exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	6351914249	DB: 2017-05-22 5 new exploits Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC) Secure Auditor 3.0 - Directory Traversal KMCIS CaseAware - Cross-Site Scripting Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery PlaySMs 1.4 - 'import.php' Remote Code Execution	2017-05-22 05:01:18 +00:00
Offensive Security	df07287e80	DB: 2017-05-21	2017-05-21 05:01:16 +00:00
Offensive Security	3f846368c1	DB: 2017-05-20 9 new exploits Microsoft Windows - Unauthenticated SMB Remote Code Execution (MS17-010) (Metasploit) Microsoft Windows - Unauthenticated SMB Remote Code Execution Scanner (MS17-010) (Metasploit) Linux chfn (SuSE 9.3 / 10) - Privilege Escalation Linux chfn (SuSE 9.3/10) - Privilege Escalation Microsoft Windows XP SP3 x86 / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002) Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002) Microsoft Windows Server 2008 R2 SP1 (x64) (Standard) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 8/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Joomla 3.7.0 - 'com_fields' SQL Injection Oracle PeopleSoft - Server-Side Request Forgery Belden Garrettcom 6K/10K Switches - Authentication Bypass / Memory Corruption SAP Business One for Android 1.2.3 - XML External Entity Injection ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass PlaySMS 1.4 - Remote Code Execution D-Link DIR-600M Wireless N 150 - Authentication Bypass	2017-05-20 05:01:16 +00:00
Offensive Security	684c4e4362	DB: 2017-05-19	2017-05-19 05:01:15 +00:00
Offensive Security	94f7a8c8f5	DB: 2017-05-18 15 new exploits Apple iOS < 10.3.2 - Notifications API Denial of Service Adobe Flash - AVC Deblocking Out-of-Bounds Read Adobe Flash - Margin Handling Heap Corruption Adobe Flash - Out-of-Bounds Read in Getting TextField Width Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation Mozilla Firefox 50 - 55 - Stack Overflow Denial of Service Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit) Serviio Media Server - checkStreamUrl Command Execution (Metasploit) WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit) Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes) INFOR EAM 11.0 Build 201410 - 'filtervalue' SQL Injection INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields	2017-05-18 05:01:18 +00:00
Offensive Security	cf40ee3ab5	DB: 2017-05-17 3 new exploits LabF nfsAxe 3.7 FTP Client - Buffer Overflow (SEH) Sophos Web Appliance 4.3.1.1 - Session Fixation Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities	2017-05-17 05:01:16 +00:00
Offensive Security	7eac4c3a2c	DB: 2017-05-16 10 new exploits Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH) Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH) Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys Quest Privilege Manager - pmmasterd Buffer Overflow (Metasploit) PlaySms 1.4 - Remote Code Execution Mailcow 0.14 - Cross-Site Request Forgery Admidio 3.2.8 - Cross-Site Request Forgery	2017-05-16 05:01:17 +00:00
Offensive Security	b8fcb1ba1f	DB: 2017-05-14 1 new exploits Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation	2017-05-14 05:01:18 +00:00
Offensive Security	66b205e6c7	DB: 2017-05-13 3 new exploits Cerberus FTP Server 1.x - Buffer Overflow Denial of Service Palo Alto Networks PanOS root_trace - Privilege Escalation Palo Alto Networks PanOS - root_reboot Privilege Escalation Palo Alto Networks PanOS - 'root_trace' Privilege Escalation Palo Alto Networks PanOS - 'root_reboot' Privilege Escalation Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation Linux Kernel 4.8.0 (Ubuntu) - Packet Socket Local Privilege Escalation Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation Microsoft IIS WebDav - ScStoragePathFromUrl Overflow (Metasploit) Microsoft IIS - WebDav 'ScStoragePathFromUrl' Overflow (Metasploit) Vanilla Forums < 2.3 - Remote Code Execution N-able N-central - Cross-Site Request Forgery CMS Made Simple 2.1.6 - Multiple Vulnerabilities	2017-05-13 05:01:18 +00:00
Offensive Security	b6bbf710eb	DB: 2017-05-12 5 new exploits OpenVPN 2.4.0 - Unauthenticated Denial of Service Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3) Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Privilege Escalation (3) Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010) Microsoft Windows - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft IIS WebDav - ScStoragePathFromUrl Overflow (Metasploit)	2017-05-12 05:01:18 +00:00
Offensive Security	5aee851cfb	DB: 2017-05-11 5 new exploits PocketPC Mms Composer - (WAPPush) Denial of Service PocketPC Mms Composer - 'WAPPush' Denial of Service BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs) BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoC) DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs) DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoC) otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs) otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service) (PoC) Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035) Microsoft Internet Explorer 8/9/10 - 'CInput' Use-After-Free Crash (PoC) (MS14-035) SAP SAPCAR 721.510 - Heap-Based Buffer Overflow Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1) Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Privilege Escalation (1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1) Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2) Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1) Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2) HT Editor 2.0.20 - Buffer Overflow (ROP PoC) HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC) Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Privilege Escalation Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2) Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2) Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1) Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow (Metasploit) Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit) Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2) Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3) Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010) Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion visual tools dvr 3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities Microsoft Internet Explorer 8 / 9 - Steal Any Cookie Microsoft Internet Explorer 8/9 - Steal Any Cookie PHPOpenChat 2.3.4/3.0.1 - ENGLISH_poc.php Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S_ DVR - Credentials Disclosure / Authentication Bypass C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass BanManager WebUI 1.5.8 - PHP Code Injection Gongwalker API Manager 1.1 - Cross-Site Request Forgery	2017-05-11 05:01:18 +00:00
Offensive Security	4e3947178d	DB: 2017-05-10 10 new exploits LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflows wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution Crypttech CryptoLog - Remote Code Execution (Metasploit) BSD/x86 - portbind port 31337 Shellcode (83 bytes) BSD/x86 - portbind port random Shellcode (143 bytes) BSD/x86 - Portbind Port 31337 Shellcode (83 bytes) BSD/x86 - Portbind Random Port Shellcode (143 bytes) BSD/x86 - execve /bin/sh Crypt /bin/sh Shellcode (49 bytes) BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes) BSD/x86 - reverse 6969 portbind Shellcode (129 bytes) BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes) FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - portbind 4883 with auth Shellcode (222 bytes) FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes) FreeBSD/x86 - connect (Port 31337) Shellcode (102 bytes) FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes) Linux/x86 - execve Null Free Shellcode (Generator) Linux/x86 - Portbind Payload Shellcode (Generator) Windows XP SP1 - Portbind Payload Shellcode (Generator) Linux/x86 - execve Null-Free Shellcode (Generator) Linux/x86 - Portbind Shellcode (Generator) Windows XP SP1 - Portbind Shellcode (Generator) Linux/x86 - cmd Null Free Shellcode (Generator) Linux/x86 - cmd Null-Free Shellcode (Generator) Cisco IOS - Connectback (Port 21) Shellcode Cisco IOS - Connectback Port 21 Shellcode Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind Shellcode (276 bytes) Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes) Linux/SPARC - portbind port 8975 Shellcode (284 bytes) Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes) Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes) Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes) Linux/x86 - bindport 8000 & execve iptables -F Shellcode (176 bytes) Linux/x86 - bindport 8000 & add user with root access Shellcode (225+ bytes) Linux/x86 - 8000 Bind Port ASM Code Linux Shellcode (179 bytes) Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes) Linux/x86 - connect-back port UDP/54321 live packet capture Shellcode (151 bytes) Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes) Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Connect Back Port 8192.send.exit /etc/shadow Shellcode (155 bytes) Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes) Linux/x86 - setuid/portbind (Port 31337) Shellcode (96 bytes) Linux/x86 - portbind (2707) Shellcode (84 bytes) Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes) Linux/x86 - Portbind 2707 Shellcode (84 bytes) Linux/x86 - SET_PORT() portbind 31337/TCP Shellcode (100 bytes) Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes) Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes) Linux/x86 - portbind (port 64713) Shellcode (86 bytes) Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes) Linux/x86 - Portbind Port 64713 Shellcode (86 bytes) Linux/x86 - portbind port 5074 toupper Shellcode (226 bytes) Linux/x86 - Add user 't00r' encrypt Shellcode (116 bytes) Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes) Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes) Linux/x86 - portbind port 5074 Shellcode (92 bytes) Linux/x86 - portbind port 5074 + fork() Shellcode (130 bytes) Linux/x86 - Add user 't00r' Shellcode (82 bytes) Linux/x86 - Portbind Port 5074 Shellcode (92 bytes) Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes) Linux/x86 - Add User 't00r' Shellcode (82 bytes) Linux/x86-64 - bindshell port 4444 Shellcode (132 bytes) Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes) NetBSD/x86 - callback Shellcode (port 6666) (83 bytes) NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes) OpenBSD/x86 - portbind port 6969 Shellcode (148 bytes) OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes) Solaris/SPARC - portbind (port 6666) Shellcode (240 bytes) Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes) Solaris/SPARC - portbind port 6789 Shellcode (228 bytes) Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes) Solaris/SPARC - portbinding Shellcode (240 bytes) Solaris/x86 - portbind/TCP Shellcode (Generator) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free Shellcode (39 bytes) Solaris/SPARC - Portbind Shellcode (240 bytes) Solaris/x86 - Portbind TCP Shellcode (Generator) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes) Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 Shellcode Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode Win32 - telnetbind by Winexec 23 port Shellcode (111 bytes) Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes) Win32 XP SP2 FR - Sellcode cmd.exe Shellcode (32 bytes) Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes) Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - download and execute Shellcode (124 bytes) Win32 - Download & Execute Shellcode (124 bytes) Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes) Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes) Windows XP - download and exec source Shellcode Windows XP SP1 - Portshell on port 58821 Shellcode (116 bytes) Windows XP - Download & Exec Shellcode Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes) Win64 - (URLDownloadToFileA) download and execute Shellcode (218+ bytes) Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes) Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 Shellcode FreeBSD/x86 - portbind (Port 1337) Shellcode (167 bytes) Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes) Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes) Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes) Windows XP Professional SP2 (English) - Message Box Null-Free Shellcode (16 bytes) Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes) Win32 XP SP2 FR - calc Shellcode (19 bytes) Win32 XP SP2 (FR) - calc Shellcode (19 bytes) Win32 XP SP3 English - cmd.exe Shellcode (26 bytes) Win32 XP SP2 Turkish - cmd.exe Shellcode (26 bytes) Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes) Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes) Windows XP Home Edition SP2 English - calc.exe Shellcode (37 bytes) Windows XP Home Edition SP3 English - calc.exe Shellcode (37 bytes) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Windows XP Professional SP2 ITA - calc.exe Shellcode (36 bytes) Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes) Windows XP SP2 FR - Download and Exec Shellcode Windows XP SP2 (FR) - Download & Exec Shellcode Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes) Windows 7 Professional SP1 x64 (FR) - (Beep) Shellcode (39 bytes) Linux/x86 - netcat connect back port 8080 Shellcode (76 bytes) Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes) Linux/x86-64 - Add root user _shell-storm_ with password _leet_ Shellcode (390 bytes) Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes) Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86 - bind shell port 64533 Shellcode (97 bytes) Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes) Linux - 125 bind port to 6778 XOR encoded polymorphic Shellcode (125 bytes) Linux - _nc -lp 31337 -e /bin//sh_ polymorphic Shellcode (91 bytes) Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes) Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes) Linux/x86 - netcat bindshell port 8080 Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes) Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes) BSD/x86 - bindshell on port 2525 Shellcode (167 bytes) BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes) Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes) Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes) Win32/XP Pro SP3 (EN) x86 - Add new local administrator _secuid0_ Shellcode (113 bytes) Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes) ARM - Bindshell port 0x1337 Shellcode Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes) Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes) ARM - Bindshell Port 0x1337 Shellcode OSX/Intel (x86-64) - setuid shell Shellcode (51 bytes) OSX/Intel x86-64 - setuid shell Shellcode (51 bytes) Win32 - speaking Shellcode Win32 - Speaking 'You got pwned!' Shellcode BSD/x86 - 31337 portbind + fork Shellcode (111 bytes) BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes) Linux/x86 - netcat bindshell port 6666 Shellcode (69 bytes) Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes) Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes) Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes) Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes) Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes) Linux/MIPS - connect back Shellcode (port 0x7a69) (168 bytes) Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes) Windows XP Pro SP3 - Full ROP calc Shellcode (428 bytes) Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes) Windows RT ARM - Bind Shell (Port 4444) Shellcode Windows RT ARM - Bind Shell Port 4444 Shellcode Windows - Add Admin User _BroK3n_ Shellcode (194 bytes) Windows - Add Administrator 'BroK3n' Shellcode (194 bytes) Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password) Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download & execute Shellcode (Generator) Windows XP x86-64 - Download & Execute Shellcode (Generator) Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes) Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes) Win32/XP SP3 - Create (_file.txt_) Shellcode (83 bytes) Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes) Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes) OSX/x86-64 - /bin/sh Null Free Shellcode (34 bytes) OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes) OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes) OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes) Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes) Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes) Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes) Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes) Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator) Windows XP < 10 - WinExec Null-Free Shellcode (Python) (Generator) Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes) Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes) Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes) Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes) Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes) Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes) Linux/x86-64 - bindshell (Port 5600) Shellcode (81 bytes) Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes) Linux/x86-64 - bindshell (Port 5600) Shellcode (86 bytes) Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes) Linux/x86 - Bind TCP Port 1472 (IPv6) Shellcode (1250 bytes) Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes) Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes) Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes) Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes) Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes) Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes) Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes) Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes) Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes) Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes) Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes) Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes) Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes) Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes) Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes) LogRhythm Network Monitor - Authentication Bypass / Command Injection I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting	2017-05-10 05:01:16 +00:00
Offensive Security	6f37b94a66	DB: 2017-05-09 5 new exploits RPCBind / libtirpc - Denial of Service Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH) Xen 64bit PV Guest - pagetable use-after-type-change Breakout Linux/x86 - Disable ASLR Shellcode (80 bytes) Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)	2017-05-09 04:46:38 +00:00
Offensive Security	64159294a8	DB: 2017-05-06 3 new exploits CloudBees Jenkins 2.32.1 - Java Deserialization Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free Apple Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free FOSS Gallery Public 1.0 - Arbitrary File Upload / Information (c99) FOSS Gallery Public 1.0 - Arbitrary File Upload 1024 CMS 1.4.4 - Remote Command Execution with Remote File Inclusion (c99) 1024 CMS 1.4.4 - Remote Command Execution / Remote File Inclusion ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion (c99) ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion C99Shell 1.0 Pre-Release build 16 - 'Ch99.php' Cross-Site Scripting C99Shell 1.0 Pre-Release build 16 - 'ch99.php' Cross-Site Scripting C99.php Shell - Authentication Bypass C99 Shell - 'c99.php' Authentication Bypass WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery	2017-05-06 05:01:18 +00:00
Offensive Security	8f3ada9286	DB: 2017-05-05 3 new exploits Internet Explorer 11 - CMarkup::DestroySplayTree Use-After-Free Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-Free Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free WordPress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit WordPress 2.6.1 - SQL Column Truncation Admin Takeover Exploit WordPress Core & Plugins - Privileges Unchecked in admin.php / Multiple Information WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures WordPress 2.8.1 - (url) Cross-Site Scripting WordPress 2.8.1 - 'url' Cross-Site Scripting WordPress 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 NS8.1) WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-comments-post.php Remote File Inclusion Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-feed.php Remote File Inclusion Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-trackback.php Remote File Inclusion Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-comments-post.php' Remote File Inclusion Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-feed.php' Remote File Inclusion Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-trackback.php' Remote File Inclusion WordPress 2.x - PHP_Self Cross-Site Scripting WordPress < 2.1.2 - PHP_Self Cross-Site Scripting WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection WordPress 4.6 - Unauthenticated Remote Code Execution WordPress < 4.7.4 - Unauthorized Password Reset	2017-05-05 05:01:18 +00:00
Offensive Security	b473ba51f3	DB: 2017-05-04 5 new exploits Internet Explorer 11 - CMarkup::DestroySplayTree Use-After-Free Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution	2017-05-04 05:01:18 +00:00
Offensive Security	6515e26356	DB: 2017-05-03 1 new exploits MySQL <= 5.6.35 / <= 5.7.17 - Integer Overflow MySQL < 5.6.35 / < 5.7.17 - Integer Overflow Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit) Tuleap Project Wiki 8.3 <= 9.6.99.86 - Command Injection Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection	2017-05-03 05:01:17 +00:00
Offensive Security	4aa75d9fe9	DB: 2017-05-02 5 new exploits MySQL <= 5.6.35 / <= 5.7.17 - Integer Overflow HideMyAss Pro VPN Client for OS X 2.2.7.0 - Privilege Escalation HideMyAss Pro VPN Client for macOS 3.x - Privilege Escalation Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities Tuleap Project Wiki 8.3 <= 9.6.99.86 - Command Injection	2017-05-02 05:01:18 +00:00
Offensive Security	e4147fb21e	DB: 2017-05-01 5 new exploits Panda Free Antivirus - 'PSKMAD.sys' Denial of Service IrfanView 4.44 - Denial of Service Emby MediaServer 3.2.5 - SQL Injection Emby MediaServer 3.2.5 - Password Reset Emby MediaServer 3.2.5 - Directory Traversal	2017-05-01 05:01:18 +00:00
Offensive Security	72f98fab1c	DB: 2017-04-28 5 new exploits Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption Microsoft Office Word - Malicious Hta Execution (Metasploit) Microsoft Office Word - '.RTF' Malicious HTA Execution (Metasploit) Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit) TYPO3 News Module - SQL Injection Simple File Uploader - Arbitrary File Download Easy File Uploader - Arbitrary File Upload	2017-04-28 05:01:19 +00:00
Offensive Security	0278b1993d	DB: 2017-04-27 1 new exploits Oracle VM VirtualBox 3D Acceleration - Multiple Vulnerabilities Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery	2017-04-27 05:01:18 +00:00
Offensive Security	9e9bf495c2	DB: 2017-04-26 26 new exploits PHP 5.4.0RC6 (x64t) - Denial of Service PHP 5.4.0RC6 (x64) - Denial of Service Evostream Media Server 1.7.1 (x64) - Denial of Service PrivateTunnel Client 2.8 - Local Buffer Overflow (SEH) VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write Dmitry 1.3a - Local Buffer Overflow Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write Apple Safari - Array concat Memory Corruption Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free VirtualBox - Cooperating VMs can Escape from Shared Folder PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation Dell Customer Connect 1.3.28.0 - Privilege Escalation LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit Nginx 1.4.0 (Generic Linux x64) - Remote Exploit Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution Microsoft Office Word - Malicious Hta Execution (Metasploit) WePresent WiPG-1000 - Command Injection (Metasploit) OSX/Intel - setuid shell x86_64 Shellcode (51 bytes) OSX/Intel (x86-64) - setuid shell Shellcode (51 bytes) OSX/Intel (x86_64) - reverse_tcp shell Shellcode (131 bytes) OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes) Linux x86 / x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes) Linux x86 / x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes) Linux x86 / x86_64 - Read /etc/passwd Shellcode (156 bytes) Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes) Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes) Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes) Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Linux/x86-64 - Reverse Shell Shellcode (84 bytes) FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery WordPress Plugin KittyCatfish 2.2 - SQL Injection WordPress Plugin Car Rental System 2.5 - SQL Injection WordPress Plugin Wow Viral Signups 2.1 - SQL Injection WordPress Plugin Wow Forms 2.1 - SQL Injection Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection October CMS 1.0.412 - Multiple Vulnerabilities	2017-04-26 05:01:18 +00:00
Offensive Security	dadce54852	DB: 2017-04-25 1 new exploits Microsoft Windows - 'afd.sys' (PoC) (MS11-046) Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) Easy MOV Converter 1.4.24 - Local Buffer Overflow (SEH)	2017-04-25 05:01:19 +00:00
g0tmi1k	a4fa3243c9	Merge pull request #88 from g0tmi1k/searchsploit Updated README output	2017-04-24 16:23:21 +01:00
g0tmi1k	a0a08b85e3	Updated README output	2017-04-24 16:21:27 +01:00
Offensive Security	ebb6cf8831	DB: 2017-04-24 2 new exploits SquirrelMail < 1.4.22 - Remote Code Execution Linux/x86 - Egg-hunter Shellcode (18 bytes)	2017-04-24 05:01:21 +00:00
g0tmi1k	513d76a8b8	Merge pull request #86 from g0tmi1k/searchsploit Add brew update support	2017-04-23 17:54:43 +01:00
Offensive Security	881dc9ebcc	DB: 2017-04-22	2017-04-22 05:01:18 +00:00
g0tmi1k	0c3de08656	Add brew update support	2017-04-21 11:48:37 +01:00
Offensive Security	5386bd7110	DB: 2017-04-21 10 new exploits Femitter FTP Server 1.03 - (RETR) Remote Denial of Service (PoC) Femitter FTP Server 1.03 - 'RETR' Remote Denial of Service (PoC) VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write Microsoft Windows 10 10586 - IEETWCollector Arbitrary Directory/File Deletion Privilege Escalation Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation 3proxy 0.5.3g (Linux) - proxy.c logurl() Remote Buffer Overflow 3proxy 0.5.3g (Windows x86) - proxy.c logurl() Remote Buffer Overflow 3proxy 0.5.3g - proxy.c logurl() Remote Overflow (exec-shield) 3proxy 0.5.3g (Linux) - 'proxy.c' 'logurl()' Remote Buffer Overflow 3proxy 0.5.3g (Windows x86) - 'proxy.c' 'logurl()' Remote Buffer Overflow 3proxy 0.5.3g - (exec-shield) 'proxy.c' 'logurl()' Remote Overflow 3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl) 3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl) Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripting	2017-04-21 05:01:18 +00:00
Offensive Security	e4eda3f58a	DB: 2017-04-20	2017-04-20 05:01:17 +00:00
Offensive Security	3c86b861c2	DB: 2017-04-19 4 new exploits Microsoft Windows - Uncredentialed SMB RCE (MS17-010) (Metasploit) Microsoft Windows - Unauthenticated SMB Remote Code Execution (MS17-010) (Metasploit) pinfo 0.6.9 - Local Buffer Overflow Tenable Appliance < 4.5 - Unauthenticated Remote Root Code Execution Microsoft Word - .RTF Remote Code Execution Huawei HG532n - Command Injection (Metasploit)	2017-04-19 05:01:17 +00:00
Offensive Security	cc2ec16c5d	DB: 2017-04-18 3 new exploits WinSCP 5.9.4 - 'LIST' Denial of Service (Metasploit) Microsoft Windows - Uncredentialed SMB RCE (MS17-010) (Metasploit) Openexpert 0.5.17 - SQL Injection Openexpert 0.5.17 - 'area_id' Parameter SQL Injection Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset	2017-04-18 05:01:21 +00:00
Offensive Security	18df65f3e4	DB: 2017-04-17 1 new exploits Microsoft IIS - Malformed HTTP Request Denial of Service (cpp) Microsoft IIS - Malformed HTTP Request Denial of Service VirusChaser 8.0 - Buffer Overflow (SEH)	2017-04-17 05:01:16 +00:00
Offensive Security	b725a55435	DB: 2017-04-16 1 new exploits HP-UX B11.11 - /usr/bin/ct Local Format String Privilege Escalation HP-UX B11.11 - '/usr/bin/ct' Format String Privilege Escalation rsync 2.5.7 - Local Stack Overflow Privilege Escalation rsync 2.5.7 - Stack Overflow Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow Privilege Escalation Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Local Kernel Mode Privilege Escalation Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Kernel Mode Privilege Escalation MSI - 'NTIOLib.sys' / 'WinIO.sys' Local Privilege Escalation MSI - 'NTIOLib.sys' / 'WinIO.sys' Privilege Escalation Linux Kernel UDEV < 1.4.1 - Netlink Privilege Escalation (Metasploit) Linux Kernel UDEV < 1.4.1 - 'Netlink' Privilege Escalation (Metasploit) Apache::Gallery 0.4/0.5/0.6 - Insecure Local File Storage Privilege Escalation Apache::Gallery 0.4/0.5/0.6 - Insecure File Storage Privilege Escalation Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow Privilege Escalation (1) Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow Privilege Escalation (1) Symantec Workspace Virtualization 6.4.1895.0 - Local Kernel Mode Privilege Escalation Symantec Workspace Virtualization 6.4.1895.0 - Kernel Mode Privilege Escalation Microsoft Windows - 'NDPROXY' Local SYSTEM Privilege Escalation (MS14-002) Microsoft Windows - 'NDPROXY' SYSTEM Privilege Escalation (MS14-002) Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation Microsoft Windows - Local procedure Call (LPC) Privilege Escalation Microsoft Windows - Local Procedure Call (LPC) Privilege Escalation Symantec Encryption Desktop 10 - Local Buffer Overflow Privilege Escalation Symantec Encryption Desktop 10 - Buffer Overflow Privilege Escalation Wowza Streaming Engine 4.5.0 - Local Privilege Escalation Wowza Streaming Engine 4.5.0 - Privilege Escalation PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation Linux Kernel 4.8.0 UDEV < 232 - Privilege Escalation PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Local Kernel Exploit PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Kernel Privilege Escalation	2017-04-16 05:01:17 +00:00
Offensive Security	8c4e598118	DB: 2017-04-15 1 new exploits Microsoft Windows Kernel win32k.sys - Multiple Bugs in the NtGdiGetDIBitsInternal System Call Microsoft Windows Kernel - 'win32k.sys' Multiple Issues 'NtGdiGetDIBitsInternal' System Call Adobe Creative Cloud Desktop Application <= 4.0.0.185 - Privilege Escalation Adobe Creative Cloud Desktop Application < 4.0.0.185 - Privilege Escalation Concrete5 - index.php/tools/required/files/replace searchInstance Parameter Cross-Site Scripting Concrete5 - index.php/tools/required/files/add_to searchInstance Parameter Cross-Site Scripting Concrete5 - index.php/tools/required/files/Permissions searchInstance Parameter Cross-Site Scripting Concrete5 - index.php/tools/required/Dashboard/sitemap_data.php Multiple Parameter Cross-Site Scripting Concrete5 - index.php/tools/required/files/search_dialog ocID Parameter Cross-Site Scripting Concrete5 - index.php/tools/required/files/customize_search_columns searchInstance Parameter Cross-Site Scripting Concrete5 - index.php/tools/required/files/search_results searchInstance Parameter Cross-Site Scripting Concrete5 - index.php/tools/required/sitemap_search_selector Multiple Parameter Cross-Site Scripting Concrete5 - index.php/tools/required/files/import Multiple Parameter Cross-Site Scripting Concrete5 - index.php/tools/required/files/bulk_properties searchInstance Parameter Cross-Site Scripting Concrete5 8.1.0 - 'Host' Header Injection	2017-04-15 05:01:18 +00:00
Offensive Security	aabd4b35b3	DB: 2017-04-14 12 new exploits Microsoft Windows Kernel win32k.sys - Multiple Bugs in the NtGdiGetDIBitsInternal System Call Microsoft Windows Kernel - 'win32kfull!SfnINLPUAHDRAWMENUITEM' Stack Memory Disclosure PonyOS 3.0 - tty ioctl() Local Kernel Exploit PonyOS 3.0 - TTY 'ioctl()' Local Kernel Exploit Solaris 7 - 11 (x86 & SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation Solaris 7 < 11 (x86 / SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation GNS3 Mac OS-X 1.5.2 - 'ubridge' Privilege Escalation PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Local Kernel Exploit Adobe Creative Cloud Desktop Application <= 4.0.0.185 - Privilege Escalation Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak) Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage Exploit Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution Linux/x86-64 - execve(_/bin/sh_) Shellcode (31 bytes) Coppermine Gallery < 1.5.44 - Directory Traversal Weaknesses SedSystems D3 Decimator - Multiple Vulnerabilities agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)	2017-04-14 05:01:15 +00:00
Offensive Security	2ac6fc17c2	DB: 2017-04-13 3 new exploits Solaris 7 - 11 (x86 & SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation Cisco Catalyst 2960 IOS 12.2(55)SE11 - 'ROCEM' Remote Code Execution D-Link DWR-116 / DWR-116A1 - Arbitrary File Download	2017-04-13 05:01:16 +00:00
Offensive Security	814ba132f8	DB: 2017-04-12 18 new exploits Apple WebKit - 'JSC::B3::Procedure::resetReachability' Use-After-Free Apple WebKit - 'Document::adoptNode' Use-After-Free Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow Proxifier for Mac 2.18 - Multiple Vulnerabilities Proxifier for Mac 2.17 / 2.18 - Privesc Escalation Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout Quest Privilege Manager 6.0.0 - Arbitrary File Write Adobe Multiple Products - XML Injection File Content Disclosure MyClassifiedScript 5.1 - SQL Injection Social Directory Script 2.0 - SQL Injection FAQ Script 3.1.3 - 'category_id' Parameter SQL Injection WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal Brother MFC-J6520DW - Authentication Bypass / Password Change Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element	2017-04-12 05:01:16 +00:00
Offensive Security	341f44bf34	DB: 2017-04-11 4 new exploits Moxa MXview 2.8 - Denial of Service Moxa MXview 2.8 - Private Key Disclosure Moxa MX AOPC-Server 1.5 - XML External Entity Injection Jobscript4Web 4.5 - Authentication Bypass	2017-04-11 05:01:16 +00:00
Offensive Security	ddb02a2ec6	DB: 2017-04-08 16 new exploits Aztek Forum 4.00 - 'myadmin.php' User Privilege Escalation Aztek Forum 4.0 - 'myadmin.php' User Privilege Escalation Intellinet NFC-30IR Camera - Multiple Vulnerabilities Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery Invoice Template - 'hash' Parameter SQL Injection Document Management Template - 'hash' Parameter SQL Injection Shopping Cart Template - 'item' Parameter SQL Injection Calendar Template 2.0 - 'editid1' Parameter SQL Injection Forum Template 1.0 - SQL Injection Quiz Template 1.0 - 'testid' Parameter SQL Injection Survey Template 1.1 - 'masterkey1' Parameter SQL Injection My Gaming Ladder Combo System 7.5 - SQL Injection Ladder System 6.0 - 'faqid' Parameter SQL Injection WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection e107 CMS 2.1.4 - Cross-Site Request Forgery WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery	2017-04-08 05:01:18 +00:00
Offensive Security	7018b7742d	DB: 2017-04-07 7 new exploits Microsoft Windows - Explorer (.WMF) CreateBrushIndirect Denial of Service Microsoft Windows Explorer - '.WMF' CreateBrushIndirect Denial of Service Microsoft Windows - Explorer (.AVI) Unspecified Denial of Service Microsoft Windows Explorer - '.AVI' Unspecified Denial of Service Microsoft Windows - Explorer Unspecified .ANI File Denial of Service Microsoft Windows Explorer - Unspecified '.ANI' File Denial of Service Microsoft Windows - explorer.exe Gif Image Denial of Service Microsoft Windows Explorer - '.GIF' Image Denial of Service Microsoft Windows Media Player - AIFF Divide By Zero Exception Denial of Service (PoC) Microsoft Windows Media Player - '.AIFF' Divide By Zero Exception Denial of Service (PoC) Microsoft Windows - Explorer Unspecified .doc File Denial of Service Microsoft Windows Explorer - Unspecified '.doc' File Denial of Service Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit Microsoft Windows - GDI+ '.ICO' Remote Division By Zero Exploit DesignWorks Professional 4.3.1 - Local .CCT File Stack Buffer Overflow (PoC) DesignWorks Professional 4.3.1 - Local '.CCT' File Stack Buffer Overflow (PoC) IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service Microsoft Windows NT 4.0/2000 - TCP/IP Printing Service Denial of Service Microsoft Windows NT 4.0 / 2000 - LPC Zone Memory Depletion Denial of Service Microsoft Windows NT 4.0/2000 - LPC Zone Memory Depletion Denial of Service Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service Microsoft Windows NT/2000 - Terminal Server Service RDP Denial of Service Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1) Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2) Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (1) Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (2) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (1) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (2) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (3) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (4) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (1) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (2) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (3) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (4) Microsoft Windows XP/95/98/2000/NT 4 - 'Riched20.dll' Attribute Buffer Overflow Microsoft Windows XP/95/98/2000/NT 4.0 - 'Riched20.dll' Attribute Buffer Overflow Microsoft Windows XP/2000/NT 4 - Shell Long Share Name Buffer Overrun Microsoft Windows XP/2000/NT 4.0 - Shell Long Share Name Buffer Overrun Microsoft Windows Explorer - 'explorer.exe' .WMV File Handling Denial of Service Microsoft Windows Explorer - 'explorer.exe' '.WMV' File Handling Denial of Service Apple Mac OSX 10.4.x - iMovie HD .imovieproj Filename Format String Apple Mac OSX 10.4.x - Help Viewer .help Filename Format String Apple Mac OSX 10.4.x - iMovie HD '.imovieproj' Filename Format String Apple Mac OSX 10.4.x - Help Viewer '.help' Filename Format String Microsoft Windows XP/2003 - Explorer .WMF File Handling Denial of Service Microsoft Windows XP/2003 - Explorer '.WMF' File Handling Denial of Service Microsoft Windows Cursor - Object Potential Memory Leak (MS15-115) Microsoft Windows - Cursor Object Potential Memory Leak (MS15-115) Microsoft Windows Kernel win32k!OffsetChildren - Null Pointer Dereference Microsoft Windows Kernel - win32k!OffsetChildren Null Pointer Dereference Palo Alto Networks PanOS appweb3 - Stack Buffer Overflow Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow Cesanta Mongoose OS - Use-After-Free CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC) GLIBC (via /bin/su) - Privilege Escalation GLIBC - '/bin/su' Privilege Escalation cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation Microsoft Windows - NtRaiseHardError Csrss.exe Memory Disclosure Microsoft Windows - NtRaiseHardError 'Csrss.exe' Memory Disclosure Microsoft Windows Contacts - 'wab32res.dll' DLL Hijacking Microsoft Windows - Contacts 'wab32res.dll' DLL Hijacking Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (MS10-028) (Metasploit) Microsoft Visio - 'VISIODWG.dll' '.DXF' File Handling (MS10-028) (Metasploit) Microsoft Windows - Task Scheduler .XML Privilege Escalation (MS10-092) (Metasploit) Microsoft Windows - Task Scheduler '.XML' Privilege Escalation (MS10-092) (Metasploit) Microsoft Windows NT 4/2000 - DLL Search Path Microsoft Windows NT 4.0/2000 - DLL Search Path Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier - Multiple Vulnerabilities Microsoft Windows NT 4.0/2000 Predictable LPC Message Identifier - Multiple Vulnerabilities Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request (MS00-003) Microsoft Windows NT 4.0/2000 - Spoofed LPC Request (MS00-003) Microsoft Windows NT 3/4 - CSRSS Memory Access Violation Microsoft Windows NT 3/4.0 - CSRSS Memory Access Violation Microsoft Windows NT 4/2000 - NTFS File Hiding Microsoft Windows NT 4.0/2000 - NTFS File Hiding Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (1) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (2) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (3) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (4) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (5) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (6) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (7) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (8) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2) Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (1) Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (2) Microsoft Windows Server 2000 - Help Facility .CNT File :Link Buffer Overflow Microsoft Windows Server 2000 - Help Facility '.CNT' File :Link Buffer Overflow Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows NT 4.0/2000 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation Microsoft Windows 10 (Build 10130) - User Mode Font Driver Thread Permissions Privilege Escalation Palo Alto Networks PanOS root_reboot - Privilege Escalation Palo Alto Networks PanOS - root_reboot Privilege Escalation Oracle 9i / 10g - File System Access via utl_file Exploit Oracle 9i / 10g - 'utl_file' File System Access Exploit KDE 4.4.1 - Ksysguard Remote Code Execution via Cross Application Scripting KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting) QuickPHP Web Server Arbitrary - 'src .php' File Download QuickPHP Web Server - Arbitrary '.php' File Download Microsoft Windows Common Control Library (Comctl32) - Heap Overflow (MS10-081) Microsoft Windows - Common Control Library (Comctl32) Heap Overflow (MS10-081) Microsoft Internet Explorer 4 (Windows 95/NT 4) - Setupctl ActiveX Control Buffer Overflow Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4) - XML HTTP Redirect Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4.0) - XML HTTP Redirect Microsoft Windows NT 4/2000 - NetBIOS Name Conflict Microsoft Windows NT 4.0/2000 - NetBIOS Name Conflict X-Chat 1.2/1.3/1.4/1.5 - Command Execution Via URLs X-Chat 1.2/1.3/1.4/1.5 - Command Execution via URLs Microsoft Windows 95/98/2000/NT4 - WinHlp Item Buffer Overflow Microsoft Windows 95/98/2000/NT 4.0 - WinHlp Item Buffer Overflow Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow Microsoft Windows XP/2000/NT 4.0 - Help Facility ActiveX Control Buffer Overflow Microsoft Windows XP/2000/NT 4 - Locator Service Buffer Overflow Microsoft Windows XP/2000/NT 4.0 - Locator Service Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4 / SunOS 5 gethostbyname() - Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 gethostbyname() - Buffer Overflow Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (4) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (4) Microsoft Windows XP/2000/NT 4 - HTML Converter HR Align Buffer Overflow Microsoft Windows XP/2000/NT 4.0 - HTML Converter HR Align Buffer Overflow Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow Microsoft Windows NT 4.0/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow Cerulean Studios Trillian 3.0 - Remote .png Image File Parsing Buffer Overflow Cerulean Studios Trillian 3.0 - Remote '.png' Image File Parsing Buffer Overflow Zoom Player 3.30/5/6 - Crafted .ZPL File Error Message Arbitrary Code Execution Zoom Player 3.30/5/6 - Crafted '.ZPL' File Error Message Arbitrary Code Execution SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload Windows 10 x64 - Egghunter Shellcode (45 bytes) eFiction 2.0 - 'Fake .gif' Arbitrary File Upload eFiction 2.0 - Fake '.GIF' Arbitrary File Upload cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation (PHP) cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP) Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting Apple WebKit 10.0.2(12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting Apple WebKit 10.0.2 (12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure via XEE SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE) The Uploader 2.0.4 - (English/Italian) Arbitrary File Upload / Remote Code Execution (Metasploit) The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit) elFinder 2 - Remote Command Execution (Via File Creation) elFinder 2 - Remote Command Execution (via File Creation) Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize / Arbitrary Write File AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector AXIS Multiple Products - 'devtools ' Authenticated Remote Command Execution GeoMoose < 2.9.2 - Directory Traversal Moodle 2.x/3.x - SQL Injection HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution	2017-04-07 05:01:20 +00:00
Offensive Security	eed6486b7b	DB: 2017-04-06 6 new exploits macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow Apple macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability Apple macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution Apple macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free Apple macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking Apple macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption Apple macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking Apple macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device Apple macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free Apple macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read ImagePro Lazygirls Clone Script - SQL Injection Airbnb Crashpadder Clone Script - SQL Injection Premium Penny Auction Script - SQL Injection Sweepstakes Pro Software - SQL Injection Appointment Script - SQL Injection D-Link DIR-615 - Cross-Site Request Forgery	2017-04-06 05:01:18 +00:00
Offensive Security	6624e39c26	DB: 2017-04-05 31 new exploits macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking Broadcom Wi-Fi SoC - Heap Overflow in _wlc_tdls_cal_mic_chk_ Due to Large RSN IE in TDLS Setup Confirm Frame Apple WebKit 10.0.2 - HTMLInputElement Use-After-Free Apple WebKit - 'RenderLayer' Use-After-Free Apple WebKit - Negative-Size memmove in HTMLFormElement Apple WebKit - 'FormSubmission::create' Use-After-Free Apple WebKit - 'ComposedTreeIterator::traverseNextInShadowTree' Use-After-Free Apple WebKit - 'table' Use-After-Free Apple WebKit - 'WebCore::toJS' Use-After-Free macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device Bluecoat ASG 6.6/CAS 1.3 - Privilege Escalation (Metasploit) Bluecoat ASG 6.6/CAS 1.3 - OS Command Injection (Metasploit) Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow Exploit SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit) Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit) Broadcom Wi-Fi SoC - 'dhd_handle_swc_evt' Heap Overflow Pixie 1.0.4 - Arbitrary File Upload Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting Apple WebKit 10.0.2(12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting Maian Uploader 4.0 - 'index.php' keywords Parameter Cross-Site Scripting Maian Uploader 4.0 - admin/index.php keywords Parameter Cross-Site Scripting Maian Uploader 4.0 - admin/inc/header.php Multiple Parameter Cross-Site Scripting Maian Uploader 4.0 - 'keywords' Parameter Cross-Site Scripting Maian Uploader 4.0 - 'index.php' Cross-Site Scripting Maian Uploader 4.0 - 'header.php' Cross-Site Scripting Maian Uploader 4.0 - 'user' Parameter SQL Injection Maian Survey 1.1 - 'survey' Parameter SQL Injection Maian Greetings 2.1 - 'cat' Parameter SQL Injection	2017-04-05 05:01:18 +00:00
Offensive Security	8ce122cbaf	DB: 2017-04-04 3 new exploits BackBox OS - Denial of Service Apache Tomcat 6/7/8/9 - Information Disclosure Zyxel_ EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection	2017-04-04 05:01:25 +00:00
Offensive Security	3d6d1ee44b	DB: 2017-04-03	2017-04-03 05:01:17 +00:00
Offensive Security	0320cba051	DB: 2017-04-02 6 new exploits Microsoft Internet Explorer 11 - Crash PoC (1) Microsoft Internet Explorer 11 - Crash (PoC) (1) Microsoft Windows SQL Server - Denial of Service Remote Exploit (MS03-031) Microsoft Windows SQL Server - Remote Denial of Service (MS03-031) Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow PoC (MS03-046) Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (PoC) (MS03-046) Microsoft Windows - MSDTC Service Remote Memory Modification PoC (MS05-051) Microsoft Windows - MSDTC Service Remote Memory Modification (PoC) (MS05-051) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (1) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1) Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (1) Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (1) Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (3) Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (3) Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (2) Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (2) Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC (Metasploit) Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit) Microsoft Windows - DNS Resolution Remote Denial of Service PoC (MS06-041) Microsoft Windows - DNS Resolution Remote Denial of Service (PoC) (MS06-041) Microsoft Excel - Malformed Palette Record Denial of Service PoC (MS07-002) Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002) BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow PoCs BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs) Visual Basic - 'vbe6.dll' Local Stack Overflow PoC / Denial of Service Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC) Microsoft Internet Explorer GDI+ - PoC (MS08-052) Microsoft Internet Explorer GDI+ - (PoC) (MS08-052) Microsoft Windows - GDI+ PoC (MS08-052) (2) Microsoft Windows - GDI+ (PoC) (MS08-052) (2) Microsoft Windows - InternalOpenColorProfile Heap Overflow PoC (MS08-046) GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption PoC/Denial of Service Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046) GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Apple Safari - 'ARGUMENTS' Array Integer Overflow (PoC) (New Heap Spray) Adobe Acrobat Reader - JBIG2 Local Buffer Overflow PoC (2) Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC) (2) eZip Wizard 3.0 - Local Stack Buffer Overflow PoC (SEH) eZip Wizard 3.0 - Local Stack Buffer Overflow (PoC) (SEH) Chasys Media Player 1.1 - '.pls' Local Buffer Overflow PoC (SEH) Chasys Media Player 1.1 - '.pls' Local Buffer Overflow (PoC) (SEH) Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (1) Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (1) Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (2) Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (2) Microsoft Internet Explorer - EMBED Memory Corruption PoC (MS09-014) Microsoft Internet Explorer - EMBED Memory Corruption (PoC) (MS09-014) DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow PoCs DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs) AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow PoC (SEH) AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow (PoC) (SEH) MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC) otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs) JetAudio 7.5.3 COWON Media Center - '.wav' Crash Streaming Audio Player 0.9 - (skin) Local Stack Overflow PoC (SEH) Soritong MP3 Player 1.0 - (SKIN) Local Stack Overflow PoC (SEH) Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (PoC) (SEH) Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH) Tuniac 090517c - '.m3u' Local File Crash (PoC) HTML Email Creator & Sender 2.3 - Local Buffer Overflow PoC (SEH) HTML Email Creator & Sender 2.3 - Local Buffer Overflow (PoC) (SEH) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (1) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (2) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (1) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (2) BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow PoC (2) BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow (PoC) (2) Eureka Email Client 2.2q - PoC Buffer Overflow Eureka Email Client 2.2q - Buffer Overflow (PoC) Microsoft Windows 7 / Server 2008 R2 - Remote Kernel Crash Microsoft Windows 7 / 2008 R2 - Remote Kernel Crash Picpuz 2.1.1 - Buffer Overflow Denial of Service/PoC Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC) Total MultiMedia Features - Denial of Service PoC for Sony Ericsson Phones Total MultiMedia Features - Sony Ericsson Phones Denial of Service (PoC) Mozilla Firefox 3.6 - (XML parser) Memory Corruption PoC/Denial of Service Mozilla Firefox 3.6 - (XML parser) Memory Corruption (PoC) / Denial of Service iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service/PoC iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service (PoC) RCA DCM425 Cable Modem - micro_httpd Denial of Service/PoC RCA DCM425 Cable Modem - 'micro_httpd' Denial of Service (PoC) Free MP3 CD Ripper 2.6 - '.wav' PoC Free MP3 CD Ripper 2.6 - '.wav' (PoC) Anyzip 1.1 - '.zip' PoC (SEH) Anyzip 1.1 - '.zip' (PoC) (SEH) Microsoft Windows - SMB Client-Side Bug PoC (MS10-006) Microsoft Windows - SMB Client-Side Bug (PoC) (MS10-006) Webby WebServer - PoC SEH control Webby WebServer - SEH Control (PoC) FreeBSD 8.0 ftpd - off-by one PoC (FreeBSD-SA-10:05) FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off- By One (PoC) Microsoft Windows Vista/Server 2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free AoAAudioExtractor 2.0.0.0 - ActiveX PoC (SEH) AoAAudioExtractor 2.0.0.0 - ActiveX (PoC) (SEH) Mozilla Firefox - Memory Corruption PoC (Simplified) Mozilla Firefox - (Simplified) Memory Corruption (PoC) Microsoft Windows - Win32k Pointer Dereferencement PoC (MS10-098) Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098) Elecard MPEG Player 5.7 - Local Buffer Overflow PoC (SEH) Elecard MPEG Player 5.7 - Local Buffer Overflow (PoC) (SEH) Microsoft Windows XP - WmiTraceMessageVa Integer Truncation PoC (MS11-011) Microsoft Windows XP - WmiTraceMessageVa Integer Truncation (PoC) (MS11-011) Real player 14.0.2.633 - Buffer Overflow / Denial of ServiceExploit Real player 14.0.2.633 - Buffer Overflow / Denial of Service IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - '.ICO' With Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - '.ICO' Without Transparent Colour Denial of Service / Remote Denial of Service Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel Denial of Service Microsoft Windows Vista/2008 - 'nsiproxy.sys' Local Kernel Denial of Service D-Link DSL-2650U - Denial of Service/PoC D-Link DSL-2650U - Denial of Service (PoC) Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun PoC (MS11-077) Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun (PoC) (MS11-077) Opera 11.52 - PoC Denial of Service Opera 11.52 - Denial of Service (PoC) Microsoft Win32k - Null Pointer De-reference PoC (MS11-077) Microsoft Win32k - Null Pointer De-reference (PoC) (MS11-077) Microsoft Windows - 'afd.sys' PoC (MS11-046) Microsoft Windows - 'afd.sys' (PoC) (MS11-046) Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (MS12-034) Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE (PoC) (MS12-034) Wyse - Machine Remote Power off (DOS) without any Privilege (Metasploit) Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit) Microsoft Windows Server 2000/NT 4.0 - TCP/IP Printing Service Denial of Service Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Crash PoC (Null Pointer Dereference) Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (PoC) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5) Microsoft Windows Server 2000/NT - Terminal Server Service RDP Denial of Service Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (1) Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (2) Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1) Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2) Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2) Microsoft PoCket Internet Explorer 3.0 - Denial of Service Microsoft Pocket Internet Explorer 3.0 - Denial of Service Microsoft Windows - HWND_BROADCAST PoC (MS13-005) Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005) Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash PoC Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash (PoC) Apple Safari 3 for Windows - Document.Location Denial of Service Apple Safari 3 for Windows - 'Document.Location' Denial of Service PotPlayer 1.5.42509 Beta - Denial of Service (Integer Division by Zero Exploit) PotPlayer 1.5.42509 Beta - Integer Division by Zero Denial of Service Apple Safari 3.0.x - for Windows Document.Location.Hash Buffer Overflow Apple Safari 3.0.x for Windows - 'Document.Location.Hash' Buffer Overflow Android Web Browser - GIF File Heap Based Buffer Overflow Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow Android Web Browser - BMP File Integer Overflow Google Android Web Browser - '.BMP' File Integer Overflow Gold MP4 Player 3.3 - Buffer Overflow PoC (SEH) Gold MP4 Player 3.3 - Buffer Overflow (PoC) (SEH) Microsoft Windows Server 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service Microsoft Windows Vista/2003 - 'UnhookWindowsHookEx' Local Denial of Service Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035) Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035) Microsoft Internet Explorer - Memory Corruption PoC (MS14-029) Microsoft Internet Explorer - Memory Corruption (PoC) (MS14-029) UniPDF 1.1 - Crash (PoC) (SEH) Brasero CD/DVD Burner 3.4.1 - '.m3u' Buffer Overflow Crash (PoC) Microsoft Windows - 'HTTP.sys' PoC (MS15-034) Microsoft Windows - 'HTTP.sys' (PoC) (MS15-034) UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC) Microsoft Internet Explorer 11 - Crash PoC (2) Microsoft Internet Explorer 11 - Crash (PoC) (2) Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow QNX RTOS 6.3.0 - Insecure rc.local Permissions Plus System Crash QNX RTOS 6.3.0 - Insecure 'rc.local' Permissions System Crash / Privilege Escalation Microsoft Windows - NtClose DeadLock PoC (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030) Microsoft Windows - NtClose DeadLock (PoC) (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation (PoC) (MS06-030) PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - zip:// URL Wrapper Buffer Overflow PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - 'zip://' URL Wrapper Buffer Overflow Apache Tomcat (Windows) - runtime.getRuntime().exec() Privilege Escalation Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Privilege Escalation Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow PoC (SEH) Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow (PoC) (SEH) Streaming Audio Player 0.9 - (skin) Local Stack Overflow (SEH) Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (SEH) Tuniac 090517c - '.m3u' Local File Crash (PoC) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (1) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (1) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3) Microsoft HTML Help Workshop 4.74 - '.hhp' Index Buffer Overflow (Metasploit) (3) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (2) Microsoft HTML Help Workshop 4.74 - '.hhp' Cotent Buffer Overflow (Metasploit) (2) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (2) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (2) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4) Microsoft HTML Help Workshop 4.74 - '.hhp' compiled Buffer Overflow (Metasploit) (4) Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (without egg-hunter) (Metasploit) Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without Egg-Hunter) (Metasploit) PHP 5.3.6 - Buffer Overflow PoC (ROP) PHP 5.3.6 - Buffer Overflow (ROP) (PoC) Microsoft Windows Server 2000/NT 4 - DLL Search Path Microsoft Windows NT 4/2000 - DLL Search Path Microsoft Windows Server 2000/NT 4 - NTFS File Hiding Microsoft Windows NT 4/2000 - NTFS File Hiding Microsoft Windows Server 2000/NT 4.0 - Process Handle Local Privilege Elevation Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (1) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (2) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (3) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (4) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (5) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (6) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (7) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (8) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8) Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (1) Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (2) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2) Microsoft Windows Server 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows Server 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_parameters' Argument Arbitrary File Creation Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit) Microsoft Windows Server 2003/2008/XP/Vista - WMI Service Isolation Privilege Escalation Microsoft Windows XP/Vista/2003/2008 - WMI Service Isolation Privilege Escalation Adobe Reader for Android - addJavascriptInterface Exploit (Metasploit) Adobe Reader for Android - 'addJavascriptInterface' Exploit (Metasploit) UniPDF 1.1 - Crash PoC (SEH overwritten) Brasero CD/DVD Burner 3.4.1 - 'm3u' Buffer Overflow Crash (PoC) UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass PoC (MS15-052) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052) Android - get_user/put_user Exploit (Metasploit) Google Android - get_user/put_user Exploit (Metasploit) Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#) Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#) Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (2) Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit) Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit) MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit) MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit) ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (1) Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (1) Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2) Ultr@VNC 1.0.1 - client Log::ReallyPrint Buffer Overflow Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow (Metasploit) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (1) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (1) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2) Microsoft Internet Explorer 7 - Arbitrary File Rewrite PoC (MS07-027) Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (1) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) ImageStation - 'SonyISUpload.cab 1.0.0.38' ActiveX Buffer Overflow ImageStation - 'SonyISUpload.cab' 1.0.0.38 ActiveX Buffer Overflow IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow Microsoft XML Core Services DTD - Cross-Domain Scripting PoC (MS08-069) Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption PoC (MS09-002) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002) Apple Mac OSX - Java applet Remote Deserialization Remote PoC (2) Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2) Microsoft Windows live messenger plus! fileserver 1.0 - Directory Traversal Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal JetAudio 7.5.3 COWON Media Center - '.wav' Crash DistCC Daemon - Command Execution (Metasploit) (1) DistCC Daemon - Command Execution (Metasploit) Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit) mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit) Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit) mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit) Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (1) Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) Veritas NetBackup - Remote Command Execution (Metasploit) (1) Veritas NetBackup - Remote Command Execution (Metasploit) Pegasus Mail Client 4.51 - PoC Buffer Overflow Pegasus Mail Client 4.51 - Buffer Overflow (PoC) Irix LPD tagprinter - Command Execution (Metasploit) (1) Irix LPD tagprinter - Command Execution (Metasploit) Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (1) Xtacacsd 4.1.2 - 'report()' Buffer Overflow (Metasploit) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (1) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) Tandberg E & EX & C Series Endpoints - Default Credentials for Root Account Tandberg E & EX & C Series Endpoints - Default Root Account Credentials Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (2) Veritas NetBackup - Remote Command Execution (Metasploit) (2) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (2) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (2) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (1) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (2) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (1) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (2) httpdx - tolog() Function Format String (Metasploit) (1) httpdx - 'tolog()' Function Format String (Metasploit) (1) Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1) Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) httpdx - tolog() Function Format String (Metasploit) (2) httpdx - 'tolog()' Function Format String (Metasploit) (2) Irix LPD tagprinter - Command Execution (Metasploit) (2) Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (2) DistCC Daemon - Command Execution (Metasploit) (2) HP Data Protector Client 6.11 - EXEC_SETUP Remote Code Execution PoC (ZDI-11-056) HP Data Protector Client 6.11 - EXEC_CMD Remote Code Execution PoC (ZDI-11-055) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC) Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (1) Mozilla Firefox 3.6.16 (Windows) - mChannel Use-After-Free (Metasploit) (1) Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit) Opera 10/11 - Bad Nesting with Frameset Tag Memory Corruption (Metasploit) Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (2) Mozilla Firefox 3.6.16 (OSX) - mChannel Use-After-Free (Metasploit) (2) HP SiteScope - Remote Code Execution (Metasploit) (1) HP SiteScope (Linux/Windows) - Remote Code Execution (Metasploit) Microsoft Windows Server 2000/NT 4/XP - Help Facility ActiveX Control Buffer Overflow Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow Microsoft Windows Server 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow thttpd 2.2x - defang Remote Buffer Overflow thttpd 2.2x - 'defang' Remote Buffer Overflow Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (2) Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit) Dovecot with Exim - sender_address Parameter Remote Command Execution Dovecot with Exim - 'sender_address' Parameter Remote Command Execution HP SiteScope - Remote Code Execution (Metasploit) (2) HP SiteScope (Windows) - Remote Code Execution (Metasploit) Western Digital Arkeia - Remote Code Execution (Metasploit) (1) Western Digital Arkeia < 10.0.10 - Remote Code Execution (Metasploit) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (2) Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (1) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) Western Digital Arkeia - Remote Code Execution (Metasploit) (2) Western Digital Arkeia < 11.0.12 - Remote Code Execution (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) E-Uploader Pro 1.0 - Image Upload with Code Execution E-Uploader Pro 1.0 - Image Upload / Code Execution ASPapp Knowledge Base - 'CatId' Parameter SQL Injection ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (1) ASPapp KnowledgeBase - 'catid' Parameter SQL Injection ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (2) ea-gBook 0.1 - Remote Command Execution with Remote File Inclusion (c99) ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion (c99) Flatchat 3.0 - 'pmscript.php with' Local File Inclusion Flatchat 3.0 - 'pmscript.php' Local File Inclusion Joomla! Component huruhelpdesk - SQL Injection Joomla! Component Huru Helpdesk - SQL Injection (1) PGAUTOPro - SQL Injection / Cross-Site Scripting PGAUTOPro - SQL Injection / Cross-Site Scripting (1) Joomla! Component Huru Helpdesk - SQL Injection Joomla! Component Huru Helpdesk - SQL Injection (2) SoftwareDEP Classified Script 2.5 - SQL Injection SoftwareDEP Classified Script 2.5 - SQL Injection (1) WordPress Plugin pay with tweet 1.1 - Multiple Vulnerabilities WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities Software DEP Classified Script 2.5 - SQL Injection SoftwareDEP Classified Script 2.5 - SQL Injection (2) Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (1) Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (2) Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1) Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2) OnlineArts DailyDose 1.1 - Denial of Servicee.pl Remote Command Execution OnlineArts DailyDose 1.1 - 'dose.pl' Remote Command Execution PHPOpenChat 2.3.4/3.0.1 - PoC_loginform.php phpbb_root_path Parameter Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - PoC.php Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php' phpbb_root_path Parameter Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion ActiveNews Manager - 'articleId' Parameter SQL Injection ActiveNews Manager - 'articleId' Parameter SQL Injection (1) Active News Manager - 'articleId' Parameter SQL Injection ActiveNews Manager - 'articleId' Parameter SQL Injection (2) Sagem Fast 3304-V2 - Authentication Bypass Sagem Fast 3304-V2 - Authentication Bypass (1) PG Auto Pro - SQL Injection / Cross-Site Scripting PGAUTOPro - SQL Injection / Cross-Site Scripting (2) Sagem FAST3304-V2 - Authentication Bypass Sagem FAST3304-V2 - Authentication Bypass (2) Trend Micro - Multiple HTTP Problems with CoreServiceShell.exe Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues phpATM 1.32 - Arbitrary File Upload / Remote Command Execution (Windows Servers) phpATM 1.32 (Windows) - Arbitrary File Upload / Remote Command Execution Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)	2017-04-02 05:01:18 +00:00
Offensive Security	52fd3d8a20	DB: 2017-04-01 2 new exploits Microsoft Windows Server 2003/XP - Samba Share Resource Exhaustion Exploit Microsoft Windows XP/2003 - Samba Share Resource Exhaustion Exploit Microsoft Windows Server 2000/XP - TCP Connection Reset Remote Attack Tool Microsoft Windows XP/2000 - TCP Connection Reset Remote Attack Tool Microsoft Windows Server 2003/XP - Remote Denial of Service Microsoft Windows XP/2003 - Remote Denial of Service Microsoft Windows Server 2003/XP - IPv6 Remote Denial of Service Microsoft Windows XP/2003 - IPv6 Remote Denial of Service Microsoft Windows Server 2003/XP - IGMP v3 Denial of Service (MS06-007) (1) Microsoft Windows XP/2003 - IGMP v3 Denial of Service (MS06-007) (1) Microsoft Windows Server 2003/XP - IGMP v3 Denial of Service (MS06-007) (2) Microsoft Windows XP/2003 - IGMP v3 Denial of Service (MS06-007) (2) Microsoft Windows Server 2000/2003/XP - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service Microsoft Windows Server 2000/2003/XP - 'win32k.sys' SfnINSTRING Local kernel Denial of Service Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service Microsoft Windows - cmd.exe Unicode Buffer Overflow (SEH) Microsoft Windows - 'cmd.exe' Unicode Buffer Overflow (SEH) Microsoft Windows Win32k!xxxRealDrawMenuItem() - Missing HBITMAP Bounds Checks Microsoft Windows - Win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks Microsoft Windows - (IcmpSendEcho2Ex Interrupting) Denial of Service Microsoft Windows - IcmpSendEcho2Ex Interrupting Denial of Service Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (1) Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (1) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (2) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (3) Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (2) Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (3) Microsoft Windows Server 2000/XP - GDI Denial of Service Microsoft Windows XP/2000 - GDI Denial of Service Microsoft Windows Help program - 'WinHlp32.exe' Crash (PoC) Microsoft Windows Help Program - 'WinHlp32.exe' Crash (PoC) Microsoft Windows Server 2000/2003/XP - Graphical Device Interface Library Denial of Service Microsoft Windows XP/2000/2003 - Graphical Device Interface Library Denial of Service Microsoft Windows Server 2000/XP - Internet Protocol Validation Remote Code Execution (1) Microsoft Windows XP/2000 - Internet Protocol Validation Remote Code Execution (1) Microsoft Windows Server 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051) Microsoft Windows XP/2000/2003 - MSDTC TIP Denial of Service (MS05-051) Microsoft Windows Server 2000/2003/XP - CreateRemoteThread Local Denial of Service Microsoft Windows XP/2000/2003 - CreateRemoteThread Local Denial of Service Microsoft Windows Server 2000/XP - Registry Access Local Denial of Service Microsoft Windows XP/2000 - Registry Access Local Denial of Service Microsoft Windows XP - cmd.exe Buffer Overflow Microsoft Windows XP - 'cmd.exe' Buffer Overflow Microsoft Windows Explorer - explorer.exe WMV File Handling Denial of Service Microsoft Windows Explorer - 'explorer.exe' .WMV File Handling Denial of Service Microsoft Windows Server 2003/XP - Explorer .WMF File Handling Denial of Service Microsoft Windows XP/2003 - Explorer .WMF File Handling Denial of Service Microsoft Windows Kernel 'win32k.sys' - Integer Overflow (MS13-101) Microsoft Windows Kernel - 'win32k.sys' Integer Overflow (MS13-101) Microsoft Windows Media Player 11 - AVI File Colorspace Conversion Remote Memory Corruption Microsoft Windows Media Player 11 - .AVI File Colorspace Conversion Remote Memory Corruption Microsoft Windows = devenum.dll!DeviceMoniker::Load() Heap Corruption Buffer Underflow (MS16-007) Microsoft Windows - devenum.dll!DeviceMoniker::Load() Heap Corruption Buffer Underflow (MS16-007) Microsoft Windows - (ListBox/ComboBox Control) Local Exploit (MS03-045) Microsoft Windows - ListBox/ComboBox Control Local Exploit (MS03-045) Microsoft Windows Server 2000/XP - Task Scheduler .job Exploit (MS04-022) Microsoft Windows Task Scheduler (Windows XP/2000) - '.job' Exploit (MS04-022) Microsoft Windows - (NtClose DeadLock) PoC (MS06-030) Microsoft Windows Server 2000/XP - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030) Microsoft Windows - NtClose DeadLock PoC (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030) Microsoft Windows Server 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (1) Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (1) Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (1) Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (1) Adobe - 'Collab.getIcon()' Buffer Overflow (Metasploit) (1) Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (2) Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (2) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (2) Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (2) Adobe - 'Collab.getIcon()' Buffer Overflow (Metasploit) (2) Microsoft Windows Server 2003/XP - 'afd.sys' Privilege Escalation (MS11-080) Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4 / Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 - Screensaver Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4 / NT 3.5.1/SP1/SP2/SP3/SP4/SP5 - Screensaver Microsoft Windows Server 2000/2003/XP - Keyboard Event Privilege Escalation Microsoft Windows XP/2000/2003 - Keyboard Event Privilege Escalation Microsoft Windows Server 2003/XP - ReadDirectoryChangesW Information Disclosure Microsoft Windows XP/2003 - ReadDirectoryChangesW Information Disclosure Microsoft Windows Server 2003/XP - RPCSS Service Isolation Privilege Escalation Microsoft Windows XP/2003 - RPCSS Service Isolation Privilege Escalation Microsoft Windows Server 2000/2003/XP - Desktop Wall Paper System Parameter Privilege Escalation Microsoft Windows XP/2000/2003 - Desktop Wall Paper System Parameter Privilege Escalation Microsoft Windows Server 2000/2003/XP/Vista - Double-Free Memory Corruption Privilege Escalation Microsoft Windows XP/Vista/2000/2003 - Double-Free Memory Corruption Privilege Escalation KiTTY Portable 0.65.0.2p (Windows 8.1 / Windows 10) - Local kitty.ini Overflow KiTTY Portable 0.65.0.2p (Windows 8.1/10) - Local kitty.ini Overflow Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (2) Microsoft Windows Server 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026) Microsoft Windows XP/2000 - 'RPC DCOM' Remote Exploit (MS03-026) Microsoft Windows Server 2000/XP - RPC Remote (Non Exec Memory) Exploit Microsoft Windows Server 2000/XP - Workstation Service Overflow (MS03-049) Microsoft Windows XP/2000 - RPC Remote (Non Exec Memory) Exploit Microsoft Windows XP/2000 - Workstation Service Overflow (MS03-049) Microsoft Windows Messenger Service - Remote Exploit FR (MS03-043) Microsoft Windows Messenger Service (French) - Remote Exploit (MS03-043) Microsoft Windows Server 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011) Microsoft Windows XP/2000 - 'Lsasrv.dll' Remote Universal Exploit (MS04-011) Microsoft Windows Server 2003/XP - Metafile Escape() Code Execution (Metasploit) Microsoft Windows XP/2003 - Metafile Escape() Code Execution (Metasploit) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3) Apple QuickTime 7.2/7.3 (Windows Vista / Windows XP) - RSTP Response Code Execution Apple QuickTime 7.2/7.3 (Windows Vista/XP) - RSTP Response Code Execution Microsoft Windows Server 2003/XP/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit) Microsoft Windows XP/Vista/2003 - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit) Microsoft IIS4 (Windows NT) - Remote Web-Based Administration Microsoft IIS4 (Windows NT) - Log Avoidance Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration Microsoft IIS 4 (Windows NT) - Log Avoidance Microsoft IIS (Windows NT 4.0/SP1/SP2/SP3/SP4/SP5) - IIS IDC Path Mapping Microsoft IIS (Windows NT 4.0/SP1/SP2/SP3/SP4/SP5) - '.IDC' Path Mapping Microsoft Internet Explorer 4 (Windows 95/Windows NT 4) - Setupctl ActiveX Control Buffer Overflow Microsoft Internet Explorer 4 (Windows 95/NT 4) - Setupctl ActiveX Control Buffer Overflow Microsoft Windows Server 2000 - telnet.exe NTLM Authentication Microsoft Windows Server 2000 - 'telnet.exe' NTLM Authentication Microsoft Windows Server 2000/2003/XP - winhlp32 Phrase Integer Overflow Microsoft Windows Server 2000/2003/XP - winhlp32 Phrase Heap Overflow Microsoft Windows XP/2000/2003 -'winhlp32' Phrase Integer Overflow Microsoft Windows XP/2000/2003 - 'winhlp32' Phrase Heap Overflow Microsoft Windows Server 2000/XP - Internet Protocol Validation Remote Code Execution (2) Microsoft Windows XP/2000 - Internet Protocol Validation Remote Code Execution (2) Microsoft Windows Explorer 2000/2003/XP - Drag and Drop Remote Code Execution Microsoft Windows XP/2000/2003 - Explorer Drag and Drop Remote Code Execution Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (1) Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Buffer Overflow Windows XP/Vista/Windows 7 - JITed egg-hunter stage-0 Shellcode Adjusted universal Windows XP/Vista/7 - JITed egg-hunter stage-0 Shellcode Adjusted Universal Dosya Yukle Scrtipi 1.0 - Arbitrary File Upload Dosya Yukle Scrtipi (DosyaYukle Scripti) 1.0 - Arbitrary File Upload DosyaYukle Scripti 1.0 - Arbitrary File Upload Splunk Enterprise - Information Disclosure Membership Formula - 'order' Parameter SQL Injection	2017-04-01 05:01:15 +00:00
Offensive Security	6d17bc529d	DB: 2017-03-31 4 new exploits dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow (PoC) dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow (PoC) Spider Solitaire - Denial of Service (PoC) Spider Solitaire - Denial of Service (PoC) Baby FTP Server 1.24 - Denial of Service Baby FTP Server 1.24 - Denial of Service (1) Baby FTP server 1.24 - Denial of Service Baby FTP server 1.24 - Denial of Service (2) Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Evostream Media Server 1.7.1 (x64) - Denial of Service Evostream Media Server 1.7.1 (x64) - Denial of Service Cerberus FTP Server 8.0.10.1 - Denial of Service Cerberus FTP Server 8.0.10.1 - Denial of Service Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Solaris 10 sysinfo() - Local Kernel Memory Disclosure Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1) Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC) Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC) Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008) Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008) Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2) Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (1) Forticlient 5.2.3 Windows 10 x64 (Pre Anniversary) - Privilege Escalation Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Privilege Escalation Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (2) Yahoo! Music Jukebox 2.2 - AddImage() ActiveX Remote Buffer Overflow (1) Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (1) dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (1) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1) Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2) Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2) D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (2) D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit) D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (1) D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit) Azure Data Expert Ultimate 2.2.16 - Buffer Overflow Azure Data Expert Ultimate 2.2.16 - Buffer Overflow Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) Article Script 1.6.3 - 'rss.php' SQL Injection (1) Article Script 1.6.3 - 'rss.php' SQL Injection DBHcms 1.1.4 - Remote File Inclusion DBHcms 1.1.4 - 'code' Remote File Inclusion LaserNet CMS 1.5 - SQL Injection (2) LaserNet CMS 1.5 - SQL Injection Clever Copy 3.0 - 'postview.php' SQL Injection (1) Clever Copy 3.0 - 'postview.php' SQL Injection phpAuction - 'profile.php' SQL Injection phpAuction - 'profile.php' SQL Injection (1) Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (1) Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (2) Matterdaddy Market 1.1 - Multiple SQL Injections (1) Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections PHPWebGallery 1.3.4 - Blind SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection (1) PHPWebGallery 1.3.4 - Blind SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection (2) Zeeways Shaadi Clone 2.0 - Authentication Bypass Zeeways Shaadi Clone 2.0 - Authentication Bypass (1) Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1) DBHcms 1.1.4 - Remote File Inclusion DBHcms 1.1.4 - 'dbhcms_core_dir' Remote File Inclusion E-book Store - Multiple Vulnerabilities (1) Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1) E-book Store - Multiple Vulnerabilities (2) E-book Store - Multiple Vulnerabilities Classifieds Script - SQL Injection Classifieds Script - 'rate' SQL Injection Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (2) DBHcms 1.1.4 - SQL Injection DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection LaserNet CMS 1.5 - SQL Injection (1) Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (2) Article Script 1.6.3 - 'rss.php' SQL Injection (2) Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (1) Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (1) LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (2) Fonality trixbox 2.4.2 - Cross-Site Scripting Fonality trixbox 2.4.2 - Cross-Site Scripting (1) Fonality trixbox 2.4.2 - Cross-Site Scripting (2) Clever Copy 3.0 - 'postview.php' SQL Injection (2) phpAuction - 'profile.php' SQL Injection phpAuction - 'profile.php' SQL Injection (2) Zeeways Shaadi Clone 2.0 - Authentication Bypass Zeeways Shaadi Clone 2.0 - Authentication Bypass (2) DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2) Matterdaddy Market 1.1 - Multiple SQL Injections (2) Matterdaddy Market 1.1 - 'cat_name' Multiple SQL Injections WordPress Plugin WP Private Messages 1.0.1 - SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1) Huawei Flybox B660 - Cross-Site Request Forgery Huawei Flybox B660 - Cross-Site Request Forgery (1) Huawei Flybox B660 - Cross-Site Request Forgery Huawei Flybox B660 - Cross-Site Request Forgery (2) Classifieds Script - SQL Injection Classifieds Script - 'term' SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)	2017-03-31 05:01:16 +00:00
Offensive Security	8e03027ae5	DB: 2017-03-30 18 new exploits FUSE fusermount Tool - Race Condition Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure Apache 2.2 - Scoreboard Invalid Free On Shutdown Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow FUSE fusermount Tool - Race Condition Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation AUFS (Ubuntu 15.10) - 'allow_userns' Fuse/Xattr User Namespaces Privilege Escalation Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation NTP - Privilege Escalation Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation Disk Sorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow DiskBoss Enterprise 7.8.16 - 'Import Command' Buffer Overflow Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH) Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes) Just Dial Clone Script - 'fid' SQL Injection Just Dial Clone Script - 'fid' Parameter SQL Injection Just Dial Clone Script - 'srch' SQL Injection Just Dial Clone Script - 'srch' Parameter SQL Injection Opensource Classified Ads Script - 'keyword' Parameter SQL Injection EyesOfNetwork (EON) 5.1 - SQL Injection	2017-03-30 05:01:15 +00:00

... 3 4 5 6 7 ...

1434 commits