Offensive Security
c9ca104d1d
DB: 2017-10-26
...
11 new exploits
Ultr@VNC 1.0.1 - client Log::ReallyPrint Buffer Overflow (PoC)
Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow (PoC)
AT-TFTP 1.9 - 'Long Filename' Remote Buffer Overflow (PoC)
AT-TFTP 1.9 - 'Filename' Remote Buffer Overflow (PoC)
VUPlayer 2.49 - '.asx' (HREF) Local Buffer Overflow (PoC)
VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (PoC)
ByteCatcher FTP Client 1.0.4 - Long Server Banner Buffer Overflow
ByteCatcher FTP Client 1.0.4 - 'Server Banner' Buffer Overflow
Avant Browser 8.0.2 - Long HTTP Request Buffer Overflow
Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow
thttpd 2.2x - defang Remote Buffer Overflow (PoC)
thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC)
Rigs of Rods 0.33d - Long Vehicle Name Buffer Overflow
Rigs of Rods 0.33d - 'Vehicle Name' Buffer Overflow
Wireshark infer_pkt_encap - Heap Based Out-of-Bounds Read
Wireshark AirPDcapDecryptWPABroadcastKey - Heap Based Out-of-Bounds Read
Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1)
Wireshark - AirPDcapDecryptWPABroadcastKey Heap Based Out-of-Bounds Read
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2)
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4- PacketBB Dissector Denial of Service
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - PacketBB Dissector Denial of Service
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (1)
glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploits
glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploit
WinRAR 3.30 - Long Filename Buffer Overflow (1)
WinRAR 3.30 - Long Filename Buffer Overflow (2)
WinRAR 3.30 - 'Filename' Buffer Overflow (1)
WinRAR 3.30 - 'Filename' Buffer Overflow (2)
Pico Zip 4.01 - Long Filename Buffer Overflow
Pico Zip 4.01 - 'Filename' Buffer Overflow
PowerZip 7.06.38950 - Long Filename Handling Buffer Overflow
PowerZip 7.06.38950 - 'Filename Handling' Buffer Overflow
Oracle 9i/10g - Evil Views Change Passwords Exploit
Oracle 9i/10g - Evil Views Change Passwords
Oracle 10g/11g - SYS.LT.FINDRICSET SQL Injection (1)
Oracle 10g/11g - SYS.LT.FINDRICSET SQL Injection (2)
Oracle 10g/11g - 'SYS.LT.FINDRICSET' SQL Injection (1)
Oracle 10g/11g - 'SYS.LT.FINDRICSET' SQL Injection (2)
VUPlayer 2.49 - '.asx' (HREF) Local Buffer Overflow (2)
VUPlayer 2.49 - '.asx' (HREF) Local Buffer Overflow (1)
VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (2)
VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (1)
Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (1)
Wireshark 1.4.4 - 'packet-dect.c' Stack Buffer Overflow (Metasploit) (1)
SGI IRIX 6.2 - eject Exploit (1)
SGI IRIX 6.2 - eject Exploit (2)
SGI IRIX 6.2 - 'eject' Exploit (1)
SGI IRIX 6.2 - 'eject' Exploit (2)
Slackware Linux 3.1/3.2 - color_xterm Buffer Overflow (2)
Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (2)
RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 mailx - Exploit (2)
RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (2)
RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - klogd Buffer Overflow (1)
RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - klogd Buffer Overflow (2)
RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Buffer Overflow (1)
RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Buffer Overflow (2)
Solaris 2.5.1 kcms - Buffer Overflow (1)
Solaris 2.5.1 kcms - Buffer Overflow (2)
Solaris 2.5.1 - 'kcms' Buffer Overflow (1)
Solaris 2.5.1 - 'kcms' Buffer Overflow (2)
SGI IRIX 6.3 Systour and OutOfBox - Exploits
SGI IRIX 6.3 Systour and OutOfBox - Exploit
RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap tgetent() Buffer Overflow (1)
RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (1)
GNU glibc 2.1/2.1.1 -6 - pt_chown Exploit
GNU glibc 2.1/2.1.1 -6 - 'pt_chown' Exploit
Solaris 7.0 ufsdump - Local Buffer Overflow (1)
Solaris 7.0 ufsdump - Local Buffer Overflow (2)
Solaris 7.0 - 'ufsdump' Local Buffer Overflow (1)
Solaris 7.0 - 'ufsdump' Local Buffer Overflow (2)
SCO Unixware 7.0 - xlock(1) (long 'Username') Buffer Overflow
SCO Unixware 7.0 - 'xlock(1)' 'Username' Buffer Overflow
RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x man - Buffer Overrun (1)
RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x man - Buffer Overrun (2)
RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x - 'man' Buffer Overrun (1)
RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x - 'man' Buffer Overrun (2)
Solaris 2.6/7.0 - lpset -r Buffer Overflow (1)
Solaris 2.6/7.0 - lpset -r Buffer Overflow (2)
Solaris 2.6/7.0 - lpset -r Buffer Overflow (3)
Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (1)
Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (2)
Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (3)
Solaris 2.6/7.0/8 netpr - Buffer Overflow (1)
Solaris 2.6/7.0/8 netpr - Buffer Overflow (2)
Solaris 2.6/7.0/8 - 'netpr' Buffer Overflow (1)
Solaris 2.6/7.0/8 - 'netpr' Buffer Overflow (2)
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (1)
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (2)
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (3)
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1)
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2)
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3)
Solaris 2.x/7.0/8 Catman - Race Condition (1)
Solaris 2.x/7.0/8 Catman - Race Condition (2)
Solaris 2.x/7.0/8 - 'Catman' Race Condition (1)
Solaris 2.x/7.0/8 - 'Catman' Race Condition (2)
DG/UX 4.20 lpsched - Long Error Message Buffer Overflow
DG/UX 4.20 lpsched - 'Error Message' Buffer Overflow
Solaris 7/8 kcms_configure - Command-Line Buffer Overflow (1)
Solaris 7/8 kcms_configure - Command-Line Buffer Overflow (2)
Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (1)
Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (2)
Solaris 2.5/2.6/7.0/8 - mailx -F Buffer Overflow (1)
Solaris 2.5/2.6/7.0/8 - mailx -F Buffer Overflow (2)
Solaris 2.5/2.6/7.0/8 - 'mailx -F' Buffer Overflow (1)
Solaris 2.5/2.6/7.0/8 - 'mailx -F' Buffer Overflow (2)
Sawmill 6.2.x - AdminPassword Insecure Default Permissions
Sawmill 6.2.x - Admin Password Insecure Default Permissions
XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (1)
XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (2)
XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (3)
XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (4)
XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (1)
XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (2)
XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (3)
XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (4)
BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct Retn)
BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct RETN)
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation (1)
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation (2)
Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - 'Long Filename' Remote Buffer Overflow
Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - 'Filename' Remote Buffer Overflow
Microsoft Internet Explorer - XML Parsing Buffer Overflow
Microsoft Internet Explorer - XML Parsing Buffer Overflow (1)
Microsoft Internet Explorer - XML Parsing Buffer Overflow
Microsoft Internet Explorer - XML Parsing Buffer Overflow (2)
Orbit Downloader 2.8.4 - Long Hostname Remote Buffer Overflow
Orbit Downloader 2.8.4 - 'Hostname' Remote Buffer Overflow
Huawei SmartAX MT880 - Multiple Cross-Site Request Forgery Vulnerabilities
Huawei SmartAX MT880 - Cross-Site Request Forgery Multiple Vulnerabilities
Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)
Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (1) (Metasploit)
HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities
HP LaserJet Printers - Persistent Cross-Site Scripting Multiple Vulnerabilities
XFTP 3.0 Build 0239 - Long Filename Buffer Overflow
XFTP 3.0 Build 0239 - 'Filename' Buffer Overflow
Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)
Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (2) (Metasploit)
D-Link TFTP 1.0 - Long Filename Buffer Overflow (Metasploit)
ProSysInfo TFTP server TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit)
3Com TFTP Service (3CTftpSvc) - Long Mode Buffer Overflow (Metasploit)
D-Link TFTP 1.0 - 'Filename' Buffer Overflow (Metasploit)
ProSysInfo TFTP server TFTPDWIN 0.4.2 - 'Filename' Buffer Overflow (Metasploit)
3Com TFTP Service (3CTftpSvc) - 'Mode' Buffer Overflow (Metasploit)
TFTPD32 < 2.21 - Long Filename Buffer Overflow (Metasploit)
TFTPD32 < 2.21 - 'Filename' Buffer Overflow (Metasploit)
Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (2)
Wireshark 1.4.4 - 'packet-dect.c' Stack Buffer Overflow (Metasploit) (2)
WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - realpath Exploit (1)
WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - realpath Exploit (2)
WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Exploit (1)
WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Exploit (2)
Trend Micro Interscan VirusWall 3.2.3/3.3 - Long HELO Buffer Overflow (1)
Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (1)
Trend Micro Interscan VirusWall 3.2.3/3.3 - Long HELO Buffer Overflow (2)
Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (2)
Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (1)
Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (2)
Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (3)
Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (4)
Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (1)
Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (2)
Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (3)
Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (4)
Sun Java Web Server 1.1.3/2.0 Servlets - Exploits
Sun Java Web Server 1.1.3/2.0 Servlets - Exploit
Samba 1.9.19 - Long Password Buffer Overflow
Samba 1.9.19 - 'Password' Buffer Overflow
OReilly Software WebSite Professional 2.5.4 - Directory Disclosure
OReilly Software WebSite Professional 2.5.4 - Path Disclosure
PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (1)
PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (2)
PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (3)
PowerScripts PlusMail WebConsole 1.0 - Weak Authentication (1)
PowerScripts PlusMail WebConsole 1.0 - Weak Authentication (2)
PowerScripts PlusMail WebConsole 1.0 - Weak Authentication (3)
AOLServer 3 - Long Authentication String Buffer Overflow (1)
AOLServer 3 - Long Authentication String Buffer Overflow (2)
AOLServer 3 - 'Authentication String' Buffer Overflow (1)
AOLServer 3 - 'Authentication String' Buffer Overflow (2)
John Roy Pi3Web 2.0 For Windows - Long Request Buffer Overflow
John Roy Pi3Web 2.0 For Windows - Buffer Overflow
Phusion WebServer 1.0 - Long URL Buffer Overflow
Phusion WebServer 1.0 - 'URL' Buffer Overflow
Essentia Web Server 2.1 - Long URL Buffer Overflow
Essentia Web Server 2.1 - 'URL' Buffer Overflow
Monkey HTTP Server 0.1/0.4/0.5 - Multiple Cross-Site Scripting Vulnerabilities
Monkey HTTP Server 0.1/0.4/0.5 - Cross-Site Scripting Multiple Vulnerabilities
TFTPD32 2.50 - Long Filename Buffer Overflow
TFTPD32 2.50 - 'Filename' Buffer Overflow
Opera 6.0/7.0 - Long Filename Download Buffer Overrun
Opera 6.0/7.0 - 'Filename Download' Buffer Overrun
PGP4Pine 1.75.6/1.76 - Long Message Line Buffer Overflow
PGP4Pine 1.75.6/1.76 - 'Message Line' Buffer Overflow
Passlog Daemon 0.1 - SL_Parse Remote Buffer Overflow (1)
Passlog Daemon 0.1 - SL_Parse Remote Buffer Overflow (2)
Passlog Daemon 0.1 - 'SL_Parse' Remote Buffer Overflow (1)
Passlog Daemon 0.1 - 'SL_Parse' Remote Buffer Overflow (2)
Tellurian TftpdNT 1.8/2.0 - Long Filename Buffer Overrun
Tellurian TftpdNT 1.8/2.0 - 'Filename' Buffer Overrun
Nokia Electronic Documentation 5.0 - Directory Disclosure
Nokia Electronic Documentation 5.0 - Path Disclosure
TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities
TCLHttpd 3.4.2 - Cross-Site Scripting Multiple Vulnerabilities
WebFS 1.x - Long Pathname Buffer Overrun
WebFS 1.x - 'Pathname' Buffer Overrun
Monit 1.4/2.x/3/4 - Long HTTP Request Buffer Overrun
Monit 1.4/2.x/3/4 - 'HTTP Request' Buffer Overrun
Novell Netware Enterprise Web Server 5.1/6.0 - Multiple Cross-Site Scripting Vulnerabilities
Novell Netware Enterprise Web Server 5.1/6.0 - Cross-Site Scripting Multiple Vulnerabilities
Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities
Oracle Reports Server 10g 9.0.2 - Cross-Site Scripting Multiple Vulnerabilities
NETGEAR MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow
NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Buffer Overflow
Hilgraeve HyperAccess 8.4 - Multiple Remote Command Execution Vulnerabilities
Hilgraeve HyperAccess 8.4 - Remote Command Execution Multiple Vulnerabilities
TeamSpeak Server 2.0.23 (Multiple Scripts) - Multiple Cross-Site Scripting Vulnerabilities
TeamSpeak Server 2.0.23 (Multiple Scripts) - Cross-Site Scripting Multiple Vulnerabilities
RedHat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities
RedHat Directory Server 7.1 - Cross-Site Scripting Multiple Vulnerabilities
Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Multiple Cross-Site Scripting Vulnerabilities
Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Cross-Site Scripting Multiple Vulnerabilities
RSA Authentication Agent for Web 5.3 - URI Redirection
RSA Authentication Agent for Web 5.3 - Open Redirection
Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' URI redirection
Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection
Novell QuickFinder Server - Multiple Cross-Site Scripting Vulnerabilities
Novell QuickFinder Server - Cross-Site Scripting Multiple Vulnerabilities
Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Multiple Cross-Site Scripting Vulnerabilities
Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Cross-Site Scripting Multiple Vulnerabilities
XAMPP 1.6.x - Multiple Cross-Site Scripting Vulnerabilities
XAMPP 1.6.x - Cross-Site Scripting Multiple Vulnerabilities
Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities
Zenoss 2.3.3 - Cross-Site Request Forgery Multiple Vulnerabilities
Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities
Huawei HG510 - Cross-Site Request Forgery Multiple Vulnerabilities
IBM Lotus Notes 6.5.6 - 'names.nsf' Open redirection
IBM Lotus Notes 6.5.6 - 'names.nsf' Open Redirection
HP System Management Homepage - 'RedirectUrl' URI Redirection
HP System Management Homepage - 'RedirectUrl' Open Redirection
Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities
Nagios XI - Cross-Site Request Forgery Multiple Vulnerabilities
DServe - Multiple Cross-Site Scripting Vulnerabilities
DServe - Cross-Site Scripting Multiple Vulnerabilities
Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities
Mozilla Firefox/Thunderbird/SeaMonkey - HTML Injection Multiple Vulnerabilities
Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities
SurgeFTP 23b6 - Multiple Cross-Site Scripting Vulnerabilities
Microsoft Visual Studio Report Viewer 2005 Control - Cross-Site Scripting Multiple Vulnerabilities
SurgeFTP 23b6 - Cross-Site Scripting Multiple Vulnerabilities
Xavi 7968 ADSL Router - Multiple Cross-Site Request Forgery Vulnerabilities
Xavi 7968 ADSL Router - Cross-Site Request Forgery Multiple Vulnerabilities
Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities
Barracuda CudaTel Communication Server 2.0.029.1 - HTML Injection Multiple Vulnerabilities
Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities
Barracuda Email Security Service - HTML Injection Multiple Vulnerabilities
Websense Content Gateway - Multiple Cross-Site Scripting Vulnerabilities
Websense Content Gateway - Cross-Site Scripting Multiple Vulnerabilities
FirePass 7.0 SSL VPN - 'refreshURL' URI Redirection
FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection
Fortinet FortiWeb (Multiple Appliances) - Multiple Cross-Site Scripting Vulnerabilities
Fortinet FortiWeb (Multiple Appliances) - Cross-Site Scripting Multiple Vulnerabilities
Apache OFBiz 10.4.x - Multiple Cross-Site Scripting Vulnerabilities
Apache OFBiz 10.4.x - Cross-Site Scripting Multiple Vulnerabilities
Dell SonicWALL Scrutinizer - Multiple HTML Injection Vulnerabilities
Dell SonicWALL Scrutinizer - HTML Injection Multiple Vulnerabilities
Foscam IP (Multiple Cameras) - Multiple Cross-Site Request Forgery Vulnerabilities
Foscam IP (Multiple Cameras) - Cross-Site Request Forgery Multiple Vulnerabilities
Sony CH / DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities
Sony CH / DH Series IP Cameras - Cross-Site Request Forgery Multiple Vulnerabilities
Apache Struts 2.2.3 - Multiple Open redirection Vulnerabilities
Apache Struts 2.2.3 - Multiple Open Redirections
Barracuda CudaTel - Multiple Cross-Site Scripting Vulnerabilities
Barracuda CudaTel - Cross-Site Scripting Multiple Vulnerabilities
Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Unauthenticated Remote Code Execution (Metasploit)
ZeroBoard Worm - Source Code
ZeroBoard - Worm Source Code
Maxwebportal 1.36 - 'Password.asp' Change Password Exploit (3) (Perl)
Maxwebportal 1.36 - 'Password.asp' Change Password Exploit (2) (PHP)
Maxwebportal 1.36 - 'Password.asp' Change Password Exploit (1) (HTML)
Maxwebportal 1.36 - 'Password.asp' Change Password (3) (Perl)
Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP)
Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)
Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities
Jupiter CMS 1.1.5 - Cross-Site Scripting Multiple Vulnerabilities
AuraCMS 2.x - '/user.php' Security Code Bypass / Add Administrator
AuraCMS 2.x - '/user.php' Security Code Bypass / Arbitrary Add Administrator
pPIM 1.0 - upload/change Password
pPIM 1.0 - Upload/Change Password
Observer 0.3.2.1 - Multiple Remote Command Execution Vulnerabilities
Observer 0.3.2.1 - Remote Command Execution Multiple Vulnerabilities
VideoScript 4.0.1.50 - Admin Change Password Exploit
VideoScript 4.0.1.50 - Change Admin Password
txtBB 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit
txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges
eLitius 1.0 - '/manage-admin.php' Add Admin/Change Password Exploit
eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password Exploit
ShaadiClone 2.0 - 'addAdminmembercode.php' Add Admin
ShaadiClone 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin
ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin
ZeeCareers 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin
ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities
ecshop 2.6.2 - Remote Command Execution Multiple Vulnerabilities
Zen Cart 1.3.8 - SQL Execution Exploit
Zen Cart 1.3.8 - SQL Execution
ZenPhoto Gallery 1.2.5 - Admin Password Reset (CRSF)
ZenPhoto Gallery 1.2.5 - Admin Password Reset (Cross-Site Request Forgery)
Snitz Forums 2000 - Multiple Cross-Site Scripting Vulnerabilities
Snitz Forums 2000 - Cross-Site Scripting Multiple Vulnerabilities
Hyperic HQ 3.2 < 4.2-beta1 - Multiple Cross-Site Scripting Vulnerabilities
Hyperic HQ 3.2 < 4.2-beta1 - Cross-Site Scripting Multiple Vulnerabilities
McAfee Network Security Manager < 5.1.11.8.1 - Multiple Cross-Site Scripting Vulnerabilities
McAfee Network Security Manager < 5.1.11.8.1 - Cross-Site Scripting Multiple Vulnerabilities
IBM Rational RequisitePro 7.10 / ReqWebHelp - Multiple Cross-Site Scripting Vulnerabilities
IBM Rational RequisitePro 7.10 / ReqWebHelp - Cross-Site Scripting Multiple Vulnerabilities
Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities
Sun Solaris AnswerBook2 - Cross-Site Scripting Multiple Vulnerabilities
Chipmunk Board Script 1.x - Multiple Cross-Site Request Forgery Vulnerabilities
Chipmunk Board Script 1.x - Cross-Site Request Forgery Multiple Vulnerabilities
Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities
Ez Cart 1.0 - Cross-Site Request Forgery Multiple Vulnerabilities
Basic PHP Events Lister 2 - Add Admin
Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities
Basic PHP Events Lister 2 - Arbitrary Add Admin
Jobscript4Web 3.5 - Cross-Site Request Forgery Multiple Vulnerabilities
Traidnt Gallery - Add Admin
Traidnt Gallery - Arbitrary Add Admin
X7CHAT 1.3.6b - Add Admin
X7CHAT 1.3.6b - Arbitrary Add Admin
Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Drupal 6.15 - Persistent Cross-Site Scripting Multiple Vulnerabilities
CiviCRM 3.1 < Beta 5 - Multiple Cross-Site Scripting Vulnerabilities
CiviCRM 3.1 < Beta 5 - Cross-Site Scripting Multiple Vulnerabilities
Croogo 1.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
Croogo 1.2.1 - Cross-Site Request Forgery Multiple Vulnerabilities
cPanel - Multiple Cross-Site Request Forgery Vulnerabilities
cPanel - Cross-Site Request Forgery Multiple Vulnerabilities
ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities
ANE CMD CRSF - Add Admin
ATutor 1.6.4 - Cross-Site Scripting Multiple Vulnerabilities
ANE CMD CRSF - Arbitrary Add Admin
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities
Apache OFBiz - Cross-Site Scripting Multiple Vulnerabilities
eXtreme Message Board 1.9.11 - Multiple Cross-Site Request Forgery Vulnerabilities
eXtreme Message Board 1.9.11 - Cross-Site Request Forgery Multiple Vulnerabilities
Campsite CMS 3.4.0 - Multiple Cross-Site Request Forgery Vulnerabilities
Campsite CMS 3.4.0 - Cross-Site Request Forgery Multiple Vulnerabilities
Phreebooks 2.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Phreebooks 2.0 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Orbis CMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities
Orbis CMS 1.0.2 - Cross-Site Request Forgery Multiple Vulnerabilities
ZenPhoto CMS 1.3 - Multiple Cross-Site Request Forgery Vulnerabilities
ZenPhoto CMS 1.3 - Cross-Site Request Forgery Multiple Vulnerabilities
Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component JomSocial 1.6.288 - Cross-Site Scripting Multiple Vulnerabilities
Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin)
Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) (1)
Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities
TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities
Frog CMS 0.9.5 - Cross-Site Request Forgery Multiple Vulnerabilities
TomatoCart 1.0.1 - Cross-Site Request Forgery Multiple Vulnerabilities
TomatoCMS 2.0.5 - Cross-Site Request Forgery Multiple Vulnerabilities
TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities
TheHostingTool 1.2.2 - Cross-Site Request Forgery Multiple Vulnerabilities
Grafik CMS 1.1.2 - Multiple Cross-Site Request Forgery Vulnerabilities
Grafik CMS 1.1.2 - Cross-Site Request Forgery Multiple Vulnerabilities
Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities
Diferior CMS 8.03 - Cross-Site Request Forgery Multiple Vulnerabilities
MyIT CRM - Multiple Cross-Site Scripting Vulnerabilities
MyIT CRM - Cross-Site Scripting Multiple Vulnerabilities
Saurus CMS Admin Panel - Multiple Cross-Site Request Forgery Vulnerabilities
Saurus CMS Admin Panel - Cross-Site Request Forgery Multiple Vulnerabilities
Hycus CMS 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
Hycus CMS 1.0.1 - Cross-Site Request Forgery Multiple Vulnerabilities
sNews CMS - Multiple Cross-Site Scripting Vulnerabilities
sNews CMS - Cross-Site Scripting Multiple Vulnerabilities
BlogBird Platform - Multiple Cross-Site Scripting Vulnerabilities
BlogBird Platform - Cross-Site Scripting Multiple Vulnerabilities
Front Accounting 2.3RC2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Front Accounting 2.3RC2 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities
Diferior 8.03 - Cross-Site Scripting Multiple Vulnerabilities
MySmartBB 1.7 - Multiple Cross-Site Scripting Vulnerabilities
MySmartBB 1.7 - Cross-Site Scripting Multiple Vulnerabilities
Radius Manager 3.8.0 - Multiple Cross-Site Scripting Vulnerabilities
Radius Manager 3.8.0 - Cross-Site Scripting Multiple Vulnerabilities
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities
PiXie CMS 1.04 - Cross-Site Request Forgery Multiple Vulnerabilities
Openfire 3.6.4 - Multiple Cross-Site Request Forgery Vulnerabilities
Openfire 3.6.4 - Cross-Site Request Forgery Multiple Vulnerabilities
TaskFreak! 0.6.4 - Multiple Cross-Site Scripting Vulnerabilities
TaskFreak! 0.6.4 - Cross-Site Scripting Multiple Vulnerabilities
SmarterMail 8.0 - Multiple Cross-Site Scripting Vulnerabilities
SmarterMail 8.0 - Cross-Site Scripting Multiple Vulnerabilities
WikiWig 5.01 - Multiple Cross-Site Scripting Vulnerabilities
WikiWig 5.01 - Cross-Site Scripting Multiple Vulnerabilities
Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin)
Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) (2)
DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities
DoceboLms 4.0.4 - Persistent Cross-Site Scripting Multiple Vulnerabilities
docuFORM Mercury WebApp 6.16a/5.20 - Multiple Cross-Site Scripting Vulnerabilities
SocialCMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities
docuFORM Mercury WebApp 6.16a/5.20 - Cross-Site Scripting Multiple Vulnerabilities
SocialCMS 1.0.2 - Cross-Site Request Forgery Multiple Vulnerabilities
ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities
ManageEngine ServiceDesk Plus 8.0 Build 8013 - Cross-Site Scripting Multiple Vulnerabilities
ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
ManageEngine ServiceDesk Plus 8.0 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Family CMS 2.7.2 - Persistent Cross-Site Scripting Multiple Vulnerabilities
FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities
FCMS CMS 2.7.2 - Cross-Site Request Forgery Multiple Vulnerabilities
Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Plume CMS 1.2.4 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Sphinix Mobile Web Server 3.1.2.47 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities
Sphinix Mobile Web Server 3.1.2.47 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Apache Struts - Persistent Cross-Site Scripting Multiple Vulnerabilities
FlexCMS 3.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
FlexCMS 3.2.1 - Cross-Site Request Forgery Multiple Vulnerabilities
Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities
Sitecom WLM-2501 - Cross-Site Request Forgery Multiple Vulnerabilities
vBshop - Multiple Persistent Cross-Site Scripting Vulnerabilities
vBshop - Persistent Cross-Site Scripting Multiple Vulnerabilities
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
XOOPS 2.5.4 - Cross-Site Scripting Multiple Vulnerabilities
Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities
Oracle GlassFish Server 3.1.1 (build 12) - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Zingiri Web Shop 2.4.0 - Cross-Site Scripting Multiple Vulnerabilities
WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress 3.3.1 - Cross-Site Request Forgery Multiple Vulnerabilities
Baby Gekko CMS 1.1.5c - Multiple Persistent Cross-Site Scripting Vulnerabilities
Baby Gekko CMS 1.1.5c - Persistent Cross-Site Scripting Multiple Vulnerabilities
Zoho BugTracker - Multiple Persistent Cross-Site Scripting Vulnerabilities
Zoho BugTracker - Persistent Cross-Site Scripting Multiple Vulnerabilities
T-dah Webmail Client - Multiple Persistent Cross-Site Scripting Vulnerabilities
T-dah Webmail Client - Persistent Cross-Site Scripting Multiple Vulnerabilities
Hivemail Webmail - Multiple Persistent Cross-Site Scripting Vulnerabilities
Hivemail Webmail - Persistent Cross-Site Scripting Multiple Vulnerabilities
Wiki Web Help 0.3.9 - Multiple Persistent Cross-Site Scripting Vulnerabilities
XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Wiki Web Help 0.3.9 - Persistent Cross-Site Scripting Multiple Vulnerabilities
XWiki 4.2-milestone-2 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Geeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
Geeklog 1.3.5 - Cross-Site Scripting Multiple Vulnerabilities
Kerio MailServer 5.0/5.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities
Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities
Kerio MailServer 5.0/5.1 Web Mail - Cross-Site Scripting Multiple Vulnerabilities
Mozilla Bonsai - Cross-Site Scripting Multiple Vulnerabilities
SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting Multiple Vulnerabilities
phpLinkat 0.1 - Multiple Cross-Site Scripting Vulnerabilities
phpLinkat 0.1 - Cross-Site Scripting Multiple Vulnerabilities
PHP-Nuke 5.x/6.0/6.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke 5.x/6.0/6.5 Beta 1 - Cross-Site Scripting Multiple Vulnerabilities
PHP-Nuke 6.0 - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke 6.0 - Cross-Site Scripting Multiple Vulnerabilities
Endpoint Protector 4.0.4.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Endpoint Protector 4.0.4.2 - Persistent Cross-Site Scripting Multiple Vulnerabilities
EZ Publish 2.2.7/3.0 - Multiple Cross-Site Scripting Vulnerabilities
EZ Publish 2.2.7/3.0 - Cross-Site Scripting Multiple Vulnerabilities
WebChat 2.0 - 'users.php?Database 'Username' Disclosure
WebChat 2.0 - 'users.php?Database Username Disclosure
PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities
Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities
PostNuke 0.723 - Cross-Site Scripting Multiple Vulnerabilities
Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Cross-Site Scripting Multiple Vulnerabilities
MegaBook 1.1/2.0/2.1 - Multiple HTML Injection Vulnerabilities
MegaBook 1.1/2.0/2.1 - HTML Injection Multiple Vulnerabilities
m0n0wall 1.33 - Multiple Cross-Site Request Forgery Vulnerabilities
m0n0wall 1.33 - Cross-Site Request Forgery Multiple Vulnerabilities
Enterpriser16 Load Balancer 7.1 - Multiple Cross-Site Scripting Vulnerabilities
Enterpriser16 Load Balancer 7.1 - Cross-Site Scripting Multiple Vulnerabilities
Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities
Invision Power Board 1.3 - Cross-Site Scripting Multiple Vulnerabilities
YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities
YABB SE 1.5.1 - Cross-Site Scripting Multiple Vulnerabilities
PHP-Nuke MS-Analysis Module - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke MS-Analysis Module - Cross-Site Scripting Multiple Vulnerabilities
BlackBoard Learning System 5.x/6.0 - Multiple Cross-Site Scripting Vulnerabilities
BlackBoard Learning System 5.x/6.0 - Cross-Site Scripting Multiple Vulnerabilities
PHPX 3.x - Multiple Cross-Site Scripting Vulnerabilities
PHPX 3.x - Cross-Site Scripting Multiple Vulnerabilities
Adam Webb NukeJokes 1.7/2.0 Module - Multiple Cross-Site Scripting Vulnerabilities
Adam Webb NukeJokes 1.7/2.0 Module - Cross-Site Scripting Multiple Vulnerabilities
Liferay Enterprise Portal 1.x/2.x/5.0.2 - Multiple Cross-Site Scripting Vulnerabilities
Liferay Enterprise Portal 1.x/2.x/5.0.2 - Cross-Site Scripting Multiple Vulnerabilities
Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities
Crafty Syntax Live Help 2.7.3 - HTML Injection Multiple Vulnerabilities
PHP-Nuke 6.x/7.x Reviews Module - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke 6.x/7.x Reviews Module - Cross-Site Scripting Multiple Vulnerabilities
Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x - Cross-Site Scripting Multiple Vulnerabilities
PHP Code Snippet Library 0.8 - Multiple Cross-Site Scripting Vulnerabilities
Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities
PHP Code Snippet Library 0.8 - Cross-Site Scripting Multiple Vulnerabilities
Nagl XOOPS Dictionary Module 1.0 - Cross-Site Scripting Multiple Vulnerabilities
glFusion 1.2.2 - Multiple Cross-Site Scripting Vulnerabilities
glFusion 1.2.2 - Cross-Site Scripting Multiple Vulnerabilities
MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities
MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities
MTP Guestbook 1.0 - Cross-Site Scripting Multiple Vulnerabilities
MTP Poll 1.0 - Cross-Site Scripting Multiple Vulnerabilities
DCP-Portal 3.7/4.x/5.x - Multiple HTML Injection Vulnerabilities
DCP-Portal 3.7/4.x/5.x - HTML Injection Multiple Vulnerabilities
FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities
FuseTalk Forum 4.0 - Cross-Site Scripting Multiple Vulnerabilities
Mark Zuckerberg Thefacebook - Multiple Cross-Site Scripting Vulnerabilities
Mark Zuckerberg Thefacebook - Cross-Site Scripting Multiple Vulnerabilities
ViewGit 0.0.6 - Multiple Cross-Site Scripting Vulnerabilities
ViewGit 0.0.6 - Cross-Site Scripting Multiple Vulnerabilities
Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities
Vanilla Forums Van2Shout Plugin 1.0.51 - Cross-Site Request Forgery Multiple Vulnerabilities
WorkBoard 1.2 - Multiple Cross-Site Scripting Vulnerabilities
ProjectBB 0.4.5.1 - Multiple Cross-Site Scripting Vulnerabilities
WorkBoard 1.2 - Cross-Site Scripting Multiple Vulnerabilities
ProjectBB 0.4.5.1 - Cross-Site Scripting Multiple Vulnerabilities
Exponent CMS 0.95 - Multiple Cross-Site Scripting Vulnerabilities
Exponent CMS 0.95 - Cross-Site Scripting Multiple Vulnerabilities
PHP-Nuke 6.x/7.x - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke 6.x/7.x - Cross-Site Scripting Multiple Vulnerabilities
ZeroBoard 4.1 - Multiple Cross-Site Scripting Vulnerabilities
ZeroBoard 4.1 - Cross-Site Scripting Multiple Vulnerabilities
OOApp Guestbook - Multiple HTML Injection Vulnerabilities
OOApp Guestbook - HTML Injection Multiple Vulnerabilities
CubeCart 2.0.x - Multiple Cross-Site Scripting Vulnerabilities
CubeCart 2.0.x - Cross-Site Scripting Multiple Vulnerabilities
PHP Arena PAFileDB 3.1 - Multiple Cross-Site Scripting Vulnerabilities
PHP Arena PAFileDB 3.1 - Cross-Site Scripting Multiple Vulnerabilities
PunBB 1.2.3 - Multiple HTML Injection Vulnerabilities
PunBB 1.2.3 - HTML Injection Multiple Vulnerabilities
PHPOpenChat 3.0.1 - Multiple HTML Injection Vulnerabilities
PHPOpenChat 3.0.1 - HTML Injection Multiple Vulnerabilities
Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities
Oracle Reports Server 10g - Cross-Site Scripting Multiple Vulnerabilities
Nuke BookMarks 0.6 - Multiple Cross-Site Scripting Vulnerabilities
Nuke BookMarks 0.6 - Cross-Site Scripting Multiple Vulnerabilities
Tkai's Shoutbox - 'Query' URI redirection
Tkai's Shoutbox - 'Query' Open Redirection
CPG Dragonfly 9.0.2.0 - Multiple Cross-Site Scripting Vulnerabilities
CPG Dragonfly 9.0.2.0 - Cross-Site Scripting Multiple Vulnerabilities
Alstrasoft EPay Pro 2.0 - Multiple Cross-Site Scripting Vulnerabilities
Alstrasoft EPay Pro 2.0 - Cross-Site Scripting Multiple Vulnerabilities
PHP-Nuke 7.6 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke 7.6 Web_Links Module - Cross-Site Scripting Multiple Vulnerabilities
Ultimate PHP Board 1.8/1.9 - Multiple Cross-Site Scripting Vulnerabilities
Ultimate PHP Board 1.8/1.9 - Cross-Site Scripting Multiple Vulnerabilities
PWSPHP 1.2 - Multiple Cross-Site Scripting Vulnerabilities
PWSPHP 1.2 - Cross-Site Scripting Multiple Vulnerabilities
Skull-Splitter Guestbook 1.0/2.0/2.2 - Multiple HTML Injection Vulnerabilities
Skull-Splitter Guestbook 1.0/2.0/2.2 - HTML Injection Multiple Vulnerabilities
Spread The Word - Multiple Cross-Site Scripting Vulnerabilities
Spread The Word - Cross-Site Scripting Multiple Vulnerabilities
Kasseler CMS 1.3.4 Lite - Multiple Cross-Site Scripting Vulnerabilities
Kasseler CMS 1.3.4 Lite - Cross-Site Scripting Multiple Vulnerabilities
Cerberus Helpdesk 0.97.3/2.6.1 - Multiple Cross-Site Scripting Vulnerabilities
Cerberus Helpdesk 0.97.3/2.6.1 - Cross-Site Scripting Multiple Vulnerabilities
Comersus Open Technologies Comersus Cart 6.0.41 - Multiple Cross-Site Scripting Vulnerabilities
Comersus Open Technologies Comersus Cart 6.0.41 - Cross-Site Scripting Multiple Vulnerabilities
PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities
PHPMyFAQ 1.5.1 - Cross-Site Scripting Multiple Vulnerabilities
@Mail 4.0/4.13 - Multiple Cross-Site Scripting Vulnerabilities
Easypx41 - Multiple Cross-Site Scripting Vulnerabilities
@Mail 4.0/4.13 - Cross-Site Scripting Multiple Vulnerabilities
Easypx41 - Cross-Site Scripting Multiple Vulnerabilities
PHPFreeNews 1.x - Multiple Cross-Site Scripting Vulnerabilities
PHPFreeNews 1.x - Cross-Site Scripting Multiple Vulnerabilities
SaveWebPortal 3.4 - Multiple Cross-Site Scripting Vulnerabilities
SaveWebPortal 3.4 - Cross-Site Scripting Multiple Vulnerabilities
MAXdev MD-Pro 1.0.73 - Multiple Cross-Site Scripting Vulnerabilities
MAXdev MD-Pro 1.0.73 - Cross-Site Scripting Multiple Vulnerabilities
phpCommunityCalendar 4.0 - Multiple Cross-Site Scripting Vulnerabilities
phpCommunityCalendar 4.0 - Cross-Site Scripting Multiple Vulnerabilities
PHP Advanced Transfer Manager 1.30 - Multiple Cross-Site Scripting Vulnerabilities
PHP Advanced Transfer Manager 1.30 - Cross-Site Scripting Multiple Vulnerabilities
TellMe 1.2 - Multiple Cross-Site Scripting Vulnerabilities
TellMe 1.2 - Cross-Site Scripting Multiple Vulnerabilities
Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities
Comersus Backoffice Plus - Cross-Site Scripting Multiple Vulnerabilities
Flyspray 0.9 - Multiple Cross-Site Scripting Vulnerabilities
Flyspray 0.9 - Cross-Site Scripting Multiple Vulnerabilities
PBLang 4.65 - Multiple Cross-Site Scripting Vulnerabilities
PBLang 4.65 - Cross-Site Scripting Multiple Vulnerabilities
SAP Web Application Server 6.x/7.0 - URI redirection
SAP Web Application Server 6.x/7.0 - Open Redirection
PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities
PHPWCMS 1.2.5 -DEV - Cross-Site Scripting Multiple Vulnerabilities
PBLang Bulletin Board System 4.65 - Multiple HTML Injection Vulnerabilities
PBLang Bulletin Board System 4.65 - HTML Injection Multiple Vulnerabilities
FreeWebStat 1.0 - Multiple Cross-Site Scripting Vulnerabilities
FreeWebStat 1.0 - Cross-Site Scripting Multiple Vulnerabilities
NetAuctionHelp 3.0 - Multiple Cross-Site Scripting Vulnerabilities
NetAuctionHelp 3.0 - Cross-Site Scripting Multiple Vulnerabilities
CourseForum Technologies ProjectForum 4.7 - Multiple Cross-Site Scripting Vulnerabilities
CourseForum Technologies ProjectForum 4.7 - Cross-Site Scripting Multiple Vulnerabilities
AltantForum 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities
AltantForum 4.0.2 - Cross-Site Scripting Multiple Vulnerabilities
Soft4e ECW-Cart 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities
Soft4e ECW-Cart 2.0.3 - Cross-Site Scripting Multiple Vulnerabilities
Dick Copits PDEstore 1.8 - Multiple Cross-Site Scripting Vulnerabilities
Dick Copits PDEstore 1.8 - Cross-Site Scripting Multiple Vulnerabilities
Advanced Guestbook 2.x - Multiple Cross-Site Scripting Vulnerabilities
Advanced Guestbook 2.x - Cross-Site Scripting Multiple Vulnerabilities
Caravel CMS 3.0 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities
Caravel CMS 3.0 Beta 1 - Cross-Site Scripting Multiple Vulnerabilities
Liferay Portal Enterprise 3.6.1 - Multiple Cross-Site Scripting Vulnerabilities
Liferay Portal Enterprise 3.6.1 - Cross-Site Scripting Multiple Vulnerabilities
Beehive Forum 0.6.2 - Multiple HTML Injection Vulnerabilities
Beehive Forum 0.6.2 - HTML Injection Multiple Vulnerabilities
ComputerOil Redakto CMS 3.2 - Multiple Cross-Site Scripting Vulnerabilities
ComputerOil Redakto CMS 3.2 - Cross-Site Scripting Multiple Vulnerabilities
Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities
Dell PacketTrap PSA 7.1 - Multiple Cross-Site Scripting Vulnerabilities
Dell PacketTrap MSP RMM 6.6.x - Cross-Site Scripting Multiple Vulnerabilities
Dell PacketTrap PSA 7.1 - Cross-Site Scripting Multiple Vulnerabilities
FatWire UpdateEngine 6.2 - Multiple Cross-Site Scripting Vulnerabilities
FatWire UpdateEngine 6.2 - Cross-Site Scripting Multiple Vulnerabilities
Kayako SupportSuite 3.0 0.26 - Multiple Cross-Site Scripting Vulnerabilities
Kayako SupportSuite 3.0 0.26 - Cross-Site Scripting Multiple Vulnerabilities
Faq-O-Matic 2.711 - Multiple Cross-Site Scripting Vulnerabilities
Faq-O-Matic 2.711 - Cross-Site Scripting Multiple Vulnerabilities
GTP iCommerce - Multiple Cross-Site Scripting Vulnerabilities
GTP iCommerce - Cross-Site Scripting Multiple Vulnerabilities
CheesyBlog 1.0 - Multiple HTML Injection Vulnerabilities
CheesyBlog 1.0 - HTML Injection Multiple Vulnerabilities
MyBB 1.0.2 - Multiple Cross-Site Scripting Vulnerabilities
MyBB 1.0.2 - Cross-Site Scripting Multiple Vulnerabilities
SoftMaker Shop - Multiple Cross-Site Scripting Vulnerabilities
CyberShop Ultimate E-Commerce - Multiple Cross-Site Scripting Vulnerabilities
cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities
SoftMaker Shop - Cross-Site Scripting Multiple Vulnerabilities
CyberShop Ultimate E-Commerce - Cross-Site Scripting Multiple Vulnerabilities
cPanel 10.8.1 - Cross-Site Scripting Multiple Vulnerabilities
Papoo 2.1.x - Multiple Cross-Site Scripting Vulnerabilities
Papoo 2.1.x - Cross-Site Scripting Multiple Vulnerabilities
Clever Copy 2.0/3.0 - Multiple HTML Injection Vulnerabilities
Clever Copy 2.0/3.0 - HTML Injection Multiple Vulnerabilities
V-Webmail 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities
V-Webmail 1.6.2 - Cross-Site Scripting Multiple Vulnerabilities
Dragonfly CMS 9.0.6 1 Your_Account Module - Multiple Cross-Site Scripting Vulnerabilities
Dragonfly CMS 9.0.6 1 News Module - Multiple Cross-Site Scripting Vulnerabilities
Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities
Dragonfly CMS 9.0.6.1 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities
Dragonfly CMS 9.0.6.1 Surveys Module - Multiple Cross-Site Scripting Vulnerabilities
Dragonfly CMS 9.0.6 1 Your_Account Module - Cross-Site Scripting Multiple Vulnerabilities
Dragonfly CMS 9.0.6 1 News Module - Cross-Site Scripting Multiple Vulnerabilities
Dragonfly CMS 9.0.6.1 Stories_Archive Module - Cross-Site Scripting Multiple Vulnerabilities
Dragonfly CMS 9.0.6.1 Web_Links Module - Cross-Site Scripting Multiple Vulnerabilities
Dragonfly CMS 9.0.6.1 Surveys Module - Cross-Site Scripting Multiple Vulnerabilities
TextFileBB 1.0 - Multiple Cross-Site Scripting Vulnerabilities
TextFileBB 1.0 - Cross-Site Scripting Multiple Vulnerabilities
txtForum 1.0.3/1.0.4 - Multiple Cross-Site Scripting Vulnerabilities
txtForum 1.0.3/1.0.4 - Cross-Site Scripting Multiple Vulnerabilities
FusionZONE CouponZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities
FusionZONE CouponZONE 4.2 - Cross-Site Scripting Multiple Vulnerabilities
ActiveCampaign SupportTrio 2.50.2 - Multiple Cross-Site Scripting Vulnerabilities
RealestateZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities
ActiveCampaign SupportTrio 2.50.2 - Cross-Site Scripting Multiple Vulnerabilities
RealestateZONE 4.2 - Cross-Site Scripting Multiple Vulnerabilities
AL-Caricatier 2.5 - Multiple Cross-Site Scripting Vulnerabilities
AL-Caricatier 2.5 - Cross-Site Scripting Multiple Vulnerabilities
Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities
Bitweaver CMS 1.3 - Cross-Site Scripting Multiple Vulnerabilities
Tritanium Bulletin Board 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities
Tritanium Bulletin Board 1.2.3 - Cross-Site Scripting Multiple Vulnerabilities
Interaktiv.shop 4/5 - Multiple Cross-Site Scripting Vulnerabilities
Interaktiv.shop 4/5 - Cross-Site Scripting Multiple Vulnerabilities
Manila 9.0.1 - Multiple Cross-Site Scripting Vulnerabilities
Manila 9.0.1 - Cross-Site Scripting Multiple Vulnerabilities
BannerFarm 2.3 - Multiple Cross-Site Scripting Vulnerabilities
BannerFarm 2.3 - Cross-Site Scripting Multiple Vulnerabilities
Portal Pack 6.0 - Multiple Cross-Site Scripting Vulnerabilities
Portal Pack 6.0 - Cross-Site Scripting Multiple Vulnerabilities
NextAge Shopping Cart - Multiple HTML Injection Vulnerabilities
PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities
NextAge Shopping Cart - HTML Injection Multiple Vulnerabilities
PHPWebFTP 2.3 - Cross-Site Scripting Multiple Vulnerabilities
CuteNews 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities
Farsinews 2.5.3 - Multiple Cross-Site Scripting Vulnerabilities
CuteNews 1.4.1 - Cross-Site Scripting Multiple Vulnerabilities
Farsinews 2.5.3 - Cross-Site Scripting Multiple Vulnerabilities
SunShop Shopping Cart 3.5 - Multiple Cross-Site Scripting Vulnerabilities
SunShop Shopping Cart 3.5 - Cross-Site Scripting Multiple Vulnerabilities
MyNews 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities
MyNews 1.6.2 - Cross-Site Scripting Multiple Vulnerabilities
AR-Blog 5.2 - Multiple Cross-Site Scripting Vulnerabilities
vCard 2.9 - Multiple Cross-Site Scripting Vulnerabilities
AR-Blog 5.2 - Cross-Site Scripting Multiple Vulnerabilities
vCard 2.9 - Cross-Site Scripting Multiple Vulnerabilities
Portix-PHP 2-0.3.2 Portal - Multiple Cross-Site Scripting Vulnerabilities
Portix-PHP 2-0.3.2 Portal - Cross-Site Scripting Multiple Vulnerabilities
DELTAScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities
DELTAScripts PHP Pro Publish 2.0 - Cross-Site Scripting Multiple Vulnerabilities
vBulletin 2.x/3.x - Multiple Cross-Site Scripting Vulnerabilities
Datecomm 1.1 - Multiple Cross-Site Scripting Vulnerabilities
vBulletin 2.x/3.x - Cross-Site Scripting Multiple Vulnerabilities
Datecomm 1.1 - Cross-Site Scripting Multiple Vulnerabilities
H-Sphere 2.5.1 - Multiple Cross-Site Scripting Vulnerabilities
H-Sphere 2.5.1 - Cross-Site Scripting Multiple Vulnerabilities
QTO File Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities
QTO File Manager 1.0 - Cross-Site Scripting Multiple Vulnerabilities
PostNuke 0.6x/0.7x - Multiple Cross-Site Scripting Vulnerabilities
PostNuke 0.6x/0.7x - Cross-Site Scripting Multiple Vulnerabilities
D-Link DSL-2740B - Multiple Cross-Site Request Forgery Vulnerabilities
D-Link DSL-2740B - Cross-Site Request Forgery Multiple Vulnerabilities
BlackBoard Products 6 - Multiple HTML Injection Vulnerabilities
BlackBoard Products 6 - HTML Injection Multiple Vulnerabilities
BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities
BlaBla 4U - Cross-Site Scripting Multiple Vulnerabilities
MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities
MyBB 1.1.7 - HTML Injection Multiple Vulnerabilities
Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities
Open-Xchange Guard 2.4.2 - Cross-Site Scripting Multiple Vulnerabilities
IDevSpot BizDirectory 1.9 - Multiple Cross-Site Scripting Vulnerabilities
IDevSpot BizDirectory 1.9 - Cross-Site Scripting Multiple Vulnerabilities
EXPBlog 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities
EXPBlog 0.3.5 - Cross-Site Scripting Multiple Vulnerabilities
Yetihost Helm 3.2.10 - Multiple Cross-Site Scripting Vulnerabilities
Yetihost Helm 3.2.10 - Cross-Site Scripting Multiple Vulnerabilities
Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities
Sphpblog 0.8 - Cross-Site Scripting Multiple Vulnerabilities
cPanel 11 Beta - Multiple Cross-Site Scripting Vulnerabilities
cPanel 11 Beta - Cross-Site Scripting Multiple Vulnerabilities
cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities
cPanel Web Hosting Manager 3.1 - Cross-Site Scripting Multiple Vulnerabilities
Omniture SiteCatalyst - Multiple Cross-Site Scripting Vulnerabilities
Omniture SiteCatalyst - Cross-Site Scripting Multiple Vulnerabilities
Mobilelib Gold - Multiple Cross-Site Scripting Vulnerabilities
Mobilelib Gold - Cross-Site Scripting Multiple Vulnerabilities
212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities
Bitweaver 1.3.1 Articles and Blogs - Multiple Cross-Site Scripting Vulnerabilities
212Cafe Board - Cross-Site Scripting Multiple Vulnerabilities
Bitweaver 1.3.1 Articles and Blogs - Cross-Site Scripting Multiple Vulnerabilities
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress 2.1.1 - Cross-Site Scripting Multiple Vulnerabilities
Woltlab Burning Board 2.3.6 - Multiple HTML Injection Vulnerabilities
Woltlab Burning Board 2.3.6 - HTML Injection Multiple Vulnerabilities
WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities
WMSCMS 2.0 - Cross-Site Scripting Multiple Vulnerabilities
TP-Link WR740N/WR740ND - Multiple Cross-Site Request Forgery Vulnerabilities
TP-Link WR740N/WR740ND - Cross-Site Request Forgery Multiple Vulnerabilities
phpMyAdmin 2.9.1 - Multiple Cross-Site Scripting Vulnerabilities
phpMyAdmin 2.9.1 - Cross-Site Scripting Multiple Vulnerabilities
Scientific-Atlanta_ Inc. DPR2320R2 - Multiple Cross-Site Request Forgery Vulnerabilities
Scientific-Atlanta_ Inc. DPR2320R2 - Cross-Site Request Forgery Multiple Vulnerabilities
Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities
Digirez 3.4 - Cross-Site Scripting Multiple Vulnerabilities
eFront 3.6.14 (build 18012) - Multiple Persistent Cross-Site Scripting Vulnerabilities
eFront 3.6.14 (build 18012) - Persistent Cross-Site Scripting Multiple Vulnerabilities
Calendarix 0.7.20070307 - Multiple Cross-Site Scripting Vulnerabilities
Calendarix 0.7.20070307 - Cross-Site Scripting Multiple Vulnerabilities
Oliver - Multiple Cross-Site Scripting Vulnerabilities
Oliver - Cross-Site Scripting Multiple Vulnerabilities
ASP cvmatik 1.1 - Multiple HTML Injection Vulnerabilities
ASP cvmatik 1.1 - HTML Injection Multiple Vulnerabilities
Beetel TC1-450 Airtel Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities
Beetel TC1-450 Airtel Wireless Router - Cross-Site Request Forgery Multiple Vulnerabilities
Vigile CMS 1.8 Wiki Module - Multiple Cross-Site Scripting Vulnerabilities
Vigile CMS 1.8 Wiki Module - Cross-Site Scripting Multiple Vulnerabilities
Stuffed Guys Stuffed Tracker - Multiple Cross-Site Scripting Vulnerabilities
Stuffed Guys Stuffed Tracker - Cross-Site Scripting Multiple Vulnerabilities
Technicolor TC7200 - Multiple Cross-Site Request Forgery Vulnerabilities
Technicolor TC7200 - Multiple Cross-Site Scripting Vulnerabilities
Technicolor TC7200 - Cross-Site Request Forgery Multiple Vulnerabilities
Technicolor TC7200 - Cross-Site Scripting Multiple Vulnerabilities
pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities
pMachine Pro 2.4.1 - Cross-Site Scripting Multiple Vulnerabilities
Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities
SocketKB 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities
Alcatel Lucent Omnivista 4760 - Cross-Site Scripting Multiple Vulnerabilities
SocketKB 1.1.5 - Cross-Site Scripting Multiple Vulnerabilities
Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Seagate BlackArmor NAS sg2000-2000.1331 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Flyspray 0.9.9 - Multiple Cross-Site Scripting Vulnerabilities
Flyspray 0.9.9 - Cross-Site Scripting Multiple Vulnerabilities
AwesomeTemplateEngine 1 - Multiple Cross-Site Scripting Vulnerabilities
AwesomeTemplateEngine 1 - Cross-Site Scripting Multiple Vulnerabilities
Snitz Forums 2000 3.4.5/3.4.6 - Multiple Cross-Site Scripting Vulnerabilities
Snitz Forums 2000 3.4.5/3.4.6 - Cross-Site Scripting Multiple Vulnerabilities
Joomla! Component SMF Forum 1.1.4 - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component SMF Forum 1.1.4 - Cross-Site Scripting Multiple Vulnerabilities
DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities
DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Cross-Site Scripting Multiple Vulnerabilities
e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities
e107 CMS 0.7 - Cross-Site Scripting Multiple Vulnerabilities
Jeebles Directory 2.9.60 - Multiple Cross-Site Scripting Vulnerabilities
Jeebles Directory 2.9.60 - Cross-Site Scripting Multiple Vulnerabilities
IBM Rational ClearQuest 7.0 - Multiple Cross-Site Scripting Vulnerabilities
IBM Rational ClearQuest 7.0 - Cross-Site Scripting Multiple Vulnerabilities
DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities
DivXDB 2002 0.94b - Cross-Site Scripting Multiple Vulnerabilities
QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities
QT-cute QuickTalk Guestbook 1.6 - Cross-Site Scripting Multiple Vulnerabilities
osCommerce 2.1/2.2 - Multiple Cross-Site Scripting Vulnerabilities
osCommerce 2.1/2.2 - Cross-Site Scripting Multiple Vulnerabilities
Tux CMS 0.1 - Multiple Cross-Site Scripting Vulnerabilities
Tux CMS 0.1 - Cross-Site Scripting Multiple Vulnerabilities
Horde Turba 3.1.7 - Multiple Cross-Site Scripting Vulnerabilities
Horde Turba 3.1.7 - Cross-Site Scripting Multiple Vulnerabilities
SchoolCenter 7.5 - Multiple Cross-Site Scripting Vulnerabilities
SchoolCenter 7.5 - Cross-Site Scripting Multiple Vulnerabilities
Hot Links SQL-PHP - Multiple Cross-Site Scripting Vulnerabilities
Hot Links SQL-PHP - Cross-Site Scripting Multiple Vulnerabilities
SimpleNotes - Multiple Cross-Site Scripting Vulnerabilities
SimpleNotes - Cross-Site Scripting Multiple Vulnerabilities
PEGames - Multiple Cross-Site Scripting Vulnerabilities
PEGames - Cross-Site Scripting Multiple Vulnerabilities
Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities
Pluck CMS 4.5.2 - Cross-Site Scripting Multiple Vulnerabilities
Quate CMS 0.3.4 - Multiple Cross-Site Scripting Vulnerabilities
Quate CMS 0.3.4 - Cross-Site Scripting Multiple Vulnerabilities
Ubee EVW3200 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Ubee EVW3200 - Persistent Cross-Site Scripting Multiple Vulnerabilities
TimeTrex Time 2.2 and Attendance Module - Multiple Cross-Site Scripting Vulnerabilities
Accellion File Transfer - Multiple Cross-Site Scripting Vulnerabilities
TimeTrex Time 2.2 and Attendance Module - Cross-Site Scripting Multiple Vulnerabilities
Accellion File Transfer - Cross-Site Scripting Multiple Vulnerabilities
vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.0.4 - Cross-Site Scripting Multiple Vulnerabilities
@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities
@Mail 5.42 and @Mail WebMail 5.0.5 - Cross-Site Scripting Multiple Vulnerabilities
Silentum LoginSys 1.0 - Multiple Cross-Site Scripting Vulnerabilities
Silentum LoginSys 1.0 - Cross-Site Scripting Multiple Vulnerabilities
Gallery 2.0 - Multiple Cross-Site Scripting Vulnerabilities
Gallery 2.0 - Cross-Site Scripting Multiple Vulnerabilities
Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities
Paranews 3.4 - Cross-Site Scripting Multiple Vulnerabilities
Flatpress 0.804 - Multiple Cross-Site Scripting Vulnerabilities
Flatpress 0.804 - Cross-Site Scripting Multiple Vulnerabilities
Membership Script - Multiple Cross-Site Scripting Vulnerabilities
Membership Script - Cross-Site Scripting Multiple Vulnerabilities
Celoxis - Multiple Cross-Site Scripting Vulnerabilities
Celoxis - Cross-Site Scripting Multiple Vulnerabilities
WikyBlog 1.7.1 - Multiple Cross-Site Scripting Vulnerabilities
WikyBlog 1.7.1 - Cross-Site Scripting Multiple Vulnerabilities
UC Gateway Investment SiteEngine 5.0 - 'api.php' URI redirection
UC Gateway Investment SiteEngine 5.0 - 'api.php' Open Redirection
KKE Info Media Kmita Gallery - Multiple Cross-Site Scripting Vulnerabilities
KKE Info Media Kmita Gallery - Cross-Site Scripting Multiple Vulnerabilities
Venalsur Booking Centre 2.01 - Multiple Cross-Site Scripting Vulnerabilities
Venalsur Booking Centre 2.01 - Cross-Site Scripting Multiple Vulnerabilities
CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities
CMS Made Simple 1.11.10 - Cross-Site Scripting Multiple Vulnerabilities
Autonomy Ultraseek - 'cs.html' URI redirection
Autonomy Ultraseek - 'cs.html' Open Redirection
E-PHP B2B Trading Marketplace Script - Multiple Cross-Site Scripting Vulnerabilities
E-PHP B2B Trading Marketplace Script - Cross-Site Scripting Multiple Vulnerabilities
Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 - Multiple Cross-Site Scripting Vulnerabilities
Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 - Cross-Site Scripting Multiple Vulnerabilities
Verlihub Control Panel 1.7 - Multiple Cross-Site Scripting Vulnerabilities
Verlihub Control Panel 1.7 - Cross-Site Scripting Multiple Vulnerabilities
Achievo 1.3.4 - Multiple Cross-Site Scripting Vulnerabilities
Achievo 1.3.4 - Cross-Site Scripting Multiple Vulnerabilities
Webmedia Explorer 5.0.9/5.10 - Multiple Cross-Site Scripting Vulnerabilities
Webmedia Explorer 5.0.9/5.10 - Cross-Site Scripting Multiple Vulnerabilities
XZeroScripts XZero Community Classifieds 4.97.8 - Multiple Cross-Site Scripting Vulnerabilities
XZeroScripts XZero Community Classifieds 4.97.8 - Cross-Site Scripting Multiple Vulnerabilities
Joomla! Component com_user - 'view' URI Redirection
Joomla! Component com_user - 'view' Open Redirection
Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities
Miniweb 2.0 Site Builder Module - Cross-Site Scripting Multiple Vulnerabilities
Censura < 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
Censura < 2.1.1 - Cross-Site Scripting Multiple Vulnerabilities
McAfee Network Security Manager 5.1.7 - Multiple Cross-Site Scripting Vulnerabilities
McAfee Network Security Manager 5.1.7 - Cross-Site Scripting Multiple Vulnerabilities
OpenFiler 2.99.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
OpenFiler 2.99.1 - Persistent Cross-Site Scripting Multiple Vulnerabilities
AfterLogic WebMail Pro 4.7.10 - Multiple Cross-Site Scripting Vulnerabilities
AfterLogic WebMail Pro 4.7.10 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Subscribe to Comments 2.0 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Subscribe to Comments 2.0 - Cross-Site Scripting Multiple Vulnerabilities
phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
phpMyFAQ < 2.5.4 - Cross-Site Scripting Multiple Vulnerabilities
Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities
Binatone DT 850W Wireless Router - Cross-Site Request Forgery Multiple Vulnerabilities
Discuz! 2.0 - Multiple Cross-Site Scripting Vulnerabilities
Discuz! 2.0 - Cross-Site Scripting Multiple Vulnerabilities
@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities
@lex Guestbook 5.0 - Cross-Site Scripting Multiple Vulnerabilities
Mayan-EDms web-based document management OS system - Multiple Persistent Cross-Site Scripting Vulnerabilities
Mayan-EDms web-based document management OS system - Persistent Cross-Site Scripting Multiple Vulnerabilities
Joomla! Component EasyBook 2.0.0rc4 - Multiple HTML Injection Vulnerabilities
Joomla! Component EasyBook 2.0.0rc4 - HTML Injection Multiple Vulnerabilities
KnowGate hipergate 4.0.12 - Multiple Cross-Site Scripting Vulnerabilities
KnowGate hipergate 4.0.12 - Cross-Site Scripting Multiple Vulnerabilities
vBulletin 3.5.4 - Multiple Cross-Site Scripting Vulnerabilities
vBulletin 3.5.4 - Cross-Site Scripting Multiple Vulnerabilities
Portrait Software Portrait Campaign Manager 4.6.1.22 - Multiple Cross-Site Scripting Vulnerabilities
Portrait Software Portrait Campaign Manager 4.6.1.22 - Cross-Site Scripting Multiple Vulnerabilities
vBulletin 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities
vBulletin 4.0.2 - Cross-Site Scripting Multiple Vulnerabilities
Sparta Systems TrackWise EQms - Multiple Cross-Site Scripting Vulnerabilities
Sparta Systems TrackWise EQms - Cross-Site Scripting Multiple Vulnerabilities
PHPWind 6.0 - Multiple Cross-Site Scripting Vulnerabilities
PHPWind 6.0 - Cross-Site Scripting Multiple Vulnerabilities
SpringSource (Multiple Products) - Multiple HTML Injection Vulnerabilities
SpringSource (Multiple Products) - HTML Injection Multiple Vulnerabilities
Chipmunk NewsLetter 2.0 - Multiple Cross-Site Scripting Vulnerabilities
Chipmunk NewsLetter 2.0 - Cross-Site Scripting Multiple Vulnerabilities
Datetopia Match Agency BiZ - Multiple Cross-Site Scripting Vulnerabilities
Datetopia Match Agency BiZ - Cross-Site Scripting Multiple Vulnerabilities
Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities
Bilboplanet 2.0 - Cross-Site Scripting Multiple Vulnerabilities
Hitmaaan Gallery 1.3 - Multiple Cross-Site Scripting Vulnerabilities
Hitmaaan Gallery 1.3 - Cross-Site Scripting Multiple Vulnerabilities
Ez Poll Hoster - Multiple Cross-Site Scripting Vulnerabilities
Ez Poll Hoster - Cross-Site Scripting Multiple Vulnerabilities
LiveZilla 3.1.8.3 - Multiple Cross-Site Scripting Vulnerabilities
LiveZilla 3.1.8.3 - Cross-Site Scripting Multiple Vulnerabilities
Worxware DCP-Portal 7.0 - Multiple Cross-Site Scripting Vulnerabilities
Worxware DCP-Portal 7.0 - Cross-Site Scripting Multiple Vulnerabilities
phpFaber CMS 2.0.5 - Multiple Cross-Site Scripting Vulnerabilities
phpFaber CMS 2.0.5 - Cross-Site Scripting Multiple Vulnerabilities
SimpNews 2.47.3 - Multiple Cross-Site Scripting Vulnerabilities
SimpNews 2.47.3 - Cross-Site Scripting Multiple Vulnerabilities
eliteCMS 1.01 - Multiple Cross-Site Scripting Vulnerabilities
eliteCMS 1.01 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Firestats 1.6.5 - Cross-Site Scripting Multiple Vulnerabilities
Diem 5.1.2 - Multiple Cross-Site Scripting Vulnerabilities
Diem 5.1.2 - Cross-Site Scripting Multiple Vulnerabilities
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities
Claus Muus Spitfire 1.0.336 - Cross-Site Scripting Multiple Vulnerabilities
SyndeoCMS 2.9 - Multiple HTML Injection Vulnerabilities
SyndeoCMS 2.9 - HTML Injection Multiple Vulnerabilities
Sourcefabric Campsite - Multiple Cross-Site Scripting Vulnerabilities
Sourcefabric Campsite - Cross-Site Scripting Multiple Vulnerabilities
FuseTalk 3.2/4.0 - Multiple Cross-Site Scripting Vulnerabilities
FuseTalk 3.2/4.0 - Cross-Site Scripting Multiple Vulnerabilities
PHP Stock Management System 1.02 - Multiple Persistent Cross-Site Scripting Vulnerabilities
PHP Stock Management System 1.02 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Hulihan Applications Amethyst 0.1.5 - Multiple HTML Injection Vulnerabilities
Muraus Open Blog - Multiple HTML Injection Vulnerabilities
Hulihan Applications Amethyst 0.1.5 - HTML Injection Multiple Vulnerabilities
Muraus Open Blog - HTML Injection Multiple Vulnerabilities
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Cross-Site Scripting Multiple Vulnerabilities
Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities
Preation Eden Platform 27.7.2010 - HTML Injection Multiple Vulnerabilities
Mystic 0.1.4 - Multiple Cross-Site Scripting Vulnerabilities
Onyx - Multiple Cross-Site Scripting Vulnerabilities
Mystic 0.1.4 - Cross-Site Scripting Multiple Vulnerabilities
Onyx - Cross-Site Scripting Multiple Vulnerabilities
Online Work Order Suite Lite Edition - Multiple Cross-Site Scripting Vulnerabilities
Online Work Order Suite Lite Edition - Cross-Site Scripting Multiple Vulnerabilities
Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities
Valarsoft WebMatic 3.0.5 - HTML Injection Multiple Vulnerabilities
Amiro.CMS 5.8.4.0 - Multiple HTML Injection Vulnerabilities
Amiro.CMS 5.8.4.0 - HTML Injection Multiple Vulnerabilities
StatsCode - Multiple Cross-Site Scripting Vulnerabilities
StatsCode - Cross-Site Scripting Multiple Vulnerabilities
e-Soft24 Jokes Portal Script Seo 1.0 - Multiple Cross-Site Scripting Vulnerabilities
e-Soft24 Jokes Portal Script Seo 1.0 - Cross-Site Scripting Multiple Vulnerabilities
Open Classifieds - Multiple Cross-Site Scripting Vulnerabilities
Open Classifieds - Cross-Site Scripting Multiple Vulnerabilities
OpenText LiveLink 9.7.1 - Multiple Cross-Site Scripting Vulnerabilities
OpenText LiveLink 9.7.1 - Cross-Site Scripting Multiple Vulnerabilities
Micro CMS 1.0 - 'name' HTML Injection
Micro CMS 1.0 - 'name' HTML Injection (1)
eCardMAX - Multiple Cross-Site Scripting Vulnerabilities
eCardMAX - Cross-Site Scripting Multiple Vulnerabilities
Ronny CMS 1.1 r935 - Multiple HTML Injection Vulnerabilities
Ronny CMS 1.1 r935 - HTML Injection Multiple Vulnerabilities
eXV2 CMS - Multiple Cross-Site Scripting Vulnerabilities
eXV2 CMS - Cross-Site Scripting Multiple Vulnerabilities
Wiccle Web Builder 2.0 - Multiple Cross-Site Scripting Vulnerabilities
Micro CMS 1.0 - 'name' HTML Injection
Wiccle Web Builder 2.0 - Cross-Site Scripting Multiple Vulnerabilities
Micro CMS 1.0 - 'name' HTML Injection (2)
Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities
Flatnux 2009-03-27 - Cross-Site Scripting Multiple Vulnerabilities
Elastix 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities
Elastix 2.0.2 - Cross-Site Scripting Multiple Vulnerabilities
Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Croogo 2.0.0 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Change CMS 3.6.8 - Multiple Cross-Site Request Forgery Vulnerabilities
Change CMS 3.6.8 - Cross-Site Request Forgery Multiple Vulnerabilities
OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities
OpenWrt 10.03 - Cross-Site Scripting Multiple Vulnerabilities
Contenido CMS 4.8.12 - Multiple Cross-Site Scripting Vulnerabilities
Contenido CMS 4.8.12 - Cross-Site Scripting Multiple Vulnerabilities
SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities
SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Cross-Site Scripting Multiple Vulnerabilities
ManageEngine EventLog Analyzer 6.1 - Multiple Cross-Site Scripting Vulnerabilities
ManageEngine EventLog Analyzer 6.1 - Cross-Site Scripting Multiple Vulnerabilities
Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component com_mailto - Cross-Site Scripting Multiple Vulnerabilities
Mura CMS - Multiple Cross-Site Scripting Vulnerabilities
Mura CMS - Cross-Site Scripting Multiple Vulnerabilities
BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities
BlogCFC 5.9.6.001 - Cross-Site Scripting Multiple Vulnerabilities
Radius Manager 3.6 - Multiple Cross-Site Scripting Vulnerabilities
Social Share - Multiple Cross-Site Scripting Vulnerabilities
Radius Manager 3.6 - Cross-Site Scripting Multiple Vulnerabilities
Social Share - Cross-Site Scripting Multiple Vulnerabilities
Habari 0.6.5 - Multiple Cross-Site Scripting Vulnerabilities
Habari 0.6.5 - Cross-Site Scripting Multiple Vulnerabilities
Openfire 3.6.4 - Multiple Cross-Site Scripting Vulnerabilities
Openfire 3.6.4 - Cross-Site Scripting Multiple Vulnerabilities
phpSound Music Sharing Platform 1.0.5 - Multiple Cross-Site Scripting Vulnerabilities
phpSound Music Sharing Platform 1.0.5 - Cross-Site Scripting Multiple Vulnerabilities
vBSEO 3.2.2/3.5.2 - Multiple Cross-Site Scripting Vulnerabilities
vBSEO 3.2.2/3.5.2 - Cross-Site Scripting Multiple Vulnerabilities
ViArt Shop 4.0.5 - Multiple Cross-Site Scripting Vulnerabilities
ViArt Shop 4.0.5 - Cross-Site Scripting Multiple Vulnerabilities
CiviCRM 3.3.3 - Multiple Cross-Site Scripting Vulnerabilities
UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities
CiviCRM 3.3.3 - Cross-Site Scripting Multiple Vulnerabilities
UMI CMS 2.8.1.2 - Cross-Site Scripting Multiple Vulnerabilities
Dolphin 7.0.4 - Multiple Cross-Site Scripting Vulnerabilities
Dolphin 7.0.4 - Cross-Site Scripting Multiple Vulnerabilities
MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities
Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities
MG2 0.5.1 - Cross-Site Scripting Multiple Vulnerabilities
Gollos 2.8 - Cross-Site Scripting Multiple Vulnerabilities
Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities
Photopad 1.2 - Cross-Site Scripting Multiple Vulnerabilities
Support Incident Tracker (SiT!) 3.62 - Multiple Cross-Site Scripting Vulnerabilities
Support Incident Tracker (SiT!) 3.62 - Cross-Site Scripting Multiple Vulnerabilities
Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities
Pragyan CMS 3.0 Beta - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Sodahead Polls 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Rating-Widget 1.3.1 - Multiple Cross-Site Scripting Vulnerabilities
XOOPS 2.x - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Sodahead Polls 2.0.2 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Rating-Widget 1.3.1 - Cross-Site Scripting Multiple Vulnerabilities
XOOPS 2.x - Cross-Site Scripting Multiple Vulnerabilities
MC Content Manager 10.1.1 - Multiple Cross-Site Scripting Vulnerabilities
GrapeCity Data Dynamics Reports 1.6.2084.14 - Multiple Cross-Site Scripting Vulnerabilities
MC Content Manager 10.1.1 - Cross-Site Scripting Multiple Vulnerabilities
GrapeCity Data Dynamics Reports 1.6.2084.14 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Daily Maui Photo Widget 0.2 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Daily Maui Photo Widget 0.2 - Cross-Site Scripting Multiple Vulnerabilities
Kusaba X 0.9 - Multiple Cross-Site Scripting Vulnerabilities
Kusaba X 0.9 - Cross-Site Scripting Multiple Vulnerabilities
Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Humhub 0.10.0-rc.1 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities
Alkacon OpenCMS 7.5.x - Cross-Site Scripting Multiple Vulnerabilities
Claroline 1.10 - Multiple HTML Injection Vulnerabilities
Claroline 1.10 - HTML Injection Multiple Vulnerabilities
YaCOMAS 0.3.6 OpenCMS - Multiple Cross-Site Scripting Vulnerabilities
YaCOMAS 0.3.6 OpenCMS - Cross-Site Scripting Multiple Vulnerabilities
webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities
webSPELL 4.2.2a - Cross-Site Scripting Multiple Vulnerabilities
YaPiG 0.95 - Multiple Cross-Site Scripting Vulnerabilities
YaPiG 0.95 - Cross-Site Scripting Multiple Vulnerabilities
PHPDug 2.0 - Multiple Cross-Site Scripting Vulnerabilities
PHPDug 2.0 - Cross-Site Scripting Multiple Vulnerabilities
Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities
Keyfax Customer Response Management 3.2.2.6 - Cross-Site Scripting Multiple Vulnerabilities
poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities
poMMo Aardvark PR16.1 - Cross-Site Scripting Multiple Vulnerabilities
Argyle Social - Multiple Cross-Site Scripting Vulnerabilities
Argyle Social - Cross-Site Scripting Multiple Vulnerabilities
Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities
Mitel Audio and Web Conferencing 4.4.3.0 - Cross-Site Scripting Multiple Vulnerabilities
PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities
PHP Calendar Basic 2.3 - Cross-Site Scripting Multiple Vulnerabilities
phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities
phpScheduleIt 1.2.12 - Cross-Site Scripting Multiple Vulnerabilities
Blog:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities
Blog:CMS 4.2 - Cross-Site Scripting Multiple Vulnerabilities
miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities
miniblog 1.0 - Cross-Site Scripting Multiple Vulnerabilities
Mambo 4.6.x - Multiple Cross-Site Scripting Vulnerabilities
Mambo 4.6.x - Cross-Site Scripting Multiple Vulnerabilities
Joomla! 1.6.3 - Multiple Cross-Site Scripting Vulnerabilities
Flatpress 0.1010.1 - Multiple Cross-Site Scripting Vulnerabilities
Joomla! 1.6.3 - Cross-Site Scripting Multiple Vulnerabilities
Flatpress 0.1010.1 - Cross-Site Scripting Multiple Vulnerabilities
MBoard 1.3 - 'url' URI Redirection
PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities
MBoard 1.3 - 'url' Open Redirection
PHPJunkYard GBook 1.6/1.7 - Cross-Site Scripting Multiple Vulnerabilities
TCExam 11.2.x - Multiple Cross-Site Scripting Vulnerabilities
TCExam 11.2.x - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin bSuite 4.0.7 - Multiple HTML Injection Vulnerabilities
WordPress Plugin bSuite 4.0.7 - HTML Injection Multiple Vulnerabilities
Joomla! < 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities
Joomla! < 1.6.5 - Cross-Site Scripting Multiple Vulnerabilities
Cyberoam UTM - Multiple Cross-Site Scripting Vulnerabilities
Cyberoam UTM - Cross-Site Scripting Multiple Vulnerabilities
Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities
Online Grades 3.2.5 - Cross-Site Scripting Multiple Vulnerabilities
Sitecore CMS 6.4.1 - 'url' URI Redirection
Sitecore CMS 6.4.1 - 'url' Open Redirection
Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities
Curverider Elgg 1.7.9 - Cross-Site Scripting Multiple Vulnerabilities
HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities
HESK 2.2 - Cross-Site Scripting Multiple Vulnerabilities
Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities
Exponent CMS 2.3.1 - Cross-Site Scripting Multiple Vulnerabilities
Softbiz Recipes Portal Script - Multiple Cross-Site Scripting Vulnerabilities
Softbiz Recipes Portal Script - Cross-Site Scripting Multiple Vulnerabilities
OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities
OpenEMR 4.0 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin eShop 6.2.8 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin eShop 6.2.8 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin WP-Stats-Dashboard 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin WP-Stats-Dashboard 2.6.5.1 - Cross-Site Scripting Multiple Vulnerabilities
Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities
Open Classifieds 1.7.2 - Cross-Site Scripting Multiple Vulnerabilities
IBM Open Admin Tool 2.71 - Multiple Cross-Site Scripting Vulnerabilities
IBM Open Admin Tool 2.71 - Cross-Site Scripting Multiple Vulnerabilities
GuppY CMS 5.0.9 < 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities
GuppY CMS 5.0.9 < 5.00.10 - Cross-Site Request Forgery Multiple Vulnerabilities
Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities
Papoo CMS Light 4.0 - Cross-Site Scripting Multiple Vulnerabilities
Microsoft SharePoint 2007/2010 - 'Source' Multiple URI Open redirection Vulnerabilities
Microsoft SharePoint 2007/2010 - 'Source' Multiple Open Redirections
PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
PunBB 1.3.5 - Cross-Site Scripting Multiple Vulnerabilities
Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities
Zyncro 3.0.1.20 - HTML Injection Multiple Vulnerabilities
Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities
Adobe ColdFusion 7 - Cross-Site Scripting Multiple Vulnerabilities
Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities
Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities
Joomla! < 1.7.0 - Cross-Site Scripting Multiple Vulnerabilities
Bitweaver 2.8.1 - Cross-Site Scripting Multiple Vulnerabilities
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (1)
Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
Silverstripe CMS 2.4.5 - Cross-Site Scripting Multiple Vulnerabilities
BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities
BugFree 2.1.3 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Pretty Link 1.4.56 - Cross-Site Scripting Multiple Vulnerabilities
Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities
Tine 2.0 - Cross-Site Scripting Multiple Vulnerabilities
InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities
InverseFlow 2.4 - Cross-Site Scripting Multiple Vulnerabilities
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2)
eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities
eFront 3.6.10 Build 11944 - Cross-Site Scripting Multiple Vulnerabilities
CmyDocument - Multiple Cross-Site Scripting Vulnerabilities
CmyDocument - Cross-Site Scripting Multiple Vulnerabilities
AShop - Open-redirection / Cross-Site Scripting
Joomla! Component com_alfcontact 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities
AShop - Open Redirection / Cross-Site Scripting
Joomla! Component com_alfcontact 1.9.3 - Cross-Site Scripting Multiple Vulnerabilities
PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Cross-Site Scripting Vulnerabilities
PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Cross-Site Scripting Multiple Vulnerabilities
Zen Cart CMS 1.3.9h - Multiple Cross-Site Scripting Vulnerabilities
Zen Cart CMS 1.3.9h - Cross-Site Scripting Multiple Vulnerabilities
eSyndiCat Pro 2.3.5 - Multiple Cross-Site Scripting Vulnerabilities
eSyndiCat Pro 2.3.5 - Cross-Site Scripting Multiple Vulnerabilities
Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities
Pulse Pro 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities
Fork CMS 3.1.5 - Cross-Site Scripting Multiple Vulnerabilities
Pulse Pro 1.7.2 - Cross-Site Scripting Multiple Vulnerabilities
epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities
epesi BIM 1.2 rev 8154 - Cross-Site Scripting Multiple Vulnerabilities
Orchard 1.3.9 - 'ReturnUrl' URI Redirection
Orchard 1.3.9 - 'ReturnUrl' Open Redirection
WordPress Plugin Age Verification 0.4 - 'redirect_to' URI Redirection
WordPress Plugin Age Verification 0.4 - 'redirect_to' Open Redirection
KnowledgeTree 3.x - Multiple Cross-Site Scripting Vulnerabilities
KnowledgeTree 3.x - Cross-Site Scripting Multiple Vulnerabilities
ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities
Beehive Forum 101 - Multiple Cross-Site Scripting Vulnerabilities
phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities
ATutor 2.0.3 - Cross-Site Scripting Multiple Vulnerabilities
Beehive Forum 101 - Cross-Site Scripting Multiple Vulnerabilities
phpVideoPro 0.8.x/0.9.7 - Cross-Site Scripting Multiple Vulnerabilities
Acidcat ASP CMS 3.5 - Multiple Cross-Site Scripting Vulnerabilities
Acidcat ASP CMS 3.5 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Plugin Video Gallery 2.8 - Cross-Site Request Forgery Multiple Vulnerabilities
GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities
GForge 5.7.1 - Cross-Site Scripting Multiple Vulnerabilities
LxCenter Kloxo 6.1.10 - Multiple HTML Injection Vulnerabilities
LxCenter Kloxo 6.1.10 - HTML Injection Multiple Vulnerabilities
Tiki Wiki CMS Groupware - 'url' URI Redirection
Tiki Wiki CMS Groupware - 'url' Open Redirection
F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities
F*EX 20100208/20111129-2 - Cross-Site Scripting Multiple Vulnerabilities
Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities
Webglimpse 2.x - Cross-Site Scripting Multiple Vulnerabilities
OSQA's CMS - Multiple HTML Injection Vulnerabilities
OSQA's CMS - HTML Injection Multiple Vulnerabilities
Matthew1471 BlogX - Multiple Cross-Site Scripting Vulnerabilities
Matthew1471 BlogX - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Uploadify Integration 0.9.6 - Cross-Site Scripting Multiple Vulnerabilities
Joomla! Plugin Beatz 1.1 - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Plugin Beatz 1.1 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Yahoo Answer - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Yahoo Answer - Cross-Site Scripting Multiple Vulnerabilities
Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities
Croogo CMS 1.3.4 - HTML Injection Multiple Vulnerabilities
WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin NewsLetter Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin NewsLetter Manager 1.0 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Media Library Categories - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin LeagueManager 3.7 - Cross-Site Scripting Multiple Vulnerabilities
PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities
PHP Address Book 7.0 - Cross-Site Scripting Multiple Vulnerabilities
Opsview 4.6.2 - Multiple Cross-Site Scripting Vulnerabilities
Opsview 4.6.2 - Cross-Site Scripting Multiple Vulnerabilities
SPIP 2.x - Multiple Cross-Site Scripting Vulnerabilities
SPIP 2.x - Cross-Site Scripting Multiple Vulnerabilities
TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities
TEMENOS T24 - Cross-Site Scripting Multiple Vulnerabilities
WebsitePanel - 'ReturnUrl' URI Redirection
WebsitePanel - 'ReturnUrl' Open Redirection
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities
Simple Machines 2.0.2 - HTML Injection Multiple Vulnerabilities
ocPortal 7.1.5 - 'redirect' URI Redirection
Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities
ocPortal 7.1.5 - 'redirect' Open Redirection
Scrutinizer 9.0.1.19899 - Cross-Site Scripting Multiple Vulnerabilities
Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities
Distimo Monitor - Cross-Site Scripting Multiple Vulnerabilities
Total Shop UK eCommerce CodeIgniter - Multiple Cross-Site Scripting Vulnerabilities
Total Shop UK eCommerce CodeIgniter - Cross-Site Scripting Multiple Vulnerabilities
Monstra - Multiple HTML Injection Vulnerabilities
Monstra - HTML Injection Multiple Vulnerabilities
Power-eCommerce - Multiple Cross-Site Scripting Vulnerabilities
Power-eCommerce - Cross-Site Scripting Multiple Vulnerabilities
Web Wiz Forums - Multiple Cross-Site Scripting Vulnerabilities
LibGuides - Multiple Cross-Site Scripting Vulnerabilities
Web Wiz Forums - Cross-Site Scripting Multiple Vulnerabilities
LibGuides - Cross-Site Scripting Multiple Vulnerabilities
Phorum 5.2.18 - Multiple Cross-Site Scripting Vulnerabilities
PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities
Phorum 5.2.18 - Cross-Site Scripting Multiple Vulnerabilities
PrestaShop 1.4.7 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Slideshow - Cross-Site Scripting Multiple Vulnerabilities
Silverstripe CMS 2.4.x - 'BackURL' URI Redirection
Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities
AxisInternet VoIP Manager - Cross-Site Scripting Multiple Vulnerabilities
WordPress Theme Purity - Multiple Cross-Site Scripting Vulnerabilities
WordPress Theme Purity - Cross-Site Scripting Multiple Vulnerabilities
Switchvox - Multiple HTML Injection Vulnerabilities
Switchvox - HTML Injection Multiple Vulnerabilities
WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Akismet - Cross-Site Scripting Multiple Vulnerabilities
WANem - Multiple Cross-Site Scripting Vulnerabilities
WANem - Cross-Site Scripting Multiple Vulnerabilities
NetCat CMS - Multiple Cross-Site Scripting Vulnerabilities
NetCat CMS - Cross-Site Scripting Multiple Vulnerabilities
BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities
BloofoxCMS 0.3.5 - Cross-Site Scripting Multiple Vulnerabilities
WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Plugin Contact Form Generator 2.0.1 - Cross-Site Request Forgery Multiple Vulnerabilities
Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities
Smartphone Pentest Framework - Remote Command Execution Multiple Vulnerabilities
Joomla! Component com_incapsula - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component com_incapsula - Cross-Site Scripting Multiple Vulnerabilities
Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities
Openfire 3.10.2 - Cross-Site Scripting Multiple Vulnerabilities
Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities
Perforce P4Web - Cross-Site Scripting Multiple Vulnerabilities
Sonar - Multiple Cross-Site Scripting Vulnerabilities
Sonar - Cross-Site Scripting Multiple Vulnerabilities
MIMEsweeper For SMTP - Multiple Cross-Site Scripting Vulnerabilities
MIMEsweeper For SMTP - Cross-Site Scripting Multiple Vulnerabilities
phpMyRecipes - Multiple HTML Injection Vulnerabilities
phpMyRecipes - HTML Injection Multiple Vulnerabilities
OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities
OrionDB Web Directory - Cross-Site Scripting Multiple Vulnerabilities
PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities
PHP Server Monitor 3.1.1 - Cross-Site Request Forgery Multiple Vulnerabilities
Elastix - Multiple Cross-Site Scripting Vulnerabilities
Elastix - Cross-Site Scripting Multiple Vulnerabilities
Telaen 2.7.x - Open redirection
Telaen 2.7.x - Open Redirection
Xaraya - Multiple Cross-Site Scripting Vulnerabilities
Xaraya - Cross-Site Scripting Multiple Vulnerabilities
Mintboard - Multiple Cross-Site Scripting Vulnerabilities
Mintboard - Cross-Site Scripting Multiple Vulnerabilities
NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities
NXFilter 3.0.3 - Cross-Site Scripting Multiple Vulnerabilities
PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities
PrestaShop - Cross-Site Request Forgery Multiple Vulnerabilities
Magnolia CMS - Multiple Cross-Site Scripting Vulnerabilities
Magnolia CMS - Cross-Site Scripting Multiple Vulnerabilities
Alienvault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities
Alienvault Open Source SIEM (OSSIM) - Cross-Site Scripting Multiple Vulnerabilities
appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities
appRain CMF - Cross-Site Request Forgery Multiple Vulnerabilities
WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Plugin Event Easy Calendar - Cross-Site Request Forgery Multiple Vulnerabilities
Silverstripe CMS - Multiple HTML Injection Vulnerabilities
Silverstripe CMS - HTML Injection Multiple Vulnerabilities
OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities
OpenMRS 2.3 (1.11.4) - Cross-Site Scripting Multiple Vulnerabilities
OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities
OpenX 2.8.x - Cross-Site Request Forgery Multiple Vulnerabilities
ZamFoo - Multiple Remote Command Execution Vulnerabilities
ZamFoo - Remote Command Execution Multiple Vulnerabilities
ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities
ATutor 2.2 - Cross-Site Scripting Multiple Vulnerabilities
ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities
ProjectSend r582 - Cross-Site Scripting Multiple Vulnerabilities
NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities
NationBuilder - Persistent Cross-Site Scripting Multiple Vulnerabilities
w2wiki - Multiple Cross-Site Scripting Vulnerabilities
w2wiki - Cross-Site Scripting Multiple Vulnerabilities
Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Radiant CMS 1.1.3 - Persistent Cross-Site Scripting Multiple Vulnerabilities
Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities
Apache Archiva 1.3.9 - Cross-Site Request Forgery Multiple Vulnerabilities
Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities
Wowza Streaming Engine 4.5.0 - Cross-Site Scripting Multiple Vulnerabilities
Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
Nagios Network Analyzer 2.2.1 - Cross-Site Request Forgery Multiple Vulnerabilities
InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities
InfraPower PPS-02-S Q213V1 - Cross-Site Scripting Multiple Vulnerabilities
ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities
ViMbAdmin 3.0.15 - Cross-Site Request Forgery Multiple Vulnerabilities
PHPMyFAQ 2.9.8 - Cross-Site Scripting
PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (1)
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)
phpMyFAQ 2.9.8 - Cross-Site Scripting
phpMyFAQ 2.9.8 - Cross-Site Scripting (2)
Kaltura < 13.1.0 - Remote Code Execution
Kaltura < 13.2.0 - Remote Code Execution
Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection
FS Shutter Stock Clone - 'keywords' SQL Injection
FS Thumbtack Clone - 'ser' SQL Injection
FS Trademe Clone - 'id' SQL Injection
FS Monster Clone - 'id' SQL Injection
FS Care Clone - 'sitterService' SQL Injection
FS Crowdfunding Script - 'id' SQL Injection
FS Realtor Clone - 'id' SQL Injection
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
2017-10-26 05:01:38 +00:00
Offensive Security
5bd93d7e45
DB: 2017-10-25
...
12 new exploits
Apple Mac OSX xnu 1228.0 - mach-o Local Kernel Denial of Service (PoC)
Apple Mac OSX xnu 1228.0 - 'mach-o' Local Kernel Denial of Service (PoC)
Apple Mac OSX xnu 1228.0 - super_blob Local kernel Denial of Service (PoC)
Apple Mac OSX xnu 1228.0 - 'super_blob' Local kernel Denial of Service (PoC)
Administrador de Contenidos - Admin Login Bypass
Administrador de Contenidos - Admin Authentication Bypass
Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073)
Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073)
Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference (MS15-061)
Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061)
Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061)
Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061)
Microsoft Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097)
Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097)
Microsoft Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)
Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflows (MS15-097)
Microsoft Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097)
Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097)
Blue Coat ProxySG 5.x - and Security Gateway OS Denial of Service
Blue Coat ProxySG 5.x and Security Gateway OS - Denial of Service
Microsoft Windows Kernel - win32k!OffsetChildren Null Pointer Dereference
Microsoft Windows Kernel - 'win32k!OffsetChildren' Null Pointer Dereference
Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution
Apple Mac OSX - 'IOBluetoothHCIUserClient' Arbitrary Kernel Code Execution
Apple Mac OSX - gst_configure Kernel Buffer Overflow
Apple Mac OSX - IntelAccelerator::gstqConfigure Exploitable Kernel NULL Dereference
Apple Mac OSX - 'gst_configure' Kernel Buffer Overflow
Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Exploitable Kernel NULL Dereference
Microsoft Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read
Microsoft Windows Kernel - 'NtGdiGetTextExtentExW'' Out-of-Bounds Memory Read
Microsoft Windows Kernel - win32k Denial of Service (MS16-135)
Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)
Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure
Microsoft Windows 10 Kernel - 'nt!NtTraceControl (EtwpSetProviderTraits)' Pool Memory Disclosure
Microsoft Windows Kernel - win32k.sys '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)
AIX 5.2 - netpmon Local Elevated Privileges Exploit
AIX 5.2 - ipl_varyon Local Elevated Privileges Exploit
AIX 5.2 - 'netpmon' Local Privilege Escalation
AIX 5.2 - 'ipl_varyon' Local Privilege Escalation
Willing Webcam 2.8 - Licence Info Disclosure Local Exploit
Willing Webcam 2.8 - Licence Information Disclosure Local Exploit
Solaris 7.0 cancel - Exploit
Solaris 7.0 chkperm - Exploit
Solaris 7.0 - 'cancel' Exploit
Solaris 7.0 - 'chkperm' Exploit
Apple Mac OSX 10.4.x - Shared_Region_Make_Private_Np Kernel Function Local Memory Corruption
Apple Mac OSX 10.4.x - 'Shared_Region_Make_Private_Np' Kernel Function Local Memory Corruption
Apple macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free
Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free
Mikogo 5.4.1.160608 - Local Credentials Disclosure
THOMSON ST585 - 'user.ini' Arbitrary Download
THOMSON ST585 - 'user.ini' Arbitrary Disclosure
THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Download
THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Disclosure
Adobe Flash and Reader - Live Malware (PoC)
Adobe Flash / Reader - Live Malware (PoC)
Unify eWave ServletExec 3 - JSP Source Disclosure
Unify eWave ServletExec 3 - .JSP Source Disclosure
1C: Arcadia Internet Store 1.0 - Show Path
1C: Arcadia Internet Store 1.0 - Path Disclosure
Adobe ColdFusion 9 - Administrative Login Bypass (Metasploit)
Adobe ColdFusion 9 - Administrative Authentication Bypass (Metasploit)
Apache Tomcat 6.0.13 - Cookie Handling Quote Delimiter Session ID Disclosure
Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure
myNewsletter 1.1.2 - 'adminLogin.asp' Login Bypass
myNewsletter 1.1.2 - 'adminLogin.asp' Authentication Bypass
2BGal 3.0 - '/admin/configuration.inc.php' Local Inclusion Exploit
2BGal 3.0 - '/admin/configuration.inc.php' Local File Inclusion
Estate Agent Manager 1.3 - 'default.asp' Login Bypass
Property Pro 1.0 - 'vir_Login.asp' Remote Login Bypass
Estate Agent Manager 1.3 - 'default.asp' Authentication Bypass
Property Pro 1.0 - 'vir_Login.asp' Remote Authentication Bypass
Hpecs Shopping Cart - Remote Login Bypass
Hpecs Shopping Cart - Remote Authentication Bypass
HR Assist 1.05 - 'vdateUsr.asp' Remote Login Bypass
HR Assist 1.05 - 'vdateUsr.asp' Remote Authentication Bypass
PHPX 3.5.16 - Cookie Poisoning / Login Bypass
PHPX 3.5.16 - Cookie Poisoning / Authentication Bypass
Absolute File Send 1.0 - Remote Cookie Handling
Absolute File Send 1.0 - Remote Insecure Cookie Handling
Absolute Poll Manager XE 4.1 - Cookie Handling
Absolute Poll Manager XE 4.1 - Insecure Cookie Handling
TR News 2.1 - 'login.php' Remote Login Bypass
TR News 2.1 - 'login.php' Remote Authentication Bypass
PhpAddEdit 1.3 - 'cookie' Login Bypass
PhpAddEdit 1.3 - 'cookie' Authentication Bypass
2532/Gigs 1.2.2 Stable - Remote Login Bypass
2532/Gigs 1.2.2 Stable - Remote Authentication Bypass
Flexcustomer 0.0.6 - Admin Login Bypass / Possible PHP code writing
Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP code writing
ClearBudget 0.6.1 - Insecure Database Download
ClearBudget 0.6.1 - Insecure Database Disclosure
ClanTiger < 1.1.1 - Multiple Cookie Handling Vulnerabilities
ClanTiger < 1.1.1 - Multiple Insecure Cookie Handling Vulnerabilities
2DayBiz Custom T-shirt Design -(SQL Injection / Cross-Site Scripting
2DayBiz Custom T-shirt Design - SQL Injection / Cross-Site Scripting
ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Info Disclosure Vulnerabilities
ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities
Amiro.CMS 5.4.0.0 - Folder Disclosure
Amiro.CMS 5.4.0.0 - Path Disclosure
Mura CMS 5.1 - Root Folder Disclosure
Mura CMS 5.1 - Root Path Disclosure
jgbbs-3.0beta1 - Database Download
PSnews - Database Download
jgbbs-3.0beta1 - Database Disclosure
PSnews - Database Disclosure
AspBB - Active Server Page Bulletin Board Database Download
Futility Forum 1.0 Revamp - Database Download
htmlArea 2.03 - Database Download
Uguestbook - Database Download
BaalASP 2.0 - Database Download
Fully Functional ASP Forum 1.0 - Database Download
makit news/blog poster 3.1 - Database Download
AspBB - Active Server Page Bulletin Board Database Disclosure
Futility Forum 1.0 Revamp - Database Disclosure
htmlArea 2.03 - Database Disclosure
Uguestbook - Database Disclosure
BaalASP 2.0 - Database Disclosure
Fully Functional ASP Forum 1.0 - Database Disclosure
makit news/blog poster 3.1 - Database Disclosure
ASP Battle Blog - Database Download
ASP Battle Blog - Database Disclosure
Proxyroll.com Clone PHP Script - Cookie Handling
Proxyroll.com Clone PHP Script - Insecure Cookie Handling
YP Portal MS-Pro Surumu 1.0 - Database Download
YP Portal MS-Pro Surumu 1.0 - Database Disclosure
Lebi soft Ziyaretci Defteri 7.5 - Database Download
Net Gitar Shop 1.0 - Database Download
Lebi soft Ziyaretci Defteri 7.5 - Database Disclosure
Net Gitar Shop 1.0 - Database Disclosure
VP-ASP Shopping Cart 7.0 - Database Download
VP-ASP Shopping Cart 7.0 - Database Disclosure
Asp VevoCart Control System 3.0.4 - Database Download
Asp VevoCart Control System 3.0.4 - Database Disclosure
MoME CMS 0.8.5 - Remote Login Bypass
RoseOnlineCMS 3 B1 - Remote Login Bypass
MoME CMS 0.8.5 - Remote Authentication Bypass
RoseOnlineCMS 3 B1 - Remote Authentication Bypass
al3jeb script - Remote Login Bypass
al3jeb script - Remote Authentication Bypass
Al Sat Scripti - Database Download
Al Sat Scripti - Database Disclosure
Mp3 MuZik - DataBase Download
Mp3 MuZik - Database Disclosure
My School Script - Data Base Download
My School Script - Database Disclosure
Azimut Technologie - Admin Login Bypass
Azimut Technologie - Admin Authentication Bypass
Auction_Software Script - Admin Login Bypass
Auction_Software Script - Admin Authentication Bypass
BSI Hotel Booking System Admin 1.4/2.0 - Login Bypass
BSI Hotel Booking System Admin 1.4/2.0 - Authentication Bypass
DeluxeBB 1.3 - Private Info Disclosure
DeluxeBB 1.3 - Private Information Disclosure
Qcodo Development Framework 0.3.3 - Full Info Disclosure
Qcodo Development Framework 0.3.3 - Full Information Disclosure
CosmoQuest - Login Bypass
CosmoQuest - Authentication Bypass
PHProjekt 2.x/3.x - Login Bypass
PHProjekt 2.x/3.x - Authentication Bypass
MapInfo Discovery 1.0/1.1 - Administrative Login Bypass
MapInfo Discovery 1.0/1.1 - Administrative Authentication Bypass
Keyvan1 ImageGallery - Database Download
Keyvan1 ImageGallery - Database Disclosure
Simple File Manager 024 - Login Bypass
Simple File Manager 024 - Authentication Bypass
Adobe ColdFusion 9 - Administrative Login Bypass
Adobe ColdFusion 9 - Administrative Authentication Bypass
RASPcalendar 1.01 - [ASP] Admin Login
RASPcalendar 1.01 (ASP) - Admin Login
Zend-Framework - Full Info Disclosure
Zend-Framework - Full Information Disclosure
Simple E-document 1.31 - Login Bypass
Simple E-document 1.31 - Authentication Bypass
ZYXEL P-660HN-T1A Router - Login Bypass
ZYXEL P-660HN-T1A Router - Authentication Bypass
agXchange ESM - 'ucschcancelproc.jsp' Open redirection
agXchange ESM - 'ucschcancelproc.jsp' Open Redirection
ESRI ArcGIS for Server - 'where' Form Field SQL Injection
ESRI ArcGIS for Server - 'where' Form SQL Injection
ZTE ZXHN H108N Router - Unauthenticated Config Download
ZTE ZXHN H108N Router - Unauthenticated Config Disclosure
FS Car Rental Script - 'pickup_location' SQL Injection
FS Amazon Clone - 'category_id' SQL Injection
FS Book Store Script - 'category' SQL Injection
FS Ebay Clone - 'pd_maincat_id' SQL Injection
FS Food Delivery Script - 'keywords' SQL Injection
FS Expedia Clone - 'hid' SQL Injection
FS Freelancer Clone - 'sk' SQL Injection
FS Groupon Clone - 'category' SQL Injection
FS Indiamart Clone - 'keywords' SQL Injection
FS Lynda Clone - 'category' SQL Injection
FS OLX Clone - 'catg_id' SQL Injection
2017-10-25 05:01:35 +00:00
Offensive Security
538da000af
DB: 2017-10-24
...
10 new exploits
FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service
FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service
NetBSD FTPd / Tnftpd - Remote Stack Overflow (PoC)
NetBSD - 'FTPd / Tnftpd' Remote Stack Overflow (PoC)
FreeBSD 6/8 - ata device Local Denial of Service
FreeBSD 6/8 - ata Device Local Denial of Service
FreeBSD 7.2 - pecoff executable Local Denial of Service
FreeBSD 7.2 - 'pecoff' Local Denial of Service
FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service
FreeBSD / OpenBSD - 'ftpd' Null Pointer Dereference Denial of Service
FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off-By-One (PoC)
FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)
FreeBSD Kernel - 'mountnfs()' Exploit
FreeBSD - 'mountnfs()' Exploit
FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition
FreeBSD 8.1/7.3 - 'vm.pmap' Local Race Condition
Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service
BSD/Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service
FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service
FreeBSD 3.0/3.1/3.2 - 'vfs_cache' Denial of Service
FreeBSD Kernel - SCTP Remote NULL Ptr Dereference Denial of Service
FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service
OpenBSD 3.3/3.4 sysctl - Local Denial of Service
OpenBSD 3.3/3.4 - 'sysctl' Local Denial of Service
FreeBSD 9.1 ftpd - Remote Denial of Service
FreeBSD 9.1 - 'ftpd' Remote Denial of Service
FreeBSD 6.0/6.1 Ftrucante - Local Denial of Service
FreeBSD 6.0/6.1 - Ftrucante Local Denial of Service
NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow
NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow
Multiple BSD Distributions - 'strfmon()' Integer Overflow
BSD (Multiple Distributions) - 'strfmon()' Integer Overflow
Multiple BSD Distributions - 'gdtoa/misc.c' Memory Corruption
BSD (Multiple Distributions) - 'gdtoa/misc.c' Memory Corruption
Multiple BSD Distributions - 'printf(3)' Memory Corruption
BSD (Multiple Distributions) - 'printf(3)' Memory Corruption
FreeBSD Kernel - Multiple Vulnerabilities
FreeBSD - Multiple Vulnerabilities
FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow
FreeBSD 10.2 (x64) - 'amd64_set_ldt' Heap Overflow
ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service
FreeBSD 3.5.1/4.2 - ports package xklock Privilege Escalation
FreeBSD 3.5.1/4.2 - Ports Package elvrec Privilege Escalation
FreeBSD 3.5.1/4.2 - Ports Package 'xklock' Privilege Escalation
FreeBSD 3.5.1/4.2 - Ports Package 'elvrec' Privilege Escalation
OpenBSD ftp - Exploit
OpenBSD - 'ftp' Exploit
FreeBSD /usr/bin/top - Format String
FreeBSD - '/usr/bin/top' Format String
FreeBSD 4.x / < 5.4 - master.passwd Disclosure
FreeBSD 4.x / < 5.4 - 'master.passwd' Disclosure
FreeBSD mcweject 0.9 (eject) - Buffer Overflow Privilege Escalation
FreeBSD mcweject 0.9 'Eject' - Buffer Overflow Privilege Escalation
Oracle 10g - CTX_DOC.MARKUP SQL Injection
Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection
FreeBSD 6x/7 protosw Kernel - Privilege Escalation
FreeBSD 6x/7 - 'protosw' Privilege Escalation
FreeBSD 7.0-RELEASE Telnet Daemon - Privilege Escalation
FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation
FreeBSD 7.0/7.1 - 'ktimer' Kernel Privilege Escalation
FreeBSD 7.0/7.1 - 'ktimer' Privilege Escalation
FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation
FreeBSD 7.0/7.1 - 'vfs.usermount' Privilege Escalation
Multiple BSD Distributions - 'setusercontext()' Vulnerabilities
BSD (Multiple Distributions) - 'setusercontext()' Vulnerabilities
FreeBSD Kernel - 'nfs_mount()' Exploit
FreeBSD - 'nfs_mount()' Exploit
FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile kernel mem-leak Exploit
FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak Exploit
Sun Solaris 7.0 sdtcm_convert - Exploit
Sun Solaris 7.0 - 'sdtcm_convert' Exploit
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (3)
BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - rlogin Exploit
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (3)
BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit
NetBSD 1.3.2 / SGI IRIX 6.5.1 at(1) - Exploit
NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Exploit
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (1)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (2)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (1)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (2)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (1)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2)
BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon
BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit
FreeBSD 3.3 gdc - Buffer Overflow
FreeBSD 3.3 gdc - Symlink Exploit
FreeBSD 3.3 - Seyon setgid dialer
FreeBSD 3.3 xmindpath - Buffer Overflow
FreeBSD 3.3 angband - Buffer Overflow
FreeBSD 3.3 - 'gdc' Buffer Overflow
FreeBSD 3.3 - 'gdc' Symlink Exploit
FreeBSD 3.3 - Seyon setgid Dialer
FreeBSD 3.3 - 'xmindpath' Buffer Overflow
FreeBSD 3.3 - 'angband' Buffer Overflow
FreeBSD 3.0/3.1/3.2/3.3/3.4 Asmon/Ascpu - Exploit
FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Exploit
BSD mailx 8.1.1-10 - Buffer Overflow (1)
BSD mailx 8.1.1-10 - Buffer Overflow (2)
BSD 'mailx' 8.1.1-10 - Buffer Overflow (1)
BSD 'mailx' 8.1.1-10 - Buffer Overflow (2)
OpenBSD 2.x - fstat Format String
OpenBSD 2.x - 'fstat' Format String
BSD lpr 0.54 -4 - Arbitrary Command Execution
BSD 'lpr' 0.54 -4 - Arbitrary Command Execution
FreeBSD 3.5/4.x /usr/bin/top - Format String
FreeBSD 3.5/4.x - '/usr/bin/top' Format String
Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure
Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure
BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)
BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)
BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)
BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)
BSD Kernel - SHMAT System Call Privilege Escalation
BSD - SHMAT System Call Privilege Escalation
Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation
Linux Kernel < 3.8.x - open-time Capability 'file_ns_capable()' Privilege Escalation
FreeBSD 9.0 < 9.1 mmap/ptrace - Privilege Escalation
FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Privilege Escalation
NetBSD mail.local(8) - Privilege Escalation (Metasploit)
NetBSD - 'mail.local(8)' Privilege Escalation (Metasploit)
OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing
OpenBSD 3.9/4.0 - 'ld.so' Local Environment Variable Clearing
FreeBSD 7.1 libc - Berkley DB Interface Uninitialized Memory Local Information Disclosure
FreeBSD 7.1 - libc Berkley DB Interface Uninitialized Memory Local Information Disclosure
Apple Mac OSX 10.10 - DYLD_PRINT_TO_FILE Privilege Escalation
Apple Mac OSX 10.10 - 'DYLD_PRINT_TO_FILE' Privilege Escalation
Apple Mac OSX 10.10.5 - XNU Privilege Escalation
Apple Mac OSX 10.10.5 - 'XNU' Privilege Escalation
Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation
Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation
Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)
Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation (Metasploit)
NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006)
NetBSD - 'mail.local(8)' Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Privilege Escalation
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Privilege Escalation
Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation
BSD TelnetD - Remote Command Execution (1)
BSD - 'TelnetD' Remote Command Execution (1)
ftpd / ProFTPd (FreeBSD) - Remote Command Execution
FreeBSD - 'ftpd / ProFTPd' Remote Command Execution
FreeBSD Telnet Service - Encryption Key ID Buffer Overflow (Metasploit)
FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit)
BSD 4.2 fingerd - Buffer Overflow
BSD 4.2 - 'fingerd' Buffer Overflow
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (1)
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (2)
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (1)
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (2)
BSD TelnetD - Remote Command Execution (2)
BSD - 'TelnetD' Remote Command Execution (2)
FreeBSD 3.x/4.x - ipfw Filtering Evasion
FreeBSD 3.x/4.x - 'ipfw' Filtering Evasion
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow
FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Buffer Overflow
FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Vulnerabilities
Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - TelnetD Buffer Overflow
Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Buffer Overflow
NetBSD 1.x TalkD - User Validation
NetBSD 1.x - 'TalkD' User Validation
tnftp - clientside BSD Exploit
tnftp (FreeBSD 8/9/10) - 'tnftp' Client Eide Exploit
Ayukov NFTP FTP Client < 2.0 - Buffer Overflow
Unitrends UEB 9 - http api/storage Remote Root (Metasploit)
Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)
Polycom - Command Shell Authorization Bypass (Metasploit)
Joomla! Component Photo Blog alpha 3 - alpha 3a SQL Injection
Joomla! Component Photo Blog alpha 3 < alpha 3a - SQL Injection
cPanel 10.9 - dosetmytheme 'theme' Cross-Site Scripting
cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting
Korean GHBoard - Component/upload.jsp Unspecified Arbitrary File Upload
Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload
TP-Link TL-MR3220 - Cross-Site Scripting
Logitech Media Server - Cross-Site Scripting
CometChat < 6.2.0 BETA 1 - Local File Inclusion
Kaltura < 13.1.0 - Remote Code Execution
2017-10-24 05:02:00 +00:00
g0tmi1k
a39d660d47
Merge pull request #105 from g0tmi1k/searchsploit
...
Fix #104 : Add --json support for --id & --www
2017-10-23 11:41:50 +01:00
g0tmi1k
f925180ed4
Fix #104 : Add --json support for --id & --www
...
..and sudo for some git commands
2017-10-23 11:41:09 +01:00
Offensive Security
4db3e03d4f
DB: 2017-10-23
2017-10-23 05:01:29 +00:00
Offensive Security
1fb0adc9ce
DB: 2017-10-22
2017-10-22 05:01:29 +00:00
Offensive Security
7de3f31675
DB: 2017-10-21
...
9 new exploits
Too many to list!
2017-10-21 05:01:31 +00:00
Offensive Security
61c8ca796b
DB: 2017-10-20
...
1 new exploits
Too many to list!
2017-10-20 05:01:31 +00:00
Offensive Security
5d67bcf186
DB: 2017-10-19
...
5 new exploits
Too many to list!
2017-10-19 05:01:29 +00:00
Offensive Security
519f2f59ba
DB: 2017-10-18
...
19 new exploits
Mozilla (Firefox 1.0.7) (Mozilla 1.7.12) - Denial of Service
Mozilla Firefox 1.0.7 (Mozilla 1.7.12) - Denial of Service
Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution
Microsoft Excel - OLE Arbitrary Code Execution
Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass
Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns
Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box'
Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags
Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure
Linux Kernel - 'AF_PACKET' Use-After-Free
shadowsocks-libev 3.1.0 - Command Execution
Shadowsocks - Log File Command Execution
ModSecurity - POST Parameters Security Bypass
ModSecurity - 'POST' Security Bypass
Apple iOS 10.2 (14C92) - Remote Code Execution
Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)
Windows x64 - API Hooking Shellcode (117 bytes)
ALiCE-CMS 0.1 - (CONFIG[local_root]) Remote File Inclusion
ALiCE-CMS 0.1 - 'CONFIG[local_root]' Remote File Inclusion
PHPRecipeBook 2.35 - (g_rb_basedir) Remote File Inclusion
PHPRecipeBook 2.35 - 'g_rb_basedir' Remote File Inclusion
Brim 1.2.1 - (renderer) Multiple Remote File Inclusion
Brim 1.2.1 - 'renderer' Multiple Remote File Inclusion
GNUBoard 4.33.02 - 'tp.php' PATH_INFO SQL Injection
GNUBoard 4.33.02 - 'tp.php PATH_INFO' SQL Injection
3CX Phone System 15.5.3554.1 - Directory Traversal
OpenText Documentum Content Server - Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
OpenText Documentum Content Server - dmr_content Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
2017-10-18 05:01:30 +00:00
Offensive Security
461226bd00
DB: 2017-10-17
...
3 new exploits
Microsoft Office - HtmlDlgHelper Class Memory Corruption (MS10-071)
Microsoft Office - 'HtmlDlgHelper' Class Memory Corruption (MS10-071)
Xcode OpenBase 9.1.5 (OSX) - (Root File Create) Privilege Escalation
Xcode OpenBase 9.1.5 (OSX) - Privilege Escalation (Root File Create)
Linux modutils 2.3.9 - modprobe Arbitrary Command Execution
Linux modutils 2.3.9 - 'modprobe' Arbitrary Command Execution
Jan Hubicka Koules 1.4 - Svgalib Buffer Overflow
Jan Hubicka Koules 1.4 - 'Svgalib' Buffer Overflow
Internet Security Systems 3.6 - ZWDeleteFile Function Arbitrary File Deletion
Internet Security Systems 3.6 - 'ZWDeleteFile()' Arbitrary File Deletion
Muhammad A. Muquit wwwcount 2.3 - Count.cgi Buffer Overflow
Muhammad A. Muquit wwwcount 2.3 - 'Count.cgi' Buffer Overflow
Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module - SQL Injection
Asterisk 'asterisk-addons' 1.2.7/1.4.3 - CDR_ADDON_MYSQL Module SQL Injection
Comdev One Admin 4.1 - Adminfoot.php Remote Code Execution
Simplog 0.9.3.1 - comments.php SQL Injection
Comdev One Admin 4.1 - 'Adminfoot.php' Remote Code Execution
Simplog 0.9.3.1 - 'comments.php' SQL Injection
Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
Webmin 1.850 - Multiple Vulnerabilities
2017-10-17 05:01:30 +00:00
Offensive Security
51c5257c7f
DB: 2017-10-14
...
11 new exploits
FreeBSD 6.1-RELEASE-p10 - (ftruncate) Local Denial of Service
FreeBSD 6.1-RELEASE-p10 - (scheduler) Local Denial of Service
FreeBSD 6.1-RELEASE-p10 - 'ftruncate' Local Denial of Service
FreeBSD 6.1-RELEASE-p10 - 'scheduler' Local Denial of Service
Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups
Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups
mIRC 6.1 - DCC SEND Buffer Overflow (1)
mIRC 6.1 - DCC SEND Buffer Overflow (2)
mIRC 6.1 - 'DCC SEND' Buffer Overflow (1)
mIRC 6.1 - 'DCC SEND' Buffer Overflow (2)
Adobe Reader 9.1.3 and Acrobat - COM Objects Memory Corruption Remote Code Execution
Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution
Oracle Solaris - 'su' Local Solaris
Oracle Solaris - 'su' Local Exploit
Mozilla Firefox - Array.reduceRight() Integer Overflow (Metasploit) (2)
Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (Metasploit) (2)
Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit)
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)
phpBB RPG Events 1.0 - functions_rpg_events Remote File Inclusion
phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion
cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP)
cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)
WWWISIS 7.1 - (IsisScript) Local File Disclosure / Cross-Site Scripting
WWWISIS 7.1 - 'IsisScript' Local File Disclosure / Cross-Site Scripting
SCT Campus Pipeline 1.0/2.x/3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting
SCT Campus Pipeline 1.0/2.x/3.x - 'Render.UserLayoutRootNode.uP' Cross-Site Scripting
YaPiG 0.95b - view.php img_size Parameter Cross-Site Scripting
Accelerated Mortgage Manager - Password Field SQL Injection
YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting
Accelerated Mortgage Manager - 'Password' SQL Injection
YaPiG 0.9x - Thanks_comment.php Cross-Site Scripting
YaPiG 0.9x - 'Thanks_comment.php' Cross-Site Scripting
Bloq 0.5.4 - 'index.php' page[path] Parameter Remote File Inclusion
Bloq 0.5.4 - admin.php page[path] Parameter Remote File Inclusion
Bloq 0.5.4 - rss.php page[path] Parameter Remote File Inclusion
Bloq 0.5.4 - rss2.php page[path] Parameter Remote File Inclusion
Bloq 0.5.4 - rdf.php page[path] Parameter Remote File Inclusion
Bloq 0.5.4 - files/mainfile.php page[path] Parameter Remote File Inclusion
Xoops 2.2.3 - search.php Cross-Site Scripting
Bloq 0.5.4 - 'index.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'admin.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'files/mainfile.php?page[path]' Remote File Inclusion
Xoops 2.2.3 - 'search.php' Cross-Site Scripting
Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection
Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting / SQL Injection
TYPO3 ke DomPDF Extension - Remote Code Execution
TYPO3 Extension ke DomPDF - Remote Code Execution
TYPO3 Akronymmanager Extension 0.5.0 - SQL Injection
TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection
TYPO3 News Module - SQL Injection
TYPO3 Extension News - SQL Injection
OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting
E-Sic Software livre CMS - 'q' Parameter SQL Injection
E-Sic Software livre CMS - Autentication Bypass
E-Sic Software livre CMS - 'cpfcnpj' Parameter SQL Injection
E-Sic Software livre CMS - 'f' Parameter SQL Injection
E-Sic Software livre CMS - Cross Site Scripting
TYPO3 Extension Restler 1.7.0 - Local File Disclosure
Dreambox Plugin BouquetEditor - Cross-Site Scripting
phpMyFAQ 2.9.8 - Cross-Site Scripting
2017-10-14 05:01:31 +00:00
Offensive Security
a32f88c4ef
DB: 2017-10-13
2017-10-13 05:01:30 +00:00
Offensive Security
3cfdd1cc27
DB: 2017-10-12
...
5 new exploits
MultiTheftAuto 0.5 patch 1 - Server Crash and MOTD Deletion Exploit
MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit
Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities
Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities
Apple Safari & QuickTime - Denial of Service
Apple Safari / QuickTime - Denial of Service
Real Helix DNA - RTSP and SETUP Request Handler Vulnerabilities
Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities
Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities
Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities
Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service
Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service
Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities
Multiple Adobe Products - XML External Entity / XML Injection Vulnerabilities
Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow
Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow
Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption
Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption
Mozilla Firefox - Interleaving document.write and appendChild Denial of Service
Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Denial of Service
Avirt Mail 4.0/4.2 - 'Mail From:' and 'Rcpt to:' Denial of Service
Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service
BRS Webweaver 1.0 4 - POST and HEAD Denial of Service
BRS Webweaver 1.0 4 - POST / HEAD Denial of Service
Microsoft IIS 5.0 - WebDAV PROPFIND and SEARCH Method Denial of Service
Microsoft IIS 5.0 - WebDAV PROPFIND / SEARCH Method Denial of Service
Microsoft Internet Explorer 5.0.1 - Malformed IMG and XML Parsing Denial of Service
Microsoft Internet Explorer 5.0.1 - Malformed .IMG / .XML Parsing Denial of Service
Extended Module Player (xmp) 2.5.1 - 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
Extended Module Player (xmp) 2.5.1 - 'oxm.c' / 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)
Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow
Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow
Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption
Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption
Nitro Pro 10.5.7.32 & Nitro Reader 5.5.3.1 - Heap Memory Corruption
Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption
Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys
binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow
BSD & Linux umount - Privilege Escalation
BSD / Linux - 'umount' Privilege Escalation
BSD & Linux lpr - Privilege Escalation
BSD / Linux - 'lpr' Privilege Escalation
DelphiTurk CodeBank 3.1 - Local 'Username' and Password Disclosure
DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure
SystemTap 1.0/1.1 - '__get_argv()' and '__get_compat_argv()' Local Memory Corruption
SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption
Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation
Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation
ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass)
ASX to MP3 converter < 3.1.3.7 - '.asx' Stack Overflow (DEP Bypass)
ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow
Microsoft Windows - WINS Vulnerability and OS/SP Scanner
Microsoft Windows - WINS Vulnerability + OS/SP Scanner
Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving document.write and appendChild Exploit (From the Wild)
Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit
Mozilla Firefox - Interleaving document.write and appendChild Exploit (Metasploit)
Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit)
Quest InTrust 10.4.x - ReportTree and SimpleTree Classes
Quest InTrust 10.4.x - ReportTree / SimpleTree Classes
SunOS 4.1.3 - LD_LIBRARY_PATH and LD_OPTIONS
SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit
RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd
RedHat Linux 5.1 / Caldera OpenLinux Standard 1.2 - Mountd
Microsoft IIS 3.0/4.0 - Using ASP And FSO To Read Server Files
Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
tcpdump 3.4 - Protocol Four and Zero Header Length
tcpdump 3.4 - Protocol Four / Zero Header Length
Symantec pcAnywhere 12.5.0 - Login and Password Field Buffer Overflow
Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow
Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Exploit
Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit
Internet Security Systems ICECap Manager 2.0.23 - Default 'Username' and Password
Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password
Technote 2000/2001 - 'Filename' Parameter Command Execution And File Disclosure
Technote 2000/2001 - 'Filename' Parameter Command Execution and File Disclosure
WFTPD 3.0 - 'RETR' and 'CWD' Buffer Overflow
WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow
EFTP Server 2.0.7.337 - Directory and File Existence
EFTP Server 2.0.7.337 - Directory Existence / File Existence
Bajie HTTP Server 0.95 - Example Scripts And Servlets Cross-Site Scripting
Bajie HTTP Server 0.95 - Example Scripts and Servlets Cross-Site Scripting
InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities
InternetNow ProxyNow 2.6/2.75 - Multiple Stack / Heap Overflow Vulnerabilities
Microsoft Windows XP - Help And Support Center Interface Spoofing
Microsoft Windows XP - Help and Support Center Interface Spoofing
BigAnt Server 2.97 - SCH And DUPF Buffer Overflow (Metasploit)
BigAnt Server 2.97 - SCH / DUPF Buffer Overflow (Metasploit)
Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence and Disclosure
Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence / File Disclosure
Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting
Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting
3D-FTP 8.01 - 'LIST' and 'MLSD' Directory Traversal
3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal
Apache Tomcat 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting
Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting
Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read
Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read
Github Enterprise - Default Session Secret And Deserialization (Metasploit)
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
VX Search Enterprise 10.1.12 - Buffer Overflow
QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities
Quote&Ordering System 1.0 - 'ordernum' Multiple Vulnerabilities
Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion
Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion
FlexPHPNews 0.0.6 & PRO - Authentication Bypass
FlexPHPNews 0.0.6 / PRO - Authentication Bypass
click&rank - SQL Injection / Cross-Site Scripting
Click&Rank - SQL Injection / Cross-Site Scripting
WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures
WordPress Core / MU / Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures
PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass
Pre Hotels&Resorts Management System - Authentication Bypass
PHP-Nuke CMS - (Survey and Poll) SQL Injection
PHP-Nuke CMS (Survey and Poll) - SQL Injection
60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)
60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)
XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup
XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup
Allomani Songs & Clips Script 2.7.0 - Cross-Site Request Forgery (Add Admin)
Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin)
Sun i-Runbook 2.5.2 - Directory And File Content Disclosure
Sun i-Runbook 2.5.2 - Directory and File Content Disclosure
DUclassmate 1.x - account.asp MM-recordId Parameter Arbitrary Password Modification
DUclassmate 1.x - 'account.asp MM-recordId' Arbitrary Password Modification
DUforum 3.x - messages.asp FOR_ID Parameter SQL Injection
DUforum 3.x - messageDetail.asp MSG_ID Parameter SQL Injection
DUforum 3.x - 'messages.asp FOR_ID' SQL Injection
DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection
SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation And Input Validation
SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation
JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Inclusion
JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusion
WordPress Plugin WP BackupPlus - Database And Files Backup Download
WordPress Plugin WP BackupPlus - Database and Files Backup Download
WebsiteKit Gbplus - Name and Body Fields HTML Injection Vulnerabilities
WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection
Gogs - (users and repos q pararm) SQL Injection
Gogs - users and repos q SQL Injection
WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection
WebFileExplorer 3.6 - 'user' / 'pass' SQL Injection
Joomla! Component 'com_tree' - 'key' Parameter SQL Injection
Joomla! Component com_tree - 'key' Parameter SQL Injection
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
WeBid - Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities
WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities
Squiz CMS - Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities
Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities
TOTOLINK Routers - Backdoor and Remote Code Execution (PoC)
TOTOLINK Routers - Backdoor / Remote Code Execution (PoC)
up.time 7.5.0 - Arbitrary File Disclose And Delete Exploit
up.time 7.5.0 - Upload And Execute File Exploit
up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit
up.time 7.5.0 - Upload and Execute Exploit
Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass
WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting
WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting
WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting
WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
2017-10-12 05:01:34 +00:00
Offensive Security
b77b178de0
DB: 2017-10-11
...
4 new exploits
Hasbani-WindWeb/2.0 - HTTP GET Remote Denial of Service
Hasbani-WindWeb/2.0 - GET Remote Denial of Service
KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC)
KingSoft - 'UpdateOcx2.dll SetUninstallName()' Heap Overflow (PoC)
Konqueror 3.5.9 - (color/bgcolor) Multiple Remote Crash Vulnerabilities
Konqueror 3.5.9 - 'color'/'bgcolor' Multiple Remote Crash Vulnerabilities
WinFTP Server 2.3.0 - (PASV mode) Remote Denial of Service
Konqueror 3.5.9 - (load) Remote Crash
WinFTP Server 2.3.0 - 'PASV Mode' Remote Denial of Service
Konqueror 3.5.9 - 'load' Remote Crash
Nokia Mini Map Browser - (array sort) Silent Crash
Nokia Mini Map Browser - 'Array Sort' Silent Crash
vBulletin Cyb - Advanced Forum Statistics - 'misc.php' Denial of Service
vBulletin Cyb - Advanced Forum Statistics 'misc.php' Denial of Service
VideoLAN VLC Media Player < 1.1.4 - '.xspf' 'smb://' URI Handling Remote Stack Overflow (PoC)
VideoLAN VLC Media Player < 1.1.4 - '.xspf smb://' URI Handling Remote Stack Overflow (PoC)
HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe' 'execvp_nc' Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe execvp_nc' Remote Code Execution
RarCrack 0.2 - 'Filename' 'init()' '.bss' (PoC)
RarCrack 0.2 - 'Filename init() .bss' (PoC)
VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Function Memory Corruption
VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Memory Corruption
PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service
PHP 'Exif' Extension - 'exif_read_data()' Remote Denial of Service
GNU glibc < 2.12.2 - 'fnmatch()' Function Stack Corruption
GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption
PyPAM - Python bindings for PAM - Double-Free Corruption
PyPAM Python bindings for PAM - Double-Free Corruption
Tiny Server 1.1.9 - HTTP HEAD Denial of Service
Tiny Server 1.1.9 - HEAD Denial of Service
Symantec End Point Protection 11.x - & Symantec Network Access Control 11.x - LCE (PoC)
Symantec End Point Protection 11.x / Symantec Network Access Control 11.x - Local Code Execution (PoC)
MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service
MAILsweeper SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service
FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC)
FL Studio 10 Producer Edition - Buffer Overflow (SEH) (PoC)
Intellicom 1.3 - 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow
Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow
MyServer 0.4.3 - HTTP GET Argument Buffer Overflow
MyServer 0.5 - HTTP GET Argument Buffer Overflow
MyServer 0.4.3 - GET Argument Buffer Overflow
MyServer 0.5 - GET Argument Buffer Overflow
Cisco Aironet AP1x00 - Malformed HTTP GET Denial of Service
Cisco Aironet AP1x00 - GET Denial of Service
McAfee ePolicy Orchestrator 1.x/2.x/3.0 - Agent HTTP POST Buffer Mismanagement
McAfee ePolicy Orchestrator 1.x/2.x/3.0 Agent - POST Buffer Mismanagement
Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (1)
Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (2)
Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (3)
Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (1)
Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (2)
Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (3)
Gattaca Server 2003 - 'web.tmpl' 'Language' Parameter CPU Consumption (Denial of Service)
Gattaca Server 2003 - 'web.tmpl Language' Parameter CPU Consumption (Denial of Service)
Microsoft Windows XP - 'explorer.exe' '.tiff' Image Denial of Service
Microsoft Windows XP - 'explorer.exe .tiff' Image Denial of Service
PHPMailer 1.7 - 'Data()' Function Remote Denial of Service
PHPMailer 1.7 - 'Data()' Remote Denial of Service
Apple Mac OSX 10.x - '.zip' Parsing 'BOMStackPop()' Function Overflow
Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow
MailEnable 2.x - SMTP NTLM Authentication - Multiple Vulnerabilities
MailEnable 2.x - SMTP NTLM Authentication Multiple Vulnerabilities
Microsoft Windows Explorer - 'explorer.exe' '.WMV' File Handling Denial of Service
Microsoft Windows Explorer - 'explorer.exe .WMV' File Handling Denial of Service
MW6 Technologies Aztec - ActiveX 'Data Pparameter Buffer Overflow
MW6 Technologies Aztec - ActiveX 'Data' Parameter Buffer Overflow
Multiple BSD Distributions - 'strfmon()' Function Integer Overflow
Multiple BSD Distributions - 'strfmon()' Integer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'StartApp' ActiveX Control Insecure Method
HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'RegistryString' Buffer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll StartApp' ActiveX Control Insecure Method
HP Instant Support 1.0.22 - 'HPISDataManager.dll RegistryString' Buffer Overflow
Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Function Remote Denial of Service
Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Remote Denial of Service
KDE Konqueror 3.5.9 - JavaScript 'load' Function Denial of Service
KDE Konqueror 3.5.9 - JavaScript 'load' Denial of Service
GNU glibc 2.x - 'strfmon()' Function Integer Overflow
GNU glibc 2.x - 'strfmon()' Integer Overflow
Sun Java System Web Server 6.1/7.0 - HTTP 'TRACE' Heap Buffer Overflow
Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow
PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot
PHP 5.3.1 - 'session_save_path() Safe_mode()' Restriction Bypass Exploiot
Microsoft Windows XP/Vista - '.ani' 'tagBITMAPINFOHEADER' Denial of Service
Microsoft Windows XP/Vista - '.ani tagBITMAPINFOHEADER' Denial of Service
PHP 5.3.2 - 'zend_strtod()' Function Floating-Point Value Denial of Service
PHP 5.3.2 - 'zend_strtod()' Floating-Point Value Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service
PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Function Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service
Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Function Remote Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Denial of Service
PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Ciphertext Data Memory Leak Denial of Service
Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey Crash (PoC)
CoDeSys 3.4 - HTTP POST Null Pointer Content-Length Parsing Remote Denial of Service
CoDeSys 3.4 - POST Null Pointer Content-Length Parsing Remote Denial of Service
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed FDSelect Offset in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed Name INDEX in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed FDSelect Offset in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to - Malformed CFF Table
Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to Malformed CFF Table
Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 - / ATMFD+0x3407b) Invalid Memory Access
Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 / ATMFD+0x3407b) Invalid Memory Access
BT Home Hub - 'uuid' field Buffer Overflow
BT Home Hub - 'uuid' Buffer Overflow
Squid - 'httpMakeVaryMark()' Function Remote Denial of Service
Squid - 'httpMakeVaryMark()' Remote Denial of Service
Python 3.3 < 3.5 - 'product_setstate()' Function Out-of-Bounds Read
Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read
Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) - Pool Buffer Overflow (MS15-117)
Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) Pool Buffer Overflow (MS15-117)
Broadcom Wi-Fi SoC - Heap Overflow in _wlc_tdls_cal_mic_chk_ Due to Large RSN IE in TDLS Setup Confirm Frame
Broadcom Wi-Fi SoC - Heap Overflow 'wlc_tdls_cal_mic_chk' Due to Large RSN IE in TDLS Setup Confirm Frame
Microsoft Windows Kernel - win32k.sys .TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel - win32k.sys '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)
ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit
ProFTPd - 'ftpdctl pr_ctrls_connect' Exploit
CDRecord's ReadCD - '$RSH' 'exec()' SUID Shell Creation
CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation
SGI IRIX 6.5.28 - (runpriv) Design Error
SGI IRIX 6.5.28 - 'runpriv' Design Error
PHP < 4.4.5/5.2.1 - 'shmop' Functions Local Code Execution
PHP < 4.4.5/5.2.1 - 'shmop' Local Code Execution
PHP < 4.4.5/5.2.1 - '_SESSION' 'unset()' Local Exploit
PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Exploit
FreeBSD 6.4 - pipeclose()/knlist_cleardel() Race Condition
FreeBSD 7.2 VFS/devfs - Race Condition
FreeBSD 6.4 - 'pipeclose()'/'knlist_cleardel()' Race Condition
FreeBSD 7.2 - VFS/devfs Race Condition
Microsoft Windows 7 - 'wab32res.dll' 'wab.exe' DLL Hijacking
Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking
Oracle 10/11g - 'exp.exe' 'file' Parameter Local Buffer Overflow (PoC)
Oracle 10/11g - 'exp.exe file' Parameter Local Buffer Overflow (PoC)
Microsoft Visio - 'VISIODWG.dll' '.DXF' File Handling (MS10-028) (Metasploit)
Microsoft Visio - 'VISIODWG.dll .DXF' File Handling (MS10-028) (Metasploit)
ACDSee FotoSlate - '.PLP' File id Parameter Overflow (Metasploit)
ACDSee FotoSlate - '.PLP' File 'id' Parameter Overflow (Metasploit)
Netscape iCal 2.1 Patch2 iPlanet iCal - 'iplncal.sh' Permissions
Netscape iCal 2.1 Patch2 - iPlanet iCal 'iplncal.sh' Permissions
PLIB 1.8.5 - ssg/ssgParser.cxx Buffer Overflow
PLIB 1.8.5 - 'ssg/ssgParser.cxx' Buffer Overflow
Linux PAM 0.77 - Pam_Wheel Module 'getlogin()' 'Username' Spoofing Privilege Escalation
Linux PAM 0.77 - Pam_Wheel Module 'getlogin() Username' Spoofing Privilege Escalation
Microsoft ListBox/ComboBox Control - 'User32.dll' Function Buffer Overrun
Microsoft ListBox/ComboBox Control - 'User32.dll' Buffer Overrun
PHP 4.x/5.0/5.1 - 'mb_send_mail()' Function Parameter Restriction Bypass
PHP 4.x/5.0/5.1 - 'mb_send_mail()' Parameter Restriction Bypass
Microsoft Windows - 'ndproxy.sys' - Privilege Escalation (Metasploit)
Microsoft Windows - 'ndproxy.sys' Privilege Escalation (Metasploit)
Microsoft Windows - SeImpersonatePrivilege - Privilege Escalation
Microsoft Windows - 'SeImpersonatePrivilege' Privilege Escalation
Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1)
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1)
Linux Kernel 2.6.x - 'rds_recvmsg()' Function Local Information Disclosure
Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure
MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)
MASM321 11 Quick Editor '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)
CompuSource Systems - Real Time Home Banking - Privilege Escalation
CompuSource Systems Real Time Home Banking - Privilege Escalation
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (SUID Method)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)
Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)
OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation
Linux Kernel - 'offset2lib' 'Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation
OpenBSD - 'at Stack Clash' Local Privilege Escalation
Linux Kernel - 'offset2lib Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
Microsoft Windows - LNK Shortcut File Code Execution (Metasploit)
Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit)
Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow
Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow
ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass)
Xine-Lib 1.1 - (media player library) Remote Format String
CA iTechnology iGateway - (debug mode) Remote Buffer Overflow
Xine-Lib 1.1 - 'Media Player Library' Remote Format String
CA iTechnology iGateway - 'Debug Mode' Remote Buffer Overflow
Microsoft Windows - NetpManageIPCConnect - Stack Overflow (MS06-070) (Python)
Microsoft Windows - 'NetpManageIPCConnect' Stack Overflow (MS06-070) (Python)
Microsoft Windows - DNS RPC - Remote Buffer Overflow (2)
Microsoft Windows - DNS RPC Remote Buffer Overflow (2)
3proxy 0.5.3g (Linux) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g - (exec-shield) 'proxy.c' 'logurl()' Remote Overflow
3proxy 0.5.3g (Linux) - 'proxy.c logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c logurl()' Remote Buffer Overflow
3proxy 0.5.3g - (exec-shield) 'proxy.c logurl()' Remote Overflow
NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()/ Insecure Method
NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method
CHILKAT ASP String - 'CkString.dll 1.1' 'SaveToFile()' Insecure Method
CHILKAT ASP String - 'CkString.dll 1.1 SaveToFile()' Insecure Method
GlobalLink 2.7.0.8 - 'glItemCom.dll' 'SetInfo()' Heap Overflow
GlobalLink 2.7.0.8 - 'glItemCom.dll SetInfo()' Heap Overflow
GlobalLink 2.7.0.8 - 'glitemflat.dll' 'SetClientInfo()' Heap Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0' 'SaveToFile()' Insecure Method
GlobalLink 2.7.0.8 - 'glitemflat.dll SetClientInfo()' Heap Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0 SaveToFile()' Insecure Method
Microsoft Visual FoxPro 6.0 - FPOLE.OCX Arbitrary Command Execution
Microsoft Visual FoxPro 6.0 - 'FPOLE.OCX' Arbitrary Command Execution
WebKit - 'Document()' Function Remote Information Disclosure
WebKit - 'Document()' Remote Information Disclosure
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe MsgBox()' Remote Code Execution
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' 'OpenFile()' Remote Overflow
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll OpenFile()' Remote Overflow
Bigant Messenger 2.52 - 'AntCore.dll' 'RegisterCom()' Remote Heap Overflow
Bigant Messenger 2.52 - 'AntCore.dll RegisterCom()' Remote Heap Overflow
Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
Oracle JRE - java.net.URLConnection class Same-of-Origin (SOP) Policy Bypass
httpdx - 'tolog()' Function Format String (Metasploit) (1)
httpdx - 'tolog()' Format String (Metasploit) (1)
httpdx - 'tolog()' Function Format String (Metasploit) (2)
httpdx - 'tolog()' Format String (Metasploit) (2)
httpdx - 'h_handlepeer()' Function Buffer Overflow (Metasploit)
httpdx - 'h_handlepeer()' Buffer Overflow (Metasploit)
hplip - hpssd.py From Address Arbitrary Command Execution (Metasploit)
hplip - 'hpssd.py' From Address Arbitrary Command Execution (Metasploit)
Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit)
Apple Mac OSX EvoCam Web Server - GET Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'OvJavaLocale' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'execvp' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe OvJavaLocale' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe' 'schdParams' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe schdParams' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'ICount' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'main' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe ICount' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe main' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'ovutil' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'Hostname' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe ovutil' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe Hostname' CGI Buffer Overflow (Metasploit)
ZyWALL USG - Appliance - Multiple Vulnerabilities
ZyWALL USG Appliance - Multiple Vulnerabilities
ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (Metasploit) (2)
ScriptFTP 3.3 - LIST Remote Buffer Overflow (Metasploit) (2)
Opera Browser 10/11/12 - (SVG layout) Memory Corruption (Metasploit)
Opera Browser 10/11/12 - 'SVG Layout' Memory Corruption (Metasploit)
Adobe Flash Player - '.mp4' 'cprt' Overflow (Metasploit)
Adobe Flash Player - '.mp4 cprt' Overflow (Metasploit)
UoW Pine 4.0.4/4.10/4.21 - 'From:' Field Buffer Overflow
UoW Pine 4.0.4/4.10/4.21 - 'From:' Buffer Overflow
Technote 2000/2001 - 'board' Function File Disclosure
Technote 2000/2001 - 'board' File Disclosure
IPSwitch IMail 6.x/7.0/7.1 - Web Messaging HTTP Get Buffer Overflow
IPSwitch IMail 6.x/7.0/7.1 - Web Messaging GET Buffer Overflow
Novell NetWare 5.1/6.0 - HTTP Post Arbitrary Perl Code Execution
Novell NetWare 5.1/6.0 - POST Arbitrary Perl Code Execution
Webmin 0.x - 'RPC' Function Privilege Escalation
Webmin 0.x - 'RPC' Privilege Escalation
Avaya IP Office Customer Call Reporter - ImageUpload.ashx Remote Command Execution (Metasploit)
Avaya IP Office Customer Call Reporter - 'ImageUpload.ashx' Remote Command Execution (Metasploit)
ghttpd 1.4.x - 'Log()' Function Buffer Overflow
ghttpd 1.4.x - 'Log()' Buffer Overflow
M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Cross-Site Scripting
Dune 0.6.7 - HTTP Get Remote Buffer Overrun
Dune 0.6.7 - GET Remote Buffer Overrun
InduSoft Web Studio - 'ISSymbol.ocx' 'InternationalSeparator()' Heap Overflow (Metasploit)
InduSoft Web Studio - 'ISSymbol.ocx InternationalSeparator()' Heap Overflow (Metasploit)
GNU Anubis 3.6.x/3.9.x - 'auth.c' 'auth_ident()' Function Overflow
GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Overflow
Rlpr 2.0 - 'msg()' Function Multiple Vulnerabilities
Rlpr 2.0 - 'msg()' Multiple Vulnerabilities
Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept' 'p_t02' Parameter Cross-Site Scripting
Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept p_t02' Parameter Cross-Site Scripting
SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp' 'fullName' Parameter Arbitrary File Disclosure
SAP Business Connector 4.6/4.7 - 'deleteSingle' 'fullName' Parameter Arbitrary File Deletion
SAP Business Connector 4.6/4.7 - 'adapter-index.dsp' 'url' Parameter Arbitrary Site Redirect
SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp fullName' Parameter Arbitrary File Disclosure
SAP Business Connector 4.6/4.7 - 'deleteSingle fullName' Parameter Arbitrary File Deletion
SAP Business Connector 4.6/4.7 - 'adapter-index.dsp url' Parameter Arbitrary Site Redirect
PHP 4.x - 'tempnam()' Function open_basedir Restriction Bypass
PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit
PHP 4.x - 'tempnam() open_basedir' Restriction Bypass
PHP 4.x - 'copy() Safe_Mode' Bypass Exploit
Python 2.5 - 'PyLocale_strxfrm' Function Remote Information Leak
Python 2.5 - 'PyLocale_strxfrm' Remote Information Leak
aBitWhizzy - 'whizzypic.php' 'd' ParameterTraversal Arbitrary Directory Listing
aBitWhizzy - 'whizzypic.php d' ParameterTraversal Arbitrary Directory Listing
PHP 5.1.6 - 'Chunk_Split()' Function Integer Overflow
PHP 5.1.6 - 'Chunk_Split()' Integer Overflow
PHP 5.1.6 - 'Imap_Mail_Compose()' Function Buffer Overflow
PHP 5.1.6 - 'Imap_Mail_Compose()' Buffer Overflow
Cisco IOS 12.3 - LPD Remote Buffer Overflow
Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow
Ghostscript 8.0.1/8.15 - 'zseticcspace()' Function Buffer Overflow
Ghostscript 8.0.1/8.15 - 'zseticcspace()' Buffer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'ExtractCab' ActiveX Control Buffer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll ExtractCab' ActiveX Control Buffer Overflow
F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php' 'css_exceptions' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php' 'sql_matchscope' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php css_exceptions' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php sql_matchscope' Parameter Cross-Site Scripting
Audio File Library 0.2.6 - libaudiofile 'msadpcm.c' '.WAV' File Processing Buffer Overflow
Audio File Library 0.2.6 - libaudiofile 'msadpcm.c .WAV' File Processing Buffer Overflow
ProFTPd 1.3 - 'mod_sql' 'Username' SQL Injection
ProFTPd 1.3 - 'mod_sql Username' SQL Injection
Microsoft Windows Vista - 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution
Microsoft Windows Vista - 'lpksetup.exe oci.dll' DLL Loading Arbitrary Code Execution
PHP 5.3.x - 'mb_strcut()' Function Information Disclosure
PHP 5.3.x - 'mb_strcut()' Information Disclosure
Perl 5.x - 'lc()' and 'uc()' functions TAINT Mode Protection Security Bypass
Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf' 'jdeowpBackButtonProtect' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService' 'e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService' 'e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService' 'RENDER_MAFLET' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService' 'jdemafjasLinkTarget' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf jdeowpBackButtonProtect' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService RENDER_MAFLET' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget' Parameter Cross-Site Scripting
NetBSD 5.1 - Multiple 'libc/net' functions Stack Buffer Overflow
NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflow
Skype 5.3 - 'Mobile Phone' Field HTML Injection
Skype 5.3 - 'Mobile Phone' HTML Injection
IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Function Remote Stack Buffer Overflow
IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Remote Stack Buffer Overflow
GoAhead Web Server 2.18 - 'addgroup.asp' 'group' Parameter Cross-Site Scripting
GoAhead Web Server 2.18 - 'addlimit.asp' 'url' Parameter Cross-Site Scripting
GoAhead Web Server 2.18 - 'addgroup.asp group' Parameter Cross-Site Scripting
GoAhead Web Server 2.18 - 'addlimit.asp url' Parameter Cross-Site Scripting
Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Function Information Disclosure
Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Information Disclosure
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi' 'ping_ipaddr' Parameter Remote Code Execution
VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Function Stack Buffer Overflow
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi ping_ipaddr' Parameter Remote Code Execution
VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Stack Buffer Overflow
NETGEAR D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution
NETGEAR D6300B - '/diag.cgi IPAddr4' Parameter Remote Command Execution
lxml - 'clean_html' Function Security Bypass
lxml - 'clean_html' Security Bypass
Alfresco - '/proxy' 'endpoint' Parameter Server-Side Request Forgery
Alfresco - '/cmisbrowser' 'url' Parameter Server-Side Request Forgery
Alfresco - '/proxy endpoint' Parameter Server-Side Request Forgery
Alfresco - '/cmisbrowser url' Parameter Server-Side Request Forgery
Laravel - 'Hash::make()' Function Password Truncation Security
Laravel - 'Hash::make()' Password Truncation Security
OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit)
OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit)
Windows - (DCOM RPC2) Universal Shellcode
Windows - DCOM RPC2 Universal Shellcode
Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)
Linux/CRISv32 Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)
Cyphor 0.19 - (board takeover) SQL Injection
Cyphor 0.19 - Board Takeover SQL Injection
PHPay 2.02 - 'nu_mail.inc.php' 'mail()' Remote Injection
PHPay 2.02 - 'nu_mail.inc.php mail()' Remote Injection
PHPMyNews 1.4 - (cfg_include_dir) Remote File Inclusion
PHPMyNews 1.4 - 'cfg_include_dir' Remote File Inclusion
Flatnuke 2.5.8 - (userlang) Local Inclusion / Delete All Users Exploit
Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users Exploit
Yrch 1.0 - 'plug.inc.php' 'path' Parameter Remote File Inclusion
Yrch 1.0 - 'plug.inc.phppath' Parameter Remote File Inclusion
Cacti 0.8.6i - 'cmd.php' 'popen()' Remote Injection
Cacti 0.8.6i - 'cmd.php popen()' Remote Injection
Vizayn Haber - 'haberdetay.asp' 'id' Parameter SQL Injection
Vizayn Haber - 'haberdetay.asp id' Parameter SQL Injection
iG Calendar 1.0 - 'user.php' 'id' Parameter SQL Injection
iG Calendar 1.0 - 'user.php id' Parameter SQL Injection
MGB 0.5.4.5 - 'email.php' 'id' Parameter SQL Injection
MGB 0.5.4.5 - 'email.php id' Parameter SQL Injection
Original 0.11 - 'config.inc.php' 'x[1]' Remote File Inclusion
Original 0.11 - 'config.inc.php x[1]' Remote File Inclusion
Picturesolution 2.1 - 'config.php' 'path' Remote File Inclusion
Picturesolution 2.1 - 'config.php path' Remote File Inclusion
PHP Homepage M 1.0 - galerie.php SQL Injection
PHP Homepage M 1.0 - 'galerie.php' SQL Injection
cpDynaLinks 1.02 - category.php SQL Injection
cpDynaLinks 1.02 - 'category.php' SQL Injection
DFF PHP Framework API (Data Feed File) - Remote File Inclusion
DFF PHP Framework API - 'Data Feed File' Remote File Inclusion
WebBiscuits Modules Controller 1.1 - Remote File Inclusion / RFD
WebBiscuits Modules Controller 1.1 - Remote File Inclusion / Remote File Disclosure
dMx READY (25 - Products) - Remote Database Disclosure
dMx READ - Remote Database Disclosure
Access2asp - imageLibrary - Arbitrary File Upload
Access2asp - 'imageLibrar' Arbitrary File Upload
Auktionshaus 3.0.0.1 - 'news.php' 'id' SQL Injection
Auktionshaus 3.0.0.1 - 'news.php id' SQL Injection
Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection
Bild Flirt System 2.0 - 'index.php id' SQL Injection
Fast Free Media 1.3 - Adult Site - Arbitrary File Upload
Fast Free Media 1.3 Adult Site - Arbitrary File Upload
goffgrafix - Design's - SQL Injection
goffgrafix Design's - SQL Injection
Bilder Upload Script - Datei Upload 1.09 - Arbitrary File Upload
Bilder Upload Script Datei Upload 1.09 - Arbitrary File Upload
Allomani - E-Store 1.0 - Cross-Site Request Forgery (Add Admin)
Allomani - Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin)
Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin)
Allomani Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin)
E-Xoopport - Samsara 3.1 (Sections Module) - Blind SQL Injection
E-Xoopport Samsara 3.1 (Sections Module) - Blind SQL Injection
E-Xoopport - Samsara 3.1 (eCal Module) - Blind SQL Injection
E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection
WordPress 3.0.1 - 'do_trackbacks()' function SQL Injection
WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
Oracle WebLogic - Session Fixation Via HTTP POST
Oracle WebLogic - POST Session Fixation
spidaNews 1.0 - 'news.php' 'id' SQL Injection
spidaNews 1.0 - 'news.php id' SQL Injection
Catalog Builder - eCommerce Software - Blind SQL Injection
Catalog Builder eCommerce Software - Blind SQL Injection
FileBox - File Hosting & Sharing Script 1.5 - SQL Injection
FileBox File Hosting & Sharing Script 1.5 - SQL Injection
Snortreport - nmap.php and nbtscan.php Remote Command Execution (Metasploit)
Snortreport - 'nmap.php' / 'nbtscan.php' Remote Command Execution (Metasploit)
jbShop - e107 7 CMS Plugin - SQL Injection
jbShop e107 7 CMS Plugin - SQL Injection
Tine 2.0 - Maischa - Multiple Cross-Site Scripting Vulnerabilities
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities
4Images - Image Gallery Management System - Cross-Site Request Forgery
4Images Image Gallery Management System - Cross-Site Request Forgery
PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection
PHP Ticket System Beta 1 - 'index.php p' Parameter SQL Injection
X-Cart Gold 4.5 - 'products_map.php' 'symb' Parameter Cross-Site Scripting
X-Cart Gold 4.5 - 'products_map.php symb' Parameter Cross-Site Scripting
Symantec Web Gateway 5.0.2 - 'blocked.php' 'id' Parameter Blind SQL Injection
Symantec Web Gateway 5.0.2 - 'blocked.php id' Parameter Blind SQL Injection
Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php' 'groupid' Parameter Blind SQL Injection
Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid' Parameter Blind SQL Injection
YourArcadeScript 2.4 - 'index.php' 'id' Parameter SQL Injection
YourArcadeScript 2.4 - 'index.php id' Parameter SQL Injection
AV Arcade Free Edition - 'add_rating.php' 'id' Parameter Blind SQL Injection
AV Arcade Free Edition - 'add_rating.php id' Parameter Blind SQL Injection
PhpTax - pfilez Parameter Exec Remote Code Injection (Metasploit)
PhpTax - 'pfilez' Parameter Exec Remote Code Injection (Metasploit)
phpMyAdmin 3.5.2.2 - server_sync.php Backdoor (Metasploit)
phpMyAdmin 3.5.2.2 - 'server_sync.php' Backdoor (Metasploit)
Blog Mod 0.1.9 - 'index.php' 'month' Parameter SQL Injection
Blog Mod 0.1.9 - 'index.php month' Parameter SQL Injection
SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting
SurfControl SuperScout Email Filter 3.5 - 'MsgError.asp' Cross-Site Scripting
PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting
PHPReactor 1.2.7 pl1 - 'browse.php' Cross-Site Scripting
PHPRank 1.8 - add.php Cross-Site Scripting
PHPRank 1.8 - 'add.php' Cross-Site Scripting
MyBB Profile Albums Plugin 0.9 - 'albums.php' 'album' Parameter SQL Injection
MyBB Profile Albums Plugin 0.9 - 'albums.php album' Parameter SQL Injection
M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Remote File Inclusion
friendsinwar FAQ Manager - 'view_faq.php' 'question' Parameter SQL Injection
friendsinwar FAQ Manager - 'view_faq.php question' Parameter SQL Injection
SmartCMS - 'index.php' 'idx' Parameter SQL Injection
SmartCMS - 'index.php idx' Parameter SQL Injection
SmartCMS - 'index.php' 'menuitem' Parameter SQL Injection / Cross-Site Scripting
SmartCMS - 'index.php menuitem' Parameter SQL Injection / Cross-Site Scripting
PHP-Nuke 6.6 - admin.php SQL Injection
PHP-Nuke 6.6 - 'admin.php' SQL Injection
MyBB AwayList Plugin - 'index.php' 'id' Parameter SQL Injection
MyBB AwayList Plugin - 'index.php id' Parameter SQL Injection
WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php' 'basepath' Parameter Remote File Inclusion
WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php basepath' Parameter Remote File Inclusion
PHP-Nuke Error Manager Module 2.1 - 'error.php' 'language' Parameter Full Path Disclosure
PHP-Nuke Error Manager Module 2.1 - 'error.php language' Parameter Full Path Disclosure
phpHeaven phpMyChat 0.14.5 - 'edituser.php3' 'do_not_login' Parameter Authentication Bypass
phpHeaven phpMyChat 0.14.5 - 'edituser.php3 do_not_login' Parameter Authentication Bypass
NConf 1.3 - 'detail.php' 'detail_admin_items.php' 'id' Parameter SQL Injection
NConf 1.3 - 'detail.php detail_admin_items.php id' Parameter SQL Injection
AdaptCMS 2.0.4 - 'config.php' 'question' Parameter SQL Injection
AdaptCMS 2.0.4 - 'config.php question' Parameter SQL Injection
Scripts Genie Domain Trader - 'catalog.php' 'id' Parameter SQL Injection
Scripts Genie Domain Trader - 'catalog.php id' Parameter SQL Injection
Scripts Genie Games Site Script - 'index.php' 'id' Parameter SQL Injection
Scripts Genie Games Site Script - 'index.php id' Parameter SQL Injection
Scripts Genie Top Sites - 'out.php' 'id' Parameter SQL Injection
Scripts Genie Top Sites - 'out.php id' Parameter SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php' 'cid' Parameter SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php cid' Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'viewrecipe.php' 'r_id' Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id' Parameter SQL Injection
MTP Image Gallery 1.0 - 'edit_photos.php' 'title' Parameter Cross-Site Scripting
MTP Image Gallery 1.0 - 'edit_photos.php title' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'announcement.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'news.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'contents.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'announcement.php cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'news.php cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'contents.php cid' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php Cat' Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php' 'Username' Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php Username' Parameter Cross-Site Scripting
Rebus:list - 'list.php' 'list_id' Parameter SQL Injection
Rebus:list - 'list.php list_id' Parameter SQL Injection
SynConnect Pms - 'index.php' 'loginid' Parameter SQL Injection
SynConnect Pms - 'index.php loginid' Parameter SQL Injection
AWS Xms 2.5 - 'importer.php' 'what' Parameter Directory Traversal
Pollen CMS 0.6 - 'index.php' 'p' Paramete' Local File Disclosure
AWS Xms 2.5 - 'importer.php what' Parameter Directory Traversal
Pollen CMS 0.6 - 'index.php p' Paramete' Local File Disclosure
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php' 'hash Parameter SQL Injection
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash' Parameter SQL Injection
CubeCart 2.0.x - 'tellafriend.php' 'product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_cart.php' 'add' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_product.php' 'product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'tellafriend.php product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_cart.php add' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_product.php product' Parameter Full Path Disclosure
WHMCS 4.x - 'invoicefunctions.php' 'id' Parameter SQL Injection
WHMCS 4.x - 'invoicefunctions.php id' Parameter SQL Injection
AVE.CMS 2.09 - 'index.php' 'module' Parameter Blind SQL Injection
AVE.CMS 2.09 - 'index.php module' Parameter Blind SQL Injection
RadioCMS 2.2 - 'menager.php' 'playlist_id' Parameter SQL Injection
RadioCMS 2.2 - 'menager.php playlist_id' Parameter SQL Injection
SPIP - CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation
SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation
FlatNuke 2.5.x - 'index.php' 'where' Parameter Full Path Disclosure
FlatNuke 2.5.x - 'index.php where' Parameter Full Path Disclosure
UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'download.php Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php message' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php main' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php posted' Parameter SQL Injection
osTicket 1.2/1.3 - 'view.php' 'inc' Parameter Arbitrary Local File Inclusion
osTicket 1.2/1.3 - 'view.php inc' Parameter Arbitrary Local File Inclusion
Ruubikcms 1.1.1 - 'tinybrowser.php' 'folder' Parameter Directory Traversal
DS3 - Authentication Server - Multiple Vulnerabilities
Ruubikcms 1.1.1 - 'tinybrowser.php folder' Parameter Directory Traversal
DS3 Authentication Server - Multiple Vulnerabilities
Kayako LiveResponse 2.0 - 'index.php' 'Username' Parameter Cross-Site Scripting
Kayako LiveResponse 2.0 - 'index.php Username' Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - 'header.php' 'sitetitle' Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - 'header.php sitetitle' Parameter Cross-Site Scripting
Simple PHP Agenda 2.2.8 - 'edit_event.php' 'eventid' Parameter SQL Injection
Simple PHP Agenda 2.2.8 - 'edit_event.php eventid' Parameter SQL Injection
Aenovo - '/Password/default.asp' Password Field SQL Injection
Aenovo - '/incs/searchdisplay.asp' strSQL Parameter SQL Injection
Aenovo - '/Password/default.asp Password' SQL Injection
Aenovo - '/incs/searchdisplay.asp strSQL' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php' 'usertitleid' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php' 'ids' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php usertitleid' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php ids' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php' 'group' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php group' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' 'email' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php' 'goto' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php' 'orderby' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php email' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php goto' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php orderby' Parameter Cross-Site Scripting
Cyphor 0.19 - lostpwd.php nick Field SQL Injection
Cyphor 0.19 - 'newmsg.php' fid Parameter SQL Injection
Cyphor 0.19 - footer.php t_login Parameter Cross-Site Scripting
Cyphor 0.19 - 'lostpwd.php nick' SQL Injection
Cyphor 0.19 - 'newmsg.php fid' Parameter SQL Injection
Cyphor 0.19 - 'footer.php t_login' Parameter Cross-Site Scripting
MySource 2.14 - 'Socket.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Request.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Socket.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Request.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mail.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Date.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Span.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mimeDecode.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mime.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mail.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Date.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Span.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mimeDecode.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mime.php PEAR_PATH' Remote File Inclusion
Top Games Script 1.2 - 'play.php' 'gid' Parameter SQL Injection
Top Games Script 1.2 - 'play.php gid' Parameter SQL Injection
Elemata CMS RC3.0 - 'global.php' 'id' Parameter SQL Injection
Elemata CMS RC3.0 - 'global.php id' Parameter SQL Injection
PHP-Charts 1.0 - 'index.php' 'type' Parameter Remote Code Execution
PHP-Charts 1.0 - 'index.php type' Parameter Remote Code Execution
PHPList Mailing List Manager 2.x - '/admin/admin.php' 'id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/editattributes.php' 'id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/admin.php id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/editattributes.php id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/configure.php' 'id' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/users.php' 'find' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/configure.php id' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/users.php find' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe' 'tsurl' Parameter Arbitrary Article Access
Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter SQL Injection
Walla TeleSite 3.0 - 'ts.exe tsurl' Parameter Arbitrary Article Access
Walla TeleSite 3.0 - 'ts.exe sug' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe sug' Parameter SQL Injection
GLPI 0.83.9 - 'Unserialize()' Function Remote Code Execution
GLPI 0.83.9 - 'Unserialize()' Remote Code Execution
Binary Board System 0.2.5 - 'toc.pl' 'board' Parameter Cross-Site Scripting
Binary Board System 0.2.5 - 'toc.pl board' Parameter Cross-Site Scripting
Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection
Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php _load_article_details' SQL Injection
IceWarp Universal WebMail - '/dir/include.html' 'lang' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/settings.html' 'Language' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/index.html' 'lang_settings' Parameter Remote File Inclusion
IceWarp Universal WebMail - '/dir/include.html lang' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/settings.html Language' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/index.html lang_settings' Parameter Remote File Inclusion
OnePlug CMS - '/press/details.asp' 'Press_Release_ID' Parameter SQL Injection
OnePlug CMS - '/services/details.asp' 'Service_ID' Parameter SQL Injection
OnePlug CMS - '/products/details.asp' 'Product_ID' Parameter SQL Injection
OnePlug CMS - '/press/details.asp Press_Release_ID' Parameter SQL Injection
OnePlug CMS - '/services/details.asp Service_ID' Parameter SQL Injection
OnePlug CMS - '/products/details.asp Product_ID' Parameter SQL Injection
aoblogger 2.3 - 'login.php' 'Username' Field SQL Injection
aoblogger 2.3 - 'login.php Username' SQL Injection
HiveMail 1.2.2/1.3 - 'addressbook.update.php' 'contactgroupid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'folders.update.php' 'folderid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'addressbook.update.php contactgroupid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'folders.update.php folderid' Parameter Arbitrary PHP Command Execution
ImageVue 0.16.1 - 'readfolder.php' 'path' Parameter Arbitrary Directory Listing
ImageVue 0.16.1 - 'readfolder.php path' Parameter Arbitrary Directory Listing
Virtual Hosting Control System 2.2/2.4 - 'login.php' 'check_login()' Function Authentication Bypass
Virtual Hosting Control System 2.2/2.4 - 'login.php check_login()' Authentication Bypass
dotProject 2.0 - '/modules/projects/gantt.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/db_connect.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/session.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt2.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/vw_files.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/admin/vw_usr_roles.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/calendar.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/date_format.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/tasks/gantt.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt.php dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/db_connect.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/session.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt2.php dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/vw_files.php dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/admin/vw_usr_roles.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/calendar.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/date_format.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/tasks/gantt.php baseDir' Parameter Remote File Inclusion
Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection
Ginkgo CMS - 'index.php rang' Parameter SQL Injection
Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection
Telmanik CMS Press 1.01b - 'pages.php page_name' Parameter SQL Injection
sBlog 0.7.2 - 'search.php' 'keyword' Parameter POST Method Cross-Site Scripting
sBlog 0.7.2 - 'search.php keyword' Parameter POST Method Cross-Site Scripting
MLMAuction Script - 'gallery.php' 'id' Parameter SQL Injection
MLMAuction Script - 'gallery.php id' Parameter SQL Injection
PHPMyForum 4.0 - 'index.php' 'type' Parameter CRLF Injection
PHPMyForum 4.0 - 'index.php type' Parameter CRLF Injection
321soft PHP-Gallery 0.9 - 'index.php' 'path' Parameter Arbitrary Directory Listing
321soft PHP-Gallery 0.9 - 'index.php path' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'index.php' 'pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'galerie.php' 'pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'index.php pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'galerie.php pfad' Parameter Arbitrary Directory Listing
Gphotos 1.4/1.5 - 'index.php' 'rep' Parameter Traversal Arbitrary Directory Listing
Gphotos 1.4/1.5 - 'index.php rep' Parameter Traversal Arbitrary Directory Listing
Woltlab Burning Board FLVideo Addon - 'video.php' 'value' Parameter SQL Injection
Woltlab Burning Board FLVideo Addon - 'video.php value' Parameter SQL Injection
ATutor 1.5.x - 'admin/fix_content.php' 'submit' Parameter Cross-Site Scripting
ATutor 1.5.x - 'admin/fix_content.php submit' Parameter Cross-Site Scripting
glFusion 1.3.0 - 'search.php' 'cat_id' Parameter SQL Injection
glFusion 1.3.0 - 'search.php cat_id' Parameter SQL Injection
Geodesic Solutions Multiple Products - 'index.php' 'b' Parameter SQL Injection
Geodesic Solutions Multiple Products - 'index.php b' Parameter SQL Injection
RadScripts - 'a_editpage.php' 'Filename' Parameter Arbitrary File Overwrite
RadScripts - 'a_editpage.php Filename' Parameter Arbitrary File Overwrite
WoW Roster 1.5 - 'hsList.php' 'subdir' Parameter Remote File Inclusion
WoW Roster 1.5 - 'hsList.php subdir' Parameter Remote File Inclusion
Zen Cart Web Shopping Cart 1.x - 'autoload_func.php' 'autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion
Zen Cart Web Shopping Cart 1.x - 'autoload_func.php autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion
vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.4.0 - 'index.php onlyforuser' Parameter SQL Injection
osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/orders_status.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_attributes.php page' Parameter Cross-Site Scripting
DCP-Portal 6.0 - 'login.php' 'Username' Parameter SQL Injection
DCP-Portal 6.0 - 'login.php Username' Parameter SQL Injection
CubeCart 3.0.x - '/admin/print_order.php' 'order_id' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/print_order.php order_id' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/image.php' 'image' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/image.php image' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/footer.inc.php' 'la_pow_by' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/footer.inc.php la_pow_by' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_manager.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_statistics.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/countries.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/currencies.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/languages.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/manufacturers.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_expected.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/reviews.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/specials.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_purchased.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_viewed.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_classes.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_rates.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/zones.php page' Parameter Cross-Site Scripting
ISearch 2.16 - ISEARCH_PATH Parameter Remote File Inclusion
ISearch 2.16 - 'ISEARCH_PATH' Parameter Remote File Inclusion
Evandor Easy notesManager 0.0.1 - 'login.php' 'Username' Parameter SQL Injection
Evandor Easy notesManager 0.0.1 - 'login.php Username' Parameter SQL Injection
Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php' 'sondage' Parameter SQL Injection
Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage' Parameter SQL Injection
BirdBlog 1.4 - '/admin/admincore.php' 'msg' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/comments.php' 'month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/entries.php' 'month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/logs.php' 'page' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/admincore.php msg' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/comments.php month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/entries.php month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/logs.php page' Parameter Cross-Site Scripting
Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting
Cilem Haber Free Edition - 'hata.asp hata' Parameter Cross-Site Scripting
ImpressPages CMS 3.6 - 'manage()' Function Remote Code Execution
ImpressPages CMS 3.6 - 'manage()' Remote Code Execution
EditTag 1.2 - 'edittag.cgi' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.pl' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.cgi' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.pl' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.cgi file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.pl file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.cgi file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.pl file' Parameter Arbitrary File Disclosure
Project'Or RIA 3.4.0 - 'objectDetail.php' 'objectId' Parameter SQL Injection
Project'Or RIA 3.4.0 - 'objectDetail.php objectId' Parameter SQL Injection
WordPress 2.1.1 - 'wp-includes/theme.php' 'iz' Parameter Arbitrary Command Execution
Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Parameter SQL Injection
WordPress 2.1.1 - 'wp-includes/theme.php iz' Parameter Arbitrary Command Execution
Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php s' Parameter SQL Injection
aBitWhizzy - 'whizzylink.php' 'd' Parameter Traversal Arbitrary Directory Listing
aBitWhizzy - 'whizzylink.php d' Parameter Traversal Arbitrary Directory Listing
PHPLive! 3.2.2 - 'super/info.php' 'BASE_URL' Parameter Parameter Cross-Site Scripting
PHPLive! 3.2.2 - 'super/info.php BASE_URL' Parameter Parameter Cross-Site Scripting
DotClear 1.2.x - '/ecrire/trackback.php' 'post_id' Parameter Cross-Site Scripting
DotClear 1.2.x - '/tools/thememng/index.php' 'tool_url' Parameter Cross-Site Scripting
DotClear 1.2.x - '/ecrire/trackback.php post_id' Parameter Cross-Site Scripting
DotClear 1.2.x - '/tools/thememng/index.php tool_url' Parameter Cross-Site Scripting
ToendaCMS 1.5.3 - HTTP Get And Post Forms HTML Injection
ToendaCMS 1.5.3 - GET / POST Forms HTML Injection
Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php' 'icodir' Parameter Traversal Arbitrary Directory Listing
Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php icodir' Parameter Traversal Arbitrary Directory Listing
Phorum 5.1.20 - 'admin.php' 'module[]' Parameter Full Path Disclosure
Phorum 5.1.20 - 'admin.php module[]' Parameter Full Path Disclosure
DynaTracker 1.5.1 - 'includes_handler.php' 'base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'action.php' 'base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'includes_handler.php base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'action.php base_path' Remote File Inclusion
Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion
Chamilo Lms 1.9.6 - 'profile.php' 'password0 Parameter SQL Injection
Dokeos 2.2 RC2 - 'index.php' 'language' Parameter SQL Injection
Campsite 2.6.1 - 'LocalizerConfig.php g_documentRoot' Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php g_documentRoot' Parameter Remote File Inclusion
Chamilo Lms 1.9.6 - 'profile.php password0 Parameter SQL Injection
Dokeos 2.2 RC2 - 'index.php language' Parameter SQL Injection
NetFlow Analyzer 5 - '/jspui/applicationList.jsp' 'alpha' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/appConfig.jsp' 'task' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/applicationList.jsp alpha' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/appConfig.jsp task' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/selectDevice.jsp' 'rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/customReport.jsp' 'rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/selectDevice.jsp rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/customReport.jsp rtype' Parameter Cross-Site Scripting
geoBlog MOD_1.0 - 'deletecomment.php' 'id' Parameter Arbitrary Comment Deletion
geoBlog MOD_1.0 - 'deleteblog.php' 'id' Parameter Arbitrary Blog Deletion
geoBlog MOD_1.0 - 'deletecomment.php id' Parameter Arbitrary Comment Deletion
geoBlog MOD_1.0 - 'deleteblog.php id' Parameter Arbitrary Blog Deletion
Web News 1.1 - 'feed.php' 'config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'news.php' 'config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'feed.php config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'news.php config[root_ordner]' Parameter Remote File Inclusion
WebBatch - 'webbatch.exe' 'dumpinputdata' Parameter Remote Information Disclosure
WebBatch - 'webbatch.exe dumpinputdata' Parameter Remote Information Disclosure
AfterLogic MailBee WebMail Pro 3.x - 'default.asp' 'mode2' Parameter Cross-Site Scripting
AfterLogic MailBee WebMail Pro 3.x - 'default.asp mode2' Parameter Cross-Site Scripting
phpMyAdmin 2.11.1 - setup.php Cross-Site Scripting
phpMyAdmin 2.11.1 - 'setup.php' Cross-Site Scripting
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php level' Parameter Remote File Inclusion
Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access
Absolute News Manager .NET 5.1 - 'pages/default.aspx template' Parameter Remote File Access
MyBlog 1.x - 'Games.php' 'ID' Remote File Inclusion
MyBlog 1.x - 'Games.php ID' Remote File Inclusion
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp' 'resultsForm' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp' 'helpUrl' Parameter Remote Frame Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp' 'activeControl' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp resultsForm' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp helpUrl' Parameter Remote Frame Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp activeControl' Parameter Cross-Site Scripting
WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc' 'camnum' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic' 'id' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc camnum' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic id' Parameter Arbitrary Memory Disclosure
CiMe - Citas Médicas - Multiple Vulnerabilities
CiMe Citas Médicas - Multiple Vulnerabilities
Elastic Path 4.1 - 'manager/FileManager.jsp' 'dir' Parameter Traversal Arbitrary Directory Listing
Elastic Path 4.1 - 'manager/FileManager.jsp dir' Parameter Traversal Arbitrary Directory Listing
osCommerce 2.3.3.4 - 'geo_zones.php' 'zID' Parameter SQL Injection
osCommerce 2.3.3.4 - 'geo_zones.php zID' Parameter SQL Injection
Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
Concrete5 CMS 5.6.2.1 - 'index.php cID' Parameter SQL Injection
WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php' 'track' Parameter SQL Injection
WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph track' Parameter SQL Injection
PHPEasyData 1.5.4 - admin/login.php 'Username' Field SQL Injection
PHPEasyData 1.5.4 - 'admin/login.php Username' SQL Injection
PHP Ticket System Beta 1 - 'get_all_created_by_user.php' 'id' Parameter SQL Injection
PHP Ticket System Beta 1 - 'get_all_created_by_user.php id' Parameter SQL Injection
webERP 4.11.3 - 'SalesInquiry.php' 'SortBy' Parameter SQL Injection
webERP 4.11.3 - 'SalesInquiry.php SortBy' Parameter SQL Injection
Claroline 1.8.9 - 'claroline/redirector.php' 'url' Parameter Arbitrary Site Redirect
Claroline 1.8.9 - 'claroline/redirector.php url' Parameter Arbitrary Site Redirect
XOOPS 2.0.18 - 'modules/system/admin.php' 'fct' Parameter Traversal Local File Inclusion
XOOPS 2.0.18 - 'modules/system/admin.php fct' Parameter Traversal Local File Inclusion
ownCloud 4.0.x/4.5.x - 'upload.php' 'Filename' Parameter Remote Code Execution
ownCloud 4.0.x/4.5.x - 'upload.php Filename' Parameter Remote Code Execution
InterWorx Control Panel 5.0.13 build 574 - 'xhr.php' 'i' Parameter SQL Injection
InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i' Parameter SQL Injection
MKPortal 1.2.1 - '/modules/rss/handler_image.php' 'i' Parameter Cross-Site Scripting
MKPortal 1.2.1 - '/modules/rss/handler_image.php i' Parameter Cross-Site Scripting
glFusion 1.1 - Anonymous Comment 'Username' Field HTML Injection
glFusion 1.1 - Anonymous Comment 'Username' HTML Injection
IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Function Cross-Site Scripting
IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Cross-Site Scripting
kitForm CRM Extension 0.43 - 'sorter.ph' 'sorter_value' Parameter SQL Injection
kitForm CRM Extension 0.43 - 'sorter.ph sorter_value' Parameter SQL Injection
dompdf 0.6.0 - 'dompdf.php' 'read' Parameter Arbitrary File Read
dompdf 0.6.0 - 'dompdf.php read' Parameter Arbitrary File Read
WordPress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
WordPress Plugin TYPO3 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
DiamondList - '/user/main/update_settings' 'setting[site_title]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_category' 'category[description]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_settings setting[site_title]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_category category[description]' Parameter Cross-Site Scripting
vBulletin 4.0.x < 4.1.2 - 'search.php' 'cat' Parameter SQL Injection
vBulletin 4.0.x < 4.1.2 - 'search.php cat' Parameter SQL Injection
MybbCentral TagCloud 2.0 - 'Topic' Field HTML Injection
MybbCentral TagCloud 2.0 - 'Topic' HTML Injection
Cacti 0.8.7 (RedHat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting
Cacti 0.8.7 (RedHat High Performance Computing [HPC]) - 'utilities.php' Filter Parameter Cross-Site Scripting
Mulitple WordPress Themes - 'admin-ajax.php' 'img' Parameter Arbitrary File Download
Mulitple WordPress Themes - 'admin-ajax.php img' Parameter Arbitrary File Download
Free Arcade Script 1.0 - 'search' Field Cross-Site Scripting
Free Arcade Script 1.0 - 'search' Cross-Site Scripting
Micro CMS 1.0 - 'name' Field HTML Injection
Micro CMS 1.0 - 'name' HTML Injection
MODx manager - '/controllers/default/resource/tvs.php' 'class_key' Parameter Traversal Local File Inclusion
MODx manager - '/controllers/default/resource/tvs.php class_key' Parameter Traversal Local File Inclusion
Bacula-Web 5.2.10 - 'joblogs.php' 'jobid Parameter SQL Injection
Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter SQL Injection
PHP Scripts Now Riddles - '/riddles/results.php' 'searchQuery' Parameter Cross-Site Scripting
PHP Scripts Now Riddles - '/riddles/list.php' 'catid' Parameter SQL Injection
PHP Scripts Now Riddles - '/riddles/results.php searchQuery' Parameter Cross-Site Scripting
PHP Scripts Now Riddles - '/riddles/list.php catid' Parameter SQL Injection
W-Agora 4.2.1 - 'search.php3' 'bn' Parameter Traversal Local File Inclusion
W-Agora 4.2.1 - 'search.php3 bn' Parameter Traversal Local File Inclusion
Piwigo 2.6.0 - 'picture.php' 'rate' Parameter SQL Injection
Piwigo 2.6.0 - 'picture.php rate' Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'dosearch.php' 'words_exact Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'browse.php' 'category' Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'browse.php category' Parameter SQL Injection
Dolibarr ERP/CRM - '/user/info.php' 'id' Parameter SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php' 'rowid' Parameter SQL Injection
Dolibarr ERP/CRM - '/user/info.php id' Parameter SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php rowid' Parameter SQL Injection
PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php' 'Expedition' Parameter Cross-Site Scripting
PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition' Parameter Cross-Site Scripting
Manx 1.0.1 - '/admin/admin_blocks.php' 'Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_pages.php' 'Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_blocks.php Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_pages.php Filename' Parameter Traversal Arbitrary File Access
UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting
UBBCentral UBB.Threads 7.5.6 - 'Username' Cross-Site Scripting
OSClass 2.3.3 - 'index.php' 'getParam()' Function Multiple Parameter Cross-Site Scripting
OSClass 2.3.3 - 'index.php getParam()' Multiple Parameter Cross-Site Scripting
11in1 CMS 1.2.1 - 'index.php' 'class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'admin/index.php' 'class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'index.php class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'admin/index.php class' Parameter Traversal Local File Inclusion
Dotclear 2.4.1.2 - '/admin/auth.php' 'login_data' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/blogs.php' 'nb' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/auth.php login_data' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/blogs.php nb' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/plugin.php' 'page' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/plugin.php page' Parameter Cross-Site Scripting
Fork CMS 3.x - 'backend/modules/error/actions/index.php' 'parse()' Function Multiple Parameter Error Display Cross-Site Scripting
Fork CMS 3.x - 'backend/modules/error/actions/index.php parse()' Multiple Parameter Error Display Cross-Site Scripting
11in1 CMS 1.2.1 - 'admin/comments' 'topicID' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/tps' 'id' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/comments topicID' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/tps id' Parameter SQL Injection
SAP Business Objects InfoView System - '/help/helpredir.aspx' 'guide' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/webi/webi_modify.aspx' 'id' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/help/helpredir.aspx guide' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/webi/webi_modify.aspx id' Parameter Cross-Site Scripting
Wikidforum 2.10 - Advanced Search - Multiple Field SQL Injection
Wikidforum 2.10 - Advanced Search Multiple Field SQL Injection
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php' 'String::stripUnsafeHtml()' Method Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml()' Method Cross-Site Scripting
TeamPass 2.1.5 - 'login' Field HTML Injection
TeamPass 2.1.5 - 'login' HTML Injection
XOOPS 2.5.4 - '/modules/pm/pmlite.php' 'to_userid' Parameter Cross-Site Scripting
XOOPS 2.5.4 - '/modules/pm/pmlite.php to_userid' Parameter Cross-Site Scripting
Kajona - 'getAllPassedParams()' Function Multiple Cross-Site Scripting Vulnerabilities
Kajona - 'getAllPassedParams()' Multiple Cross-Site Scripting Vulnerabilities
PolarisCMS - 'WebForm_OnSubmit()' Function Cross-Site Scripting
PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting
TCExam 11.2.x - '/admin/code/tce_edit_question.php' 'subject_module_id' Parameter SQL Injection
TCExam 11.2.x - '/admin/code/tce_edit_question.php subject_module_id' Parameter SQL Injection
jCore - '/admin/index.php' 'path' Parameter Cross-Site Scripting
jCore - '/admin/index.php path' Parameter Cross-Site Scripting
Cyberoam Firewall CR500iNG-XP - 10.6.2 MR-1 - Blind SQL Injection
Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf' 'abouttext' Parameter Cross-Site Scripting
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext' Parameter Cross-Site Scripting
cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html' 'acct' Parameter Cross-Site Scripting
cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html acct' Parameter Cross-Site Scripting
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php reqID' Parameter SQL Injection
Kallithea 0.2.9 - (came_from) HTTP Response Splitting
PHP Address Book - '/addressbook/register/delete_user.php' 'id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/edit_user.php' 'id' Parameter SQL Injection
Kallithea 0.2.9 - 'came_from' HTTP Response Splitting
PHP Address Book - '/addressbook/register/delete_user.php id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/edit_user.php id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/linktick.php' 'site' Parameter SQL Injection
PHP Address Book - '/addressbook/register/linktick.php site' Parameter SQL Injection
PHP Address Book - '/addressbook/register/router.php' 'BasicLogin' Cookie Parameter SQL Injection
PHP Address Book - '/addressbook/register/traffic.php' 'var' Parameter SQL Injection
PHP Address Book - '/addressbook/register/user_add_save.php' 'email' Parameter SQL Injection
PHP Address Book - '/addressbook/register/checklogin.php' 'Username' Parameter SQL Injection
PHP Address Book - '/addressbook/register/admin_index.php' 'q' Parameter SQL Injection
PHP Address Book - '/addressbook/register/router.php BasicLogin' Cookie Parameter SQL Injection
PHP Address Book - '/addressbook/register/traffic.php var' Parameter SQL Injection
PHP Address Book - '/addressbook/register/user_add_save.php email' Parameter SQL Injection
PHP Address Book - '/addressbook/register/checklogin.php Username' Parameter SQL Injection
PHP Address Book - '/addressbook/register/admin_index.php q' Parameter SQL Injection
Hero Framework - '/users/login' 'Username' Parameter Cross-Site Scripting
Hero Framework - '/users/forgot_password' 'error' Parameter Cross-Site Scripting
Hero Framework - '/users/login Username' Parameter Cross-Site Scripting
Hero Framework - '/users/forgot_password error' Parameter Cross-Site Scripting
Jahia xCM - '/engines/manager.jsp' 'site' Parameter Cross-Site Scripting
Jahia xCM - '/engines/manager.jsp site' Parameter Cross-Site Scripting
NeoBill - '/modules/nullregistrar/PHPwhois/example.php' 'query' Parameter Remote Code Execution
NeoBill - '/modules/nullregistrar/PHPwhois/example.php query' Parameter Remote Code Execution
C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp' 'pa' Parameter SQL Injection
C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp pa' Parameter SQL Injection
Command School Student Management System - '/sw/admin_grades.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_terms.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_years.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_sgrades.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_media_codes_1.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_infraction_codes.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_generations.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_relations.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_titles.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/health_allergies.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_names.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_subjects.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_grades.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_terms.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_years.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_sgrades.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_media_codes_1.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_infraction_codes.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_generations.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_relations.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_titles.php id' Parameter SQL Injection
Command School Student Management System - '/sw/health_allergies.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_names.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_subjects.php id' Parameter SQL Injection
Dredge School Administration System - '/DSM/loader.php' 'Id' Parameter SQL Injection
Dredge School Administration System - '/DSM/loader.php Id' Parameter SQL Injection
UAEPD Shopping Script - '/news.php' 'id' Parameter SQL Injection
UAEPD Shopping Script - '/news.php id' Parameter SQL Injection
BloofoxCMS - '/bloofox/index.php' 'Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/admin/index.php' 'Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/index.php Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/admin/index.php Username' Parameter SQL Injection
Xangati - '/servlet/Installer' 'file' Parameter Directory Traversal
Xangati - '/servlet/Installer file' Parameter Directory Traversal
Caldera - '/costview2/jobs.php' 'tr' Parameter SQL Injection
Caldera - '/costview2/printers.php' 'tr' Parameter SQL Injection
Caldera - '/costview2/jobs.php tr' Parameter SQL Injection
Caldera - '/costview2/printers.php tr' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_signup.php' 'a_country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_show_banner.php' 'affiliate_banner_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/create_account.php' 'country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/admin/create_account.php' 'entry_country_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_signup.php a_country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_show_banner.php affiliate_banner_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/create_account.php country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/admin/create_account.php entry_country_id' Parameter SQL Injection
Disc ORGanizer - DORG - Multiple Vulnerabilities
Disc ORGanizer (DORG) - Multiple Vulnerabilities
Apache < 2.2.34 / < 2.4.27 - HTTP OPTIONS Memory Leak
Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak
ClipShare 7.0 - SQL Injection
Complain Management System - Hard-Coded Credentials / Blind SQL injection
2017-10-11 05:01:35 +00:00
Offensive Security
b49ee665d7
DB: 2017-10-10
...
3 new exploits
Rancher Server - Docker Daemon Code Execution (Metasploit)
OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit)
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
2017-10-10 05:01:34 +00:00
Offensive Security
99ad37a918
DB: 2017-10-09
...
2 new exploits
PyroBatchFTP 3.17 - Buffer Overflow (SEH)
Metasploit < 4.14.1-20170828 - Cross-Site Request Forgery
2017-10-09 05:01:35 +00:00
Offensive Security
4e334a292d
DB: 2017-10-08
...
2 new exploits
Microsoft Windows XP/2003 - Samba Share Resource Exhaustion Exploit
Microsoft Windows XP/2003 - Samba Share Resource Exhaustion (Denial of Service)
Multiple vendors - ZOO file Decompression Infinite Loop Denial of Service (PoC)
ZOO - .ZOO File Decompression Infinite Loop Denial of Service (PoC)
WzdFTPD 0.8.0 - (USER) Remote Denial of Service
WzdFTPD 0.8.0 - 'USER' Remote Denial of Service
Multiple Vendors - 'libc:fts_*()' Local Denial of Service
Libc - 'libc:fts_*()' Local Denial of Service
Asterisk IAX2 - Resource Exhaustion via Attacked IAX Fuzzer
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)
Multiple Web Browsers - Denial of Service
Multiple Browsers - Denial of Service
Multiple browsers - 'history.go()' Denial of Service
Multiple browsers - 'window.print()' Denial of Service
Multiple Browsers - 'history.go()' Denial of Service
Multiple Browsers - 'window.print()' Denial of Service
Multiple Vendors libc/glob(3) - Resource Exhaustion / Remote ftpd-anon
libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)
Check Point Software Firewall-1 4.0/1.4.1 - Resource Exhaustion (Denial of Service)
Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion (Denial of Service)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (1)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (2)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion (Denial of Service) (1)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion (Denial of Service) (2)
Desktop Orbiter 2.0 1 - Resource Exhaustion Denial of Service
Desktop Orbiter 2.0 1 - Resource Exhaustion (Denial of Service)
ACLogic CesarFTP 0.99 - Remote Resource Exhaustion (Denial of Service)
Oracle 9.0 iSQL*Plus TLS Listener - Remote Denial of Service
Oracle 9.0 iSQL*Plus - TLS Listener Remote Denial of Service
Multiple Linksys Routers - LanD Packet Denial of Service
Linksys Routers - LanD Packet Denial of Service
Multiple Mozilla Products - IFRAME JavaScript Execution Vulnerabilities
Multiple Mozilla Products - iFrame JavaScript Execution Vulnerabilities
Multiple D-Link Routers - UPNP Buffer Overflow
D-Link Routers - UPNP Buffer Overflow
Multiple Vendors - Zoo Compression Algorithm Remote Denial of Service
Zoo 2.10 - .ZOO Compression Algorithm Remote Denial of Service
Multiple BSD Platforms - 'strfmon()' Function Integer Overflow
Multiple BSD Distributions - 'strfmon()' Function Integer Overflow
Multiple Vendors Unspecified SVG File Processing - Denial of Service
Firefox / Evince / EoG / GIMP - '.SVG' File Processing Denial of Service
Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion Denial of Service
Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion (Denial of Service)
VMware Player and Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service
VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service
Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial of Service
Libc - 'regcomp()' Stack Exhaustion Denial of Service
Multiple Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service
Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service
Multiple BSD Operating Systems - 'setusercontext()' Vulnerabilities
Multiple BSD Distributions - 'setusercontext()' Vulnerabilities
Multiple Cisco Products - Cisco Global Exploiter Tool
Cisco - Cisco Global Exploiter Tool
Multiple (Almost all) Browsers - Tabbed Browsing Vulnerabilities
Multiple Browsers - Tabbed Browsing Vulnerabilities
Skype extension for Firefox Beta 2.2.0.95 - Clipboard Writing
Skype Extension for Firefox Beta 2.2.0.95 - Clipboard Writing
Multiple D-Link Products - Captcha Bypass
D-Link - Captcha Bypass
Multiple Web Browser (FF3.6.7/SM 2.0.6) - Clickjacking
Multiple Browser (FF3.6.7/SM 2.0.6) - Clickjacking
Check Point Software Firewall-1 4.0/1.4.1 - Resource Exhaustion
hassan Consulting shopping cart 1.18 - Directory Traversal
Hassan Consulting Shopping Cart 1.18 - Directory Traversal
Adobe SVG Viewer 3.0 - postURL/getURL Restriction Bypass
Adobe SVG Viewer 3.0 - 'postURL'/'getURL' Restriction Bypass
ACLogic CesarFTP 0.99 - Remote Resource Exhaustion
Multiple Linksys Devices - DHCP Information Disclosure
Linksys - DHCP Information Disclosure
Oracle HTML DB 1.5/1.6 - wwv_flow.accept p_t02 Parameter Cross-Site Scripting
Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept' 'p_t02' Parameter Cross-Site Scripting
Oracle HTML DB 1.5/1.6 - f p Parameter Cross-Site Scripting
Oracle HTML DB 1.5/1.6 - 'f?p=' Parameter Cross-Site Scripting
Multiple Cisco Products - WebSense Content Filtering Bypass
Cisco - WebSense Content Filtering Bypass
Multiple Vendors - RAR Handling Remote Null Pointer Dereference
ClamAV / UnRAR - .RAR Handling Remote Null Pointer Dereference
Multiple Cisco Products - 'file' Parameter Directory Traversal
Cisco - 'file' Parameter Directory Traversal
Multiple D-Link DCS Products - 'security.cgi' Cross-Site Request Forgery
D-Link DCS - 'security.cgi' Cross-Site Request Forgery
Multiple Vendors - 'RuntimeDiagnosticPing()' Stack Buffer Overflow
D-Link / PLANEX COMMUNICATIONS - 'RuntimeDiagnosticPing()' Stack Buffer Overflow
Multiple Aztech Modem Routers - Session Hijacking
Aztech Modem Routers - Session Hijacking
Mambo Component Security Images 3.0.5 - Inclusion
Mambo Component Security Images 3.0.5 - Remote File Inclusion
Joomla! Component com_bayesiannaivefilter 1.1 - Inclusion
Joomla! Component com_bayesiannaivefilter 1.1 - Remote File Inclusion
Mambo Component 'com_phpshop' 1.2 RC2b - File Inclusion
Mambo Component 'com_a6mambocredits' 1.0.0 - File Inclusion
Mambo Component 'com_phpshop' 1.2 RC2b - Remote File Inclusion
Mambo Component 'com_a6mambocredits' 1.0.0 - Remote File Inclusion
Mambo Component bigAPE-Backup 1.1 - File Inclusion
NES Game and NES System c108122 - File Inclusion
Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion
NES Game and NES System c108122 - Remote File Inclusion
Mambo Component com_serverstat 0.4.4 - File Inclusion
Mambo Component com_serverstat 0.4.4 - Remote File Inclusion
Wili-CMS 0.1.1 - File Inclusion / Cross-Site Scripting / Full Path Disclosure
Wili-CMS 0.1.1 - Remote File Inclusion / Cross-Site Scripting / Full Path Disclosure
phpBB Admin Topic Action Logging Mod 0.94b - File Inclusion
phpBB Admin Topic Action Logging Mod 0.94b - Remote File Inclusion
phpBB User Viewed Posts Tracker 1.0 - File Inclusion
phpBB User Viewed Posts Tracker 1.0 - Remote File Inclusion
phpBB Random User Registration Number 1.0 Mod - Inclusion
phpBB Random User Registration Number 1.0 Mod - Remote File Inclusion
Softerra PHP Developer Library 1.5.3 - File Inclusion
Softerra PHP Developer Library 1.5.3 - Remote File Inclusion
phpBB ACP User Registration Mod 1.0 - File Inclusion
phpBB ACP User Registration Mod 1.0 - Remote File Inclusion
Electronic Engineering Tool (EE TOOL) 0.4.1 - File Inclusion
Electronic Engineering Tool (EE TOOL) 0.4.1 - Remote File Inclusion
phpBB Spider Friendly Module 1.3.10 - File Inclusion
phpBB Spider Friendly Module 1.3.10 - Remote File Inclusion
Tucows Client Code Suite (CSS) 1.2.1015 - File Inclusion
Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion
pre Multiple Vendors shopping malls - Multiple Vulnerabilities
PreProject Multi-Vendor Shopping Malls - Multiple Vulnerabilities
Easy Px 41 CMS 09.00.00B1 - (fiche) Local File Inclusion
Easy Px 41 CMS 09.00.00B1 - 'fiche' Local File Inclusion
Joomla! Component Book Library 1.0 - File Inclusion
Joomla! Component Book Library 1.0 - Remote File Inclusion
Community Translate - File Inclusion
Community Translate - Remote File Inclusion
EZsneezyCal CMS 95.1-95.2 - File Inclusion
EZRecipeZee CMS 91 - File Inclusion
EZsneezyCal CMS 95.1-95.2 - Remote File Inclusion
EZRecipeZee CMS 91 - Remote File Inclusion
AIOCP 1.4.001 - File Inclusion
AIOCP 1.4.001 - Remote File Inclusion
Gbook MX 4.1.0 (Arabic Version) - File Inclusion
Gbook MX 4.1.0 (Arabic Version) - Remote File Inclusion
Multiple D-Link Routers - Authentication Bypass
D-Link Routers - Authentication Bypass (2)
29o3 CMS - (LibDir) Multiple Remote File Inclusion
29o3 CMS - 'LibDir' Multiple Remote File Inclusion
MyNews 1.0 CMS - SQL Injection / Local File Inclusion / Cross-Site Scripting
MyNews CMS 1.0 - SQL Injection / Local File Inclusion / Cross-Site Scripting
Pre Multiple Vendors Shopping Malls - SQL Injection
PreProject Multi-Vendor Shopping Malls - SQL Injection
Pre Multiple Vendors Shopping Malls - 'products.php?sid' SQL Injection
PreProject Multi-Vendor Shopping Malls - 'products.php?sid' SQL Injection
Pre Multiple Vendors Shopping Malls - SQL Injection / Authentication Bypass
PreProject Multi-Vendor Shopping Malls - SQL Injection / Authentication Bypass
Multiple D-Link Routers (Multiple Models) - Authentication Bypass
D-Link Routers - Authentication Bypass (1)
Multiple Linksys Routers - Cross-Site Request Forgery
Linksys Routers - Cross-Site Request Forgery
Joomla! Component 'Scriptegrator' 1.5 - File Inclusion
Joomla! Component 'Scriptegrator' 1.5 - Local File Inclusion
BbZL.php - File Inclusion
BbZL.php - Remote File Inclusion
FCMS 2.7.2 CMS - Multiple Cross-Site Request Forgery Vulnerabilities
FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities
Cyberoam Central Console 2.00.2 - File Inclusion
Cyberoam Central Console 2.00.2 - Remote File Inclusion
Dolibarr ERP & CRM 3 - Authenticated OS Command Injection (Metasploit)
Dolibarr ERP & CRM - OS Command Injection
Dolibarr ERP/CRM 3 - Authenticated OS Command Injection (Metasploit)
Dolibarr ERP/CRM - OS Command Injection
VamCart 0.9 CMS - Multiple Vulnerabilities
PBBoard 2.1.4 CMS - Multiple Vulnerabilities
VamCart CMS 0.9 - Multiple Vulnerabilities
PBBoard CMS 2.1.4 - Multiple Vulnerabilities
Flynax General Classifieds 4.0 CMS - Multiple Vulnerabilities
Flynax General Classifieds CMS 4.0 - Multiple Vulnerabilities
PG Dating Pro 1.0 CMS - Multiple Vulnerabilities
PG Dating Pro CMS 1.0 - Multiple Vulnerabilities
Artmedic Webdesign Kleinanzeigen Script - File Inclusion
Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion
Multiple D-Link Devices - Multiple Vulnerabilities
D-Link - Multiple Vulnerabilities
Utopia News Pro 1.1.3 - header.php sitetitle Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - 'header.php' 'sitetitle' Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - footer.php Multiple Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - 'footer.php' Multiple Parameter Cross-Site Scripting
Multiple D-Link Devices - OS-Command Injection via UPnP Interface
D-Link - OS-Command Injection via UPnP Interface
WordPress Plugin Spicy Blogroll - File Inclusion
WordPress Plugin Spicy Blogroll - Local File Inclusion
OliveOffice Mobile Suite 2.0.3 iOS - File Inclusion
OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion
ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass
ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass
Piwigo 2.5.3 CMS - Multiple Web Vulnerabilities
Piwigo CMS 2.5.3 - Multiple Web Vulnerabilities
Office Assistant Pro 2.2.2 iOS - File Inclusion
Office Assistant Pro 2.2.2 iOS - Local File Inclusion
WiFiles HD 1.3 iOS - File Inclusion
WiFiles HD 1.3 iOS - Locla File Inclusion
PDF Album 1.7 iOS - File Inclusion
PDF Album 1.7 iOS - Local File Inclusion
Multiple D-Link Routers - Multiple Vulnerabilities
D-Link Routers - Multiple Vulnerabilities
Multiple Consona Products - 'n6plugindestructor.asp' Cross-Site Scripting
Consona - 'n6plugindestructor.asp' Cross-Site Scripting
Photo Org WonderApplications 8.3 iOS - File Inclusion
Photo Org WonderApplications 8.3 iOS - Local File Inclusion
Pre Projects Multiple Vendors Shopping Malls - 'products.php' SQL Injection
PreProject Multi-Vendor Shopping Malls - 'products.php' SQL Injection
PhotoSync Wifi & Bluetooth 1.0 - File Inclusion
PhotoSync Wifi & Bluetooth 1.0 - Local File Inclusion
Photorange 1.0 iOS - File Inclusion
Photorange 1.0 iOS - Local File Inclusion
GS Foto Uebertraeger 3.0 iOS - File Inclusion
GS Foto Uebertraeger 3.0 iOS - Local File Inclusion
iFunBox Free 1.1 iOS - File Inclusion
iFunBox Free 1.1 iOS - Local File Inclusion
Pimcore 2.3.0/3.0 CMS - SQL Injection
Pimcore CMS 2.3.0/3.0 - SQL Injection
Dolibarr 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr 3.1 ERP/CRM - Multiple Script URI Cross-Site Scripting
Dolibarr ERP/CRM 3.1 - Multiple Script URI Cross-Site Scripting
Dolibarr 3.x - 'adherents/fiche.php' SQL Injection
Dolibarr CMS 3.x - 'adherents/fiche.php' SQL Injection
11in1 CMS 1.2.1 - 'index.php' class Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - admin/index.php class Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'index.php' 'class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'admin/index.php' 'class' Parameter Traversal Local File Inclusion
Wifi Drive Pro 1.2 iOS - File Inclusion
Photo Manager Pro 4.4.0 iOS - File Inclusion
Mobile Drive HD 1.8 - File Inclusion Web
Wifi Drive Pro 1.2 iOS - Local File Inclusion
Photo Manager Pro 4.4.0 iOS - Local File Inclusion
Mobile Drive HD 1.8 - Local File Inclusion
Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
11in1 CMS 1.2.1 - admin/comments topicID Parameter SQL Injection
11in1 CMS 1.2.1 - admin/tps id Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/comments' 'topicID' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/tps' 'id' Parameter SQL Injection
PhotoWebsite 3.1 iOS - File Inclusion
PhotoWebsite 3.1 iOS - Local File Inclusion
vPhoto-Album 4.2 iOS - File Inclusion
vPhoto-Album 4.2 iOS - Local File Inclusion
PDF Converter & Editor 2.1 iOS - File Inclusion
PDF Converter & Editor 2.1 iOS - Local File Inclusion
Wireless Photo Transfer 3.0 iOS - File Inclusion
Wireless Photo Transfer 3.0 iOS - Local File Inclusion
WordPress Plugin Really Simple Guest Post 1.0.6 - File Inclusion
WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion
My.WiFi USB Drive 1.0 iOS - File Inclusion
My.WiFi USB Drive 1.0 iOS - Local File Inclusion
Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure
D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure
WordPress Plugin Dharma Booking 2.38.3 - File Inclusion
WordPress Plugin Dharma Booking 2.38.3 - Remote File Inclusion
Multiple Vendors (RomPager 4.34) - Misfortune Cookie Router Authentication Bypass
RomPager 4.34 (Multiple Router Vendors) - 'Misfortune Cookie' Authentication Bypass
Multiple NETGEAR Routers - Password Disclosure
NETGEAR Routers - Password Disclosure
2017-10-08 05:01:28 +00:00
Offensive Security
bfb5d80e10
DB: 2017-10-07
...
4 new exploits
Konqueror 3.5.9 - (font color) Remote Crash
Konqueror 3.5.9 - 'font color' Remote Crash
Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow
hammer software metagauge 1.0.0.17 - Directory Traversal
Hammer Software MetaGauge 1.0.0.17 - Directory Traversal
Billion Router 7700NR4 - Remote Command Execution
Billion 7700NR4 Router - Remote Command Execution
Unitrends UEB 9.1 - 'Unitrends bpserverd' Remote Command Execution
Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution
else if CMS 0.6 - Multiple Vulnerabilities
Else If CMS 0.6 - Multiple Vulnerabilities
Picturesolution 2.1 - 'config.php path' Remote File Inclusion
Picturesolution 2.1 - 'config.php' 'path' Remote File Inclusion
tsmim Lessons Library - 'show.php' SQL Injection
Tsmim Lessons Library - 'show.php' SQL Injection
Simple Machines Forum (SMF) 1.1.6 - POST Filter Security Bypass
Simple Machines Forum (SMF) 1.1.6 - 'POST' Filter Security Bypass
PHP-Fusion v7.02.07 - Blind SQL Injection
PHP-Fusion 7.02.07 - Blind SQL Injection
ZTE ZXHN H108N - Unauthenticated Config Download
ZTE ZXHN H108N Router - Unauthenticated Config Download
Unitrends UEB 9.1 - Privilege Escalation
2017-10-07 05:01:30 +00:00
Offensive Security
9ee6a8e2ee
DB: 2017-10-06
...
1 new exploits
AyeView 2.20 - (invalid bitmap header parsing) Crash
AyeView 2.20 - Invalid Bitmap Header Parsing Crash
Home Web Server r1.7.1 (build 147) - Gui Thread-Memory Corruption
Home Web Server r1.7.1 (build 147) - GUI Thread-Memory Corruption
Mozilla Firefox 1.0.6/1.0.7 - IFRAME Handling Denial of Service
Mozilla Firefox 1.0.6/1.0.7 - iFrame Handling Denial of Service
Linux Kernel < 4.14.rc3 - Local Denial of Service
Linux Kernel < 4.14.rc3 - Local Denial of Service
SHTTPD 1.34 - (POST) Remote Buffer Overflow
SHTTPD 1.34 - 'POST' Remote Buffer Overflow
SlimFTPd - LIST Concatenation Overflow (Metasploit)
SlimFTPd - 'LIST' Concatenation Overflow (Metasploit)
NetTerm NetFTPD - USER Buffer Overflow (Metasploit)
NetTerm NetFTPD - 'USER' Buffer Overflow (Metasploit)
Microsoft Virtual Machine 2000/3100/3200/3300 Series - com.ms.activeX.ActiveXComponent Arbitrary Program Execution
Microsoft Virtual Machine 2000/3100/3200/3300 Series - 'com.ms.activeX.ActiveXComponent' Arbitrary Program Execution
Zemra Botnet CnC Web Panel - Remote Code Execution (Metasploit)
Zemra Botnet (CnC Web Panel) - Remote Code Execution (Metasploit)
phpMyTeam 2.0 - (smileys_dir) Remote File Inclusion
phpMyTeam 2.0 - 'smileys_dir' Remote File Inclusion
Galerie 3.2 - (pic) WBB Lite Addon Blind SQL Injection
Galerie 3.2 - 'pic' WBB Lite Addon Blind SQL Injection
Civica - Display.asp SQL Injection
Civica - 'Display.asp' SQL Injection
AfterLogic MailBee WebMail Pro 3.x - default.asp mode2 Parameter Cross-Site Scripting
AfterLogic MailBee WebMail Pro 3.x - 'default.asp' 'mode2' Parameter Cross-Site Scripting
Picosafe Web Gui - Multiple Vulnerabilities
Picosafe Web GUI - Multiple Vulnerabilities
HBGK DVR 3.0.0 build20161206 - Authentication Bypass
HBGK DVR 3.0.0 build20161206 - Authentication Bypass
NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution
2017-10-06 05:01:30 +00:00
Offensive Security
d4e17b950d
DB: 2017-10-05
...
9 new exploits
FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service
FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service)
FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service
FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service
SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC)
SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC)
Minix 3.1.2a - tty panic Local Denial of Service
Minix 3.1.2a - tty panic Remote Denial of Service
Minix 3.1.2a - Local TTY Panic (Denial of Service)
Minix 3.1.2a - Remote TTY Panic (Denial of Service)
Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit
Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)
QNX 6.4.0 - bitflipped elf binary 'id' Kernel Panic Exploit
QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service)
FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit
FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service)
FreeBSD and OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service
FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service
Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic Denial of Service (2)
Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2)
Apple Mac OSX < 10.6.7 - Kernel Panic
Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)
genstat 14.1.0.5943 - Multiple Vulnerabilities
GenStat 14.1.0.5943 - Multiple Vulnerabilities
FreeBSD 3.0 - UNIX-domain Panic (Denial of Service)
Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service)
Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service
Apple Mac OSX 10.2.2 - Directory Kernel Panic (Denial of Service)
OpenBSD 5.5 - Local Kernel Panic
OpenBSD 5.5 - Local Kernel Panic (Denial of Service)
OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)
FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow
Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)
Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation
Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Privilege Escalation
FreeBSD TOP - Format String
FreeBSD /usr/bin/top - Format String
Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation
Qpopper 4.0.8 (FreeBSD) - Privilege Escalation
Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation
Sudo 1.6.9p18 - 'Defaults SetEnv' Privilege Escalation
FreeBSD 8.0 Run-Time Link-Editor (rtld) - Privilege Escalation
FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Privilege Escalation
FreeBSD 3.0 - UNIX-domain panic
FreeBSD 3.5/4.x - top Format String
FreeBSD 3.5/4.x /usr/bin/top - Format String
OpenBSD 5.6 - Multiple Local Kernel Panics
Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow
Microsoft Windows - RPC Locator Service Remote Exploit
Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit
Microsoft Windows - SMB Authentication Remote Exploit
Microsoft Windows 2000/XP - SMB Authentication Remote Exploit
Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit
Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit
Winmail Mail Server 2.3 - Remote Format String
Winmail Mail Server 2.3 Build 0402 - Remote Format String
Linux eXtremail 1.5.x - Remote Format Strings Exploit
eXtremail 1.5.x (Linux) - Remote Format Strings Exploit
QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow
QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow
Solaris 9 (UltraSPARC) - sadmind Remote Code Execution
Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution
Sun One WebServer 6.1 - JSP Source Viewing
Sun One WebServer 6.1 - .JSP Source Viewing
Solaris 7.0 - Recursive mutex_enter Panic
MySQL - Windows Remote System Level Exploit (Stuxnet technique)
MySQL - 'Stuxnet Technique' Windows Remote System Exploit
vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)
vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)
vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload (Metasploit)
vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit)
ERS Data System 1.8.1 - Java Deserialization
Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Linux/x86_64 - Kill All Processes Shellcode (19 bytes)
Linux/x86_64 - Fork Bomb Shellcode (11 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)
Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)
vtiger CRM 4.2 - (calpath) Multiple Remote File Inclusion
vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion
Flatnuke 2.7.1 - (level) Privilege Escalation
Flatnuke 2.7.1 - 'level' Privilege Escalation
Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
Cilem Haber 1.4.4 (Tr) - Database Disclosure (Python)
Cilem Haber 1.4.4 (Tr) - Database Disclosure
Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion
vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion
vtiger CRM 5.1.0 - Local File Inclusion
vTiger CRM 5.1.0 - Local File Inclusion
phpmychat plus 1.94 rc1 - Multiple Vulnerabilities
template CMS 2.1.1 - Multiple Vulnerabilities
phpmybittorrent 2.04 - Multiple Vulnerabilities
phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities
Template CMS 2.1.1 - Multiple Vulnerabilities
phpMyBitTorrent 2.04 - Multiple Vulnerabilities
vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting
vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting
vtiger CRM 4.2 - SQL Injection
vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting
vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting
vTiger CRM 4.2 - SQL Injection
DreamLevels Dream Poll 3.0 - View_Results.php SQL Injection
DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection
vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities
Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
osCommerce 2.2 - admin/orders_status.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/products_attributes.php page Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/countries.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/languages.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/manufacturers.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/products_expected.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/reviews.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/specials.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/stats_products_purchased.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/stats_products_viewed.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/tax_rates.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/zones.php page Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting
Cilem Haber Free Edition - hata.asp hata Parameter Cross-Site Scripting
Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting
GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting
GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting
Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion
Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities
ITS SCADA 'Username' - SQL Injection
ITS SCADA - 'Username' SQL Injection
vtiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion
vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion
vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
vtiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting
vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting
vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting
vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting
vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection
vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
Vtiger CRM 6.3.0 - Authenticated Remote Code Execution
vTiger CRM 6.3.0 - Authenticated Remote Code Execution
EPESI 1.8.2 rev20170830 - Cross-Site Scripting
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
ClipBucket 2.8.3 - Remote Code Execution
2017-10-05 05:01:29 +00:00
Offensive Security
4df0e06052
DB: 2017-10-04
...
22 new exploits
All browsers - Crash
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - win32k.sys .TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)
NoMachine 5.3.9 - Privilege Escalation
Microsoft Word 2007 (x86) - Information Disclosure
Apple Mac OS X + Safari - Local Javascript Quarantine Bypass
Australian Education App - Remote Code Execution
CenturyLink ZyXEL PK5001Z Router - Root Remote Code Execution
Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution
UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code Execution
Web interface for DNSmasq / Mikrotik - SQL Injection
Web Interface for DNSmasq / Mikrotik - SQL Injection
Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion
Uniview NVR - Password Disclosure
Nuevomailer < 6.0 - SQL Injection
IBM Informix Dynamic Server - Code Injection / Remote Code Execution
WordPress Plugin Sabai Discuss - Cross-Site Scripting
Tilde CMS 1.01 - Multiple Vulnerabilities
VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass
JoySale 2.2.1 - Arbitrary File Upload
AirMaster 3000M - Multiple Vulnerabilities
RPi Cam Control < 6.3.14 - Remote Command Execution
iTech Movie Script 7.51 - SQL Injection
CMS Web-Gooroo < 1.141 - Multiple Vulnerabilities
PHP-SecureArea < 2.7 - Multiple Vulnerabilities
Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass
Fiberhome AN5506-04-F - Command Injection
2017-10-04 05:01:32 +00:00
Offensive Security
ecfeb57577
DB: 2017-10-03
...
15 new exploits
Linux Kernel < 4.14.rc3 - Local Denial of Service
Dnsmasq < 2.78 - 2-byte Heap-Based Overflow
Dnsmasq < 2.78 - Heap-Based Overflow
Dnsmasq < 2.78 - Stack-Based Overflow
Dnsmasq < 2.78 - Information Leak
Dnsmasq < 2.78 - Lack of free() Denial of Service
Dnsmasq < 2.78 - Integer Underflow
UCOPIA Wireless Appliance < 5.1.8 - Privilege Escalation
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape
Qmail SMTP - Bash Environment Variable Injection (Metasploit)
NPM-V (Network Power Manager) 2.4.1 - Password Reset
phpCollab 2.5.1 - Arbitrary File Upload
phpCollab 2.5.1 - SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection
2017-10-03 05:01:26 +00:00
Offensive Security
38a6cf0b56
DB: 2017-10-02
...
8 new exploits
Dup Scout Enterprise 10.0.18 - 'Import Command' Buffer Overflow
Sync Breeze Enterprise 10.0.28 - Buffer Overflow
SmarterStats 11.3.6347 - Cross-Site Scripting
WordPress Plugin WPHRM - SQL Injection
PHP Multi Vendor Script 1.02 - 'sid' Parameter SQL Injection
Real Estate MLM plan script 1.0 - 'srch' Parameter SQL Injection
ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download
HBGK DVR 3.0.0 build20161206 - Authentication Bypass
2017-10-02 05:01:34 +00:00
Offensive Security
952790a0c6
DB: 2017-10-01
2017-10-01 05:01:34 +00:00
Offensive Security
b15ad9d0bc
DB: 2017-09-30
...
2 new exploits
Trend Micro OfficeScan 11.0/XG (12.0) - Memory Corruption
FileRun <= 2017.09.18 - SQL Injection
2017-09-30 05:01:29 +00:00
Offensive Security
a92226f6ac
DB: 2017-09-29
...
14 new exploits
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC)
Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass
DiskBoss Enterprise 8.4.16 - 'Import Command' Buffer Overflow
LAquis SCADA 4.1.0.2385 - Directory Traversal (Metasploit)
Oracle WebLogic Server 10.3.6.0 - Java Deserialization
Cisco Prime Collaboration Provisioning < 12.1 - Authentication Bypass / Remote Code Execution
Wordpress Plugin Ads Pro <= 3.4 - Cross-Site Scripting / SQL Injection
Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure
Trend Micro OfficeScan 11.0/XG (12.0) - Code Execution / Memory Corruption
Trend Micro OfficeScan 11.0/XG (12.0) - Information Disclosure
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery
Trend Micro OfficeScan 11.0/XG (12.0) - 'Host' Header Injection
Roteador Wireless Intelbras WRN150 - Autentication Bypass
Easy Blog PHP Script 1.3a - 'id' Parameter SQL Injection
2017-09-29 05:01:35 +00:00
Offensive Security
ec599357c0
DB: 2017-09-28
...
21 new exploits
Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing
Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing
Adobe Flash - Out-of-Bounds Read in applyToRange
CyberArk Viewfinity 5.5.10.95 - Privilege Escalation
PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution
Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response
Tiny HTTPd 0.1.0 - Directory Traversal
Free PHP photo Gallery script - Remote File Inclusion
Free PHP Photo Gallery Script - Remote File Inclusion
WordPress Plugin School Management System - SQL Injection
iTech Dating Script 3.40 - SQL Injection
iTech Job Script 9.27 - SQL Injection
WordPress Plugin Content Timeline - SQL Injection
Job Links - Arbitrary File Upload
TicketPlus - Arbitrary File Upload
Photo Fusion - Arbitrary File Upload
SMSmaster - SQL Injection
AMC Master - Arbitrary File Upload
WordPress Plugin WPCHURCH - SQL Injection
WordPress Plugin WPGYM - SQL Injection
WordPress Plugin Hospital Management System - SQL Injection
Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation
WordPress Plugin WPAMS - SQL Injection
2017-09-28 05:01:27 +00:00
Offensive Security
a06626c22f
DB: 2017-09-27
...
8 new exploits
Supervisor 3.0a1 - 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit)
Supervisor 3.0a1 < 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit)
FLIR Thermal Camera F/FC/PT/D - SSH Backdoor
NodeJS Debugger - Command Injection (Metasploit)
Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)
FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution
FLIR Thermal Camera F/FC/PT/D - Information Disclosure
FLIR Thermal Camera FC-S/PT - Command Injection
FLIR Thermal Camera F/FC/PT/D - Stream Disclosure
Sitefinity CMS 9.2 - Cross-Site Scripting
2017-09-27 05:01:31 +00:00
Offensive Security
f27338c1f7
DB: 2017-09-26
...
12 new exploits
Apache 2.0.52 - GET Request Denial of Service
Apache 2.0.52 - GET Denial of Service
CUPS Server 1.1 - GET Request Denial of Service
CUPS Server 1.1 - GET Denial of Service
BlueCoat WinProxy 6.0 R1c - GET Request Denial of Service
BlueCoat WinProxy 6.0 R1c - GET Denial of Service
TFTPD32 2.81 - GET Request Format String Denial of Service (PoC)
TFTPD32 2.81 - GET Format String Denial of Service (PoC)
ImgSvr 0.6.5 - (long http post) Denial of Service
ImgSvr 0.6.5 - POST Denial of Service
Multi-Threaded TFTP 1.1 - Long GET Request Denial of Service
Multi-Threaded TFTP 1.1 - GET Denial of Service
Essentia Web Server 2.15 - GET Request Remote Denial of Service
Essentia Web Server 2.15 - GET Remote Denial of Service
Sami HTTP Server 2.0.1 - POST Request Denial of Service
Sami HTTP Server 2.0.1 - POST Denial of Service
Xserver 0.1 Alpha - Post Request Remote Buffer Overflow
Xserver 0.1 Alpha - POST Remote Buffer Overflow
XBMC 8.10 - GET Requests Multiple Remote Buffer Overflow (PoC)
XBMC 8.10 - GET Multiple Remote Buffer Overflow (PoC)
Zervit Web Server 0.04 - GET Request Remote Buffer Overflow (PoC)
Mereo 1.8.0 - GET Request Remote Denial of Service
Zervit Web Server 0.04 - GET Remote Buffer Overflow (PoC)
Mereo 1.8.0 - GET Remote Denial of Service
ARD-9808 DVR Card Security Camera - GET Request Remote Denial of Service
ARD-9808 DVR Card Security Camera - GET Remote Denial of Service
Kolibri+ Web Server 2 - GET Request Denial of Service
Kolibri+ Web Server 2 - GET Denial of Service
Adobe InDesign CS3 - '.INDD' File Handling Buffer Overflow
Adobe InDesign CS3 - '.INDD' Handling Buffer Overflow
Sami HTTP Server 2.0.1 - GET Request Denial of Service
Sami HTTP Server 2.0.1 - GET Denial of Service
Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Request
Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Exploit
(Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service
(Linux Kernel) ReiserFS 3.5.28 - Code Execution / Denial of Service
WebTrends Reporting Center for Windows 4.0 d - GET Request Buffer Overflow
WebTrends Reporting Center for Windows 4.0 d - GET Buffer Overflow
Working Resources BadBlue 1.7.3 - GET Request Denial of Service
Working Resources BadBlue 1.7.3 - GET Denial of Service
PlanetWeb 1.14 - Long GET Request Buffer Overflow
PlanetWeb 1.14 - GET Buffer Overflow
My Web Server 1.0.1/1.0.2 - Long GET Request Denial of Service
My Web Server 1.0.1/1.0.2 - GET Denial of Service
Monkey HTTP Server 0.4/0.5 - Invalid POST Request Denial of Service
Monkey HTTP Server 0.4/0.5 - Invalid POST Denial of Service
Linksys Devices 1.42/1.43 - GET Request Buffer Overflow
Linksys Devices 1.42/1.43 - GET Buffer Overflow
Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service
NETGEAR ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service
VisNetic ActiveDefense 1.3.1 - Multiple GET Request Denial of Service
VisNetic ActiveDefense 1.3.1 - GET Multiple Denial of Service
Pi3Web 2.0.1 - GET Request Denial of Service
Pi3Web 2.0.1 - GET Denial of Service
Snowblind Web Server 1.0/1.1 - GET Request Buffer Overflow
Snowblind Web Server 1.0/1.1 - GET Buffer Overflow
ArGoSoft Mail Server 1.8.3.5 - Multiple GET Requests Denial of Service
WebBBS Pro 1.18 - GET Request Denial of Service
ArGoSoft Mail Server 1.8.3.5 - GET Multiple Denial of Service
WebBBS Pro 1.18 - GET Denial of Service
Proxomitron Proxy Server - Long GET Request Remote Denial of Service
Proxomitron Proxy Server - GET Remote Denial of Service
Armida Databased Web Server 1.0 - Remote GET Request Denial of Service
Armida Databased Web Server 1.0 - GET Remote Denial of Service
Twilight WebServer 1.3.3.0 - 'GET' Request Buffer Overflow
Twilight WebServer 1.3.3.0 - GET Buffer Overflow
Sami FTP Server 1.1.3 - Library Crafted GET Request Remote Denial of Service
Sami FTP Server 1.1.3 - Library Crafted GET Remote Denial of Service
Loom Software SurfNow 1.x/2.x - Remote GET Request Denial of Service
Loom Software SurfNow 1.x/2.x - GET Remote Denial of Service
Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow
Sambar Server 6.0 - 'results.stm' POST Buffer Overflow
Linksys PSUS4 PrintServer - POST Request Denial of Service
Linksys PSUS4 PrintServer - POST Denial of Service
Thomson TCW690 Cable Modem ST42.03.0a - Long GET Request Denial of Service
Thomson TCW690 Cable Modem ST42.03.0a - GET Denial of Service
Netgear ProSafe - Denial of Service
NETGEAR ProSafe - Denial of Service
Multiple IEA Software Products - POST Request Denial of Service
Multiple IEA Software Products - POST Denial of Service
Netgear WGR614 - Administration Interface Remote Denial of Service
NETGEAR WGR614 - Administration Interface Remote Denial of Service
Remote Help HTTP 0.0.7 - GET Request Format String Denial of Service
Remote Help HTTP 0.0.7 - GET Format String Denial of Service
Geo++ GNCASTER 1.4.0.7 - GET Request Denial of Service
Geo++ GNCASTER 1.4.0.7 - GET Denial of Service
D-Link WBR-2310 1.0.4 - GET Request Remote Buffer Overflow
D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow
Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial of Service
Polipo 1.0.4.1 - POST/PUT HTTP Header Processing Denial of Service
CoDeSys 3.4 - HTTP POST Request Null Pointer Content-Length Parsing Remote Denial of Service
CoDeSys 3.4 - HTTP POST Null Pointer Content-Length Parsing Remote Denial of Service
Zoom Player - '.avi' File Divide-by-Zero Denial of Service
Zoom Player - '.avi' Divide-by-Zero Denial of Service
Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.SWF' File (1)
Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.SWF' File (2)
Adobe Flash - '.SWF' Out-of-Bounds Memory Read (1)
Adobe Flash - '.SWF' Out-of-Bounds Memory Read (2)
Microsoft Windows - Cursor Object Potential Memory Leak (MS15-115)
Microsoft Windows - Cursor Object Memory Leak (MS15-115)
Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (1)
Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2)
Adobe Photoshop CC & Bridge CC - '.iff' File Parsing Memory Corruption
Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (1)
Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (2)
Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption
Adobe Flash - '.MP4' File Stack Corruption
Adobe Flash - '.MP4' Stack Corruption
Adobe Photoshop CS2 / CS3 - Unspecified '.bmp' File Buffer Overflow
Adobe Photoshop CS2 / CS3 - '.bmp' Buffer Overflow
Zoom Player Pro 3.30 - '.m3u' File Buffer Overflow (SEH)
Zoom Player Pro 3.30 - '.m3u' Buffer Overflow (SEH)
Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Potential Information Disclosure
Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Information Disclosure
Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass)
Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) (ASLR + DEP Bypass)
Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation
NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation
CyberLink LabelPrint < 2.5 - Buffer Overflow (SEH Unicode)
LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit
LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Remote Exploit
PMSoftware Simple Web Server - GET Request Remote Buffer Overflow
PMSoftware Simple Web Server - GET Remote Buffer Overflow
Fenice Oms 1.10 - Long GET Request Remote Buffer Overflow
Fenice Oms 1.10 - GET Remote Buffer Overflow
webdesproxy 0.0.1 - GET Request Remote Buffer Overflow
webdesproxy 0.0.1 - GET Remote Buffer Overflow
webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution
webdesproxy 0.0.1 - (exec-shield) GET Remote Code Execution
Savant Web Server 3.1 - GET Request Remote Overflow (Universal)
Savant Web Server 3.1 - GET Remote Overflow (Universal)
Belkin Wireless G Plus MIMO Router F5D9230-4 - Authentication Bypass
Belkin F5D9230-4 Wireless G Plus MIMO Router - Authentication Bypass
Netgear WG102 - Leaks SNMP Write Password With Read Access
NETGEAR WG102 - Leaks SNMP Write Password With Read Access
XBMC 8.10 (Windows) - GET Request Remote Buffer Overflow
XBMC 8.10 (Windows) - GET Remote Buffer Overflow
XBMC 8.10 - GET Request Remote Buffer Overflow (SEH) (Universal)
XBMC 8.10 - GET Remote Buffer Overflow (SEH) (Universal)
Netgear WNR2000 FW 1.2.0.8 - Information Disclosure
NETGEAR WNR2000 FW 1.2.0.8 - Information Disclosure
Kolibri+ Web Server 2 - GET Request Remote Overwrite (SEH)
Kolibri+ Web Server 2 - GET Remote Overwrite (SEH)
BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH)
BigAnt Server 2.50 - GET Remote Buffer Overflow (SEH)
BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH)
BigAnt Server 2.50 - GET Universal Remote Buffer Overflow (SEH)
httpdx 1.4 - GET Request Buffer Overflow
httpdx 1.4 - GET Buffer Overflow
Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)
NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)
Proxy-Pro Professional GateKeeper 4.7 - GET Request Overflow (Metasploit)
Proxy-Pro Professional GateKeeper 4.7 - GET Overflow (Metasploit)
Linksys WRT54 (Access Point) - apply.cgi Buffer Overflow (Metasploit)
Linksys WRT54 Access Point - apply.cgi Buffer Overflow (Metasploit)
Oracle Weblogic Apache Connector - POST Request Buffer Overflow (Metasploit)
Oracle Weblogic Apache Connector - POST Buffer Overflow (Metasploit)
Berkeley Sendmail 5.58 - Debug exploit
Berkeley Sendmail 5.58 - Debug Exploit
A-V Tronics InetServ 3.0 - WebMail Long GET Request
A-V Tronics InetServ 3.0 - WebMail GET Exploit
Light HTTPD 0.1 - GET Request Buffer Overflow (1)
Light HTTPD 0.1 - GET Request Buffer Overflow (2)
Light HTTPD 0.1 - GET Buffer Overflow (1)
Light HTTPD 0.1 - GET Buffer Overflow (2)
Netgear FM114P Wireless Firewall - File Disclosure
NETGEAR FM114P Wireless Firewall - File Disclosure
Athttpd 0.4b - Remote GET Request Buffer Overrun
Athttpd 0.4b - GET Remote Buffer Overrun
IA WebMail Server 3.0/3.1 - Long GET Request Buffer Overrun
IA WebMail Server 3.0/3.1 - GET Buffer Overrun
Monit 1.4/2.x/3/4 - Overly Long HTTP Request Buffer Overrun
Monit 1.4/2.x/3/4 - Long HTTP Request Buffer Overrun
KarjaSoft Sami HTTP Server 1.0.4 - GET Request Buffer Overflow
KarjaSoft Sami HTTP Server 1.0.4 - GET Buffer Overflow
MyWeb HTTP Server 3.3 - GET Request Buffer Overflow
MyWeb HTTP Server 3.3 - GET Buffer Overflow
Omnicron OmniHTTPd 2.x/3.0 - GET Request Buffer Overflow
Omnicron OmniHTTPd 2.x/3.0 - GET Buffer Overflow
Netgear RP114 3.26 - Content Filter Bypass
NETGEAR RP114 3.26 - Content Filter Bypass
Netgear DGN1000B - setup.cgi Remote Command Execution (Metasploit)
NETGEAR DGN1000B - setup.cgi Remote Command Execution (Metasploit)
Netgear DGN2200B - pppoe.cgi Remote Command Execution (Metasploit)
NETGEAR DGN2200B - pppoe.cgi Remote Command Execution (Metasploit)
Netgear MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow
NETGEAR MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow
Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow
NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow
Netgear ReadyNAS - Perl Code Evaluation (Metasploit)
NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit)
Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting
NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting
Zoom Player 3.30/5/6 - Crafted '.ZPL' File Error Message Arbitrary Code Execution
Zoom Player 3.30/5/6 - '.ZPL' Error Message Arbitrary Code Execution
Ultra Mini HTTPD 1.21 - POST Request Stack Buffer Overflow
Ultra Mini HTTPD 1.21 - POST Stack Buffer Overflow
Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow
Kolibri Web Server 2.0 - GET Stack Buffer Overflow
NetGear WNR2000 - Multiple Information Disclosure Vulnerabilities
NETGEAR WNR2000 - Multiple Information Disclosure Vulnerabilities
HTTP 1.1 - GET Request Directory Traversal
HTTP 1.1 - GET Directory Traversal
Kolibri Web Server 2.0 - GET Request (SEH)
D-Link Devices - 'info.cgi' POST Request Buffer Overflow (Metasploit)
Kolibri Web Server 2.0 - GET Exploit (SEH)
D-Link Devices - 'info.cgi' POST Buffer Overflow (Metasploit)
Belkin n750 - jump login Parameter Buffer Overflow
Belkin N750 - jump login Parameter Buffer Overflow
Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities
NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities
Belkin Wireless Router Default - WPS PIN Security
Belkin Wireless Router - Default WPS PIN Security
Easy File Sharing Web Server 7.2 - GET Request Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET Buffer Overflow (SEH)
Netgear D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution
NETGEAR D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution
Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit)
NETGEAR NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit)
NUUO NVRmini2 / NVRsolo / Crystal Devices / Netgear ReadyNAS Surveillance Application - Multiple Vulnerabilities
NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
NETGEAR ADSL Router JNR1010 - Authenticated Remote File Disclosure
NETGEAR ADSL Router WNR500/WNR612v3/JNR1010/JNR2010 - Authenticated Remote File Disclosure
NETGEAR JNR1010 ADSL Router - Authenticated Remote File Disclosure
NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - Authenticated Remote File Disclosure
Netgear R7000 and R6400 - 'cgi-bin' Command Injection (Metasploit)
NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)
Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (SEH)
Supervisor 3.0a1 - 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit)
Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit)
NETGEAR DGN2200 - dnslookup.cgi Command Injection (Metasploit)
Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (DEP Bypass)
Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (DEP Bypass)
Belkin NetCam F7D7601 - Multiple Vulnerabilities
Belkin F7D7601 NetCam - Multiple Vulnerabilities
Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit)
Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit)
Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH)
Oracle 9i XDB 9.2.0.1 - HTTP PASS Buffer Overflow
Quezza BB 1.0 - (quezza_root_path) File Inclusion
Quezza BB 1.0 - 'quezza_root_path' File Inclusion
The Bible Portal Project 2.12 - (destination) File Inclusion
The Bible Portal Project 2.12 - 'destination' File Inclusion
Vivvo Article Manager 3.2 - (classified_path) File Inclusion
Vivvo Article Manager 3.2 - 'classified_path' File Inclusion
Forum82 < 2.5.2b - (repertorylevel) Multiple File Inclusion
Forum82 < 2.5.2b - 'repertorylevel' Multiple File Inclusion
OpenDock Easy Doc 1.4 - (doc_directory) File Inclusion
OpenDock Easy Blog 1.4 - (doc_directory) File Inclusion
WebYep 1.1.9 - (webyep_sIncludePath) File Inclusion
OpenDock Easy Gallery 1.4 - (doc_directory) File Inclusion
OpenDock Easy Doc 1.4 - 'doc_directory' File Inclusion
OpenDock Easy Blog 1.4 - 'doc_directory' File Inclusion
WebYep 1.1.9 - 'webyep_sIncludePath' File Inclusion
OpenDock Easy Gallery 1.4 - 'doc_directory' File Inclusion
Open Conference Systems 1.1.4 - (fullpath) File Inclusion
Open Conference Systems 1.1.4 - 'fullpath' File Inclusion
SpeedBerg 1.2beta1 - (SPEEDBERG_PATH) File Inclusion
SpeedBerg 1.2beta1 - 'SPEEDBERG_PATH' File Inclusion
PhpShop Core 0.9.0 RC1 - (PS_BASE) File Inclusion
PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion
Phpjobscheduler 3.0 - (installed_config_file) File Inclusion
Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion
Magic Photo Storage Website - _config[site_path] File Inclusion
Magic Photo Storage Website - '_config[site_path]' File Inclusion
Linksys Cisco WAG120N - Cross-Site Request Forgery
Cisco Linksys WAG120N - Cross-Site Request Forgery
Belkin G Wireless Router F5D7234-4 v5 - Exploit
Belkin F5D7234-4 v5 G Wireless Router - Exploit
Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery
NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery
PHP-Nuke 6.x/7.x - Modpath Parameter Potential File Inclusion
PHP-Nuke 6.x/7.x - 'Modpath' Parameter File Inclusion
Netgear SPH200D - Multiple Vulnerabilities
NETGEAR SPH200D - Multiple Vulnerabilities
Netgear DGN1000B - Multiple Vulnerabilities
NETGEAR DGN1000B - Multiple Vulnerabilities
Netgear DGN2200B - Multiple Vulnerabilities
NETGEAR DGN2200B - Multiple Vulnerabilities
Netgear WNR1000 - Authentication Bypass
NETGEAR WNR1000 - Authentication Bypass
PHPMyVisites 1.3 - Set_Lang File Inclusion
PHPMyVisites 1.3 - 'Set_Lang' File Inclusion
PPA 0.5.6 - ppa_root_path File Inclusion
PPA 0.5.6 - 'ppa_root_path' File Inclusion
Netgear WPN824v3 - Unauthorized Config Download
NETGEAR WPN824v3 - Unauthorized Config Download
Netgear DGN1000 / DGN2200 - Multiple Vulnerabilities
NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities
Netgear ProSafe - Information Disclosure
NETGEAR ProSafe - Information Disclosure
Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)
NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)
Simple Machines Forum (SMF) 1.1.6 - POST Request Filter Security Bypass
Simple Machines Forum (SMF) 1.1.6 - POST Filter Security Bypass
Netgear N600 Wireless Dual Band WNDR3400 - Multiple Vulnerabilities
NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities
Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass
Belkin AC1200 Router Firmware 1.00.27 - Authentication Bypass
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting
NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure
NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure
ManageEngine ADSelfService Plus 4.4 - POST Request Manipulation Security Question
ManageEngine ADSelfService Plus 4.4 - POST Manipulation Security Question
Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure
NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
Belkin Router N150 1.00.08/1.00.09 - Directory Traversal
Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Potential Code Execution / Denial of Service)
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution / Denial of Service)
Belkin N150 Wireless Home Router F9K1009 v1 - Multiple Vulnerabilities
Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities
Netgear WNR1000v4 - Authentication Bypass
NETGEAR WNR1000v4 - Authentication Bypass
Netgear ProSafe Network Management System NMS300 - Multiple Vulnerabilities
NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities
Netgear R7000 - Command Injection
Netgear R7000 - Cross-Site Scripting
NETGEAR R7000 - Command Injection
NETGEAR R7000 - Cross-Site Scripting
Tenda N3 Wireless N150 Home Router - Authentication Bypass
Tenda N3 Wireless N150 Router - Authentication Bypass
DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)
Lending And Borrowing - 'pid' Parameter SQL Injection
Multi Level Marketing - SQL Injection
Cash Back Comparison Script 1.0 - SQL Injection
Claydip Airbnb Clone 1.0 - Arbitrary File Upload
Secure E-commerce Script 1.02 - 'sid' Parameter SQL Injection
PHP Auction Ecommerce Script 1.6 - SQL Injection
JitBit HelpDesk < 9.0.2 - Authentication Bypass
2017-09-26 05:01:29 +00:00
Offensive Security
90ecd7f9e4
DB: 2017-09-23
...
1 new exploits
Linux Kernel <= 4.13.1 - BlueTooth Buffer Overflow (PoC)
Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
Stock Photo Selling 1.0 - SQL Injection
2017-09-23 11:07:27 +00:00
Offensive Security
92bfb7616d
DB: 2017-09-22
...
7 new exploits
Linux Kernel <= 4.13.1 - BlueTooth Buffer Overflow (PoC)
Microsoft Edge - Chakra Incorrectly Parses Object Patterns
Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes
Microsoft Edge Chakra - 'Parser::ParseCatch' does not Handle 'eval'
Microsoft Edge Chakra - 'JavascriptFunction::ReparseAsmJsModule' Incorrectly Re-parses
Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit)
PHPMyFAQ 2.9.8 - Cross-Site Scripting
2017-09-22 05:01:23 +00:00
Offensive Security
5c25046219
DB: 2017-09-21
2017-09-21 05:01:19 +00:00
Offensive Security
13a6e2baaf
DB: 2017-09-20
...
8 new exploits
McAfee E-Business Server 8.5.2 - Remote Unauthenticated Code Execution / Denial of Service (PoC)
McAfee E-Business Server 8.5.2 - Unauthenticated Remote Code Execution / Denial of Service (PoC)
Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization
Apple macOS - Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading
Microsoft Edge 38.14393.1066.0 - 'COptionsCollectionCacheItem::GetAt' Out-of-Bounds Read
Xcode OpenBase 9.1.5 (OSX) - (root file create) Privilege Escalation
Xcode OpenBase 9.1.5 (OSX) - (Root File Create) Privilege Escalation
Xcode OpenBase 10.0.0 (OSX) - (unsafe system call) Privilege Escalation
Xcode OpenBase 10.0.0 (OSX) - (Unsafe System Call) Privilege Escalation
eTrust AntiVirus Agent r8 - Local Privilege Escalation
eTrust AntiVirus Agent r8 - Privilege Escalation
WICD 1.7.1 - Local Privilege Escalation
WICD 1.7.1 - Privilege Escalation
Novell Client 4.91 SP4 - Local Privilege Escalation
Novell Client 4.91 SP4 - Privilege Escalation
H-Sphere Webshell 2.4 - Privilege Escalation
H-Sphere WebShell 2.4 - Privilege Escalation
Zend Platform 2.2.1 - PHP.INI File Modification
Zend Platform 2.2.1 - 'PHP.INI' File Modification
AIX 7.1 - lquerylv Privilege Escalation
AIX 7.1 - 'lquerylv' Privilege Escalation
sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation
Sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation
Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation
Serviio PRO 1.8 DLNA Media Streaming Server - Privilege Escalation
Automated Logic WebCTRL 6.5 - Local Privilege Escalation
Automated Logic WebCTRL 6.5 - Privilege Escalation
Netdecision 5.8.2 - Local Privilege Escalation
Netdecision 5.8.2 - Privilege Escalation
H-Sphere Webshell 2.4 - Remote Command Execution
H-Sphere WebShell 2.4 - Remote Command Execution
NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Remote Perl Code Execution (Metasploit)
NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Perl Remote Code Execution (Metasploit)
STUNSHELL Web Shell - Remote PHP Code Execution (Metasploit)
STUNSHELL Web Shell - PHP Remote Code Execution (Metasploit)
v0pCr3w Web Shell - Remote Code Execution (Metasploit)
v0pCr3w (Web Shell) - Remote Code Execution (Metasploit)
InstantCMS 1.6 - Remote PHP Code Execution (Metasploit)
InstantCMS 1.6 - PHP Remote Code Execution (Metasploit)
Drupal Module RESTWS 7.x - Remote PHP Code Execution (Metasploit)
Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)
HPE < 7.2 - Java Deserialization
Tecnovision DLX Spot - SSH Backdoor
phpBB 2.0.15 - (highlight) Remote PHP Code Execution
phpBB 2.0.15 - 'highlight' PHP Remote Code Execution
phpBB 2.0.15 - Remote PHP Code Execution (Metasploit)
phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)
versatileBulletinBoard 1.00 RC2 - (board takeover) SQL Injection
versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection
VuBB Forum RC1 - (m) SQL Injection
VuBB Forum RC1 - 'm' SQL Injection
Wizz Forum 1.20 - (TopicID) SQL Injection
PHPWebThings 1.4 - (msg/forum) SQL Injection
Wizz Forum 1.20 - 'TopicID' SQL Injection
PHPWebThings 1.4 - 'msg'/'forum' SQL Injection
webSPELL 4.01 - (title_op) SQL Injection
webSPELL 4.01 - 'title_op' SQL Injection
YapBB 1.2 - (cfgIncludeDirectory) Remote Command Execution
YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution
TopList 1.3.8 - (phpBB Hack) Remote File Inclusion (1)
Advanced Guestbook 2.4.0 - (phpBB) File Inclusion
TopList 1.3.8 - (phpBB Hack) Remote File Inclusion (2)
Advanced Guestbook 2.4.0 - (phpBB) Remote File Inclusion
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (1)
Advanced Guestbook 2.4.0 - 'phpBB' File Inclusion
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (2)
Advanced Guestbook 2.4.0 - 'phpBB' Remote File Inclusion
Knowledge Base Mod 2.0.2 - (phpBB) Remote File Inclusion
Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion
phpRaid 3.0.b3 - (phpBB/SMF) Remote File Inclusion
pafileDB 2.0.1 - (mxBB/phpBB) Remote File Inclusion
phpRaid 3.0.b3 - 'phpBB'/'SMF' Remote File Inclusion
pafileDB 2.0.1 - 'mxBB'/'phpBB' Remote File Inclusion
Foing 0.7.0 - (phpBB) Remote File Inclusion
Foing 0.7.0 - 'phpBB' Remote File Inclusion
Activity MOD Plus 1.1.0 - (phpBB Mod) File Inclusion
Activity MOD Plus 1.1.0 - 'phpBB Mod' File Inclusion
Blend Portal 1.2.0 - (phpBB Mod) Remote File Inclusion
Blend Portal 1.2.0 - 'phpBB Mod' Remote File Inclusion
XMB 1.9.6 - (u2uid) SQL Injection (mq=off)
XMB 1.9.6 - (mq=off) 'u2uid' SQL Injection
Web3news 0.95 - (PHPSECURITYADMIN_PATH) Remote File Inclusion
Web3news 0.95 - 'PHPSECURITYADMIN_PATH' Remote File Inclusion
Yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion
Yappa-ng 2.3.1 - 'admin_modules' Remote File Inclusion
TualBLOG 1.0 - (icerikno) SQL Injection
TualBLOG 1.0 - 'icerikno' SQL Injection
Tekman Portal 1.0 - (tr) SQL Injection
Tekman Portal 1.0 - 'tr' SQL Injection
MyReview 1.9.4 - (email) SQL Injection / Code Execution
MyReview 1.9.4 - 'email' SQL Injection / Code Execution
phpQuestionnaire 3.12 - (phpQRootDir) Remote File Inclusion
phpQuestionnaire 3.12 - 'phpQRootDir' Remote File Inclusion
phpBB Static Topics 1.0 - phpbb_root_path File Inclusion
phpBB Static Topics 1.0 - 'phpbb_root_path' File Inclusion
CentiPaid 1.4.2 - centipaid_class.php Remote File Inclusion
CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion
webSPELL 4.01.01 - (getsquad) SQL Injection
webSPELL 4.01.01 - 'getsquad' SQL Injection
Osprey 1.0 - GetRecord.php Remote File Inclusion
Osprey 1.0 - 'GetRecord.php' Remote File Inclusion
Techno Dreams Announcement - (key) SQL Injection
Techno Dreams Guestbook 1.0 - (key) SQL Injection
Techno Dreams Announcement - 'key' SQL Injection
Techno Dreams Guestbook 1.0 - 'key' SQL Injection
GEPI 1.4.0 - gestion/savebackup.php Remote File Inclusion
GEPI 1.4.0 - 'gestion/savebackup.php' Remote File Inclusion
PHPGiggle 12.08 - (CFG_PHPGIGGLE_ROOT) File Inclusion
PHPGiggle 12.08 - 'CFG_PHPGIGGLE_ROOT' File Inclusion
mxBB Module Meeting 1.1.2 - Remote FileInclusion
mxBB Module Meeting 1.1.2 - Remote File Inclusion
Uploader & Downloader 3.0 - (id_user) SQL Injection
Uploader & Downloader 3.0 - 'id_user' SQL Injection
The Classified Ad System 1.0 - (main) SQL Injection
The Classified Ad System 1.0 - 'main' SQL Injection
VisoHotlink 1.01 - functions.visohotlink.php Remote File Inclusion
VisoHotlink 1.01 - 'functions.visohotlink.php' Remote File Inclusion
vhostadmin 0.1 - (MODULES_DIR) Remote File Inclusion
vhostadmin 0.1 - 'MODULES_DIR' Remote File Inclusion
XLAtunes 0.1 - (album) SQL Injection
XLAtunes 0.1 - 'album' SQL Injection
webSPELL 4.01.02 - (topic) SQL Injection
webSPELL 4.01.02 - 'topic' SQL Injection
webSPELL 4.01.02 - Remote PHP Code Execution
webSPELL 4.01.02 - PHP Remote Code Execution
PHP-Nuke - iFrame (iframe.php) Remote File Inclusion
PHP-Nuke - 'iframe.php' Remote File Inclusion
XOOPS Module Camportail 1.1 - (camid) SQL Injection
XOOPS Module Camportail 1.1 - 'camid' SQL Injection
Mutant 0.9.2 - mutant_functions.php Remote File Inclusion
Mutant 0.9.2 - 'mutant_functions.php' Remote File Inclusion
Original 0.11 - config.inc.php x[1] Remote File Inclusion
Original 0.11 - 'config.inc.php' 'x[1]' Remote File Inclusion
Glossword 1.8.1 - custom_vars.php Remote File Inclusion
Glossword 1.8.1 - 'custom_vars.php' Remote File Inclusion
GeekLog 2.x - ImageImageMagick.php Remote File Inclusion
GeekLog 2.x - 'ImageImageMagick.php' Remote File Inclusion
Vizayn Urun Tanitim Sistemi 0.2 - (tr) SQL Injection
Vizayn Urun Tanitim Sistemi 0.2 - 'tr' SQL Injection
WBB2-Addon: Acrotxt 1.0 - (show) SQL Injection
WBB2-Addon: Acrotxt 1.0 - 'show' SQL Injection
STPHPLibrary - (STPHPLIB_DIR) Remote File Inclusion
STPHPLibrary - 'STPHPLIB_DIR' Remote File Inclusion
phpFFL 1.24 - PHPFFL_FILE_ROOT Remote File Inclusion
phpFFL 1.24 - 'PHPFFL_FILE_ROOT' Remote File Inclusion
phpBB Mod OpenID 0.2.0 - BBStore.php Remote File Inclusion
phpBB Mod OpenID 0.2.0 - 'BBStore.php' Remote File Inclusion
LiveAlbum 0.9.0 - common.php Remote File Inclusion
LiveAlbum 0.9.0 - 'common.php' Remote File Inclusion
Pindorama 0.1 - client.php Remote File Inclusion
Pindorama 0.1 - 'client.php' Remote File Inclusion
Socketmail 2.2.8 - fnc-readmail3.php Remote File Inclusion
TOWeLS 0.1 - scripture.php Remote File Inclusion
Socketmail 2.2.8 - 'fnc-readmail3.php' Remote File Inclusion
TOWeLS 0.1 - 'scripture.php' Remote File Inclusion
Sige 0.1 - sige_init.php Remote File Inclusion
Sige 0.1 - 'sige_init.php' Remote File Inclusion
Scribe 0.2 - Remote PHP Code Execution
Scribe 0.2 - PHP Remote Code Execution
patBBcode 1.0 - bbcodeSource.php Remote File Inclusion
patBBcode 1.0 - 'bbcodeSource.php' Remote File Inclusion
Tilde CMS 4.x - (aarstal) SQL Injection
Tilde CMS 4.x - 'aarstal' SQL Injection
CityWriter 0.9.7 - head.php Remote File Inclusion
CityWriter 0.9.7 - 'head.php' Remote File Inclusion
PhpMyDesktop/Arcade 1.0 Final - (phpdns_basedir) Remote File Inclusion
PhpMyDesktop/Arcade 1.0 Final - 'phpdns_basedir' Remote File Inclusion
WebSihirbazi 5.1.1 - (pageid) SQL Injection
WebSihirbazi 5.1.1 - 'pageid' SQL Injection
Blakord Portal Beta 1.3.A - (all modules) SQL Injection
Blakord Portal Beta 1.3.A - (All Modules) SQL Injection
PHP Links 1.3 - smarty.php Remote File Inclusion
PHP Links 1.3 - 'smarty.php' Remote File Inclusion
Aterr 0.9.1 - Local File Inclusion (PHP5)
Aterr 0.9.1 - PHP5 Local File Inclusion
phpEmployment - (PHP upload) Arbitrary File Upload
phpEmployment - 'PHP Upload' Arbitrary File Upload
XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution
Xplode CMS - (wrap_script) SQL Injection
Xplode CMS - 'wrap_script' SQL Injection
VS PANEL 7.3.6 - (Cat_ID) SQL Injection
VS PANEL 7.3.6 - 'Cat_ID' SQL Injection
WebMember 1.0 - (formID) SQL Injection
WebMember 1.0 - 'formID' SQL Injection
Dokuwiki 2009-02-14 - Remote/Temporary File Inclusion
Dokuwiki 2009-02-14 - Temporary/Remote File Inclusion
Kjtechforce mailman b1 - (code) SQL Injection Delete Row
Kjtechforce mailman b1 - (Delete Row) 'code' SQL Injection
Virtue Classifieds - (category) SQL Injection
Virtue Classifieds - 'category' SQL Injection
XOOPS Celepar Module Qas - (codigo) SQL Injection
XOOPS Celepar Module Qas - 'codigo' SQL Injection
URA 3.0 - (cat) SQL Injection
URA 3.0 - 'cat' SQL Injection
TYPO3 CMS 4.0 - (showUid) SQL Injection
TYPO3 CMS 4.0 - 'showUid' SQL Injection
Typing Pal 1.0 - (idTableProduit) SQL Injection
Typing Pal 1.0 - 'idTableProduit' SQL Injection
Videos Broadcast Yourself 2 - (UploadID) SQL Injection
Videos Broadcast Yourself 2 - 'UploadID' SQL Injection
Uiga Church Portal - (year) SQL Injection
Uiga Church Portal - 'year' SQL Injection
Network Management/Inventory System - header.php Remote File Inclusion
Network Management/Inventory System - 'header.php' Remote File Inclusion
BASE 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit)
BASE 1.2.4 - 'base_qry_common.php' Remote File Inclusion (Metasploit)
PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection
PHP-Nuke 8.0 - (News Module) Cross-Site Scripting / HTML Code Injection
Vivid Ads Shopping Cart - (prodid) SQL Injection
Vivid Ads Shopping Cart - 'prodid' SQL Injection
WorldPay Script Shop - (productdetail) SQL Injection
WorldPay Script Shop - 'productdetail' SQL Injection
tincan ltd - (section) SQL Injection
tincan ltd - 'section' SQL Injection
Template Seller Pro 3.25 - (tempid) SQL Injection
Template Seller Pro 3.25 - 'tempid' SQL Injection
Webloader 7 < 8 - (vid) SQL Injection
Webloader 7 < 8 - 'vid' SQL Injection
web5000 - (page_show) SQL Injection
web5000 - 'page_show' SQL Injection
Cosmos Solutions CMS - (id= / page=) SQL Injection
Cosmos Solutions CMS - 'id=' / 'page=' SQL Injection
iBoutique - (page) SQL Injection / Cross-Site Scripting
iBoutique - 'page' SQL Injection / Cross-Site Scripting
OpenX - (phpAdsNew) Remote File Inclusion
OpenX - 'phpAdsNew' Remote File Inclusion
System Shop - (Module aktka) SQL Injection
System Shop - 'Module aktka' SQL Injection
TikiWiki tiki-graph_formula - Remote PHP Code Execution (Metasploit)
TikiWiki tiki-graph_formula - PHP Remote Code Execution (Metasploit)
vBulletin 4.0.x 4.1.3 - (messagegroupid) SQL Injection
vBulletin 4.0.x 4.1.3 - 'messagegroupid' SQL Injection
PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (1)
PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (1)
YABB SE 0.8/1.4/1.5 - Packages.php Remote File Inclusion
YABB SE 0.8/1.4/1.5 - 'Packages.php' Remote File Inclusion
Invision Board 1.1.1 - ipchat.php Remote File Inclusion
Invision Board 1.1.1 - 'ipchat.php' Remote File Inclusion
Typo3 3.5 b5 - Translations.php Remote File Inclusion
Typo3 3.5 b5 - 'Translations.php' Remote File Inclusion
Webchat 0.77 - Defines.php Remote File Inclusion
Webchat 0.77 - 'Defines.php' Remote File Inclusion
PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection
PHP-Nuke 6.5 - (Multiple Downloads Module) SQL Injection
ttCMS 2.2/2.3 - header.php Remote File Inclusion
ttCMS 2.2/2.3 - 'header.php' Remote File Inclusion
PMachine 2.2.1 - Lib.Inc.php Remote File Inclusion Command Execution
PMachine 2.2.1 - 'Lib.Inc.php' Remote File Inclusion / Command Execution
HolaCMS 1.2.x - HTMLtags.php Local File Inclusion
HolaCMS 1.2.x - 'HTMLtags.php' Local File Inclusion
WebCalendar 0.9.x - Multiple Module SQL Injection
WebCalendar 0.9.x - (Multiple Modules) SQL Injection
PHP-Nuke 6.x - Multiple Module SQL Injection
PHP-Nuke 6.x - (Multiple Modules) SQL Injection
EasyDynamicPages 1.0 - 'config_page.php' Remote PHP File Inclusion
EasyDynamicPages 1.0 - 'config_page.php' PHP Remote File Inclusion
VisualShapers EZContents 1.4/2.0 - module.php Remote Command Execution
VisualShapers EZContents 1.4/2.0 - 'module.php' Remote Command Execution
Mambo Open Source 4.5/4.6 - mod_mainmenu.php Remote File Inclusion
Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion
PHPGedView 2.x - [GED_File]_conf.php Remote File Inclusion
PHPGedView 2.x - '[GED_File]_conf.php' Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script fonctions.lib.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script derniers_commentaires.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script 'fonctions.lib.php' Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script 'derniers_commentaires.php' Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script 'admin.php' Remote File Inclusion
VisualShapers EZContents 1.x/2.0 - db.php Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - archivednews.php Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion
VirtuaSystems VirtuaNews 1.0.x - Multiple Module Cross-Site Scripting Vulnerabilities
VirtuaSystems VirtuaNews 1.0.x - (Multiple Modules) Cross-Site Scripting Vulnerabilities
WarpSpeed 4nAlbum Module 0.92 - displaycategory.php basepath Parameter Remote File Inclusion
WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php' 'basepath' Parameter Remote File Inclusion
Gemitel 3.50 - affich.php Remote File Inclusion Command Injection
Gemitel 3.50 - 'affich.php' Remote File Inclusion / Command Injection
phpBB 2.0.x - album_portal.php Remote File Inclusion
phpBB 2.0.x - 'album_portal.php' Remote File Inclusion
Mail Manage EX 3.1.8 MMEX - Script Settings Parameter Remote PHP File Inclusion
Mail Manage EX 3.1.8 MMEX - Script Settings Parameter PHP Remote File Inclusion
Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - Common.php Remote File Inclusion
Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - 'Common.php' Remote File Inclusion
@lexPHPTeam @lex Guestbook 3.12 - Remote PHP File Inclusion
@lexPHPTeam @lex Guestbook 3.12 - PHP Remote File Inclusion
phpBB 2.0.x - 'admin_cash.php' Remote PHP File Inclusion
phpBB 2.0.x - 'admin_cash.php' PHP Remote File Inclusion
Stadtaus.Com Download Center Lite 1.5 - Remote PHP File Inclusion
Stadtaus.Com Download Center Lite 1.5 - PHP Remote File Inclusion
Work System eCommerce 3.0.3/3.0.4 - forum.php Remote File Inclusion
Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion
phpGroupWare 0.9.14 - Tables_Update.Inc.php Remote File Inclusion
phpGroupWare 0.9.14 - 'Tables_Update.Inc.php' Remote File Inclusion
PANews 2.0 - Remote PHP Script Code Execution
PANews 2.0 - PHP Remote Code Execution
VoteBox 2.0 - Votebox.php Remote File Inclusion
VoteBox 2.0 - 'Votebox.php' Remote File Inclusion
McNews 1.x - install.php Arbitrary File Inclusion
McNews 1.x - 'install.php' Arbitrary File Inclusion
Vortex Portal 2.0 - content.php act Parameter Remote File Inclusion
Vortex Portal 2.0 - 'content.php' act Parameter Remote File Inclusion
phpBB 1.x/2.0.x - Knowledge Base Module KB.php SQL Injection
phpBB 1.x/2.0.x - (Knowledge Base Module) 'KB.php' SQL Injection
GrayCMS 1.1 - error.php Remote File Inclusion
GrayCMS 1.1 - 'error.php' Remote File Inclusion
PHP Poll Creator 1.0.1 - Poll_Vote.php Remote File Inclusion
PHP Poll Creator 1.0.1 - 'Poll_Vote.php' Remote File Inclusion
MWChat 6.7 - Start_Lobby.php Remote File Inclusion
MWChat 6.7 - 'Start_Lobby.php' Remote File Inclusion
Popper Webmail 1.41 - ChildWindow.Inc.php Remote File Inclusion
Popper Webmail 1.41 - 'ChildWindow.Inc.php' Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 - Config_Settings.php Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 - 'Config_Settings.php' Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 - Top_Graph_Header.php Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 - 'Top_Graph_Header.php' Remote File Inclusion
MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion
MyGuestbook 0.6.1 - 'Form.Inc.php3' Remote File Inclusion
Comdev eCommerce 3.0 - config.php Remote File Inclusion
Comdev eCommerce 3.0 - 'config.php' Remote File Inclusion
PHPWebNotes 2.0 - Api.php Remote File Inclusion
PHPWebNotes 2.0 - 'Api.php' Remote File Inclusion
Autolinks 2.1 Pro - Al_initialize.php Remote File Inclusion
Autolinks 2.1 Pro - 'Al_initialize.php' Remote File Inclusion
MySource 2.14 - Socket.php PEAR_PATH Remote File Inclusion
MySource 2.14 - Request.php PEAR_PATH Remote File Inclusion
MySource 2.14 - 'Socket.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Request.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - mail.php PEAR_PATH Remote File Inclusion
MySource 2.14 - Date.php PEAR_PATH Remote File Inclusion
MySource 2.14 - Span.php PEAR_PATH Remote File Inclusion
MySource 2.14 - mimeDecode.php PEAR_PATH Remote File Inclusion
MySource 2.14 - mime.php PEAR_PATH Remote File Inclusion
MySource 2.14 - 'mail.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Date.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Span.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mimeDecode.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mime.php' 'PEAR_PATH' Remote File Inclusion
Help Center Live 1.0/1.2/2.0 - module.php Local File Inclusion
Help Center Live 1.0/1.2/2.0 - 'module.php' Local File Inclusion
Tru-Zone Nuke ET 3.x - Search Module SQL Injection
Tru-Zone Nuke ET 3.x - (Search Module) SQL Injection
vtiger CRM 4.2 - RSS Aggregation Module Feed Cross-Site Scripting
vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting
CF_Nuke 4.6 - index.cfm Local File Inclusion
CF_Nuke 4.6 - 'index.cfm' Local File Inclusion
Tolva 0.1 - Usermods.php Remote File Inclusion
Tolva 0.1 - 'Usermods.php' Remote File Inclusion
SPiD 1.3.1 - Scan_Lang_Insert.php Local File Inclusion
SPiD 1.3.1 - 'Scan_Lang_Insert.php' Local File Inclusion
PHORUM 3.x/5.x - Common.php Remote File Inclusion
PHORUM 3.x/5.x - 'Common.php' Remote File Inclusion
SPIP 1.8.3 - Spip_login.php Remote File Inclusion
SPIP 1.8.3 - 'Spip_login.php' Remote File Inclusion
CyBoards PHP Lite 1.21/1.25 - Common.php Remote File Inclusion
CyBoards PHP Lite 1.21/1.25 - 'Common.php' Remote File Inclusion
Monster Top List 1.4 - functions.php Remote File Inclusion
Monster Top List 1.4 - 'functions.php' Remote File Inclusion
I-RATER Platinum - Common.php Remote File Inclusion
I-RATER Platinum - 'Common.php' Remote File Inclusion
I-RATER Platinum - Config_settings.TPL.php Remote File Inclusion
I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion
Advanced Guestbook 2.x - Addentry.php Remote File Inclusion
Advanced Guestbook 2.x - 'Addentry.php' Remote File Inclusion
DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion
phpBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion
DMCounter 0.9.2 -b - 'Kopf.php' Remote File Inclusion
phpBB Knowledge Base 2.0.2 - 'Mod KB_constants.php' Remote File Inclusion
ISPConfig 2.2.2/2.2.3 - Session.INC.php Remote File Inclusion
ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion
RadScripts RadLance 7.0 - popup.php Local File Inclusion
RadScripts RadLance 7.0 - 'popup.php' Local File Inclusion
osTicket 1.x - Open_form.php Remote File Inclusion
osTicket 1.x - 'Open_form.php' Remote File Inclusion
Squirrelmail 1.4.x - Redirect.php Local File Inclusion
Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
phpBB 2.0.x - template.php Remote File Inclusion
phpBB 2.0.x - 'template.php' Remote File Inclusion
phpBB - BBRSS.php Remote File Inclusion
phpBB - 'BBRSS.php' Remote File Inclusion
eNpaper1 - Root_Header.php Remote File Inclusion
eNpaper1 - 'Root_Header.php' Remote File Inclusion
CrisoftRicette 1.0 - Cookbook.php Remote File Inclusion
CrisoftRicette 1.0 - 'Cookbook.php' Remote File Inclusion
MF Piadas 1.0 - admin.php Remote File Inclusion
MF Piadas 1.0 - 'admin.php' Remote File Inclusion
SiteBuilder-FX - top.php Remote File Inclusion
SiteBuilder-FX - 'top.php' Remote File Inclusion
Blog:CMS 4.1 - Thumb.php Remote File Inclusion
Blog:CMS 4.1 - 'Thumb.php' Remote File Inclusion
Extcalendar 2.0 - Extcalendar.php Remote File Inclusion
Extcalendar 2.0 - 'Extcalendar.php' Remote File Inclusion
RW::Download - stats.php Remote File Inclusion
RW::Download - 'stats.php' Remote File Inclusion
PHP Event Calendar 1.4 - calendar.php Remote File Inclusion
PHP Event Calendar 1.4 - 'calendar.php' Remote File Inclusion
Forum 5 - pm.php Local File Inclusion
Forum 5 - 'pm.php' Local File Inclusion
Advanced Poll 2.0.2 - common.inc.php Remote File Inclusion
Advanced Poll 2.0.2 - 'common.inc.php' Remote File Inclusion
Prince Clan Chess Club 0.8 - Include.PCchess.php Remote File Inclusion
Prince Clan Chess Club 0.8 - 'Include.PCchess.php' Remote File Inclusion
Bosdates 3.x/4.0 - Payment.php Remote File Inclusion
Bosdates 3.x/4.0 - 'Payment.php' Remote File Inclusion
Moskool 1.5 Component - Admin.Moskool.php Remote File Inclusion
Moskool 1.5 Component - 'Admin.Moskool.php' Remote File Inclusion
WoW Roster 1.5 - hsList.php subdir Parameter Remote File Inclusion
WoW Roster 1.5 - 'hsList.php' 'subdir' Parameter Remote File Inclusion
VWar 1.5 - war.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - member.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - calendar.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - challenge.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - joinus.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - news.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - stats.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'war.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'member.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'calendar.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'challenge.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'joinus.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'news.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'stats.php' vwar_root Parameter Remote File Inclusion
Mafia Moblog 6 - Big.php Remote File Inclusion
Mafia Moblog 6 - 'Big.php' Remote File Inclusion
WEBinsta Mailing List Manager 1.3 - Install3.php Remote File Inclusion
WEBinsta Mailing List Manager 1.3 - 'Install3.php' Remote File Inclusion
Zen Cart Web Shopping Cart 1.x - autoload_func.php autoLoadConfig[999][0][loadFile] Parameter Remote File Inclusion
Zen Cart Web Shopping Cart 1.x - 'autoload_func.php' 'autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion
Jetbox CMS 2.1 - Search_function.php Remote File Inclusion
Jetbox CMS 2.1 - 'Search_function.php' Remote File Inclusion
In-portal In-Link 2.3.4 - ADODB_DIR.php Remote File Inclusion
In-portal In-Link 2.3.4 - 'ADODB_DIR.php' Remote File Inclusion
PHP-Proxima 6.0 - BB_Smilies.php Local File Inclusion
PHP-Proxima 6.0 - 'BB_Smilies.php' Local File Inclusion
WM-News 0.5 - print.php Local File Inclusion
Ractive Popper 1.41 - Childwindow.Inc.php Remote File Inclusion
WM-News 0.5 - 'print.php' Local File Inclusion
Ractive Popper 1.41 - 'Childwindow.Inc.php' Remote File Inclusion
Exporia 0.3 - Common.php Remote File Inclusion
Exporia 0.3 - 'Common.php' Remote File Inclusion
My-BIC 0.6.5 - Mybic_Server.php Remote File Inclusion
My-BIC 0.6.5 - 'Mybic_Server.php' Remote File Inclusion
Geotarget - script.php Remote File Inclusion
Geotarget - 'script.php' Remote File Inclusion
PHPSelect Web Development - index.php3 Remote File Inclusion
PHPSelect Web Development - 'index.php3' Remote File Inclusion
PHP Web Scripts Easy Banner - functions.php Remote File Inclusion
PHP Web Scripts Easy Banner - 'functions.php' Remote File Inclusion
PHP Polling Creator 1.03 - functions.inc.php Remote File Inclusion
PHP Polling Creator 1.03 - 'functions.inc.php' Remote File Inclusion
Softerra PHP Developer Library 1.5.3 - Grid3.lib.php Remote File Inclusion
BlueShoes Framework 4.6 - GoogleSearch.php Remote File Inclusion
Tagit2b - DelTagUser.php Remote File Inclusion
Softerra PHP Developer Library 1.5.3 - 'Grid3.lib.php' Remote File Inclusion
BlueShoes Framework 4.6 - 'GoogleSearch.php' Remote File Inclusion
Tagit2b - 'DelTagUser.php' Remote File Inclusion
CommunityPortals 1.0 - bug.php Remote File Inclusion
CommunityPortals 1.0 - 'bug.php' Remote File Inclusion
PHP TopSites FREE 1.022b - config.php Remote File Inclusion
PHP TopSites FREE 1.022b - 'config.php' Remote File Inclusion
Buzlas 2006-1 Full - Archive_Topic.php Remote File Inclusion
Buzlas 2006-1 Full - 'Archive_Topic.php' Remote File Inclusion
phpBB Add Name Module - Not_Mem.php Remote File Inclusion
phpBB Add Name Module - 'Not_Mem.php' Remote File Inclusion
RamaCMS - ADODB.Inc.php Remote File Inclusion
H-Sphere Webshell 2.x - 'login.php' Cross-Site Scripting
Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion
Lodel CMS 0.7.3 - Calcul-page.php Remote File Inclusion
RamaCMS - 'ADODB.Inc.php' Remote File Inclusion
H-Sphere WebShell 2.x - 'login.php' Cross-Site Scripting
Mambo Module MOStlyCE 4.5.4 - 'HTMLTemplate.php' Remote File Inclusion
Lodel CMS 0.7.3 - 'Calcul-page.php' Remote File Inclusion
Maintain 3.0.0-RC2 - Example6.php Remote File Inclusion
Maintain 3.0.0-RC2 - 'Example6.php' Remote File Inclusion
Zorum 3.5 - DBProperty.php Remote File Inclusion
Zorum 3.5 - 'DBProperty.php' Remote File Inclusion
PHPMyConferences 8.0.2 - Init.php Remote File Inclusion
PHPMyConferences 8.0.2 - 'Init.php' Remote File Inclusion
PHPTreeView 1.0 - TreeViewClass.php Remote File Inclusion
PHPTreeView 1.0 - 'TreeViewClass.php' Remote File Inclusion
PLS-Bannieres 1.21 - Bannieres.php Remote File Inclusion
PLS-Bannieres 1.21 - 'Bannieres.php' Remote File Inclusion
The Search Engine Project 0.942 - Configfunction.php Remote File Inclusion
The Search Engine Project 0.942 - 'Configfunction.php' Remote File Inclusion
KnowledgeBuilder 2.2 - visEdit_Control.Class.php Remote File Inclusion
KnowledgeBuilder 2.2 - 'visEdit_Control.Class.php' Remote File Inclusion
NewP News Publishing System 1.0 - Class.Database.php Remote File Inclusion
NewP News Publishing System 1.0 - 'Class.Database.php' Remote File Inclusion
Advanced Guestbook 2.3.1 - admin.php Remote File Inclusion
Advanced Guestbook 2.3.1 - 'admin.php' Remote File Inclusion
@cid Stats 2.3 - Install.php3 Remote File Inclusion
@cid Stats 2.3 - 'Install.php3' Remote File Inclusion
PHPMyChat 0.14/0.15 - Languages.Lib.php Local File Inclusion
PHPMyChat 0.14/0.15 - 'Languages.Lib.php' Local File Inclusion
PHPdebug 1.1 - Debug_test.php Remote File Inclusion
PHPdebug 1.1 - 'Debug_test.php' Remote File Inclusion
eXtreme-fusion 4.02 - Fusion_Forum_View.php Local File Inclusion
eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion
Easy Banner Pro 2.8 - info.php Remote File Inclusion
Edit-X - Edit_Address.php Remote File Inclusion
Easy Banner Pro 2.8 - 'info.php' Remote File Inclusion
Edit-X - 'Edit_Address.php' Remote File Inclusion
OpenEMR 2.8.2 - Import_XML.php Remote File Inclusion
OpenEMR 2.8.2 - 'Import_XML.php' Remote File Inclusion
PHPProbid 5.24 - Lang.php Remote File Inclusion
PHPProbid 5.24 - 'Lang.php' Remote File Inclusion
MySQLNewsEngine - Affichearticles.php3 Remote File Inclusion
MySQLNewsEngine - 'Affichearticles.php3' Remote File Inclusion
Meganoide's News 1.1.1 - Include.php Remote File Inclusion
Meganoide's News 1.1.1 - 'Include.php' Remote File Inclusion
Shop Kit Plus - StyleCSS.php Local File Inclusion
Shop Kit Plus - 'StyleCSS.php' Local File Inclusion
Pickle 0.3 - download.php Local File Inclusion
Active Calendar 1.2 - showcode.php Local File Inclusion
Pickle 0.3 - 'download.php' Local File Inclusion
Active Calendar 1.2 - 'showcode.php' Local File Inclusion
JCCorp URLShrink Free 1.3.1 - CreateURL.php Remote File Inclusion
JCCorp URLShrink Free 1.3.1 - 'CreateURL.php' Remote File Inclusion
Weekly Drawing Contest 0.0.1 - Check_Vote.php Local File Inclusion
Weekly Drawing Contest 0.0.1 - 'Check_Vote.php' Local File Inclusion
WordPress < 2.1.2 - PHP_Self Cross-Site Scripting
WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
Satel Lite - Satellite.php Local File Inclusion
Satel Lite - 'Satellite.php' Local File Inclusion
eCardMAX HotEditor 4.0 - Keyboard.php Local File Inclusion
eCardMAX HotEditor 4.0 - 'Keyboard.php' Local File Inclusion
MyNews 4.2.2 - Week_Events.php Remote File Inclusion
MyNews 4.2.2 - 'Week_Events.php' Remote File Inclusion
Web Service Deluxe News Manager 1.0.1 Deluxe - footer.php Local File Inclusion
Actionpoll 1.1 - Actionpoll.php Remote File Inclusion
Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion
Actionpoll 1.1 - 'Actionpoll.php' Remote File Inclusion
Fully Modded PHPBB2 - phpbb_root_path Remote File Inclusion
Fully Modded PHPBB2 - 'phpbb_root_path' Remote File Inclusion
PHP Turbulence 0.0.1 - Turbulence.php Remote File Inclusion
PHP Turbulence 0.0.1 - 'Turbulence.php' Remote File Inclusion
Allfaclassifieds 6.04 - Level2.php Remote File Inclusion
PHPMyBibli 1.32 - Init.Inc.php Remote File Inclusion
Allfaclassifieds 6.04 - 'Level2.php' Remote File Inclusion
PHPMyBibli 1.32 - 'Init.Inc.php' Remote File Inclusion
ACVSWS - Transport.php Remote File Inclusion
ACVSWS - 'Transport.php' Remote File Inclusion
Lms 1.5.x - RTMessageAdd.php Remote File Inclusion
Lms 1.5.x - 'RTMessageAdd.php' Remote File Inclusion
MyNewsGroups 0.6 - Include.php Remote File Inclusion
PHPMyTGP 1.4 - AddVIP.php Remote File Inclusion
MyNewsGroups 0.6 - 'Include.php' Remote File Inclusion
PHPMyTGP 1.4 - 'AddVIP.php' Remote File Inclusion
Comus 2.0 - Accept.php Remote File Inclusion
Comus 2.0 - 'Accept.php' Remote File Inclusion
HTMLEditBox 2.2 - config.php Remote File Inclusion
DynaTracker 1.5.1 - includes_handler.php base_path Remote File Inclusion
DynaTracker 1.5.1 - action.php base_path Remote File Inclusion
HTMLEditBox 2.2 - 'config.php' Remote File Inclusion
DynaTracker 1.5.1 - 'includes_handler.php' 'base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'action.php' 'base_path' Remote File Inclusion
Doruk100Net - Info.php Remote File Inclusion
Doruk100Net - 'Info.php' Remote File Inclusion
PHPSecurityAdmin 4.0.2 - Logout.php Remote File Inclusion
PHPSecurityAdmin 4.0.2 - 'Logout.php' Remote File Inclusion
PHP Content Architect 0.9 pre 1.2 - MFA_Theme.php Remote File Inclusion
PHP Content Architect 0.9 pre 1.2 - 'MFA_Theme.php' Remote File Inclusion
PHPHostBot 1.05 - Authorize.php Remote File Inclusion
PHPHostBot 1.05 - 'Authorize.php' Remote File Inclusion
PHMe 0.0.2 - Function_List.php Local File Inclusion
PHMe 0.0.2 - 'Function_List.php' Local File Inclusion
VietPHP - _functions.php dirpath Parameter Remote File Inclusion
VietPHP - admin/index.php language Parameter Remote File Inclusion
VietPHP - '_functions.php' dirpath Parameter Remote File Inclusion
VietPHP - 'admin/index.php' language Parameter Remote File Inclusion
Coppermine Photo Gallery 1.3/1.4 - YABBSE.INC.php Remote File Inclusion
Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion
Shoutbox 1.0 - Shoutbox.php Remote File Inclusion
Shoutbox 1.0 - 'Shoutbox.php' Remote File Inclusion
Web News 1.1 - feed.php config[root_ordner] Parameter Remote File Inclusion
Web News 1.1 - news.php config[root_ordner] Parameter Remote File Inclusion
Lib2 PHP Library 0.2 - My_Statistics.php Remote File Inclusion
Web News 1.1 - 'feed.php' 'config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'news.php' 'config[root_ordner]' Parameter Remote File Inclusion
Lib2 PHP Library 0.2 - 'My_Statistics.php' Remote File Inclusion
Dalai Forum 1.1 - forumreply.php Local File Inclusion
Firesoft - Class_TPL.php Remote File Inclusion
Dalai Forum 1.1 - 'forumreply.php' Local File Inclusion
Firesoft - 'Class_TPL.php' Remote File Inclusion
PHP-Nuke 8.0 - autohtml.php Local File Inclusion
PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion
Content Builder 0.7.5 - postComment.php Remote File Inclusion
Content Builder 0.7.5 - 'postComment.php' Remote File Inclusion
Jeebles Technology Jeebles Directory 2.9.60 - download.php Local File Inclusion
Jeebles Technology Jeebles Directory 2.9.60 - 'download.php' Local File Inclusion
PHPbasic basicFramework 1.0 - Includes.php Remote File Inclusion
PHPbasic basicFramework 1.0 - 'Includes.php' Remote File Inclusion
Galmeta Post 0.2 - Upload_Config.php Remote File Inclusion
Galmeta Post 0.2 - 'Upload_Config.php' Remote File Inclusion
MyBlog 1.x - Games.php ID Remote File Inclusion
MyBlog 1.x - 'Games.php' 'ID' Remote File Inclusion
PHPMyTourney 2 - tourney/index.php Remote File Inclusion
PHPMyTourney 2 - 'tourney/index.php' Remote File Inclusion
W-Agora 4.0 - add_user.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - create_forum.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - create_user.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - delete_notes.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - delete_user.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - edit_forum.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - mail_users.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - moderate_notes.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - reorder_forums.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'add_user.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'create_forum.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'create_user.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'delete_notes.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'delete_user.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'edit_forum.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'mail_users.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'moderate_notes.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'reorder_forums.php' bn_dir_default Parameter Remote File Inclusion
XOOPS 2.0.18 - modules/system/admin.php fct Parameter Traversal Local File Inclusion
XOOPS 2.0.18 - 'modules/system/admin.php' 'fct' Parameter Traversal Local File Inclusion
Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Webshell
Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Web Shell
C99Shell 1.0 Pre-Release build 16 - 'ch99.php' Cross-Site Scripting
C99Shell 1.0 Pre-Release build 16 (Web Shell) - 'ch99.php' Cross-Site Scripting
C99 Shell - 'c99.php' Authentication Bypass
C99Shell (Web Shell) - 'c99.php' Authentication Bypass
W-Agora 4.2.1 - search.php3 bn Parameter Traversal Local File Inclusion
W-Agora 4.2.1 - 'search.php3' 'bn' Parameter Traversal Local File Inclusion
Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' Remote PHP Code Execution
Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' PHP Remote Code Execution
MySQLDumper 1.24.4 - 'menu.php' Remote PHP Code Execution
MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / Remote PHP Code Execution
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution
Zend Framework 2.4.2 - XML eXternal Entity Injection (XXE) on PHP FPM
Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection
Nuts CMS - Remote PHP Code Injection / Execution
Nuts CMS - PHP Remote Code Injection / Execution
WordPress Plugin WP Super Cache - Remote PHP Code Execution
WordPress Plugin WP Super Cache - PHP Remote Code Execution
b374k Web Shell 3.2.3/2.8 - Cross-Site Request Forgery / Command Injection
b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection
Ovidentia online Module 2.8 - GLOBALS[babAddonPhpPath] Remote File Inclusion
Ovidentia online Module 2.8 - 'GLOBALS[babAddonPhpPath]' Remote File Inclusion
XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection
XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection
ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials Remote SYSTEM Code Execution
ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials SYSTEM Remote Code Execution
Apache - HTTP OPTIONS Memory Leak
Apache < 2.2.34 / < 2.4.27 - HTTP OPTIONS Memory Leak
Foodspotting Clone 1.0 - SQL Injection
iTech Gigs Script 1.20 - 'cat' Parameter SQL Injection
Tecnovision DLX Spot - Authentication Bypass
Tecnovision DLX Spot - Arbitrary File Upload
2017-09-20 05:01:20 +00:00
Offensive Security
ef4c288da7
DB: 2017-09-19
...
16 new exploits
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1)
Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (1)
Cam2pc 4.6.2 - BMP Image Processing Integer Overflow
Cam2pc 4.6.2 - '.BMP' Image Processing Integer Overflow
Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering Unspecified Buffer Overflow
Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering CMP Fencepost Denial of Service
Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Unspecified Buffer Overflow
Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering CMP Fencepost Denial of Service
Apple QuickTime 6.4/6.5/7.0.x - PictureViewer JPEG/PICT File Buffer Overflow
Apple QuickTime 6.4/6.5/7.0.x - PictureViewer '.JPEG'/.PICT' File Buffer Overflow
Tony Cook Imager 0.4x - JPEG and TGA Images Denial of Service
Tony Cook Imager 0.4x - '.JPEG' / '.TGA' Images Denial of Service
Microsoft Windows Kernel - 'win32k!NtQueryCompositionSurfaceBinding' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetFontResourceInfoInternalW' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure
Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure
Adobe Reader X 10.1.4.38 - BMP/RLE Heap Corruption
Adobe Reader X 10.1.4.38 - '.BMP'/'.RLE' Heap Corruption
XV 3.x - BMP Parsing Local Buffer Overflow
XV 3.x - '.BMP' Parsing Local Buffer Overflow
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2)
GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized JPEG Image Access
GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized '.JPEG' Image Access
Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload (Metasploit)
Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit)
XOOPS 2.3.2 - (mydirname) Remote PHP Code Execution
XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution
Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)
UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass
iBall ADSL2+ Home Router - Authentication Bypass
Apache - HTTP OPTIONS Memory Leak
2017-09-19 05:01:33 +00:00
g0tmi1k
4dbf77e268
Merge pull request #102 from g0tmi1k/searchsploit
...
Fix #101 - Git update issue & echo standard
2017-09-18 18:27:28 +01:00
g0tmi1k
fc086df901
Fix #101 - Git update issue & echo standard.
2017-09-18 18:22:53 +01:00
Offensive Security
bc6f82924c
DB: 2017-09-18
...
3 new exploits
Netdecision 5.8.2 - Local Privilege Escalation
PTCEvolution 5.50 - SQL Injection
Contact Manager 1.0 - 'femail' Parameter SQL Injection
2017-09-18 05:01:20 +00:00
Offensive Security
db8b5bc2fe
DB: 2017-09-16
...
6 new exploits
D-Link (Wireless Access Point) - (Fragmented UDP) Denial of Service
D-Link Wireless Access Point - Fragmented UDP Denial of Service
D-Link Router - UPNP Stack Overflow Denial of Service (PoC)
D-Link Devices - UPNP Stack Overflow Denial of Service (PoC)
Jungo DriverWizard WinDriver <= 12.4.0 - Kernel Pool Overflow
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation
MusicDaemon 0.0.3 - Remote Denial of Service / /etc/shadow Stealer (2)
MusicDaemon 0.0.3 - Remote Denial of Service / '/etc/shadow' Stealer (2)
D-Link (DWL Series) Access-Point 2.10na - Config Disclosure
D-Link DWL Series Access-Point 2.10na - Config Disclosure
Microsoft Internet Explorer 4/5 - DHTML Edit ActiveX Control File Stealing and Cross Frame Access
Microsoft Internet Explorer 4/5 - DHTML Edit ActiveX Control File Stealing / Cross Frame Access
D-Link Airspot DSA-3100 Gateway - Login_error.SHTML Cross-Site Scripting
D-Link Airspot DSA-3100 Gateway - 'Login_error.SHTML' Cross-Site Scripting
D-Link - Authentication.cgi Buffer Overflow (Metasploit)
D-Link - hedwig.cgi Buffer Overflow in Cookie Header (Metasploit)
D-Link Devices - Authentication.cgi Buffer Overflow (Metasploit)
D-Link Devices - 'hedwig.cgi' Buffer Overflow in Cookie Header (Metasploit)
D-Link - info.cgi POST Request Buffer Overflow (Metasploit)
D-Link Devices - 'info.cgi' POST Request Buffer Overflow (Metasploit)
D-Link - Unauthenticated UPnP M-SEARCH Multicast Command Injection (Metasploit)
D-Link Devices - Unauthenticated UPnP M-SEARCH Multicast Command Injection (Metasploit)
D-Link - Cookie Command Execution (Metasploit)
D-Link Devices - Cookie Command Execution (Metasploit)
D-Link ADSL Router DSL-2730U/2750U/2750E - Remote File Disclosure
D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure
Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit)
D-Link DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit)
Astaro Security Gateway 7 - Remote Code Execution
D-link DIR-600M - Cross-Site Request Forgery
D-Link DIR-600M - Cross-Site Request Forgery
DLink DSL-2730U Wireless N 150 - Cross-Site Request Forgery
D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery
XYZ Auto Classifieds 1.0 - SQL Injection
Consumer Review Script 1.0 - SQL Injection
D-Link DIR8xx Routers - Leak Credentials
D-Link DIR8xx Routers - Root Remote Code Execution
D-Link DIR8xx Routers - Local Firmware Upload
2017-09-16 05:01:22 +00:00
Offensive Security
6e81f8d635
DB: 2017-09-15
...
13 new exploits
MPlayer - '.SAMI' Subtitle File Buffer Overflow (DEP Bypass) (Metasploit)
Trend Micro Control Manager - ImportFile Directory Traversal RCE (Metasploit)
Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution (Metasploit)
EMC AlphaStor Library Manager < 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit)
EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit)
Lockstep Backup for Workgroups 4.0.3 - Buffer Overflow (Metasploit)
Disk Pulse Server 2.2.34 - GetServerInfo Buffer Overflow (Metasploit)
haneWIN DNS Server 1.5.3 - Buffer Overflow (Metasploit)
KingScada AlarmServer 3.1.2.13 - Stack Buffer Overflow (Metasploit)
Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit)
Enterprise Edition Payment Processor Script 3.7 - SQL Injection
Adserver Script 5.6 - SQL Injection
PTC KSV1 Script 1.7 - 'type' Parameter SQL Injection
Theater Management Script - SQL Injection
Justdial Clone Script - 'fid' Parameter SQL Injection
2017-09-15 05:01:22 +00:00
Offensive Security
183eb53e48
DB: 2017-09-14
...
44 new exploits
Mako Web Server 2.5 - Multiple Vulnerabilities
ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit)
Trend Micro Control Manager - ImportFile Directory Traversal RCE (Metasploit)
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)
Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit)
Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit)
Motorola Netopia Netoctopus SDCS - Stack Buffer Overflow (Metasploit)
Alienvault Open Source SIEM (OSSIM) < 4.7.0 - 'get_license' Remote Command Execution (Metasploit)
Infinite Automation Mango Automation - Command Injection (Metasploit)
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit)
EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution (Metasploit)
EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit)
Dameware Mini Remote Control 4.0 - Username Stack Buffer Overflow (Metasploit)
Cloudview NMS < 2.00b - Arbitrary File Upload (Metasploit)
Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution (Metasploit)
Alienvault OSSIM av-centerd 4.7.0 - 'get_log_line' Command Injection (Metasploit)
Microsoft Windows .NET Framework - Remote Code Execution
ICLowBidAuction 3.3 - SQL Injection
ICMLM 2.1 - 'key' Parameter SQL Injection
ICHotelReservation 3.3 - 'key' Parameter SQL Injection
ICAuction 2.2 - 'id' Parameter SQL Injection
ICDoctor Appointment 1.3 - 'key' Parameter SQL Injection
ICRestaurant software 1.4 - 'key' Parameter SQL Injection
ICDutchAuction 1.2 - SQL Injection
ICAutosales 2.2 - SQL Injection
ICTraveling 2.2 - Authentication Bypass
ICStudents 1.2 - 'key' Parameter SQL Injection
ICClassifieds 1.1 - SQL Injection
ICSurvey 1.1 - SQL Injection
ICJewelry 1.1 - 'key' Parameter SQL Injection
IC-T-Shirt 1.2 - 'key' Parameter SQL Injection
ICProductConfigurator 1.1 - 'key' Parameter SQL Injection
ICGrocery 1.1 - 'key' Parameter SQL Injection
ICCallLimousine 1.1 - 'key' Parameter SQL Injection
ICProjectBidding 1.1 - SQL Injection
ICDental Clinic 1.2 - 'key' Parameter SQL Injection
ICEstate 1.1 - 'id' Parameter SQL Injection
ICHelpDesk 1.1 - 'pk' Parameter SQL Injection
ICSiteBuilder 1.1 - SQL Injection
ICAffiliateTracking 1.1 - Authentication Bypass
Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit)
Carlo Gavazzi Powersoft 2.1.1.1 - Directory Traversal File Disclosure (Metasploit)
Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)
Carel PlantVisor 2.4.4 - Directory Traversal
2017-09-14 05:01:22 +00:00
Offensive Security
590c03106b
DB: 2017-09-13
...
15 new exploits
tcprewrite - Heap-Based Buffer Overflow
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization
Docker Daemon - Unprotected TCP Socket
Jungo DriverWizard WinDriver <= 12.4.0 - Kernel Pool Overflow
Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
osTicket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
PHP Dashboards NEW 4.4 - Arbitrary File Read
PHP Dashboards NEW 4.4 - SQL Injection
JobStar Monster Clone Script 1.0 - SQL Injection
iTech Book Store Script 2.02 - SQL Injection
iTech StockPhoto Script 2.02 - SQL Injection
EduStar Udemy Clone Script 1.0 - SQL Injection
AirStar Airbnb Clone Script 1.0 - SQL Injection
osTicket 1.10 - SQL Injection
FoodStar 1.0 - SQL Injection
Gr8 Multiple Search Engine Script 1.0 - SQL Injection
inClick Cloud Server 5.0 - SQL Injection
2017-09-13 05:01:22 +00:00
Offensive Security
36667e62bc
DB: 2017-09-12
...
6 new exploits
Docker Daemon - Unprotected TCP Socket (Metasploit)
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (192 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes)
Nimble Professional 1.0 - Cross-Site Request Forgery (Update Admin)
FiberHome ADSL AN1020-25 - Improper Access Restrictions
WiseGiga NAS - Multiple Vulnerabilities
2017-09-12 05:01:25 +00:00
Offensive Security
7744909119
DB: 2017-09-11
...
11 new exploits
Just Dial Marketplace Script - Authentication Bypass
Just Dial Marketplace - Authentication Bypass
Online Print Business 1.0 - SQL Injection
Escort Marketplace 1.0 - SQL Injection
Babysitter Website Script 1.0 - SQL Injection
Job Board Software 1.0 - SQL Injection
RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities
Just Dial Marketplace 1.0 - SQL Injection
Professional Service Booking 1.0 - SQL Injection
Restaurant Website Script 1.0 - SQL Injection
Law Firm 1.0 - SQL Injection
Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection
My Builder Marketplace 1.0 - SQL Injection
2017-09-11 05:01:21 +00:00
Offensive Security
eabeaa97ef
DB: 2017-09-10
2017-09-10 05:01:26 +00:00
Offensive Security
8ab6c39fe1
DB: 2017-09-09
...
4 new exploits
Hexamail Server 3.0.0.001 - (pop3) Unauthenticated Remote Overflow (PoC)
Hexamail Server 3.0.0.001 - 'pop3' Unauthenticated Remote Overflow (PoC)
Noticeware E-mail Server 5.1.2.2 - (POP3) Unauthenticated Denial of Service
Noticeware E-mail Server 5.1.2.2 - 'POP3' Unauthenticated Denial of Service
BIND 8.2.2-P5 - Denial of Service
ISC BIND 8.2.2-P5 - Denial of Service
opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)
Photoshop CC2014 and Bridge CC 2014 - '.gif' Parsing Memory Corruption
Photoshop CC2014 and Bridge CC 2014 - '.png' Parsing Memory Corruption
Photoshop CC2014 / Bridge CC 2014 - '.gif' Parsing Memory Corruption
Photoshop CC2014 / Bridge CC 2014 - '.png' Parsing Memory Corruption
/usr/bin/trn - Local Exploit (not suid)
/usr/bin/trn (Not SUID) - Local Exploit
Oracle 10g - SYS.LT.COMPRESSWORKSPACETREE SQL Injection (1)
Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (1)
Oracle 10g - SYS.LT.COMPRESSWORKSPACETREE SQL Injection (2)
Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (2)
opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4)
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4)
Jungo DriverWizard WinDriver - Kernel Pool Overflow
Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation
Jungo DriverWizard WinDriver < v12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (1)
ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (1)
BIND 8.2.x - 'TSIG' Stack Overflow (1)
BIND 8.2.x - 'TSIG' Stack Overflow (2)
BIND 8.2.x - 'TSIG' Stack Overflow (3)
BIND 8.2.x - 'TSIG' Stack Overflow (4)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (1)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (2)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (3)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (4)
Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1)
Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2)
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (1)
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (2)
Mercur MailServer 5.0 SP3 - (IMAP) Remote Buffer Overflow (1)
Mercur MailServer 5.0 SP3 - 'IMAP' Remote Buffer Overflow (1)
Mercur MailServer 5.0 SP3 - (IMAP) Remote Buffer Overflow (2)
Mercur MailServer 5.0 SP3 - 'IMAP' Remote Buffer Overflow (2)
QK SMTP 3.01 - (RCPT TO) Remote Buffer Overflow (1)
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (1)
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2)
ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (2)
QK SMTP 3.01 - (RCPT TO) Remote Buffer Overflow (2)
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2)
ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)
ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)
BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (Metasploit)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (Python)
BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning Exploit (Metasploit)
BIND 9.x - Remote DNS Cache Poisoning Exploit (Python)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit
BIND 9.x - Remote DNS Cache Poisoning Exploit
BIND 9.5.0-P2 - (randomized ports) Remote DNS Cache Poisoning Exploit
BIND 9.5.0-P2 - 'Randomized Ports' Remote DNS Cache Poisoning Exploit
Belkin Wireless G router + ADSL2 modem - Authentication Bypass
Belkin Wireless G Router / ADSL2 Modem - Authentication Bypass
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1)
Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (1)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2)
Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (2)
Solaris in.TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)
Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)
Solaris in.TelnetD - TTYPROMPT Buffer Overflow (Metasploit)
Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)
Multiple OSes - BIND Buffer Overflow (1)
Multiple OSes - BIND Buffer Overflow (2)
ISC BIND (Linux/BSD) - Buffer Overflow (1)
ISC BIND (Multiple OSes) - Buffer Overflow (2)
Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (1)
Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (2)
Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (1)
Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (2)
Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change
Shuttle Tech ADSL Modem/Router 915 WM - Unauthenticated Remote DNS Change
Poison Ivy 2.1.x - C2 Buffer Overflow (Metasploit)
Poison Ivy 2.1.x (C2 Server) - Buffer Overflow (Metasploit)
Gh0st Client - Buffer Overflow (Metasploit)
Gh0st Client (C2 Server) - Buffer Overflow (Metasploit)
zFeeder 1.6 - 'admin.php' Unauthenticated
zFeeder 1.6 - 'admin.php' Unauthenticated Admin Bypass
CompactCMS 1.4.0 - (tiny_mce) Arbitrary File Upload
CompactCMS 1.4.0 - 'tiny_mce' Arbitrary File Upload
Achievo 1.4.3 - Multiple Authorisation Flaws
Achievo 1.4.3 - Multiple Authorisation Vulnerabilities
CompactCMS 1.4.1 - Multiple Vulnerabilities
phpDenora 1.4.6 - Multiple SQL Injections
Joomla! Component 'com_niceajaxpoll' 1.3.0 - SQL Injection
Psunami Bulletin Board 0.x - Psunami.cgi Remote Command Execution (1)
Psunami Bulletin Board 0.x - Psunami.cgi Remote Command Execution (2)
Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (1)
Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (2)
CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (2)
PlaySms 1.4 - Remote Code Execution
PlaySMS 1.4 - 'sendfromfile.php' Remote Code Execution / Unrestricted File Upload
Ultimate HR System <= 1.2 - Directory Traversal / Cross-Site Scripting
Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting
EzBan 5.3 - 'id' Parameter SQL Injection
EzInvoice 6.02 - SQL Injection
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting
Huawei HG255s - Directory Traversal
2017-09-09 05:01:22 +00:00
Offensive Security
67b3da92e4
DB: 2017-09-08
...
4 new exploits
Tor - Linux Sandbox Breakout via X11
Tor (Linux) - X11 Linux Sandbox Breakout
Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution
Gh0st Client - Buffer Overflow (Metasploit)
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Root Remote Code Execution
Ultimate HR System <= 1.2 - Directory Traversal / Cross-Site Scripting
Online Invoice System 3.0 - SQL Injection
2017-09-08 05:01:20 +00:00
Offensive Security
a1eeba1263
DB: 2017-09-07
...
9 new exploits
Sambar FTP Server 6.4 - (SIZE) Remote Denial of Service
Sambar FTP Server 6.4 - 'SIZE' Remote Denial of Service
Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)
Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)
2WIRE DSL Router (xslt) - Denial of Service
2WIRE DSL Router - 'xslt' Denial of Service
ooVoo 1.7.1.35 - (URL Protocol) Remote Unicode Buffer Overflow (PoC)
ooVoo 1.7.1.35 - 'URL Protocol' Remote Unicode Buffer Overflow (PoC)
Optimal Archive 1.38 - '.zip' File (SEH) (PoC)
Optimal Archive 1.38 - '.zip' File Exploit (SEH) (PoC)
Subtitle Translation Wizard 3.0.0 - (SEH) (PoC)
Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC)
Virtual DJ Trial 6.1.2 - Buffer Overflow (SEH) Crash (PoC)
Virtual DJ Trial 6.1.2 - Buffer Overflow Crash (SEH) (PoC)
VideoLAN VLC Media Player 1.1.9 - XSPF Local File Integer Overflow in XSPF Playlist parser
VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow
Winlog Lite SCADA HMI system - (SEH) Overwrite
Winlog Lite SCADA HMI system - Overwrite (SEH)
FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC)
FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC)
Sony PC Companion 2.1 - (DownloadURLToFile()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Load()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (CheckCompatibility()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow
Sambar Server 6.0 - results.stm Post Request Buffer Overflow
Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow
Samba nttrans Reply - Integer Overflow
Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) Denial of Service
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service)
i.FTP 2.21 - (SEH) Overflow Crash (PoC)
i.FTP 2.21 - Overflow Crash (SEH) (PoC)
Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC)
Sam Spade 1.14 - Scan From IP Address Field Overflow Crash (SEH) (PoC)
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite (SEH) Buffer Overflow
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH)
Network Scanner 4.0.0.0 - (SEH)Crash (PoC)
Network Scanner 4.0.0.0 - Crash (SEH) (PoC)
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service)
Symantec AntiVirus - Remote Stack Buffer Overflow in dec2lha Library
Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow
WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales
WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow
Firebird 1.0.2 FreeBSD 4.7-RELEASE - Privilege Escalation
Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Privilege Escalation
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH)
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode)
Quick Player 1.2 - Unicode Buffer Overflow
DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit
Quick Player 1.2 - Unicode Buffer Overflow (1)
DJ Studio Pro 5.1.6.5.2 - Exploit (SEH)
Quick Player 1.2 - Unicode Buffer Overflow (Bindshell)
Quick Player 1.2 - Unicode Buffer Overflow (2)
Winamp 5.572 - (SEH) Exploit
Winamp 5.572 - Exploit (SEH)
ZipScan 2.2c - (SEH) Exploit
ZipScan 2.2c - Exploit (SEH)
Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit)
Winamp 5.572 - 'whatsnew.txt' Exploit (SEH) (Metasploit)
Mediacoder 0.7.3.4672 - (SEH) Exploit
Mediacoder 0.7.3.4672 - Exploit (SEH)
SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow (PoC)
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC)
MoreAmp - '.maf' Local Stack Buffer Overflow (SEH) (calc)
BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow
MoreAmp - '.maf' Local Stack Buffer Overflow (SEH)
BlazeDVD 6.0 - '.plf' File Universal Buffer Overflow (SEH)
ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit)
ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass (SEH) (Metasploit)
MP3 Workstation 9.2.1.1.2 - (SEH) Exploit
MP3 Workstation 9.2.1.1.2 - Exploit (SEH)
DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit
DJ Studio Pro 8.1.3.2.1 - Exploit (SEH)
MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit)
MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit)
iworkstation 9.3.2.1.4 - (SEH) Exploit
iworkstation 9.3.2.1.4 - Exploit (SEH)
Winamp 5.6 - Arbitrary Code Execution in MIDI Parser
Winamp 5.6 - 'MIDI Parser' Arbitrary Code Execution
BS.Player 2.57 - Buffer Overflow (Unicode SEH)
BS.Player 2.57 - Buffer Overflow (SEH Unicode)
Nokia MultiMedia Player 1.0 - (SEH Unicode)
Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode)
POP Peeper 3.7 - (SEH) Exploit
POP Peeper 3.7 - Exploit (SEH)
Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (Unicode SEH)
Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (SEH Unicode)
BS.Player 2.57 - Buffer Overflow (Unicode SEH) (Metasploit)
BS.Player 2.57 - Buffer Overflow (SEH Unicode) (Metasploit)
DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit)
DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit)
Samba 2.0.7 SWAT - Logfile Permissions
Samba 2.0.7 - SWAT Logfile Permissions
Static HTTP Server 1.0 - (SEH) Overflow
Static HTTP Server 1.0 - Overflow (SEH)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (SEH Unicode)
Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH) 'UNICODE'
Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH Unicode)
GOM Player 2.2.53.5169 - Buffer Overflow (SEH) (.reg)
GOM Player 2.2.53.5169 - '.reg' Buffer Overflow (SEH)
Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter)
Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)
Total Commander 8.52 - Overwrite (SEH) Buffer Overflow
Total Commander 8.52 - Overwrite Buffer Overflow (SEH)
TECO SG2 LAD Client 3.51 - '.gen' Overwrite (SEH) Buffer Overflow
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite (SEH) Buffer Overflow
TECO SG2 LAD Client 3.51 - '.gen' Overwrite Buffer Overflow (SEH)
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite Buffer Overflow (SEH)
Jungo DriverWizard WinDriver - Kernel Pool Overflow
Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation
Tor - Linux Sandbox Breakout via X11
Samba < 2.2.8 (Linux/BSD) - Remote Code Execution
Samba 3.0.4 SWAT - Authorisation Buffer Overflow
Samba 3.0.4 - SWAT Authorisation Buffer Overflow
BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) Universal
BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH)
Samba 2.2.x - nttrans Overflow (Metasploit)
Samba 2.2.x - 'nttrans' Overflow (Metasploit)
BigAnt Server 2.52 - (SEH) Exploit
BigAnt Server 2.52 - Exploit (SEH)
File Sharing Wizard 1.5.0 - (SEH) Exploit
File Sharing Wizard 1.5.0 - Exploit (SEH)
Samba - 'Username' map script' Command Execution (Metasploit)
Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)
Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
Samba 2.2.8 (BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
Samba 2.0.7 SWAT - Logging Failure
Samba 2.0.7 - SWAT Logging Failure
Sambar Server 4.4/5.0 - pagecount File Overwrite
Sambar Server 4.4/5.0 - 'pagecount' File Overwrite
Sambar Server 5.x - results.stm Cross-Site Scripting
Sambar Server 5.x - 'results.stm' Cross-Site Scripting
Samba SMB 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow
Samba 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow
BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass)
BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based Exploit (SEH) (ASLR + DEP Bypass)
Sambar 5.x - Open Proxy / Authentication Bypass
Sambar Server 5.x - Open Proxy / Authentication Bypass
Sambar Server 6.1 Beta 2 - show.asp show Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - showperf.asp title Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - showini.asp Arbitrary File Access
Sambar Server 6.1 Beta 2 - 'show.asp' show Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - 'showperf.asp' title Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - 'showini.asp' Arbitrary File Access
Sambar Server 5.x/6.0/6.1 - results.stm indexname Cross-Site Scripting
Sambar Server 5.x/6.0/6.1 - 'results.stm' indexname Cross-Site Scripting
Ruby 1.9.1 - WEBrick Terminal Escape Sequence in Logs Command Injection
Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection
Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection
Varnish 2.0.6 - 'Terminal Escape Sequence in Logs' Command Injection
Yaws 1.55 - Terminal Escape Sequence in Logs Command Injection
Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection
Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection
Orion Application Server 2.0.7 - 'Terminal Escape Sequence in Logs' Command Injection
Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH)
Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH)
Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures
WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures
PHP-Nuke 8.0 - Cross-Site Scripting / HTML Code Injection in News Module
PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection
PHP-decoda - Cross-Site Scripting In Video Tag
PHP-decoda - 'Video Tag' Cross-Site Scripting
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API
vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting
vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection
Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)
WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear'
WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation
FineCMS 1.0 - Multiple Vulnerabilities
FineCMS 1.0 - Multiple Vulnerabilities
A2billing 2.x - SQL Injection
Cory Support - 'pr' Parameter SQL Injection
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection
2017-09-07 05:01:26 +00:00
Offensive Security
69443c8521
DB: 2017-09-06
...
5 new exploits
Samba 2.2.8 - Remote Code Execution
Samba < 2.2.8 (Linux/BSD) - Remote Code Execution
Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution
A2billing 2.x - Backup File Download / Remote Code Execution
iGreeting Cards 1.0 - SQL Injection
WordPress Plugin Participants Database < 1.7.5.10 - Cross-Site Scripting
The Car Project 1.0 - SQL Injection
2017-09-06 05:01:20 +00:00
Offensive Security