQL Injection) Multiple Vulnerabilities js calendar 1.5.1 joomla component Multiple Vulnerabilities js calendar 1.5.1 joomla component - Multiple Vulnerabilities Oracle Java 6 - OBJECT tag _launchjnlp_/_docbase_ Param Buffer Overflow Exploit Oracle Java 6 - OBJECT tag 'launchjnlp'/'docbase' Param Buffer Overflow Exploit Linux Kernel - VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability Sybase Advantage Data Architect - _.SQL_ Format Heap Oveflow Sybase Advantage Data Architect - '.SQL' Format Heap Oveflow Minishare 1.5.5 - Buffer Overflow Vulnerability (users.txt) Minishare 1.4.0 - 1.5.5 - Buffer Overflow Vulnerability (users.txt) Linux Kernel - Stack Infoleaks Vulnerability Linux Kernel <= 2.4.0 - Stack Infoleaks Vulnerability Joomla Component ccBoard 1.2-RC Multiple Vulnerabilities Joomla Component ccBoard 1.2-RC - Multiple Vulnerabilities CLANSPHERE 2010.0 Final Multiple Vulnerabilities CLANSPHERE 2010.0 Final - Multiple Vulnerabilities Linux Kernel - 'setup_arg_pages()' Denial of Service Vulnerability Linux Kernel <= 2.6.37 - 'setup_arg_pages()' Denial of Service Vulnerability Linux Kernel - Unix Sockets Local Denial of Service Linux Kernel <= 2.6.37 - Unix Sockets Local Denial of Service Site2Nite Big Truck Broker _txtSiteId_ SQL Injection Vulnerability Site2Nite Big Truck Broker - 'txtSiteId' SQL Injection Vulnerability Linux Kernel <= 2.6.37 - Local Privilege Escalation (Full Nelson) Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full Nelson' Local Privilege Escalation Habari Blog Multiple Vulnerabilities Habari Blog - Multiple Vulnerabilities Linux Kernel 2.6.34 - CAP_SYS_ADMIN x86 - Local Privilege Escalation Exploit Linux Kernel < 2.6.34 (Ubuntu 10.10) - CAP_SYS_ADMIN x86 - Local Privilege Escalation Exploit (1) F3Site 2011 alfa 1 - Multiple Vulnerabilities (XSS & CSRF) phpMySport 1.4 - Multiple Vulnerabilities (SQLi & Auth Bypass & Path Disclosure) F3Site 2011 alfa 1 - (XSS & CSRF) Multiple Vulnerabilities phpMySport 1.4 - (SQLi & Auth Bypass & Path Disclosure) Multiple Vulnerabilities Linux Kernel < 2.6.34 - CAP_SYS_ADMIN x86 & x64 - Local Privilege Escalation Exploit (2) Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 110.10) - Local Privilege Escalation Exploit (2) Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities T-Content Managment System Multiple Vulnerabilities T-Content Managment System - Multiple Vulnerabilities Samba _username map script_ Command Execution Samba 'username map script' Command Execution Adobe CoolType SING Table _uniqueName_ Stack Buffer Overflow Adobe CoolType SING Table 'uniqueName' Stack Buffer Overflow Microsoft Internet Explorer - _Aurora_ Memory Corruption Microsoft Internet Explorer - 'Aurora' Memory Corruption Adobe Flash Player _newfunction_ Invalid Pointer Use Adobe Flash Player - 'newfunction' Invalid Pointer Use Adobe CoolType SING Table _uniqueName_ Stack Buffer Overflow Adobe CoolType SING Table 'uniqueName' Stack Buffer Overflow Adobe Flash Player _Button_ Remote Code Execution Adobe Flash Player - 'Button' Remote Code Execution Adobe Flash Player _newfunction_ Invalid Pointer Use Adobe Flash Player - 'newfunction' Invalid Pointer Use Unreal Tournament 2004 - _secure_ Overflow (Win32) Unreal Tournament 2004 - 'secure' Overflow (Windows) Unreal Tournament 2004 - _secure_ Overflow (Linux) Unreal Tournament 2004 - 'secure' Overflow (Linux) Tugux CMS 1.0_final Multiple Vulnerabilities Tugux CMS 1.0_final - Multiple Vulnerabilities Honey Soft Web Solution Multiple Vulnerabilities Honey Soft Web Solution - Multiple Vulnerabilities Joomla JCE Component (com_jce) Blind SQL Injection Vulnerability Joomla JCE Component (com_jce) - Blind SQL Injection Vulnerability Parnian Opendata CMS SQL Injection Vulnerability Parnian Opendata CMS - SQL Injection Vulnerability Time and Expense Management System Multiple Vulnerabilities Time and Expense Management System - Multiple Vulnerabilities ZyWALL USG - Appliance Multiple Vulnerabilities ZyWALL USG - Appliance - Multiple Vulnerabilities Cisco Unified Operations Manager Multiple Vulnerabilities Microsoft Windows Vista/Server 2008 - _nsiproxy.sys_ Local Kernel DoS Exploit Cisco Unified Operations Manager - Multiple Vulnerabilities Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel DoS Exploit HP Data Protector Client EXEC_SETUP Remote Code Execution PoC (ZDI-11-056) HP Data Protector Client 6.11 - EXEC_SETUP Remote Code Execution PoC (ZDI-11-056) HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055) HP Data Protector Client 6.11 - EXEC_CMD Remote Code Execution PoC (ZDI-11-055) Mozilla Firefox - _nsTreeRange_ Dangling Pointer Exploit Mozilla Firefox - 'nsTreeRange' Dangling Pointer Exploit Ollance Member Login Script Multiple Vulnerabilities Ollance Member Login Script - Multiple Vulnerabilities Adobe Reader X Atom Type Confusion Vulnerability Exploit Adobe Reader X 10.0.0 - 10.0.1 - Atom Type Confusion Vulnerability Exploit Mozilla Firefox _nsTreeRange_ Dangling Pointer Vulnerability Mozilla Firefox - 'nsTreeRange' Dangling Pointer Vulnerability Tradingeye E-commerce Shopping Cart Multiple Vulnerabilities Tradingeye E-commerce Shopping Cart - Multiple Vulnerabilities CA ARCserve D2D r15 GWT RPC Multiple Vulnerabilities Safari - SVG DOM Processing PoC CA ARCserve D2D r15 GWT RPC - Multiple Vulnerabilities Safari 5.0.6_ 5.1 - SVG DOM Processing PoC Link Station Pro Multiple Vulnerabilities Link Station Pro - Multiple Vulnerabilities Cart Software Multiple Vulnerabilities Cart Software - Multiple Vulnerabilities Omnistar Mailer Multiple Vulnerabilities Omnistar Mailer - Multiple Vulnerabilities Linux Kernel - 'perf_count_sw_cpu_clock' event Denial of Service Linux Kernel 3.0.0 - 'perf_count_sw_cpu_clock' event Denial of Service Linux Kernel < 2.6.36.2 - Econet Privilege Escalation Exploit Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - Econet Privilege Escalation Exploit MYRE Real Estate Software Multiple Vulnerabilities MYRE Real Estate Software - Multiple Vulnerabilities Cisco TelePresence Multiple Vulnerabilities - SOS-11-010 Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities FreeBSD UIPC socket heap Overflow proof-of-concept FreeBSD - UIPC socket heap Overflow Proof of Concept GotoCode Online Bookstore Multiple Vulnerabilities GotoCode Online Bookstore - Multiple Vulnerabilities DivX Plus Web Player _file://_ Buffer Overflow Vulnerability PoC DivX Plus Web Player - 'file://' Buffer Overflow Vulnerability PoC EFront <= 3.6.9 Community Edition Multiple Vulnerabilities EFront <= 3.6.9 Community Edition - Multiple Vulnerabilities GotoCode Online Classifieds Multiple Vulnerabilities GotoCode Online Classifieds - Multiple Vulnerabilities 6kbbs Multiple Vulnerabilities 6kbbs - Multiple Vulnerabilities POSH Multiple Vulnerabilities POSH - Multiple Vulnerabilities NoNumber Framework Joomla! Plugin Multiple Vulnerabilities NoNumber Framework Joomla! Plugin - Multiple Vulnerabilities Uiga Personal Portal Multiple Vulnerabilities Uiga Personal Portal - Multiple Vulnerabilities Barter Sites 1.3 Joomla Component Multiple Vulnerabilities Barter Sites 1.3 Joomla Component - Multiple Vulnerabilities zFTP Server _cwd/stat_ Remote Denial-of-Service zFTP Server - 'cwd/stat' Remote Denial-of-Service JEEMA Sms 3.2 Joomla Component Multiple Vulnerabilities Vik Real Estate 1.0 Joomla Component Multiple Vulnerabilities JEEMA Sms 3.2 Joomla Component - Multiple Vulnerabilities Vik Real Estate 1.0 Joomla Component - Multiple Vulnerabilities ZTE ZXDSL 831IIV7.5.0a_Z29_OV Multiple Vulnerabilities ZTE ZXDSL 831IIV7.5.0a_Z29_OV - Multiple Vulnerabilities osCSS2 - __ID_ parameter Local file inclusion osCSS2 - '_ID' parameter Local file inclusion Infoproject Business Hero Multiple Vulnerabilities Infoproject Business Hero - Multiple Vulnerabilities SugarCRM CE <= 6.3.1 - _unserialize()_ PHP Code Execution SugarCRM CE <= 6.3.1 - 'unserialize()' PHP Code Execution ARYADAD Multiple Vulnerabilities Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) - Mempodipper Local Root (1) ARYADAD - Multiple Vulnerabilities Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) (Gentoo / Ubuntu) - Mempodipper Local Root (1) vBSEO <= 3.6.0 - _proc_deutf()_ Remote PHP Code Injection Exploit vBSEO <= 3.6.0 - 'proc_deutf()' Remote PHP Code Injection Exploit swDesk Multiple Vulnerabilities swDesk - Multiple Vulnerabilities Fork CMS 3.2.4 - Multiple Vulnerabilities (LFI/XSS) Fork CMS 3.2.4 - (LFI/XSS) Multiple Vulnerabilities DFLabs PTK <= 1.0.5 - Multiple Vulnerabilities (Steal Authentication Credentials) DFLabs PTK <= 1.0.5 - (Steal Authentication Credentials) Multiple Vulnerabilities HomeSeer HS2 and HomeSeer PRO Multiple Vulnerabilities HomeSeer HS2 and HomeSeer PRO - Multiple Vulnerabilities Adobe Flash Player .mp4 - 'cprt' Overflow_ Adobe Flash Player .mp4 - 'cprt' Overflow Wolfcms <= 0.75 - Multiple Vulnerabilities (CSRF - XSS) Wolfcms <= 0.75 - (CSRF/XSS) Multiple Vulnerabilities Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow_ Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow' MailMax <= 4.6 - POP3 - _USER_ Remote Buffer Overflow Exploit (No Login Needed) MailMax <= 4.6 - POP3 - 'USER' Remote Buffer Overflow Exploit (No Login Needed) Samsung D6000 TV Multiple Vulnerabilities Samsung D6000 TV - Multiple Vulnerabilities Websense Triton Multiple Vulnerabilities Websense Triton - Multiple Vulnerabilities QNX phrelay/phindows/phditto Multiple Vulnerabilities QNX phrelay/phindows/phditto - Multiple Vulnerabilities Lynx Message Server Multiple Vulnerabilities Lynx Message Server - Multiple Vulnerabilities SAP Netweaver Dispatcher Multiple Vulnerabilities SAP Netweaver Dispatcher - Multiple Vulnerabilities elearning server 4g Multiple Vulnerabilities elearning server 4g - Multiple Vulnerabilities Pro-face Pro-Server EX WinGP PC Runtime Multiple Vulnerabilities Pro-face Pro-Server EX WinGP PC Runtime - Multiple Vulnerabilities Axous 1.1.1 - Multiple Vulnerabilities (CSRF - Persistent XSS) Axous 1.1.1 - (CSRF/Persistent XSS) Multiple Vulnerabilities Active Collab _chat module_ <= 2.3.8 - Remote PHP Code Injection Exploit Active Collab 'chat module' <= 2.3.8 - Remote PHP Code Injection Exploit SunOS <= 4.1.3 kmem setgid /etc/crash Vulnerability SunOS <= 4.1.3 - kmem setgid /etc/crash Vulnerability Linux kernel 2.0/2.1 - SIGIO Vulnerability Linux Kernel 2.0 / 2.1 - SIGIO Vulnerability Digital UNIX <= 4.0 D_FreeBSD <= 2.2.4_HP HP-UX 10.20/11.0_IBM AIX <= 3.2.5_Linux kernel 2.0/2.1_NetBSD 1.2_Solaris <= 2.5.1 - Smurf Denial of Service Vulnerability Linux Kernel 2.0/2.1_ Digital UNIX <= 4.0 D_ FreeBSD <= 2.2.4_ HP HP-UX 10.20/11.0_ IBM AIX <= 3.2.5_ NetBSD 1.2_ Solaris <= 2.5.1 - Smurf Denial of Service Vulnerability Microsoft Windows - _April Fools 2001_ Vulnerability Microsoft Windows - 'April Fools 2001' Vulnerability Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking _Save Password_ Vulnerability Microsoft Windows NT <= 4.0 SP5_Terminal Server 4.0 - _Pass the Hash_ with Modified SMB Client Vulnerability Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking 'Save Password' Vulnerability Microsoft Windows NT <= 4.0 SP5_Terminal Server 4.0 - 'Pass the Hash' with Modified SMB Client Vulnerability Linux Kernel 2.2/2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options Vulnerability Linux kernel 2.0/2.1/2.2 - autofs Vulnerability Linux Kernel 2.0 / 2.1 / 2.2 - autofs Vulnerability QNAP Turbo NAS 3.6.1 Build 0302T Multiple Vulnerabilities QNAP Turbo NAS 3.6.1 Build 0302T - Multiple Vulnerabilities Linux kernel 2.0 - TCP Port DoS Vulnerability Linux kernel 2.2 - ldd core Vulnerability Linux Kernel 2.0 - TCP Port DoS Vulnerability Linux Kernel 2.2 - ldd core Force Reboot Vulnerability Linux kernel 2.0.33 - IP Fragment Overlap Vulnerability Linux Kernel 2.0.33 - IP Fragment Overlap Vulnerability Linux kernel 2.0/2.0.33 - i_count Overflow Vulnerability Linux Kernel 2.0 / 2.0.33 - i_count Overflow Proof of Concept IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities Linux kernel 2.0.37 - Segment Limit Vulnerability Linux Kernel 2.0.37 - Segment Limit Local Root Vulnerability BSD/OS <= 4.0_FreeBSD <= 3.2_Linux kernel <= 2.3_NetBSD <= 1.4 - Shared Memory Denial of Service Vulnerability Linux Kernel <= 2.3_ BSD/OS <= 4.0_ FreeBSD <= 3.2_ NetBSD <= 1.4 - Shared Memory Denial of Service Vulnerability Quinn _the Eskimo_ and Peter N. Lewis Internet Config 1.0/2.0 Weak Password Encryption Vulnerability Quinn 'the Eskimo' and Peter N. Lewis Internet Config 1.0/2.0 Weak Password Encryption Vulnerability Fujitsu Chocoa 1.0 beta7R _Topic_ Buffer Overflow Vulnerability Fujitsu Chocoa 1.0 beta7R - 'Topic' Buffer Overflow Vulnerability Linux kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing Vulnerability Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing Vulnerability Microsoft Internet Explorer 5.0 - ActiveX _Object for constructing type libraries for scriptlets_ Vulnerability Microsoft Internet Explorer 5.0 - ActiveX 'Object for constructing type libraries for scriptlets' Vulnerability Microsoft Internet Explorer 4.0/5.0 - ActiveX _Eyedog_ Vulnerability Microsoft Internet Explorer 4.0/5.0 - ActiveX 'Eyedog' Vulnerability Linux kernel 2.2 - Predictable TCP Initial Sequence Number Vulnerability Linux Kernel 2.2 - Predictable TCP Initial Sequence Number Vulnerability MediaHouse Software Statistics Server 4.28/5.1 - _Server ID_ Buffer Overflow Vulnerability MediaHouse Software Statistics Server 4.28/5.1 - 'Server ID' Buffer Overflow Vulnerability Tiki Wiki CMS Groupware <= 8.3 - _unserialize()_ PHP Code Execution Tiki Wiki CMS Groupware <= 8.3 - 'unserialize()' PHP Code Execution Debian 2.1_Linux kernel 2.0.x_RedHat 5.2 - Packet Length with Options Vulnerability Debian 2.1_ Linux Kernel 2.0.x_ RedHat 5.2 - Packet Length with Options Vulnerability Linux Kernel - fs/eventpoll.c Local Denial of Service Linux Kernel <= 3.2.24 - fs/eventpoll.c Local Denial of Service Netscape Enterprise Server _Novell Groupwise 5.2/5.5 GWWEB.EXE Multiple Vulnerabilities Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities Netsweeper WebAdmin Portal Multiple Vulnerabilities Netsweeper WebAdmin Portal - Multiple Vulnerabilities Check Point Software Firewall-1 3.0/1 4.0_Cisco PIX Firewall 4.x/5.x _ALG_ Client Vulnerability Check Point Software Firewall-1 3.0/1 4.0_Cisco PIX Firewall 4.x/5.x - 'ALG' Client Vulnerability gpm 1.18.1/1.19_Debian 2.x_RedHat 6.x_S.u.S.E 5.3/6.x gpm Setgid Vulnerability gpm 1.18.1/1.19_ Debian 2.x_ RedHat 6.x_ S.u.S.E 5.3/6.x gpm Setgid Vulnerability Linux kernel 2.2.12/2.2.14/2.3.99_RedHat 6.x - Socket Denial of Service Linux Kernel 2.2.12/2.2.14/2.3.99_ RedHat 6.x - Socket Denial of Service Linux Kernel - Sendpage Local Privilege Escalation Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit) kernel 2.2.x/2.4 .0-test1_SGI ProPack 1.2/1.3 - Capabilities Vulnerability (1) kernel 2.2.x/2.4 .0-test1_SGI ProPack 1.2/1.3 - Capabilities Vulnerability (2) Linux Kernel 2.2.x/2.4 .0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1) Linux Kernel 2.2.x/2.4 .0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2) Cart32 3.0 - _expdate_ Administrative Information Disclosure Vulnerability Cart32 3.0 - 'expdate' Administrative Information Disclosure Vulnerability DALnet Bahamut IRCd 4.6.5 - _SUMMON_ Buffer Overflow Vulnerability DALnet Bahamut IRCd 4.6.5 - 'SUMMON' Buffer Overflow Vulnerability BitchX IRC Client 75p1/75p3/1.0 c16 - _/INVITE_ Format String Vulnerability BitchX IRC Client 75p1/75p3/1.0 c16 - '/INVITE' Format String Vulnerability CVSWeb Developer CVSWeb 1.80 insecure perl _open_ Vulnerability CVSWeb Developer CVSWeb 1.80 - Insecure perl 'open' Vulnerability Microsoft IIS 5.0 - _Translate: f_ Source Disclosure Vulnerability (1) Microsoft IIS 5.0 - _Translate: f_ Source Disclosure Vulnerability (2) Microsoft IIS 5.0 - 'Translate: f' Source Disclosure Vulnerability (1) Microsoft IIS 5.0 - 'Translate: f' Source Disclosure Vulnerability (2) Solaris 2.6/7.0 - _eject_ Exploit for locale subsystem format string Solaris 2.6/7.0 - 'eject' Exploit for locale subsystem format string UoW Pine 4.0.4/4.10/4.21 - _From:_ Field Buffer Overflow Vulnerability UoW Pine 4.0.4/4.10/4.21 - 'From:' Field Buffer Overflow Vulnerability Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier - Multiple Vulnerabilities Tickets CAD 2.20G Multiple Vulnerabilities Tickets CAD 2.20G - Multiple Vulnerabilities Cisco IOS 12 - Software _?/_ HTTP Request DoS Vulnerability Cisco IOS 12 - Software '?/' HTTP Request DoS Vulnerability Markus Triska CGIForum 1.0 - _thesection_ Directory Traversal Vulnerability Markus Triska CGIForum 1.0 - 'thesection' Directory Traversal Vulnerability Tunnelblick - Local Root Exploit Tunnelblick - Local Root Exploit (1) Windows 3.11/95/NT 4.0/NT 3.5.1 - _Out Of Band_ Data Denial of Service (1) Windows 3.11/95/NT 4.0/NT 3.5.1 - _Out Of Band_ Data Denial of Service (2) Windows 3.11/95/NT 4.0/NT 3.5.1 - _Out Of Band_ Data Denial of Service (3) Windows 3.11/95/NT 4.0/NT 3.5.1 - _Out Of Band_ Data Denial of Service (4) Windows 3.11/95/NT 4.0/NT 3.5.1 - 'Out Of Band' Data Denial of Service (1) Windows 3.11/95/NT 4.0/NT 3.5.1 - 'Out Of Band' Data Denial of Service (2) Windows 3.11/95/NT 4.0/NT 3.5.1 - 'Out Of Band' Data Denial of Service (3) Windows 3.11/95/NT 4.0/NT 3.5.1 - 'Out Of Band' Data Denial of Service (4) ReiserFS 3.5.28 Kernel - DoS (Possible Code Execution Vulnerability) (Linux Kernel) ReiserFS 3.5.28 - DoS (Possible Code Execution) Linux kernel 2.1.89/2.2.x - Zero-Length Fragment Vulnerability Linux Kernel 2.1.89 / 2.2.x - Zero-Length Fragment Vulnerability Linux sysctl() Kernel 2.2.x - Memory Reading Vulnerability Linux Kernel 2.2.x - sysctl() Memory Reading Proof of Concept Vulnerability IOServer _Root Directory_ Trailing Backslash Multiple Vulnerabilities IOServer - ('Root Directory'/Trailing Backslash) Multiple Vulnerabilities Linux kernel <= 2.2.18 - ptrace/execve Race Condition Vulnerability (1) Linux kernel <= 2.2.18 - ptrace/execve Race Condition Vulnerability (2) Linux Kernel <= 2.2.18 (RH 7.0 and RH 6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root Vulnerability (1) Linux Kernel <= 2.2.18 (RH 7.0 and RH 6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root Vulnerability (2) Linux kernel 2.4 - IPTables FTP Stateful Inspection Arbitrary Filter Rule Insertion Linux Kernel 2.4 - IPTables FTP Stateful Inspection Arbitrary Filter Rule Insertion Rit Research Labs _The Bat!_ 1.x - Missing Linefeeds DoS Vulnerability Rit Research Labs 'The Bat!' 1.x - Missing Linefeeds DoS Vulnerability Ad Manager Pro Multiple Vulnerabilities Ad Manager Pro - Multiple Vulnerabilities Linux kernel 2.2/2.4 - procfs Stream Redirection to Process Memory Vulnerability Linux Kernel 2.2 / 2.4 - procfs Stream Redirection to Process Memory Local Root Vulnerability HP-UX 11_Linux kernel 2.4_Windows 2000/NT 4.0_IRIX 6.5 - Small TCP MSS DoS HP-UX 11_Linux Kernel 2.4_Windows 2000/NT 4.0_IRIX 6.5 - Small TCP MSS DoS ID Software Quake 3 - _smurf attack_ Denial of Service Vulnerability ID Software Quake 3 - 'smurf attack' Denial of Service Vulnerability Linux kernel 2.2/2.4 - Deep Symbolic Link Denial of Service Vulnerability Linux Kernel 2.2 / 2.4 - Deep Symbolic Link Denial of Service Vulnerability Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Vulnerability Linux Kernel 2.2 / 2.4 - Ptrace/Setuid Exec Local Root Vulnerability Pinterest Clone Script Multiple Vulnerabilities Pinterest Clone Script - Multiple Vulnerabilities User-Mode Linux Kernel 2.4.17-8 - Memory Access Vulnerability User-Mode Linux Kernel 2.4.17-8 - Memory Access Local Root Vulnerability Sitecom MD-25x Multiple Vulnerabilities Reverse Root Shell Exploit Sitecom MD-25x - Multiple Vulnerabilitie/ Reverse Root Shell Exploit Ezylog Photovoltaic Management Server Multiple Vulnerabilities Ezylog Photovoltaic Management Server - Multiple Vulnerabilities Auxilium PetRatePro Multiple Vulnerabilities Netsweeper WebAdmin Portal Multiple Vulnerabilities Auxilium PetRatePro - Multiple Vulnerabilities Netsweeper WebAdmin Portal - Multiple Vulnerabilities Linux Kernel 2.2.x/2.3/2.4.x - d_path() Path Truncation Vulnerability Linux Kernel 2.2.x / 2.3 / 2.4.x - d_path() Path Truncation PoC Vulnerability Fortigate UTM WAF Appliance Multiple Vulnerabilities Fortigate UTM WAF Appliance - Multiple Vulnerabilities Working Resources BadBlue 1.7 EXT.DLL Cross-Site Scripting Vulnerability Working Resources BadBlue 1.7 - EXT.DLL Cross-Site Scripting Vulnerability Working Resources BadBlue 1.7.3 cleanSearchString() Cross-Site Scripting Vulnerability Working Resources BadBlue 1.7.3 Get Request Denial of Service Vulnerability Working Resources BadBlue 1.7.3 - cleanSearchString() Cross-Site Scripting Vulnerability Working Resources BadBlue 1.7.3 - Get Request Denial of Service Vulnerability Working Resources 1.7.3 BadBlue Null Byte File Disclosure Vulnerability Working Resources 1.7.3 BadBlue - Null Byte File Disclosure Vulnerability Working Resources 1.7.x BadBlue Administrative Interface Arbitrary File Access Working Resources 1.7.x BadBlue - Administrative Interface Arbitrary File Access Qualcomm Eudora 5 MIME Multipart Boundary Buffer Overflow Vulnerability Qualcomm Eudora 5 - MIME Multipart Boundary Buffer Overflow Vulnerability AFD 1.2.x Working Directory Local Buffer Overflow Vulnerabilities AFD 1.2.x - Working Directory Local Buffer Overflow Vulnerabilities Trillian 0.74 IRC PART Message Denial of Service Vulnerability Trillian 0.74 - IRC PART Message Denial of Service Vulnerability Linux Kernel 2.0.x/2.2.x/2.4.x_FreeBSD 4.x - Network Device Driver Frame Padding Information Disclosure Linux Kernel 2.0.x/2.2.x/2.4.x / FreeBSD 4.x - Network Device Driver Frame Padding Information Disclosure Linux Kernel 2.2.x/2.4.x - Privileged Process Hijacking Vulnerability (1) Linux Kernel 2.2.x/2.4.x - Privileged Process Hijacking Vulnerability (2) Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Vulnerability (1) Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Vulnerability (2) Invision Power Board <= 3.3.4 - _unserialize()_ PHP Code Execution Invision Power Board <= 3.3.4 - 'unserialize()' PHP Code Execution Linux kernel 2.2.x/2.4.x - I/O System Call File Existence Weakness Linux Kernel 2.2.x / 2.4.x - I/O System Call File Existence Weakness CheckPoint/Sofaware Firewall Multiple Vulnerabilities CheckPoint/Sofaware Firewall - Multiple Vulnerabilities Working Resources 1.7.x/2.15 BadBlue Ext.DLL Command Execution Vulnerability Working Resources 1.7.x/2.15 BadBlue - Ext.DLL Command Execution Vulnerability Working Resources BadBlue 1.7.x/2.x Unauthorized HTS Access Vulnerability Working Resources BadBlue 1.7.x/2.x - Unauthorized HTS Access Vulnerability Microsoft IIS 5 WebDAV - PROPFIND and SEARCH Method Denial of Service Vulnerability MYRE Realty Manager Multiple Vulnerabilities MYRE Realty Manager - Multiple Vulnerabilities Myrephp Business Directory Multiple Vulnerabilities MYREphp Vacation Rental Software Multiple Vulnerabilities Myrephp Business Directory - Multiple Vulnerabilities MYREphp Vacation Rental Software - Multiple Vulnerabilities BabyGekko 1.2.2e Multiple Vulnerabilities BabyGekko 1.2.2e - Multiple Vulnerabilities Linux kernel 2.2./2.4.x - /proc Filesystem Potential Information Disclosure Vulnerability Linux Kernel 2.2. / 2.4.x - /proc Filesystem Potential Information Disclosure Vulnerability Linux Kernel 2.4 - execve() System Call Race Condition Vulnerability Linux Kernel 2.4 - execve() System Call Race Condition PoC Vulnerability Aardvark Topsites 4.1 PHP Multiple Vulnerabilities Aardvark Topsites 4.1 PHP - Multiple Vulnerabilities phpwcms <= 1.5.4.6 - _preg_replace_ - Multiple Vulnerabilities phpwcms <= 1.5.4.6 - 'preg_replace' - Multiple Vulnerabilities KAME Racoon _Initial Contact_ SA Deletion Vulnerability lionmax software www file share pro 2.4x Multiple Vulnerabilities (1) lionmax software www file share pro 2.4x Multiple Vulnerabilities (2) KAME Racoon 'Initial Contact' SA Deletion Vulnerability lionmax software www file share pro 2.4x - Multiple Vulnerabilities (1) lionmax software www file share pro 2.4x - Multiple Vulnerabilities (2) DUware Software Multiple Vulnerabilities DUware Software - Multiple Vulnerabilities Linux Kernel Samba 2.2.8 - Share Local Privilege Elevation Vulnerability Linux Kernel Samba 2.2.8 (Debian/Mandrake) - Share Local Privilege Elevation Vulnerability ASP Portal Multiple Vulnerabilities ASP Portal - Multiple Vulnerabilities Working Resources BadBlue Server 2.40 phptest.php Path Disclosure Vulnerability Working Resources BadBlue Server 2.40 - phptest.php Path Disclosure Vulnerability SpiderSales 2.0 Shopping Cart Multiple Vulnerabilities SpiderSales 2.0 Shopping Cart - Multiple Vulnerabilities WarpSpeed 4nAlbum Module 0.92 modules.php gid Parameter SQL Injection WarpSpeed 4nAlbum Module 0.92 - modules.php gid Parameter SQL Injection Astium VoIP PBX <= 2.1 build 25399 - Multiple Vulnerabilities Remote Root Exploit Astium VoIP PBX <= 2.1 build 25399 - Multiple Vulnerabilities/Remote Root Exploit Linux Kernel 2.4/2.6 - Sigqueue Blocking Denial of Service Vulnerability Linux Kernel 2.4 / 2.6 - Sigqueue Blocking Denial of Service Vulnerability phpBugTracker 0.9 user.php bugid Parameter XSS phpBugTracker 0.9 - user.php bugid Parameter XSS Linux Kernel 2.5.x/2.6.x - CPUFreq Proc Handler Integer Handling Vulnerability Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Vulnerability e107 website system 0.6 - _email article to a friend_ Feature XSS e107 website system 0.6 - 'email article to a friend' Feature XSS Rlpr 2.0 msg() Function Multiple Vulnerabilities Rlpr 2.0 msg() Function - Multiple Vulnerabilities Mozilla Browser 0.9/1.x Cache File Multiple Vulnerabilities Mozilla Browser 0.9/1.x Cache File - Multiple Vulnerabilities SCO Multi-channel Memorandum Distribution Facility Multiple Vulnerabilities SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities Working Resources BadBlue 1.7.x/2.x Unauthorized Proxy Relay Vulnerability Working Resources BadBlue 1.7.x/2.x - Unauthorized Proxy Relay Vulnerability Netgear SPH200D Multiple Vulnerabilities Netgear SPH200D - Multiple Vulnerabilities Fortinet FortiMail 400 IBE Multiple Vulnerabilities Fortinet FortiMail 400 IBE - Multiple Vulnerabilities Cisco Unity Express Multiple Vulnerabilities Cisco Unity Express - Multiple Vulnerabilities Linux Kernel - /dev/ptmx Key Stroke Timing Local Disclosure Linux Kernel <= 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure SAP Netweaver Message Server Multiple Vulnerabilities SAP Netweaver Message Server - Multiple Vulnerabilities Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Vulnerability Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Remote PoC Vulnerability Microsoft Internet Explorer 6.0_ Firefox 0.x_Netscape 7.x - IMG Tag Multiple Vulnerabilities Microsoft Internet Explorer 6.0_ Firefox 0.x_Netscape 7.x - IMG Tag - Multiple Vulnerabilities Ubuntu 12.10 - (64-Bit) sock_diag_handlers - Local Root Exploit Linux Kernel <= 3.7.10 (Ubuntu 12.10) (64-Bit) - sock_diag_handlers Local Root Exploit event calendar Multiple Vulnerabilities event calendar - Multiple Vulnerabilities opera Web browser 7.54 java implementation Multiple Vulnerabilities (1) opera Web browser 7.54 java implementation Multiple Vulnerabilities (2) opera Web browser 7.54 java implementation Multiple Vulnerabilities (3) opera Web browser 7.54 java implementation Multiple Vulnerabilities (4) opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1) opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2) opera Web browser 7.54 java implementation - Multiple Vulnerabilities (3) opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4) ca3de Multiple Vulnerabilities ca3de - Multiple Vulnerabilities Vivotek IP Cameras Multiple Vulnerabilities Vivotek IP Cameras - Multiple Vulnerabilities Working Resources BadBlue 2.55 MFCISAPICommand Remote Buffer Overflow Vulnerability (1) Working Resources BadBlue 2.55 MFCISAPICommand Remote Buffer Overflow Vulnerability (2) Working Resources BadBlue 2.55 - MFCISAPICommand Remote Buffer Overflow Vulnerability (1) Working Resources BadBlue 2.55 - MFCISAPICommand Remote Buffer Overflow Vulnerability (2) Linux Kernel 2.6.x - SYS_EPoll_Wait Local Integer Overflow Vulnerability (1) Linux Kernel 2.6.x - SYS_EPoll_Wait Local Integer Overflow Vulnerability (2) Linux Kernel 2.6.x - SYS_EPoll_Wait Local Integer Overflow Local Root Vulnerability (1) Linux Kernel 2.6.x / <= 2.6.9 / <= 2.6.11 (RHEL4) - SYS_EPoll_Wait Local Integer Overflow Local Root Vulnerability (2) Linux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Icecast 2.x - XSL Parser Multiple Vulnerabilities Icecast 2.x - XSL Parser - Multiple Vulnerabilities Linux Kernel 2.4.x/2.6.x - Bluetooth Signed Buffer Index Vulnerability (1) Linux Kernel 2.4.x/2.6.x - Bluetooth Signed Buffer Index Vulnerability (2) Linux Kernel 2.4.x/2.6.x - Bluetooth Signed Buffer Index Vulnerability (3) Linux Kernel 2.4.x/2.6.x - Bluetooth Signed Buffer Index Vulnerability (4) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC Vulnerability (1) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (2) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (3) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (4) Linux Kernel 2.6.37 <= 3.x.x - PERF_EVENTS Local Root Exploit Linux Kernel 2.6.37 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability MetaCart2 StrSubCatalogID Parameter Remote SQL Injection Vulnerability MetaCart2 CurCatalogID Parameter Remote SQL Injection Vulnerability MetaCart2 - IntCatalogID Parameter Remote SQL Injection Vulnerability MetaCart2 - StrSubCatalogID Parameter Remote SQL Injection Vulnerability MetaCart2 - CurCatalogID Parameter Remote SQL Injection Vulnerability neteyes nexusway border gateway Multiple Vulnerabilities neteyes nexusway border gateway - Multiple Vulnerabilities McAfee IntruShield Security Management System Multiple Vulnerabilities McAfee IntruShield Security Management System - Multiple Vulnerabilities Gaim AIM/ICQ Protocols Multiple Vulnerabilities Gaim AIM/ICQ Protocols - Multiple Vulnerabilities bfcommand & control server 1.22/2.0/2.14 manager Multiple Vulnerabilities bfcommand & control server 1.22/2.0/2.14 manager - Multiple Vulnerabilities Linux Kernel <= 2.6 - Console Keymap Local Command Injection Vulnerability Linux Kernel <= 2.6 - Console Keymap Local Command Injection PoC QuickPayPro 3.1 subscribers.tracking.edit.php subtrackingid Parameter SQL Injection QuickPayPro 3.1 - subscribers.tracking.edit.php subtrackingid Parameter SQL Injection QuickPayPro 3.1 tracking.details.php trackingid Parameter SQL Injection QuickPayPro 3.1 - tracking.details.php trackingid Parameter SQL Injection oracle application server discussion forum portlet Multiple Vulnerabilities oracle application server discussion forum portlet - Multiple Vulnerabilities Linux Kernel - 'MSR' Driver Local Privilege Escalation Linux Kernel (Redhat) (32bit/64bit) - 'MSR' Driver Local Privilege Escalation Linux Kernel 2.4.x/2.5.x/2.6.x - Ssockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Apache James 2.2 SMTP Denial of Service Vulnerability Apache James 2.2 - SMTP Denial of Service Vulnerability Linux Kernel - NFS and EXT3 Combination Remote Denial of Service Vulnerability Linux Kernel 2.6.x (<= 2.6.17.7) - NFS and EXT3 Combination Remote Denial of Service Vulnerability Microsoft windows xp/2000/2003 help Multiple Vulnerabilities Microsoft Windows XP/2000/2003 help - Multiple Vulnerabilities ArticleSetup Multiple Vulnerabilities ArticleSetup - Multiple Vulnerabilities PhotoStore details.php gid Parameter XSS PhotoStore view_photog.php photogid Parameter XSS PhotoStore details.php - gid Parameter XSS PhotoStore view_photog.php - photogid Parameter XSS MailEnable 2.x SMTP NTLM Authentication Multiple Vulnerabilities MailEnable 2.x - SMTP NTLM Authentication - Multiple Vulnerabilities BlooMooWeb 1.0.9 - ActiveX Control Multiple Vulnerabilities BlooMooWeb 1.0.9 - ActiveX Control - Multiple Vulnerabilities Simplog 0.9.3 BlogID Parameter Multiple SQL Injection Vulnerabilities Simplog 0.9.3 BlogID Parameter - Multiple SQL Injection Vulnerabilities Oracle January 2007 Security Update Multiple Vulnerabilities Oracle January 2007 Security Update - Multiple Vulnerabilities Linux Kernel 2.6.x - IPv6_SockGlue.c NULL Pointer Dereference Vulnerability Linux Kernel 2.6.x - IPv6_SockGlue.c NULL Pointer Dereference DoS Vulnerability E-Xoops 1.0.5/1.0.8 modules/arcade/index.php gid Parameter SQL Injection E-Xoops 1.0.5/1.0.8 modules/arcade/index.php gid Parameter - SQL Injection LANAI CMS 1.2.14 GALLERY Module gid Parameter SQL Injection LANAI CMS 1.2.14 GALLERY Module - gid Parameter SQL Injection OpenBase 10.0.x - Multiple Vulnerabilities (Buffer Overflow & Remote Command Execution) OpenBase 10.0.x - (Buffer Overflow & Remote Command Execution) Multiple Vulnerabilities ZyXEL P-330W Multiple Vulnerabilities ZyXEL P-330W - Multiple Vulnerabilities WinComLPD Total 3.0.2.623 - Multiple Vulnerabilities (Buffer Overflow and Authentication Bypass) WinComLPD Total 3.0.2.623 - (Buffer Overflow and Authentication Bypass) Multiple Vulnerabilities Zilab Chat and Instant Messaging (ZIM) 2.0/2.1 - Server Multiple Vulnerabilities Zilab Chat and Instant Messaging (ZIM) 2.0/2.1 Server - Multiple Vulnerabilities Linux Kernel 3.4 < 3.13.2 - Arbitrary write with CONFIG_X86_X32 Linux Kernel 3.4 < 3.13.2 - Local Root (CONFIG_X86_X32=y) Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - Arbitrary Write with CONFIG_X86_X32 Exploit Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - Local Root (CONFIG_X86_X32=y) IBM solidDB 6.0.10 - Multiple Vulnerabilities (Format String and Denial of Service) IBM solidDB 6.0.10 - (Format String and Denial of Service) Multiple Vulnerabilities Linux Kernel < 3.4.5 - Local Root Exploit (ARM - Android 4.2.2 / 4.4) Linux Kernel < 3.4.5 (ARM - Android 4.2.2 / 4.4) - Local Root Exploit Catia V5-6R2013 - _CATV5_AllApplications_ - Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_AllApplications' - Stack Buffer Overflow Catia V5-6R2013 - _CATV5_Backbone_Bus_ - Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_Backbone_Bus' - Stack Buffer Overflow Linux Kernel - utrace and ptrace Local Denial of Service Vulnerability (1) Linux Kernel - utrace and ptrace Local Denial of Service Vulnerability (2) Linux Kernel 2.6.9 <= 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service Vulnerability (1) Linux Kernel 2.6.9 <= 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service Vulnerability (2) EasyE-Cards 3.10 - Multiple Vulnerabilities (SQL Injection and Cross-Site Scripting) EasyE-Cards 3.10 - (SQL Injection and Cross-Site Scripting) Multiple Vulnerabilities Jamroom <= 3.3.8 - Multiple Vulnerabilities (Cookie Authentication Bypass and Unspecified Security Issues) Jamroom <= 3.3.8 - (Cookie Authentication Bypass and Unspecified Security Issues) Multiple Vulnerabilities LuxCal 3.2.2 - Multiple Vulnerabilities (CSRF/Blind SQL Injection) LuxCal 3.2.2 - (CSRF/Blind SQL Injection) Multiple Vulnerabilities Linux Kernel 2.6.x - Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness PG Roommate Finder Solution quick_search.php part Parameter XSS PG Roommate Finder Solution viewprofile.php part Parameter XSS PG Roommate Finder Solution - quick_search.php part Parameter XSS PG Roommate Finder Solution - viewprofile.php part Parameter XSS Linux Kernel 2.6.31 - 'perf_counter_open()' Local Buffer Overflow Vulnerability e107 0.7.x - Multiple Vulnerabilities ('CAPTCHA' Security Bypass and Cross-Site Scripting) e107 0.7.x - ('CAPTCHA' Security Bypass and Cross-Site Scripting) Multiple Vulnerabilities IBM Rational RequisitePro 7.10 ReqWeb Help Feature ReqWebHelp/advanced/workingSet.jsp operation Parameter XSS IBM Rational RequisitePro 7.10 - ReqWeb Help Feature ReqWebHelp/advanced/workingSet.jsp operation Parameter XSS Linux Kernel 2.6.x - 'pipe.c' Local Privilege Escalation Vulnerability (1) Linux Kernel 2.6.x - pipe.c Local Privilege Escalation Vulnerability (2) Linux Kernel 2.6.x (2.6.0 <= 2.6.31) - 'pipe.c' Local Privilege Escalation Vulnerability (1) Linux Kernel 2.6.x - 'pipe.c' Local Privilege Escalation Vulnerability (2) Linux Kernel 3.3 < 3.8 - SOCK_DIAG Local Root Exploit Linux Kernel 3.3 < 3.8 (Ubuntu/Fedora 18) - SOCK_DIAG Local Root Exploit Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition (x64) Local Privilege Escalation Linux Kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition (x64) Local Privilege Escalation Ubuntu 12.04.0-2LTS x64 - perf_swevent_init Kernel Local Root Exploit Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.(0_1_2) x64) - perf_swevent_init Local Root Exploit Linux Kernel - 'find_keyring_by_name()' Local Memory Corruption Vulnerability Linux Kernel <= 2.6.34 - 'find_keyring_by_name()' Local Memory Corruption Vulnerability Linux Kernel - ptrace/sysret - Local Privilege Escalation Linux Kernel < 3.2.0-23 (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation Trend Micro InterScan Web Security Virtual Appliance Multiple Vulnerabilities Trend Micro InterScan Web Security Virtual Appliance - Multiple Vulnerabilities OpenLDAP 2.4.22 - 'modrdn' Request Multiple Vulnerabilities OpenLDAP 2.4.22 - ('modrdn' Request) Multiple Vulnerabilities ServletExec - Multiple Vulnerabilities (Directory Traversal and Authentication-Bypass) ServletExec - (Directory Traversal and Authentication-Bypass) Multiple Vulnerabilities Creative Contact Form - Arbitrary File Upload Creative Contact Form 0.9.7 - Arbitrary File Upload Aireplay-ng 1.2 beta3 - _tcp_test_ Length Parameter Stack Overflow Aireplay-ng 1.2 beta3 - 'tcp_test' Length Parameter Stack Overflow Windows OLE - Remote Code Execution _Sandworm_ Exploit (MS14-060) Windows OLE - Remote Code Execution 'Sandworm' Exploit (MS14-060) Drupal Embedded Media Field/Media 6.x : Video Flotsam/Media: Audio Flotsam Multiple Vulnerabilities Drupal Embedded Media Field/Media 6.x : Video Flotsam/Media: Audio Flotsam - Multiple Vulnerabilities CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities CBN CH6640E/CG6640E Wireless Gateway Series - Multiple Vulnerabilities Xerox Multifunction Printers (MFP) _Patch_ DLM Vulnerability Xerox Multifunction Printers (MFP) 'Patch' DLM Vulnerability Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (2) Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) - Mempodipper Local Root (2) Newv SmartClient 1.1.0 - 'NewvCommon.ocx' ActiveX Control Multiple Vulnerabilities Newv SmartClient 1.1.0 - 'NewvCommon.ocx' ActiveX Control - Multiple Vulnerabilities Eclipse 3.3.2 IDE Help Server help/advanced/workingSetManager.jsp workingSet Parameter XSS Eclipse 3.3.2 IDE - Help Server help/advanced/workingSetManager.jsp workingSet Parameter XSS Linux Kernel - libfutex - Local Root for RHEL/CentOS 7.0.1406 Linux Kernel <= 3.14.5 (RHEL/CentOS 7) - libfutex Local Root RealNetworks GameHouse 'InstallerDlg.dll' 2.6.0.445 - ActiveX Control Multiple Vulnerabilities RealNetworks GameHouse 'InstallerDlg.dll' 2.6.0.445 ActiveX Control - Multiple Vulnerabilities OS X networkd _effective_audit_token_ XPC Type Confusion Sandbox Escape OS X networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow Vulnerability Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow Proof of Concept AJ Classifieds 'listingid' Parameter SQL Injection Vulnerability AJ Classifieds 'listingid' Parameter - SQL Injection Vulnerability BlueSoft Social Networking CMS SQL Injection Vulnerability BlueSoft Social Networking CMS - SQL Injection Vulnerability Linux Kernel IRET Instruction #SS Fault Handling - Crash PoC Linux Kernel PPP-over-L2TP Socket Level Handling - Crash PoC Linux Kernel Associative Array Garbage Collection - Crash PoC Linux Kernel <= 3.17.5 - IRET Instruction #SS Fault Handling Crash PoC Linux Kernel <= 3.15.6 - PPP-over-L2TP Socket Level Handling Crash PoC Linux Kernel <= 3.16.3 - Associative Array Garbage Collection Crash PoC Linux Kernel - Network Namespace Remote Denial of Service Vulnerability Linux Kernel <= 2.6.35 - Network Namespace Remote Denial of Service Vulnerability Kayako SupportSuite 3.x Multiple Vulnerabilities Kayako SupportSuite 3.x - Multiple Vulnerabilities Linux Kernel splice() System Call - Local DoS Linux Kernel <= 3.13 / <= 3.14 (Ubuntu) - splice() System Call Local DoS Mac OS X - _Rootpipe_ Privilege Escalation Mac OS X - 'Rootpipe' Privilege Escalation Apport - Local Linux Root Apport 2.14.1 (Ubuntu 14.04.2) - Linux Local Root Exploit SixApart MovableType Storable Perl Code Execution SixApart MovableType - Storable Perl Code Execution WordPress TagGator 'tagid' Parameter SQL Injection Vulnerability WordPress TagGator 'tagid' Parameter - SQL Injection Vulnerability JSPMyAdmin 1.1 Multiple Vulnerabilities JSPMyAdmin 1.1 - Multiple Vulnerabilities WordPress NewStatPress Plugin 0.9.8 Multiple Vulnerabilities WordPress Landing Pages Plugin 1.8.4 Multiple Vulnerabilities WordPress NewStatPress Plugin 0.9.8 - Multiple Vulnerabilities WordPress Landing Pages Plugin 1.8.4 - Multiple Vulnerabilities ESC 8832 Data Controller Multiple Vulnerabilities ESC 8832 Data Controller - Multiple Vulnerabilities ZTE AC 3633R USB Modem Multiple Vulnerabilities ZTE AC 3633R USB Modem - Multiple Vulnerabilities OSSEC 2.7 <= 2.8.1 - _diff_ Command Local Root Escalation OSSEC 2.7 <= 2.8.1 - 'diff' Command Local Root Escalation Ubuntu 12.04_ 14.04_ 14.10_ 15.04 - overlayfs Local Root (Shell) Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root (Shell) Ubuntu 12.04_ 14.04_ 14.10_ 15.04 - overlayfs Local Root (Shadow File) Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root (Shadow File) OSSEC WUI 0.8 - Denial of Service Adobe Flash Use-After-Free in Drawing Methods _this_ Adobe Flash - Use-After-Free in Drawing Methods 'this' Kaspersky Antivirus _Yoda's Protector_ Unpacking Memory Corruption Kaspersky Antivirus - Yoda's Protector Unpacking Memory Corruption Kallithea 0.2.9 (came_from) HTTP Response Splitting Vulnerability Kallithea 0.2.9 - (came_from) HTTP Response Splitting Vulnerability Linux/MIPS Kernel NetUSB - Remote Code Execution Exploit Linux/MIPS Kernel 2.6.36 NetUSB - Remote Code Execution Exploit Linux Kernel <= 3.2.1 - Tracing Mutiple Local Denial of Service Vulnerabilities Cisco Linksys WRT310N Router Multiple Denial of Service Vulnerabilities Cisco Linksys WRT310N Router - Multiple Denial of Service Vulnerabilities WordPress WP Private Messages Plugin 'msgid' Parameter SQL Injection Vulnerability WordPress WP Private Messages Plugin - 'msgid' Parameter SQL Injection Vulnerability Microsoft Windows Media Center Library Parsing RCE Vulnerability aka _self-executing_ MCL File Microsoft Windows Media Center Library - Parsing RCE Vulnerability aka 'self-executing' MCL File MyBB 'misc.php' Remote Denial of Service Vulnerability MyBB 1.6.12 - 'misc.php' Remote Denial of Service Vulnerability WHMCS 'cart.php' Denial of Service Vulnerability phpBB <= 3.0.8 Remote Denial of Service Vulnerability WHMCS 5.12 - 'cart.php' Denial of Service Vulnerability phpBB <= 3.0.8 - Remote Denial of Service Vulnerability Ubuntu 14.04 LTS_ 15.10 - overlayfs Local Root Exploit Linux Kernel <=4.3.3 (Ubuntu 14.04_ 15.10) - overlayfs Local Root Exploit Linux Kernel overlayfs - Local Privilege Escalation Linux Kernel <= 4.3.3 overlayfs - Local Privilege Escalation Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers Linux Kernel - REFCOUNT Overflow/Use-After-Free in Keyrings Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Linux Kernel - prima WLAN Driver Heap Overflow Linux Kernel <= 3.x / <= 4.x - prima WLAN Driver Heap Overflow Multiple Aztech Routers '/cgi-bin/AZ_Retrain.cgi' Denial of Service Vulnerability Multiple Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service Vulnerability WordPress Wordfence Security Plugin Multiple Vulnerabilities WordPress Wordfence Security Plugin - Multiple Vulnerabilities STIMS Buffer - Buffer Overflow SEH - DoS STIMS Cutter - Buffer Overflow DoS STIMS Buffer 1.1.20 - Buffer Overflow SEH (DoS) STIMS Cutter 1.1.3.20 - Buffer Overflow DoS Linux Kernel - digi_acceleport Nullpointer Dereference Linux Kernel - Wacom Multiple Nullpointer Dereferences Linux Kernel - visor (treo_attach) Nullpointer Dereference Linux Kernel - visor clie_5_attach Nullpointer Dereference Linux Kernel - cypress_m8 Nullpointer Dereference Linux Kernel - mct_u232 Nullpointer Dereference Linux Kernel - cdc_acm Nullpointer Dereference Linux Kernel - aiptek Nullpointer Dereference Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - digi_acceleport Nullpointer Dereference Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - Wacom Multiple Nullpointer Dereferences Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - visor (treo_attach) Nullpointer Dereference Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - visor clie_5_attach Nullpointer Dereference Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - cypress_m8 Nullpointer Dereference Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - mct_u232 Nullpointer Dereference Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - cdc_acm Nullpointer Dereference Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - aiptek Nullpointer Dereference RHEL 7.1 Kernel - snd-usb-audio Crash PoC RHEL 7.1 Kernel - iowarrior driver Crash PoC RHEL 7.1 (and CentOS) Kernel 3.10.0-229.x - snd-usb-audio Crash PoC RHEL 7.1 (and CentOS) Kernel 3.10.0-229.x - iowarrior driver Crash PoC LShell <= 0.9.15 - Remote Code Execution LShell <= 0.9.15 - Remote Code Execution Exim _perl_startup_ Privilege Escalation Exim - 'perl_startup' Privilege Escalation NetCommWireless HSPA 3G10WVE Wireless Router – Multiple Vulnerabilities NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities Linux Kernel 4.4.x (Ubuntu 16.04) - Use-After-Free via double-fdput() in bpf(BPF_PROG_LOAD) Error Path Local Root Exploit Linux Kernel 4.4.x (Ubuntu 16.04) - double-fdput() in bpf(BPF_PROG_LOAD) Local Root Exploit i.FTP 2.21 - Host Address / URL Field SEH Exploit All Windows Null-Free Shellcode - Functional Keylogger to File - 601 (0x0259) bytes MediaInfo 0.7.61 - Crash PoC Ipswitch WS_FTP LE 12.3 - Search field SEH Overwrite POC Core FTP Server 32-bit Build 587 - Heap Overflow Multiple JVC HDRs and Net Cameras - Multiple Vulnerabilities Adobe Reader DC 15.010.20060 - Memory Corruption Nfdump Nfcapd 1.6.14 - Multiple Vulnerabilities	2016-05-11 05:03:54 +00:00
Offensive Security	01664c67b8	DB: 2016-05-10 11 new exploits JITed egg-hunter stage-0 shellcode Adjusted universal for xp/vista/win7 JITed egg-hunter stage-0 shellcode Adjusted universal for XP/Vista/Windows 7 BlazeDVD 5.1- (.plf) Stack Buffer Overflow PoC Exploit - ALSR/DEP Bypass on Win7 BlazeDVD 5.1 - (.plf) Stack Buffer Overflow PoC Exploit (Windows 7 ALSR/DEP Bypass) Winamp 5.572 - Local BoF Exploit (Win7 ASLR and DEP Bypass) Winamp 5.572 - Local BoF Exploit (Windows 7 ASLR and DEP Bypass) RM Downloader 3.1.3 - Local SEH Exploit (Win7 ASLR and DEP Bypass) RM Downloader 3.1.3 - Local SEH Exploit (Windows 7 ASLR and DEP Bypass) UFO: Alien Invasion 2.2.1 - BoF Exploit (Win7 ASLR and DEP Bypass) UFO: Alien Invasion 2.2.1 - BoF Exploit (Windows 7 ASLR and DEP Bypass) The KMPlayer 3.0.0.1440 - (.mp3) Buffer Overflow Exploit (Win7 + ASLR Bypass) The KMPlayer 3.0.0.1440 - (.mp3) Buffer Overflow Exploit (Windows 7 + ASLR Bypass) Mozilla Firefox 3.6.16 mChannel Object Use After Free Exploit (Win7) Mozilla Firefox 3.6.16 - mChannel Object Use After Free Exploit (Windows 7) QQPLAYER PICT PnSize Buffer Overflow WIN7 DEP_ASLR BYPASS QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS GNU Bash - Environment Variable Command Injection (ShellShock) Bash - Environment Variables Code Injection Exploit (ShellShock) GNU Bash - Environment Variable Command Injection (Shellshock) Bash - Environment Variables Code Injection Exploit (Shellshock) OpenVPN 2.2.29 - ShellShock Exploit OpenVPN 2.2.29 - Shellshock Exploit Bash - CGI RCE Shellshock Exploit (Metasploit) Bash CGI - RCE Shellshock Exploit (Metasploit) PHP 5.x (< 5.6.2) - Shellshock Exploit (Bypass disable_functions) PHP 5.x (< 5.6.2) - Bypass disable_functions (Shellshock Exploit) OSSEC 2.8 - Privilege Escalation OSSEC 2.8 - hosts.deny Privilege Escalation ShellShock dhclient Bash Environment Variable Command Injection PoC dhclient 4.1 - Bash Environment Variable Command Injection PoC (Shellshock) OSSEC 2.7 <= 2.8.1 - Local Root Escalation OSSEC 2.7 <= 2.8.1 - _diff_ Command Local Root Escalation Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) #2 Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) BigTree CMS Cross Site Request Forgery Vulnerability Advantech Switch Bash Environment Variable Code Injection (Shellshock) Advantech Switch - Bash Environment Variable Code Injection (Shellshock) KiTTY Portable <= 0.65.0.2p Local kitty.ini Overflow (Wow64 Egghunter Win7) KiTTY Portable <= 0.65.0.2p Local kitty.ini Overflow (Win8.1/Win10) KiTTY Portable <= 0.65.0.2p - Local kitty.ini Overflow (Wow64 Egghunter Windows 7) KiTTY Portable <= 0.65.0.2p - Local kitty.ini Overflow (Windows 8.1/Windows 10) Windows Null-Free Shellcode - Primitive Keylogger to File - 431 (0x01AF) bytes Ajaxel CMS 8.0 - Multiple Vulnerabilities i.FTP 2.21 - Host Address / URL Field SEH Exploit Dell SonicWall Scrutinizer <= 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution ZeewaysCMS - Multiple Vulnerabilities ASUS Memory Mapping Driver (ASMMAP/ASMMAP64): Physical Memory Read/Write Certec EDV atvise SCADA Server 2.5.9 - Privilege Escalation Microsoft Windows 7 - WebDAV Privilege Escalation Exploit (MS16-016) (2) RPCScan 2.03 - Hostname/IP Field SEH Overwrite PoC ImageMagick Delegate Arbitrary Command Execution Ruby on Rails Development Web Console (v2) Code Execution	2016-05-10 05:02:47 +00:00
Offensive Security	b3321b3426	DB: 2015-05-15 17 new exploits	2015-05-15 05:02:32 +00:00
Offensive Security	cc553d1147	DB: 2015-04-20 11 new exploits	2015-04-20 12:44:13 +00:00
Offensive Security	5924dde297	DB: 2015-03-19 2 new exploits	2015-03-19 09:39:10 +00:00
Offensive Security	51e5e42e74	Update: 2015-03-17 49 new exploits	2015-03-17 08:36:10 +00:00
Offensive Security	2ea55e459e	Updated 07_23_2014	2014-07-23 04:39:44 +00:00
Offensive Security	03145e7e42	Updated 04_29_2014	2014-04-29 04:36:23 +00:00
Offensive Security	fffbf04102	Updated	2013-12-03 19:44:07 +00:00

15 commits