exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	635e0e935f	DB: 2017-07-15 4 new exploits Counter Strike: Condition Zero - '.BSP' Map File Code Execution Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) WDTV Live SMP 2.03.20 - Remote Password Reset	2017-07-15 05:01:21 +00:00
Offensive Security	2f83b6c1be	DB: 2017-07-14 6 new exploits Novell Groupwise 6.5.3 Client - Local Integer Overflow Novell Groupwise Client 6.5.3 - Local Integer Overflow SLMail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities SLmail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities Novell Client 4.91 SP4 - Privilege Escalation Novell Client 4.91 SP4 - Local Privilege Escalation Novell Client 4.91 SP4 - nwfs.sys Privilege Escalation (Metasploit) Novell Client 4.91 SP4 - 'nwfs.sys' Privilege Escalation (Metasploit) Novell Client 2 SP3 - Privilege Escalation Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation Linux Kernel 4.8.0 (Ubuntu) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1) Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1) Novell iPrint Client Browser Plugin - call-back-url Stack Overflow Novell iPrint Client Browser Plugin - 'call-back-url' Stack Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit) Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit) Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2) Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3) Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2) Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3) Skype for Business 2016 - Cross-Site Scripting DataTaker DT80 dEX 1.50.012 - Information Disclosure Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download	2017-07-14 05:01:24 +00:00
Offensive Security	e796424f76	DB: 2017-07-13	2017-07-13 05:01:23 +00:00
Offensive Security	ed107bc711	DB: 2017-07-12 9 new exploits Apache 2.0.52 - HTTP GET request Denial of Service Apache 2.0.52 - GET Request Denial of Service Microsoft IIS - Malformed HTTP Request Denial of Service (1) Microsoft IIS - Malformed HTTP Request Denial of Service (2) Microsoft IIS - HTTP Request Denial of Service (1) Microsoft IIS - HTTP Request Denial of Service (2) Microsoft IIS - Malformed HTTP Request Denial of Service Microsoft IIS - HTTP Request Denial of Service Adobe Acrobat Reader 8.1.2 - Malformed '.PDF' Remote Denial of Service (PoC) Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC) Allegro RomPager 2.10 - Malformed URL Request Denial of Service Allegro RomPager 2.10 - URL Request Denial of Service AVM KEN! 1.3.10/1.4.30 - Malformed Request Remote Denial of Service AVM KEN! 1.3.10/1.4.30 - Remote Denial of Service Netwin SurgeFTP 1.0b - Malformed Request Denial of Service Netwin SurgeFTP 1.0b - Denial of Service iCal 3.7 - Malformed HTTP Request Denial of Service iCal 3.7 - HTTP Request Denial of Service 3ware Disk Managment 1.10 - Malformed HTTP Request Denial of Service 3ware Disk Managment 1.10 - HTTP Request Denial of Service Pi3Web 2.0.1 - Malformed GET Request Denial of Service Pi3Web 2.0.1 - GET Request Denial of Service Loom Software SurfNow 1.x/2.x - Remote HTTP GET Request Denial of Service Loom Software SurfNow 1.x/2.x - Remote GET Request Denial of Service Linksys PSUS4 PrintServer - Malformed HTTP POST Request Denial of Service Linksys PSUS4 PrintServer - POST Request Denial of Service Multiple IEA Software Products - HTTP POST Request Denial of Service Multiple IEA Software Products - POST Request Denial of Service Linksys WRH54G 1.1.3 Wireless-G Router - Malformed HTTP Request Denial of Service Linksys WRH54G 1.1.3 Wireless-G Router - HTTP Request Denial of Service Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial of Service Geo++ GNCASTER 1.4.0.7 - GET Request Denial of Service D-Link WBR-2310 1.0.4 - HTTP GET Request Remote Buffer Overflow D-Link WBR-2310 1.0.4 - GET Request Remote Buffer Overflow Pelco VideoXpert 1.12.105 - Privilege Escalation Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Information Disclosuree PlanetDNS PlanetWeb 1.14 - Malformed Request Remote Buffer Overflow PlanetDNS PlanetWeb 1.14 - Remote Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - Malformed SOCKS4 Request Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow Omnicron OmniHTTPd 2.x/3.0 - Get Request Buffer Overflow Omnicron OmniHTTPd 2.x/3.0 - GET Request Buffer Overflow JBoss 3.x/4.0.2 - Malformed HTTP Request Remote Information Disclosure JBoss 3.x/4.0.2 - HTTP Request Remote Information Disclosure Easy File Sharing Web Server 7.2 - GET HTTP Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - HEAD HTTP Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - HEAD Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH) Microsoft Windows Windows 8/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (DEP Bypass) NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (DEP Bypass) Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) (Generator) - HTTP/1.x requests Shellcode (18+ bytes / 26+ bytes) (Generator) - HTTP/1.x Requests Shellcode (18+ bytes / 26+ bytes) Linux/x86-64 - flush iptables rules Shellcode (84 bytes) Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86 - Self-modifying for IDS evasion Shellcode (64 bytes) Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes) Linux/x86 - Bind 8000/TCP + Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - File unlinker Shellcode (18+ bytes) Linux/x86 - Perl script execution Shellcode (99+ bytes) Linux/x86 - file reader Shellcode (65+ bytes) Linux/x86 - File Unlinker Shellcode (18+ bytes) Linux/x86 - Perl Script Execution Shellcode (99+ bytes) Linux/x86 - File Reader Shellcode (65+ bytes) Linux/x86 - Add Root User 'r00t' Without Password To /etc/passwd Shellcode (69 bytes) Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes) Linux/x86 - execve /bin/sh anti-ids Shellcode (40 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 - Add User 'xtz' without Password to /etc/passwd Shellcode (59 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) Shellcode (39 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Radically Self Modifying Code Shellcode (70 bytes) Linux/x86 - Magic Byte Self Modifying Code Shellcode (76 bytes) Linux/x86 - Radically Self-Modifying Shellcode (70 bytes) Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes) Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes) Linux/x86 - chmod 666 shadow ENCRYPT Shellcode (75 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - Add User 't00r' Shellcode (82 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - execve /bin/sh encrypted Shellcode (58 bytes) Linux/x86 - execve /bin/sh xor encrypted Shellcode (55 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - Add User 'z' Shellcode (70 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - hard / unclean reboot Shellcode (29 bytes) Linux/x86 - hard / unclean reboot Shellcode (33 bytes) Linux/x86 - Hard / Unclean Reboot Shellcode (29 bytes) Linux/x86 - Hard / Unclean Reboot Shellcode (33 bytes) Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes) Linux - Drop SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes) Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) Linux - Find all writeable folder in filesystem polymorphic Shellcode (91 bytes) Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes) Linux/x86 - setuid(0) + setgid(0) + add user 'iph' Without Password to /etc/passwd Polymorphic Shellcode Linux/x86 - Search For php/html Writable Files and Add Your Code Shellcode (380+ bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - Search For PHP/HTML Writable Files and Add Your Code Shellcode (380+ bytes) Linux/x86 - Remote Port Forwarding Shellcode (87 bytes) Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes) Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337) Shellcode (92 bytes) Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) Shellcode (77 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes) Linux/x86 - Add Map google.com to 127.1.1.1 Obfuscated Shellcode (98 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - /bin/sh ROT7 Encoded Shellcode Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Linux/x86 - /bin/sh ROL/ROR Encoded Shellcode Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux/x86-64 - Bind NetCat Shellcode (64 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Reverse zsh 9090/TCP Shellcode (80 bytes) Linux/x86 - Reverse ZSH 127.255.255.254:9090/TCP Shellcode (80 bytes) Linux - Multi/Dual mode execve(_/bin/sh__ NULL_ 0) Shellcode (37 bytes) Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes) Linux - execve(_/bin/sh__ NULL_ 0) Multi/Dual Mode Shellcode (37 bytes) Linux - Reverse Shell Multi/Dual Mode Shellcode (Genearator) (129 bytes) Linux - Dual/Multi mode Bind Shell Shellcode (156 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux/x86-64 - Reverse NetCat Shellcode (72 bytes) Linux/x86-64 - Reverse NetCat Polymorphic Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shellcode (106 bytes) Simple Machines Forum (SMF) 1.1.6 - HTTP POST Request Filter Security Bypass Simple Machines Forum (SMF) 1.1.6 - POST Request Filter Security Bypass NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access) Pelco Sarix/Spectra Cameras - Remote Code Execution Pelco VideoXpert 1.12.105 - Directory Traversal Pelco VideoXpert 1.12.105 - Information Disclosure NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection	2017-07-12 05:01:24 +00:00
Offensive Security	4407c920f7	DB: 2017-07-11 2 new exploits NfSen < 1.3.7 / AlienVault OSSIM < 5.3.6 - Privilege Escalation Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow Microsoft Internet Explorer - jscript9 JavaScriptStackWalker Memory Corruption (MS15-056) Microsoft Internet Explorer 9 - 'jscript9' JavaScriptStackWalker Memory Corruption (MS15-056) NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection	2017-07-11 05:01:26 +00:00
Offensive Security	c78e91e6e8	DB: 2017-07-10 1 new exploits Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (DEP Bypass)	2017-07-10 05:01:20 +00:00
Offensive Security	22bf5da098	DB: 2017-07-08 2 new exploits Firefox 54.0.1 - Denial of Service Lepide Auditor Suite - 'createdb()' Web Console Database Injection Remote Code Execution Lepide Auditor Suite - 'createdb()' Web Console Database Injection / Remote Code Execution Yaws 1.91 - Remote File Disclosure Price Comparison Script 2017.1.8 - SQL Injection Clickbank Affiliate Marketplace Script 2017 - SQL Injection	2017-07-08 05:01:21 +00:00
Offensive Security	d3536f6bef	DB: 2017-07-07 3 new exploits LibTIFF - 'tif_dirwrite.c' Denial of Service LibTIFF - 'tif_jbig.c' Denial of Service LibTIFF - '_TIFFVGetField (tiffsplit)' Out-of-Bounds Read	2017-07-07 05:01:20 +00:00
Offensive Security	9a0992d704	DB: 2017-07-06 3 new exploits GoAutoDial 3.3 - Authentication Bypass / Command Injection (Metasploit) Lepide Auditor Suite - 'createdb()' Web Console Database Injection Remote Code Execution (Generator) - /bin/sh Polymorphic Shellcode with printable ASCII characters (Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) - Alphanumeric Shellcode Encoder/Decoder (Generator) - Alphanumeric Shellcode (Encoder/Decoder) Win32 - Multi-Format Shellcode Encoding Tool (Generator) Win32 - Multi-Format Encoding Tool Shellcode (Generator) Linux/x86 - Self-modifying Shellcode for IDS evasion (64 bytes) Linux/x86 - Self-modifying for IDS evasion Shellcode (64 bytes) Linux/x86 - Listens for Shellcode on 5555/TCP + Jumps to it (83 bytes) Linux/x86 - Listens on 5555/TCP + Jumps to it Shellcode (83 bytes) Linux/x86 - Shellcode Obfuscator Linux/x86 - Shellcode Obfuscator (Generator) Linux/x86 - Connectback Shellcode 127.0.0.1:31337/TCP (74 bytes) Linux/x86 - Connectback 127.0.0.1:31337/TCP Shellcode (74 bytes) OpenBSD/x86 - Add user _w00w00_ (112 Shellcode bytes) OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes) Solaris/SPARC - connect-bac Shellcode k (204 bytes) Solaris/SPARC - connect-back Shellcode (204 bytes) Win32 - Download + Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Download + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes) Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader Shellcode (249 bytes) Windows XP/2000/2003 - Connect Back Shellcode for Overflow (275 bytes) Windows XP/2000/2003 - Overflow Connect Back Shellcode (275 bytes) Windows - Safari JS JITed Shellcode - exec calc (ASLR/DEP bypass) Safari 4.0.5 - 5.0.0 (Windows XP / 7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Win32 - Shellcode Checksum Routine (18 bytes) Win32 - Checksum Routine Shellcode (18 bytes) Linux/MIPS - XOR Shellcode Encoder (60 bytes) Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes) Linux/x86 - custom execve-Shellcode Encoder/Decoder Linux/x86 - Execve /bin/sh Shellcode Via Push (21 bytes) Linux/x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes) Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Execve /bin/sh Via Push Shellcode (21 bytes) Linux/x86-64 - Execve /bin/sh Via Push Shellcode (23 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Python) (Generator) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python) Linux/x86 - /bin/sh Shellcode + ASLR Bruteforce Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode Linux/x86 - Bind Netcat Shellcode with Port (44/52 bytes) Linux/x86 - Bind Netcat with Port Shellcode (44/52 bytes) Linux/x86 - Reverse TCP Shellcode (67 bytes)	2017-07-06 05:01:24 +00:00
Offensive Security	c89aecde1c	DB: 2017-07-05 5 new exploits Easy File Sharing WebServer 1.25 - Denial of Service Easy File Sharing Web Server 1.25 - Denial of Service Twilight WebServer 1.3.3.0 - (GET) Remote Denial of Service Twilight WebServer 1.3.3.0 - 'GET' Remote Denial of Service Kolibri+ WebServer 2 - GET Request Denial of Service Kolibri+ Web Server 2 - GET Request Denial of Service Microsoft FrontPage Personal WebServer 1.0 - PWS Denial of Service Microsoft FrontPage Personal Web Server 1.0 - PWS Denial of Service Michael Lamont Savant WebServer 2.0 - NULL Character Denial of Service Michael Lamont Savant Web Server 2.0 - NULL Character Denial of Service Savant WebServer 3.1 - Malformed Content-Length Denial of Service Savant Web Server 3.1 - Malformed Content-Length Denial of Service Twilight WebServer 1.3.3.0 - GET Request Buffer Overflow Twilight WebServer 1.3.3.0 - 'GET' Request Buffer Overflow Savant WebServer 3.1 - Denial of Service Savant Web Server 3.1 - Denial of Service Media Player Classic 1.5 - (MPC) WebServer Request Handling Remote Denial of Service Media Player Classic (MPC) 1.5 - WebServer Request Handling Remote Denial of Service Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow Savant Web Server 3.1 (French Windows)- Remote Buffer Overflow PMsoftware Simple Web Server 1.0 - Remote Stack Overflow PMSoftware Simple Web Server 1.0 - Remote Stack Overflow NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow NaviCOPA Web Server 2.01 - 'GET' Remote Buffer Overflow NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow (Metasploit) NaviCOPA Web Server 2.01 - 'GET' Remote Buffer Overflow (Metasploit) velocity Web-Server 1.0 - Directory Traversal Velocity Web-Server 1.0 - Directory Traversal Navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure NaviCOPA Web Server 3.0.1 - Buffer Overflow / Script Source Disclosure NaviCopa WebServer 3.01 - Remote Buffer Overflow NaviCOPA Web Server 3.01 - Remote Buffer Overflow Kolibri+ WebServer 2 - Source Code Disclosure kolibri+ WebServer 2 - Directory Traversal Kolibri+ WebServer 2 - GET Request Remote Overwrite (SEH) Kolibri+ Web Server 2 - Source Code Disclosure kolibri+ Web Server 2 - Directory Traversal Kolibri+ Web Server 2 - GET Request Remote Overwrite (SEH) mongoose Web server 2.11 - Directory Traversal Mongoose Web Server 2.11 - Directory Traversal quickphp Web server 1.9.1 - Directory Traversal QuickPHP Web Server 1.9.1 - Directory Traversal simple Web-Server 1.2 - Directory Traversal Simple Web Server 1.2 - Directory Traversal Microsoft FrontPage personal WebServer 1.0/personal Web server 4.0 - Directory Traversal Microsoft FrontPage Personal Web Server 1.0/4.0 - Directory Traversal Michael Lamont Savant WebServer 2.1 - CGI Source Code Disclosure Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure Michael Lamont Savant WebServer 2.1/3.0 - Buffer Overflow Michael Lamont Savant Web Server 2.1/3.0 - Buffer Overflow BEA Systems Weblogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow goahead WebServer 2.0/2.1 - Directory Traversal GoAhead Web Server 2.0/2.1 - Directory Traversal GoAhead WebServer 2.1.x - URL Encoded Slash Directory Traversal GoAhead WebServer 2.1.x - Error Page Cross-Site Scripting GoAhead Web Server 2.1.x - URL Encoded Slash Directory Traversal GoAhead Web Server 2.1.x - Error Page Cross-Site Scripting GoAhead WebServer 2.1 - Arbitrary Command Execution GoAhead Web Server 2.1 - Arbitrary Command Execution Savant WebServer 3.1 - File Disclosure Savant Web Server 3.1 - File Disclosure keyfocus kf Web server 1.0.8 - Directory Traversal Key Focus KF Web Server 1.0.8 - Directory Traversal MiniHTTPServer WebForums Server 1.x/2.0 - Directory Traversal MiniHTTPServer Web Forums Server 1.x/2.0 - Directory Traversal telcondex SimpleWebserver 2.13.31027 build 3289 - Directory Traversal TelCondex SimpleWebserver 2.13.31027 build 3289 - Directory Traversal GoAhead WebServer 2.1.x - ASP Script File Source Code Disclosure GoAhead Web Server 2.1.x - .ASP Script File Source Code Disclosure GoAhead WebServer 2.1.x - Directory Management Policy Bypass GoAhead Web Server 2.1.x - Directory Management Policy Bypass py software active webcam WebServer 4.3/5.5 - Multiple Vulnerabilities PY Software Active Webcam 4.3/5.5 - WebServer Multiple Vulnerabilities Oracle Weblogic Server 10.3 - 'console-help.portal' Cross-Site Scripting Oracle WebLogic Server 10.3 - 'console-help.portal' Cross-Site Scripting Boa Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection GoAhead WebServer 2.18 - addgroup.asp group Parameter Cross-Site Scripting GoAhead WebServer 2.18 - addlimit.asp url Parameter Cross-Site Scripting GoAhead WebServer 2.18 - adduser.asp Multiple Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addgroup.asp' 'group' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addlimit.asp' 'url' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'adduser.asp' Multiple Parameter Cross-Site Scripting GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities GoAhead Web Server 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities Home Web Server 1.9.1 build 164 - Remote Code Execution Home Web Server 1.9.1 (build 164) - Remote Code Execution Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) BSD/x86 - Portbind Port 31337 Shellcode (83 bytes) BSD/x86 - Portbind Random Port Shellcode (143 bytes) BSD/x86 - Bind 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes) BSD/x86 - Reverse Portbind 6969/TCP Shellcode (129 bytes) FreeBSD/x86 - setreuid_ execve(pfctl -d) Shellcode (56 bytes) FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes) FreeBSD/x86 - rev connect_ recv_ jmp_ return results Shellcode (90 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - Reverse Portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - encrypted Shellcode /bin/sh (48 bytes) FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Bind 4883/TCP with Auth Shellcode (222 bytes) FreeBSD/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh Shellcode (44 bytes) FreeBSD/x86 - chown 0:0 + chmod 6755 + execve /tmp/sh Shellcode (44 bytes) Linux/x86 - Portbind Shellcode (Generator) Windows XP SP1 - Portbind Shellcode (Generator) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) Cisco IOS - Bind Shellcode Password Protected (116 bytes) Cisco IOS - Bind Password Protected Shellcode (116 bytes) Linux/x86-64 - connect-back semi-stealth Shellcode (88+ bytes) Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes) Linux/x86-64 - Connect Back Semi-Stealth Shellcode (88+ bytes) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/PPC - read & exec Shellcode (32 bytes) Linux/PPC - read + exec Shellcode (32 bytes) Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/x86 - Forks a HTTP Server on port 8800/TCP Shellcode (166 bytes) Linux/x86 - Listens for Shellcode on 5555/TCP and jumps to it (83 bytes) Linux/x86 - Polymorphic Shellcode disable Network Card (75 bytes) Linux/x86 - Forks a HTTP Server on 8800/TCP Shellcode (166 bytes) Linux/x86 - Listens for Shellcode on 5555/TCP + Jumps to it (83 bytes) Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - /bin/sh polymorphic Shellcode (48 bytes) Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - Polymorphic chmod(_/etc/shadow__666) Shellcode (54 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial port shell binding & busybox Launching Shellcode (82 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) & exit(0) Shellcode (30 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode obfuscator Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes) Linux/x86 - Shellcode Obfuscator Linux/x86 - Connectback 54321/UDP Live Packet Capture Shellcode (151 bytes) Linux/x86 - setuid(0) & execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - Connect back (140.115.53.35:9999)_ download a file (cb) and execute Shellcode (149 bytes) Linux/x86 - Connectback (140.115.53.35:9999) + download a file (cb) + execute Shellcode (149 bytes) Linux/x86 - writes a php connectback shell (/var/www/cb.php) to the filesystem Shellcode (508 bytes) Linux/x86 - Writes A PHP connectback shell (/var/www/cb.php) To The Filesystem Shellcode (508 bytes) Linux/x86 - set system time to 0 and exit Shellcode (12 bytes) Linux/x86 - Add root user 'r00t' with no password to /etc/passwd Shellcode (69 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Add Root User 'r00t' Without Password To /etc/passwd Shellcode (69 bytes) Linux/x86 - forkbomb Shellcode (7 bytes) Linux/x86 - Fork Bomb Shellcode (7 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and execve() Shellcode (111+ bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - stdin re-open and /bin/sh exec Shellcode (39 bytes) Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes) Linux/x86 - setuid(0) and /bin/sh execve() Shellcode (30 bytes) Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes) Linux/x86 - Portbind 2707 Shellcode (84 bytes) Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - xor-encoded Connect Back (127.0.0.1:80) Shellcode (371 bytes) Linux/x86 - execve(/bin/sh) + ZIP Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + RTF Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + RIFF Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + Bitmap Header Shellcode (27 bytes) Linux/x86 - Connectback (127.0.0.1:80) (XOR Encoded) Shellcode (371 bytes) Linux/x86 - execve(/bin/sh) + .ZIP Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + .RTF Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + .RIFF Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + .BMP Bitmap Header Shellcode (27 bytes) Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes) Linux/x86 - Portbind Port 64713 Shellcode (86 bytes) Linux/x86 - Bind Password Authentication 64713/TCP Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and JMP Shellcode (68+ bytes) Linux/x86 - HTTP/1.x GET_ Downloads + JMP Shellcode (68+ bytes) Linux/x86 - execve /bin/sh Shellcode (encoded by +1) (39 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Connect-back Shellcode 127.0.0.1:31337/TCP (74 bytes) Linux/x86 - Connectback Shellcode 127.0.0.1:31337/TCP (74 bytes) Linux/x86 - Connect Back Shellcode (90 bytes) Linux/x86 - socket-proxy Shellcode (372 bytes) Linux/x86 - Connectback Shellcode (90 bytes) Linux/x86 - Socket-proxy Shellcode (372 bytes) Linux/x86 - chroot & standart Shellcode (66 bytes) Linux/x86 - upload & exec Shellcode (189 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - upload + exec Shellcode (189 bytes) Linux/x86 - alpha-numeric Shellcode (64 bytes) Linux/x86 - alpha-numeric using IMUL Method Shellcode (88 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - execve /bin/sh alphanumeric Shellcode (392 bytes) Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - shared memory exec Shellcode (50 bytes) Linux/x86 - Shared Memory exec Shellcode (50 bytes) Linux/x86 - Reverse telnet Shellcode (134 bytes) Linux/x86 - Reverse Telnet Shellcode (134 bytes) Linux/x86 - Portbind Port 5074 Shellcode (92 bytes) Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add user Shellcode (104 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - execve /bin/sh tolower() evasion Shellcode (41 bytes) Linux/x86 - execve of /bin/sh after setreuid(0_0) Shellcode (46+ bytes) Linux/x86 - execve /bin/sh (tolower() Evasion) Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve /bin/sh toupper() evasion Shellcode (55 bytes) Linux/x86 - execve /bin/sh (toupper() Evasion) Shellcode (55 bytes) Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes) NetBSD/x86 - Callback 6666/TCP Shellcode (83 bytes) OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OSX/PPC - execve(/bin/sh)_ exit() Shellcode (72 bytes) OSX/PPC - execve(/bin/sh) + exit() Shellcode (72 bytes) Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Portbind Shellcode (240 bytes) Solaris/x86 - Portbind TCP Shellcode (Generator) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) Shellcode (59 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/x86 - setuid(0) + execve(//bin/sh); + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(/bin/cat_ /etc/shadow) + exit(0) Shellcode (59 bytes) Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes) Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - Connectback_ receive_ save and execute Shellcode Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Tiny Download and Exec Shellcode (192 bytes) Win32 - Download & Execute Shellcode (124 bytes) Win32 - Connectback + receive + save + execute Shellcode Win32 - Download + Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Tiny Download + Exec Shellcode (192 bytes) Win32 - Download + Execute Shellcode (124 bytes) Win32 - Download & Exec Shellcode (226+ bytes) Win32 - Download + Exec Shellcode (226+ bytes) Windows XP/2000/2003 - Download File and Exec Shellcode (241 bytes) Windows XP - Download & Exec Shellcode Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes) Windows XP/2000/2003 - Download File + Exec Shellcode (241 bytes) Windows XP - Download + Exec Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) & execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) and cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) & exit() Shellcode (33 bytes) Linux/x86 - Linux/x86 execve() Shellcode (51 bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - execve() Shellcode (51 bytes) Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) Shellcode Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes) Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Linux/x86 - unlink(/etc/passwd) & exit() Shellcode (35 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Linux/x86 - fork bomb Shellcode (6 bytes) Linux/x86 - append '/etc/passwd' & exit() Shellcode (107 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - polymorphic Shellcode ip6tables -F (71 bytes) Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Windows XP/Vista/7 - JITed Egghunter Stage-0 Shellcode Adjusted Universal Linux/x86 - nc -lvve/bin/sh -p13377 Shellcode Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux - write() & exit(0) Shellcode genearator with customizable text Linux/x86 - polymorphic forkbombe Shellcode (30 bytes) Linux/x86 - forkbomb Shellcode (6 bytes) Linux/x86 - setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86 - sends 'Phuck3d!' to all terminals Shellcode (60 bytes) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) Shellcode (57 bytes) Windows XP SP2 (FR) - Download & Exec Shellcode Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Windows XP SP2 (FR) - Download + Exec Shellcode Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Linux/x86 - Polymorphic setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) Shellcode (39 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes) Linux/x86 - Netcat Connectback 8080/TCP Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() & exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) Shellcode (131 bytes) Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Linux/ARM - setuid(0) & kill(-1_ SIGKILL) Shellcode (28 bytes) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Linux/x86 - Polymorphic /bin/sh Shellcode (116 bytes) Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) Shellcode (84 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded Shellcode (78 bytes) Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (Generator) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) ARM - Bindshell Port 0x1337 Shellcode ARM - Bind Connect UDP Port 68 Shellcode ARM - Bind Shell Port 0x1337 Shellcode ARM - Bind Connect 68/UDP Shellcode BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Linux/SuperH (sh4) - setuid(0) / chmod(_/etc/shadow__ 0666) / exit(0) Shellcode (43 bytes) Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) Linux/x86 - egghunt Shellcode (29 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd Linux/x86 - setuid(0) + setgid(0) + add user 'iph' Without Password to /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add user _t0r_ with password _Winner_ Shellcode (189 bytes) Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86 - chmod 666 /etc/passwd & /etc/shadow Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes) Windows x86 - Password Protected TCP Bind Shellcode (637 bytes) Windows x86 - Bind TCP Password Protected Shellcode (637 bytes) Windows RT ARM - Bind Shell Port 4444 Shellcode Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows x86 - Persistent Reverse Shell TCP (494 Bytes) Windows x86 - Reverse Persistent TCP Shellcode (494 Bytes) Windows 7 x86 - Bind Shell TCP 4444 Shellcode (357 Bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Position independent & Alphanumeric execve(_/bin/sh\0__NULL_NULL); Shellcode (87 bytes) Linux/x86-64 - Position independent + execve(_/bin/sh\0__NULL_NULL); Alphanumeric Shellcode (87 bytes) Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Reverse TCP connect Shellcode (77 to 85 bytes / 90 to 98 bytes with password) Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Reverse TCP Connect Shellcode (77 to 85 bytes / 90 to 98 bytes with Password) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download & Execute Shellcode (Generator) Windows XP x86-64 - Download + Execute Shellcode (Generator) Linux/x86 - ROT13 encoded execve(_/bin/sh_) Shellcode (68 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - Obfuscated map google.com to 127.1.1.1 Shellcode (98 bytes) Linux/x86 - Obfuscated execve(_/bin/sh_) Shellcode (40 bytes) Linux/x86 - Add Map google.com to 127.1.1.1 Obfuscated Shellcode (98 bytes) Linux/x86 - execve(_/bin/sh_) Obfuscated Shellcode (40 bytes) Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow & exit() Shellcode (33 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - mkdir HACK & chmod 777 and exit(0) Shellcode (29 bytes) Linux/x86 - Netcat BindShell Port 5555 Shellcode (60 bytes) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86 - Download & Execute Shellcode Linux/x86 - Download + Execute Shellcode Linux/x86-64 - Encoded execve Shellcode (57 bytes) Linux/x86-64 - encoded execve Shellcode (57 bytes) Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86 - Egg Hunter Shellcode (19 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 and exit Shellcode (Generator) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes) Linux/x86-64 - egghunter Shellcode (24 bytes) Linux/x86-64 - Polymorphic execve Shellcode (31 bytes) Linux/x86-64 - Bind 31173/TCP Password Shellcode (92 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - Bind TCP Port Shellcode (103 bytes) Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bindshell 4444/TCP with Password Prompt Shellcode (162 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind 4444/TCP Password Prompt Shellcode (162 bytes) Linux/x86-64 - TCP Reverse Shell with Password Prompt Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password Prompt Shellcode (151 bytes) Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - shell_reverse_tcp with Password Polymorphic Shellcode (1) (122 bytes) Linux/x86-64 - shell_reverse_tcp with Password Polymorphic Shellcode (2) (135 bytes) Linux/x86 - Download & Execute Shellcode (135 bytes) Linux/x86-64 - Polymorphic Execve-Stack Shellcode (47 bytes) Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (1) (122 bytes) Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (2) (135 bytes) Linux/x86 - Download + Execute Shellcode (135 bytes) Linux/x86-64 - Execve-Stack Polymorphic Shellcode (47 bytes) Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes) Windows x86 - Download + Run via WebDAV Null-Free Shellcode (96 bytes) Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes) Linux/x86-64 - Bind Shell Shellcode (Generator) Linux/x86 - Bind 1472/TCP (IPv6) Shellcode (1250 bytes) Linux/x86-64 - Bind Shell Shellcode (Generator) Linux/x86 - Bindshell with Configurable Port Shellcode (87 bytes) Linux/x86 - Bind Shell Configurable Port Shellcode (87 bytes) Linux/x86 - Bind Shell Port 4444/TCP Shellcode (656 bytes) Linux/x86-64 - XOR Encode execve Shellcode (84 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Windows XP < 10 - Download & Execute Shellcode Windows XP < 10 - Download + Execute Shellcode Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes) Linux/x86 - Bind Shell Port 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind NetCat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86 - TCP Reverse Shellcode (75 bytes) Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password Shellcode (172 bytes) Linux/x86 - Reverse TCP Shellcode (75 bytes) Linux/x86-64 - Reverse Continuously Probing Shell via Socket + Port-range + Password Shellcode (172 bytes) Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes) Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes) Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes) Linux/x86 - Bind Netcat Shellcode with Port (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse zsh 9090/TCP Shellcode (80 bytes) Windows x86 - Keylogger Reverse UDP Shellcode (493 bytes) Windows x86 - Reverse UDP Keylogger Shellcode (493 bytes) Windows x64 - Download & Execute Shellcode (358 bytes) Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes) Windows x64 - Download + Execute Shellcode (358 bytes) Linux/x86 - Reverse Netcat (-e option disabled) Shell Shellcode (180 bytes) Windows x64 - Password Protected Bind Shellcode (825 bytes) Windows x64 - Bind Password Protected Shellcode (825 bytes) Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux - TCP Reverse Shell Shellcode (65 bytes) Linux/x86-64 - Reverse TCP Shellcode (65 bytes) Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes) Linux/x86-64 - Polymorphic Flush IPTables Shellcode (47 bytes) Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes) Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes) Linux/x86-64 - Setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse NetCat Shellcode (72 bytes) Linux/x86-64 - Reverse NetCat Polymorphic Shellcode (106 bytes) Linux/x86 - Encoded exceve(_/bin/sh_) Shellcode (44 Bytes) Linux/x86 - exceve(_/bin/sh_) Encoded Shellcode (44 Bytes) Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) simple WebServer 2.3-rc1 - Directory Traversal Simple Web Server 2.3-rc1 - Directory Traversal fastream netfile ftp/web server 6.5/6.7 - Directory Traversal Fastream NETFile FTP/Web Server 6.5/6.7 - Directory Traversal LiteWeb Server 2.5 - Authentication Bypass LiteWEB Web Server 2.5 - Authentication Bypass ActiveWeb Contentserver 5.6.2929 - Picture_Real_Edit.asp SQL Injection ActiveWeb Contentserver 5.6.2929 - 'Picture_Real_Edit.asp' SQL Injection Easy File Sharing WebServer 6.8 - Persistent Cross-Site Scripting Easy File Sharing Web Server 6.8 - Persistent Cross-Site Scripting CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning CMS Made Simple < 1.12.1 / < 2.1.3 - Web Server Cache Poisoning OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution	2017-07-05 05:01:23 +00:00
Offensive Security	6a2dd9562e	DB: 2017-07-04 6 new exploits Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - (Predictable PRNG) Brute Force SSH (Perl) OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - (Predictable PRNG) Brute Force SSH (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - (Predictable PRNG) Brute Force SSH (Python) Boa WebServer 0.94.x - Terminal Escape Sequence in Logs Command Injection Boa Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection eVestigator Forensic PenTester - MITM Remote Code Execution BestSafe Browser - MITM Remote Code Execution Personify360 7.5.2/7.6.1 - Improper Access Restrictions Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions Sophos Cyberoam - Cross-site scripting BOA Web Server 0.94.14rc21 - Arbitrary File Access	2017-07-04 05:01:21 +00:00
Offensive Security	da85974f2a	DB: 2017-07-01 3 new exploits LG MRA58K - 'ASFParser::SetMetaData' Stack Overflow Google Chrome - Out-of-Bounds Access in RegExp Stubs ActiveMQ < 5.14.0 - web shell upload (Metasploit) ActiveMQ < 5.14.0 - Web Shell Upload (Metasploit) Humax HG100R 2.0.6 - Backup File Download	2017-07-01 05:01:21 +00:00
Offensive Security	83c4965a4e	DB: 2017-06-30 2 new exploits LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow NetBSD - Stack Clash Proof of Concept FreeBSD - 'FGPU' Stack Clash Proof of Concept FreeBSD - 'FGPE' Stack Clash Proof of Concept FreeBSD - 'setrlimit' Stack Clash Proof of Concept NetBSD - 'Stack Clash' (PoC) FreeBSD - 'FGPU' Stack Clash (PoC) FreeBSD - 'FGPE' Stack Clash (PoC) FreeBSD - 'setrlimit' Stack Clash (PoC) Oracle Solaris 11.1 / 11.3 RSH - Local Root Stack Clash Exploit OpenBSD - 'at' Local Root Stack Clash Exploit Linux - 'offset2lib' Stack Clash Exploit Linux - 'ldso_hwcap' Local Root Stack Clash Exploit Linux - 'ldso_hwcap_64' Local Root Stack Clash Exploit Linux - 'ldso_dynamic' Local Root Stack Clash Exploit Oracle Solaris 11.1/11.3 (RSH) - Local Privilege Escalation 'Stack Clash' Exploit OpenBSD - 'at' Local Privilege Escalation 'Stack Clash' Exploit Linux Kernel - 'offset2lib' 'Stack Clash' Exploit Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' Local Privilege Escalation 'Stack Clash' Exploit Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' Local Privilege Escalation 'Stack Clash' Exploit Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' Local Privilege Escalation 'Stack Clash' Exploit Easy File Sharing Web Server 7.2 - GET HTTP Request (PassWD) Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (SEH) Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit) ActiveMQ < 5.14.0 - web shell upload (Metasploit)	2017-06-30 05:01:20 +00:00
Offensive Security	fa3bfa77fc	DB: 2017-06-29 14 new exploits NetBSD - Stack Clash Proof of Concept FreeBSD - 'FGPU' Stack Clash Proof of Concept FreeBSD - 'FGPE' Stack Clash Proof of Concept FreeBSD - 'setrlimit' Stack Clash Proof of Concept Flat Assembler 1.7.21 - Buffer Overflow Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH) Oracle Solaris 11.1 / 11.3 RSH - Local Root Stack Clash Exploit OpenBSD - 'at' Local Root Stack Clash Exploit Linux - 'offset2lib' Stack Clash Exploit Linux - 'ldso_hwcap' Local Root Stack Clash Exploit Linux - 'ldso_hwcap_64' Local Root Stack Clash Exploit Linux - 'ldso_dynamic' Local Root Stack Clash Exploit Easy File Sharing Web Server 7.2 - Unrestricted File Upload Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities	2017-06-29 05:01:19 +00:00
Offensive Security	28b54c9669	DB: 2017-06-28 4 new exploits OpenSSL ASN.1 < 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs OpenSSL ASN.1 < 0.9.6j/0.9.7b - Brute Forcer for Parsing Bugs Solaris 2.7 / 2.8 Catman - Local Insecure tmp Symlink Exploit Solaris 2.7/2.8 Catman - Local Insecure tmp Symlink Exploit RedHat 6.1 / 6.2 - TTY Flood Users Exploit RedHat 6.1/6.2 - TTY Flood Users Exploit Linux Kernel 2.4.x / 2.6.x - Assembler Inline Function Local Denial of Service Linux Kernel 2.4.x/2.6.x - Assembler Inline Function Local Denial of Service Linux Kernel 2.4.28 / 2.6.9 - 'scm_send Local' Denial of Service Linux Kernel 2.6.9 / 2.4.22-28 - 'igmp.c' Local Denial of Service Linux Kernel 2.4.28/2.6.9 - 'scm_send Local' Denial of Service Linux Kernel 2.4.22-28/2.6.9 - 'igmp.c' Local Denial of Service Linux Kernel 2.4.28 / 2.6.9 - vc_resize int Local Overflow Linux Kernel 2.4.28 / 2.6.9 - Memory Leak Local Denial of Service Linux Kernel 2.4.28 / 2.6.9 - 'ip_options_get' Local Overflow Linux Kernel 2.4.28/2.6.9 - vc_resize int Local Overflow Linux Kernel 2.4.28/2.6.9 - Memory Leak Local Denial of Service Linux Kernel 2.4.28/2.6.9 - 'ip_options_get' Local Overflow Apple Mac OSX 10.3.7 - Input Validation Flaw parse_machfile() Denial of Service Apple Mac OSX 10.3.7 - Input Validation Flaw 'parse_machfile()' Denial of Service Xaraya 1.0.0 RC4 - create() Denial of Service Xaraya 1.0.0 RC4 - 'create()' Denial of Service BitchX 1.1-final - do_hook() Remote Denial of Service BitchX 1.1-final - 'do_hook()' Remote Denial of Service Quake 3 Engine Client - CG_ServerCommand() Remote Overflow Quake 3 Engine Client - 'CG_ServerCommand()' Remote Overflow Apache (mod_rewrite) < 1.3.37 / 2.0.59 / 2.2.3 - Remote Overflow (PoC) Apache (mod_rewrite) < 1.3.37/2.0.59/2.2.3 - Remote Overflow (PoC) FreeBSD 5.4 / 6.0 - (ptrace PT_LWPINFO) Local Denial of Service FreeBSD 5.4/6.0 - (ptrace PT_LWPINFO) Local Denial of Service Asterisk 1.0.12 / 1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC) Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC) PHP 4.4.4/5.1.6 - htmlentities() Local Buffer Overflow (PoC) PHP 4.4.4/5.1.6 - 'htmlentities()' Local Buffer Overflow (PoC) Microsoft Windows - NetrWkstaUserEnum() Remote Denial of Service Microsoft Windows - 'NetrWkstaUserEnum()' Remote Denial of Service Apple Mac OSX 10.4.8 - AppleTalk ATPsndrsp() Heap Buffer Overflow (PoC) Apple Mac OSX 10.4.8 - AppleTalk 'ATPsndrsp()' Heap Buffer Overflow (PoC) Apple Mac OSX 10.4.x Kernel - shared_region_map_file_np() Memory Corruption Apple Mac OSX 10.4.x Kernel - 'shared_region_map_file_np()' Memory Corruption PHP 4.4.4 - Unserialize() ZVAL Reference Counter Overflow (PoC) Netrek 2.12.0 - pmessage2() Remote Limited Format String PHP 5 - wddx_deserialize() String Append Crash Asterisk 1.2.15 / 1.4.0 - Unauthenticated Remote Denial of Service PHP 4.4.4 - 'Unserialize()' ZVAL Reference Counter Overflow (PoC) Netrek 2.12.0 - 'pmessage2()' Remote Limited Format String PHP 5 - 'wddx_deserialize()' String Append Crash Asterisk 1.2.15/1.4.0 - Unauthenticated Remote Denial of Service Asterisk 1.2.16 / 1.4.1 - SIP INVITE Remote Denial of Service PHP 4.4.5 / 4.4.6 - session_decode() Double-Free (PoC) Asterisk 1.2.16/1.4.1 - SIP INVITE Remote Denial of Service PHP 4.4.5/4.4.6 - 'session_decode()' Double-Free (PoC) Opera 9.10 - alert() Remote Denial of Service Opera 9.10 - 'alert()' Remote Denial of Service PHP 5.2.3 - bz2 com_print_typeinfo() Denial of Service PHP 5.2.3 - glob() Denial of Service Asterisk < 1.2.22 / 1.4.8 / 2.2.1 - chan_skinny Remote Denial of Service PHP 5.2.3 - 'bz2 com_print_typeinfo()' Denial of Service PHP 5.2.3 - 'glob()' Denial of Service Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service Asterisk < 1.2.22 / 1.4.8 IAX2 channel driver - Remote Crash Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash HP ActiveX - 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC) HP - ActiveX 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC) EDraw Office Viewer Component 5.3 - FtpDownloadFile() Remote Buffer Overflow EDraw Office Viewer Component 5.3 - 'FtpDownloadFile()' Remote Buffer Overflow eXtremail 2.1.1 - memmove() Remote Denial of Service eXtremail 2.1.1 - 'memmove()' Remote Denial of Service Adobe Shockwave - ShockwaveVersion() Stack Overflow (PoC) Adobe Shockwave - 'ShockwaveVersion()' Stack Overflow (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Apple Mac OSX 10.4.x Kernel - 'i386_set_ldt()' Integer Overflow (PoC) OpenSSL < 0.9.7l / 0.9.8d - SSLv2 Client Crash SkyFex Client 1.0 - ActiveX Start() Method Remote Stack Overflow DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service (PoC) OpenSSL < 0.9.7l/0.9.8d - SSLv2 Client Crash SkyFex Client 1.0 - ActiveX 'Start()' Method Remote Stack Overflow DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC) KingSoft - 'UpdateOcx2.dll' SetUninstallName() Heap Overflow (PoC) KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC) Adobe Acrobat Reader 8.1.2 - Malformed PDF Remote Denial of Service (PoC) Adobe Acrobat Reader 8.1.2 - Malformed '.PDF' Remote Denial of Service (PoC) Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - '.forward' Local Denial of Service Postfix < 2.4.9/2.5.5/2.6-20080902 - '.forward' Local Denial of Service fhttpd 0.4.2 un64() - Remote Denial of Service fhttpd 0.4.2 - 'un64()' Remote Denial of Service VBA32 Personal AntiVirus 3.12.8.x - (malformed archive) Denial of Service VBA32 Personal AntiVirus 3.12.8.x - Malformed Archive Denial of Service AyeView 2.20 - Malformed .GIF Image Local Crash AyeView 2.20 - Malformed '.GIF' Image Local Crash Solaris 9 PortBind - XDR-DECODE taddr2uaddr() Remote Denial of Service Solaris 9 PortBind - XDR-DECODE 'taddr2uaddr()' Remote Denial of Service Linux Kernel < 2.4.36.9 / 2.6.27.5 - Unix Sockets Local Kernel Panic Exploit Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit DesignWorks Professional 4.3.1 - Local '.CCT' File Stack Buffer Overflow (PoC) DesignWorks Professional 4.3.1 - '.CCT' File Local Stack Buffer Overflow (PoC) Vinagre < 2.24.2 - show_error() Remote Format String (PoC) Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC) Linux Kernel 2.6.27.7-generic / 2.6.18 / 2.6.24-1 - Local Denial of Service Linux Kernel 2.6.27.7-generic/2.6.18/2.6.24-1 - Local Denial of Service MW6 Barcode ActiveX - 'Barcode.dll' Remote Heap Overflow (PoC) MW6 Barcode - ActiveX 'Barcode.dll' Remote Heap Overflow (PoC) Multiple Vendors libc:fts_() - Local Denial of Service Multiple Vendors - 'libc:fts_()' Local Denial of Service Icewarp Merak Mail Server 9.4.1 - Base64FileEncode() Buffer Overflow (PoC) Icewarp Merak Mail Server 9.4.1 - 'Base64FileEncode()' Buffer Overflow (PoC) OpenSSL 0.9.8k / 1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service Soulseek 157 NS x / 156.x - Remote Distributed Search Code Execution Soulseek 157 NS x/156.x - Remote Distributed Search Code Execution Notepad++ 5.4.5 - Local .C/CPP Stack Buffer Overflow (PoC) Notepad++ 5.4.5 - '.C' / '.CPP' Local Stack Buffer Overflow (PoC) Drupal 6.16 / 5.21 - Denial of Service Drupal 5.21/6.16 - Denial of Service SopCast SopCore Control ActiveX - Remote Execution (PoC) UUSee ReliPlayer ActiveX - Remote Execution (PoC) SopCast SopCore Control - ActiveX Remote Execution (PoC) UUSee ReliPlayer - ActiveX Remote Execution (PoC) Aqua Real 1.0 / 2.0 - Local Crash (PoC) Aqua Real 1.0/2.0 - Local Crash (PoC) iPhone - WebCore::CSSSelector() Remote Crash iPhone - 'WebCore::CSSSelector()' Remote Crash avtech software 'avc781viewer.dll' ActiveX - Multiple Vulnerabilities Avtech Software - ActiveX 'avc781viewer.dll' Multiple Vulnerabilities Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion Apple Safari 4.0.3/4.0.4 - Stack Exhaustion Multiple browsers - history.go() Denial of Service Multiple browsers - window.print() Denial of Service Multiple browsers - 'history.go()' Denial of Service Multiple browsers - 'window.print()' Denial of Service FreeBSD Kernel - mountnfs() Exploit FreeBSD Kernel - 'mountnfs()' Exploit Microsoft Internet Explorer 6 / 7 - Remote Denial of Service Microsoft Internet Explorer 6/7 - Remote Denial of Service PHP 5.3.3 - ibase_gen_id() Off-by-One Overflow PHP 5.3.3 - 'ibase_gen_id()' Off-by-One Overflow Microsoft DRM Technology 'msnetobj.dll' ActiveX - Multiple Vulnerabilities RarCrack 0.2 - 'Filename' init() .bss (PoC) Microsoft DRM Technology - 'msnetobj.dll' ActiveX Multiple Vulnerabilities RarCrack 0.2 - 'Filename' 'init()' '.bss' (PoC) Mozilla Firefox 3.5.10 / 3.6.6 - WMP Memory Corruption Using Popups Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups Microsoft Windows Mobile 6.1 / 6.5 - Double-Free Denial of Service Microsoft Windows Mobile 6.1/6.5 - Double-Free Denial of Service LeadTools 11.5.0.9 (ltdlg11n.ocx) - GetColorRes() Access Violation Denial of Service LeadTools 11.5.0.9 (lttmb11n.ocx) - BrowseDir() Access Violation Denial of Service LeadTools 11.5.0.9 - 'ltdlg11n.ocx' GetColorRes() Access Violation Denial of Service LeadTools 11.5.0.9 - 'lttmb11n.ocx' BrowseDir() Access Violation Denial of Service VideoLAN VLC Media Player 1.1 - Subtitle StripTags() Function Memory Corruption VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Function Memory Corruption PHP 5.3.5 - grapheme_extract() Null Pointer Dereference PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Novell ZenWorks 10 / 11 - TFTPD Remote Code Execution Novell ZenWorks 10/11 - TFTPD Remote Code Execution PHP 5.3.6 - shmop_read() Integer Overflow Denial of Service PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service PHP 5.3.10 - spl_autoload_register() Local Denial of Service PHP 5.3.10 - spl_autoload_call() Local Denial of Service PHP 5.3.10 - 'spl_autoload_register()' Local Denial of Service PHP 5.3.10 - 'spl_autoload_call()' Local Denial of Service PHP 5.3.10 - spl_autoload() Local Denial of Service PHP 5.3.10 - 'spl_autoload()' Local Denial of Service Apple iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) Apple iOS 5.1.1 Safari Browser - 'JS match()' / 'search()' Crash (PoC) Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process Linux Kernel 2.0/2.1 - Send a SIGIO Signal To Any Process Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Linux Kernel 2.2 / 2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options Linux Kernel 2.0 / 2.1 / 2.2 - autofs Exploit Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1) - IP Options Linux Kernel 2.0/2.1/2.2 - autofs Exploit HP HP-UX 10.20 / IBM AIX 4.1.5 - connect() Denial of Service HP HP-UX 10.20 / IBM AIX 4.1.5 - 'connect()' Denial of Service Linux Kernel 2.0 / 2.0.33 - i_count Overflow (PoC) Linux Kernel 2.0/2.0.33 - i_count Overflow (PoC) FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - setsockopt() Denial of Service FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - 'setsockopt()' Denial of Service Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service PHP 6.0 - openssl_verify() Local Buffer Overflow (PoC) PHP 6.0 - 'openssl_verify()' Local Buffer Overflow (PoC) Linux Kernel 2.1.89 / 2.2.x - Zero-Length Fragment Linux Kernel 2.1.89/2.2.x - Zero-Length Fragment Wireshark 1.8.2 / 1.6.0 - Buffer Overflow (PoC) Wireshark 1.6.0/1.8.2 - Buffer Overflow (PoC) MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2 / 5.2.1 - File Scanner Malicious Archive Denial of Service MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service Linux Kernel 2.2 / 2.4 - Deep Symbolic Link Denial of Service Linux Kernel 2.2/2.4 - Deep Symbolic Link Denial of Service Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion Zlib 1.1.4 - Compression Library gzprintf() Buffer Overrun (1) Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (1) PHP 4.3 - socket_iovec_alloc() Integer Overflow PHP 4.3 - 'socket_iovec_alloc()' Integer Overflow PHP 4.x - socket_recv() Signed Integer Memory Corruption PHP 4.x - socket_recvfrom() Signed Integer Memory Corruption PHP 4.x - 'socket_recv()' Signed Integer Memory Corruption PHP 4.x - 'socket_recvfrom()' Signed Integer Memory Corruption Linux Kernel 2.4 / 2.6 - Sigqueue Blocking Denial of Service Linux Kernel 2.4/2.6 - Sigqueue Blocking Denial of Service Colloquy 1.3.5 / 1.3.6 - Denial of Service Colloquy 1.3.5/1.3.6 - Denial of Service FreeBSD 4.10/5.x - execve() Unaligned Memory Access Denial of Service FreeBSD 4.10/5.x - 'execve()' Unaligned Memory Access Denial of Service PHP 3/4/5 - Multiple Local / Remote Vulnerabilities (1) PHP 3/4/5 - Local/Remote Multiple Vulnerabilities (1) Linux Kernel 2.4.x / 2.6.x - Local Denial of Service / Memory Disclosure Vulnerabilities Linux Kernel 2.4.x/2.6.x - Local Denial of Service / Memory Disclosure Vulnerabilities PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (2) PHP 3/4/5 - Local/Remote Multiple Vulnerabilities (2) Linux Kernel 2.6.32-642 / 3.16.0-4 - 'inode' Integer Overflow Linux Kernel 2.6.32-642 /3.16.0-4 - 'inode' Integer Overflow Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC) Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index (PoC) Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow SIEMENS Solid Edge ST4/ST5 SEListCtrlX ActiveX - SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution SIEMENS Solid Edge ST4/ST5 SEListCtrlX - ActiveX SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution Apache CXF < 2.5.10 / 2.6.7 / 2.7.4 - Denial of Service Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service Firebird 1.5 - Local Inet_Server Buffer Overflow Firebird 1.5 - Inet_Server Local Buffer Overflow Apple Mac OSX 10.x - '.zip' Parsing BOMStackPop() Function Overflow Apple Mac OSX 10.x - '.zip' Parsing 'BOMStackPop()' Function Overflow FreeBSD 5.x I386_Set_LDT() - Multiple Local Denial of Service Vulnerabilities FreeBSD 5.x - 'I386_Set_LDT()' Multiple Local Denial of Service Vulnerabilities FortKnox Personal Firewall 9.0.305.0 / 10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption FortKnox Personal Firewall 9.0.305.0/10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption PulseAudio 0.9.5 - Assert() Remote Denial of Service PulseAudio 0.9.5 - 'Assert()' Remote Denial of Service VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read PHP openssl_x509_parse() - Memory Corruption PHP - 'openssl_x509_parse()' Memory Corruption MW6 Technologies Aztec ActiveX - (Data parameter) Buffer Overflow MW6 Technologies Datamatrix ActiveX - (Data Parameter) - Buffer Overflow MW6 Technologies MaxiCode ActiveX - (Data parameter) Buffer Overflow MW6 Technologies Aztec - ActiveX 'Data Pparameter Buffer Overflow MW6 Technologies Datamatrix - ActiveX 'Data' Parameter Buffer Overflow MW6 Technologies MaxiCode - ActiveX 'Data' Parameter Buffer Overflow MySQL 6.0.9 - GeomFromWKB() Function First Argument Geometry Value Handling Denial of Service MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service phpMyAdmin 4.0.x / 4.1.x / 4.2.x - Denial of Service phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service UltraPlayer 2.112 Malformed - '.avi' File Denial of Service UltraPlayer 2.112 - Malformed '.avi' File Denial of Service Linux Kernel 3.13 / 3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service Linux Kernel 3.13/3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service Advantech Webaccess 8.0 / 3.4.3 ActiveX - Multiple Vulnerabilities PHP 5.4/5.5/5.6 - SplDoublyLinkedList Unserialize() Use-After-Free PHP GMP unserialize() - Use-After-Free PHP 5.4/5.5/5.6 - SplObjectStorage Unserialize() Use-After-Free Advantech Webaccess 8.0 / 3.4.3 - ActiveX Multiple Vulnerabilities PHP 5.4/5.5/5.6 - SplDoublyLinkedList 'Unserialize()' Use-After-Free PHP GMP - 'unserialize()' Use-After-Free PHP 5.4/5.5/5.6 - SplObjectStorage 'Unserialize()' Use-After-Free PHP 5.4/5.5/5.6 - Unserialize() Use-After-Free Vulnerabilities PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free Vulnerabilities Python 2.7 strop.replace() Method - Integer Overflow Python 3.3 < 3.5 product_setstate() Function - Out-of-Bounds Read Python 2.7 - 'strop.replace()' Method Integer Overflow Python 3.3 < 3.5 - 'product_setstate()' Function Out-of-Bounds Read Linux Kernel 3.x / 4.x - prima WLAN Driver Heap Overflow Linux Kernel 3.x/4.x - prima WLAN Driver Heap Overflow NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow Linux Kernel 3.10 / 3.18 / 4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick) ImageMagick 6.9.3-9/7.0.1-0 - Multiple Vulnerabilities (ImageTragick) Linux ARM/ARM64 - perf_event_open() Arbitrary Memory Read Linux ARM/ARM64 - 'perf_event_open()' Arbitrary Memory Read PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write PHP 5.5.37/5.6.23/7.0.8 - 'bzread()' Out-of-Bounds Write Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - PacketBB Dissector Denial of Service Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - WSP Dissector Denial of Service Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - RLC Dissector Denial of Service Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4- PacketBB Dissector Denial of Service Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - WSP Dissector Denial of Service Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - RLC Dissector Denial of Service PHP 5.0.0 - hw_docbyanchor() Local Denial of Service PHP 5.0.0 - 'hw_docbyanchor()' Local Denial of Service Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Linux Kernel 3.10.0-327/4.8.0-22 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation man-db 2.4.1 - open_cat_stream() Local uid=man Exploit man-db 2.4.1 - 'open_cat_stream()' Local uid=man Exploit Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (PoC) Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Privilege Escalation Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Privilege Escalation xsplumber - strcpy() Buffer Overflow xsplumber - 'strcpy()' Buffer Overflow BSDi 3.0 / 4.0 - rcvtty[mh] Local Exploit BSDi 3.0/4.0 - rcvtty[mh] Local Exploit Solaris 2.5 / 2.5.1 - getgrnam() Local Overflow Solaris 2.5/2.5.1 - 'getgrnam()' Local Overflow Solaris 7 / 8-beta - arp Local Overflow Solaris 7/8-beta - ARP Local Overflow Solaris 2.6 / 2.7 - '/usr/bin/write' Local Overflow Solaris 2.6/2.7 - '/usr/bin/write' Local Overflow LibXt - XtAppInitialize() Overflow xterm Exploit LibXt - 'XtAppInitialize()' Overflow xterm Exploit SGI IRIX - '/bin/login Local' Buffer Overflow SGI IRIX - '/bin/login' Local Buffer Overflow LibPNG 1.2.5 - png_jmpbuf() Local Buffer Overflow LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow CDRecord's ReadCD - '$RSH' exec() SUID Shell Creation CDRecord's ReadCD - '$RSH' 'exec()' SUID Shell Creation Linux Kernel 2.4.27 / 2.6.8 - 'binfmt_elf' Executable File Read Exploit Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read Exploit Linux Kernel 2.6.x < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation Setuid perl - PerlIO_Debug() Overflow Setuid perl - 'PerlIO_Debug()' Overflow Linux Kernel 2.4.x / 2.6.x - 'uselib()' Privilege Escalation (3) Linux Kernel 2.4.x/2.6.x - 'uselib()' Privilege Escalation (3) Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2) Linux Kernel 2.4.x/2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2) ePSXe 1.6.0 - nogui() Local Exploit ePSXe 1.6.0 - 'nogui()' Local Exploit Solaris 9 / 10 - ld.so Privilege Escalation (1) Solaris 9 / 10 - ld.so Privilege Escalation (2) Solaris 9/10 - 'ld.so' Privilege Escalation (1) Solaris 9/10 - 'ld.so' Privilege Escalation (2) Python 2.4.2 - realpath() Local Stack Overflow Python 2.4.2 - 'realpath()' Local Stack Overflow Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1) Solaris 10 - 'sysinfo()' Local Kernel Memory Disclosure (1) Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 - Multiple Buffer Overflow Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflow PHP 4.4.3 / 5.1.4 - (objIndex) Local Buffer Overflow (PoC) PHP 4.4.3 / 5.1.4 - (sscanf) Local Buffer Overflow PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC) PHP 4.4.3/5.1.4 - 'sscanf' Local Buffer Overflow Solaris 8 / 9 - '/usr/ucb/ps' Local Information Leak Exploit Solaris 8/9 - '/usr/ucb/ps' Local Information Leak Exploit OpenBSD 3.x < 4.0 - vga_ioctl() Privilege Escalation OpenBSD 3.x < 4.0 - 'vga_ioctl()' Privilege Escalation PHP < 4.4.5 / 5.2.1 - PHP_binary Session Deserialization Information Leak PHP < 4.4.5 / 5.2.1 - WDDX Session Deserialization Information Leak PHP 4.4.6 - mssql_[p]connect() Local Buffer Overflow PHP 5.2.1 - substr_compare() Information Leak Exploit PHP < 4.4.5 / 5.2.1 - (shmop functions) Local Code Execution PHP < 4.4.5 / 5.2.1 - (shmop) SSL RSA Private-Key Disclosure PHP < 4.4.5/5.2.1 - PHP_binary Session Deserialization Information Leak PHP < 4.4.5/5.2.1 - WDDX Session Deserialization Information Leak PHP 4.4.6 - 'mssql_[p]connect()' Local Buffer Overflow PHP 5.2.1 - 'substr_compare()' Information Leak Exploit PHP < 4.4.5/5.2.1 - 'shmop' Functions Local Code Execution PHP < 4.4.5/5.2.1 - 'shmop' SSL RSA Private-Key Disclosure PHP 4.4.6 - crack_opendict() Local Buffer Overflow (PoC) PHP 4.4.6 - snmpget() object id Local Buffer Overflow (PoC) PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC) PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC) PHP 4.4.6 - cpdf_open() Local Source Code Disclosure (PoC) PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC) PHP 5.2.1 - session_regenerate_id() Double-Free Exploit PHP 5.2.1 - 'session_regenerate_id()' Double-Free Exploit PHP 4.4.6 - ibase_connect() Local Buffer Overflow PHP 4.4.6 / 5.2.1 - array_user_key_compare() ZVAL dtor Local Exploit PHP 5.2.0 (OSX) - header() Space Trimming Buffer Underflow Exploit PHP 4.4.6 / 5.2.1 - ext/gd Already Freed Resources Usage Exploit PHP 5.2.1 - hash_update_file() Freed Resource Usage Exploit PHP 5.2.1 - Unserialize() Local Information Leak Exploit PHP < 4.4.5 / 5.2.1 - _SESSION unset() Local Exploit PHP < 4.4.5 / 5.2.1 - _SESSION Deserialization Overwrite PHP 4.4.6 - 'ibase_connect()' Local Buffer Overflow PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Exploit PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow Exploit PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage Exploit PHP 5.2.1 - 'hash_update_file()' Freed Resource Usage Exploit PHP 5.2.1 - 'Unserialize()' Local Information Leak Exploit PHP < 4.4.5/5.2.1 - '_SESSION' 'unset()' Local Exploit PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite PHP 5.2.3 - snmpget() object id Local Buffer Overflow PHP 5.2.3 - 'snmpget()' Object id Local Buffer Overflow IBM AIX 5.3 SP6 - FTP gets() Privilege Escalation IBM AIX 5.3 SP6 - FTP 'gets()' Privilege Escalation PHP 5.2.3 - snmpget() object id Local Buffer Overflow (EDI) PHP 5.2.3 - 'snmpget()' object id Local Buffer Overflow (EDI) PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation Numark Cue 5.0 rev 2 - Local '.m3u' File Stack Buffer Overflow Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow Adobe Reader - util.printf() JavaScript Function Stack Overflow (1) Adobe Reader - util.printf() JavaScript Function Stack Overflow (2) Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1) Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2) Microsoft SQL Server - sp_replwritetovarbin() Heap Overflow Microsoft SQL Server - 'sp_replwritetovarbin()' Heap Overflow PHP 5.2.8 gd library - imageRotate() Information Leak PHP 5.2.8 gd library - 'imageRotate()' Information Leak Adobe Acrobat Reader 8.1.2 < 9.0 - getIcon() Memory Corruption Adobe Acrobat Reader 8.1.2 < 9.0 - 'getIcon()' Memory Corruption PHP - mb_ereg(i)_replace() Evaluate Replacement String PHP - 'mb_ereg(i)_replace()' Evaluate Replacement String Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) Linux Kernel 2.4/2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) FreeBSD 6.1 - kqueue() Null Pointer Dereference Privilege Escalation Multiple BSD Operating Systems - setusercontext() Vulnerabilities Avast! 4.8.1335 Professional - Local Kernel Buffer Overflow FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation Multiple BSD Operating Systems - 'setusercontext()' Vulnerabilities Avast! 4.8.1335 Professional - Kernel Local Buffer Overflow Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Privilege Escalation Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Privilege Escalation OtsTurntables 1.00.027 - '.m3u' / '.ofl' Local Universal Buffer Overflow (SEH) OtsTurntables 1.00.027 - '.m3u' / '.ofl' Universal Local Buffer Overflow (SEH) Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Privilege Escalation (2) Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Privilege Escalation (2) Millenium MP3 Studio - (pls/mpf/m3u) Local Universal Buffer Overflows (SEH) Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflows (SEH) Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Privilege Escalation (3) Linux Kernel 2.4/2.6 - 'sock_sendpage()' Privilege Escalation (3) PlayMeNow 7.3 / 7.4 - Malformed '.M3U' Playlist File Buffer PlayMeNow 7.3/7.4 - Malformed '.M3U' Playlist File Buffer Mini-stream Ripper 3.0.1.1 - '.pls' Local Universal Buffer Overflow Mini-stream Ripper 3.0.1.1 - '.pls' Universal Local Buffer Overflow PlayMeNow 7.3 / 7.4 - Buffer Overflow (Metasploit) PlayMeNow 7.3/7.4 - Buffer Overflow (Metasploit) HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow (Tod Miller's) Sudo/SudoEdit 1.6.9p21 / 1.7.2p4 - Privilege Escalation (Tod Miller's) Sudo/SudoEdit 1.6.9p21/1.7.2p4 - Privilege Escalation PHP 6.0 Dev - str_transliterate() Buffer Overflow PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - OpenSession() Buffer Overflow Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - 'OpenSession()' Buffer Overflow IP2location.dll 1.0.0.1 - Function Initialize() Buffer Overflow IP2location.dll 1.0.0.1 - Function 'Initialize()' Buffer Overflow FreeBSD Kernel - nfs_mount() Exploit FreeBSD Kernel - 'nfs_mount()' Exploit MUSE 4.9.0.006 - '.pls' Local Universal Buffer Overflow (SEH) Triologic Media Player 8 - '.m3u' Local Universal Unicode Buffer Overflow (SEH) MUSE 4.9.0.006 - '.pls' Universal Local Buffer Overflow (SEH) Triologic Media Player 8 - '.m3u' Universal Unicode Local Buffer Overflow (SEH) FreeBSD - mbufs() sendfile Cache Poisoning Privilege Escalation FreeBSD - 'mbufs()' sendfile Cache Poisoning Privilege Escalation Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - CAN BCM Privilege Escalation Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Privilege Escalation AOL 9.5 - Phobos.Playlist Import() Stack Based Buffer Overflow (Metasploit) AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit) Adobe - Collab.collectEmailInfo() Buffer Overflow (Metasploit) Adobe - 'Collab.collectEmailInfo()' Buffer Overflow (Metasploit) NetOp Remote Control 8.0 / 9.1 / 9.2 / 9.5 - Buffer Overflow NetOp Remote Control 8.0/9.1/9.2/9.5 - Buffer Overflow PHP 5.3.5 - socket_connect() Buffer Overflow PHP 5.3.5 - 'socket_connect()' Buffer Overflow Linux Kernel 2.6.28 / 3.0 (DEC Alpha Linux) - Privilege Escalation Linux Kernel 2.6.28/3.0 (DEC Alpha Linux) - Privilege Escalation mount.cifs - chdir() Arbitrary Root File Identification mount.cifs - 'chdir()' Arbitrary Root File Identification Slackware Linux 3.1 / 3.2 - color_xterm Buffer Overflow (1) Slackware Linux 3.1 / 3.2 - color_xterm Buffer Overflow (2) Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (1) Slackware Linux 3.1/3.2 - color_xterm Buffer Overflow (2) Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - vsyslog() Buffer Overflow Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Buffer Overflow Xi Graphics Accelerated X 4.0.x / 5.0 - Buffer Overflow Xi Graphics Accelerated X 4.0.x/5.0 - Buffer Overflow RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap tgetent() Buffer Overflow (2) RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (2) QSSL QNX 4.25 A - crypt() Exploit QSSL QNX 4.25 A - 'crypt()' Exploit Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (2) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 - libX11 _XAsyncReply() Stack Corruption X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 - libX11 '_XAsyncReply()' Stack Corruption Linux Kernel 2.2.x - sysctl() Memory Reading (PoC) Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC) Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1) Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2) Linux Kernel 2.2.18 (RedHat 6.2/7.0 / 2.2.14/2.2.18/2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1) Linux Kernel 2.2.18 (RedHat 6.2/7.0 / 2.2.14/2.2.18/2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2) Linux Kernel 2.2 / 2.4 - procfs Stream redirection to Process Memory Privilege Escalation Linux Kernel 2.2/2.4 - procfs Stream redirection to Process Memory Privilege Escalation Linux Kernel 2.2 / 2.4 - Ptrace/Setuid Exec Privilege Escalation Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Privilege Escalation Linux Kernel 2.2.x / 2.3 / 2.4.x - d_path() Path Truncation (PoC) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC) Python 1.5.2 Pickle - Unsafe eval() Code Execution Python 1.5.2 Pickle - Unsafe 'eval()' Code Execution Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (1) Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (2) Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (3) Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (1) Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (2) Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3) ESCPUtil 1.15.2 2 - Local Printer Name Buffer Overflow ESCPUtil 1.15.2 2 - Printer Name Local Buffer Overflow Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (1) Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (2) Linux Kernel 2.2.x/2.4.x - Privileged Process Hijacking Privilege Escalation (1) Linux Kernel 2.2.x/2.4.x - Privileged Process Hijacking Privilege Escalation (2) Linux Kernel 2.2.x / 2.4.x - I/O System Call File Existence Linux Kernel 2.2.x/2.4.x - I/O System Call File Existence Zblast 1.2 - Local 'Username' Buffer Overrun Zblast 1.2 - 'Username' Local Buffer Overrun Linux PAM 0.77 - Pam_Wheel Module getlogin() 'Username' Spoofing Privilege Escalation Linux PAM 0.77 - Pam_Wheel Module 'getlogin()' 'Username' Spoofing Privilege Escalation Linux Kernel 2.2.x / 2.4.x - '/proc' Filesystem Potential Information Disclosure Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Potential Information Disclosure Tripbit Secure Code Analizer 1.0 - Local fgets() Buffer Overrun Elm 2.3/2.4 - Local TERM Environment Variable Buffer Overrun Tripbit Secure Code Analizer 1.0 - 'fgets()' Local Buffer Overrun Elm 2.3/2.4 - TERM Environment Variable Local Buffer Overrun GNU AN - Local Command Line Option Buffer Overflow GNU AN - Command Line Option Local Buffer Overflow OpenBSD 3.3 - Semget() Integer Overflow (1) OpenBSD 3.3 - Semget() Integer Overflow (2) OpenBSD 3.3 - 'Semget()' Integer Overflow (1) OpenBSD 3.3 - 'Semget()' Integer Overflow (2) Sendmail 8.12.9 - Prescan() Variant Remote Buffer Overrun Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (1) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (2) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (3) Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (1) Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (2) Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (3) Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read Linux Kernel 2.5.x/2.6.x - CPUFreq Proc Handler Integer Handling Memory Read HP-UX 7-11 - Local X Font Server Buffer Overflow HP-UX 7-11 - X Font Server Local Buffer Overflow Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1) Linux Kernel 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1) Photodex ProShow Gold/Producer 5.0.3310 / 6.0.3410 - ScsiAccess Privilege Escalation Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - ScsiAccess Privilege Escalation Newsgrab 0.5.0pre4 - Multiple Local And Remote Vulnerabilities Newsgrab 0.5.0pre4 - Local/Remote Multiple Vulnerabilities Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1) Linux Kernel 2.4.30 / 2.6.11.5 - BlueTooth 'bluez_sock_create' Privilege Escalation Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1) Linux Kernel 2.4.30/2.6.11.5 - BlueTooth 'bluez_sock_create' Privilege Escalation Ophcrack 3.5.0 - Local Code Execution Buffer Overflow Ophcrack 3.5.0 - Code Execution Local Buffer Overflow PHP 4.x/5.0/5.1 - mb_send_mail() Function Parameter Restriction Bypass PHP 4.x/5.0/5.1 - 'mb_send_mail()' Function Parameter Restriction Bypass Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities IBM AIX 6.1 / 7.1 - Privilege Escalation IBM AIX 6.1/7.1 - Privilege Escalation Nodejs - js-yaml load() Code Exec (Metasploit) Nodejs - 'js-yaml load()' Code Exec (Metasploit) PHP 5.2.1 - Session.Save_Path() TMPDIR open_basedir Restriction Bypass PHP 5.2.1 - 'Session.Save_Path()' TMPDIR open_basedir Restriction Bypass ELinks Relative 0.10.6 / 011.1 - Path Arbitrary Code Execution ELinks Relative 0.10.6/011.1 - Path Arbitrary Code Execution suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass Exploit Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3) Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3) Microsoft Office 2007 / 2010 - OLE Arbitrary Command Execution Microsoft Office 2007/2010 - OLE Arbitrary Command Execution MySQL / MariaDB / PerconaDB 5.5.51 / 5.6.32 / 5.7.14 - Code Execution / Privilege Escalation MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit) ImageMagick 6.9.3-9/7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit) Proxifier for Mac 2.17 / 2.18 - Privesc Escalation Proxifier for Mac 2.17/2.18 - Privesc Escalation Sendmail 8.12.8 - Prescan() BSD Remote Command Execution Sendmail 8.12.8 (BSD) - 'Prescan()' Remote Command Execution BFTPd - vsprintf() Format Strings Exploit BFTPd - 'vsprintf()' Format Strings Exploit OpenBSD ftpd 2.6 / 2.7 - Remote Exploit OpenBSD ftpd 2.6/2.7 - Remote Exploit Subversion 1.0.2 - svn_time_from_cstring() Remote Exploit Rlpr 2.04 - msg() Remote Format String Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Exploit Rlpr 2.04 - 'msg()' Remote Format String Courier-IMAP 3.0.2-r1 - auth_debug() Remote Format String Courier-IMAP 3.0.2-r1 - 'auth_debug()' Remote Format String PHP 4.3.7 - openlog() Buffer Overflow PHP 4.3.7 - 'openlog()' Buffer Overflow Apple iTunes - Playlist Local Parsing Buffer Overflow Apple iTunes - Playlist Parsing Local Buffer Overflow Newspost 2.1 - socket_getline() Remote Buffer Overflow (2) Newspost 2.1 - 'socket_getline()' Remote Buffer Overflow (2) CA Unicenter 3.1 - CAM log_security() Stack Overflow (Metasploit) CA Unicenter 3.1 - CAM 'log_security()' Stack Overflow (Metasploit) sobexsrv 1.0.0_pre3 Bluetooth - syslog() Remote Format String sobexsrv 1.0.0_pre3 Bluetooth - 'syslog()' Remote Format String Mozilla Firefox 1.04 - compareTo() Remote Code Execution Mozilla Firefox 1.04 - 'compareTo()' Remote Code Execution Mozilla Firefox 1.5 (Linux) - location.QueryInterface() Code Execution (Metasploit) Mozilla Firefox 1.5 (OSX) - location.QueryInterface() Code Execution (Metasploit) Mozilla Firefox 1.5 (Linux) - 'location.QueryInterface()' Code Execution (Metasploit) Mozilla Firefox 1.5 (OSX) - 'location.QueryInterface()' Code Execution (Metasploit) crossfire-server 1.9.0 - SetUp() Remote Buffer Overflow crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow MySQL 4.1.18 / 5.0.20 - Local+Remote Information Leakage Exploit Quake 3 Engine 1.32b - R_RemapShader() Remote Client Buffer Overflow MySQL 4.1.18/5.0.20 - Local/Remote Information Leakage Exploit Quake 3 Engine 1.32b - 'R_RemapShader()' Remote Client Buffer Overflow iShopCart - vGetPost() Remote Buffer Overflow (cgi) iShopCart - 'vGetPost()' Remote Buffer Overflow (CGI) Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - 'FTP' Remote Exploit Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote Exploit XMPlay 3.3.0.4 - (PLS) Local+Remote Buffer Overflow Oracle 9i / 10g - (read/write/execute) Exploitation Suite XMPlay 3.3.0.4 - '.PLS' Local/Remote Buffer Overflow Oracle 9i/10g - (read/write/execute) Exploitation Suite Oracle 9i / 10g (extproc) - Local / Remote Command Execution Oracle 9i / 10g - 'utl_file' FileSystem Access Exploit Oracle 9i/10g - 'extproc' Local/Remote Command Execution Oracle 9i/10g - 'utl_file' FileSystem Access Exploit Portable OpenSSH 3.6.1p-PAM / 4.1-SuSE - Timing Attack Exploit Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack Exploit PHP 4.4.3 < 4.4.6 - PHPinfo() Cross-Site Scripting PHP 4.4.3 < 4.4.6 - 'PHPinfo()' Cross-Site Scripting XAMPP for Windows 1.6.0a - mssql_connect() Remote Buffer Overflow XAMPP for Windows 1.6.0a - 'mssql_connect()' Remote Buffer Overflow IPIX Image Well ActiveX - 'iPIX-ImageWell-ipix.dll' Buffer Overflow IPIX Image Well - ActiveX 'iPIX-ImageWell-ipix.dll' Buffer Overflow Zenturi ProgramChecker ActiveX - 'sasatl.dll' Remote Buffer Overflow Zenturi ProgramChecker - ActiveX 'sasatl.dll' Remote Buffer Overflow Zenturi ProgramChecker - ActiveX NavigateUrl() Insecure Method Exploit Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method Exploit NCTAudioStudio2 - ActiveX DLL 2.6.1.148 CreateFile() Insecure Method NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()/ Insecure Method HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - SaveToFile() Exploit HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' Exploit NeoTracePro 3.25 - ActiveX TraceTarget() Remote Buffer Overflow NeoTracePro 3.25 - ActiveX 'TraceTarget()' Remote Buffer Overflow Versalsoft HTTP File Uploader - AddFile() Remote Buffer Overflow Versalsoft HTTP File Uploader - 'AddFile()' Remote Buffer Overflow Data Dynamics ActiveReport ActiveX - 'actrpt2.dll 2.5' Insecure Method Data Dynamics ActiveReport - ActiveX 'actrpt2.dll 2.5' Insecure Method Yahoo! Widget < 4.0.5 - GetComponentVersion() Remote Overflow CHILKAT ASP String - 'CkString.dll 1.1' SaveToFile() Insecure Method Yahoo! Widget < 4.0.5 - 'GetComponentVersion()' Remote Overflow CHILKAT ASP String - 'CkString.dll 1.1' 'SaveToFile()' Insecure Method NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - SetText() Remote Exploit NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - SaveXMLFile() Insecure Method NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - DeleteXMLFile() Insecure Method NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote Exploit NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - 'SaveXMLFile()' Insecure Method NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - 'DeleteXMLFile()' Insecure Method Microsoft MSN Messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft MSN Messenger 7.x/8.0? - Video Remote Heap Overflow GlobalLink 2.7.0.8 - 'glItemCom.dll' SetInfo() Heap Overflow GlobalLink 2.7.0.8 - 'glItemCom.dll' 'SetInfo()' Heap Overflow GlobalLink 2.7.0.8 - 'glitemflat.dll' SetClientInfo() Heap Overflow Ultra Crypto Component - 'CryptoX.dll 2.0' SaveToFile() Insecure Method GlobalLink 2.7.0.8 - 'glitemflat.dll' 'SetClientInfo()' Heap Overflow Ultra Crypto Component - 'CryptoX.dll 2.0' 'SaveToFile()' Insecure Method jetAudio 7.x - ActiveX DownloadFromMusicStore() Code Execution jetAudio 7.x - ActiveX 'DownloadFromMusicStore()' Code Execution Persits Software XUpload Control - AddFolder() Buffer Overflow Persits Software XUpload Control - 'AddFolder()' Buffer Overflow idautomation bar code ActiveX - Multiple Vulnerabilities idautomation bar code - ActiveX Multiple Vulnerabilities C6 Messenger ActiveX - Remote Download and Execute Exploit C6 Messenger - ActiveX Remote Download and Execute Exploit NuMedia Soft Nms DVD Burning SDK ActiveX - 'NMSDVDX.dll' Exploit NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Exploit GdPicture Pro ActiveX - 'gdpicture4s.ocx' File Overwrite / Exec Exploit GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec Exploit MW6 Aztec ActiveX - 'Aztec.dll' Remote Insecure Method Exploit MW6 Barcode ActiveX - 'Barcode.dll' Insecure Method Exploit MW6 Aztec - ActiveX 'Aztec.dll' Remote Insecure Method Exploit MW6 Barcode - ActiveX 'Barcode.dll' Insecure Method Exploit GE Fanuc Real Time Information Portal 2.6 - writeFile() API Exploit (Metasploit) GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API Exploit (Metasploit) EasyMail ActiveX - 'emmailstore.dll 6.5.0.3' Buffer Overflow EasyMail - ActiveX 'emmailstore.dll 6.5.0.3' Buffer Overflow Megacubo 5.0.7 - (mega://) Remote eval() Injection Megacubo 5.0.7 - 'mega://' Remote 'eval()' Injection Word Viewer OCX 3.2 ActiveX - (Save) Remote File Overwrite Word Viewer OCX 3.2 - ActiveX 'Save' Remote File Overwrite EDraw Office Viewer 5.4 - HttpDownloadFile() Insecure Method EDraw Office Viewer 5.4 - 'HttpDownloadFile()' Insecure Method Oracle Secure Backup 10g - exec_qr() Command Injection Oracle Secure Backup 10g - 'exec_qr()' Command Injection Linux Kernel 2.6.20 / 2.6.24 / 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Adobe Reader 8.1.4/9.1 - GetAnnots() Remote Code Execution Adobe 8.1.4/9.1 - customDictionaryOpen() Code Execution BaoFeng - ActiveX OnBeforeVideoDownload() Remote Buffer Overflow Adobe Reader 8.1.4/9.1 - 'GetAnnots()' Remote Code Execution Adobe 8.1.4/9.1 - 'customDictionaryOpen()' Code Execution BaoFeng - ActiveX 'OnBeforeVideoDownload()' Remote Buffer Overflow AOL IWinAmpActiveX Class ConvertFile() - Remote Buffer Overflow AOL IWinAmpActiveX Class - 'ConvertFile()' Remote Buffer Overflow Virtualmin < 3.703 - Multiple Local+Remote Vulnerabilities Virtualmin < 3.703 - Local/Remote Multiple Vulnerabilities Quiksoft EasyMail 6.0.3.0 - imap connect() ActiveX Buffer Overflow Quiksoft EasyMail 6.0.3.0 - IMAP 'connect()' ActiveX Buffer Overflow EnjoySAP 6.4 / 7.1 - File Overwrite EnjoySAP 6.4/7.1 - File Overwrite Blender 2.34 / 2.35a / 2.4 / 2.49b - '.blend' Command Injection Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection Solaris 10 / 11 Telnet - Remote Authentication Bypass (Metasploit) Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit) mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit) mDNSResponder 10.4.0/10.4.8 (OSX) - UPnP Location Overflow (Metasploit) Opera 9.50 / 9.61 historysearch - Command Execution (Metasploit) Opera 9.50/9.61 historysearch - Command Execution (Metasploit) Squid 2.5.x / 3.x - NTLM Buffer Overflow (Metasploit) PoPToP < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) Squid 2.5.x/3.x - NTLM Buffer Overflow (Metasploit) PoPToP < 1.1.3-b3/1.1.3-20030409 - Negative Read Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 sp2 - 'jrd8_create_database' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'jrd8_create_database' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit) HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution (Metasploit) HP-UX LPD 10.20/11.00/11.11 - Command Execution (Metasploit) PHP 5.3 - preg_match() Full Path Disclosure PHP 5.3 - 'preg_match()' Full Path Disclosure Trend Micro Web-Deployment ActiveX - Remote Execution (PoC) Trend Micro Web-Deployment - ActiveX Remote Execution (PoC) Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' 'OpenFile()' Remote Overflow Bigant Messenger 2.52 - 'AntCore.dll' RegisterCom() Remote Heap Overflow Bigant Messenger 2.52 - 'AntCore.dll' 'RegisterCom()' Remote Heap Overflow Apple Safari 4.0.5 - parent.close() (memory Corruption) Code Execution Apple Safari 4.0.5 - 'parent.close()' Memory Corruption Code Execution Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Apple Safari 4.0.5 - 'parent.close()' Memory Corruption (ASLR + DEP Bypass) ComponentOne VSFlexGrid 7 / 8 - 'Archive()' method Remote Buffer Overflow ComponentOne VSFlexGrid 7/8 - 'Archive()' method Remote Buffer Overflow Apple Mac OSX EvoCam Web Server 3.6.6 / 3.6.7 - Buffer Overflow Apple Mac OSX EvoCam Web Server 3.6.6/3.6.7 - Buffer Overflow Nginx 0.7.65 / 0.8.39 (dev) - Source Disclosure / Download Nginx 0.7.65/0.8.39 (dev) - Source Disclosure / Download SigPlus Pro 3.74 - ActiveX LCDWriteString() Remote Buffer Overflow JIT Spray (ASLR + DEP Bypass) SigPlus Pro 3.74 - ActiveX 'LCDWriteString()' Remote Buffer Overflow JIT Spray (ASLR + DEP Bypass) McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution) McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (2) Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (2) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (Metasploit) Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow Viscom Image Viewer CP Gold 6 - ActiveX 'TifMergeMultiFiles()' Buffer Overflow Microsoft WMITools ActiveX - Remote Command Execution Microsoft WMITools - ActiveX Remote Command Execution Novell iPrint 5.52 - ActiveX GetDriverSettings() Remote Exploit (ZDI-10-256) Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote Exploit Apple QTJava - toQTPointer() Arbitrary Memory Access (Metasploit) Apple QTJava - 'toQTPointer()' Arbitrary Memory Access (Metasploit) Java - Statement.invoke() Trusted Method Chain Exploit (Metasploit) Java - 'Statement.invoke()' Trusted Method Chain Exploit (Metasploit) Mozilla Firefox 3.5 - escape() Return Value Memory Corruption (Metasploit) Mozilla Firefox 3.5 - 'escape()' Return Value Memory Corruption (Metasploit) Mozilla Suite/Firefox InstallVersion->compareTo() - Code Execution (Metasploit) Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit) Sun Solaris sadmind - adm_build_path() Buffer Overflow (Metasploit) Sun Solaris sadmind - 'adm_build_path()' Buffer Overflow (Metasploit) Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (MS07-029) (Metasploit) Microsoft DNS RPC Service - 'extractQuotedChar()' Overflow 'SMB' (MS07-029) (Metasploit) Firebird Relational Database - SVC_attach() Buffer Overflow (Metasploit) Firebird Relational Database - 'SVC_attach()' Buffer Overflow (Metasploit) Firebird Relational Database - isc_create_database() Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_create_database()' Buffer Overflow (Metasploit) Firebird Relational Database - isc_attach_database() Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_attach_database()' Buffer Overflow (Metasploit) Worldweaver DX Studio Player 3.0.29 - shell.execute() Command Execution (Metasploit) Worldweaver DX Studio Player 3.0.29 - 'shell.execute()' Command Execution (Metasploit) Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit) Zenturi ProgramChecker - ActiveX Control Arbitrary File Download (Metasploit) CA BrightStor ARCserve Backup - AddColumn() ActiveX Buffer Overflow (Metasploit) Microsoft Internet Explorer - createTextRange() Code Execution (MS06-013) (Metasploit) CA BrightStor ARCserve Backup - 'AddColumn()' ActiveX Buffer Overflow (Metasploit) Microsoft Internet Explorer - 'createTextRange()' Code Execution (MS06-013) (Metasploit) AOL Radio AmpX - ActiveX Control ConvertFile() Buffer Overflow (Metasploit) AOL Radio AmpX - ActiveX Control 'ConvertFile()' Buffer Overflow (Metasploit) NCTAudioFile2 2.x - ActiveX Control SetFormatLikeSample() Buffer Overflow (Metasploit) NCTAudioFile2 2.x - ActiveX Control 'SetFormatLikeSample()' Buffer Overflow (Metasploit) SasCam Webcam Server 2.6.5 - Get() method Buffer Overflow (Metasploit) SasCam Webcam Server 2.6.5 - 'Get()' Method Buffer Overflow (Metasploit) Microsoft DNS RPC Service - extractQuotedChar() TCP Overflow (MS07-029) (Metasploit) Microsoft DNS RPC Service - 'extractQuotedChar()' TCP Overflow (MS07-029) (Metasploit) httpdx - h_handlepeer() Function Buffer Overflow (Metasploit) httpdx - 'h_handlepeer()' Function Buffer Overflow (Metasploit) CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit) CA CAM (Windows x86) - 'log_security()' Stack Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - CreateBinding() Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'CreateBinding()' Buffer Overflow (Metasploit) XtreamerPRO Media-player 2.6.0 / 2.7.0 - Multiple Vulnerabilities XtreamerPRO Media-player 2.6.0/2.7.0 - Multiple Vulnerabilities Black Ice Cover Page SDK - insecure method DownloadImageFileURL() Exploit (Metasploit) Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' Exploit (Metasploit) CTEK SkyRouter 4200 / 4300 - Command Execution (Metasploit) CTEK SkyRouter 4200/4300 - Command Execution (Metasploit) Mozilla Firefox 4.0.1 - Array.reduceRight() Exploit Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Exploit LotusCMS 3.0 - eval() Remote Command Execution (Metasploit) LotusCMS 3.0 - 'eval()' Remote Command Execution (Metasploit) Apache Tomcat - Remote Exploit (PUT Request) and Account Scanner Apache Tomcat - Account Scanner / 'PUT' Request Remote Exploit Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Remote Code Execution) Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject() Exploit McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Exploit Mozilla Firefox 8/9 - AttributeChildRemoved() Use-After-Free (Metasploit) Mozilla Firefox 8/9 - 'AttributeChildRemoved()' Use-After-Free (Metasploit) RabidHamster R4 - Log Entry sprintf() Buffer Overflow (Metasploit) RabidHamster R4 - Log Entry 'sprintf()' Buffer Overflow (Metasploit) Samsung NET-i viewer - Multiple ActiveX BackupToAvi() Remote Overflow (Metasploit) Samsung NET-i viewer - Multiple ActiveX 'BackupToAvi()' Remote Overflow (Metasploit) Microsoft IIS 6.0 / 7.5 (+ PHP) - Multiple Vulnerabilities Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing ETL Delegate 5.9.x / 6.0.x - Buffer Overflow ETL Delegate 5.9.x/6.0.x - Buffer Overflow Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (1) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (3) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (1) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (3) Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Remote Command Execution) Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution PHP IRC Bot pbot - eval() Remote Code Execution (Metasploit) PHP IRC Bot pbot - 'eval()' Remote Code Execution (Metasploit) Icecast 1.3.7/1.3.8 - print_client() Format String Icecast 1.3.7/1.3.8 - 'print_client()' Format String FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - glob() Buffer Overflow FreeBSD 4.2-stable ftpd - glob() Buffer Overflow Vulnerabilities OpenBSD 2.x < 2.8 ftpd - glob() Buffer Overflow FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities OpenBSD 2.x < 2.8 FTPd - 'glob()' Buffer Overflow Apache Tomcat 3.2.3/3.2.4 - Source.jsp Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - RealPath.jsp Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Malformed Request Information Disclosure Working Resources BadBlue 1.7.3 - cleanSearchString() Cross-Site Scripting Working Resources BadBlue 1.7.3 - 'cleanSearchString()' Cross-Site Scripting NTR - ActiveX Control StopModule() Remote Code Execution (Metasploit) NTR - ActiveX Control 'StopModule()' Remote Code Execution (Metasploit) NTR - ActiveX Control Check() Method Buffer Overflow (Metasploit) HP Application Lifecycle Management - XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution (Metasploit) NTR - ActiveX Control 'Check()' Method Buffer Overflow (Metasploit) HP Application Lifecycle Management - 'XGO.ocx' ActiveX 'SetShapeNodeType()' Remote Code Execution (Metasploit) ghttpd 1.4.x - Log() Function Buffer Overflow ghttpd 1.4.x - 'Log()' Function Buffer Overflow zkfingerd 0.9.1 - say() Format String zkfingerd 0.9.1 - 'say()' Format String Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 gethostbyname() - Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Buffer Overflow Zlib 1.1.4 - Compression Library gzprintf() Buffer Overrun (2) Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (2) BitchX 1.0 - Remote Send_CTCP() Memory Corruption BitchX 1.0 - Remote 'Send_CTCP()' Memory Corruption PoPToP PPTP 1.0/1.1.x - Negative read() Argument Remote Buffer Overflow PoPToP PPTP 1.0/1.1.x - Negative 'read()' Argument Remote Buffer Overflow Invision Power Board (IP.Board) 3.3.4 - Unserialize() PHP Code Execution (Metasploit) Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution (Metasploit) NetIQ Privileged User Manager 2.3.1 - ldapagnt_eval() Remote Perl Code Execution (Metasploit) NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Remote Perl Code Execution (Metasploit) Valve Software Half-Life Server 1.1.1.0 / 3.1.1.1c1 / 4.1.1.1a - Multiplayer Request Buffer Overflow Valve Software Half-Life Server 1.1.1.0/3.1.1.1c1/4.1.1.1a - Multiplayer Request Buffer Overflow WU-FTPD 2.6.2 / 2.6.0 / 2.6.1 - 'realpath()' Off-by-One Buffer Overflow FreeBSD 4.8 - realpath() Off-by-One Buffer Overflow WU-FTPD 2.6.0/2.6.1/2.6.2 - 'realpath()' Off-by-One Buffer Overflow FreeBSD 4.8 - 'realpath()' Off-by-One Buffer Overflow InduSoft Web Studio - ISSymbol.ocx InternationalSeparator() Heap Overflow (Metasploit) InduSoft Web Studio - 'ISSymbol.ocx' 'InternationalSeparator()' Heap Overflow (Metasploit) GNU Anubis 3.6.x/3.9.x - auth.c auth_ident() Function Overflow GNU Anubis 3.6.x/3.9.x - 'auth.c' 'auth_ident()' Function Overflow Rlpr 2.0 - msg() Function Multiple Vulnerabilities Rlpr 2.0 - 'msg()' Function Multiple Vulnerabilities PHP 4.x/5.0 - Strip_Tags() Function Bypass PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass Movable Type 4.2x / 4.3x - Web Upgrade Remote Code Execution (Metasploit) Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit) NullSoft Winamp 2-5 - '.wsz' Remote Code Execution NullSoft Winamp 2.4 < 5.0.4 - '.wsz' Remote Code Execution Portable UPnP SDK - unique_service_name() Remote Code Execution (Metasploit) Portable UPnP SDK - 'unique_service_name()' Remote Code Execution (Metasploit) Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit) Novell ZENworks Configuration Management 10 SP3/11 SP2 - Remote Execution (Metasploit) PHP 4/5 - addslashes() Null Byte Bypass PHP 4/5 - 'addslashes()' Null Byte Bypass Smail 3 - Multiple Remote and Local Vulnerabilities Smail 3 - Multiple Remote/Local Vulnerabilities SIEMENS Solid Edge ST4/ST5 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx Remote Code Execution SIEMENS Solid Edge ST4/ST5 WebPartHelper - ActiveX RFMSsvs!JShellExecuteEx Remote Code Execution Novell Zenworks Mobile Device Managment 2.6.1 / 2.7.0 - Local File Inclusion (Metasploit) Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) Java Applet - Driver Manager Privileged toString() Remote Code Execution (Metasploit) Java Applet - Driver Manager Privileged 'toString()' Remote Code Execution (Metasploit) Oracle Java - storeImageArray() Invalid Array Indexing Oracle Java - 'storeImageArray()' Invalid Array Indexing PHP 4.x - tempnam() Function open_basedir Restriction Bypass PHP 4.x - 'tempnam()' Function open_basedir Restriction Bypass Oracle Java - IntegerInterleavedRaster.verify() Signed Integer Overflow Oracle Java - 'IntegerInterleavedRaster.verify()' Signed Integer Overflow Java - storeImageArray() Invalid Array Indexing (Metasploit) Java - 'storeImageArray()' Invalid Array Indexing (Metasploit) Oracle Java - BytePackedRaster.verify() Signed Integer Overflow Oracle Java - 'BytePackedRaster.verify()' Signed Integer Overflow Oracle Java - ShortComponentRaster.verify() Memory Corruption Oracle Java - 'ShortComponentRaster.verify()' Memory Corruption Apache 1.3.35 / 2.0.58 / 2.2.2 - Arbitrary HTTP Request Headers Security Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security Python 2.5 - PyLocale_strxfrm Function Remote Information Leak Python 2.5 - 'PyLocale_strxfrm' Function Remote Information Leak PHP 4.4.4 - Zip_Entry_Read() Integer Overflow PHP 5.1.6 - Chunk_Split() Function Integer Overflow PHP 4.4.4 - 'Zip_Entry_Read()' Integer Overflow PHP 5.1.6 - 'Chunk_Split()' Function Integer Overflow PHP 5.1.6 - Imap_Mail_Compose() Function Buffer Overflow PHP 5.1.6 - Msg_Receive() Memory Allocation Integer Overflow PHP 5.1.6 - 'Imap_Mail_Compose()' Function Buffer Overflow PHP 5.1.6 - 'Msg_Receive()' Memory Allocation Integer Overflow Zimbra Collaboration Server 7.2.2 / 8.0.2 - Local File Inclusion (Metasploit) Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit) Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow Ghostscript 8.0.1/8.15 - 'zseticcspace()' Function Buffer Overflow VideoCharge Studio 2.12.3.685 - GetHttpResponse() MITM Remote Code Execution VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution Python socket.recvfrom_into() - Remote Buffer Overflow Python - 'socket.recvfrom_into()' Remote Buffer Overflow Vim 'mch_expand_wildcards()' - Heap Based Buffer Overflow Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow Boat Browser 8.0 / 8.0.1 - Remote Code Execution Boat Browser 8.0/8.0.1 - Remote Code Execution Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit) Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit) Pro Softnet IDrive Online Backup 3.4.0 - ActiveX SaveToFile() Arbitrary File Overwrite Pro Softnet IDrive Online Backup 3.4.0 - ActiveX 'SaveToFile()' Arbitrary File Overwrite RealVNC 4.1.0 / 4.1.1 - Authentication Bypass RealVNC 4.1.0/4.1.1 - Authentication Bypass PHP 5.5.33 / 7.0.4 - SNMP Format String PHP 5.5.33/7.0.4 - SNMP Format String Cisco ASA Software 8.x / 9.x - IKEv1 and IKEv2 Buffer Overflow Cisco ASA Software 8.x/9.x - IKEv1 / IKEv2 Buffer Overflow OpenSSHd 7.2p2 - Username Enumeration OpenSSH 7.2p2 - Username Enumeration Drupal Module Coder < 7.x-1.3 / 7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039) Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039) FreePBX 13 / 14 - Remote Command Execution / Privilege Escalation FreePBX 13/14 - Remote Command Execution / Privilege Escalation Subversion 1.6.6 / 1.6.12 - Code Execution Subversion 1.6.6/1.6.12 - Code Execution Ansible 2.1.4 / 2.2.1 - Command Execution Ansible 2.1.4/2.2.1 - Command Execution Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit) Piwik 2.14.0/2.16.0/2.17.1/3.0.1 - Superuser Plugin Upload (Metasploit) GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit) Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit) GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit) Ruby on Rails 4.0.x/4.1.x/4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit) Easy File Sharing Web Server 7.2 - GET HTTP Request (PassWD) Buffer Overflow (SEH) Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit) Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit) UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit vBulletin - LAST.php SQL Injection UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit vBulletin - 'LAST.php' SQL Injection phpBB 1.0.0 / 2.0.10 - admin_cash.php Remote Exploit PHP 4.3.9 + phpBB 2.x - Unserialize() Remote Exploit (Compiled) phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Exploit PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled) e107 - include() Remote Exploit e107 - 'include()' Remote Exploit CuteNews 1.4.0 - Shell Inject Remote Command Execution CuteNews 1.4.0 - Shell Injection / Remote Command Execution CuteNews 1.4.1 - Shell Inject Remote Command Execution CuteNews 1.4.1 - Shell Injection / Remote Command Execution WebWiz Products 1.0 / 3.06 - Login Bypass (SQL Injection) WebWiz Products 1.0/3.06 - Login Bypass (SQL Injection) NOCC Webmail 1.0 - (Local Inclusion) Remote Code Execution NOCC Webmail 1.0 - Local File Inclusion / Remote Code Execution 4Images 1.7.1 - (Local Inclusion) Remote Code Execution 4Images 1.7.1 - Local File Inclusion / Remote Code Execution Fast Click 1.1.3 / 2.3.8 - 'show.php' Remote File Inclusion Fast Click 1.1.3/2.3.8 - 'show.php' Remote File Inclusion UBB Threads 6.4.x < 6.5.2 - (thispath) Remote File Inclusion UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File Inclusion UBB Threads 5.x / 6.x - Multiple Remote File Inclusion UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusion XMB 1.9.6 Final - basename() Remote Command Execution PHPay 2.02 - 'nu_mail.inc.php' Remote mail() Injection XMB 1.9.6 Final - 'basename()' Remote Command Execution PHPay 2.02 - 'nu_mail.inc.php' 'mail()' Remote Injection Phaos 0.9.2 - basename() Remote Command Execution Phaos 0.9.2 - 'basename()' Remote Command Execution Newsscript 0.5 - Remote File Inclusion / Local File Inclusion Newsscript 0.5 - Local/Remote File Inclusion exV2 < 2.0.4.3 - extract() Remote Command Execution exV2 < 2.0.4.3 - 'extract()' Remote Command Execution KGB 1.87 - (Local Inclusion) Remote Code Execution KGB 1.87 - Local File Inclusion / Remote Code Execution UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution Invision Gallery 2.0.7 - readfile() & SQL Injection Invision Gallery 2.0.7 - 'readfile()' / SQL Injection Flatnuke 2.5.8 - file() Privilege Escalation / Code Execution Flatnuke 2.5.8 - 'file()' Privilege Escalation / Code Execution Invision Gallery 2.0.7 (Linux) - readfile() / SQL Injection Invision Gallery 2.0.7 (Linux) - 'readfile()' / SQL Injection Imageview 5 - 'Cookie/index.php' Remote / Local File Inclusion Imageview 5 - 'Cookie/index.php' Local/Remote File Inclusion Woltlab Burning Board Lite 1.0.2 - decode_cookie() SQL Injection Woltlab Burning Board Lite 1.0.2 - 'decode_cookie()' SQL Injection PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Injection Cacti 0.8.6i - cmd.php popen() Remote Injection Cacti 0.8.6i - 'cmd.php' 'popen()' Remote Injection P-News 1.16 / 1.17 - 'user.dat' Remote Password Disclosure P-News 1.16/1.17 - 'user.dat' Remote Password Disclosure Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (1) Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (2) Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (1) Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (2) Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (3) Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (3) Jupiter CMS 1.1.5 - 'index.php' Remote / Local File Inclusion Jupiter CMS 1.1.5 - 'index.php' Local/Remote File Inclusion PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 exec() eExploit PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()' Exploit MySpeach 3.0.7 - Remote / Local File Inclusion MySpeach 3.0.7 - Local/Remote File Inclusion YAAP 1.5 - __autoload() Remote File Inclusion YAAP 1.5 - '__autoload()' Remote File Inclusion Quick.Cart 2.2 - Remote File Inclusion / Local File Inclusion Remote Code Execution Quick.Cart 2.2 - Local/Remote File Inclusion / Remote Code Execution Sendcard 3.4.1 - (Local File Inclusion) Remote Code Execution Sendcard 3.4.1 - Local File Inclusion / Remote Code Execution Entertainment CMS - (Local Inclusion) Remote Command Execution Entertainment CMS - Local File Inclusion / Remote Command Execution iziContents rc6 - Remote File Inclusion / Local File Inclusion iziContents rc6 - Local/Remote File Inclusion PHP Project Management 0.8.10 - Multiple Remote File Inclusion / Local File Inclusion Vulnerabilities PHP Project Management 0.8.10 - Multiple Local/Remote File Inclusions Rayzz Script 2.0 - Remote File Inclusion / Local File Inclusion Rayzz Script 2.0 - Local/Remote File Inclusion SerWeb 2.0.0 dev1 2007-02-20 - Multiple Remote File Inclusion / Local File Inclusion Vulnerabilities SerWeb 2.0.0 dev1 2007-02-20 - Multiple Local/Remote File Inclusion Vulnerabilities SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection Agares phpAutoVideo 2.21 - Remote / Local File Inclusion Agares phpAutoVideo 2.21 - Local/Remote File Inclusion TeamCalPro 3.1.000 - Multiple Remote / Local File Inclusion TeamCalPro 3.1.000 - Multiple Local/Remote File Inclusions NetRisk 1.9.7 - Remote / Local File Inclusion NetRisk 1.9.7 - Local/Remote File Inclusion AJchat 0.10 - unset() bug SQL Injection AJchat 0.10 - 'unset()' bug SQL Injection jspwiki 2.4.104 / 2.5.139 - Multiple Vulnerabilities jspwiki 2.4.104/2.5.139 - Multiple Vulnerabilities LookStrike Lan Manager 0.9 - Remote / Local File Inclusion LookStrike Lan Manager 0.9 - Local/Remote File Inclusion ExBB 0.22 - Local / Remote File Inclusion ExBB 0.22 - Local/Remote File Inclusion HomePH Design 2.10 RC2 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting HomePH Design 2.10 RC2 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting ourvideo CMS 9.5 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting ourvideo CMS 9.5 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting Pivot 1.40.5 - Dreamwind load_template() Credentials Disclosure Pivot 1.40.5 - Dreamwind 'load_template()' Credentials Disclosure 1024 CMS 1.4.4 - Multiple Remote / Local File Inclusion 1024 CMS 1.4.4 - Multiple Local/Remote File Inclusion Yourownbux 3.1 / 3.2 Beta - SQL Injection Yourownbux 3.1/3.2 Beta - SQL Injection Ol BookMarks Manager 0.7.5 - Remote File Inclusion / Local File Inclusion / SQL Injection Ol BookMarks Manager 0.7.5 - Local File Inclusion / Remote File Inclusion / SQL Injection wotw 5.0 - Local / Remote File Inclusion wotw 5.0 - Local/Remote File Inclusion PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion PHPmyGallery 1.0beta2 - Local/Remote File Inclusion PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local/Remote File Inclusion ASPSiteWare Automotive Dealer 1.0 / 2.0 - SQL Injection ASPSiteWare RealtyListing 1.0 / 2.0 - SQL Injection ASPSiteWare Automotive Dealer 1.0/2.0 - SQL Injection ASPSiteWare RealtyListing 1.0/2.0 - SQL Injection phpskelsite 1.4 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting phpskelsite 1.4 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting PlaySms 0.9.3 - Multiple Remote / Local File Inclusion PlaySms 0.9.3 - Multiple Local/Remote File Inclusions Simple Machines Forum (SMF) 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass Simple Machines Forum (SMF) 1.0.13/1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass phpList 2.10.x - (Remote Code Execution by environ Inclusion) Local File Inclusion phpList 2.10.x - Remote Code Execution / Local File Inclusion GNUBoard 4.31.04 (09.01.30) - Multiple Local+Remote Vulnerabilities GNUBoard 4.31.04 (09.01.30) - Local/Remote Multiple Vulnerabilities OpenHelpDesk 1.0.100 - eval() Code Execution (Metasploit) OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit) Wili-CMS 0.4.0 - Remote File Inclusion / Local File Inclusion / Authentication Bypass Wili-CMS 0.4.0 - Local File Inclusion / Remote File Inclusion / Authentication Bypass PHP Director 0.21 - (SQL into outfile) eval() Injection PHP Director 0.21 - (SQL Into Outfile) 'eval()' Injection UBB.Threads 5.5.1 - (message) SQL Injection UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection Geeklog 1.5.2 - SEC_authenticate() SQL Injection Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection WebPortal CMS 0.8b - Multiple Remote / Local File Inclusion WebPortal CMS 0.8b - Multiple Local/Remote File Inclusions PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Inject Bitweaver 2.6 - saveFeed() Remote Code Execution PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Injection Bitweaver 2.6 - 'saveFeed()' Remote Code Execution School Data Navigator - (page) Local / Remote File Inclusion School Data Navigator - 'page' Local/Remote File Inclusion phpCollegeExchange 0.1.5c - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting phpCollegeExchange 0.1.5c - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting ClearContent - 'image.php url' Remote File Inclusion / Local File Inclusion ClearContent - 'image.php url' Local/Remote File Inclusion e107 Plugin my_gallery 2.4.1 - readfile() Local File Disclosure e107 Plugin my_gallery 2.4.1 - 'readfile()' Local File Disclosure skadate dating - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting skadate dating - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting Ultrize TimeSheet 1.2.2 - readfile() Local File Disclosure Ultrize TimeSheet 1.2.2 - 'readfile()' Local File Disclosure aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass/File Disclosure) Multiple Remote Vulnerabilities aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass / File Disclosure) Multiple Remote Vulnerabilities Facil Helpdesk - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Remote Vulnerabilities IsolSoft Support Center 2.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Vulnerabilities Facil Helpdesk - (Local File Inclusion / Remote File Inclusion / Cross-Site Scripting) Multiples Remote Vulnerabilities IsolSoft Support Center 2.5 - (Local File Inclusion / Remote File Inclusion / Cross-Site Scripting) Multiples Vulnerabilities ZeroBoard 4.1 pl7 - now_connect() Remote Code Execution ZeroBoard 4.1 pl7 - 'now_connect()' Remote Code Execution DedeCMS 5.1 - SQL Injection DeDeCMS 5.1 - SQL Injection TwonkyMedia Server 4.4.17 / 5.0.65 - Cross-Site Scripting TwonkyMedia Server 4.4.17/5.0.65 - Cross-Site Scripting Xerver 4.31 / 4.32 - HTTP Response Splitting Xerver 4.31/4.32 - HTTP Response Splitting sugar crm 5.5.0.rc2 / 5.2.0j - Multiple Vulnerabilities Sugar CRM 5.5.0.rc2/5.2.0j - Multiple Vulnerabilities Quate CMS 0.3.5 - Remote File Inclusion / Local File Inclusion Quate CMS 0.3.5 - Local/Remote File Inclusion Invision Power Board 3.0.4 / 3.0.4 / 2.3.6 - Local File Inclusion / SQL Injection UBB.Threads 7.5.4 2 - Multiple File Inclusion Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection UBBCentral UBB.Threads 7.5.4 2 - Multiple File Inclusion NAS Uploader 1.0 / 1.5 - Arbitrary File Upload NAS Uploader 1.0/1.5 - Arbitrary File Upload Pandora FMS Monitoring Application 2.1.x / 3.x - SQL Injection Pandora FMS Monitoring Application 2.1.x /3.x - SQL Injection UBB Threads 6.0 - Remote File Inclusion UBBCentral UBB.Threads 6.0 - Remote File Inclusion fileNice PHP file browser - Remote File Inclusion / Local File Inclusion fileNice PHP file browser - Local/Remote File Inclusion Pay Per Minute Video Chat Script 2.0 / 2.1 - Multiple Vulnerabilities Pay Per Minute Video Chat Script 2.0/2.1 - Multiple Vulnerabilities ProfitCode Shopping Cart - Multiple Local File Inclusion / Remote File Inclusion Vulnerabilities ProfitCode Shopping Cart - Multiple Local/Remote File Inclusion Vulnerabilities Izumi 1.1.0 - (Remote File Inclusion / Local File Inclusion) Multiple Include Izumi 1.1.0 - (Local File Inclusion / Remote File Inclusion) Multiple Include TSOKA:CMS 1.1 / 1.9 / 2.0 - SQL Injection / Cross-Site Scripting TSOKA:CMS 1.1/1.9/2.0 - SQL Injection / Cross-Site Scripting Facil-CMS 0.1RC2 - Local / Remote File Inclusion Facil-CMS 0.1RC2 - Local/Remote File Inclusion jevoncms - Local File Inclusion / Remote File Inclusion jevoncms - Local/Remote File Inclusion Vieassociative Openmairie 1.01 Beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Vieassociative Openmairie 1.01 Beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openurgence vaccin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Police Municipale Open Main Courante 1.01beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openurgence vaccin 1.03 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Police Municipale Open Main Courante 1.01beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openscrutin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openscrutin 1.03 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openreglement 1.04 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openreglement 1.04 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openregistrecil 1.02 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openregistrecil 1.02 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openplanning 1.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openfoncier 2.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Madirish Webmail 2.01 - 'baseDir' Remote File Inclusion / Local File Inclusion Openplanning 1.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openfoncier 2.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Madirish Webmail 2.01 - 'baseDir' Local/Remote File Inclusion Opencourrier 2.03beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Opencourrier 2.03beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions AutoDealer 1.0 / 2.0 - MSSQL Injection AutoDealer 1.0/2.0 - MSSQL Injection Openannuaire Openmairie Annuaire 2.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openannuaire Openmairie Annuaire 2.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Waibrasil - Remote File Inclusion / Local File Inclusion Waibrasil - Local/Remote File Inclusion Spaw Editor 1.0 / 2.0 - Arbitrary File Upload Spaw Editor 1.0/2.0 - Arbitrary File Upload PHP SETI@home Web monitor - (PHPsetimon) Remote File Inclusion / Local File Inclusion PHP SETI@home Web monitor - 'PHPsetimon' Local/Remote File Inclusion vBulletin(R) 3.8.6 - faq.php Information Disclosure vBulletin 3.8.6 - 'faq.php' Information Disclosure Open Realty 2.x / 3.x - Persistent Cross-Site Scripting Open Realty 2.x/3.x - Persistent Cross-Site Scripting vBulletin 3.8.4 / 3.8.5 - Registration Bypass vBulletin 3.8.4/3.8.5 - Registration Bypass vbShout 5.2.2 - Remote / Local File Inclusion vbShout 5.2.2 - Local/Remote File Inclusion Zoopeer 0.1 / 0.2 - 'FCKeditor' Arbitrary File Upload Zoopeer 0.1/0.2 - 'FCKeditor' Arbitrary File Upload xt:Commerce Shopsoftware 3 / 4 - 'FCKeditor' Arbitrary File Upload xt:Commerce Shopsoftware 3/4 - 'FCKeditor' Arbitrary File Upload CakePHP 1.3.5 / 1.2.8 - Unserialize() CakePHP 1.3.5/1.2.8 - 'Unserialize()' Exploit vBSEO 3.5.2 / 3.2.2 - Persistent Cross-Site Scripting via LinkBacks vBSEO Sitemap 2.5 / 3.0 - Multiple Vulnerabilities vBSEO 3.2.2/3.5.2 - Persistent Cross-Site Scripting via LinkBacks vBSEO Sitemap 2.5/3.0 - Multiple Vulnerabilities Geomi CMS 1.2 / 3.0 - SQL Injection Geomi CMS 1.2/3.0 - SQL Injection cChatBox for vBulletin 3.6.8 / 3.7.x - SQL Injection cChatBox for vBulletin 3.6.8/3.7.x - SQL Injection Redmine SCM Repository 0.9.x / 1.0.x - Arbitrary Command Execution (Metasploit) Redmine SCM Repository 0.9.x/1.0.x - Arbitrary Command Execution (Metasploit) vBulletin - misc.php Template Name Arbitrary Code Execution (Metasploit) vBulletin - 'misc.php' Template Name Arbitrary Code Execution (Metasploit) CakePHP 1.3.5 / 1.2.8 - Cache Corruption Exploit (Metasploit) CakePHP 1.3.5/1.2.8 - Cache Corruption Exploit (Metasploit) SmarterMail 7.3 / 7.4 - Multiple Vulnerabilities SmarterMail 7.3/7.4 - Multiple Vulnerabilities WordPress Plugin BackWPup - Remote Code Execution /Local Code Execution WordPress Plugin BackWPup - Remote Code Execution / Local Code Execution WebSVN 2.3.2 - Unproper Metacharacters Escaping exec() Remote Command Injection WebSVN 2.3.2 - Unproper Metacharacters Escaping 'exec()' Remote Command Injection LuxCal Web Calendar 2.4.2 / 2.5.0 - SQL Injection LuxCal Web Calendar 2.4.2/2.5.0 - SQL Injection Joomla! Component 'com_virtuemart' 1.5 / 1.1.7 - Blind Time-Based SQL Injection (Metasploit) Joomla! Component 'com_virtuemart' 1.1.7/1.5 - Blind Time-Based SQL Injection (Metasploit) WSN Classifieds 6.2.12 / 6.2.18 - Multiple Vulnerabilities Family Connections CMS 2.5.0 / 2.7.1 - 'less.php' Remote Command Execution WSN Classifieds 6.2.12/6.2.18 - Multiple Vulnerabilities Family Connections CMS 2.5.0/2.7.1 - 'less.php' Remote Command Execution Typo3 4.5 < 4.7 - Remote Code Execution (Remote File Inclusion / Local File Inclusion) Typo3 4.5 < 4.7 - Remote Code Execution / Local File Inclusion / Remote File Inclusion phpMyAdmin 3.3.x / 3.4.x - Local File Inclusion via XXE Injection (Metasploit) phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XXE Injection (Metasploit) Log1 CMS - writeInfo() PHP Code Injection (Metasploit) Log1 CMS - 'writeInfo()' PHP Code Injection (Metasploit) MiniCMS 1.0 / 2.0 - PHP Code Inject MiniCMS 1.0/2.0 - PHP Code Injection 4Images 1.7.6-9 - Cross-Site Request Forgery / Inject PHP Code 4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection FreePBX 2.10.0 / 2.9.0 - Multiple Vulnerabilities FreePBX 2.9.0/2.10.0 - Multiple Vulnerabilities FreePBX 2.10.0 / 2.9.0 - callmenum Remote Code Execution (Metasploit) FreePBX 2.9.0/2.10.0 - 'callmenum' Remote Code Execution (Metasploit) Woltlab Burning Board 2.2 / 2.3 - [WN]KT KickTipp 3.1 - SQL Injection Woltlab Burning Board 2.2/2.3 [WN]KT KickTipp 3.1 - SQL Injection SugarCRM CE 6.3.1 - Unserialize() PHP Code Execution (Metasploit) webERP 4.08.1 - Local / Remote File Inclusion SugarCRM CE 6.3.1 - 'Unserialize()' PHP Code Execution (Metasploit) webERP 4.08.1 - Local/Remote File Inclusion Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution (Metasploit) Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution (Metasploit) House Style 0.1.2 - readfile() Local File Disclosure House Style 0.1.2 - 'readfile()' Local File Disclosure OTRS Open Technology Real Services 3.1.8 / 3.1.9 - Cross-Site Scripting OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting ServersCheck Monitoring Software 9.0.12 / 9.0.14 - Persistent Cross-Site Scripting ServersCheck Monitoring Software 9.0.12/9.0.14 - Persistent Cross-Site Scripting airVisionNVR 1.1.13 - readfile() Disclosure / SQL Injection airVisionNVR 1.1.13 - 'readfile()' Disclosure / SQL Injection Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabilities Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities IP.Gallery 4.2.x / 5.0.x - Persistent Cross-Site Scripting IP.Gallery 4.2.x/5.0.x - Persistent Cross-Site Scripting Alt-N MDaemon 13.0.3 / 12.5.6 - Email Body HTML/JS Injection Alt-N MDaemon 12.5.6/13.0.3 - Email Body HTML/JS Injection parachat 5.5 - Directory Traversal Parachat 5.5 - Directory Traversal DCP-Portal 3.7/4.x/5.x - calendar.php Multiple Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'calendar.php' Multiple Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - announcement.php cid Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - news.php cid Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - contents.php cid Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'announcement.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'news.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'contents.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - calendar.php HTTP Response Splitting DCP-Portal 3.7/4.x/5.x - 'calendar.php' HTTP Response Splitting UBBCentral UBB.Threads 6.2.3/6.5 - showflat.php Cat Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - calendar.php Cat Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' Cat Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - online.php Cat Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting phpVms Virtual Airline Administration 2.1.934 / 2.1.935 - SQL Injection phpVms Virtual Airline Administration 2.1.934/2.1.935 - SQL Injection phpMyAdmin 3.5.8 / 4.0.0-RC2 - Multiple Vulnerabilities phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities UBBCentral UBB.Threads 6.0 - editpost.php SQL Injection UBBCentral UBB.Threads 6.0 - 'editpost.php' SQL Injection Wifi Photo Transfer 2.1 / 1.1 PRO - Multiple Vulnerabilities Wifi Photo Transfer 2.1/1.1 PRO - Multiple Vulnerabilities File Lite 3.3 / 3.5 PRO iOS - Multiple Vulnerabilities File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities IPB (Invision Power Board) 1.x? / 2.x / 3.x - Admin Account Takeover IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover UBBCentral 6.0 - UBB.threads Printthread.php SQL Injection UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL Injection Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x / 7.x) - Persistent Cross-Site Scripting Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation SPIP - CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation YaPiG 0.9x - Remote File Inclusion / Local File Inclusion YaPiG 0.9x - Local/Remote File Inclusion UBBCentral UBB.Threads 5.5.1/6.x - download.php Number Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - calendar.php Multiple Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - modifypost.php Number Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - viewmessage.php message Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - addfav.php main Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - notifymod.php Number Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - grabnext.php posted Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection Cuppa CMS - 'alertConfigField.php' Remote / Local File Inclusion Cuppa CMS - 'alertConfigField.php' Local/Remote File Inclusion Xibo 1.2.2 / 1.4.1 - 'index.php' p Parameter Directory Traversal Xibo 1.2.2/1.4.1 - 'index.php' p Parameter Directory Traversal UBB.Threads 6.3 - showflat.php SQL Injection UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injection Virtual Hosting Control System 2.2/2.4 - 'login.php' check_login() Function Authentication Bypass Virtual Hosting Control System 2.2/2.4 - 'login.php' 'check_login()' Function Authentication Bypass ATutor 1.5.x - admin/fix_content.php submit Parameter Cross-Site Scripting ATutor 1.5.x - 'admin/fix_content.php' 'submit' Parameter Cross-Site Scripting Mirapoint Web Mail - Expression() HTML Injection Mirapoint Web Mail - 'Expression()' HTML Injection Onpub CMS 1.4 / 1.5 - Multiple SQL Injections Onpub CMS 1.4/1.5 - Multiple SQL Injections ImpressPages CMS 3.6 - manage() Function Remote Code Execution ImpressPages CMS 3.6 - 'manage()' Function Remote Code Execution Coppermine Photo Gallery 1.4.10 - Multiple Remote File Inclusion / Local File Inclusion Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusion Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass (Metasploit) Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass (Metasploit) UBB.Threads 6.1.1 - UBBThreads.php SQL Injection UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL Injection WHMCompleteSolution (WHMCS) 4.x / 5.x - Multiple Web Vulnerabilities WHMCompleteSolution (WHMCS) 4.x/5.x - Multiple Web Vulnerabilities Jenkins 1.523 - Inject Persistent HTML Code Jenkins 1.523 - Persistent HTML Code CTERA 3.2.29.0 / 3.2.42.0 - Persistent Cross-Site Scripting CTERA 3.2.29.0/3.2.42.0 - Persistent Cross-Site Scripting UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection Drupal < 6.16 / 5.22 - Multiple Vulnerabilities Drupal < 5.22/6.16 - Multiple Vulnerabilities AdvertisementManager 3.1 - 'req' Parameter Local File Inclusion / Remote File Inclusion AdvertisementManager 3.1 - 'req' Parameter Local/Remote File Inclusion Ultra Electronics 7.2.0.19 / 7.4.0.7 - Multiple Vulnerabilities Ultra Electronics 7.2.0.19/7.4.0.7 - Multiple Vulnerabilities net2ftp 0.98 (stable) - 'admin1.template.php' Local File Inclusion / Remote File Inclusion net2ftp 0.98 (stable) - 'admin1.template.php' Local/Remote File Inclusion MyBB 1.8.2 - unset_globals() Function Bypass / Remote Code Execution MyBB 1.8.2 - 'unset_globals()' Function Bypass / Remote Code Execution WordPress Plugin Spellchecker 3.1 - 'general.php' Local File Inclusion / Remote File Inclusion WordPress Plugin Spellchecker 3.1 - 'general.php' Local/Remote File Inclusion Pimcore 3.0 / 2.3.0 CMS - SQL Injection phpList 3.0.6 / 3.0.10 - SQL Injection Pimcore 2.3.0/3.0 CMS - SQL Injection phpList 3.0.6/3.0.10 - SQL Injection Guppy CMS 5.0.9 / 5.00.10 - Authentication Bypass/Change Email Guppy CMS 5.0.9/5.00.10 - Authentication Bypass/Change Email UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting OSClass 2.3.3 - 'index.php' getParam() Function Multiple Parameter Cross-Site Scripting OSClass 2.3.3 - 'index.php' 'getParam()' Function Multiple Parameter Cross-Site Scripting OpenEMR 4.1 - 'Interface/fax/fax_dispatch.php' File Parameter exec() Call Arbitrary Shell Command Execution OpenEMR 4.1 - 'Interface/fax/fax_dispatch.php' File Parameter 'exec()' Call Arbitrary Shell Command Execution Fork CMS 3.x - backend/modules/error/actions/index.php parse() Function Multiple Parameter Error Display Cross-Site Scripting Fork CMS 3.x - 'backend/modules/error/actions/index.php' 'parse()' Function Multiple Parameter Error Display Cross-Site Scripting DedeCMS < 5.7-sp1 - Remote File Inclusion DeDeCMS < 5.7-sp1 - Remote File Inclusion WK UDID 1.0.1 iOS - Command Inject WK UDID 1.0.1 iOS - Command Injection MindTouch DekiWiki - Multiple Remote File Inclusion / Local File Inclusion MindTouch DekiWiki - Multiple Local/Remote File Inclusions PHP 5.5.9 - cgimode fpm writeprocmemfile Bypass disable function PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function Western Digital My Cloud 04.01.03-421 / 04.01.04-422 - Command Injection Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection Belkin Router N150 1.00.08 / 1.00.09 - Directory Traversal Belkin Router N150 1.00.08/1.00.09 - Directory Traversal b374k Web Shell 3.2.3 / 2.8 - Cross-Site Request Forgery / Command Injection b374k Web Shell 3.2.3/2.8 - Cross-Site Request Forgery / Command Injection CakePHP 2.2.8 / 2.3.7 - AssetDispatcher Class Local File Inclusion CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion AlegroCart 1.2.8 - Local File Inclusion / Remote File Inclusion AlegroCart 1.2.8 - Local/Remote File Inclusion HumHub 0.11.2 / 0.20.0-beta.2 - SQL Injection HumHub 0.11.2/0.20.0-beta.2 - SQL Injection xBoard 5.0 / 5.5 / 6.0 - 'view.php' Local File Inclusion xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion qEngine 4.1.6 / 6.0.0 - 'task.php' Local File Inclusion qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 - Multiple Vulnerabilities Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities dotDefender Firewall 5.00.12865 / 5.13-13282 - Cross-Site Request Forgery dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery Chamilo LMS IDOR - (messageId) Delete POST Inject Chamilo LMS IDOR - 'messageId' Delete POST Injection WordPress Plugin Site Import 1.0.1 - Local File Inclusion / Remote File Inclusion WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion WordPress Plugin Brandfolder 3.0 - Remote File Inclusion / Local File Inclusion WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion PQI Air Pen Express 6W51-0000R2 / 6W51-0000R2XXX - Multiple Vulnerabilities PQI Air Pen Express 6W51-0000R2/6W51-0000R2XXX - Multiple Vulnerabilities Novell ServiceDesk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities Totemomail 4.x / 5.x - Persistent Cross-Site Scripting Totemomail 4.x/5.x - Persistent Cross-Site Scripting Tiki Wiki CMS Calendar 14.2 / 12.5 LTS / 9.11 LTS / 6.15 - Remote Code Execution Tiki Wiki CMS Calendar 6.15/9.11 LTS/12.5 LTS/14.2 - Remote Code Execution Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated Arbitrary File Upload Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Unauthenticated Arbitrary File Upload Untangle NGFW 12.1.0 Beta - execEvil() Command Injection Untangle NGFW 12.1.0 Beta - 'execEvil()' Command Injection GSX Analyzer 10.12 / 11 - 'main.swf' Hard-Coded Superadmin Credentials GSX Analyzer 10.12/11 - 'main.swf' Hard-Coded Superadmin Credentials Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities Trend Micro Deep Discovery 3.7 / 3.8 SP1 (3.81) / 3.8 SP2 (3.82) - hotfix_upload.cgi Filename Remote Code Execution Trend Micro Deep Discovery 3.7/3.8 SP1 (3.81)/3.8 SP2 (3.82) - 'hotfix_upload.cgi' Filename Remote Code Execution WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities Zabbix 2.2.x / 3.0.x - SQL Injection Zabbix 2.2.x/3.0.x - SQL Injection Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection Lepton CMS 2.2.0/2.2.1 - Directory Traversal Lepton CMS 2.2.0/2.2.1 - PHP Code Injection RSS News AutoPilot Script 1.0.1 / 3.1.0 - Admin Panel Authentication Bypass RSS News AutoPilot Script 1.0.1/3.1.0 - Admin Panel Authentication Bypass Oracle BI Publisher 11.1.1.6.0 / 11.1.1.7.0 / 11.1.1.9.0 / 12.2.1.0.0 - XML External Entity Injection Oracle BI Publisher 11.1.1.6.0/11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 - XML External Entity Injection SPIP 3.1.1 / 3.1.2 - File Enumeration / Path Traversal SPIP 3.1.1/3.1.2 - File Enumeration / Path Traversal WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery WordPress Plugin Quiz And Survey Master 4.5.4/4.7.8 - Cross-Site Request Forgery Zoneminder 1.29 / 1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery RSS News AutoPilot Script 1.0.1 / 3.0.3 - Cross-Site Request Forgery RSS News AutoPilot Script 1.0.1/3.0.3 - Cross-Site Request Forgery Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'license.php' Remote Command Execution (Metasploit) OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'welcome' Remote Command Execution (Metasploit) OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit) OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit) Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution (Metasploit) Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit) Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution Horde Groupware Webmail 3/4/5 - Multiple Remote Code Execution Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting GLPI 0.90.4 - SQL Injection WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection	2017-06-28 05:01:23 +00:00
g0tmi1k	40b350e820	Merge pull request #94 from g0tmi1k/searchsploit Missed one with `ed901b5499`	2017-06-27 11:45:40 +01:00
g0tmi1k	ec953c87a3	Missed one with `ed901b5499`	2017-06-27 11:41:43 +01:00
Offensive Security	6ab9a26ee4	DB: 2017-06-27 10 new exploits PHP Exif Extension - 'exif_read_data()' Function Remote Denial of Service PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service PHP phar extension 1.1.1 - Heap Overflow PHP 'phar' Extension 1.1.1 - Heap Overflow PHP 5.2.1 GD Extension - '.WBMP' File Integer Overflow Vulnerabilities PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities PHP 5.3.1 - 'session_save_path()' 'Safe_mode' Restriction-Bypass PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot PHP 5.3.2 xmlrpc Extension - Multiple Remote Denial of Service Vulnerabilities PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities PHP 5.3.x - 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service PHP 5.3.x - 'Zip' Extension 'stream_get_contents()' Function Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service PHP < 5.3.6 OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak Denial of Service PHP < 5.3.6 OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write NTFS 3.1 - Master File Table Denial of Service LAME 3.99.5 - 'II_step_one' Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow PHP COM extensions - (inconsistent Win32) Safe_mode Bypass Exploit PHP 'COM' Extensions - (inconsistent Win32) 'safe_mode' Bypass Exploit PHP 5.2.3 Tidy extension - Local Buffer Overflow PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow PHP 5.2.3 - Win32std ext. Safe_mode/disable_functions Protections Bypass PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass PHP 5.x - (Win32service) Local Safe Mode Bypass Exploit PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit PHP FFI Extension 5.0.5 - Local Safe_mode Bypass PHP Perl Extension - Safe_mode BypassExploit PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass PHP 5.x - COM functions Safe_mode and disable_function Bypass PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass PHP 5.2.6 - (error_log) Safe_mode Bypass PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit PHP - Safe_mode Bypass via proc_open() and custom Environment PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment PHP python extension safe_mode - Bypass Local PHP 'python' Extension - 'safe_mode' Local Bypass Exploit PHP 3 < 5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass PHP 3 < 5 - Ini_Restore() 'Safe_mode' / 'open_basedir' Restriction Bypass PHP 5.2 - Session.Save_Path() Safe_mode and open_basedir Restriction Bypass PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass PHP 5.2 - FOpen Safe_mode Restriction-Bypass PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit PHP 5.2.9 cURL - 'Safe_mode' and 'open_basedir' Restriction-Bypass PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit JAD Java Decompiler 1.5.8e - Buffer Overflow Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass/RCI Exploit Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit Network Tool 0.2 PHP-Nuke Addon - MetaCharacter Filtering Command Execution PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution PHP 4.x/5.x - Html_Entity_Decode() Information Disclosure PHP 4.x/5.x - 'Html_Entity_Decode()' Information Disclosure PHP 4.x - copy() Function Safe Mode Bypass PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit PHP 5.2.5 - cURL 'safe mode' Security Bypass PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit PHP 5.x (5.3.x 5.3.2) - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit) Crypttech CryptoLog - Remote Code Execution (Metasploit) Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit) Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit) Linux/x86 - Bind Shell Shellcode (75 bytes) JiRos Banner Experience 1.0 - (Create Authentication Bypass) Remote Exploit JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit XOOPS myAds Module - (lid) SQL Injection XOOPS myAds Module - 'lid' SQL Injection PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit Kolang - proc_open PHP safe mode Bypass 4.3.10 - 5.3.0 Exploit Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit SmarterMail 7.x (7.2.3925) - Persistent Cross-Site Scripting SmarterMail 7.x (7.2.3925) - LDAP Injection SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting SmarterMail < 7.2.3925 - LDAP Injection MaticMarket 2.02 for PHP-Nuke - Local File Inclusion PHP-Nuke MaticMarket 2.02 - Local File Inclusion WordPress Plugin BuddyPress plugin 1.5.x < 1.5.5 - SQL Injection WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection Search Enhanced Module 1.1/2.0 for PHP-Nuke - HTML Injection PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Exploit Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock) PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock) phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection pragmaMx 1.12.1 - modules.php URI Cross-Site Scripting pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting Glossaire Module for XOOPS - '/modules/glossaire/glossaire-aff.php' SQL Injection XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection ATutor LMS - install_modules.php Cross-Site Request Forgery / Remote Code Execution ATutor LMS - 'install_modules.php' Cross-Site Request Forgery / Remote Code Execution vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API Eltek SmartPack - Backdoor Account	2017-06-27 05:01:26 +00:00
g0tmi1k	01582b0e2c	Merge pull request #93 from g0tmi1k/searchsploit Move the ordering about (to help regex)	2017-06-26 17:53:06 +01:00
g0tmi1k	ed901b5499	Move the ordering about (to help regex)	2017-06-26 17:52:14 +01:00
g0tmi1k	49460c0421	Merge pull request #92 from g0tmi1k/searchsploit Output is sorted by title	2017-06-26 11:55:40 +01:00
g0tmi1k	c35249ca4b	Output is sorted by the title	2017-06-26 11:54:53 +01:00
Offensive Security	66671632b5	DB: 2017-06-24 16 new exploits Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption Microsoft Windows - 'USP10!ttoGetTableData' Uniscribe Font Processing Out-of-Bounds Memory Read Microsoft Windows - 'USP10!SubstituteNtoM' Uniscribe Font Processing Out-of-Bounds Memory Read Microsoft Windows - 'USP10!CreateIndexTable' Uniscribe Font Processing Out-of-Bounds Memory Read Microsoft Windows - 'USP10!NextCharInLiga' Uniscribe Font Processing Out-of-Bounds Memory Read Microsoft Windows - 'USP10!otlSinglePosLookup::getCoverageTable' Uniscribe Font Processing Out-of-Bounds Memory Read Microsoft Windows - 'USP10!otlValueRecord::adjustPos' Uniscribe Font Processing Out-of-Bounds Memory Read Microsoft Windows - 'USP10!otlReverseChainingLookup::apply' Uniscribe Font Processing Out-of-Bounds Memory Read Microsoft Windows - 'nt!NtQueryInformationResourceManager (information class 0)' Kernel Stack Memory Disclosure Microsoft Windows - Kernel ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table Microsoft Windows - 'nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation)' Kernel Stack Memory Disclosure unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write Microsoft Edge - 'CssParser::RecordProperty' Type Confusion Adobe Flash - AVC Edge Processing Out-of-Bounds Read Adobe Flash - Image Decoding Out-of-Bounds Read Adobe Flash - ATF Parser Heap Corruption Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution	2017-06-24 05:01:27 +00:00
Offensive Security	86f822c557	DB: 2017-06-23 11 new exploits Microsoft Windows - ASN.1 LSASS.exe Remote Exploit (MS04-007) Microsoft Windows - ASN.1 'LSASS.exe' Remote Exploit (MS04-007) Slackware Linux - /usr/bin/ppp-off Insecure /tmp Call Exploit Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call Exploit Microsoft Windows XP/2000 - TCP Connection Reset Remote Attack Tool Microsoft Windows XP/2000 - TCP Connection Reset Remote Exploit PostgreSQL 8.01 - Remote Reboot Denial of Service PostgreSQL 8.01 - Remote Reboot (Denial of Service) Cisco IP Phone 7940 - (Reboot) Denial of Service Cisco IP Phone 7940 - Reboot (Denial of Service) Cisco Aironet Wireless Access Points - Memory Exhaustion ARP Attack Denial of Service Cisco Aironet Wireless Access Points - Memory Exhaustion ARP (Denial of Service) Dropbear / OpenSSH Server - (MAX_UNAUTH_CLIENTS) Denial of Service Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIENTS' Denial of Service 2WIRE Modems/Routers - CRLF Denial of Service 2WIRE Modems/Routers - 'CRLF' Denial of Service FTP Explorer 1.0.1 Build 047 - (CPU Consumption) Remote Denial of Service FTP Explorer 1.0.1 Build 047 - Remote CPU Consumption (Denial of Service) Cisco Phone 7940/7960 - (SIP INVITE) Remote Denial of Service Cisco Phone 7940/7960 - 'SIP INVITE' Remote Denial of Service Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Hang / Crash (Denial of Service) Mozilla Firefox 2.0.0.3 / Gran Paradiso 3.0a3 - Hang / Crash (Denial of Service) Linksys SPA941 - (remote reboot) Remote Denial of Service Linksys SPA941 - Remote Reboot (Denial of Service) CA BrightStor Backup 11.5.2.0 - caloggderd.exe Denial of Service CA BrightStor Backup 11.5.2.0 - Mediasvr.exe Denial of Service CA BrightStor Backup 11.5.2.0 - 'caloggderd.exe' Denial of Service CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Denial of Service Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial of Service Galaxy FTP Server 1.0 (Neostrada Livebox DSL Router) - Denial of Service Mcafee EPO 4.0 - FrameworkService.exe Remote Denial of Service Mcafee EPO 4.0 - 'FrameworkService.exe' Remote Denial of Service Xerox Phaser 8400 - (reboot) Remote Denial of Service Xerox Phaser 8400 - Remote Reboot (Denial of Service) Microsoft Windows Mobile 6.0 - Device long name Remote Reboot Exploit Microsoft Windows Mobile 6.0 - Device Long Name Remote Reboot (Denial of Service) Linksys WAG54G v2 (Wireless ADSL Router) - httpd Denial of Service Linksys WAG54G v2 Wireless ADSL Router - httpd Denial of Service Netgear SSL312 Router - Denial of Service NETGEAR SSL312 Router - Denial of Service Netgear WGR614v9 Wireless Router - Denial of Service NETGEAR WGR614v9 Wireless Router - Denial of Service Gigaset SE461 WiMAX router - Remote Denial of Service Gigaset SE461 WiMAX Router - Remote Denial of Service Netgear DG632 Router - Remote Denial of Service NETGEAR DG632 Router - Remote Denial of Service Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (Denial of Service) (PoC) Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot Exploit Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot (Denial of Service) Siemens Gigaset SE361 WLAN - Remote Reboot Exploit Siemens Gigaset SE361 WLAN - Remote Reboot (Denial of Service) Apple Mac OSX 10.6 - HFS File System Attack (Denial of Service) Apple Mac OSX 10.6 - HFS FileSystem Exploit (Denial of Service) HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe' 'execvp_nc' Remote Code Execution Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe Denial of Service (PoC) Cyclope Internet Filtering Proxy 4.0 - 'CEPMServer.exe' Denial of Service (PoC) AirTies-4450 - Unauthorized Remote Reboot AirTies-4450 - Unauthorized Remote Reboot (Denial of Service) Digital Ultrix 4.0/4.1 - /usr/bin/chroot Exploit SunOS 4.1.1 - /usr/release/bin/makeinstall Exploit SunOS 4.1.1 - /usr/release/bin/winstall Exploit Digital Ultrix 4.0/4.1 - '/usr/bin/chroot' Exploit SunOS 4.1.1 - '/usr/release/bin/makeinstall' Exploit SunOS 4.1.1 - '/usr/release/bin/winstall' Exploit Linux Kernel 2.2 - 'ldd core' Force Reboot Linux Kernel 2.2 - 'ldd core' Force Reboot (Denial of Service) Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - visiadmin.exe Denial of Service Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - 'visiadmin.exe' Denial of Service OReilly WebSite 1.x/2.0 - win-c-sample.exe Buffer Overflow OReilly WebSite 1.x/2.0 - 'win-c-sample.exe' Buffer Overflow Microsoft Internet Explorer 5.0.1/5.5 - 'mstask.exe' CPU Consumption Microsoft Internet Explorer 5.0.1/5.5 - 'mstask.exe' CPU Consumption (Denial of Service) ID Software Quake 3 - 'smurf attack' Denial of Service ID Software Quake 3 - 'SMURF' Denial of Service Melange Chat System 2.0.2 Beta 2 - /yell Remote Buffer Overflow Melange Chat System 2.0.2 Beta 2 - '/yell' Remote Buffer Overflow Microsoft Windows NT/2000 - cmd.exe CD Buffer Overflow Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow Gordano Messaging Suite 9.0 - WWW.exe Denial of Service Gordano Messaging Suite 9.0 - 'WWW.exe' Denial of Service TYPSoft FTP Server 1.1 - Remote CPU Consumption Denial of Service TYPSoft FTP Server 1.1 - Remote CPU Consumption (Denial of Service) Microsoft Windows XP - explorer.exe Remote Denial of Service Microsoft Windows XP - 'explorer.exe' Remote Denial of Service VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions VMware Workstation - 'vprintproxy.exe' JPEG2000 Images Multiple Memory Corruptions Gattaca Server 2003 - web.tmpl Language Variable CPU Consumption Denial of Service Gattaca Server 2003 - 'web.tmpl' 'Language' Parameter CPU Consumption (Denial of Service) VMware Workstation - vprintproxy.exe TrueType NAME Tables Heap Buffer Overflow VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow Microsoft Windows XP - explorer.exe .tiff Image Denial of Service Microsoft Windows XP - 'explorer.exe' '.tiff' Image Denial of Service Microsoft Windows XP - TSShutdn.exe Remote Denial of Service Microsoft Windows XP - 'TSShutdn.exe' Remote Denial of Service Orenosv HTTP/FTP Server 0.8.1 - CGISSI.exe Remote Buffer Overflow Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow PHPMailer 1.7 - Data() Function Remote Denial of Service PHPMailer 1.7 - 'Data()' Function Remote Denial of Service Sights 'N Sounds Streaming Media Server 2.0.3 - SWS.exe Buffer Overflow Sights 'N Sounds Streaming Media Server 2.0.3 - 'SWS.exe' Buffer Overflow DSocks 1.3 - Name Variable Buffer Overflow DSocks 1.3 - 'Name' Parameter Buffer Overflow Microsoft Class Package Export Tool 5.0.2752 - Clspack.exe Local Buffer Overflow Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow Android Zygote - Socket and Fork bomb Attack Android Zygote - Socket and Fork Bomb (Denial of Service) Nvidia NView 3.5 - Keystone.exe Local Denial of Service Nvidia NView 3.5 - 'Keystone.exe' Local Denial of Service Ipswitch WS_FTP 2007 Professional - WSFTPURL.exe Local Memory Corruption Ipswitch WS_FTP 2007 Professional - 'WSFTPURL.exe' Local Memory Corruption Larson Network Print Server 9.4.2 build 105 - (LstNPS) NPSpcSVR.exe License Command Remote Overflow Larson Network Print Server 9.4.2 build 105 (LstNPS) - 'NPSpcSVR.exe' License Command Remote Overflow Linksys WRH54G 1.1.3 - (Wireless-G Router) Malformed HTTP Request Denial of Service Linksys WRH54G 1.1.3 Wireless-G Router - Malformed HTTP Request Denial of Service Ability FTP Server 2.1.4 - afsmain.exe USER Command Remote Denial of Service Ability FTP Server 2.1.4 - 'afsmain.exe' USER Command Remote Denial of Service Adobe Flash - Setting Variable Use-After-Free Adobe Flash - 'Setting' Variable Use-After-Free Git 1.9.5 - ssh-agent.exe Buffer Overflow Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow Apple Mac OSX 10.11 - FTS Deep Structure of the File System Buffer Overflow Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow Adobe Flash TextField Variable - Use-After Free Adobe Flash TextField.Variable Setter - Use-After-Free Adobe Flash - 'TextField' Variable Use-After Free Adobe Flash - TextField.Variable Setter Use-After-Free Seowon Intech WiMAX SWC-9100 Router - /cgi-bin/reboot.cgi Unauthenticated Remote Reboot Denial of Service Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Unauthenticated Remote Reboot (Denial of Service) Microsoft WinDbg - logviewer.exe Crash (PoC) Microsoft WinDbg - 'logviewer.exe' Crash (PoC) Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Stack Memory Disclosure Microsoft Windows - 'win32k!NtGdiGetTextMetricsW' Kernel Stack Memory Disclosure Microsoft Windows - 'win32k!NtGdiGetRealizationInfo' Kernel Stack Memory Disclosure Microsoft Windows - 'win32k!ClientPrinterThunk' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationJobObject (BasicLimitInformation_ ExtendedLimitInformation)' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessVmCounters)' Kernel Stack Memory Disclosure Microsoft Windows - 'win32k!NtGdiMakeFontDir' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 12)' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 28)' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationTransaction (information class 1)' Kernel Stack Memory Disclosure UUCP Exploit - File Creation/Overwriting (symlinks) Exploit UUCP Exploit - File Creation/Overwriting (Symlinks) Exploit HP-UX 11.0 - /bin/cu Privilege Escalation HP-UX 11.0 - '/bin/cu' Privilege Escalation Solaris 2.6 / 2.7 - /usr/bin/write Local Overflow Solaris 2.6 / 2.7 - '/usr/bin/write' Local Overflow IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) - /usr/bin/lpstat Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - /usr/lib/print/netprint Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Exploit Tru64 UNIX 4.0g - /usr/bin/at Privilege Escalation Slackware 7.1 - /usr/bin/mail Local Exploit Tru64 UNIX 4.0g - '/usr/bin/at' Privilege Escalation Slackware 7.1 - '/usr/bin/mail' Local Exploit Solaris 2.4 - /bin/fdformat Local Buffer Overflows Solaris 2.5.1 lp and lpsched - Symlink Vulnerabilities Solaris 2.4 - '/bin/fdformat' Local Buffer Overflow Solaris 2.5.1 lp / lpsched - Symlink Vulnerabilities AIX 4.2 - /usr/dt/bin/dtterm Local Buffer Overflow AIX 4.2 - '/usr/dt/bin/dtterm' Local Buffer Overflow SGI IRIX - /bin/login Local Buffer Overflow IRIX 5.3 - /usr/sbin/iwsh Buffer Overflow Privilege Escalation SGI IRIX - '/bin/login Local' Buffer Overflow IRIX 5.3 - '/usr/sbin/iwsh' Buffer Overflow Privilege Escalation Apple Mac OSX 10.3.7 - mRouter Privilege Escalation Apple Mac OSX 10.3.7 - 'mRouter' Privilege Escalation Sudo 1.6.8p9 - (SHELLOPTS/PS4 ENV variables) Privilege Escalation Sudo 1.6.8p9 - SHELLOPTS/PS4 Environment Variables Privilege Escalation Appfluent Database IDS < 2.1.0.103 - (Env Variable) Local Exploit Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Exploit HP-UX 11i - (LIBC TZ enviroment Variable) Privilege Escalation HP-UX 11i - 'LIBC TZ' Enviroment Variable Privilege Escalation Xcode OpenBase 10.0.0 (OSX) - (symlink) Privilege Escalation Xcode OpenBase 10.0.0 (OSX) - Symlink Privilege Escalation Adobe Photoshop CS2 - / CS3 Unspecified '.bmp' File Buffer Overflow Adobe Photoshop CS2 / CS3 - Unspecified '.bmp' File Buffer Overflow Debian - (symlink attack in login) Arbitrary File Ownership (PoC) Debian - (Symlink In Login) Arbitrary File Ownership (PoC) Cain & Abel 4.9.25 - (Cisco IOS-MD5) Local Buffer Overflow Cain & Abel 4.9.25 - 'Cisco IOS-MD5' Local Buffer Overflow xscreensaver 5.01 - Arbitrary File Disclosure Symlink Attack xscreensaver 5.01 - Arbitrary File Disclosure Symlink Exploit PHP 5.2.12/5.3.1 - symlink() open_basedir Bypass PHP 5.2.12/5.3.1 - 'symlink()' open_basedir Bypass HP OpenView Network Node Manager (OV NNM) 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovwebsnmpsrv.exe' Buffer Overflow (SEH) Microsoft Windows 7 - 'wab32res.dll' wab.exe DLL Microsoft Windows 7 - 'wab32res.dll' 'wab.exe' DLL Hijacking Oracle 10/11g - exp.exe Parameter file Local Buffer Overflow (PoC) Oracle 10/11g - 'exp.exe' 'file' Parameter Local Buffer Overflow (PoC) ISC BIND 4.9.7 -T1B - named SIGINT and SIGIOT symlink ISC BIND 4.9.7 -T1B - named SIGINT and SIGIOT Symlink Exploit Hancom Office 2007 - Reboot.ini Clear-Text Passwords Hancom Office 2007 - 'Reboot.ini' Clear-Text Passwords G. Wilford man 2.3.10 - Symlink G. Wilford man 2.3.10 - Symlink Exploit X11R6 3.3.3 - Symlink X11R6 3.3.3 - Symlink Exploit SGI IRIX 6.2 - /usr/lib/netaddpr Exploit SGI IRIX 6.2 - '/usr/lib/netaddpr' Exploit SCO Open Server 5.0.5 - 'userOsa' symlink SCO Open Server 5.0.5 - 'userOsa' Symlink Exploit Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Spoolss.exe DLL Insertion Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Spoolss.exe' DLL Insertion FreeBSD 3.3 gdc - Symlink FreeBSD 3.3 gdc - Symlink Exploit SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink Exploit FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - /proc File Sytem FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - '/proc' FileSystem Exploit Debian 2.1 - apcd Symlink Debian 2.1 - apcd Symlink Exploit SCO Unixware 7.1/7.1.1 - ARCserver /tmp symlink SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink Exploit Sun Workshop 5.0 - Licensing Manager Symlink Sun Workshop 5.0 - Licensing Manager Symlink Exploit Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - /tmp Symlink Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - '/tmp' Symlink Exploit OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink Exploit KDE 1.1 - /1.1.1/1.1.2/1.2 kdesud DISPLAY Environment Variable Overflow KDE 1.1/1.1.1/1.1.2/1.2 - kdesud DISPLAY Environment Variable Overflow HP-UX 10.20/11.0 man - /tmp Symlink Exploit HP-UX 10.20/11.0 - man '/tmp' Symlink Exploit HP-UX 10.20/11.0 crontab - /tmp File HP-UX 10.20/11.0 - crontab '/tmp' File Exploit Solaris 10 Patch 137097-01 - Symlink Attack Privilege Escalation Solaris 10 Patch 137097-01 - Symlink Privilege Escalation Tower Toppler 0.99.1 - Display Variable Local Buffer Overflow Tower Toppler 0.99.1 - 'Display' Parameter Local Buffer Overflow Microsoft Windows Server 2000 - RegEdit.exe Registry Key Value Buffer Overflow Microsoft Windows Server 2000 - 'RegEdit.exe' Registry Key Value Buffer Overflow RedHat 9.0 / Slackware 8.1 - /bin/mail Carbon Copy Field Buffer Overrun RedHat 9.0 / Slackware 8.1 - '/bin/mail' Carbon Copy Field Buffer Overrun Linux Kernel 2.2.x / 2.4.x - /proc Filesystem Potential Information Disclosure Linux Kernel 2.2.x / 2.4.x - '/proc' Filesystem Potential Information Disclosure Microsoft Windows XP/2000 - RunDLL32.exe Buffer Overflow Microsoft Windows XP/2000 - 'RunDLL32.exe' Buffer Overflow Tower Toppler 0.96 - HOME Environment Variable Local Buffer Overflow Tower Toppler 0.96 - 'HOME Environment' Parameter Local Buffer Overflow Top 1.x/2.0 - Home Environment Variable Local Buffer Overflow Top 1.x/2.0 - 'Home Environment' Parameter Local Buffer Overflow XBlast 2.6.1 - HOME Environment Variable Buffer Overflow XBlast 2.6.1 - 'HOME Environment' Variable Buffer Overflow XPCD 2.0.8 - Home Environment Variable Local Buffer Overflow XPCD 2.0.8 - 'Home Environment' Variable Local Buffer Overflow XSOK 1.0 2 - LANG Environment Variable Local Buffer Overrun XSOK 1.0 2 - 'LANG Environment' Variable Local Buffer Overrun Linux Kernel 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure Linux Kernel 2.6.32-5 (Debian 6.0.5) - '/dev/ptmx' Key Stroke Timing Local Disclosure ELinks Relative 0.10.6 - /011.1 Path Arbitrary Code Execution ELinks Relative 0.10.6 / 011.1 - Path Arbitrary Code Execution Oracle - HtmlConverter.exe Buffer Overflow Oracle - 'HtmlConverter.exe' Buffer Overflow Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation Linux pam_lib_smb < 1.1.6 - /bin/login Remote Exploit Linux pam_lib_smb < 1.1.6 - '/bin/login' Remote Exploit Microsoft Windows - DHCP Client Broadcast Attack Exploit (MS06-036) Microsoft Windows - DHCP Client Broadcast Exploit (MS06-036) Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - (FTP) Remote Exploit Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - 'FTP' Remote Exploit Oracle 9i / 10g - 'utl_file' File System Access Exploit Oracle 9i / 10g - 'utl_file' FileSystem Access Exploit HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'ovalarmsrv.exe' Remote Overflow Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb) Cisco IOS 12.3(18) - FTP Server Remote Exploit (Attached to GDB) Sagem F@ST (Routers) - (dhcp hostname attack) Cross-Site Request Forgery Sagem F@ST Routers - DHCP Hostname Cross-Site Request Forgery Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Attack (PoC) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC) Microsoft Windows - SmbRelay3 NTLM Replay Attack Tool/Exploit (MS08-068) Microsoft Windows - SmbRelay3 NTLM Replay Exploit (MS08-068) Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting Attack Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting Apple Safari 3.2.x - (XXE attack) Local File Theft Apple Safari 3.2.x - (XXE) Local File Theft Netgear DG632 Router - Authentication Bypass NETGEAR DG632 Router - Authentication Bypass BRS Webweaver 1.33 - /Scripts Access Restriction Bypass BRS Webweaver 1.33 - '/Scripts' Access Restriction Bypass Ada Image Server 0.6.7 - imgsrv.exe Buffer Overflow Ada Image Server 0.6.7 - 'imgsrv.exe' Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Unauthenticated Remote Buffer Overflow HMS HICP Protocol + Intellicom - NetBiterConfig.exe Remote Buffer Overflow Cisco ASA 8.x - VPN SSL module Clientless URL-list control Bypass HMS HICP Protocol + Intellicom - 'NetBiterConfig.exe' Remote Buffer Overflow Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass HP OpenView Network Node Manager (OV NNM) - OvWebHelp.exe CGI Topic Overflow HP OpenView Network Node Manager (OV NNM) - 'OvWebHelp.exe' CGI Topic Overflow HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid MaxAge Remote Code Execution HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid ICount Remote Code Execution HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid Hostname Remote Code Execution minerCPP 0.4b - Remote Buffer Overflow / Format String Attack Exploit minerCPP 0.4b - Remote Buffer Overflow / Format String Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution COMTREND ADSL Router CT-5367 C01_R12 - Remote Code Execution HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (1) HP - 'OmniInet.exe' MSG_PROTOCOL Buffer Overflow (Metasploit) (1) HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (2) HP - 'OmniInet.exe' MSG_PROTOCOL Buffer Overflow (Metasploit) (2) Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (MS10-023) (Metasploit) Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023) (Metasploit) IBM Lotus Domino Sametime - STMux.exe Stack Buffer Overflow (Metasploit) IBM Lotus Domino Sametime - 'STMux.exe' Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager - Snmp.exe CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'Snmp.exe' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - OvWebHelp.exe CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'OvWebHelp.exe' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - Toolbar.exe CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovalarm.exe' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - OpenView5.exe CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'OpenView5.exe' CGI Buffer Overflow (Metasploit) IBM TPM for OS Deployment 5.1.0.x - rembo.exe Buffer Overflow (Metasploit) IBM TPM for OS Deployment 5.1.0.x - 'rembo.exe' Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - EarthAgent.exe Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'OvJavaLocale' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'execvp' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager - snmpviewer.exe Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovwebsnmpsrv.exe ovutil Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe' 'schdParams' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'ICount' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'main' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' Unrecognized Option Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'ovutil' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'Hostname' CGI Buffer Overflow (Metasploit) 7-Technologies IGSS 9.00.00 b11063 - IGSSdataServer.exe Stack Overflow (Metasploit) 7-Technologies IGSS 9.00.00 b11063 - 'IGSSdataServer.exe' Stack Overflow (Metasploit) Citrix Provisioning Services 5.6 - streamprocess.exe Buffer Overflow (Metasploit) Citrix Provisioning Services 5.6 - 'streamprocess.exe' Buffer Overflow (Metasploit) FactoryLink - vrn.exe Opcode 9 Buffer Overflow (Metasploit) FactoryLink - 'vrn.exe' Opcode 9 Buffer Overflow (Metasploit) HP - OmniInet.exe Opcode 27 Buffer Overflow (Metasploit) HP - 'OmniInet.exe' Opcode 27 Buffer Overflow (Metasploit) Symantec Backup Exec 12.5 - MiTM Attack Symantec Backup Exec 12.5 - Man In The Middle Exploit HP OpenView Network Node Manager - Toolbar.exe CGI Cookie Handling Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Cookie Handling Buffer Overflow (Metasploit) Sunway Force Control SCADA 6.1 SP3 - httpsrv.exe Exploit Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Exploit Procyon Core Server HMI 1.13 - Coreservice.exe Stack Buffer Overflow (Metasploit) Procyon Core Server HMI 1.13 - 'Coreservice.exe' Stack Buffer Overflow (Metasploit) HP Diagnostics Server - magentservice.exe Overflow (Metasploit) HP Diagnostics Server - 'magentservice.exe' Overflow (Metasploit) Sunway ForceControl - SNMP NetDBServer.exe Opcode 0x57 (Metasploit) Sunway ForceControl - SNMP 'NetDBServer.exe' Opcode 0x57 (Metasploit) Trend Micro Control Manger 5.5 - CmdProcessor.exe Stack Buffer Overflow (Metasploit) Trend Micro Control Manger 5.5 - 'CmdProcessor.exe' Stack Buffer Overflow (Metasploit) Antelope Software W4-Server 2.6 a/Win32 - Cgitest.exe Buffer Overflow Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Buffer Overflow Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities Netscape Enterprise Server / Novell Groupwise 5.2/5.5 - 'GWWEB.EXE' Multiple Vulnerabilities FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - htimage.exe File Existence Disclosure FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - 'htimage.exe' File Existence Disclosure NAI Net Tools PKI Server 1.0 - strong.exe Buffer Overflow NAI Net Tools PKI Server 1.0 - 'strong.exe' Buffer Overflow Mandrake 6.1/7.0/7.1 - /perl http Directory Disclosure Mandrake 6.1/7.0/7.1 - '/perl' HTTP Directory Disclosure Microsoft IIS 3.0 - newdsn.exe File Creation Microsoft IIS 3.0 - 'newdsn.exe' File Creation Greg Matthews - Classifieds.cgi 1.0 Hidden Variable Greg Matthews - 'Classifieds.cgi' 1.0 Hidden Variable WebCom datakommunikation Guestbook 0.1 - wguest.exe Arbitrary File Access WebCom datakommunikation Guestbook 0.1 - rguest.exe Arbitrary File Access WebCom datakommunikation Guestbook 0.1 - 'wguest.exe' Arbitrary File Access WebCom datakommunikation Guestbook 0.1 - 'rguest.exe' Arbitrary File Access MetaProducts Offline Explorer 1.x - File System Disclosure MetaProducts Offline Explorer 1.x - FileSystem Disclosure Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Attack Detection Evasion Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Detection Evasion Webmin 1.580 - /file/show.cgi Remote Command Execution (Metasploit) Webmin 1.580 - '/file/show.cgi' Remote Command Execution (Metasploit) HP Operations Agent Opcode - coda.exe 0x8c Buffer Overflow (Metasploit) HP Operations Agent - Opcode coda.exe 0x34 Buffer Overflow (Metasploit) HP Operations Agent - Opcode 'coda.exe' 0x8c Buffer Overflow (Metasploit) HP Operations Agent - Opcode 'coda.exe' 0x34 Buffer Overflow (Metasploit) Netgear FM114P ProSafe Wireless Router - UPnP Information Disclosure NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure Netgear FM114P ProSafe Wireless Router - Rule Bypass NETGEAR FM114P ProSafe Wireless Router - Rule Bypass M-TECH P-Synch 6.2.5 - nph-psf.exe css Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - nph-psa.exe css Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Cross-Site Scripting Microsoft Internet Explorer 6 -' %USERPROFILE%' File Execution Microsoft Internet Explorer 6 - '%USERPROFILE%' File Execution EZMeeting 3.x - EZNet.exe Long HTTP Request Remote Buffer Overflow EZMeeting 3.x - 'EZNet.exe' Long HTTP Request Remote Buffer Overflow Enterasys NetSight - nssyslogd.exe Buffer Overflow (Metasploit) IBM Cognos - tm1admsd.exe Overflow (Metasploit) Enterasys NetSight - 'nssyslogd.exe' Buffer Overflow (Metasploit) IBM Cognos - 'tm1admsd.exe' Overflow (Metasploit) Webcam Corp Webcam Watchdog 4.0.1 - sresult.exe Cross-Site Scripting Webcam Corp Webcam Watchdog 4.0.1 - 'sresult.exe' Cross-Site Scripting Microsoft Windows XP/2000/2003 -'winhlp32' Phrase Integer Overflow Microsoft Windows XP/2000/2003 - 'winhlp32' Phrase Integer Overflow Oracle 8.x/9.x/10.x - Database Multiple SQL Injection Oracle 8.x/9.x/10.x Database - Multiple SQL Injections SAP Business Connector 4.6/4.7 - chopSAPLog.dsp fullName Variable Arbitrary File Disclosure SAP Business Connector 4.6/4.7 - deleteSingle fullName Variable Arbitrary File Deletion SAP Business Connector 4.6/4.7 - adapter-index.dsp url Variable Arbitrary Site Redirect SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp' 'fullName' Parameter Arbitrary File Disclosure SAP Business Connector 4.6/4.7 - 'deleteSingle' 'fullName' Parameter Arbitrary File Deletion SAP Business Connector 4.6/4.7 - 'adapter-index.dsp' 'url' Parameter Arbitrary Site Redirect Microsoft PowerPoint 2003 - powerpnt.exe Unspecified Issue Microsoft PowerPoint 2003 - 'powerpnt.exe' Unspecified Issue Cruiseworks 1.09 - Cws.exe Doc Directory Traversal Cruiseworks 1.09 - Cws.exe Doc Buffer Overflow Cruiseworks 1.09 - 'Cws.exe' Doc Directory Traversal Cruiseworks 1.09 - 'Cws.exe' Doc Buffer Overflow aBitWhizzy - whizzypic.php d Variable Traversal Arbitrary Directory Listing aBitWhizzy - 'whizzypic.php' 'd' ParameterTraversal Arbitrary Directory Listing LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow LANDesk Management Suite 8.7 Alert Service - 'AOLSRVR.exe' Buffer Overflow Trend Micro ServerProtect 5.58 - SpntSvc.exe Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow ABB MicroSCADA - wserver.exe Remote Code Execution (Metasploit) ABB MicroSCADA - 'wserver.exe' Remote Code Execution (Metasploit) SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities SAP DB 7.x Web Server - 'WAHTTP.exe' Multiple Buffer Overflow Vulnerabilities Cisco User-Changeable Password (UCP) 3.3.4.12.5 - CSUserCGI.exe Help Facility Cross-Site Scripting Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSUserCGI.exe' Help Facility Cross-Site Scripting HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access HP OpenView Network Node Manager (OV NNM) 7.x - 'OpenView5.exe' Action Parameter Traversal Arbitrary File Access F5 FirePass 6.0.2.3 - /vdesk/admincon/webyfiers.php css_exceptions Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - /vdesk/admincon/index.php sql_matchscope Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php' 'css_exceptions' Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php' 'sql_matchscope' Parameter Cross-Site Scripting GE Proficy CIMPLICITY - gefebt.exe Remote Code Execution (Metasploit) GE Proficy CIMPLICITY - 'gefebt.exe' Remote Code Execution (Metasploit) SolidWorks Workgroup PDM 2014 - pdmwService.exe Arbitrary File Write (Metasploit) SolidWorks Workgroup PDM 2014 - 'pdmwService.exe' Arbitrary File Write (Metasploit) Yokogawa CENTUM CS 3000 - BKHOdeq.exe Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - BKBCopyD.exe Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Buffer Overflow (Metasploit) Apache Geronimo 2.1.x - /console/portal/Server/Monitoring Multiple Parameter Cross-Site Scripting Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Parameter Cross-Site Scripting Comtrend CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting COMTREND CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - /diagnose Multiple Parameter Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - /configuration Multiple Parameter Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - /scripter.php Multiple Parameter Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - '/diagnose' Multiple Parameter Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - '/configuration' Multiple Parameter Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - '/scripter.php' Multiple Parameter Cross-Site Scripting Yokogawa CS3000 - BKESimmgr.exe Buffer Overflow (Metasploit) Yokogawa CS3000 - 'BKESimmgr.exe' Buffer Overflow (Metasploit) Yokogawa CS3000 - BKFSim_vhfd.exe Buffer Overflow (Metasploit) Yokogawa CS3000 - 'BKFSim_vhfd.exe' Buffer Overflow (Metasploit) U.S.Robotics USR5463 0.06 - Firmware setup_ddns.exe HTML Injection U.S.Robotics USR5463 0.06 Firmware - 'setup_ddns.exe' HTML Injection WhatsApp 2.11.476 - Remote Reboot/Crash App Android Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu.maf jdeowpBackButtonProtect Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu_Menu.mafService e1.namespace Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu_OCL.mafService e1.namespace Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/MafletClose.mafService RENDER_MAFLET Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget Parameter Cross-Site Scripting WhatsApp 2.11.476 (Android) - Remote Reboot/Crash App (Denial of Service) Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf' 'jdeowpBackButtonProtect' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService' 'e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService' 'e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService' 'RENDER_MAFLET' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService' 'jdemafjasLinkTarget' Parameter Cross-Site Scripting Linksys WRT54GL (Wireless Router) - Cross-Site Request Forgery Linksys WRT54GL Wireless Router - Cross-Site Request Forgery Cisco Linksys E4200 - /apply.cgi Multiple Parameter Cross-Site Scripting Cisco Linksys E4200 - '/apply.cgi' Multiple Parameter Cross-Site Scripting Seowon Intech WiMAX SWC-9100 Router - /cgi-bin/diagnostic.cgi ping_ipaddr Parameter Remote Code Execution Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi' 'ping_ipaddr' Parameter Remote Code Execution Netgear D6300B - /diag.cgi IPAddr4 Parameter Remote Command Execution Netgear D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution Comtrend CT-5361T Router - Password.cgi Cross-Site Request Forgery (Admin Password Manipulation) COMTREND CT-5361T Router - 'Password.cgi' Cross-Site Request Forgery (Admin Password Manipulation) Alfresco - /proxy endpoint Parameter Server-Side Request Forgery Alfresco - /cmisbrowser url Parameter Server-Side Request Forgery Alfresco - '/proxy' 'endpoint' Parameter Server-Side Request Forgery Alfresco - '/cmisbrowser' 'url' Parameter Server-Side Request Forgery PhpTagCool 1.0.3 - SQL Injection Attacks Exploit PhpTagCool 1.0.3 - SQL Injection phpBB 2.0.18 - Remote Brute Force/Dictionary Attack Tool (2) phpBB 2.0.18 - Remote Brute Force/Dictionary (2) Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Attack Vectors Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Yrch 1.0 - 'plug.inc.php path Variable' Remote File Inclusion Yrch 1.0 - 'plug.inc.php' 'path' Parameter Remote File Inclusion Vizayn Haber - 'haberdetay.asp id Variable' SQL Injection Vizayn Haber - 'haberdetay.asp' 'id' Parameter SQL Injection iG Calendar 1.0 - 'user.php id Variable' SQL Injection iG Calendar 1.0 - 'user.php' 'id' Parameter SQL Injection MGB 0.5.4.5 - 'email.php id Variable' SQL Injection MGB 0.5.4.5 - 'email.php' 'id' Parameter SQL Injection Alstrasoft e-Friends 4.98 - (seid) Multiple SQL Injection Alstrasoft e-Friends 4.98 - 'seid' Multiple SQL Injections MyPHP Forum 3.0 - (Final) Multiple SQL Injection MyPHP Forum 3.0 (Final) - Multiple SQL Injections File Store PRO 3.2 - Multiple Blind SQL Injection File Store PRO 3.2 - Multiple Blind SQL Injections AssetMan 2.5-b - SQL Injection using Session Fixation Attack AssetMan 2.5-b - SQL Injection using Session Fixation Kasra CMS - 'index.php' Multiple SQL Injection Kasra CMS - 'index.php' Multiple SQL Injections NEWSolved 1.1.6 - 'login grabber' Multiple SQL Injection NEWSolved 1.1.6 - 'login grabber' Multiple SQL Injections T-HTB Manager 0.5 - Multiple Blind SQL Injection T-HTB Manager 0.5 - Multiple Blind SQL Injections Joomla! Component com_oziogallery2 - / IMAGIN Arbitrary file write Joomla! Component com_oziogallery2 / IMAGIN - Arbitrary File Write Open Bulletin Board - Multiple Blind SQL Injection Open Bulletin Board - Multiple Blind SQL Injections AJ Matrix 3.1 - 'id' Multiple SQL Injection AJ Matrix 3.1 - 'id' Multiple SQL Injections Zylone IT - Multiple Blind SQL Injection Zylone IT - Multiple Blind SQL Injections WhiteBoard 0.1.30 - Multiple Blind SQL Injection WhiteBoard 0.1.30 - Multiple Blind SQL Injections AV Arcade 3 - Cookie SQL Injection Authentication Bypass AV Arcade 3 - Cookie SQL Injection / Authentication Bypass Joomla! Component Teams - Multiple Blind SQL Injection Joomla! Component Teams - Multiple Blind SQL Injections AneCMS - /registre/next SQL Injection AneCMS - '/registre/next' SQL Injection Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injections Joomla! Component Clantools 1.2.3 - Multiple Blind SQL Injection Joomla! Component Clantools 1.2.3 - Multiple Blind SQL Injections ColdOfficeView 2.04 - Multiple Blind SQL Injection ColdOfficeView 2.04 - Multiple Blind SQL Injections Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injection Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injections Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injection Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injections Projekt Shop - 'details.php' Multiple SQL Injection Projekt Shop - 'details.php' Multiple SQL Injections PixelPost 1.7.3 - Multiple POST Variables SQL Injection PixelPost 1.7.3 - Multiple POST Parameter SQL Injections Webcat - Multiple Blind SQL Injection Webcat - Multiple Blind SQL Injections LiteRadius 3.2 - Multiple Blind SQL Injection LiteRadius 3.2 - Multiple Blind SQL Injections PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injection PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injections Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit COMTREND CT-5624 Router - Root/Support Password Disclosure/Change Exploit Sagem F@ST 2604 (ADSL Router) - Cross-Site Request Forgery Sagem F@ST 2604 ADSL Router - Cross-Site Request Forgery Rivettracker 1.03 - Multiple SQL Injection Rivettracker 1.03 - Multiple SQL Injections ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injection ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injections PHP Ticket System Beta 1 - 'index.php p Parameter' SQL Injection PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection X-Cart Gold 4.5 - 'products_map.php symb Parameter' Cross-Site Scripting X-Cart Gold 4.5 - 'products_map.php' 'symb' Parameter Cross-Site Scripting Symantec Web Gateway 5.0.2 - 'blocked.php id Parameter' Blind SQL Injection Symantec Web Gateway 5.0.2 - 'blocked.php' 'id' Parameter Blind SQL Injection Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid Parameter' Blind SQL Injection Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php' 'groupid' Parameter Blind SQL Injection Openconstructor CMS 3.12.0 - 'id' Parameter Multiple SQL Injection Openconstructor CMS 3.12.0 - 'id' Parameter Multiple SQL Injections YourArcadeScript 2.4 - 'index.php id Parameter' SQL Injection YourArcadeScript 2.4 - 'index.php' 'id' Parameter SQL Injection AV Arcade Free Edition - 'add_rating.php id Parameter' Blind SQL Injection AV Arcade Free Edition - 'add_rating.php' 'id' Parameter Blind SQL Injection QNAP Turbo NAS TS-1279U-RP - Multiple Path Injection QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections Blog Mod 0.1.9 - 'index.php month Parameter' SQL Injection Blog Mod 0.1.9 - 'index.php' 'month' Parameter SQL Injection Authoria HR Suite - AthCGI.exe Cross-Site Scripting Authoria HR Suite - 'AthCGI.exe' Cross-Site Scripting MyBB Profile Albums Plugin 0.9 - 'albums.php album Parameter' SQL Injection MyBB Profile Albums Plugin 0.9 - 'albums.php' 'album' Parameter SQL Injection M-TECH P-Synch 6.2.5 - nph-psf.exe css Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - nph-psa.exe css Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Remote File Inclusion friendsinwar FAQ Manager - SQL Injection (Authentication Bypass) friendsinwar FAQ Manager - SQL Injection / Authentication Bypass friendsinwar FAQ Manager - 'view_faq.php question Parameter' SQL Injection friendsinwar FAQ Manager - 'view_faq.php' 'question' Parameter SQL Injection SmartCMS - 'index.php idx Parameter' SQL Injection SmartCMS - 'index.php' 'idx' Parameter SQL Injection SmartCMS - 'index.php menuitem Parameter' SQL Injection / Cross-Site Scripting SmartCMS - 'index.php' 'menuitem' Parameter SQL Injection / Cross-Site Scripting Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injection Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injections MyBB AwayList Plugin - 'index.php id Parameter' SQL Injection MyBB AwayList Plugin - 'index.php' 'id' Parameter SQL Injection PHP-Nuke Error Manager Module 2.1 - error.php language Variable Full Path Disclosure PHP-Nuke Error Manager Module 2.1 - error.php Multiple Variables Cross-Site Scripting PHP-Nuke Error Manager Module 2.1 - 'error.php' 'language' Parameter Full Path Disclosure PHP-Nuke Error Manager Module 2.1 - 'error.php' Multiple Parameters Cross-Site Scripting phpHeaven phpMyChat 0.14.5 - edituser.php3 do_not_login Variable Authentication Bypass phpHeaven phpMyChat 0.14.5 - 'edituser.php3' 'do_not_login' Parameter Authentication Bypass NConf 1.3 - 'detail.php detail_admin_items.php id Parameter' SQL Injection NConf 1.3 - 'detail.php' 'detail_admin_items.php' 'id' Parameter SQL Injection Gattaca Server 2003 - Language Variable Path Exposure Gattaca Server 2003 - 'Language' Parameter Path Exposure AntiBoard 0.6/0.7 - antiboard.php Multiple Parameter SQL Injection AntiBoard 0.6/0.7 - antiboard.php Multiple Parameter SQL Injections Scripts Genie Gallery Personals - 'gallery.php L Parameter' SQL Injection Scripts Genie Gallery Personals - 'gallery.php' L' Parameter SQL Injection AdaptCMS 2.0.4 - 'config.php question Parameter' SQL Injection AdaptCMS 2.0.4 - 'config.php' 'question' Parameter SQL Injection Scripts Genie Domain Trader - 'catalog.php id Parameter' SQL Injection Scripts Genie Domain Trader - 'catalog.php' 'id' Parameter SQL Injection Scripts Genie Games Site Script - 'index.php id Parameter' SQL Injection Scripts Genie Games Site Script - 'index.php' 'id' Parameter SQL Injection Scripts Genie Top Sites - 'out.php id Parameter' SQL Injection Scripts Genie Top Sites - 'out.php' 'id' Parameter SQL Injection Scripts Genie Hot Scripts Clone - 'showcategory.php cid Parameter' SQL Injection Scripts Genie Hot Scripts Clone - 'showcategory.php' 'cid' Parameter SQL Injection PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id Parameter' SQL Injection PHPMyRecipes 1.2.2 - 'viewrecipe.php' 'r_id' Parameter SQL Injection MTP Image Gallery 1.0 - 'edit_photos.php title Parameter' Cross-Site Scripting MTP Image Gallery 1.0 - 'edit_photos.php' 'title' Parameter Cross-Site Scripting D-Link DSL-2740B (ADSL Router) - Authentication Bypass D-Link DSL-2740B ADSL Router - Authentication Bypass TIPS MailPost 5.1.1 - APPEND Variable Cross-Site Scripting TIPS MailPost 5.1.1 - 'APPEND' Parameter Cross-Site Scripting DUclassified 4.x - adDetail.asp Multiple Parameter SQL Injection DUclassified 4.x - 'adDetail.asp' Multiple Parameter SQL Injections Rebus:list - 'list.php list_id Parameter' SQL Injection Rebus:list - 'list.php' 'list_id' Parameter SQL Injection SynConnect Pms - 'index.php loginid Parameter' SQL Injection SynConnect Pms - 'index.php' 'loginid' Parameter SQL Injection AWS Xms 2.5 - 'importer.php what Parameter' Directory Traversal Pollen CMS 0.6 - 'index.php p Parameter' Local File Disclosure AWS Xms 2.5 - 'importer.php' 'what' Parameter Directory Traversal Pollen CMS 0.6 - 'index.php' 'p' Paramete' Local File Disclosure WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash Parameter' SQL Injection WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php' 'hash Parameter SQL Injection Kayako eSupport 2.x - Ticket System Multiple SQL Injection Kayako eSupport 2.x - Ticket System Multiple SQL Injections BibORB 1.3.2 Login Module - Multiple Parameter SQL Injection BibORB 1.3.2 Login Module - Multiple Parameter SQL Injections Active Auction House - default.asp Multiple SQL Injection Active Auction House - 'default.asp' Multiple SQL Injections CubeCart 2.0.x - 'index.php' Multiple Variable Full Path Disclosure CubeCart 2.0.x - tellafriend.php product Variable Full Path Disclosure CubeCart 2.0.x - view_cart.php add Variable Full Path Disclosure CubeCart 2.0.x - view_product.php product Variable Full Path Disclosure CubeCart 2.0.x - 'index.php' Multiple Parameter Full Path Disclosure CubeCart 2.0.x - 'tellafriend.php' 'product' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_cart.php' 'add' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_product.php' 'product' Parameter Full Path Disclosure OneWorldStore - 'OWListProduct.asp' Multiple SQL Injection OneWorldStore - 'OWListProduct.asp' Multiple SQL Injections WHMCS 4.x - 'invoicefunctions.php id Parameter' SQL Injection WHMCS 4.x - 'invoicefunctions.php' 'id' Parameter SQL Injection DUportal Pro 3.4 - default.asp Multiple Parameter SQL Injection DUportal Pro 3.4 - 'default.asp' Multiple Parameter SQL Injections DUportal Pro 3.4 - inc_vote.asp Multiple Parameter SQL Injection DUportal Pro 3.4 - result.asp Multiple Parameter SQL Injection DUportal Pro 3.4 - cat.asp Multiple Parameter SQL Injection DUportal Pro 3.4 - detail.asp Multiple Parameter SQL Injection DUportal Pro 3.4 - 'inc_vote.asp' Multiple Parameter SQL Injections DUportal Pro 3.4 - 'result.asp' Multiple Parameter SQL Injections DUportal Pro 3.4 - 'cat.asp' Multiple Parameter SQL Injections DUportal Pro 3.4 - 'detail.asp' Multiple Parameter SQL Injections DUportal 3.1.2 - inc_rating.asp Multiple Parameter SQL Injection DUportal 3.1.2 - 'inc_rating.asp' Multiple Parameter SQL Injections StorePortal 2.63 - default.asp Multiple SQL Injection StorePortal 2.63 - 'default.asp' Multiple SQL Injections MetaCart2 - SearchAction.asp Multiple SQL Injection MetaCart2 - 'SearchAction.asp' Multiple SQL Injections Claroline E-Learning 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline E-Learning 1.5/1.6 - 'userInfo.php' Multiple Parameter SQL Injections JGS-Portal 3.0.1 - ID Variable SQL Injection JGS-Portal 3.0.1 - 'ID' Parameter SQL Injection AVE.CMS 2.09 - 'index.php module Parameter' Blind SQL Injection AVE.CMS 2.09 - 'index.php' 'module' Parameter Blind SQL Injection RadioCMS 2.2 - 'menager.php playlist_id Parameter' SQL Injection RadioCMS 2.2 - 'menager.php' 'playlist_id' Parameter SQL Injection NPDS 4.8 - /5.0 modules.php Lettre Parameter Cross-Site Scripting NPDS 4.8 /5.0 - 'modules.php' Lettre Parameter Cross-Site Scripting Ampache 3.4.3 - 'login.php' Multiple SQL Injection Ampache 3.4.3 - 'login.php' Multiple SQL Injections FlatNuke 2.5.x - 'index.php' where Variable Full Path Disclosure FlatNuke 2.5.x - 'index.php' 'where' Parameter Full Path Disclosure CarLine Forum Russian Board 4.2 - reply_in.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - 'reply_in.php' Multiple Parameter SQL Injections CarLine Forum Russian Board 4.2 - memory.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - line.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - in.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - enter.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - 'memory.php' Multiple Parameter SQL Injections CarLine Forum Russian Board 4.2 - 'line.php' Multiple Parameter SQL Injections CarLine Forum Russian Board 4.2 - 'in.php' Multiple Parameter SQL Injections CarLine Forum Russian Board 4.2 - 'enter.php' Multiple Parameter SQL Injections osTicket 1.2/1.3 - view.php inc Variable Arbitrary Local File Inclusion osTicket 1.2/1.3 - 'view.php' 'inc' Parameter Arbitrary Local File Inclusion Ruubikcms 1.1.1 - 'tinybrowser.php folder Parameter' Directory Traversal Ruubikcms 1.1.1 - 'tinybrowser.php' 'folder' Parameter Directory Traversal Simple PHP Agenda 2.2.8 - 'edit_event.php eventid Parameter' SQL Injection Simple PHP Agenda 2.2.8 - 'edit_event.php' 'eventid' Parameter SQL Injection PHPFreeNews 1.40 - searchresults.php Multiple SQL Injection PHPFreeNews 1.40 - searchresults.php Multiple SQL Injections Aenovo - /Password/default.asp Password Field SQL Injection Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection Aenovo - '/Password/default.asp' Password Field SQL Injection Aenovo - '/incs/searchdisplay.asp' strSQL Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - /admincp/user.php Multiple Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - /admincp/usertitle.php usertitleid Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - /admincp/usertools.php ids Parameter SQL Injection NooToplist 1.0 - 'index.php' Multiple SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - /admincp/css.php group Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - /admincp/index.php Multiple Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - /admincp/user.php email Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - /admincp/language.php goto Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - /admincp/modlog.php orderby Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - /admincp/template.php Multiple Parameter Cross-Site Scripting MX Shop 3.2 - 'index.php' Multiple SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' Multiple Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php' 'usertitleid' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php' 'ids' Parameter SQL Injection NooToplist 1.0 - 'index.php' Multiple SQL Injections vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php' 'group' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/index.php' Multiple Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' 'email' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php' 'goto' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php' 'orderby' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/template.php' Multiple Parameter Cross-Site Scripting MX Shop 3.2 - 'index.php' Multiple SQL Injections Top Games Script 1.2 - 'play.php gid Parameter' SQL Injection Top Games Script 1.2 - 'play.php' 'gid' Parameter SQL Injection Elemata CMS RC3.0 - 'global.php id Parameter' SQL Injection Elemata CMS RC3.0 - 'global.php' 'id' Parameter SQL Injection Woltlab 1.1/2.x - Info-DB Info_db.php Multiple SQL Injection Woltlab 1.1/2.x - 'Info-DB Info_db.php' Multiple SQL Injections OaBoard 1.0 - forum.php Multiple SQL Injection OaBoard 1.0 - 'forum.php' Multiple SQL Injections Comersus Backoffice 4.x/5.0/6.0 - /comersus/database/comersus.mdb Direct Request Database Disclosure Comersus Backoffice 4.x/5.0/6.0 - '/comersus/database/comersus.mdb' Direct Request Database Disclosure PHP-Charts 1.0 - 'index.php type Parameter' Remote Code Execution PHP-Charts 1.0 - 'index.php' 'type' Parameter Remote Code Execution PHPList Mailing List Manager 2.x - /admin/admin.php id Parameter SQL Injection PHPList Mailing List Manager 2.x - /admin/editattributes.php id Parameter SQL Injection PHPList Mailing List Manager 2.x - /admin/eventlog.php Multiple Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - /admin/configure.php id Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - /admin/users.php find Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/admin.php' 'id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/editattributes.php' 'id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/eventlog.php' Multiple Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/configure.php' 'id' Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/users.php' 'find' Parameter Cross-Site Scripting Walla TeleSite 3.0 - ts.exe tsurl Variable Arbitrary Article Access Walla TeleSite 3.0 - ts.exe sug Parameter Cross-Site Scripting Walla TeleSite 3.0 - ts.exe sug Parameter SQL Injection Walla TeleSite 3.0 - 'ts.exe' 'tsurl' Parameter Arbitrary Article Access Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter Cross-Site Scripting Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter SQL Injection Pearl Forums 2.0 - 'index.php' Multiple SQL Injection Pearl Forums 2.0 - 'index.php' Multiple SQL Injections Helpdesk Issue Manager 0.x - find.php Multiple Parameter SQL Injection Helpdesk Issue Manager 0.x - 'find.php' Multiple Parameter SQL Injection PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injection Cars Portal 1.1 - 'index.php' Multiple SQL Injection PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injections Cars Portal 1.1 - 'index.php' Multiple SQL Injections IceWarp Universal WebMail - /accounts/inc/include.php Multiple Parameter Remote File Inclusion IceWarp Universal WebMail - /admin/inc/include.php Multiple Parameter Remote File Inclusion IceWarp Universal WebMail - /dir/include.html lang Parameter Local File Inclusion IceWarp Universal WebMail - /mail/settings.html Language Parameter Local File Inclusion IceWarp Universal WebMail - /mail/index.html lang_settings Parameter Remote File Inclusion IceWarp Universal WebMail - /mail/include.html Crafted HTTP_USER_AGENT Arbitrary File Access IceWarp Universal WebMail - '/accounts/inc/include.php' Multiple Parameter Remote File Inclusion IceWarp Universal WebMail - '/admin/inc/include.php' Multiple Parameter Remote File Inclusion IceWarp Universal WebMail - '/dir/include.html' 'lang' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/settings.html' 'Language' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/index.html' 'lang_settings' Parameter Remote File Inclusion IceWarp Universal WebMail - '/mail/include.html' Crafted HTTP_USER_AGENT Arbitrary File Access PHPJournaler 1.0 - Readold Variable SQL Injection PHPJournaler 1.0 - 'Readold' Parameter SQL Injection ScozNet ScozBook 1.1 - AdminName Variable SQL Injection ScozNet ScozBook 1.1 - 'AdminName' Parameter SQL Injection OnePlug CMS - /press/details.asp Press_Release_ID Parameter SQL Injection OnePlug CMS - /services/details.asp Service_ID Parameter SQL Injection OnePlug CMS - /products/details.asp Product_ID Parameter SQL Injection OnePlug CMS - '/press/details.asp' 'Press_Release_ID' Parameter SQL Injection OnePlug CMS - '/services/details.asp' 'Service_ID' Parameter SQL Injection OnePlug CMS - '/products/details.asp' 'Product_ID' Parameter SQL Injection Venom Board - Post.php3 Multiple SQL Injection Venom Board - 'Post.php3' Multiple SQL Injections microBlog 2.0 - 'index.php' Multiple SQL Injection microBlog 2.0 - 'index.php' Multiple SQL Injections NewsPHP - 'index.php' Multiple SQL Injection NewsPHP - 'index.php' Multiple SQL Injections ZixForum 1.12 - forum.asp Multiple SQL Injection ZixForum 1.12 - forum.asp Multiple SQL Injections HiveMail 1.2.2/1.3 - addressbook.update.php contactgroupid Variable Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - folders.update.php folderid Variable Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - 'addressbook.update.php' 'contactgroupid' Parameter Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - 'folders.update.php' 'folderid' Parameter Arbitrary PHP Command Execution ImageVue 0.16.1 - readfolder.php path Variable Arbitrary Directory Listing ImageVue 0.16.1 - 'readfolder.php' 'path' Parameter Arbitrary Directory Listing dotProject 2.0 - /modules/projects/gantt.php dPconfig[root_dir] Parameter Remote File Inclusion dotProject 2.0 - /includes/db_connect.php baseDir Remote File Inclusion dotProject 2.0 - /includes/session.php baseDir Parameter Remote File Inclusion dotProject 2.0 - /modules/projects/gantt2.php dPconfig[root_dir] Parameter Remote File Inclusion dotProject 2.0 - /modules/projects/vw_files.php dPconfig[root_dir] Parameter Remote File Inclusion dotProject 2.0 - /modules/admin/vw_usr_roles.php baseDir Parameter Remote File Inclusion dotProject 2.0 - /modules/public/calendar.php baseDir Parameter Remote File Inclusion dotProject 2.0 - /modules/public/date_format.php baseDir Parameter Remote File Inclusion dotProject 2.0 - /modules/tasks/gantt.php baseDir Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/gantt.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/includes/db_connect.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/includes/session.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/gantt2.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/vw_files.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/admin/vw_usr_roles.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/calendar.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/date_format.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/tasks/gantt.php' 'baseDir' Parameter Remote File Inclusion MyBB 1.0.3 - private.php Multiple SQL Injection MyBB 1.0.3 - 'private.php' Multiple SQL Injections Ginkgo CMS - 'index.php rang Parameter' SQL Injection Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection Telmanik CMS Press 1.01b - 'pages.php page_name Parameter' SQL Injection Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection DCI-Taskeen 1.03 - basket.php Multiple Parameter SQL Injection DCI-Taskeen 1.03 - cat.php Multiple Parameter SQL Injection DCI-Taskeen 1.03 - 'basket.php' Multiple Parameter SQL Injections DCI-Taskeen 1.03 - 'cat.php' Multiple Parameter SQL Injections sBlog 0.7.2 - search.php keyword Variable POST Method Cross-Site Scripting sBlog 0.7.2 - comments_do.php Multiple Variable POST Method Cross-Site Scripting sBlog 0.7.2 - 'search.php' 'keyword' Parameter POST Method Cross-Site Scripting sBlog 0.7.2 - 'comments_do.php' Multiple Variable POST Method Cross-Site Scripting PHPFox 3.6.0 (build3) - Multiple SQL Injection PHPFox 3.6.0 (build3) - Multiple SQL Injections Verisign MPKI 6.0 - Haydn.exe Cross-Site Scripting Verisign MPKI 6.0 - 'Haydn.exe' Cross-Site Scripting DSLogin 1.0 - 'index.php' Multiple SQL Injection DSLogin 1.0 - 'index.php' Multiple SQL Injections MLMAuction Script - 'gallery.php id Parameter' SQL Injection MLMAuction Script - 'gallery.php' 'id' Parameter SQL Injection PHPMyForum 4.0 - 'index.php' type Variable CRLF Injection PHPMyForum 4.0 - 'index.php' 'type' Parameter CRLF Injection APT-webshop 3.0/4.0 - modules.php Multiple SQL Injection APT-webshop 3.0/4.0 - modules.php Multiple SQL Injections Cisco CallManager 3.x/4.x - Web Interface ccmadmin/phonelist.asp pattern Parameter Cross-Site Scripting Cisco CallManager 3.x/4.x - Web Interface ccmuser/logon.asp Cross-Site Scripting Cisco CallManager 3.x/4.x - Web Interface 'ccmadmin/phonelist.asp' Pattern Parameter Cross-Site Scripting Cisco CallManager 3.x/4.x - Web Interface 'ccmuser/logon.asp' Cross-Site Scripting 321soft PHP-Gallery 0.9 - 'index.php' path Variable Arbitrary Directory Listing 321soft PHP-Gallery 0.9 - 'index.php' 'path' Parameter Arbitrary Directory Listing Pacheckbook 1.1 - 'index.php' Multiple SQL Injection Pacheckbook 1.1 - 'index.php' Multiple SQL Injections Creative Software UK Community Portal 1.1 - PollResults.php Multiple Parameter SQL Injection Creative Software UK Community Portal 1.1 - 'PollResults.php' Multiple Parameter SQL Injections EvoTopsite 2.0 - 'index.php' Multiple SQL Injection timobraun Dynamic Galerie 1.0 - 'index.php' pfad Variable Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - galerie.php pfad Variable Arbitrary Directory Listing EvoTopsite 2.0 - 'index.php' Multiple SQL Injections timobraun Dynamic Galerie 1.0 - 'index.php' 'pfad' Parameter Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - 'galerie.php' 'pfad' Parameter Arbitrary Directory Listing Gphotos 1.4/1.5 - 'index.php' rep Variable Traversal Arbitrary Directory Listing Gphotos 1.4/1.5 - 'index.php' 'rep' Parameter Traversal Arbitrary Directory Listing Mini-NUKE 2.3 - Your_Account.asp Multiple SQL Injection Mini-NUKE 2.3 - 'Your_Account.asp' Multiple SQL Injections Woltlab Burning Board FLVideo Addon - 'video.php value Parameter' SQL Injection Woltlab Burning Board FLVideo Addon - 'video.php' 'value' Parameter SQL Injection glFusion 1.3.0 - 'search.php cat_id Parameter' SQL Injection glFusion 1.3.0 - 'search.php' 'cat_id' Parameter SQL Injection Geodesic Solutions Multiple Products - 'index.php' b Parameter SQL Injection Geodesic Solutions Multiple Products - 'index.php' 'b' Parameter SQL Injection RadScripts - a_editpage.php Filename Variable Arbitrary File Overwrite RadScripts - 'a_editpage.php' 'Filename' Parameter Arbitrary File Overwrite Banex PHP MySQL Banner Exchange 2.21 - admin.php Multiple Parameter SQL Injection Banex PHP MySQL Banner Exchange 2.21 - 'admin.php' Multiple Parameter SQL Injections XennoBB 2.1 - profile.php Multiple SQL Injection XennoBB 2.1 - 'profile.php' Multiple SQL Injections Vtiger CRM 5.4.0 - 'index.php onlyforuser Parameter' SQL Injection Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection CubeCart 3.0.x - /admin/print_order.php order_id Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/print_order.php' 'order_id' Parameter Cross-Site Scripting CubeCart 3.0.x - /admin/nav.php Multiple Parameter Cross-Site Scripting CubeCart 3.0.x - /admin/image.php image Parameter Cross-Site Scripting CubeCart 3.0.x - /admin/header.inc.php Multiple Parameter Cross-Site Scripting CubeCart 3.0.x - /footer.inc.php la_pow_by Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/nav.php' Multiple Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/image.php' 'image' Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/header.inc.php' Multiple Parameter Cross-Site Scripting CubeCart 3.0.x - '/footer.inc.php' 'la_pow_by' Parameter Cross-Site Scripting AckerTodo 4.2 - 'login.php' Multiple SQL Injection AckerTodo 4.2 - 'login.php' Multiple SQL Injections Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage Parameter' SQL Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php' 'sondage' Parameter SQL Injection INFINICART - browsesubcat.asp Multiple Parameter SQL Injection INFINICART - 'browsesubcat.asp' Multiple Parameter SQL Injection Car Site Manager - csm/asp/listings.asp Multiple Parameter SQL Injection Car Site Manager - 'csm/asp/listings.asp' Multiple Parameter SQL Injections Dragon Internet Events Listing 2.0.01 - admin_login.asp Multiple Field SQL Injection ASPIntranet 2.1 - Multiple SQL Injection Dragon Internet Events Listing 2.0.01 - 'admin_login.asp' Multiple Field SQL Injections ASPIntranet 2.1 - Multiple SQL Injections Image Gallery with Access Database - default.asp Multiple Parameter SQL Injection Image Gallery with Access Database - 'default.asp' Multiple Parameter SQL Injection 20/20 Applications Data Shed 1.0 - listings.asp Multiple Parameter SQL Injection 20/20 Applications Data Shed 1.0 - 'listings.asp' Multiple Parameter SQL Injections BestWebApp Dating Site Login Component - Multiple Field SQL Injection BestWebApp Dating Site Login Component - Multiple Field SQL Injections Enthrallweb eClassifieds - ad.asp Multiple Parameter SQL Injection Enthrallweb eClassifieds - 'ad.asp' Multiple Parameter SQL Injection BirdBlog 1.4 - /admin/admincore.php msg Parameter Cross-Site Scripting BirdBlog 1.4 - /admin/comments.php month Parameter Cross-Site Scripting BirdBlog 1.4 - /admin/entries.php month Parameter Cross-Site Scripting BirdBlog 1.4 - /admin/logs.php page Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/admincore.php' 'msg' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/comments.php' 'month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/entries.php' 'month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/logs.php' 'page' Parameter Cross-Site Scripting Grandora Rialto 1.6 - /admin/default.asp Multiple Field SQL Injection Grandora Rialto 1.6 - '/admin/default.asp' Multiple Field SQL Injection Grandora Rialto 1.6 - searchkey.asp Multiple Parameter SQL Injection Grandora Rialto 1.6 - searchmain.asp Multiple Parameter SQL Injection Grandora Rialto 1.6 - searchoption.asp Multiple Parameter SQL Injection Grandora Rialto 1.6 - 'searchkey.asp' Multiple Parameter SQL Injection Grandora Rialto 1.6 - 'searchmain.asp' Multiple Parameter SQL Injection Grandora Rialto 1.6 - 'searchoption.asp' Multiple Parameter SQL Injection Enthrallweb eHomes - compareHomes.asp Multiple Parameter SQL Injection Enthrallweb eHomes - result.asp Multiple Parameter SQL Injection Enthrallweb eHomes - 'compareHomes.asp' Multiple Parameter SQL Injection Enthrallweb eHomes - 'result.asp' Multiple Parameter SQL Injection DUdownload 1.0/1.1 - detail.asp Multiple Parameter SQL Injection DUdownload 1.0/1.1 - 'detail.asp' Multiple Parameter SQL Injections Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injection Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injections ClickContact - default.asp Multiple SQL Injection ClickContact - 'default.asp' Multiple SQL Injections Dol Storye - Dettaglio.asp Multiple SQL Injection Dol Storye - 'Dettaglio.asp' Multiple SQL Injections Efkan Forum 1.0 - Grup Variable SQL Injection Efkan Forum 1.0 - 'Grup' Parameter SQL Injection EditTag 1.2 - edittag.cgi file Variable Arbitrary File Disclosure EditTag 1.2 - edittag.pl file Variable Arbitrary File Disclosure EditTag 1.2 - edittag_mp.cgi file Variable Arbitrary File Disclosure EditTag 1.2 - edittag_mp.pl file Variable Arbitrary File Disclosure EditTag 1.2 - 'edittag.cgi' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag.pl' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.cgi' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.pl' 'file' Parameter Arbitrary File Disclosure Indexu 5.0/5.3 - mailing_list.php Multiple Variables Cross-Site Scripting Indexu 5.0/5.3 - 'mailing_list.php' Multiple Parameters Cross-Site Scripting Project'Or RIA 3.4.0 - 'objectDetail.php objectId Parameter' SQL Injection Project'Or RIA 3.4.0 - 'objectDetail.php' 'objectId' Parameter SQL Injection WordPress 2.1.1 - 'wp-includes/theme.php' iz Variable Arbitrary Command Execution Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Variable SQL Injection WordPress 2.1.1 - 'wp-includes/theme.php' 'iz' Parameter Arbitrary Command Execution Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Parameter SQL Injection aBitWhizzy - whizzylink.php d Variable Traversal Arbitrary Directory Listing aBitWhizzy - 'whizzylink.php' 'd' Parameter Traversal Arbitrary Directory Listing MyBloggie 2.1.x - 'index.php' Multiple SQL Injection MyBloggie 2.1.x - 'index.php' Multiple SQL Injections PHPLive! 3.2.2 - super/info.php BASE_URL Variable Parameter Cross-Site Scripting PHPLive! 3.2.2 - 'super/info.php' 'BASE_URL' Parameter Parameter Cross-Site Scripting JFFNms 0.8.3 - auth.php Multiple Parameter SQL Injection JFFNms 0.8.3 - 'auth.php' Multiple Parameter SQL Injection DotClear 1.2.x - /ecrire/trackback.php post_id Parameter Cross-Site Scripting DotClear 1.2.x - /tools/thememng/index.php tool_url Parameter Cross-Site Scripting DotClear 1.2.x - '/ecrire/trackback.php' 'post_id' Parameter Cross-Site Scripting DotClear 1.2.x - '/tools/thememng/index.php' 'tool_url' Parameter Cross-Site Scripting PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injection PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injections Exponent CMS 0.96.5/0.96.6 - iconspopup.php icodir Variable Traversal Arbitrary Directory Listing Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php' 'icodir' Parameter Traversal Arbitrary Directory Listing Phorum 5.1.20 - admin.php module[] Variable Full Path Disclosure Phorum 5.1.20 - 'admin.php' 'module[]' Parameter Full Path Disclosure Chamilo Lms 1.9.6 - 'profile.php password0 Parameter' SQL Injection Dokeos 2.2 RC2 - 'index.php language Parameter' SQL Injection Chamilo Lms 1.9.6 - 'profile.php' 'password0 Parameter SQL Injection Dokeos 2.2 RC2 - 'index.php' 'language' Parameter SQL Injection UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Variable Full Path Disclosure UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Parameters Full Path Disclosure PHPAccounts 0.5 - 'index.php' Multiple SQL Injection PHPAccounts 0.5 - 'index.php' Multiple SQL Injections NetFlow Analyzer 5 - /jspui/applicationList.jsp alpha Parameter Cross-Site Scripting NetFlow Analyzer 5 - /jspui/appConfig.jsp task Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/applicationList.jsp' 'alpha' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/appConfig.jsp' 'task' Parameter Cross-Site Scripting NetFlow Analyzer 5 - /jspui/selectDevice.jsp rtype Parameter Cross-Site Scripting NetFlow Analyzer 5 - /jspui/customReport.jsp rtype Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/selectDevice.jsp' 'rtype' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/customReport.jsp' 'rtype' Parameter Cross-Site Scripting geoBlog MOD_1.0 - deletecomment.php id Variable Arbitrary Comment Deletion geoBlog MOD_1.0 - deleteblog.php id Variable Arbitrary Blog Deletion geoBlog MOD_1.0 - 'deletecomment.php' 'id' Parameter Arbitrary Comment Deletion geoBlog MOD_1.0 - 'deleteblog.php' 'id' Parameter Arbitrary Blog Deletion Next Gen Portfolio Manager - default.asp Multiple SQL Injection Next Gen Portfolio Manager - 'default.asp' Multiple SQL Injections ACG News 1.0 - 'index.php' Multiple SQL Injection Cisco CallManager 4.2 - / CUCM 4.2 Logon Page lang Parameter SQL Injection ACG News 1.0 - 'index.php' Multiple SQL Injections Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' Parameter SQL Injection WebBatch - webbatch.exe URL Cross-Site Scripting WebBatch - webbatch.exe dumpinputdata Variable Remote Information Disclosure WebBatch - 'webbatch.exe' URL Cross-Site Scripting WebBatch - 'webbatch.exe' 'dumpinputdata' Parameter Remote Information Disclosure NetWin DNews - Dnewsweb.exe Multiple Cross-Site Scripting Vulnerabilities NetWin DNews - 'Dnewsweb.exe' Multiple Cross-Site Scripting Vulnerabilities Scott Manktelow Design Stride 1.0 - Courses detail.php Multiple SQL Injection Scott Manktelow Design Stride 1.0 Courses - 'detail.php' Multiple SQL Injections Article Dashboard - 'admin/login.php' Multiple SQL Injection Article Dashboard - 'admin/login.php' Multiple SQL Injections Multi-Forums - Directory.php Multiple SQL Injection Multi-Forums - 'Directory.php' Multiple SQL Injections JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injection JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injections Absolute News Manager .NET 5.1 - 'pages/default.aspx' template Variable Remote File Access Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple Parameter SQL Injection Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple Parameter SQL Injections phpRPG 0.8 - /tmp Directory PHPSESSID Cookie Session Hijacking phpRPG 0.8 - '/tmp' Directory PHPSESSID Cookie Session Hijacking Web Sihirbazi 5.1.1 - 'default.asp' Multiple SQL Injection Web Sihirbazi 5.1.1 - 'default.asp' Multiple SQL Injections eTicket 1.5.5.2 - search.php Multiple Parameter SQL Injection eTicket 1.5.5.2 - admin.php Multiple Parameter SQL Injection eTicket 1.5.5.2 - 'search.php' Multiple Parameter SQL Injection eTicket 1.5.5.2 - 'admin.php' Multiple Parameter SQL Injection Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/login.jsp Multiple Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/account/findForSelect.jsp resultsForm Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/help/index.jsp helpUrl Variable Remote Frame Injection Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/user/main.jsp activeControl Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/login.jsp' Multiple Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp' 'resultsForm' Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp' 'helpUrl' Parameter Remote Frame Injection Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp' 'activeControl' Parameter Cross-Site Scripting MyBB 1.2.10 - 'moderation.php' Multiple SQL Injection MyBB 1.2.10 - 'moderation.php' Multiple SQL Injections PacerCMS 0.6 - 'id' Parameter Multiple SQL Injection PacerCMS 0.6 - 'id' Parameter Multiple SQL Injections Ipswitch WS_FTP Server 6 - /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass Ipswitch WS_FTP Server 6 - '/WSFTPSVR/FTPLogServer/LogViewer.asp' Authentication Bypass Cacti 0.8.7 - tree.php Multiple Parameter SQL Injection Cacti 0.8.7 - 'tree.php' Multiple Parameter SQL Injections Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injection Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injections WebcamXP 3.72.440/4.05.280 Beta - /pocketpc camnum Variable Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - /show_gallery_pic id Variable Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc' 'camnum' Parameter Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic' 'id' Parameter Arbitrary Memory Disclosure Elastic Path 4.1 - 'manager/FileManager.jsp' dir Variable Traversal Arbitrary Directory Listing Elastic Path 4.1 - 'manager/FileManager.jsp' 'dir' Parameter Traversal Arbitrary Directory Listing osCommerce 2.3.3.4 - 'geo_zones.php zID Parameter' SQL Injection osCommerce 2.3.3.4 - 'geo_zones.php' 'zID' Parameter SQL Injection D-Link DSL-2750B (ADSL Router) - Cross-Site Request Forgery D-Link DSL-2750B ADSL Route) - Cross-Site Request Forgery Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities Concrete5 5.6.2.1 - 'index.php cID Parameter' SQL Injection Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection TLM CMS 1.1 - 'index.php' Multiple SQL Injection TLM CMS 1.1 - 'index.php' Multiple SQL Injections RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injection RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injections IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injection IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injections WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php track Parameter' SQL Injection WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php' 'track' Parameter SQL Injection JustPORTAL 1.0 - 'site' Parameter Multiple SQL Injection Proje ASP Portal 2.0 - 'id' Parameter Multiple SQL Injection dvbbs 8.2 - 'login.asp' Multiple SQL Injection JustPORTAL 1.0 - 'site' Parameter Multiple SQL Injections Proje ASP Portal 2.0 - 'id' Parameter Multiple SQL Injections dvbbs 8.2 - 'login.asp' Multiple SQL Injections Te Ecard - 'id' Parameter Multiple SQL Injection Te Ecard - 'id' Parameter Multiple SQL Injections Benja CMS 0.1 - /admin/admin_edit_submenu.php URL Cross-Site Scripting Benja CMS 0.1 - '/admin/admin_edit_submenu.php' URL Cross-Site Scripting Benja CMS 0.1 - /admin/admin_edit_topmenu.php URL Cross-Site Scripting Benja CMS 0.1 - '/admin/admin_edit_topmenu.php' URL Cross-Site Scripting PHP Ticket System Beta 1 - 'get_all_created_by_user.php id Parameter' SQL Injection PHP Ticket System Beta 1 - 'get_all_created_by_user.php' 'id' Parameter SQL Injection webERP 4.11.3 - 'SalesInquiry.php SortBy Parameter' SQL Injection webERP 4.11.3 - 'SalesInquiry.php' 'SortBy' Parameter SQL Injection couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injection couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injections Claroline 1.8.9 - claroline/redirector.php url Variable Arbitrary Site Redirect Claroline 1.8.9 - 'claroline/redirector.php' 'url' Parameter Arbitrary Site Redirect EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection / Cross-Site Scripting EasyPublish 3.0 - 'read' Parameter Multiple SQL Injections / Cross-Site Scripting ownCloud 4.0.x/4.5.x - 'upload.php Filename Parameter' Remote Code Execution ownCloud 4.0.x/4.5.x - 'upload.php' 'Filename' Parameter Remote Code Execution Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injection Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injections ZYXEL Router P-660HN-T1A - Login Bypass ZYXEL P-660HN-T1A Router - Login Bypass PromoProducts - 'view_product.php' Multiple SQL Injection PromoProducts - 'view_product.php' Multiple SQL Injections EasyRealtorPRO 2008 - 'site_search.php' Multiple SQL Injection EasyRealtorPRO 2008 - 'site_search.php' Multiple SQL Injections OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injection OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i Parameter' SQL Injection InterWorx Control Panel 5.0.13 build 574 - 'xhr.php' 'i' Parameter SQL Injection Tandis CMS 2.5 - 'index.php' Multiple SQL Injection Tandis CMS 2.5 - 'index.php' Multiple SQL Injections TWiki 4.x - SEARCH Variable Remote Command Execution TWiki 4.x - URLPARAM Variable Cross-Site Scripting TWiki 4.x - 'SEARCH' Parameter Remote Command Execution TWiki 4.x - 'URLPARAM' Parameter Cross-Site Scripting DO-CMS 3.0 - 'p' Parameter Multiple SQL Injection DO-CMS 3.0 - 'p' Parameter Multiple SQL Injections MKPortal 1.2.1 - /modules/blog/index.php Home Template Textarea SQL Injection MKPortal 1.2.1 - /modules/rss/handler_image.php i Parameter Cross-Site Scripting MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection MKPortal 1.2.1 - '/modules/rss/handler_image.php' 'i' Parameter Cross-Site Scripting Banking@Home 2.1 - 'login.asp' Multiple SQL Injection Banking@Home 2.1 - 'login.asp' Multiple SQL Injections kitForm CRM Extension 0.43 - 'sorter.php sorter_value Parameter' SQL Injection kitForm CRM Extension 0.43 - 'sorter.ph' 'sorter_value' Parameter SQL Injection dompdf 0.6.0 - 'dompdf.php read Parameter' Arbitrary File Read dompdf 0.6.0 - 'dompdf.php' 'read' Parameter Arbitrary File Read Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injection Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injections VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injection VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injections Pars CMS - 'RP' Parameter Multiple SQL Injection Pars CMS - 'RP' Parameter Multiple SQL Injections tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injection tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injections MODx 1.0.3 - 'index.php' Multiple SQL Injection MODx 1.0.3 - 'index.php' Multiple SQL Injections HuronCMS - 'index.php' Multiple SQL Injection HuronCMS - 'index.php' Multiple SQL Injections 4x CMS - 'login.php' Multiple SQL Injection 4x CMS - 'login.php' Multiple SQL Injections Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injection Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injections ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injection ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections GREEZLE - Global Real Estate Agent Login Multiple SQL Injection (GREEZLE) Global Real Estate Agent Login - Multiple SQL Injections SaffaTunes CMS - 'news.php' Multiple SQL Injection SaffaTunes CMS - 'news.php' Multiple SQL Injections pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injection pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injections DiamondList - /user/main/update_settings setting[site_title] Parameter Cross-Site Scripting DiamondList - /user/main/update_category category[description] Parameter Cross-Site Scripting DiamondList - '/user/main/update_settings' 'setting[site_title]' Parameter Cross-Site Scripting DiamondList - '/user/main/update_category' 'category[description]' Parameter Cross-Site Scripting vBulletin 4.0.x < 4.1.2 - 'search.php cat Parameter' SQL Injection vBulletin 4.0.x < 4.1.2 - 'search.php' 'cat' Parameter SQL Injection Mulitple WordPress Themes - 'admin-ajax.php img Parameter' Arbitrary File Download Mulitple WordPress Themes - 'admin-ajax.php' 'img' Parameter Arbitrary File Download tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injection tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injections APBook 1.3 - Admin Login Multiple SQL Injection APBook 1.3 - Admin Login Multiple SQL Injections MODx manager - /controllers/default/resource/tvs.php class_key Parameter Traversal Local File Inclusion MODx manager - '/controllers/default/resource/tvs.php' 'class_key' Parameter Traversal Local File Inclusion Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter' SQL Injection Bacula-Web 5.2.10 - 'joblogs.php' 'jobid Parameter SQL Injection PHP Scripts Now Riddles - /riddles/results.php searchQuery Parameter Cross-Site Scripting PHP Scripts Now Riddles - /riddles/list.php catid Parameter SQL Injection PHP Scripts Now Riddles - '/riddles/results.php' 'searchQuery' Parameter Cross-Site Scripting PHP Scripts Now Riddles - '/riddles/list.php' 'catid' Parameter SQL Injection Easy Banner 2009.05.18 - member.php Multiple Parameter SQL Injection Authentication Bypass Easy Banner 2009.05.18 - 'member.php' Multiple Parameter SQL Injection / Authentication Bypass E-lokaler CMS 2 - Admin Login Multiple SQL Injection E-lokaler CMS 2 - Admin Login Multiple SQL Injections Blog:CMS 4.2.1 e - Multiple HTML Injection / Cross-Site Scripting Blog:CMS 4.2.1 e - Multiple HTML Injections / Cross-Site Scripting Piwigo 2.6.0 - 'picture.php rate Parameter' SQL Injection Piwigo 2.6.0 - 'picture.php' 'rate' Parameter SQL Injection Eleanor CMS - Cross-Site Scripting / Multiple SQL Injection Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections Netgear WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit NETGEAR WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter' SQL Injection PHPMyRecipes 1.2.2 - 'dosearch.php' 'words_exact Parameter SQL Injection Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injection Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections BoutikOne - search.php Multiple Parameter SQL Injection BoutikOne - 'search.php' Multiple Parameter SQL Injections Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injection Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injections Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injection Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injection Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injections GuppY 4.6.14 - 'lng' Parameter Multiple SQL Injection GuppY 4.6.14 - 'lng' Parameter Multiple SQL Injections Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass Soitec SmartEnergy 1.4 - SCADA Login SQL Injection / Authentication Bypass CIK Telecom VoIP router SVG6000RW - Privilege Escalation / Command Execution CIK Telecom VoIP Router SVG6000RW - Privilege Escalation / Command Execution PHPMyRecipes 1.2.2 - 'browse.php category Parameter' SQL Injection PHPMyRecipes 1.2.2 - 'browse.php' 'category' Parameter SQL Injection 4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injection 4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injections TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injection TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injections Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injection Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injections Mambo Component Docman 1.3.0 - Multiple SQL Injection Mambo Component Docman 1.3.0 - Multiple SQL Injections ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injection ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injections Paliz Portal - Cross-Site Scripting / Multiple SQL Injection Paliz Portal - Cross-Site Scripting / Multiple SQL Injections Sphider 1.3.x - Admin Panel Multiple SQL Injection Sphider 1.3.x - Admin Panel Multiple SQL Injections Code Widgets Online Job Application - 'admin.asp' Multiple SQL Injection Code Widgets Online Job Application - 'admin.asp' Multiple SQL Injections Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injection Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injections EasyGallery 5 - 'index.php' Multiple SQL Injection EasyGallery 5 - 'index.php' Multiple SQL Injections Xenon - 'id' Parameter Multiple SQL Injection Xenon - 'id' Parameter Multiple SQL Injections eFront 3.6.10 - 'professor.php' Script Multiple SQL Injection eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injection eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injections Dolibarr ERP/CRM - /user/index.php Multiple Parameter SQL Injection Dolibarr ERP/CRM - /user/info.php id Parameter SQL Injection Dolibarr ERP/CRM - /admin/boxes.php rowid Parameter SQL Injection Dolibarr ERP/CRM - '/user/index.php' Multiple Parameter SQL Injections Dolibarr ERP/CRM - '/user/info.php' 'id' Parameter SQL Injection Dolibarr ERP/CRM - '/admin/boxes.php' 'rowid' Parameter SQL Injection PrestaShop 1.4.4.1 - /modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition Parameter Cross-Site Scripting PrestaShop 1.4.4.1 - /admin/ajaxfilemanager/ajax_save_text.php Multiple Parameter Cross-Site Scripting PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php' 'Expedition' Parameter Cross-Site Scripting PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Parameter Cross-Site Scripting Manx 1.0.1 - /admin/admin_blocks.php Filename Parameter Traversal Arbitrary File Access Manx 1.0.1 - /admin/admin_pages.php Filename Parameter Traversal Arbitrary File Access Manx 1.0.1 - '/admin/admin_blocks.php' 'Filename' Parameter Traversal Arbitrary File Access Manx 1.0.1 - '/admin/admin_pages.php' 'Filename' Parameter Traversal Arbitrary File Access SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injection SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injections Balero CMS 0.7.2 - Multiple Blind SQL Injection Balero CMS 0.7.2 - Multiple Blind SQL Injections WordPress Plugin'WP Mobile Edition 2.7 - Remote File Disclosure WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injection CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections Dotclear 2.4.1.2 - /admin/auth.php login_data Parameter Cross-Site Scripting Dotclear 2.4.1.2 - /admin/blogs.php nb Parameter Cross-Site Scripting Dotclear 2.4.1.2 - /admin/comments.php Multiple Parameter Cross-Site Scripting Dotclear 2.4.1.2 - /admin/plugin.php page Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/auth.php' 'login_data' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/blogs.php' 'nb' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/comments.php' Multiple Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/plugin.php' 'page' Parameter Cross-Site Scripting SAP Business Objects InfoView System - /help/helpredir.aspx guide Parameter Cross-Site Scripting SAP Business Objects InfoView System - /webi/webi_modify.aspx id Parameter Cross-Site Scripting SAP Business Objects InfoView System - '/help/helpredir.aspx' 'guide' Parameter Cross-Site Scripting SAP Business Objects InfoView System - '/webi/webi_modify.aspx' 'id' Parameter Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 - /lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml() Method Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php' 'String::stripUnsafeHtml()' Method Cross-Site Scripting PHP Designer 2007 - Personal Multiple SQL Injection PHP Designer 2007 Personal - Multiple SQL Injections WordPress Plugin All-in-One Event Calendar 1.4 agenda-widget.php Multiple Parameter Cross-Site Scripting WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Parameter Cross-Site Scripting XOOPS 2.5.4 - /modules/pm/pmlite.php to_userid Parameter Cross-Site Scripting XOOPS 2.5.4 - /tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php Multiple Parameter Cross-Site Scripting XOOPS 2.5.4 - '/modules/pm/pmlite.php' 'to_userid' Parameter Cross-Site Scripting XOOPS 2.5.4 - '/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php' Multiple Parameter Cross-Site Scripting XM Forum - 'id' Parameter Multiple SQL Injection XM Forum - 'id' Parameter Multiple SQL Injections AdaptCMS 2.0.2 TinyURL Plugin - admin.php Multiple Parameter SQL Injection AdaptCMS 2.0.2 TinyURL Plugin - 'admin.php' Multiple Parameter SQL Injections Classified Ads Script PHP - 'admin.php' Multiple SQL Injection Classified Ads Script PHP - 'admin.php' Multiple SQL Injections Limny - 'index.php' Multiple SQL Injection Limny - 'index.php' Multiple SQL Injections TCExam 11.2.x - /admin/code/tce_edit_answer.php Multiple Parameter SQL Injection TCExam 11.2.x - /admin/code/tce_edit_question.php subject_module_id Parameter SQL Injection TCExam 11.2.x - '/admin/code/tce_edit_answer.php' Multiple Parameter SQL Injection TCExam 11.2.x - '/admin/code/tce_edit_question.php' 'subject_module_id' Parameter SQL Injection jCore - /admin/index.php path Parameter Cross-Site Scripting jCore - '/admin/index.php' 'path' Parameter Cross-Site Scripting Netsweeper 4.0.8 - SQL Injection Authentication Bypass Netsweeper 4.0.8 - SQL Injection / Authentication Bypass dotProject 2.1.x - 'index.php' Multiple Parameter SQL Injection dotProject 2.1.x - 'index.php' Multiple Parameter SQL Injections MantisBT 1.2.19 - Host Header Attack MantisBT 1.2.19 - Host Header Exploit WordPress Plugin RokBox Plugin - /wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext Parameter Cross-Site Scripting WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf' 'abouttext' Parameter Cross-Site Scripting cPanel WebHost Manager (WHM) - /webmail/x3/mail/clientconf.html acct Parameter Cross-Site Scripting cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html' 'acct' Parameter Cross-Site Scripting WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php reqID Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php reqID Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php' 'reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php' 'reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php' 'reqID' Parameter SQL Injection PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injection PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections ezStats for Battlefield 3 - /ezStats2/compare.php Multiple Parameter Cross-Site Scripting ezStats for Battlefield 3 - '/ezStats2/compare.php' Multiple Parameter Cross-Site Scripting PHP Address Book - /addressbook/register/delete_user.php id Parameter SQL Injection PHP Address Book - /addressbook/register/edit_user.php id Parameter SQL Injection PHP Address Book - /addressbook/register/edit_user_save.php Multiple Parameter SQL Injection PHP Address Book - /addressbook/register/linktick.php site Parameter SQL Injection PHP Address Book - /addressbook/register/reset_password.php Multiple Parameter SQL Injection PHP Address Book - /addressbook/register/reset_password_save.php Multiple Parameter SQL Injection PHP Address Book - /addressbook/register/router.php BasicLogin Cookie Parameter SQL Injection PHP Address Book - /addressbook/register/traffic.php var Parameter SQL Injection PHP Address Book - /addressbook/register/user_add_save.php email Parameter SQL Injection PHP Address Book - /addressbook/register/checklogin.php 'Username' Parameter SQL Injection PHP Address Book - /addressbook/register/admin_index.php q Parameter SQL Injection PHP Address Book - '/addressbook/register/delete_user.php' 'id' Parameter SQL Injection PHP Address Book - '/addressbook/register/edit_user.php' 'id' Parameter SQL Injection PHP Address Book - '/addressbook/register/edit_user_save.php' Multiple Parameter SQL Injection PHP Address Book - '/addressbook/register/linktick.php' 'site' Parameter SQL Injection PHP Address Book - '/addressbook/register/reset_password.php' Multiple Parameter SQL Injection PHP Address Book - '/addressbook/register/reset_password_save.php' Multiple Parameter SQL Injection PHP Address Book - '/addressbook/register/router.php' 'BasicLogin' Cookie Parameter SQL Injection PHP Address Book - '/addressbook/register/traffic.php' 'var' Parameter SQL Injection PHP Address Book - '/addressbook/register/user_add_save.php' 'email' Parameter SQL Injection PHP Address Book - '/addressbook/register/checklogin.php' 'Username' Parameter SQL Injection PHP Address Book - '/addressbook/register/admin_index.php' 'q' Parameter SQL Injection Hero Framework - /users/login 'Username' Parameter Cross-Site Scripting Hero Framework - /users/forgot_password error Parameter Cross-Site Scripting Hero Framework - '/users/login' 'Username' Parameter Cross-Site Scripting Hero Framework - '/users/forgot_password' 'error' Parameter Cross-Site Scripting RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injection RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injections NetApp OnCommand System Manager - /zapiServlet CIFS Configuration Management Interface Multiple Parameter Cross-Site Scripting NetApp OnCommand System Manager - /zapiServlet User Management Interface Multiple Parameter Cross-Site Scripting NetApp OnCommand System Manager - '/zapiServlet' CIFS Configuration Management Interface Multiple Parameter Cross-Site Scripting NetApp OnCommand System Manager - '/zapiServlet' User Management Interface Multiple Parameter Cross-Site Scripting Jahia xCM - /engines/manager.jsp site Parameter Cross-Site Scripting Jahia xCM - '/engines/manager.jsp' 'site' Parameter Cross-Site Scripting D-Link DIR-816L (Wireless Router) - Cross-Site Request Forgery D-Link DIR-816L Wireless Router - Cross-Site Request Forgery Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Parameter Multiple SQL Injection Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Parameter Multiple SQL Injections NeoBill - /modules/nullregistrar/PHPwhois/example.php query Parameter Remote Code Execution NeoBill - /install/include/solidstate.php Multiple Parameter SQL Injection NeoBill - '/modules/nullregistrar/PHPwhois/example.php' 'query' Parameter Remote Code Execution NeoBill - '/install/include/solidstate.php' Multiple Parameter SQL Injection C2C Forward Auction Creator 2.0 - /auction/asp/list.asp pa Parameter SQL Injection C2C Forward Auction Creator - /auction/casp/Admin.asp SQL Injection Admin Authentication Bypass C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp' 'pa' Parameter SQL Injection C2C Forward Auction Creator - '/auction/casp/Admin.asp' SQL Injection (Admin Authentication Bypass) Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injection Authentication Bypass Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injections / Authentication Bypass Command School Student Management System - /sw/admin_grades.php id Parameter SQL Injection Command School Student Management System - /sw/admin_terms.php id Parameter SQL Injection Command School Student Management System - /sw/admin_school_years.php id Parameter SQL Injection Command School Student Management System - /sw/admin_sgrades.php id Parameter SQL Injection Command School Student Management System - /sw/admin_media_codes_1.php id Parameter SQL Injection Command School Student Management System - /sw/admin_infraction_codes.php id Parameter SQL Injection Command School Student Management System - /sw/admin_generations.php id Parameter SQL Injection Command School Student Management System - /sw/admin_relations.php id Parameter SQL Injection Command School Student Management System - /sw/admin_titles.php id Parameter SQL Injection Command School Student Management System - /sw/health_allergies.php id Parameter SQL Injection Command School Student Management System - /sw/admin_school_names.php id Parameter SQL Injection Command School Student Management System - /sw/admin_subjects.php id Parameter SQL Injection Command School Student Management System - /sw/backup/backup_ray2.php Database Backup Direct Request Information Disclosure Command School Student Management System - /sw/Admin_change_Password.php Cross-Site Request Forgery (Admin Password Manipulation) Command School Student Management System - /sw/add_topic.php Cross-Site Request Forgery (Topic Creation) Command School Student Management System - '/sw/admin_grades.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_terms.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_years.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_sgrades.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_media_codes_1.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_infraction_codes.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_generations.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_relations.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_titles.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/health_allergies.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_names.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_subjects.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/backup/backup_ray2.php' Database Backup Direct Request Information Disclosure Command School Student Management System - '/sw/Admin_change_Password.php' Cross-Site Request Forgery (Admin Password Manipulation) Command School Student Management System - '/sw/add_topic.php' Cross-Site Request Forgery (Topic Creation) Dredge School Administration System - /DSM/loader.php Id Parameter SQL Injection Dredge School Administration System - /DSM/loader.php Account Information Disclosure Dredge School Administration System - /DSM/loader.php Cross-Site Request Forgery (Admin Account Manipulation) Dredge School Administration System - /DSM/Backup/processbackup.php Database Backup Information Disclosure Dredge School Administration System - '/DSM/loader.php' 'Id' Parameter SQL Injection Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Manipulation) Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Disclosure UAEPD Shopping Script - /products.php Multiple Parameter SQL Injection UAEPD Shopping Script - /news.php id Parameter SQL Injection UAEPD Shopping Script - '/products.php' Multiple Parameter SQL Injection UAEPD Shopping Script - '/news.php' 'id' Parameter SQL Injection BloofoxCMS - /bloofox/index.php 'Username' Parameter SQL Injection BloofoxCMS - /bloofox/admin/index.php 'Username' Parameter SQL Injection BloofoxCMS - /admin/index.php Cross-Site Request Forgery (Add Admin) BloofoxCMS - '/bloofox/index.php' 'Username' Parameter SQL Injection BloofoxCMS - '/bloofox/admin/index.php' 'Username' Parameter SQL Injection BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin) Professional Designer E-Store - 'id' Parameter Multiple SQL Injection GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injection Professional Designer E-Store - 'id' Parameter Multiple SQL Injections GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injections Xangati - /servlet/MGConfigData Multiple Parameter Directory Traversal Xangati - /servlet/Installer file Parameter Directory Traversal Xangati - '/servlet/MGConfigData' Multiple Parameter Directory Traversal Xangati - '/servlet/Installer' 'file' Parameter Directory Traversal Caldera - /costview2/jobs.php tr Parameter SQL Injection Caldera - /costview2/printers.php tr Parameter SQL Injection Caldera - '/costview2/jobs.php' 'tr' Parameter SQL Injection Caldera - '/costview2/printers.php' 'tr' Parameter SQL Injection WordPress Plugin BSK PDF Manager - 'wp-admin/admin.php' Multiple SQL Injection WordPress Plugin BSK PDF Manager - 'wp-admin/admin.php' Multiple SQL Injections ol-commerce - /OL-Commerce/affiliate_signup.php a_country Parameter SQL Injection ol-commerce - /OL-Commerce/affiliate_show_banner.php affiliate_banner_id Parameter SQL Injection ol-commerce - /OL-Commerce/create_account.php country Parameter SQL Injection ol-commerce - /OL-Commerce/admin/create_account.php entry_country_id Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_signup.php' 'a_country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_show_banner.php' 'affiliate_banner_id' Parameter SQL Injection OL-Commerce - '/OL-Commerce/create_account.php' 'country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/admin/create_account.php' 'entry_country_id' Parameter SQL Injection NUUO NVRmini 2 3.0.8 - Multiple OS Command Injection NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections Multiple Netgear Routers - Password Disclosure Multiple NETGEAR Routers - Password Disclosure WebKit - Stealing Variables via Page Navigation in FrameLoader::clear WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear'	2017-06-23 05:01:28 +00:00
Offensive Security	df0343af6d	DB: 2017-06-22 13 new exploits Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Pool Memory Disclosure Microsoft Windows - 'IOCTL 0x390400_ operation code 0x00020000' Kernel KsecDD Pool Memory Disclosure Microsoft Windows - 'IOCTL_MOUNTMGR_QUERY_POINTS' Kernel Mountmgr Pool Memory Disclosure Microsoft Windows - '0x224000 IOCTL (WmiQueryAllData)' Kernel WMIDataDevice Pool Memory Disclosure Microsoft Windows - 'win32k!NtGdiEnumFonts' Kernel Pool Memory Disclosure Microsoft Windows - 'IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS' volmgr Pool Memory Disclosure Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_GEOMETRY_EX' Kernel partmgr Pool Memory Disclosure Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_LAYOUT_EX' Kernel partmgr Pool Memory Disclosure Microsoft Windows - 'nt!NtQueryVolumeInformationFile (FileFsVolumeInformation)' Kernel Pool Memory Disclosure Microsoft Windows - 'nt!NtNotifyChangeDirectoryFile' Kernel Pool Memory Disclosure Microsoft Windows - 'nt!KiDispatchException' Kernel Stack Memory Disclosure in Exception Handling sudo 1.8.0 < 1.8.3p1 (sudo_debug) - glibc FORTIFY_SOURCE Bypass + Privilege Escalation sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation Linux Kernel 3.14.5 (RHEL / CentOS 7) - 'libfutex' Privilege Escalation Linux Kernel 3.14.5 (CentOS 7 / RHEL) - 'libfutex' Privilege Escalation Sudo 1.8.14 - Unauthorized Privilege Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - 'Sudoedit' Unauthorized Privilege Escalation Linux/x86 - Reverse UDP Shellcode (668 bytes) PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution	2017-06-22 05:01:27 +00:00
Offensive Security	b00ce2562c	DB: 2017-06-21 2 new exploits Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service Sudo - 'get_process_ttyname()' Privilege Escalation Sudo 1.8.20 - 'get_process_ttyname()' Privilege Escalation WonderCMS 2.1.0 - Cross-Site Request Forgery	2017-06-21 05:01:28 +00:00
Offensive Security	380d33dd22	DB: 2017-06-20 13 new exploits GNU binutils - 'rx_decode_opcode' Buffer Overflow GNU binutils - 'disassemble_bytes' Heap Overflow GNU binutils - 'bfd_get_string' Stack Buffer Overflow GNU binutils - 'decode_pseudodbg_assert_0' Buffer Overflow GNU binutils - 'ieee_object_p' Stack Buffer Overflow GNU binutils - 'print_insn_score16' Buffer Overflow GNU binutils - 'aarch64_ext_ldst_reglist' Buffer Overflow iBall Baton iB-WRA150N - Unauthenticated DNS Change nuevoMailer 6.0 - SQL Injection UTstarcom WA3002G4 - Unauthenticated DNS Change D-Link DSL-2640U - Unauthenticated DNS Change Beetel BCM96338 Router - Unauthenticated DNS Change D-Link DSL-2640B - Unauthenticated Remote DNS Change	2017-06-20 05:01:28 +00:00
Offensive Security	248f7e7480	DB: 2017-06-17 7 new exploits WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions WebKit JSC - arrayProtoFuncSplice does not Initialize all Indices WebKit JSC - JIT Optimization Check Failed in IntegerCheckCombiningPhase::handleBlock WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow (DEP Bypass) KBVault MySQL 0.16a - Arbitrary File Upload Joomla! Component JoomRecipe 1.0.3 - SQL Injection	2017-06-17 05:01:25 +00:00
Offensive Security	a090330e55	DB: 2017-06-16 6 new exploits Avast aswSnx.sys Kernel Driver 11.1.2253 - Memory Corruption Privilege Escalation Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without Egg-Hunter) (Metasploit) Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without EggHunter) (Metasploit) VX Search Enterprise 9.7.18 - Local Buffer Overflow Sudo - 'get_process_ttyname()' Privilege Escalation Win32 - JITed stage-0 Shellcode Win32 - JITed Stage-0 Shellcode Windows - JITed egg-hunter stage-0 Shellcode Windows - JITed Egghunter Stage-0 Shellcode Windows XP/Vista/7 - JITed egg-hunter stage-0 Shellcode Adjusted Universal Windows XP/Vista/7 - JITed Egghunter Stage-0 Shellcode Adjusted Universal Linux/x86 - Egg-hunter Shellcode (31 bytes) Linux/x86 - Egghunter Shellcode (31 bytes) Linux/x86 - Egg-hunter Shellcode (20 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86 - Egg-hunter Shellcode (13 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86 - Egg-hunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes) Linux/x86_64 - execve(_/bin/sh_) Shellcode (24 bytes) AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit) AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit) Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution	2017-06-16 05:01:26 +00:00
g0tmi1k	f7178c7641	Merge pull request #91 from g0tmi1k/searchsploit Add "--exclude" to remove values from results	2017-06-15 11:55:46 +01:00
Offensive Security	b946aa7e86	DB: 2017-06-15 5 new exploits Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Local Exploit Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation Easy MOV Converter 1.4.24 - 'Enter User Name' Buffer Overflow (SEH) WarFTP 1.65 - (USER) Remote Buffer Overflow WarFTP 1.65 - 'USER' Remote Buffer Overflow Google Chrome - V8 Private Property Arbitrary Code Execution HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution WordPress Plugin WP Jobs < 1.5 - SQL Injection WordPress Plugin Event List <= 0.7.8 - SQL Injection	2017-06-15 05:01:27 +00:00
g0tmi1k	2b95b7a760	Add "--exclude" to remove values from results	2017-06-14 15:58:54 +01:00
g0tmi1k	d029dd02ce	Add (hidden) additional long arguments commands	2017-06-14 15:58:29 +01:00
g0tmi1k	62241c3543	Code clean up	2017-06-14 15:58:12 +01:00
Offensive Security	2170122160	DB: 2017-06-14 7 new exploits MyServer 0.7.1 - (POST) Denial of Service MyServer 0.7.1 - 'POST' Denial of Service Foxmail 2.0 - (MAIL FROM:) Denial of Service Foxmail 2.0 - 'MAIL FROM:' Denial of Service Nokia Symbian 60 - (BlueTooth Nickname) Remote Restart (2) Nokia Symbian 60 - 'BlueTooth Nickname' Remote Restart (2) Ethereal 0.10.10 / tcpdump 3.9.1 - (rsvp_print) Infinite Loop Denial of Service Tcpdump 3.8.x - (ldp_print) Infinite Loop Denial of Service Tcpdump 3.8.x - (rt_routing_info) Infinite Loop Denial of Service Tcpdump 3.8.x/3.9.1 - (isis_print) Infinite Loop Denial of Service Ethereal 0.10.10 / tcpdump 3.9.1 - 'rsvp_print' Infinite Loop Denial of Service Tcpdump 3.8.x - 'ldp_print' Infinite Loop Denial of Service Tcpdump 3.8.x - 'rt_routing_info' Infinite Loop Denial of Service Tcpdump 3.8.x/3.9.1 - 'isis_print' Infinite Loop Denial of Service Ethereal 0.10.10 - (dissect_ipc_state) Remote Denial of Service Ethereal 0.10.10 - 'dissect_ipc_state' Remote Denial of Service phpBB 2.0.15 - Register Multiple Users Denial of Service (Perl) phpBB 2.0.15 - Register Multiple Users Denial of Service (C) phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl) phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C) Stream / Raped (Windows) - Denial of Service Attack Stream / Raped (Windows) - Denial of Service Ipswitch WS_FTP Server 5.03 - (RNFR) Buffer Overflow Mercury/32 Mail Server 4.01a - (check) Buffer Overflow Golden FTP Server Pro 2.52 - (USER) Remote Buffer Overflow Ipswitch WS_FTP Server 5.03 - 'RNFR' Buffer Overflow Mercury/32 Mail Server 4.01a - 'check' Buffer Overflow Golden FTP Server Pro 2.52 - 'USER' Remote Buffer Overflow Inframail Advantage Server Edition 6.0 < 6.37 - (SMTP) Buffer Overflow Inframail Advantage Server Edition 6.0 < 6.37 - (FTP) Buffer Overflow GTChat 0.95 Alpha - (adduser) Remote Denial of Service Inframail Advantage Server Edition 6.0 < 6.37 - 'SMTP' Buffer Overflow Inframail Advantage Server Edition 6.0 < 6.37 - 'FTP' Buffer Overflow GTChat 0.95 Alpha - 'adduser' Remote Denial of Service P2P Pro 1.0 - (command) Denial of Service P2P Pro 1.0 - 'command' Denial of Service Mozilla Products - (Host:) Buffer Overflow Denial of Service String Mozilla Products - 'Host:' Buffer Overflow Denial of Service String Fastream NETFile Web Server 7.1.2 - (HEAD) Denial of Service Fastream NETFile Web Server 7.1.2 - 'HEAD' Denial of Service RBExplorer 1.0 - (Hijacking Command) Denial of Service RBExplorer 1.0 - Hijacking Command Denial of Service Freeciv 2.0.7 - (Jumbo Malloc) Denial of Service Crash Freeciv 2.0.7 - (Jumbo Malloc) Crash (Denial of Service) XChat 2.6.7 - (Windows) Remote Denial of Service (PHP) XChat 2.6.7 - (Windows) Remote Denial of Service (Perl) XChat 2.6.7 (Windows) - Remote Denial of Service (PHP) XChat 2.6.7 (Windows) - Remote Denial of Service (Perl) Nokia Symbian 60 3rd Edition - Browser Denial of Service Crash Nokia Symbian 60 3rd Edition - Browser Crash (Denial of Service) Macromedia Flash 9 - (IE Plugin) Remote Denial of Service Crash Macromedia Flash 9 - (IE Plugin) Remote Crash (Denial of Service) AIDeX Mini-WebServer 1.1 - Remote Denial of Service Crash AIDeX Mini-WebServer 1.1 - Remote Crash (Denial of Service) Microsoft Windows - NtRaiseHardError 'Csrss.exe/winsrv.dll' Double-Free Microsoft Windows - 'Csrss.exe/winsrv.dll' NtRaiseHardError Double-Free Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Denial of Service Hang / Crash Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Hang / Crash (Denial of Service) Half-Life CSTRIKE Server 1.6 - Denial of Service (no-steam) Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service AyeView 2.20 - (malformed gif image) Local Crash AyeView 2.20 - Malformed .GIF Image Local Crash Microsoft Windows - '.chm' Denial of Service (HTML compiled) Microsoft Windows - '.chm' Denial of Service (HTML Compiled) Winamp 5.541 - '.mp3'/'.aiff' Multiple Denial of Services Winamp 5.541 - '.mp3'/'.aiff' File Multiple Denial of Service Vulnerabilities Multiple HTTP Server - Low Bandwidth Denial of Service (slowloris.pl) Multiple HTTP Server - 'slowloris.pl' Low Bandwidth Denial of Service Google Picasa 3.5 - Local Denial of Service Buffer Overflow Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) 3Com OfficeConnect Routers - (Content-Type) Denial of Service 3Com OfficeConnect Routers - 'Content-Type' Denial of Service VSO Medoa Player 1.0.2.2 - Local Denial of Services (PoC) VSO Medoa Player 1.0.2.2 - Local Denial of Service (PoC) QtWeb 3.0 - Remote Denial of Service/Crash QtWeb 3.0 - Remote Crash (Denial of Service) NovaPlayer 1.0 - '.mp3' Local Denial of Service (2) NovaPlayer 1.0 - '.mp3' File Local Denial of Service (2) Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' Denial of Service/Crash Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' File Crash (Denial of Service) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash SEH (PoC) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash (SEH) (PoC) Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Denial of Service (Crash) Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Crash (Denial of Service) Optimal Archive 1.38 - '.zip' SEH (PoC) Optimal Archive 1.38 - '.zip' File (SEH) (PoC) MovieLibrary 1.4.401 - Local Denial of Service (.dmv) Book Library 1.4.162 - Local Denial of Service (.bkd) MovieLibrary 1.4.401 - '.dmv' Local Denial of Service Book Library 1.4.162 - '.bkd' Local Denial of Service Huawei EchoLife HG520c - Denial of Service / Modem Reset Huawei EchoLife HG520c - Modem Reset (Denial of Service) CommView 6.1 (Build 636) - Local Denial of Service (Blue Screen of Death) CommView 6.1 (Build 636) - Local Blue Screen of Death (Denial of Service) QtWeb 3.3 - Remote Denial of Service/Crash QtWeb 3.3 - Remote Crash (Denial of Service) Subtitle Translation Wizard 3.0.0 - SEH (PoC) Subtitle Translation Wizard 3.0.0 - (SEH) (PoC) Opera - Denial of Service by canvas Element Opera - Canvas Element (Denial of Service) Microsoft IIS 6.0 - ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065) Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065) HP Data Protector Manager 6.11 - Remote Denial of Service in RDS Service HP Data Protector Manager 6.11 - RDS Service Remote Denial of Service FreeBSD 8.0 - Local Denial of Service (Forced Reboot) FreeBSD 8.0 - Local Forced Reboot (Denial of Service) Hanso Player 1.4.0.0 - Buffer Overflow Denial of Service Skinfile Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service) CiscoKits 1.0 - TFTP Server Denial of Service (Write command) CiscoKits 1.0 - TFTP Server 'Write Command' Denial of Service Apache - Remote Denial of Service (Memory Exhaustion) Apache - Remote Memory Exhaustion (Denial of Service) TOWeb 3.0 - Local Format String Denial of Service (TOWeb.MO file Corruption) TOWeb 3.0 - Local Format String Denial of Service 'TOWeb.MO' File Corruption BlueZone Desktop Multiple - Malformed files Local Denial of Service Vulnerabilities BlueZone Desktop Multiple - Malformed Files Local Denial of Service Vulnerabilities NJStar Communicator MiniSmtp - Buffer Overflow [ASLR Bypass] NJStar Communicator MiniSmtp - Buffer Overflow (ASLR Bypass) Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit) Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit) Qutecom SoftPhone 2.2.1 - Heap Overflow Denial of Service/Crash (PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Network Associates Gauntlet Firewall 5.0 - Denial of Service Attack Network Associates Gauntlet Firewall 5.0 - Denial of Service Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (1) Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (2) Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (1) Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (2) Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service Attack Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service Attack Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service (Linux Kernel) ReiserFS 3.5.28 - Denial of Service (Possible Code Execution) (Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service Winlog Lite SCADA HMI system - SEH 0verwrite Winlog Lite SCADA HMI system - (SEH) Overwrite FL Studio 10 Producer Edition - SEH Based Buffer Overflow (PoC) FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC) OptiSoft Blubster 2.5 - Remote Denial of Service Attack OptiSoft Blubster 2.5 - Remote Denial of Service ChatZilla 0.8.23 - Remote Denial of Service Attack ChatZilla 0.8.23 - Remote Denial of Service ACDSee 9.0 Photo Manager - Multiple BMP Denial of Service Vulnerabilities ACDSee 9.0 Photo Manager - Multiple '.BMP' Denial of Service Vulnerabilities Motorola SBG6580 Cable Modem & Wireless Router - Denial of Service Reboot Motorola SBG6580 Cable Modem & Wireless Router - Reboot (Denial of Service) Unreal Tournament 3 - Denial of Service / Memory Corruption Unreal Tournament 3 - Memory Corruption (Denial of Service) Gold MP4 Player 3.3 - Universal SEH Exploit (Metasploit) Gold MP4 Player 3.3 - Universal Exploit (SEH) (Metasploit) Jzip - SEH Unicode Buffer Overflow (Denial of Service) Jzip - Buffer Overflow (SEH Unicode) (Denial of Service) Symantec Endpoint Protection Manager 12.1.x - SEH Overflow (PoC) Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC) Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Issue Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary memory read NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary Memory Read Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow/Denial of Service EIP Overwrite Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite JourneyMap 5.0.0RC2 Ultimate Edition - Denial of Service (Resource Consumption) JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption (Denial of Service) Mediacoder 0.8.33 build 5680 - Buffer Overflow (SEH) Denial of Service (.lst) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service i.FTP 2.21 - SEH Overflow Crash (PoC) i.FTP 2.21 - (SEH) Overflow Crash (PoC) Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' Denial of service (Crush Application) Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service) Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash (PoC) Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC) Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service/Elevation of Privilege (MS15-111) Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service / Privilege Escalation (MS15-111) Sam Spade 1.14 - S-Lang Command Field SEH Overflow Sam Spade 1.14 - S-Lang Command Field Overflow (SEH) SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field SEH Overflow SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field Overflow (SEH) Network Scanner 4.0.0.0 - SEH Crash (PoC) Network Scanner 4.0.0.0 - (SEH)Crash (PoC) Zortam Mp3 Media Studio 20.15 - SEH Overflow Denial of Service Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service i.FTP 2.21 - Host Address / URL Field SEH Exploit i.FTP 2.21 - Host Address / URL Field (SEH) Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking Microsoft Windows Server 2000 - Utility Manager Privilege Elevation Exploit (MS04-019) Microsoft Windows Server 2000 - Utility Manager Privilege Escalation (MS04-019) Microsoft Windows - 'keybd_event' Local Privilege Elevation Exploit Microsoft Windows - 'keybd_event' Local Privilege Escalation Microsoft Vista - (NtRaiseHardError) Privilege Escalation Microsoft Vista - 'NtRaiseHardError' Privilege Escalation Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Escalation eTrust AntiVirus Agent r8 - Local Privilege Elevation Exploit eTrust AntiVirus Agent r8 - Local Privilege Escalation WinPcap 4.0 - 'NPF.SYS' Privilege Elevation (PoC) WinPcap 4.0 - 'NPF.SYS' Privilege Escalation (PoC) IntelliTamper (2.07/2.08) - Language Catalog SEH Overflow IntelliTamper (2.07/2.08) - Language Catalog Overflow (SEH) WINMOD 1.4 - '.lst' Local Stack Overflow XP SP3 (RET + SEH) (3) WINMOD 1.4 - '.lst' File Local Stack Overflow XP SP3 (RET + SEH) (3) CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH) DJ Studio Pro 5.1.6.5.2 - SEH Exploit DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit Winamp 5.572 - SEH Exploit Winamp 5.572 - (SEH) Exploit Orbital Viewer 1.04 - '.orb' Local Universal SEH Overflow Orbital Viewer 1.04 - '.orb' File Local Universal Overflow (SEH) ZipScan 2.2c - SEH Exploit ZipScan 2.2c - (SEH) Exploit ZipCentral - '.zip' SEH Exploit eZip Wizard 3.0 - '.zip' SEH Exploit ZipCentral - '.zip' File (SEH) eZip Wizard 3.0 - '.zip' File (SEH) PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass) PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow (NX + ASLR Bypass) Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit) Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit) ZipWrangler 1.20 - '.zip' SEH Exploit ZipWrangler 1.20 - '.zip' File (SEH) Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' SEH Exploit Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' File (SEH) Mediacoder 0.7.3.4672 - SEH Exploit Mediacoder 0.7.3.4672 - (SEH) Exploit VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (1) VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (1) Castripper 2.50.70 - '.pls' Stack Buffer Overflow DEP Bypass Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass) Winamp 5.572 - Local Buffer Overflow (EIP & SEH DEP Bypass) BlazeDVD 5.1 - '.plf' File Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass) Winamp 5.572 - Local Buffer Overflow (EIP + SEH DEP Bypass) BlazeDVD 6.0 - '.plf' SEH Universal Buffer Overflow BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow RM Downloader 3.1.3 - Local SEH Exploit (Windows 7 ASLR + DEP Bypass) RM Downloader 3.1.3 (Windows 7) - Local ASLR + DEP Bypass (SEH) ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS ASLR + DEP Bypass) (Metasploit) ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit) A-PDF WAV to MP3 1.0.0 - Universal Local SEH Exploit A-PDF WAV to MP3 1.0.0 - Universal Local (SEH) Acoustica MP3 Audio Mixer 2.471 - Extended M3U directives SEH Exploit Acoustica MP3 Audio Mixer 2.471 - Extended .M3U Directives (SEH) MP3 Workstation 9.2.1.1.2 - SEH Exploit MP3 Workstation 9.2.1.1.2 - (SEH) Exploit DJ Studio Pro 8.1.3.2.1 - SEH Exploit A-PDF All to MP3 Converter 1.1.0 - Universal Local SEH Exploit DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit A-PDF All to MP3 Converter 1.1.0 - Universal Local (SEH) MP3 Workstation 9.2.1.1.2 - SEH Exploit (Metasploit) MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit) iworkstation 9.3.2.1.4 - SEH Exploit iworkstation 9.3.2.1.4 - (SEH) Exploit Quick Player 1.3 - Unicode SEH Exploit AudioTran 1.4.2.4 - SafeSEH + SEHOP Exploit Quick Player 1.3 - Unicode (SEH) AudioTran 1.4.2.4 - (SafeSEH + SEHOP) Exploit Microsoft Windows Vista/7 - Elevation of Privileges (UAC Bypass) Microsoft Windows Vista/7 - Privilege Escalation (UAC Bypass) Nokia MultiMedia Player 1.0 - SEH Unicode Exploit Nokia MultiMedia Player 1.0 - (SEH Unicode) WM Downloader 3.1.2.2 2010.04.15 - '.m3u' Buffer Overflow (DEP Bypass) WM Downloader 3.1.2.2 2010.04.15 - '.m3u' File Buffer Overflow (DEP Bypass) Adobe PDF - Escape EXE Social Engineering (No JavaScript)(Metasploit) Adobe PDF - Escape EXE Social Engineering (No JavaScript) (Metasploit) POP Peeper 3.7 - SEH Exploit POP Peeper 3.7 - (SEH) Exploit MPlayer Lite r33064 - '.m3u' SEH Overflow MPlayer Lite r33064 - '.m3u' Overflow (SEH) Wireshark 1.4.1 < 1.4.4 - SEH Overflow Wireshark 1.4.1 < 1.4.4 - Overflow (SEH) Subtitle Processor 7.7.1 - SEH Unicode Buffer Overflow Subtitle Processor 7.7.1 - Buffer Overflow (SEH Unicode) Subtitle Processor 7.7.1 - '.m3u' SEH Unicode Buffer Overflow (Metasploit) Subtitle Processor 7.7.1 - '.m3u' File Buffer Overflow (SEH Unicode) (Metasploit) The KMPlayer 3.0.0.1440 - '.mp3' Buffer Overflow (Windows XP SP3 DEP Bypass) The KMPlayer 3.0.0.1440 - '.mp3' File Buffer Overflow (Windows XP SP3 DEP Bypass) MPlayer Lite r33064 - m3u Buffer Overflow (DEP Bypass) MPlayer Lite r33064 - '.m3u' Buffer Overflow (DEP Bypass) DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass Exploit DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass MY MP3 Player 3.0 - '.m3u' Exploit DEP Bypass MY MP3 Player 3.0 - '.m3u' DEP Bypass TORCS 1.3.2 - xml Buffer Overflow /SAFESEH evasion TORCS 1.3.2 - '.xml' File Buffer Overflow /SafeSEH Evasion DJ Studio Pro 5.1.6.5.2 - SEH Exploit (Metasploit) DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit) BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass BlazeVideo HDTV Player 6.6 Professional - (SEH + ASLR + DEP Bypass) Corel Linux OS 1.0 - Denial of Serviceemu Distribution Configuration Corel Linux OS 1.0 - Dosemu Distribution Configuration MyMp3 Player Stack - '.m3u' DEP Bypass MyMp3 Player Stack - '.m3u' File DEP Bypass CoolPlayer+ Portable 2.19.2 - Buffer Overflow ASLR Bypass (Large Shellcode) CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (Large Shellcode) Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Elevation Microsoft IIS 5.0 - In-Process Table Privilege Elevation Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation Microsoft IIS 5.0 - In-Process Table Privilege Escalation Taylor UUCP 1.0.6 - Argument Handling Privilege Elevation Taylor UUCP 1.0.6 - Argument Handling Privilege Escalation Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Escalation Huawei Technologies Internet Mobile - Unicode SEH Exploit Huawei Technologies Internet Mobile - Unicode (SEH) MySQL (Linux) - Database Privilege Elevation Exploit MySQL (Linux) - Database Privilege Escalation Man Utility 2.3.19 - Local Compression Program Privilege Elevation Man Utility 2.3.19 - Local Compression Program Privilege Escalation BlazeDVD 6.1 - PLF Exploit DEP/ASLR Bypass (Metasploit) BlazeDVD 6.1 - PLF Exploit (DEP + ASLR Bypass) (Metasploit) BOINC Manager (Seti@home) 7.0.64 - Field SEH based Buffer Overflow BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH) Static HTTP Server 1.0 - SEH Overflow Static HTTP Server 1.0 - (SEH) Overflow ALLPlayer 5.6.2 - '.m3u' Local Buffer Overflow (SEH/Unicode) ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH) VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (2) VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (2) Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) ASLR + DEP Bypass Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass) OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation Nidesoft MP3 Converter 2.6.18 - SEH Local Buffer Overflow Nidesoft MP3 Converter 2.6.18 - Local Buffer Overflow (SEH) Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Elevation of Privilege Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation Quick Search 1.1.0.189 - 'search textbox' Unicode SEH Egghunter Buffer Overflow Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass) Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter) Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH) Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH) (Windows 7 DEP Bypass) Microsoft HTML Help Compiler 4.74.8702.0 - SEH Based Overflow Microsoft HTML Help Compiler 4.74.8702.0 - Overflow (SEH) MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' SEH Based Buffer Overflow (ASLR & SAFESEH Bypass) MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass) Mozilla - Maintenance Service Log File Overwrite Elevation of Privilege Mozilla - Maintenance Service Log File Overwrite Privilege Escalation Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow Logitech Webcam Software 1.1 - 'eReg.exe' Buffer Overflow (SEH Unicode) Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH) KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP_ Denial of Service 7/8.1/10) KiTTY Portable 0.65.0.2p - Local kitty.ini Overflow (Wow64 Egghunter Windows 7) KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP / Denial of Service 7/8.1/10) KiTTY Portable 0.65.0.2p (Windows 7) - Local kitty.ini Overflow (Wow64 Egghunter) Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Elevation Exploit Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Escalation Internet Download Manager 6.25 Build 14 - 'Find file' Unicode SEH Exploit Internet Download Manager 6.25 Build 14 - 'Find file' Unicode (SEH) Cogent Datahub 7.3.9 Gamma Script - Elevation of Privilege Cogent Datahub 7.3.9 Gamma Script - Privilege Escalation Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal ASLR + DEP Bypass) Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File Exploit (Universal ASLR + DEP Bypass) Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (Metasploit) Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH) (Metasploit) Mediacoder 0.8.43.5852 - '.m3u' SEH Exploit CoolPlayer+ Portable 2.19.6 - '.m3u' Stack Overflow (Egghunter + ASLR Bypass) Mediacoder 0.8.43.5852 - '.m3u' (SEH) CoolPlayer+ Portable 2.19.6 - '.m3u' File Stack Overflow (Egghunter + ASLR Bypass) VUPlayer 2.49 - '.pls' Stack Buffer Overflow (DEP Bypass) VUPlayer 2.49 - '.pls' File Stack Buffer Overflow (DEP Bypass) Netgear Genie 2.4.32 - Unquoted Service Path Elevation of Privilege Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation Network Scanner 4.0.0 - SEH Local Buffer Overflow Network Scanner 4.0.0 - Local Buffer Overflow (SEH) Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow Microsoft Windows - '.ani' GDI Remote Elevation of Privilege Exploit (MS07-017) Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017) Move Networks Quantum Streaming Player - SEH Overflow Move Networks Quantum Streaming Player - Overflow (SEH) Quick TFTP Server Pro 2.1 - Remote SEH Overflow Quick TFTP Server Pro 2.1 - Remote Overflow (SEH) Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH Stack Overflow PowerTCP FTP module - Multiple Technique Exploit (SEH/HeapSpray) PowerTCP FTP module - Multiple Technique Exploit (SEH HeapSpray) BigAnt Server 2.52 - SEH Exploit BigAnt Server 2.52 - (SEH) Exploit File Sharing Wizard 1.5.0 - SEH Exploit File Sharing Wizard 1.5.0 - (SEH) Exploit Kolibri 2.0 - Buffer Overflow RET + SEH Exploit (HEAD) Kolibri 2.0 - (HEAD) Buffer Overflow RET + (SEH) Easy File Sharing HTTP Server 7.2 - SEH Overflow (Metasploit) Easy File Sharing HTTP Server 7.2 - Overflow (SEH) (Metasploit) WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter) WorldMail IMAPd 3.0 - Overflow (SEH) (Egg Hunter) Sysax Multi Server 5.53 - SFTP Authenticated SEH Exploit Sysax Multi Server 5.53 - SFTP Authenticated (SEH) Simple Web Server 2.2-rc2 - ASLR Bypass Exploit Simple Web Server 2.2-rc2 - ASLR Bypass Microsoft SQL 2000/7.0 - Agent Jobs Privilege Elevation Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation BigAnt Server 2.52 SP5 - SEH Stack Overflow ROP-based Exploit (ASLR + DEP Bypass) BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass) Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution Intrasrv Simple Web Server 1.0 - Remote Code Execution (SEH) Apache suEXEC - Privilege Elevation / Information Disclosure Apache suEXEC - Information Disclosure / Privilege Escalation Easy Internet Sharing Proxy Server 2.2 - SEH Overflow (Metasploit) Easy Internet Sharing Proxy Server 2.2 - Overflow (SEH) (Metasploit) Kolibri Web Server 2.0 - GET Request SEH Exploit Kolibri Web Server 2.0 - GET Request (SEH) Microsoft Windows Kerberos - Elevation of Privilege (MS14-068) Microsoft Windows Kerberos - Privilege Escalation (MS14-068) X360 VideoPlayer ActiveX Control 2.6 - (ASLR + DEP Bypass) X360 VideoPlayer ActiveX Control 2.6 - ASLR + DEP Bypass i.FTP 2.21 - Time Field SEH Exploit i.FTP 2.21 - Time Field (SEH) Konica Minolta FTP Utility 1.00 - Authenticated CWD Command SEH Overflow (Metasploit) Konica Minolta FTP Utility 1.00 - Authenticated CWD Command Overflow (SEH) (Metasploit) Easy File Sharing Web Server 7.2 - Remote SEH Based Overflow Easy File Sharing Web Server 7.2 - Remote Overflow (SEH) Konica Minolta FTP Utility 1.00 - CWD Command SEH Overflow Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH) Sysax Multi Server 6.50 - HTTP File Share SEH Overflow Remote Code Execution Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH) TFTP Server 1.4 - WRQ Buffer Overflow (Egghunter) TFTP Server 1.4 - 'WRQ' Buffer Overflow (Egghunter) Easy File Sharing Web Server 7.2 - SEH Overflow (Egghunter) Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter) Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow Win32 - SEH omelet Shellcode Win32 - SEH Omelet Shellcode dotWidget CMS 1.0.6 - (file_path) Remote File Inclusion DreamAccount 3.1 - (da_path) Remote File Inclusion dotWidget CMS 1.0.6 - 'file_path' Remote File Inclusion DreamAccount 3.1 - 'da_path' Remote File Inclusion AWF CMS 1.11 - (spaw_root) Remote File Inclusion AWF CMS 1.11 - 'spaw_root' Remote File Inclusion Download-Engine 1.4.2 - (spaw) Remote File Inclusion Download-Engine 1.4.2 - 'spaw' Remote File Inclusion Newsscript 1.0 - Administrative Privilege Elevation Newsscript 1.0 - Administrative Privilege Escalation UBBCentral UBB.Threads 3.4/3.5 - Denial of Serviceearch.php SQL Injection UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL Injection Cerberus Helpdesk 2.649 - cer_KnowledgebaseHandler.class.php _load_article_details Function SQL Injection Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection cPanel 10.9 - Denial of Serviceetmytheme theme Parameter Cross-Site Scripting cPanel 10.9 - dosetmytheme 'theme' Parameter Cross-Site Scripting WordPress < 2.1.2 - PHP_Self Cross-Site Scripting WordPress < 2.1.2 - PHP_Self Cross-Site Scripting WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection Real Estate Classifieds Script - SQL Injection	2017-06-14 05:01:26 +00:00
g0tmi1k	6bf2cee7fc	Merge pull request #90 from g0tmi1k/searchsploit Better EDB-ID detection - able to put in path and it will extract the value	2017-06-13 13:50:12 +01:00
g0tmi1k	2be6186aa3	Better EDB-ID detection - able to put in path and it will extract the value	2017-06-13 13:48:07 +01:00
Offensive Security	117f75fdfc	DB: 2017-06-13 5 new exploits GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution Easy File Sharing Web Server 7.2 - Authentication Bypass	2017-06-13 05:01:23 +00:00
Offensive Security	dea52f68f5	DB: 2017-06-12 8 new exploits Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC) Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow VMware vSphere Data Protection 5.x/6.x - Java Deserialization EFS Easy Chat Server 3.1 - Buffer Overflow (SEH) IPFire 2.19 - Remote Code Execution eCom Cart 1.3 - SQL Injection EFS Easy Chat Server 3.1 - Password Disclosure EFS Easy Chat Server 3.1 - Password Reset PaulShop - SQL Injection	2017-06-12 05:01:24 +00:00
Offensive Security	fbe517f675	DB: 2017-06-10 6 new exploits Mapscrn 2.03 - Local Buffer Overflow libcroco 0.6.12 - Denial of Service libquicktime 1.2.4 - Denial of Service Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition Apple macOS - Disk Arbitration Daemon Race Condition Craft CMS 2.6 - Cross-Site Scripting	2017-06-10 05:01:19 +00:00
Offensive Security	bed1811f1d	DB: 2017-06-09 4 new exploits Linux Kernel - 'ping' Local Denial of Service VMware Workstation 12 Pro - Denial of Service Net Monitor for Employees Pro < 5.3.4 - Unquoted Service Path Privilege Escalation Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)	2017-06-09 05:01:17 +00:00
Offensive Security	b002e06bf6	DB: 2017-06-08 9 new exploits Linux Kernel - 'ping' Local Denial of Service Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption Artifex MuPDF - Null Pointer Dereference Artifex MuPDF mujstest 1.10a - Null Pointer Dereference DC/OS Marathon UI - Docker Exploit (Metasploit) Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting Xavier 2.4 - SQL Injection Robert 0.5 - Multiple Vulnerabilities	2017-06-08 05:01:17 +00:00
Offensive Security	0ef7d9b9ec	DB: 2017-06-07 8 new exploits Wireshark 2.2.6 - IPv6 Dissector Denial of Service Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service Apple Safari 10.1 - Spread Operator Integer Overflow Remote Code Execution Home Web Server 1.9.1 build 164 - Remote Code Execution Linux/x86-64 - /bin/sh Shellcode (31 bytes) Kronos Telestaff < 2.92EU29 - SQL Injection WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure	2017-06-07 05:01:18 +00:00
Offensive Security	cd6e21e600	DB: 2017-06-06 11 new exploits Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow DNSTracer 1.8.1 - Buffer Overflow Parallels Desktop - Virtual Machine Escape Subsonic 6.1.1 - XML External Entity Injection BIND 9.10.5 - Unquoted Service Path Privilege Escalation Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution Subsonic 6.1.1 - Cross-Site Request Forgery Subsonic 6.1.1 - Server-Side Request Forgery Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting	2017-06-06 05:01:15 +00:00
Offensive Security	42e94b4366	DB: 2017-06-05 26 new exploits Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files Microsoft MsMpEng - Use-After-Free via Saved Callers WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope WebKit - 'Element::setAttributeNodeNS' Use-After-Free reiserfstune 3.6.25 - Local Buffer Overflow TiEmu 2.08 - Local Buffer Overflow Octopus Deploy - Authenticated Code Execution (Metasploit) Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit) CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes) Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes) uc-http Daemon - Local File Inclusion / Directory Traversal Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root Piwigo Plugin Facetag 0.0.3 - SQL Injection OV3 Online Administration 3.0 - Directory Traversal OV3 Online Administration 3.0 - Remote Code Execution OV3 Online Administration 3.0 - SQL Injection Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting	2017-06-05 05:01:15 +00:00
Offensive Security	b1d5f96f79	DB: 2017-05-27 6 new exploits Sandboxie 5.18 - Local Denial of Service JAD java Decompiler 1.5.8e - Local Buffer Overflow Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write D-Link DCS Series Cameras - Insecure Crossdomain QWR-1104 Wireless-N Router - Cross-Site Scripting	2017-05-27 05:01:15 +00:00
Offensive Security	d77e2b2ada	DB: 2017-05-26 11 new exploits Apple WebKit / Safari 10.0.3(12602.4.8) - 'WebCore::FrameView::scheduleRelayout' Use-After-Free Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine Mozilla Firefox < 53 - 'gfxTextRun' Out-of-Bounds Read Mozilla Firefox < 53 - 'ConvolvePixel' Memory Disclosure WinRAR 3.60 Beta 6 - (SFX Path) Local Stack Overflow WinRAR 3.60 Beta 6 - SFX Path Local Stack Overflow Ability Server 2.34 - FTP STOR Buffer Overflow Ability Server 2.34 - FTP 'STOR' Buffer Overflow TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Buffer Overflow Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (3) Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (3) MailEnable Enterprise Edition 1.1 - (EXAMINE) Buffer Overflow Eudora Qualcomm WorldMail 3.0 - (IMAPd) Remote Overflow MailEnable Enterprise Edition 1.1 - 'EXAMINE' Buffer Overflow Eudora Qualcomm WorldMail 3.0 - 'IMAPd' Remote Overflow Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow Alt-N MDaemon POP3 Server < 9.06 - 'USER' Remote Heap Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Unauthenticated Overflow (SEH) Microsoft Internet Explorer - XML Parsing Buffer Overflow (Windows Vista) Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Buffer Overflow (Metasploit) qualcomm worldmail server 3.0 - Directory Traversal Qualcomm WorldMail Server 3.0 - Directory Traversal Samba 3.5.0 - Remote Code Execution SolarWinds orion network performance monitor 10.2.2 - Multiple Vulnerabilities SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php q Parameter' SQL Injection Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php' q Parameter SQL Injection PlaySMs 1.4 - 'import.php' Remote Code Execution PlaySMS 1.4 - 'import.php' Remote Code Execution Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting WebKit - 'ContainerNode::parserInsertBefore' Universal Cross-Site Scripting WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting WebKit - Stealing Variables via Page Navigation in FrameLoader::clear Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting	2017-05-26 05:01:18 +00:00
Offensive Security	07c41df34d	DB: 2017-05-25 2 new exploits Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE (PoC) (MS12-034) Microsoft Windows XP - Keyboard Layouts Pool Corruption (PoC) (MS12-034) Microsoft Internet Explorer 6 - HtmlDlgSafeHelper Remote Denial of Service Microsoft Internet Explorer 6 - 'HtmlDlgSafeHelper' Remote Denial of Service Dup Scout Enterprise 9.7.18 - '.xml' Local Buffer Overflow NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion	2017-05-25 05:01:17 +00:00
Offensive Security	2907a841a7	DB: 2017-05-24 9 new exploits Apple iOS/macOS - Memory Corruption Due to Bad Bounds Checking in NSCharacterSet Coding for NSKeyedUnarchiver Apple iOS/macOS - NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in [NSBuiltinCharacterSet initWithCoder:] Apple iOS/macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in 'TIKeyboardLayout initWithCoder:' Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin' Apple iOS/macOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization Apple iOS/macOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Option Handling Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization KDE 4/5 - 'KAuth' Privilege Escalation VX Search Enterprise 9.5.12 - GET Buffer Overflow (Metasploit)	2017-05-24 05:01:19 +00:00
Offensive Security	bc7f6091d4	DB: 2017-05-23 4 new exploits Apple macOS - '32-bit syscall exit' Kernel Register Leak Apple macOS - 'stackshot' Raw Frame Pointers Linux Kernel 4.11 - eBPF Verifier Log Leaks Lower Half of map Pointer VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Config Host Root Privilege Escalation Joomla! 3.7.0 - 'com_fields' SQL Injection Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC)	2017-05-23 05:01:15 +00:00

... 2 3 4 5 6 ...

1434 commits