bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1399 commits 1 branch 0 tags 362 MiB
Commit graph

502 commits

Author SHA1 Message Date
Offensive Security
cb946ad7aa DB: 2017-11-15 
9 new exploits

GNU TAR 1.15.91 / CPIO 2.5.90 - safer_name_suffix Remote Denial of Service
GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service
Microsoft Internet Explorer 11 - 'jscript!JsErrorToString' Use-After-Free
PHP 7.1.8 - Heap-Based Buffer Overflow

PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free
Realtek Audio Control Panel 1.0.1.65 - Exploit
Realtek Audio Microphone Calibration 1.1.1.6 - Exploit
Realtek HD Audio Control Panel 2.1.3.2 - Exploit
Realtek Audio Control Panel 1.0.1.65 - Buffer Overflow
Realtek Audio Microphone Calibration 1.1.1.6 - Buffer Overflow
Realtek HD Audio Control Panel 2.1.3.2 - Buffer Overflow

Odin Secure FTP 4.1 - Stack Buffer Overflow (LIST) (Metasploit)
Odin Secure FTP 4.1 - 'LIST' Stack Buffer Overflow (Metasploit)
STUNSHELL Web Shell - PHP Remote Code Execution (Metasploit)
STUNSHELL Web Shell - Remote Code Execution (Metasploit)
STUNSHELL (Web Shell) - PHP Remote Code Execution (Metasploit)
STUNSHELL (Web Shell) - Remote Code Execution (Metasploit)
Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit)
Wireless IP Camera (P2P) WIFICAM - Unauthenticated Remote Code Execution
Ulterius Server < 1.9.5.0 - Directory Traversal
D-Link DIR-850L - Unauthenticated OS Command Execution (Metasploit)
Dup Scout Enterprise 10.0.18 - 'Login' Buffer Overflow
Gogs (label pararm) - SQL Injection
Gogs - users and repos q SQL Injection
Gogs - 'label' SQL Injection
Gogs - 'users'/'repos' '?q' SQL Injection

Kirby CMS < 2.5.7 - Cross-Site Scripting
 2017-11-15 05:01:30 +00:00
Offensive Security
9e4de03a13 DB: 2017-11-14 
4 new exploits

Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)
Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass
IKARUS anti.virus 2.16.7 - 'ntguard_x64' Privilege Escalation

IBM Websphere 6.0 - Faultactor Cross-Site Scripting
IBM Websphere 6.0 - 'Faultactor' Cross-Site Scripting

Coppermine Photo Gallery 1.3.2 - File Retrieval SQL Injection
Coppermine Photo Gallery 1.3.2 - File Retrieval / SQL Injection

MemHT Portal 4.0.1 - SQL Injection Code Execution
MemHT Portal 4.0.1 - SQL Injection / Code Execution

AWCM 2.1 final - Remote File Inclusion
AWCM 2.1 Final - Remote File Inclusion

Invision Power Board 3 - search_app SQL Injection
Invision Power Board 3 - 'search_app' SQL Injection

PHP-Nuke 7.x - Content Filtering Byapss
PHP-Nuke 7.x - Content Filtering Bypass

Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload
 2017-11-14 05:01:29 +00:00
Offensive Security
6f7af333ff DB: 2017-11-07 
9 new exploits

G Data TotalCare 2011 - NtOpenKey Race Condition
G Data TotalCare 2011 - 'NtOpenKey' Race Condition

QNX 6.1 - TimeCreate Local Denial of Service
QNX 6.1 - 'TimeCreate' Local Denial of Service
Ipswitch WS_FTP Professional < 12.6.0.3 - Local Buffer Overflow (SEH)
Debut Embedded httpd 1.20 - Denial of Service
Avaya OfficeScan (IPO) < 10.1 - ActiveX Buffer Overflow
SMPlayer 17.11.0 - '.m3u' Buffer Overflow (PoC)

PHP 5.3.0 - pdflib Arbitrary File Write
PHP 5.3.0 - 'pdflib' Arbitrary File Write
Actiontec C1000A Modem - Backdoor Account
Avaya OfficeScan (IPO) < 10.1 - 'SoftConsole' Buffer Overflow (SEH)

Joomla! Component com_virtuemart 1.1.7/1.5 - Blind Time-Based SQL Injection (Metasploit)
Joomla! Component com_virtuemart 1.1.7/1.5 - Blind SQL Injection (Metasploit)

Authenex A-Key/ASAS Web Management Control 3.1.0.2 - Time-Based SQL Injection
Authenex A-Key/ASAS Web Management Control 3.1.0.2 - Blind SQL Injection

Joomla! 2.5.0 < 2.5.1 - Time Based SQL Injection
Joomla! 2.5.0 < 2.5.1 - Blind SQL Injection

xt:Commerce 3.04 SP2.1 - Time Based Blind SQL Injection
xt:Commerce 3.04 SP2.1 - Blind SQL Injection

MyBB 1.6.9 - 'editpost.php?posthash' Time Based SQL Injection
MyBB 1.6.9 - 'editpost.php?posthash' Blind SQL Injection

Tableau Server - Blind SQL Injection
Tableau Server < 8.0.7 / < 8.1.2 - Blind SQL Injection

GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection
GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection

Joomla! 2.5.1 - 'redirect.php' Time Based SQL Injection
Joomla! 2.5.1 - 'redirect.php' Blind SQL Injection

Milw0rm Clone Script 1.0 - Time Based SQL Injection
Milw0rm Clone Script 1.0 - 'related.php?program' Blind SQL Injection

Milw0rm Clone Script 1.0 - Authentication Bypass
Milw0rm Clone Script 1.0 - '/admin/login.php' Authentication Bypass

RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injections
RealtyScript 4.0.2 - Multiple Blind SQL Injections
WordPress Plugin Userpro < 4.9.17.1 - Authentication Bypass
Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
 2017-11-07 05:01:33 +00:00
Offensive Security
ffa5f29b53 DB: 2017-11-04 
4 new exploits

Avira Premium Security Suite - NtCreateKey Race Condition
Avira Premium Security Suite - 'NtCreateKey' Race Condition

Microsoft Internet Explorer - Memory Corruption

Lotus Domino SMTP Router & Email Server and Client - Denial of Service

Byte Fusion BFTelnet 1.1 - Long 'Username' Denial of Service
Byte Fusion BFTelnet 1.1 - Long Username Denial of Service

Apple Mac OSX (Mavericks) - IOBluetoothHCIUserClient Privilege Escalation
Apple Mac OSX (Mavericks) - 'IOBluetoothHCIUserClient' Privilege Escalation
Python 2.7 hotshot Module - pack_string Heap Buffer Overflow
Python 2.7 array.fromstring Method - Use-After-Free
Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow
Python 2.7 - 'array.fromstring' Method Use-After-Free

GraphicsMagick - Memory Disclosure / Heap Overflow

Mozilla Firefox 3.6 - URL Spoofing

Vir.IT eXplorer Anti-Virus - Privilege Escalation
Vir.IT eXplorer Anti-Virus 8.5.39 - 'VIAGLT64.SYS' Privilege Escalation

Check Point VPN-1/FireWall-1 4.1 SP2 - Blocked Port Bypass Exploit

Adobe Flash / Reader - Live Malware (PoC)

Adobe ColdFusion - Directory Traversal

Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit

CA BrightStor ARCserve License Service - GCR NETWORK Buffer Overflow (Metasploit)
CA BrightStor ARCserve License Service - 'GCR NETWORK' Buffer Overflow (Metasploit)
Nullsoft SHOUTcast 1.9.2 - icy-name/icy-url Memory Corruption (1)
Nullsoft SHOUTcast 1.9.2 - icy-name/icy-url Memory Corruption (2)
Nullsoft SHOUTcast 1.9.2 - 'icy-name/icy-url' Memory Corruption (1)
Nullsoft SHOUTcast 1.9.2 - 'icy-name/icy-url' Memory Corruption (2)

Move Media Player 1.0 Quantum Streaming - ActiveX Control Multiple Buffer Overflow Vulnerabilities

tnftp - 'savefile' Arbitrary Command Execution (Metasploit)

PostNuke 0.763 - PNSV lang Remote Code Execution
PostNuke 0.763 - 'PNSV lang' Remote Code Execution

GuppY 4.6.3 - 'includes.inc selskin' Remote File Inclusion
GuppY 4.6.3 - 'index.php?selskin' Remote File Inclusion
WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection
Ladon Framework for Python 0.9.40 - XML External Entity Expansion
 2017-11-04 05:01:30 +00:00
Offensive Security
538da000af DB: 2017-10-24 
10 new exploits

FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service
FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service

NetBSD FTPd / Tnftpd - Remote Stack Overflow (PoC)
NetBSD - 'FTPd / Tnftpd' Remote Stack Overflow (PoC)

FreeBSD 6/8 - ata device Local Denial of Service
FreeBSD 6/8 - ata Device Local Denial of Service

FreeBSD 7.2 - pecoff executable Local Denial of Service
FreeBSD 7.2 - 'pecoff' Local Denial of Service

FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service
FreeBSD / OpenBSD - 'ftpd' Null Pointer Dereference Denial of Service

FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off-By-One (PoC)
FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)

FreeBSD Kernel - 'mountnfs()' Exploit
FreeBSD - 'mountnfs()' Exploit

FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition
FreeBSD 8.1/7.3 - 'vm.pmap' Local Race Condition

Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service
BSD/Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service

FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service
FreeBSD 3.0/3.1/3.2 - 'vfs_cache' Denial of Service

FreeBSD Kernel - SCTP Remote NULL Ptr Dereference Denial of Service
FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service

OpenBSD 3.3/3.4 sysctl - Local Denial of Service
OpenBSD 3.3/3.4 - 'sysctl' Local Denial of Service

FreeBSD 9.1 ftpd - Remote Denial of Service
FreeBSD 9.1 - 'ftpd' Remote Denial of Service

FreeBSD 6.0/6.1 Ftrucante - Local Denial of Service
FreeBSD 6.0/6.1 - Ftrucante Local Denial of Service

NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow
NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow

Multiple BSD Distributions - 'strfmon()' Integer Overflow
BSD (Multiple Distributions) - 'strfmon()' Integer Overflow

Multiple BSD Distributions - 'gdtoa/misc.c' Memory Corruption
BSD (Multiple Distributions) - 'gdtoa/misc.c' Memory Corruption

Multiple BSD Distributions - 'printf(3)' Memory Corruption
BSD (Multiple Distributions) - 'printf(3)' Memory Corruption

FreeBSD Kernel - Multiple Vulnerabilities
FreeBSD - Multiple Vulnerabilities

FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow
FreeBSD 10.2 (x64) - 'amd64_set_ldt' Heap Overflow

ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service
FreeBSD 3.5.1/4.2 - ports package xklock Privilege Escalation
FreeBSD 3.5.1/4.2 - Ports Package elvrec Privilege Escalation
FreeBSD 3.5.1/4.2 - Ports Package 'xklock' Privilege Escalation
FreeBSD 3.5.1/4.2 - Ports Package 'elvrec' Privilege Escalation

OpenBSD ftp - Exploit
OpenBSD - 'ftp' Exploit

FreeBSD /usr/bin/top - Format String
FreeBSD - '/usr/bin/top' Format String

FreeBSD 4.x / < 5.4 - master.passwd Disclosure
FreeBSD 4.x / < 5.4 - 'master.passwd' Disclosure

FreeBSD mcweject 0.9 (eject) - Buffer Overflow Privilege Escalation
FreeBSD mcweject 0.9 'Eject' - Buffer Overflow Privilege Escalation

Oracle 10g - CTX_DOC.MARKUP SQL Injection
Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection

FreeBSD 6x/7 protosw Kernel - Privilege Escalation
FreeBSD 6x/7 - 'protosw' Privilege Escalation

FreeBSD 7.0-RELEASE Telnet Daemon - Privilege Escalation
FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation

FreeBSD 7.0/7.1 - 'ktimer' Kernel Privilege Escalation
FreeBSD 7.0/7.1 - 'ktimer' Privilege Escalation

FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation
FreeBSD 7.0/7.1 - 'vfs.usermount' Privilege Escalation

Multiple BSD Distributions - 'setusercontext()' Vulnerabilities
BSD (Multiple Distributions) - 'setusercontext()' Vulnerabilities

FreeBSD Kernel - 'nfs_mount()' Exploit
FreeBSD - 'nfs_mount()' Exploit

FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile kernel mem-leak Exploit
FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak Exploit

Sun Solaris 7.0 sdtcm_convert - Exploit
Sun Solaris 7.0 - 'sdtcm_convert' Exploit
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (3)
BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - rlogin Exploit
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (3)
BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit

NetBSD 1.3.2 / SGI IRIX 6.5.1 at(1) - Exploit
NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Exploit
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (1)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (2)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (1)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (2)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (1)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2)

BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon
BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit
FreeBSD 3.3 gdc - Buffer Overflow
FreeBSD 3.3 gdc - Symlink Exploit
FreeBSD 3.3 - Seyon setgid dialer
FreeBSD 3.3 xmindpath - Buffer Overflow
FreeBSD 3.3 angband - Buffer Overflow
FreeBSD 3.3 - 'gdc' Buffer Overflow
FreeBSD 3.3 - 'gdc' Symlink Exploit
FreeBSD 3.3 - Seyon setgid Dialer
FreeBSD 3.3 - 'xmindpath' Buffer Overflow
FreeBSD 3.3 - 'angband' Buffer Overflow

FreeBSD 3.0/3.1/3.2/3.3/3.4 Asmon/Ascpu - Exploit
FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Exploit
BSD mailx 8.1.1-10 - Buffer Overflow (1)
BSD mailx 8.1.1-10 - Buffer Overflow (2)
BSD 'mailx' 8.1.1-10 - Buffer Overflow (1)
BSD 'mailx' 8.1.1-10 - Buffer Overflow (2)

OpenBSD 2.x - fstat Format String
OpenBSD 2.x - 'fstat' Format String

BSD lpr 0.54 -4 - Arbitrary Command Execution
BSD 'lpr' 0.54 -4 - Arbitrary Command Execution

FreeBSD 3.5/4.x /usr/bin/top - Format String
FreeBSD 3.5/4.x - '/usr/bin/top' Format String

Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure
Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure
BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)
BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)
BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)
BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)

BSD Kernel - SHMAT System Call Privilege Escalation
BSD - SHMAT System Call Privilege Escalation

Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation
Linux Kernel < 3.8.x - open-time Capability 'file_ns_capable()' Privilege Escalation

FreeBSD 9.0 < 9.1 mmap/ptrace - Privilege Escalation
FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Privilege Escalation

NetBSD mail.local(8) - Privilege Escalation (Metasploit)
NetBSD - 'mail.local(8)' Privilege Escalation (Metasploit)

OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing
OpenBSD 3.9/4.0 - 'ld.so' Local Environment Variable Clearing

FreeBSD 7.1 libc - Berkley DB Interface Uninitialized Memory Local Information Disclosure
FreeBSD 7.1 - libc Berkley DB Interface Uninitialized Memory Local Information Disclosure

Apple Mac OSX 10.10 - DYLD_PRINT_TO_FILE Privilege Escalation
Apple Mac OSX 10.10 - 'DYLD_PRINT_TO_FILE' Privilege Escalation

Apple Mac OSX 10.10.5 - XNU Privilege Escalation
Apple Mac OSX 10.10.5 - 'XNU' Privilege Escalation

Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation
Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation

Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)
Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation (Metasploit)

NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006)
NetBSD - 'mail.local(8)' Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Privilege Escalation
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Privilege Escalation

Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation

BSD TelnetD - Remote Command Execution (1)
BSD - 'TelnetD' Remote Command Execution (1)

ftpd / ProFTPd (FreeBSD) - Remote Command Execution
FreeBSD - 'ftpd / ProFTPd' Remote Command Execution

FreeBSD Telnet Service - Encryption Key ID Buffer Overflow (Metasploit)
FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit)

BSD 4.2 fingerd - Buffer Overflow
BSD 4.2 - 'fingerd' Buffer Overflow
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (1)
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (2)
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (1)
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (2)

BSD TelnetD - Remote Command Execution (2)
BSD - 'TelnetD' Remote Command Execution (2)

FreeBSD 3.x/4.x - ipfw Filtering Evasion
FreeBSD 3.x/4.x - 'ipfw' Filtering Evasion
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow
FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Buffer Overflow
FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Vulnerabilities

Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - TelnetD Buffer Overflow
Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Buffer Overflow

NetBSD 1.x TalkD - User Validation
NetBSD 1.x - 'TalkD' User Validation

tnftp - clientside BSD Exploit
tnftp (FreeBSD 8/9/10) - 'tnftp' Client Eide Exploit
Ayukov NFTP FTP Client < 2.0 - Buffer Overflow
Unitrends UEB 9 - http api/storage Remote Root (Metasploit)
Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)
Polycom - Command Shell Authorization Bypass (Metasploit)

Joomla! Component Photo Blog alpha 3 - alpha 3a SQL Injection
Joomla! Component Photo Blog alpha 3 < alpha 3a - SQL Injection

cPanel 10.9 - dosetmytheme 'theme' Cross-Site Scripting
cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting

Korean GHBoard - Component/upload.jsp Unspecified Arbitrary File Upload
Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload

TP-Link TL-MR3220 - Cross-Site Scripting
Logitech Media Server - Cross-Site Scripting
CometChat < 6.2.0 BETA 1 - Local File Inclusion
Kaltura < 13.1.0 - Remote Code Execution
 2017-10-24 05:02:00 +00:00
Offensive Security
7de3f31675 DB: 2017-10-21 
9 new exploits

Too many to list!
 2017-10-21 05:01:31 +00:00
Offensive Security
519f2f59ba DB: 2017-10-18 
19 new exploits

Mozilla (Firefox 1.0.7) (Mozilla 1.7.12) - Denial of Service
Mozilla Firefox 1.0.7 (Mozilla 1.7.12) - Denial of Service
Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution
Microsoft Excel - OLE Arbitrary Code Execution
Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass
Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns
Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box'
Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags
Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure
Linux Kernel - 'AF_PACKET' Use-After-Free
shadowsocks-libev 3.1.0 - Command Execution
Shadowsocks - Log File Command Execution

ModSecurity - POST Parameters Security Bypass
ModSecurity - 'POST' Security Bypass
Apple iOS 10.2 (14C92) - Remote Code Execution
Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)

Windows x64 - API Hooking Shellcode (117 bytes)

ALiCE-CMS 0.1 - (CONFIG[local_root]) Remote File Inclusion
ALiCE-CMS 0.1 - 'CONFIG[local_root]' Remote File Inclusion

PHPRecipeBook 2.35 - (g_rb_basedir) Remote File Inclusion
PHPRecipeBook 2.35 - 'g_rb_basedir' Remote File Inclusion

Brim 1.2.1 - (renderer) Multiple Remote File Inclusion
Brim 1.2.1 - 'renderer' Multiple Remote File Inclusion

GNUBoard 4.33.02 - 'tp.php' PATH_INFO SQL Injection
GNUBoard 4.33.02 - 'tp.php PATH_INFO' SQL Injection
3CX Phone System 15.5.3554.1 - Directory Traversal
OpenText Documentum Content Server - Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
OpenText Documentum Content Server - dmr_content Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
 2017-10-18 05:01:30 +00:00
Offensive Security
b77b178de0 DB: 2017-10-11 
4 new exploits

Hasbani-WindWeb/2.0 - HTTP GET Remote Denial of Service
Hasbani-WindWeb/2.0 - GET Remote Denial of Service

KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC)
KingSoft - 'UpdateOcx2.dll SetUninstallName()' Heap Overflow (PoC)

Konqueror 3.5.9 - (color/bgcolor) Multiple Remote Crash Vulnerabilities
Konqueror 3.5.9 - 'color'/'bgcolor' Multiple Remote Crash Vulnerabilities
WinFTP Server 2.3.0 - (PASV mode) Remote Denial of Service
Konqueror 3.5.9 - (load) Remote Crash
WinFTP Server 2.3.0 - 'PASV Mode' Remote Denial of Service
Konqueror 3.5.9 - 'load' Remote Crash

Nokia Mini Map Browser - (array sort) Silent Crash
Nokia Mini Map Browser - 'Array Sort' Silent Crash

vBulletin Cyb - Advanced Forum Statistics - 'misc.php' Denial of Service
vBulletin Cyb - Advanced Forum Statistics 'misc.php' Denial of Service

VideoLAN VLC Media Player < 1.1.4 - '.xspf' 'smb://' URI Handling Remote Stack Overflow (PoC)
VideoLAN VLC Media Player < 1.1.4 - '.xspf smb://' URI Handling Remote Stack Overflow (PoC)

HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe' 'execvp_nc' Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe execvp_nc' Remote Code Execution

RarCrack 0.2 - 'Filename' 'init()' '.bss' (PoC)
RarCrack 0.2 - 'Filename init() .bss' (PoC)

VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Function Memory Corruption
VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Memory Corruption

PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service
PHP 'Exif' Extension - 'exif_read_data()' Remote Denial of Service

GNU glibc < 2.12.2 - 'fnmatch()' Function Stack Corruption
GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption

PyPAM - Python bindings for PAM - Double-Free Corruption
PyPAM Python bindings for PAM - Double-Free Corruption

Tiny Server 1.1.9 - HTTP HEAD Denial of Service
Tiny Server 1.1.9 - HEAD Denial of Service

Symantec End Point Protection 11.x - & Symantec Network Access Control 11.x - LCE (PoC)
Symantec End Point Protection 11.x / Symantec Network Access Control 11.x - Local Code Execution (PoC)

MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service
MAILsweeper SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service

FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC)
FL Studio 10 Producer Edition - Buffer Overflow (SEH) (PoC)

Intellicom 1.3 - 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow
Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow
MyServer 0.4.3 - HTTP GET Argument Buffer Overflow
MyServer 0.5 - HTTP GET Argument Buffer Overflow
MyServer 0.4.3 - GET Argument Buffer Overflow
MyServer 0.5 - GET Argument Buffer Overflow

Cisco Aironet AP1x00 - Malformed HTTP GET Denial of Service
Cisco Aironet AP1x00 - GET Denial of Service

McAfee ePolicy Orchestrator 1.x/2.x/3.0 - Agent HTTP POST Buffer Mismanagement
McAfee ePolicy Orchestrator 1.x/2.x/3.0 Agent - POST Buffer Mismanagement
Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (1)
Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (2)
Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (3)
Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (1)
Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (2)
Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (3)

Gattaca Server 2003 - 'web.tmpl' 'Language' Parameter CPU Consumption (Denial of Service)
Gattaca Server 2003 - 'web.tmpl Language' Parameter CPU Consumption (Denial of Service)

Microsoft Windows XP - 'explorer.exe' '.tiff' Image Denial of Service
Microsoft Windows XP - 'explorer.exe .tiff' Image Denial of Service

PHPMailer 1.7 - 'Data()' Function Remote Denial of Service
PHPMailer 1.7 - 'Data()' Remote Denial of Service

Apple Mac OSX 10.x - '.zip' Parsing 'BOMStackPop()' Function Overflow
Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow

MailEnable 2.x - SMTP NTLM Authentication - Multiple Vulnerabilities
MailEnable 2.x - SMTP NTLM Authentication Multiple Vulnerabilities

Microsoft Windows Explorer - 'explorer.exe' '.WMV' File Handling Denial of Service
Microsoft Windows Explorer - 'explorer.exe .WMV' File Handling Denial of Service

MW6 Technologies Aztec - ActiveX 'Data Pparameter Buffer Overflow
MW6 Technologies Aztec - ActiveX 'Data' Parameter Buffer Overflow

Multiple BSD Distributions - 'strfmon()' Function Integer Overflow
Multiple BSD Distributions - 'strfmon()' Integer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'StartApp' ActiveX Control Insecure Method
HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'RegistryString' Buffer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll StartApp' ActiveX Control Insecure Method
HP Instant Support 1.0.22 - 'HPISDataManager.dll RegistryString' Buffer Overflow

Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Function Remote Denial of Service
Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Remote Denial of Service

KDE Konqueror 3.5.9 - JavaScript 'load' Function Denial of Service
KDE Konqueror 3.5.9 - JavaScript 'load' Denial of Service

GNU glibc 2.x - 'strfmon()' Function Integer Overflow
GNU glibc 2.x - 'strfmon()' Integer Overflow

Sun Java System Web Server 6.1/7.0 - HTTP 'TRACE' Heap Buffer Overflow
Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow

PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot
PHP 5.3.1 - 'session_save_path() Safe_mode()' Restriction Bypass Exploiot

Microsoft Windows XP/Vista - '.ani' 'tagBITMAPINFOHEADER' Denial of Service
Microsoft Windows XP/Vista - '.ani tagBITMAPINFOHEADER' Denial of Service

PHP 5.3.2 - 'zend_strtod()' Function Floating-Point Value Denial of Service
PHP 5.3.2 - 'zend_strtod()' Floating-Point Value Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service
PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Function Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service
Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Function Remote Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Denial of Service
PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Ciphertext Data Memory Leak Denial of Service
Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey Crash (PoC)

CoDeSys 3.4 - HTTP POST Null Pointer Content-Length Parsing Remote Denial of Service
CoDeSys 3.4 - POST Null Pointer Content-Length Parsing Remote Denial of Service
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed FDSelect Offset in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed Name INDEX in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed FDSelect Offset in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table

Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to - Malformed CFF Table
Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to Malformed CFF Table

Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 - / ATMFD+0x3407b) Invalid Memory Access
Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 / ATMFD+0x3407b) Invalid Memory Access

BT Home Hub - 'uuid' field Buffer Overflow
BT Home Hub - 'uuid' Buffer Overflow

Squid - 'httpMakeVaryMark()' Function Remote Denial of Service
Squid - 'httpMakeVaryMark()' Remote Denial of Service

Python 3.3 < 3.5 - 'product_setstate()' Function Out-of-Bounds Read
Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read

Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) - Pool Buffer Overflow (MS15-117)
Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) Pool Buffer Overflow (MS15-117)

Broadcom Wi-Fi SoC - Heap Overflow in _wlc_tdls_cal_mic_chk_ Due to Large RSN IE in TDLS Setup Confirm Frame
Broadcom Wi-Fi SoC - Heap Overflow 'wlc_tdls_cal_mic_chk' Due to Large RSN IE in TDLS Setup Confirm Frame

Microsoft Windows Kernel - win32k.sys .TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel - win32k.sys '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)

IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)

ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit
ProFTPd - 'ftpdctl pr_ctrls_connect' Exploit

CDRecord's ReadCD - '$RSH' 'exec()' SUID Shell Creation
CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

SGI IRIX 6.5.28 - (runpriv) Design Error
SGI IRIX 6.5.28 - 'runpriv' Design Error

PHP < 4.4.5/5.2.1 - 'shmop' Functions Local Code Execution
PHP < 4.4.5/5.2.1 - 'shmop' Local Code Execution

PHP < 4.4.5/5.2.1 - '_SESSION' 'unset()' Local Exploit
PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Exploit
FreeBSD 6.4 - pipeclose()/knlist_cleardel() Race Condition
FreeBSD 7.2 VFS/devfs - Race Condition
FreeBSD 6.4 - 'pipeclose()'/'knlist_cleardel()' Race Condition
FreeBSD 7.2 - VFS/devfs Race Condition

Microsoft Windows 7 - 'wab32res.dll' 'wab.exe' DLL Hijacking
Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking

Oracle 10/11g - 'exp.exe' 'file' Parameter Local Buffer Overflow (PoC)
Oracle 10/11g - 'exp.exe file' Parameter Local Buffer Overflow (PoC)

Microsoft Visio - 'VISIODWG.dll' '.DXF' File Handling (MS10-028) (Metasploit)
Microsoft Visio - 'VISIODWG.dll .DXF' File Handling (MS10-028) (Metasploit)

ACDSee FotoSlate - '.PLP' File id Parameter Overflow (Metasploit)
ACDSee FotoSlate - '.PLP' File 'id' Parameter Overflow (Metasploit)

Netscape iCal 2.1 Patch2 iPlanet iCal - 'iplncal.sh' Permissions
Netscape iCal 2.1 Patch2 - iPlanet iCal 'iplncal.sh' Permissions

PLIB 1.8.5 - ssg/ssgParser.cxx Buffer Overflow
PLIB 1.8.5 - 'ssg/ssgParser.cxx' Buffer Overflow

Linux PAM 0.77 - Pam_Wheel Module 'getlogin()' 'Username' Spoofing Privilege Escalation
Linux PAM 0.77 - Pam_Wheel Module 'getlogin() Username' Spoofing Privilege Escalation

Microsoft ListBox/ComboBox Control - 'User32.dll' Function Buffer Overrun
Microsoft ListBox/ComboBox Control - 'User32.dll' Buffer Overrun

PHP 4.x/5.0/5.1 - 'mb_send_mail()' Function Parameter Restriction Bypass
PHP 4.x/5.0/5.1 - 'mb_send_mail()' Parameter Restriction Bypass

Microsoft Windows - 'ndproxy.sys' - Privilege Escalation (Metasploit)
Microsoft Windows - 'ndproxy.sys'  Privilege Escalation (Metasploit)

Microsoft Windows - SeImpersonatePrivilege - Privilege Escalation
Microsoft Windows - 'SeImpersonatePrivilege' Privilege Escalation

Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1)
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1)

Linux Kernel 2.6.x - 'rds_recvmsg()' Function Local Information Disclosure
Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure

MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)
MASM321 11 Quick Editor '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)

CompuSource Systems - Real Time Home Banking - Privilege Escalation
CompuSource Systems Real Time Home Banking - Privilege Escalation

Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (SUID Method)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method)

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)

Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)
OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation
Linux Kernel - 'offset2lib' 'Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation
OpenBSD - 'at Stack Clash' Local Privilege Escalation
Linux Kernel - 'offset2lib Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation

Microsoft Windows - LNK Shortcut File Code Execution (Metasploit)
Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit)

Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow
Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow
ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass)
Xine-Lib 1.1 - (media player library) Remote Format String
CA iTechnology iGateway - (debug mode) Remote Buffer Overflow
Xine-Lib 1.1 - 'Media Player Library' Remote Format String
CA iTechnology iGateway - 'Debug Mode' Remote Buffer Overflow

Microsoft Windows - NetpManageIPCConnect - Stack Overflow (MS06-070) (Python)
Microsoft Windows - 'NetpManageIPCConnect' Stack Overflow (MS06-070) (Python)

Microsoft Windows - DNS RPC - Remote Buffer Overflow (2)
Microsoft Windows - DNS RPC Remote Buffer Overflow (2)
3proxy 0.5.3g (Linux) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g - (exec-shield) 'proxy.c' 'logurl()' Remote Overflow
3proxy 0.5.3g (Linux) - 'proxy.c logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c logurl()' Remote Buffer Overflow
3proxy 0.5.3g - (exec-shield) 'proxy.c logurl()' Remote Overflow

NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()/ Insecure Method
NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method

CHILKAT ASP String - 'CkString.dll 1.1' 'SaveToFile()' Insecure Method
CHILKAT ASP String - 'CkString.dll 1.1 SaveToFile()' Insecure Method

GlobalLink 2.7.0.8 - 'glItemCom.dll' 'SetInfo()' Heap Overflow
GlobalLink 2.7.0.8 - 'glItemCom.dll SetInfo()' Heap Overflow
GlobalLink 2.7.0.8 - 'glitemflat.dll' 'SetClientInfo()' Heap Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0' 'SaveToFile()' Insecure Method
GlobalLink 2.7.0.8 - 'glitemflat.dll SetClientInfo()' Heap Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0 SaveToFile()' Insecure Method

Microsoft Visual FoxPro 6.0 - FPOLE.OCX Arbitrary Command Execution
Microsoft Visual FoxPro 6.0 - 'FPOLE.OCX' Arbitrary Command Execution

WebKit - 'Document()' Function Remote Information Disclosure
WebKit - 'Document()' Remote Information Disclosure

Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe MsgBox()' Remote Code Execution

Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' 'OpenFile()' Remote Overflow
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll OpenFile()' Remote Overflow

Bigant Messenger 2.52 - 'AntCore.dll' 'RegisterCom()' Remote Heap Overflow
Bigant Messenger 2.52 - 'AntCore.dll RegisterCom()' Remote Heap Overflow

Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
Oracle JRE - java.net.URLConnection class Same-of-Origin (SOP) Policy Bypass

httpdx - 'tolog()' Function Format String (Metasploit) (1)
httpdx - 'tolog()' Format String (Metasploit) (1)

httpdx - 'tolog()' Function Format String (Metasploit) (2)
httpdx - 'tolog()' Format String (Metasploit) (2)

httpdx - 'h_handlepeer()' Function Buffer Overflow (Metasploit)
httpdx - 'h_handlepeer()' Buffer Overflow (Metasploit)

hplip - hpssd.py From Address Arbitrary Command Execution (Metasploit)
hplip - 'hpssd.py' From Address Arbitrary Command Execution (Metasploit)

Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit)
Apple Mac OSX EvoCam Web Server - GET Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'OvJavaLocale' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'execvp' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe OvJavaLocale' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Buffer Overflow (Metasploit)

HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe' 'schdParams' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe schdParams' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'ICount' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'main' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe ICount' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe main' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'ovutil' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'Hostname' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe ovutil' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe Hostname' CGI Buffer Overflow (Metasploit)

ZyWALL USG - Appliance - Multiple Vulnerabilities
ZyWALL USG Appliance - Multiple Vulnerabilities

ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (Metasploit) (2)
ScriptFTP 3.3 - LIST Remote Buffer Overflow (Metasploit) (2)

Opera Browser 10/11/12 - (SVG layout) Memory Corruption (Metasploit)
Opera Browser 10/11/12 - 'SVG Layout' Memory Corruption (Metasploit)

Adobe Flash Player - '.mp4' 'cprt' Overflow (Metasploit)
Adobe Flash Player - '.mp4 cprt' Overflow (Metasploit)

UoW Pine 4.0.4/4.10/4.21 - 'From:' Field Buffer Overflow
UoW Pine 4.0.4/4.10/4.21 - 'From:' Buffer Overflow

Technote 2000/2001 - 'board' Function File Disclosure
Technote 2000/2001 - 'board' File Disclosure

IPSwitch IMail 6.x/7.0/7.1 - Web Messaging HTTP Get Buffer Overflow
IPSwitch IMail 6.x/7.0/7.1 - Web Messaging GET Buffer Overflow

Novell NetWare 5.1/6.0 - HTTP Post Arbitrary Perl Code Execution
Novell NetWare 5.1/6.0 - POST Arbitrary Perl Code Execution

Webmin 0.x - 'RPC' Function Privilege Escalation
Webmin 0.x - 'RPC' Privilege Escalation

Avaya IP Office Customer Call Reporter - ImageUpload.ashx Remote Command Execution (Metasploit)
Avaya IP Office Customer Call Reporter - 'ImageUpload.ashx' Remote Command Execution (Metasploit)

ghttpd 1.4.x - 'Log()' Function Buffer Overflow
ghttpd 1.4.x - 'Log()' Buffer Overflow
M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Cross-Site Scripting

Dune 0.6.7 - HTTP Get Remote Buffer Overrun
Dune 0.6.7 - GET Remote Buffer Overrun

InduSoft Web Studio - 'ISSymbol.ocx' 'InternationalSeparator()' Heap Overflow (Metasploit)
InduSoft Web Studio - 'ISSymbol.ocx InternationalSeparator()' Heap Overflow (Metasploit)

GNU Anubis 3.6.x/3.9.x - 'auth.c' 'auth_ident()' Function Overflow
GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Overflow

Rlpr 2.0 - 'msg()' Function Multiple Vulnerabilities
Rlpr 2.0 - 'msg()' Multiple Vulnerabilities

Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept' 'p_t02' Parameter Cross-Site Scripting
Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept p_t02' Parameter Cross-Site Scripting
SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp' 'fullName' Parameter Arbitrary File Disclosure
SAP Business Connector 4.6/4.7 - 'deleteSingle' 'fullName' Parameter Arbitrary File Deletion
SAP Business Connector 4.6/4.7 - 'adapter-index.dsp' 'url' Parameter Arbitrary Site Redirect
SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp fullName' Parameter Arbitrary File Disclosure
SAP Business Connector 4.6/4.7 - 'deleteSingle fullName' Parameter Arbitrary File Deletion
SAP Business Connector 4.6/4.7 - 'adapter-index.dsp url' Parameter Arbitrary Site Redirect
PHP 4.x - 'tempnam()' Function open_basedir Restriction Bypass
PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit
PHP 4.x - 'tempnam() open_basedir' Restriction Bypass
PHP 4.x - 'copy() Safe_Mode' Bypass Exploit

Python 2.5 - 'PyLocale_strxfrm' Function Remote Information Leak
Python 2.5 - 'PyLocale_strxfrm' Remote Information Leak

aBitWhizzy - 'whizzypic.php' 'd' ParameterTraversal Arbitrary Directory Listing
aBitWhizzy - 'whizzypic.php d' ParameterTraversal Arbitrary Directory Listing

PHP 5.1.6 - 'Chunk_Split()' Function Integer Overflow
PHP 5.1.6 - 'Chunk_Split()' Integer Overflow

PHP 5.1.6 - 'Imap_Mail_Compose()' Function Buffer Overflow
PHP 5.1.6 - 'Imap_Mail_Compose()' Buffer Overflow

Cisco IOS 12.3 - LPD Remote Buffer Overflow
Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow

Ghostscript 8.0.1/8.15 - 'zseticcspace()' Function Buffer Overflow
Ghostscript 8.0.1/8.15 - 'zseticcspace()' Buffer Overflow

HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'ExtractCab' ActiveX Control Buffer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll ExtractCab' ActiveX Control Buffer Overflow
F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php' 'css_exceptions' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php' 'sql_matchscope' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php css_exceptions' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php sql_matchscope' Parameter Cross-Site Scripting

Audio File Library 0.2.6 - libaudiofile 'msadpcm.c' '.WAV' File Processing Buffer Overflow
Audio File Library 0.2.6 - libaudiofile 'msadpcm.c .WAV' File Processing Buffer Overflow

ProFTPd 1.3 - 'mod_sql' 'Username' SQL Injection
ProFTPd 1.3 - 'mod_sql Username' SQL Injection

Microsoft Windows Vista - 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution
Microsoft Windows Vista - 'lpksetup.exe oci.dll' DLL Loading Arbitrary Code Execution

PHP 5.3.x - 'mb_strcut()' Function Information Disclosure
PHP 5.3.x - 'mb_strcut()' Information Disclosure

Perl 5.x - 'lc()' and 'uc()' functions TAINT Mode Protection Security Bypass
Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf' 'jdeowpBackButtonProtect' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService' 'e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService' 'e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService' 'RENDER_MAFLET' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService' 'jdemafjasLinkTarget' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf jdeowpBackButtonProtect' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService RENDER_MAFLET' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget' Parameter Cross-Site Scripting

NetBSD 5.1 - Multiple 'libc/net' functions Stack Buffer Overflow
NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflow

Skype 5.3 - 'Mobile Phone' Field HTML Injection
Skype 5.3 - 'Mobile Phone' HTML Injection

IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Function Remote Stack Buffer Overflow
IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Remote Stack Buffer Overflow
GoAhead Web Server 2.18 - 'addgroup.asp' 'group' Parameter Cross-Site Scripting
GoAhead Web Server 2.18 - 'addlimit.asp' 'url' Parameter Cross-Site Scripting
GoAhead Web Server 2.18 - 'addgroup.asp group' Parameter Cross-Site Scripting
GoAhead Web Server 2.18 - 'addlimit.asp url' Parameter Cross-Site Scripting

Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Function Information Disclosure
Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Information Disclosure
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi' 'ping_ipaddr' Parameter Remote Code Execution
VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Function Stack Buffer Overflow
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi ping_ipaddr' Parameter Remote Code Execution
VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Stack Buffer Overflow

NETGEAR D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution
NETGEAR D6300B - '/diag.cgi IPAddr4' Parameter Remote Command Execution

lxml - 'clean_html' Function Security Bypass
lxml - 'clean_html' Security Bypass
Alfresco - '/proxy' 'endpoint' Parameter Server-Side Request Forgery
Alfresco - '/cmisbrowser' 'url' Parameter Server-Side Request Forgery
Alfresco - '/proxy endpoint' Parameter Server-Side Request Forgery
Alfresco - '/cmisbrowser url' Parameter Server-Side Request Forgery

Laravel - 'Hash::make()' Function Password Truncation Security
Laravel - 'Hash::make()' Password Truncation Security

OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit)
OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit)

Windows - (DCOM RPC2) Universal Shellcode
Windows - DCOM RPC2 Universal Shellcode

Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)
Linux/CRISv32 Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)

Cyphor 0.19 - (board takeover) SQL Injection
Cyphor 0.19 - Board Takeover SQL Injection

PHPay 2.02 - 'nu_mail.inc.php' 'mail()' Remote Injection
PHPay 2.02 - 'nu_mail.inc.php mail()' Remote Injection

PHPMyNews 1.4 - (cfg_include_dir) Remote File Inclusion
PHPMyNews 1.4 - 'cfg_include_dir' Remote File Inclusion

Flatnuke 2.5.8 - (userlang) Local Inclusion / Delete All Users Exploit
Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users Exploit

Yrch 1.0 - 'plug.inc.php' 'path' Parameter Remote File Inclusion
Yrch 1.0 - 'plug.inc.phppath' Parameter Remote File Inclusion

Cacti 0.8.6i - 'cmd.php' 'popen()' Remote Injection
Cacti 0.8.6i - 'cmd.php popen()' Remote Injection

Vizayn Haber - 'haberdetay.asp' 'id' Parameter SQL Injection
Vizayn Haber - 'haberdetay.asp id' Parameter SQL Injection

iG Calendar 1.0 - 'user.php' 'id' Parameter SQL Injection
iG Calendar 1.0 - 'user.php id' Parameter SQL Injection

MGB 0.5.4.5 - 'email.php' 'id' Parameter SQL Injection
MGB 0.5.4.5 - 'email.php id' Parameter SQL Injection

Original 0.11 - 'config.inc.php' 'x[1]' Remote File Inclusion
Original 0.11 - 'config.inc.php x[1]' Remote File Inclusion

Picturesolution 2.1 - 'config.php' 'path' Remote File Inclusion
Picturesolution 2.1 - 'config.php path' Remote File Inclusion

PHP Homepage M 1.0 - galerie.php SQL Injection
PHP Homepage M 1.0 - 'galerie.php' SQL Injection

cpDynaLinks 1.02 - category.php SQL Injection
cpDynaLinks 1.02 - 'category.php' SQL Injection

DFF PHP Framework API (Data Feed File) - Remote File Inclusion
DFF PHP Framework API - 'Data Feed File' Remote File Inclusion

WebBiscuits Modules Controller 1.1 - Remote File Inclusion / RFD
WebBiscuits Modules Controller 1.1 - Remote File Inclusion / Remote File Disclosure

dMx READY (25 - Products) - Remote Database Disclosure
dMx READ - Remote Database Disclosure

Access2asp - imageLibrary - Arbitrary File Upload
Access2asp - 'imageLibrar' Arbitrary File Upload

Auktionshaus 3.0.0.1 - 'news.php' 'id' SQL Injection
Auktionshaus 3.0.0.1 - 'news.php id' SQL Injection

Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection
Bild Flirt System 2.0 - 'index.php id' SQL Injection

Fast Free Media 1.3 - Adult Site - Arbitrary File Upload
Fast Free Media 1.3 Adult Site - Arbitrary File Upload

goffgrafix - Design's - SQL Injection
goffgrafix Design's - SQL Injection

Bilder Upload Script - Datei Upload 1.09 - Arbitrary File Upload
Bilder Upload Script Datei Upload 1.09 - Arbitrary File Upload
Allomani - E-Store 1.0 - Cross-Site Request Forgery (Add Admin)
Allomani - Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin)
Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin)
Allomani Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin)

E-Xoopport - Samsara 3.1 (Sections Module) - Blind SQL Injection
E-Xoopport Samsara 3.1 (Sections Module) - Blind SQL Injection

E-Xoopport - Samsara 3.1 (eCal Module) - Blind SQL Injection
E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection

WordPress 3.0.1 - 'do_trackbacks()' function SQL Injection
WordPress 3.0.1 - 'do_trackbacks()' SQL Injection

Oracle WebLogic - Session Fixation Via HTTP POST
Oracle WebLogic - POST Session Fixation

spidaNews 1.0 - 'news.php' 'id' SQL Injection
spidaNews 1.0 - 'news.php id' SQL Injection

Catalog Builder - eCommerce Software - Blind SQL Injection
Catalog Builder eCommerce Software - Blind SQL Injection

FileBox - File Hosting & Sharing Script 1.5 - SQL Injection
FileBox File Hosting & Sharing Script 1.5 - SQL Injection

Snortreport - nmap.php and nbtscan.php Remote Command Execution (Metasploit)
Snortreport - 'nmap.php' / 'nbtscan.php' Remote Command Execution (Metasploit)

jbShop - e107 7 CMS Plugin - SQL Injection
jbShop e107 7 CMS Plugin - SQL Injection

Tine 2.0 - Maischa - Multiple Cross-Site Scripting Vulnerabilities
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities

4Images - Image Gallery Management System - Cross-Site Request Forgery
4Images Image Gallery Management System - Cross-Site Request Forgery

PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection
PHP Ticket System Beta 1 - 'index.php p' Parameter SQL Injection

X-Cart Gold 4.5 - 'products_map.php' 'symb' Parameter Cross-Site Scripting
X-Cart Gold 4.5 - 'products_map.php symb' Parameter Cross-Site Scripting

Symantec Web Gateway 5.0.2 - 'blocked.php' 'id' Parameter Blind SQL Injection
Symantec Web Gateway 5.0.2 - 'blocked.php id' Parameter Blind SQL Injection

Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php' 'groupid' Parameter Blind SQL Injection
Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid' Parameter Blind SQL Injection

YourArcadeScript 2.4 - 'index.php' 'id' Parameter SQL Injection
YourArcadeScript 2.4 - 'index.php id' Parameter SQL Injection

AV Arcade Free Edition - 'add_rating.php' 'id' Parameter Blind SQL Injection
AV Arcade Free Edition - 'add_rating.php id' Parameter Blind SQL Injection

PhpTax - pfilez Parameter Exec Remote Code Injection (Metasploit)
PhpTax - 'pfilez' Parameter Exec Remote Code Injection (Metasploit)

phpMyAdmin 3.5.2.2 - server_sync.php Backdoor (Metasploit)
phpMyAdmin 3.5.2.2 - 'server_sync.php' Backdoor (Metasploit)

Blog Mod 0.1.9 - 'index.php' 'month' Parameter SQL Injection
Blog Mod 0.1.9 - 'index.php month' Parameter SQL Injection

SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting
SurfControl SuperScout Email Filter 3.5 - 'MsgError.asp' Cross-Site Scripting

PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting
PHPReactor 1.2.7 pl1 - 'browse.php' Cross-Site Scripting

PHPRank 1.8 - add.php Cross-Site Scripting
PHPRank 1.8 - 'add.php' Cross-Site Scripting

MyBB Profile Albums Plugin 0.9 - 'albums.php' 'album' Parameter SQL Injection
MyBB Profile Albums Plugin 0.9 - 'albums.php album' Parameter SQL Injection
M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Remote File Inclusion

friendsinwar FAQ Manager - 'view_faq.php' 'question' Parameter SQL Injection
friendsinwar FAQ Manager - 'view_faq.php question' Parameter SQL Injection

SmartCMS - 'index.php' 'idx' Parameter SQL Injection
SmartCMS - 'index.php idx' Parameter SQL Injection

SmartCMS - 'index.php' 'menuitem' Parameter SQL Injection / Cross-Site Scripting
SmartCMS - 'index.php menuitem' Parameter SQL Injection / Cross-Site Scripting

PHP-Nuke 6.6 - admin.php SQL Injection
PHP-Nuke 6.6 - 'admin.php' SQL Injection

MyBB AwayList Plugin - 'index.php' 'id' Parameter SQL Injection
MyBB AwayList Plugin - 'index.php id' Parameter SQL Injection

WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php' 'basepath' Parameter Remote File Inclusion
WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php basepath' Parameter Remote File Inclusion

PHP-Nuke Error Manager Module 2.1 - 'error.php' 'language' Parameter Full Path Disclosure
PHP-Nuke Error Manager Module 2.1 - 'error.php language' Parameter Full Path Disclosure

phpHeaven phpMyChat 0.14.5 - 'edituser.php3' 'do_not_login' Parameter Authentication Bypass
phpHeaven phpMyChat 0.14.5 - 'edituser.php3 do_not_login' Parameter Authentication Bypass

NConf 1.3 - 'detail.php' 'detail_admin_items.php' 'id' Parameter SQL Injection
NConf 1.3 - 'detail.php detail_admin_items.php id' Parameter SQL Injection

AdaptCMS 2.0.4 - 'config.php' 'question' Parameter SQL Injection
AdaptCMS 2.0.4 - 'config.php question' Parameter SQL Injection

Scripts Genie Domain Trader - 'catalog.php' 'id' Parameter SQL Injection
Scripts Genie Domain Trader - 'catalog.php id' Parameter SQL Injection

Scripts Genie Games Site Script - 'index.php' 'id' Parameter SQL Injection
Scripts Genie Games Site Script - 'index.php id' Parameter SQL Injection

Scripts Genie Top Sites - 'out.php' 'id' Parameter SQL Injection
Scripts Genie Top Sites - 'out.php id' Parameter SQL Injection

Scripts Genie Hot Scripts Clone - 'showcategory.php' 'cid' Parameter SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php cid' Parameter SQL Injection

PHPMyRecipes 1.2.2 - 'viewrecipe.php' 'r_id' Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id' Parameter SQL Injection

MTP Image Gallery 1.0 - 'edit_photos.php' 'title' Parameter Cross-Site Scripting
MTP Image Gallery 1.0 - 'edit_photos.php title' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'announcement.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'news.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'contents.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'announcement.php cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'news.php cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'contents.php cid' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php Cat' Parameter Cross-Site Scripting

PHPGedView 2.5/2.6 - 'login.php' 'Username' Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php Username' Parameter Cross-Site Scripting

Rebus:list - 'list.php' 'list_id' Parameter SQL Injection
Rebus:list - 'list.php list_id' Parameter SQL Injection

SynConnect Pms - 'index.php' 'loginid' Parameter SQL Injection
SynConnect Pms - 'index.php loginid' Parameter SQL Injection
AWS Xms 2.5 - 'importer.php' 'what' Parameter Directory Traversal
Pollen CMS 0.6 - 'index.php' 'p' Paramete' Local File Disclosure
AWS Xms 2.5 - 'importer.php what' Parameter Directory Traversal
Pollen CMS 0.6 - 'index.php p' Paramete' Local File Disclosure

WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php' 'hash Parameter SQL Injection
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash' Parameter SQL Injection
CubeCart 2.0.x - 'tellafriend.php' 'product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_cart.php' 'add' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_product.php' 'product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'tellafriend.php product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_cart.php add' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_product.php product' Parameter Full Path Disclosure

WHMCS 4.x - 'invoicefunctions.php' 'id' Parameter SQL Injection
WHMCS 4.x - 'invoicefunctions.php id' Parameter SQL Injection

AVE.CMS 2.09 - 'index.php' 'module' Parameter Blind SQL Injection
AVE.CMS 2.09 - 'index.php module' Parameter Blind SQL Injection

RadioCMS 2.2 - 'menager.php' 'playlist_id' Parameter SQL Injection
RadioCMS 2.2 - 'menager.php playlist_id' Parameter SQL Injection

SPIP - CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation
SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation

FlatNuke 2.5.x - 'index.php' 'where' Parameter Full Path Disclosure
FlatNuke 2.5.x - 'index.php where' Parameter Full Path Disclosure

UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'download.php Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php message' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php main' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php posted' Parameter SQL Injection

osTicket 1.2/1.3 - 'view.php' 'inc' Parameter Arbitrary Local File Inclusion
osTicket 1.2/1.3 - 'view.php inc' Parameter Arbitrary Local File Inclusion
Ruubikcms 1.1.1 - 'tinybrowser.php' 'folder' Parameter Directory Traversal
DS3 - Authentication Server - Multiple Vulnerabilities
Ruubikcms 1.1.1 - 'tinybrowser.php folder' Parameter Directory Traversal
DS3 Authentication Server - Multiple Vulnerabilities

Kayako LiveResponse 2.0 - 'index.php' 'Username' Parameter Cross-Site Scripting
Kayako LiveResponse 2.0 - 'index.php Username' Parameter Cross-Site Scripting

Utopia News Pro 1.1.3 - 'header.php' 'sitetitle' Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - 'header.php sitetitle' Parameter Cross-Site Scripting

Simple PHP Agenda 2.2.8 - 'edit_event.php' 'eventid' Parameter SQL Injection
Simple PHP Agenda 2.2.8 - 'edit_event.php eventid' Parameter SQL Injection
Aenovo - '/Password/default.asp' Password Field SQL Injection
Aenovo - '/incs/searchdisplay.asp' strSQL Parameter SQL Injection
Aenovo - '/Password/default.asp Password' SQL Injection
Aenovo - '/incs/searchdisplay.asp strSQL' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php' 'usertitleid' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php' 'ids' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php usertitleid' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php ids' Parameter SQL Injection

vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php' 'group' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php group' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' 'email' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php' 'goto' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php' 'orderby' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php email' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php goto' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php orderby' Parameter Cross-Site Scripting
Cyphor 0.19 - lostpwd.php nick Field SQL Injection
Cyphor 0.19 - 'newmsg.php' fid Parameter SQL Injection
Cyphor 0.19 - footer.php t_login Parameter Cross-Site Scripting
Cyphor 0.19 - 'lostpwd.php nick' SQL Injection
Cyphor 0.19 - 'newmsg.php fid' Parameter SQL Injection
Cyphor 0.19 - 'footer.php t_login' Parameter Cross-Site Scripting
MySource 2.14 - 'Socket.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Request.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Socket.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Request.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mail.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Date.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Span.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mimeDecode.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mime.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mail.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Date.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Span.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mimeDecode.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mime.php PEAR_PATH' Remote File Inclusion

Top Games Script 1.2 - 'play.php' 'gid' Parameter SQL Injection
Top Games Script 1.2 - 'play.php gid' Parameter SQL Injection

Elemata CMS RC3.0 - 'global.php' 'id' Parameter SQL Injection
Elemata CMS RC3.0 - 'global.php id' Parameter SQL Injection

PHP-Charts 1.0 - 'index.php' 'type' Parameter Remote Code Execution
PHP-Charts 1.0 - 'index.php type' Parameter Remote Code Execution
PHPList Mailing List Manager 2.x - '/admin/admin.php' 'id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/editattributes.php' 'id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/admin.php id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/editattributes.php id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/configure.php' 'id' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/users.php' 'find' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/configure.php id' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/users.php find' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe' 'tsurl' Parameter Arbitrary Article Access
Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter SQL Injection
Walla TeleSite 3.0 - 'ts.exe tsurl' Parameter Arbitrary Article Access
Walla TeleSite 3.0 - 'ts.exe sug' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe sug' Parameter SQL Injection

GLPI 0.83.9 - 'Unserialize()' Function Remote Code Execution
GLPI 0.83.9 - 'Unserialize()' Remote Code Execution

Binary Board System 0.2.5 - 'toc.pl' 'board' Parameter Cross-Site Scripting
Binary Board System 0.2.5 - 'toc.pl board' Parameter Cross-Site Scripting

Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection
Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php _load_article_details' SQL Injection
IceWarp Universal WebMail - '/dir/include.html' 'lang' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/settings.html' 'Language' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/index.html' 'lang_settings' Parameter Remote File Inclusion
IceWarp Universal WebMail - '/dir/include.html lang' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/settings.html Language' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/index.html lang_settings' Parameter Remote File Inclusion
OnePlug CMS - '/press/details.asp' 'Press_Release_ID' Parameter SQL Injection
OnePlug CMS - '/services/details.asp' 'Service_ID' Parameter SQL Injection
OnePlug CMS - '/products/details.asp' 'Product_ID' Parameter SQL Injection
OnePlug CMS - '/press/details.asp Press_Release_ID' Parameter SQL Injection
OnePlug CMS - '/services/details.asp Service_ID' Parameter SQL Injection
OnePlug CMS - '/products/details.asp Product_ID' Parameter SQL Injection

aoblogger 2.3 - 'login.php' 'Username' Field SQL Injection
aoblogger 2.3 - 'login.php Username' SQL Injection
HiveMail 1.2.2/1.3 - 'addressbook.update.php' 'contactgroupid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'folders.update.php' 'folderid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'addressbook.update.php contactgroupid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'folders.update.php folderid' Parameter Arbitrary PHP Command Execution

ImageVue 0.16.1 - 'readfolder.php' 'path' Parameter Arbitrary Directory Listing
ImageVue 0.16.1 - 'readfolder.php path' Parameter Arbitrary Directory Listing

Virtual Hosting Control System 2.2/2.4 - 'login.php' 'check_login()' Function Authentication Bypass
Virtual Hosting Control System 2.2/2.4 - 'login.php check_login()' Authentication Bypass
dotProject 2.0 - '/modules/projects/gantt.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/db_connect.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/session.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt2.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/vw_files.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/admin/vw_usr_roles.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/calendar.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/date_format.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/tasks/gantt.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt.php dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/db_connect.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/session.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt2.php dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/vw_files.php dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/admin/vw_usr_roles.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/calendar.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/date_format.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/tasks/gantt.php baseDir' Parameter Remote File Inclusion

Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection
Ginkgo CMS - 'index.php rang' Parameter SQL Injection

Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection
Telmanik CMS Press 1.01b - 'pages.php page_name' Parameter SQL Injection

sBlog 0.7.2 - 'search.php' 'keyword' Parameter POST Method Cross-Site Scripting
sBlog 0.7.2 - 'search.php keyword' Parameter POST Method Cross-Site Scripting

MLMAuction Script - 'gallery.php' 'id' Parameter SQL Injection
MLMAuction Script - 'gallery.php id' Parameter SQL Injection

PHPMyForum 4.0 - 'index.php' 'type' Parameter CRLF Injection
PHPMyForum 4.0 - 'index.php type' Parameter CRLF Injection

321soft PHP-Gallery 0.9 - 'index.php' 'path' Parameter Arbitrary Directory Listing
321soft PHP-Gallery 0.9 - 'index.php path' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'index.php' 'pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'galerie.php' 'pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'index.php pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'galerie.php pfad' Parameter Arbitrary Directory Listing

Gphotos 1.4/1.5 - 'index.php' 'rep' Parameter Traversal Arbitrary Directory Listing
Gphotos 1.4/1.5 - 'index.php rep' Parameter Traversal Arbitrary Directory Listing

Woltlab Burning Board FLVideo Addon - 'video.php' 'value' Parameter SQL Injection
Woltlab Burning Board FLVideo Addon - 'video.php value' Parameter SQL Injection

ATutor 1.5.x - 'admin/fix_content.php' 'submit' Parameter Cross-Site Scripting
ATutor 1.5.x - 'admin/fix_content.php submit' Parameter Cross-Site Scripting

glFusion 1.3.0 - 'search.php' 'cat_id' Parameter SQL Injection
glFusion 1.3.0 - 'search.php cat_id' Parameter SQL Injection

Geodesic Solutions Multiple Products - 'index.php' 'b' Parameter SQL Injection
Geodesic Solutions Multiple Products - 'index.php b' Parameter SQL Injection

RadScripts - 'a_editpage.php' 'Filename' Parameter Arbitrary File Overwrite
RadScripts - 'a_editpage.php Filename' Parameter Arbitrary File Overwrite

WoW Roster 1.5 - 'hsList.php' 'subdir' Parameter Remote File Inclusion
WoW Roster 1.5 - 'hsList.php subdir' Parameter Remote File Inclusion

Zen Cart Web Shopping Cart 1.x - 'autoload_func.php' 'autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion
Zen Cart Web Shopping Cart 1.x - 'autoload_func.php autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion

vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.4.0 - 'index.php onlyforuser' Parameter SQL Injection
osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/orders_status.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_attributes.php page' Parameter Cross-Site Scripting

DCP-Portal 6.0 - 'login.php' 'Username' Parameter SQL Injection
DCP-Portal 6.0 - 'login.php Username' Parameter SQL Injection

CubeCart 3.0.x - '/admin/print_order.php' 'order_id' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/print_order.php order_id' Parameter Cross-Site Scripting

CubeCart 3.0.x - '/admin/image.php' 'image' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/image.php image' Parameter Cross-Site Scripting

CubeCart 3.0.x - '/footer.inc.php' 'la_pow_by' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/footer.inc.php la_pow_by' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_manager.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_statistics.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/countries.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/currencies.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/languages.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/manufacturers.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_expected.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/reviews.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/specials.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_purchased.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_viewed.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_classes.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_rates.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/zones.php page' Parameter Cross-Site Scripting

ISearch 2.16 - ISEARCH_PATH Parameter Remote File Inclusion
ISearch 2.16 - 'ISEARCH_PATH' Parameter Remote File Inclusion

Evandor Easy notesManager 0.0.1 - 'login.php' 'Username' Parameter SQL Injection
Evandor Easy notesManager 0.0.1 - 'login.php Username' Parameter SQL Injection

Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php' 'sondage' Parameter SQL Injection
Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage' Parameter SQL Injection
BirdBlog 1.4 - '/admin/admincore.php' 'msg' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/comments.php' 'month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/entries.php' 'month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/logs.php' 'page' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/admincore.php msg' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/comments.php month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/entries.php month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/logs.php page' Parameter Cross-Site Scripting

Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting
Cilem Haber Free Edition - 'hata.asp hata' Parameter Cross-Site Scripting

ImpressPages CMS 3.6 - 'manage()' Function Remote Code Execution
ImpressPages CMS 3.6 - 'manage()' Remote Code Execution
EditTag 1.2 - 'edittag.cgi' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.pl' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.cgi' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.pl' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.cgi file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.pl file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.cgi file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.pl file' Parameter Arbitrary File Disclosure

Project'Or RIA 3.4.0 - 'objectDetail.php' 'objectId' Parameter SQL Injection
Project'Or RIA 3.4.0 - 'objectDetail.php objectId' Parameter SQL Injection
WordPress 2.1.1 - 'wp-includes/theme.php' 'iz' Parameter Arbitrary Command Execution
Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Parameter SQL Injection
WordPress 2.1.1 - 'wp-includes/theme.php iz' Parameter Arbitrary Command Execution
Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php s' Parameter SQL Injection

aBitWhizzy - 'whizzylink.php' 'd' Parameter Traversal Arbitrary Directory Listing
aBitWhizzy - 'whizzylink.php d' Parameter Traversal Arbitrary Directory Listing

PHPLive! 3.2.2 - 'super/info.php' 'BASE_URL' Parameter Parameter Cross-Site Scripting
PHPLive! 3.2.2 - 'super/info.php BASE_URL' Parameter Parameter Cross-Site Scripting
DotClear 1.2.x - '/ecrire/trackback.php' 'post_id' Parameter Cross-Site Scripting
DotClear 1.2.x - '/tools/thememng/index.php' 'tool_url' Parameter Cross-Site Scripting
DotClear 1.2.x - '/ecrire/trackback.php post_id' Parameter Cross-Site Scripting
DotClear 1.2.x - '/tools/thememng/index.php tool_url' Parameter Cross-Site Scripting

ToendaCMS 1.5.3 - HTTP Get And Post Forms HTML Injection
ToendaCMS 1.5.3 - GET / POST Forms HTML Injection

Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php' 'icodir' Parameter Traversal Arbitrary Directory Listing
Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php icodir' Parameter Traversal Arbitrary Directory Listing

Phorum 5.1.20 - 'admin.php' 'module[]' Parameter Full Path Disclosure
Phorum 5.1.20 - 'admin.php module[]' Parameter Full Path Disclosure
DynaTracker 1.5.1 - 'includes_handler.php' 'base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'action.php' 'base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'includes_handler.php base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'action.php base_path' Remote File Inclusion
Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion
Chamilo Lms 1.9.6 - 'profile.php' 'password0 Parameter SQL Injection
Dokeos 2.2 RC2 - 'index.php' 'language' Parameter SQL Injection
Campsite 2.6.1 - 'LocalizerConfig.php g_documentRoot' Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php g_documentRoot' Parameter Remote File Inclusion
Chamilo Lms 1.9.6 - 'profile.php password0 Parameter SQL Injection
Dokeos 2.2 RC2 - 'index.php language' Parameter SQL Injection
NetFlow Analyzer 5 - '/jspui/applicationList.jsp' 'alpha' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/appConfig.jsp' 'task' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/applicationList.jsp alpha' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/appConfig.jsp task' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/selectDevice.jsp' 'rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/customReport.jsp' 'rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/selectDevice.jsp rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/customReport.jsp rtype' Parameter Cross-Site Scripting
geoBlog MOD_1.0 - 'deletecomment.php' 'id' Parameter Arbitrary Comment Deletion
geoBlog MOD_1.0 - 'deleteblog.php' 'id' Parameter Arbitrary Blog Deletion
geoBlog MOD_1.0 - 'deletecomment.php id' Parameter Arbitrary Comment Deletion
geoBlog MOD_1.0 - 'deleteblog.php id' Parameter Arbitrary Blog Deletion
Web News 1.1 - 'feed.php' 'config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'news.php' 'config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'feed.php config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'news.php config[root_ordner]' Parameter Remote File Inclusion

WebBatch - 'webbatch.exe' 'dumpinputdata' Parameter Remote Information Disclosure
WebBatch - 'webbatch.exe dumpinputdata' Parameter Remote Information Disclosure

AfterLogic MailBee WebMail Pro 3.x - 'default.asp' 'mode2' Parameter Cross-Site Scripting
AfterLogic MailBee WebMail Pro 3.x - 'default.asp mode2' Parameter Cross-Site Scripting

phpMyAdmin 2.11.1 - setup.php Cross-Site Scripting
phpMyAdmin 2.11.1 - 'setup.php' Cross-Site Scripting
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php level' Parameter Remote File Inclusion

Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access
Absolute News Manager .NET 5.1 - 'pages/default.aspx template' Parameter Remote File Access

MyBlog 1.x - 'Games.php' 'ID' Remote File Inclusion
MyBlog 1.x - 'Games.php ID' Remote File Inclusion
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp' 'resultsForm' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp' 'helpUrl' Parameter Remote Frame Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp' 'activeControl' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp resultsForm' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp helpUrl' Parameter Remote Frame Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp activeControl' Parameter Cross-Site Scripting
WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc' 'camnum' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic' 'id' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc camnum' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic id' Parameter Arbitrary Memory Disclosure

CiMe - Citas Médicas - Multiple Vulnerabilities
CiMe Citas Médicas - Multiple Vulnerabilities

Elastic Path 4.1 - 'manager/FileManager.jsp' 'dir' Parameter Traversal Arbitrary Directory Listing
Elastic Path 4.1 - 'manager/FileManager.jsp dir' Parameter Traversal Arbitrary Directory Listing

osCommerce 2.3.3.4 - 'geo_zones.php' 'zID' Parameter SQL Injection
osCommerce 2.3.3.4 - 'geo_zones.php zID' Parameter SQL Injection

Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
Concrete5 CMS 5.6.2.1 - 'index.php cID' Parameter SQL Injection

WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php' 'track' Parameter SQL Injection
WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph track' Parameter SQL Injection

PHPEasyData 1.5.4 - admin/login.php 'Username' Field SQL Injection
PHPEasyData 1.5.4 - 'admin/login.php Username' SQL Injection

PHP Ticket System Beta 1 - 'get_all_created_by_user.php' 'id' Parameter SQL Injection
PHP Ticket System Beta 1 - 'get_all_created_by_user.php id' Parameter SQL Injection

webERP 4.11.3 - 'SalesInquiry.php' 'SortBy' Parameter SQL Injection
webERP 4.11.3 - 'SalesInquiry.php SortBy' Parameter SQL Injection

Claroline 1.8.9 - 'claroline/redirector.php' 'url' Parameter Arbitrary Site Redirect
Claroline 1.8.9 - 'claroline/redirector.php url' Parameter Arbitrary Site Redirect

XOOPS 2.0.18 - 'modules/system/admin.php' 'fct' Parameter Traversal Local File Inclusion
XOOPS 2.0.18 - 'modules/system/admin.php fct' Parameter Traversal Local File Inclusion

ownCloud 4.0.x/4.5.x - 'upload.php' 'Filename' Parameter Remote Code Execution
ownCloud 4.0.x/4.5.x - 'upload.php Filename' Parameter Remote Code Execution

InterWorx Control Panel 5.0.13 build 574 - 'xhr.php' 'i' Parameter SQL Injection
InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i' Parameter SQL Injection

MKPortal 1.2.1 - '/modules/rss/handler_image.php' 'i' Parameter Cross-Site Scripting
MKPortal 1.2.1 - '/modules/rss/handler_image.php i' Parameter Cross-Site Scripting

glFusion 1.1 - Anonymous Comment 'Username' Field HTML Injection
glFusion 1.1 - Anonymous Comment 'Username' HTML Injection

IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Function Cross-Site Scripting
IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Cross-Site Scripting

kitForm CRM Extension 0.43 - 'sorter.ph' 'sorter_value' Parameter SQL Injection
kitForm CRM Extension 0.43 - 'sorter.ph sorter_value' Parameter SQL Injection

dompdf 0.6.0 - 'dompdf.php' 'read' Parameter Arbitrary File Read
dompdf 0.6.0 - 'dompdf.php read' Parameter Arbitrary File Read

WordPress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
WordPress Plugin TYPO3 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
DiamondList - '/user/main/update_settings' 'setting[site_title]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_category' 'category[description]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_settings setting[site_title]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_category category[description]' Parameter Cross-Site Scripting

vBulletin 4.0.x < 4.1.2 - 'search.php' 'cat' Parameter SQL Injection
vBulletin 4.0.x < 4.1.2 - 'search.php cat' Parameter SQL Injection

MybbCentral TagCloud 2.0 - 'Topic' Field HTML Injection
MybbCentral TagCloud 2.0 - 'Topic' HTML Injection

Cacti 0.8.7 (RedHat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting
Cacti 0.8.7 (RedHat High Performance Computing [HPC]) - 'utilities.php' Filter Parameter Cross-Site Scripting

Mulitple WordPress Themes - 'admin-ajax.php' 'img' Parameter Arbitrary File Download
Mulitple WordPress Themes - 'admin-ajax.php img' Parameter Arbitrary File Download

Free Arcade Script 1.0 - 'search' Field Cross-Site Scripting
Free Arcade Script 1.0 - 'search' Cross-Site Scripting

Micro CMS 1.0 - 'name' Field HTML Injection
Micro CMS 1.0 - 'name' HTML Injection

MODx manager - '/controllers/default/resource/tvs.php' 'class_key' Parameter Traversal Local File Inclusion
MODx manager - '/controllers/default/resource/tvs.php class_key' Parameter Traversal Local File Inclusion

Bacula-Web 5.2.10 - 'joblogs.php' 'jobid Parameter SQL Injection
Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter SQL Injection
PHP Scripts Now Riddles - '/riddles/results.php' 'searchQuery' Parameter Cross-Site Scripting
PHP Scripts Now Riddles - '/riddles/list.php' 'catid' Parameter SQL Injection
PHP Scripts Now Riddles - '/riddles/results.php searchQuery' Parameter Cross-Site Scripting
PHP Scripts Now Riddles - '/riddles/list.php catid' Parameter SQL Injection

W-Agora 4.2.1 - 'search.php3' 'bn' Parameter Traversal Local File Inclusion
W-Agora 4.2.1 - 'search.php3 bn' Parameter Traversal Local File Inclusion

Piwigo 2.6.0 - 'picture.php' 'rate' Parameter SQL Injection
Piwigo 2.6.0 - 'picture.php rate' Parameter SQL Injection

PHPMyRecipes 1.2.2 - 'dosearch.php' 'words_exact Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter SQL Injection

PHPMyRecipes 1.2.2 - 'browse.php' 'category' Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'browse.php category' Parameter SQL Injection
Dolibarr ERP/CRM - '/user/info.php' 'id' Parameter SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php' 'rowid' Parameter SQL Injection
Dolibarr ERP/CRM - '/user/info.php id' Parameter SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php rowid' Parameter SQL Injection

PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php' 'Expedition' Parameter Cross-Site Scripting
PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition' Parameter Cross-Site Scripting
Manx 1.0.1 - '/admin/admin_blocks.php' 'Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_pages.php' 'Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_blocks.php Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_pages.php Filename' Parameter Traversal Arbitrary File Access

UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting
UBBCentral UBB.Threads 7.5.6 - 'Username' Cross-Site Scripting

OSClass 2.3.3 - 'index.php' 'getParam()' Function Multiple Parameter Cross-Site Scripting
OSClass 2.3.3 - 'index.php getParam()' Multiple Parameter Cross-Site Scripting
11in1 CMS 1.2.1 - 'index.php' 'class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'admin/index.php' 'class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'index.php class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'admin/index.php class' Parameter Traversal Local File Inclusion
Dotclear 2.4.1.2 - '/admin/auth.php' 'login_data' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/blogs.php' 'nb' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/auth.php login_data' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/blogs.php nb' Parameter Cross-Site Scripting

Dotclear 2.4.1.2 - '/admin/plugin.php' 'page' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/plugin.php page' Parameter Cross-Site Scripting

Fork CMS 3.x - 'backend/modules/error/actions/index.php' 'parse()' Function Multiple Parameter Error Display Cross-Site Scripting
Fork CMS 3.x - 'backend/modules/error/actions/index.php parse()' Multiple Parameter Error Display Cross-Site Scripting
11in1 CMS 1.2.1 - 'admin/comments' 'topicID' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/tps' 'id' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/comments topicID' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/tps id' Parameter SQL Injection
SAP Business Objects InfoView System - '/help/helpredir.aspx' 'guide' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/webi/webi_modify.aspx' 'id' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/help/helpredir.aspx guide' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/webi/webi_modify.aspx id' Parameter Cross-Site Scripting

Wikidforum 2.10 - Advanced Search - Multiple Field SQL Injection
Wikidforum 2.10 - Advanced Search Multiple Field SQL Injection

Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php' 'String::stripUnsafeHtml()' Method Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml()' Method Cross-Site Scripting

TeamPass 2.1.5 - 'login' Field HTML Injection
TeamPass 2.1.5 - 'login' HTML Injection

XOOPS 2.5.4 - '/modules/pm/pmlite.php' 'to_userid' Parameter Cross-Site Scripting
XOOPS 2.5.4 - '/modules/pm/pmlite.php to_userid' Parameter Cross-Site Scripting

Kajona - 'getAllPassedParams()' Function Multiple Cross-Site Scripting Vulnerabilities
Kajona - 'getAllPassedParams()' Multiple Cross-Site Scripting Vulnerabilities

PolarisCMS - 'WebForm_OnSubmit()' Function Cross-Site Scripting
PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting

TCExam 11.2.x - '/admin/code/tce_edit_question.php' 'subject_module_id' Parameter SQL Injection
TCExam 11.2.x - '/admin/code/tce_edit_question.php subject_module_id' Parameter SQL Injection

jCore - '/admin/index.php' 'path' Parameter Cross-Site Scripting
jCore - '/admin/index.php path' Parameter Cross-Site Scripting

Cyberoam Firewall CR500iNG-XP - 10.6.2 MR-1 - Blind SQL Injection
Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection

WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf' 'abouttext' Parameter Cross-Site Scripting
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext' Parameter Cross-Site Scripting

cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html' 'acct' Parameter Cross-Site Scripting
cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html acct' Parameter Cross-Site Scripting
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php  reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php reqID' Parameter SQL Injection
Kallithea 0.2.9 - (came_from) HTTP Response Splitting
PHP Address Book - '/addressbook/register/delete_user.php' 'id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/edit_user.php' 'id' Parameter SQL Injection
Kallithea 0.2.9 - 'came_from' HTTP Response Splitting
PHP Address Book - '/addressbook/register/delete_user.php id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/edit_user.php id' Parameter SQL Injection

PHP Address Book - '/addressbook/register/linktick.php' 'site' Parameter SQL Injection
PHP Address Book - '/addressbook/register/linktick.php site' Parameter SQL Injection
PHP Address Book - '/addressbook/register/router.php' 'BasicLogin' Cookie Parameter SQL Injection
PHP Address Book - '/addressbook/register/traffic.php' 'var' Parameter SQL Injection
PHP Address Book - '/addressbook/register/user_add_save.php' 'email' Parameter SQL Injection
PHP Address Book - '/addressbook/register/checklogin.php' 'Username' Parameter SQL Injection
PHP Address Book - '/addressbook/register/admin_index.php' 'q' Parameter SQL Injection
PHP Address Book - '/addressbook/register/router.php BasicLogin' Cookie Parameter SQL Injection
PHP Address Book - '/addressbook/register/traffic.php var' Parameter SQL Injection
PHP Address Book - '/addressbook/register/user_add_save.php email' Parameter SQL Injection
PHP Address Book - '/addressbook/register/checklogin.php Username' Parameter SQL Injection
PHP Address Book - '/addressbook/register/admin_index.php q' Parameter SQL Injection
Hero Framework - '/users/login' 'Username' Parameter Cross-Site Scripting
Hero Framework - '/users/forgot_password' 'error' Parameter Cross-Site Scripting
Hero Framework - '/users/login Username' Parameter Cross-Site Scripting
Hero Framework - '/users/forgot_password error' Parameter Cross-Site Scripting

Jahia xCM - '/engines/manager.jsp' 'site' Parameter Cross-Site Scripting
Jahia xCM - '/engines/manager.jsp site' Parameter Cross-Site Scripting

NeoBill - '/modules/nullregistrar/PHPwhois/example.php' 'query' Parameter Remote Code Execution
NeoBill - '/modules/nullregistrar/PHPwhois/example.php query' Parameter Remote Code Execution

C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp' 'pa' Parameter SQL Injection
C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp pa' Parameter SQL Injection
Command School Student Management System - '/sw/admin_grades.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_terms.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_years.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_sgrades.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_media_codes_1.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_infraction_codes.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_generations.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_relations.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_titles.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/health_allergies.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_names.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_subjects.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_grades.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_terms.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_years.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_sgrades.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_media_codes_1.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_infraction_codes.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_generations.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_relations.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_titles.php id' Parameter SQL Injection
Command School Student Management System - '/sw/health_allergies.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_names.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_subjects.php id' Parameter SQL Injection

Dredge School Administration System - '/DSM/loader.php' 'Id' Parameter SQL Injection
Dredge School Administration System - '/DSM/loader.php Id' Parameter SQL Injection

UAEPD Shopping Script - '/news.php' 'id' Parameter SQL Injection
UAEPD Shopping Script - '/news.php id' Parameter SQL Injection
BloofoxCMS - '/bloofox/index.php' 'Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/admin/index.php' 'Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/index.php Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/admin/index.php Username' Parameter SQL Injection

Xangati - '/servlet/Installer' 'file' Parameter Directory Traversal
Xangati - '/servlet/Installer file' Parameter Directory Traversal
Caldera - '/costview2/jobs.php' 'tr' Parameter SQL Injection
Caldera - '/costview2/printers.php' 'tr' Parameter SQL Injection
Caldera - '/costview2/jobs.php tr' Parameter SQL Injection
Caldera - '/costview2/printers.php tr' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_signup.php' 'a_country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_show_banner.php' 'affiliate_banner_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/create_account.php' 'country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/admin/create_account.php' 'entry_country_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_signup.php a_country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_show_banner.php affiliate_banner_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/create_account.php country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/admin/create_account.php entry_country_id' Parameter SQL Injection

Disc ORGanizer - DORG - Multiple Vulnerabilities
Disc ORGanizer (DORG) - Multiple Vulnerabilities

Apache < 2.2.34 / < 2.4.27 - HTTP OPTIONS Memory Leak
Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak
ClipShare 7.0 - SQL Injection
Complain Management System - Hard-Coded Credentials / Blind SQL injection
 2017-10-11 05:01:35 +00:00
Offensive Security
b49ee665d7 DB: 2017-10-10 
3 new exploits

Rancher Server - Docker Daemon Code Execution (Metasploit)
OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit)

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
 2017-10-10 05:01:34 +00:00
Offensive Security
4e334a292d DB: 2017-10-08 
2 new exploits

Microsoft Windows XP/2003 - Samba Share Resource Exhaustion Exploit
Microsoft Windows XP/2003 - Samba Share Resource Exhaustion (Denial of Service)

Multiple vendors - ZOO file Decompression Infinite Loop Denial of Service (PoC)
ZOO - .ZOO File Decompression Infinite Loop Denial of Service (PoC)

WzdFTPD 0.8.0 - (USER) Remote Denial of Service
WzdFTPD 0.8.0 - 'USER' Remote Denial of Service

Multiple Vendors - 'libc:fts_*()' Local Denial of Service
Libc - 'libc:fts_*()' Local Denial of Service

Asterisk IAX2 - Resource Exhaustion via Attacked IAX Fuzzer
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)

Multiple Web Browsers - Denial of Service
Multiple Browsers - Denial of Service
Multiple browsers - 'history.go()' Denial of Service
Multiple browsers - 'window.print()' Denial of Service
Multiple Browsers - 'history.go()' Denial of Service
Multiple Browsers - 'window.print()' Denial of Service

Multiple Vendors libc/glob(3) - Resource Exhaustion / Remote ftpd-anon
libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)

Check Point Software Firewall-1 4.0/1.4.1 - Resource Exhaustion (Denial of Service)

Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion (Denial of Service)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (1)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (2)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion (Denial of Service) (1)
EType EServ 2.98/2.99/3.0 - Resource Exhaustion (Denial of Service) (2)

Desktop Orbiter 2.0 1 - Resource Exhaustion Denial of Service
Desktop Orbiter 2.0 1 - Resource Exhaustion (Denial of Service)

ACLogic CesarFTP 0.99 - Remote Resource Exhaustion (Denial of Service)

Oracle 9.0 iSQL*Plus TLS Listener - Remote Denial of Service
Oracle 9.0 iSQL*Plus - TLS Listener Remote Denial of Service

Multiple Linksys Routers - LanD Packet Denial of Service
Linksys Routers - LanD Packet Denial of Service

Multiple Mozilla Products - IFRAME JavaScript Execution Vulnerabilities
Multiple Mozilla Products - iFrame JavaScript Execution Vulnerabilities

Multiple D-Link Routers - UPNP Buffer Overflow
D-Link Routers - UPNP Buffer Overflow

Multiple Vendors - Zoo Compression Algorithm Remote Denial of Service
Zoo 2.10 - .ZOO Compression Algorithm Remote Denial of Service

Multiple BSD Platforms - 'strfmon()' Function Integer Overflow
Multiple BSD Distributions - 'strfmon()' Function Integer Overflow

Multiple Vendors Unspecified SVG File Processing - Denial of Service
Firefox / Evince / EoG / GIMP - '.SVG' File Processing Denial of Service

Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion Denial of Service
Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion (Denial of Service)

VMware Player and Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service
VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service

Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial of Service
Libc - 'regcomp()' Stack Exhaustion Denial of Service

Multiple Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service
Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service

Multiple BSD Operating Systems - 'setusercontext()' Vulnerabilities
Multiple BSD Distributions - 'setusercontext()' Vulnerabilities

Multiple Cisco Products - Cisco Global Exploiter Tool
Cisco - Cisco Global Exploiter Tool

Multiple (Almost all) Browsers - Tabbed Browsing Vulnerabilities
Multiple Browsers - Tabbed Browsing Vulnerabilities

Skype extension for Firefox Beta 2.2.0.95 - Clipboard Writing
Skype Extension for Firefox Beta 2.2.0.95 - Clipboard Writing

Multiple D-Link Products - Captcha Bypass
D-Link - Captcha Bypass

Multiple Web Browser (FF3.6.7/SM 2.0.6) - Clickjacking
Multiple Browser (FF3.6.7/SM 2.0.6) - Clickjacking

Check Point Software Firewall-1 4.0/1.4.1 - Resource Exhaustion

hassan Consulting shopping cart 1.18 - Directory Traversal
Hassan Consulting Shopping Cart 1.18 - Directory Traversal

Adobe SVG Viewer 3.0 - postURL/getURL Restriction Bypass
Adobe SVG Viewer 3.0 - 'postURL'/'getURL' Restriction Bypass

ACLogic CesarFTP 0.99 - Remote Resource Exhaustion

Multiple Linksys Devices - DHCP Information Disclosure
Linksys - DHCP Information Disclosure

Oracle HTML DB 1.5/1.6 - wwv_flow.accept p_t02 Parameter Cross-Site Scripting
Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept' 'p_t02' Parameter Cross-Site Scripting

Oracle HTML DB 1.5/1.6 - f p Parameter Cross-Site Scripting
Oracle HTML DB 1.5/1.6 - 'f?p=' Parameter Cross-Site Scripting

Multiple Cisco Products - WebSense Content Filtering Bypass
Cisco - WebSense Content Filtering Bypass

Multiple Vendors - RAR Handling Remote Null Pointer Dereference
ClamAV / UnRAR - .RAR Handling Remote Null Pointer Dereference

Multiple Cisco Products - 'file' Parameter Directory Traversal
Cisco - 'file' Parameter Directory Traversal

Multiple D-Link DCS Products - 'security.cgi' Cross-Site Request Forgery
D-Link DCS - 'security.cgi' Cross-Site Request Forgery

Multiple Vendors - 'RuntimeDiagnosticPing()' Stack Buffer Overflow
D-Link / PLANEX COMMUNICATIONS - 'RuntimeDiagnosticPing()' Stack Buffer Overflow

Multiple Aztech Modem Routers - Session Hijacking
Aztech Modem Routers - Session Hijacking

Mambo Component Security Images 3.0.5 - Inclusion
Mambo Component Security Images 3.0.5 - Remote File Inclusion

Joomla! Component com_bayesiannaivefilter 1.1 - Inclusion
Joomla! Component com_bayesiannaivefilter 1.1 - Remote File Inclusion
Mambo Component 'com_phpshop' 1.2 RC2b - File Inclusion
Mambo Component 'com_a6mambocredits' 1.0.0 - File Inclusion
Mambo Component 'com_phpshop' 1.2 RC2b - Remote File Inclusion
Mambo Component 'com_a6mambocredits' 1.0.0 - Remote File Inclusion
Mambo Component bigAPE-Backup 1.1 - File Inclusion
NES Game and NES System c108122 - File Inclusion
Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion
NES Game and NES System c108122 - Remote File Inclusion

Mambo Component com_serverstat 0.4.4 - File Inclusion
Mambo Component com_serverstat 0.4.4 - Remote File Inclusion

Wili-CMS 0.1.1 - File Inclusion / Cross-Site Scripting / Full Path Disclosure
Wili-CMS 0.1.1 - Remote File Inclusion / Cross-Site Scripting / Full Path Disclosure

phpBB Admin Topic Action Logging Mod 0.94b - File Inclusion
phpBB Admin Topic Action Logging Mod 0.94b - Remote File Inclusion

phpBB User Viewed Posts Tracker 1.0 - File Inclusion
phpBB User Viewed Posts Tracker 1.0 - Remote File Inclusion

phpBB Random User Registration Number 1.0 Mod - Inclusion
phpBB Random User Registration Number 1.0 Mod - Remote File Inclusion

Softerra PHP Developer Library 1.5.3 - File Inclusion
Softerra PHP Developer Library 1.5.3 - Remote File Inclusion

phpBB ACP User Registration Mod 1.0 - File Inclusion
phpBB ACP User Registration Mod 1.0 - Remote File Inclusion

Electronic Engineering Tool (EE TOOL) 0.4.1 - File Inclusion
Electronic Engineering Tool (EE TOOL) 0.4.1 - Remote File Inclusion

phpBB Spider Friendly Module 1.3.10 - File Inclusion
phpBB Spider Friendly Module 1.3.10 - Remote File Inclusion

Tucows Client Code Suite (CSS) 1.2.1015 - File Inclusion
Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion

pre Multiple Vendors shopping malls - Multiple Vulnerabilities
PreProject Multi-Vendor Shopping Malls - Multiple Vulnerabilities

Easy Px 41 CMS 09.00.00B1 - (fiche) Local File Inclusion
Easy Px 41 CMS 09.00.00B1 - 'fiche' Local File Inclusion

Joomla! Component Book Library 1.0 - File Inclusion
Joomla! Component Book Library 1.0 - Remote File Inclusion

Community Translate - File Inclusion
Community Translate - Remote File Inclusion
EZsneezyCal CMS 95.1-95.2 - File Inclusion
EZRecipeZee CMS 91 - File Inclusion
EZsneezyCal CMS 95.1-95.2 - Remote File Inclusion
EZRecipeZee CMS 91 - Remote File Inclusion

AIOCP 1.4.001 - File Inclusion
AIOCP 1.4.001 - Remote File Inclusion

Gbook MX 4.1.0 (Arabic Version) - File Inclusion
Gbook MX 4.1.0 (Arabic Version) - Remote File Inclusion

Multiple D-Link Routers - Authentication Bypass
D-Link Routers - Authentication Bypass (2)

29o3 CMS - (LibDir) Multiple Remote File Inclusion
29o3 CMS - 'LibDir' Multiple Remote File Inclusion

MyNews 1.0 CMS - SQL Injection / Local File Inclusion / Cross-Site Scripting
MyNews CMS 1.0 - SQL Injection / Local File Inclusion / Cross-Site Scripting

Pre Multiple Vendors Shopping Malls - SQL Injection
PreProject Multi-Vendor Shopping Malls - SQL Injection

Pre Multiple Vendors Shopping Malls - 'products.php?sid' SQL Injection
PreProject Multi-Vendor Shopping Malls - 'products.php?sid' SQL Injection

Pre Multiple Vendors Shopping Malls - SQL Injection / Authentication Bypass
PreProject Multi-Vendor Shopping Malls - SQL Injection / Authentication Bypass

Multiple D-Link Routers (Multiple Models) - Authentication Bypass
D-Link Routers - Authentication Bypass (1)

Multiple Linksys Routers - Cross-Site Request Forgery
Linksys Routers - Cross-Site Request Forgery

Joomla! Component 'Scriptegrator' 1.5 - File Inclusion
Joomla! Component 'Scriptegrator' 1.5 - Local File Inclusion

BbZL.php - File Inclusion
BbZL.php - Remote File Inclusion

FCMS 2.7.2 CMS - Multiple Cross-Site Request Forgery Vulnerabilities
FCMS CMS  2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities

Cyberoam Central Console 2.00.2 - File Inclusion
Cyberoam Central Console 2.00.2 - Remote File Inclusion
Dolibarr ERP & CRM 3 - Authenticated OS Command Injection (Metasploit)
Dolibarr ERP & CRM - OS Command Injection
Dolibarr ERP/CRM 3 - Authenticated OS Command Injection (Metasploit)
Dolibarr ERP/CRM - OS Command Injection
VamCart 0.9 CMS - Multiple Vulnerabilities
PBBoard 2.1.4 CMS - Multiple Vulnerabilities
VamCart CMS 0.9 - Multiple Vulnerabilities
PBBoard CMS 2.1.4 - Multiple Vulnerabilities

Flynax General Classifieds 4.0 CMS - Multiple Vulnerabilities
Flynax General Classifieds CMS 4.0 - Multiple Vulnerabilities

PG Dating Pro 1.0 CMS - Multiple Vulnerabilities
PG Dating Pro CMS 1.0 - Multiple Vulnerabilities

Artmedic Webdesign Kleinanzeigen Script - File Inclusion
Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion

Multiple D-Link Devices - Multiple Vulnerabilities
D-Link - Multiple Vulnerabilities

Utopia News Pro 1.1.3 - header.php sitetitle Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - 'header.php' 'sitetitle' Parameter Cross-Site Scripting

Utopia News Pro 1.1.3 - footer.php Multiple Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - 'footer.php' Multiple Parameter Cross-Site Scripting

Multiple D-Link Devices - OS-Command Injection via UPnP Interface
D-Link - OS-Command Injection via UPnP Interface

WordPress Plugin Spicy Blogroll - File Inclusion
WordPress Plugin Spicy Blogroll - Local File Inclusion

OliveOffice Mobile Suite 2.0.3 iOS - File Inclusion
OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion

ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass
ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass

Piwigo 2.5.3 CMS - Multiple Web Vulnerabilities
Piwigo CMS 2.5.3 - Multiple Web Vulnerabilities

Office Assistant Pro 2.2.2 iOS - File Inclusion
Office Assistant Pro 2.2.2 iOS - Local File Inclusion

WiFiles HD 1.3 iOS - File Inclusion
WiFiles HD 1.3 iOS - Locla File Inclusion

PDF Album 1.7 iOS - File Inclusion
PDF Album 1.7 iOS - Local File Inclusion

Multiple D-Link Routers - Multiple Vulnerabilities
D-Link Routers - Multiple Vulnerabilities

Multiple Consona Products - 'n6plugindestructor.asp' Cross-Site Scripting
Consona - 'n6plugindestructor.asp' Cross-Site Scripting

Photo Org WonderApplications 8.3 iOS - File Inclusion
Photo Org WonderApplications 8.3 iOS - Local File Inclusion

Pre Projects Multiple Vendors Shopping Malls - 'products.php' SQL Injection
PreProject Multi-Vendor Shopping Malls - 'products.php' SQL Injection

PhotoSync Wifi & Bluetooth 1.0 - File Inclusion
PhotoSync Wifi & Bluetooth 1.0 - Local File Inclusion

Photorange 1.0 iOS - File Inclusion
Photorange 1.0 iOS - Local File Inclusion

GS Foto Uebertraeger 3.0 iOS - File Inclusion
GS Foto Uebertraeger 3.0 iOS - Local File Inclusion

iFunBox Free 1.1 iOS - File Inclusion
iFunBox Free 1.1 iOS - Local File Inclusion

Pimcore 2.3.0/3.0 CMS - SQL Injection
Pimcore CMS 2.3.0/3.0 - SQL Injection

Dolibarr 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting

Dolibarr 3.1 ERP/CRM - Multiple Script URI Cross-Site Scripting
Dolibarr ERP/CRM 3.1 - Multiple Script URI Cross-Site Scripting

Dolibarr 3.x - 'adherents/fiche.php' SQL Injection
Dolibarr CMS 3.x - 'adherents/fiche.php' SQL Injection
11in1 CMS 1.2.1 - 'index.php' class Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - admin/index.php class Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'index.php' 'class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'admin/index.php' 'class' Parameter Traversal Local File Inclusion
Wifi Drive Pro 1.2 iOS - File Inclusion
Photo Manager Pro 4.4.0 iOS - File Inclusion
Mobile Drive HD 1.8 - File Inclusion Web
Wifi Drive Pro 1.2 iOS - Local File Inclusion
Photo Manager Pro 4.4.0 iOS - Local File Inclusion
Mobile Drive HD 1.8 - Local File Inclusion

Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
11in1 CMS 1.2.1 - admin/comments topicID Parameter SQL Injection
11in1 CMS 1.2.1 - admin/tps id Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/comments' 'topicID' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/tps' 'id' Parameter SQL Injection

PhotoWebsite 3.1 iOS - File Inclusion
PhotoWebsite 3.1 iOS - Local File Inclusion

vPhoto-Album 4.2 iOS - File Inclusion
vPhoto-Album 4.2 iOS - Local File Inclusion

PDF Converter & Editor 2.1 iOS - File Inclusion
PDF Converter & Editor 2.1 iOS - Local File Inclusion

Wireless Photo Transfer 3.0 iOS - File Inclusion
Wireless Photo Transfer 3.0 iOS - Local File Inclusion

WordPress Plugin Really Simple Guest Post 1.0.6 - File Inclusion
WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion

My.WiFi USB Drive 1.0 iOS - File Inclusion
My.WiFi USB Drive 1.0 iOS - Local File Inclusion

Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure
D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure

WordPress Plugin Dharma Booking 2.38.3 - File Inclusion
WordPress Plugin Dharma Booking 2.38.3 -  Remote File Inclusion

Multiple Vendors (RomPager 4.34) - Misfortune Cookie Router Authentication Bypass
RomPager 4.34 (Multiple Router Vendors) - 'Misfortune Cookie' Authentication Bypass

Multiple NETGEAR Routers - Password Disclosure
NETGEAR Routers - Password Disclosure
 2017-10-08 05:01:28 +00:00
Offensive Security
d4e17b950d DB: 2017-10-05 
9 new exploits

FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service
FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service)

FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service
FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service

SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC)
SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC)
Minix 3.1.2a - tty panic Local Denial of Service
Minix 3.1.2a - tty panic Remote Denial of Service
Minix 3.1.2a - Local TTY Panic (Denial of Service)
Minix 3.1.2a - Remote TTY Panic (Denial of Service)

Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit
Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)

QNX 6.4.0 - bitflipped elf binary 'id' Kernel Panic Exploit
QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service)

FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit
FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service)

FreeBSD and OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service
FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service

Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic Denial of Service (2)
Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2)

Apple Mac OSX < 10.6.7 - Kernel Panic
Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)

genstat 14.1.0.5943 - Multiple Vulnerabilities
GenStat 14.1.0.5943 - Multiple Vulnerabilities

FreeBSD 3.0 - UNIX-domain Panic (Denial of Service)

Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service)

Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service
Apple Mac OSX 10.2.2 - Directory Kernel Panic (Denial of Service)

OpenBSD 5.5 - Local Kernel Panic
OpenBSD 5.5 - Local Kernel Panic (Denial of Service)

OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)

FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow

Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)

WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)

Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation
Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Privilege Escalation

FreeBSD TOP - Format String
FreeBSD /usr/bin/top - Format String

Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation
Qpopper 4.0.8 (FreeBSD) - Privilege Escalation

Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation
Sudo 1.6.9p18 - 'Defaults SetEnv' Privilege Escalation

FreeBSD 8.0 Run-Time Link-Editor (rtld) - Privilege Escalation
FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Privilege Escalation

FreeBSD 3.0 - UNIX-domain panic

FreeBSD 3.5/4.x - top Format String
FreeBSD 3.5/4.x /usr/bin/top - Format String

OpenBSD 5.6 - Multiple Local Kernel Panics

Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation

DiskBoss Enterprise 8.4.16 - Local Buffer Overflow

Microsoft Windows - RPC Locator Service Remote Exploit
Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit

Microsoft Windows - SMB Authentication Remote Exploit
Microsoft Windows 2000/XP - SMB Authentication Remote Exploit

Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit
Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit

Winmail Mail Server 2.3 - Remote Format String
Winmail Mail Server 2.3 Build 0402 - Remote Format String

Linux eXtremail 1.5.x - Remote Format Strings Exploit
eXtremail 1.5.x (Linux) - Remote Format Strings Exploit

QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow
QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow

Solaris 9 (UltraSPARC) - sadmind Remote Code Execution
Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution

Sun One WebServer 6.1 - JSP Source Viewing
Sun One WebServer 6.1 - .JSP Source Viewing

Solaris 7.0 - Recursive mutex_enter Panic

MySQL - Windows Remote System Level Exploit (Stuxnet technique)
MySQL - 'Stuxnet Technique' Windows Remote System Exploit

vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)
vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)

vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload (Metasploit)
vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit)

ERS Data System 1.8.1 - Java Deserialization

Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Linux/x86_64 - Kill All Processes Shellcode (19 bytes)
Linux/x86_64 - Fork Bomb Shellcode (11 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)

Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)

vtiger CRM 4.2 - (calpath) Multiple Remote File Inclusion
vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion

Flatnuke 2.7.1 - (level) Privilege Escalation
Flatnuke 2.7.1 - 'level' Privilege Escalation

Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting

Cilem Haber 1.4.4 (Tr) - Database Disclosure (Python)
Cilem Haber 1.4.4 (Tr) - Database Disclosure

Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion
vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion

vtiger CRM 5.1.0 - Local File Inclusion
vTiger CRM 5.1.0 - Local File Inclusion
phpmychat plus 1.94 rc1 - Multiple Vulnerabilities
template CMS 2.1.1 - Multiple Vulnerabilities
phpmybittorrent 2.04 - Multiple Vulnerabilities
phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities
Template CMS 2.1.1 - Multiple Vulnerabilities
phpMyBitTorrent 2.04 - Multiple Vulnerabilities
vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting
vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting
vtiger CRM 4.2 - SQL Injection
vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting
vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting
vTiger CRM 4.2 - SQL Injection

DreamLevels Dream Poll 3.0 - View_Results.php SQL Injection
DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection

vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities

Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
osCommerce 2.2 - admin/orders_status.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/products_attributes.php page Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/countries.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/languages.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/manufacturers.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/products_expected.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/reviews.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/specials.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/stats_products_purchased.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/stats_products_viewed.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/tax_rates.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/zones.php page Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting

Cilem Haber Free Edition - hata.asp hata Parameter Cross-Site Scripting
Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting

GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting
GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting
Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion

Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion

vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities

ITS SCADA 'Username' - SQL Injection
ITS SCADA - 'Username' SQL Injection

vtiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion
vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion

vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
vtiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting
vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting
vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting
vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting
vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection

vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

Vtiger CRM 6.3.0 - Authenticated Remote Code Execution
vTiger CRM 6.3.0 - Authenticated Remote Code Execution
EPESI 1.8.2 rev20170830 - Cross-Site Scripting
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
ClipBucket 2.8.3 - Remote Code Execution
 2017-10-05 05:01:29 +00:00
Offensive Security
ecfeb57577 DB: 2017-10-03 
15 new exploits

Linux Kernel < 4.14.rc3  - Local Denial of Service
Dnsmasq < 2.78 - 2-byte Heap-Based Overflow
Dnsmasq < 2.78 - Heap-Based Overflow
Dnsmasq < 2.78 - Stack-Based Overflow
Dnsmasq < 2.78 - Information Leak
Dnsmasq < 2.78 - Lack of free() Denial of Service
Dnsmasq < 2.78 - Integer Underflow
UCOPIA Wireless Appliance < 5.1.8 - Privilege Escalation
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape

Qmail SMTP - Bash Environment Variable Injection (Metasploit)
NPM-V (Network Power Manager) 2.4.1 - Password Reset
phpCollab 2.5.1 - Arbitrary File Upload
phpCollab 2.5.1 - SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection
 2017-10-03 05:01:26 +00:00
Offensive Security
a92226f6ac DB: 2017-09-29 
14 new exploits

DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC)
Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass
DiskBoss Enterprise 8.4.16 - 'Import Command' Buffer Overflow

LAquis SCADA 4.1.0.2385 - Directory Traversal (Metasploit)
Oracle WebLogic Server 10.3.6.0 - Java Deserialization
Cisco Prime Collaboration Provisioning < 12.1 - Authentication Bypass / Remote Code Execution

Wordpress Plugin Ads Pro <= 3.4 - Cross-Site Scripting / SQL Injection
Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure
Trend Micro OfficeScan 11.0/XG (12.0) - Code Execution / Memory Corruption
Trend Micro OfficeScan 11.0/XG (12.0) - Information Disclosure
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery
Trend Micro OfficeScan 11.0/XG (12.0) - 'Host' Header Injection
Roteador Wireless Intelbras WRN150 - Autentication Bypass
Easy Blog PHP Script 1.3a - 'id' Parameter SQL Injection
 2017-09-29 05:01:35 +00:00
Offensive Security
ec599357c0 DB: 2017-09-28 
21 new exploits

Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing
Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing
Adobe Flash - Out-of-Bounds Read in applyToRange

CyberArk Viewfinity 5.5.10.95 - Privilege Escalation

PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution

Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response

Tiny HTTPd 0.1.0 - Directory Traversal

Free PHP photo Gallery script - Remote File Inclusion
Free PHP Photo Gallery Script - Remote File Inclusion

WordPress Plugin School Management System - SQL Injection
iTech Dating Script 3.40 - SQL Injection
iTech Job Script 9.27 - SQL Injection
WordPress Plugin Content Timeline - SQL Injection
Job Links - Arbitrary File Upload
TicketPlus - Arbitrary File Upload
Photo Fusion - Arbitrary File Upload
SMSmaster - SQL Injection
AMC Master - Arbitrary File Upload
WordPress Plugin WPCHURCH - SQL Injection
WordPress Plugin WPGYM - SQL Injection
WordPress Plugin Hospital Management System - SQL Injection
Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation
WordPress Plugin WPAMS - SQL Injection
 2017-09-28 05:01:27 +00:00
Offensive Security
a06626c22f DB: 2017-09-27 
8 new exploits

Supervisor 3.0a1 - 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit)
Supervisor 3.0a1 < 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit)
FLIR Thermal Camera F/FC/PT/D - SSH Backdoor
NodeJS Debugger - Command Injection (Metasploit)

Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)
FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution
FLIR Thermal Camera F/FC/PT/D - Information Disclosure
FLIR Thermal Camera FC-S/PT - Command Injection
FLIR Thermal Camera F/FC/PT/D - Stream Disclosure
Sitefinity CMS 9.2 - Cross-Site Scripting
 2017-09-27 05:01:31 +00:00
Offensive Security
13a6e2baaf DB: 2017-09-20 
8 new exploits

McAfee E-Business Server 8.5.2 - Remote Unauthenticated Code Execution / Denial of Service (PoC)
McAfee E-Business Server 8.5.2 - Unauthenticated Remote Code Execution / Denial of Service (PoC)

Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization
Apple macOS - Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading
Microsoft Edge 38.14393.1066.0 - 'COptionsCollectionCacheItem::GetAt' Out-of-Bounds Read

Xcode OpenBase 9.1.5 (OSX) - (root file create) Privilege Escalation
Xcode OpenBase 9.1.5 (OSX) - (Root File Create) Privilege Escalation

Xcode OpenBase 10.0.0 (OSX) - (unsafe system call) Privilege Escalation
Xcode OpenBase 10.0.0 (OSX) - (Unsafe System Call) Privilege Escalation

eTrust AntiVirus Agent r8 - Local Privilege Escalation
eTrust AntiVirus Agent r8 - Privilege Escalation

WICD 1.7.1 - Local Privilege Escalation
WICD 1.7.1 - Privilege Escalation

Novell Client 4.91 SP4 - Local Privilege Escalation
Novell Client 4.91 SP4 - Privilege Escalation

H-Sphere Webshell 2.4 - Privilege Escalation
H-Sphere WebShell 2.4 - Privilege Escalation

Zend Platform 2.2.1 - PHP.INI File Modification
Zend Platform 2.2.1 - 'PHP.INI' File Modification

AIX 7.1 - lquerylv Privilege Escalation
AIX 7.1 - 'lquerylv' Privilege Escalation

sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation
Sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation

Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation
Serviio PRO 1.8 DLNA Media Streaming Server - Privilege Escalation

Automated Logic WebCTRL 6.5 - Local Privilege Escalation
Automated Logic WebCTRL 6.5 - Privilege Escalation

Netdecision 5.8.2 - Local Privilege Escalation
Netdecision 5.8.2 - Privilege Escalation

H-Sphere Webshell 2.4 - Remote Command Execution
H-Sphere WebShell 2.4 - Remote Command Execution

NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Remote Perl Code Execution (Metasploit)
NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Perl Remote Code Execution (Metasploit)

STUNSHELL Web Shell - Remote PHP Code Execution (Metasploit)
STUNSHELL Web Shell - PHP Remote Code Execution (Metasploit)

v0pCr3w Web Shell - Remote Code Execution (Metasploit)
v0pCr3w (Web Shell) - Remote Code Execution (Metasploit)

InstantCMS 1.6 - Remote PHP Code Execution (Metasploit)
InstantCMS 1.6 - PHP Remote Code Execution (Metasploit)

Drupal Module RESTWS 7.x - Remote PHP Code Execution (Metasploit)
Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)

HPE < 7.2 - Java Deserialization

Tecnovision DLX Spot - SSH Backdoor

phpBB 2.0.15 - (highlight) Remote PHP Code Execution
phpBB 2.0.15 - 'highlight' PHP Remote Code Execution

phpBB 2.0.15 - Remote PHP Code Execution (Metasploit)
phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)

versatileBulletinBoard 1.00 RC2 - (board takeover) SQL Injection
versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection

VuBB Forum RC1 - (m) SQL Injection
VuBB Forum RC1 - 'm' SQL Injection
Wizz Forum 1.20 - (TopicID) SQL Injection
PHPWebThings 1.4 - (msg/forum) SQL Injection
Wizz Forum 1.20 - 'TopicID' SQL Injection
PHPWebThings 1.4 - 'msg'/'forum' SQL Injection

webSPELL 4.01 - (title_op) SQL Injection
webSPELL 4.01 - 'title_op' SQL Injection

YapBB 1.2 - (cfgIncludeDirectory) Remote Command Execution
YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution
TopList 1.3.8 - (phpBB Hack) Remote File Inclusion (1)
Advanced Guestbook 2.4.0 - (phpBB) File Inclusion
TopList 1.3.8 - (phpBB Hack) Remote File Inclusion (2)
Advanced Guestbook 2.4.0 - (phpBB) Remote File Inclusion
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (1)
Advanced Guestbook 2.4.0 - 'phpBB' File Inclusion
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (2)
Advanced Guestbook 2.4.0 - 'phpBB' Remote File Inclusion

Knowledge Base Mod 2.0.2 - (phpBB) Remote File Inclusion
Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion
phpRaid 3.0.b3 - (phpBB/SMF) Remote File Inclusion
pafileDB 2.0.1 - (mxBB/phpBB) Remote File Inclusion
phpRaid 3.0.b3 - 'phpBB'/'SMF' Remote File Inclusion
pafileDB 2.0.1 - 'mxBB'/'phpBB' Remote File Inclusion

Foing 0.7.0 - (phpBB) Remote File Inclusion
Foing 0.7.0 - 'phpBB' Remote File Inclusion

Activity MOD Plus 1.1.0 - (phpBB Mod) File Inclusion
Activity MOD Plus 1.1.0 - 'phpBB Mod' File Inclusion

Blend Portal 1.2.0 - (phpBB Mod) Remote File Inclusion
Blend Portal 1.2.0 - 'phpBB Mod' Remote File Inclusion

XMB 1.9.6 - (u2uid) SQL Injection (mq=off)
XMB 1.9.6 - (mq=off) 'u2uid' SQL Injection

Web3news 0.95 - (PHPSECURITYADMIN_PATH) Remote File Inclusion
Web3news 0.95 - 'PHPSECURITYADMIN_PATH' Remote File Inclusion

Yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion
Yappa-ng 2.3.1 - 'admin_modules' Remote File Inclusion

TualBLOG 1.0 - (icerikno) SQL Injection
TualBLOG 1.0 - 'icerikno' SQL Injection

Tekman Portal 1.0 - (tr) SQL Injection
Tekman Portal 1.0 - 'tr' SQL Injection

MyReview 1.9.4 - (email) SQL Injection / Code Execution
MyReview 1.9.4 - 'email' SQL Injection / Code Execution

phpQuestionnaire 3.12 - (phpQRootDir) Remote File Inclusion
phpQuestionnaire 3.12 - 'phpQRootDir' Remote File Inclusion

phpBB Static Topics 1.0 - phpbb_root_path File Inclusion
phpBB Static Topics 1.0 - 'phpbb_root_path' File Inclusion

CentiPaid 1.4.2 - centipaid_class.php Remote File Inclusion
CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion

webSPELL 4.01.01 - (getsquad) SQL Injection
webSPELL 4.01.01 - 'getsquad' SQL Injection

Osprey 1.0 - GetRecord.php Remote File Inclusion
Osprey 1.0 - 'GetRecord.php' Remote File Inclusion
Techno Dreams Announcement - (key) SQL Injection
Techno Dreams Guestbook 1.0 - (key) SQL Injection
Techno Dreams Announcement - 'key' SQL Injection
Techno Dreams Guestbook 1.0 - 'key' SQL Injection

GEPI 1.4.0 - gestion/savebackup.php Remote File Inclusion
GEPI 1.4.0 - 'gestion/savebackup.php' Remote File Inclusion

PHPGiggle 12.08 - (CFG_PHPGIGGLE_ROOT) File Inclusion
PHPGiggle 12.08 - 'CFG_PHPGIGGLE_ROOT' File Inclusion

mxBB Module Meeting 1.1.2 - Remote FileInclusion
mxBB Module Meeting 1.1.2 - Remote File Inclusion

Uploader & Downloader 3.0 - (id_user) SQL Injection
Uploader & Downloader 3.0 - 'id_user' SQL Injection

The Classified Ad System 1.0 - (main) SQL Injection
The Classified Ad System 1.0 - 'main' SQL Injection

VisoHotlink 1.01 - functions.visohotlink.php Remote File Inclusion
VisoHotlink 1.01 - 'functions.visohotlink.php' Remote File Inclusion

vhostadmin 0.1 - (MODULES_DIR) Remote File Inclusion
vhostadmin 0.1 - 'MODULES_DIR' Remote File Inclusion

XLAtunes 0.1 - (album) SQL Injection
XLAtunes 0.1 - 'album' SQL Injection

webSPELL 4.01.02 - (topic) SQL Injection
webSPELL 4.01.02 - 'topic' SQL Injection

webSPELL 4.01.02 - Remote PHP Code Execution
webSPELL 4.01.02 - PHP Remote Code Execution

PHP-Nuke - iFrame (iframe.php) Remote File Inclusion
PHP-Nuke - 'iframe.php' Remote File Inclusion

XOOPS Module Camportail 1.1 - (camid) SQL Injection
XOOPS Module Camportail 1.1 - 'camid' SQL Injection

Mutant 0.9.2 - mutant_functions.php Remote File Inclusion
Mutant 0.9.2 - 'mutant_functions.php' Remote File Inclusion

Original 0.11 - config.inc.php x[1] Remote File Inclusion
Original 0.11 - 'config.inc.php' 'x[1]' Remote File Inclusion

Glossword 1.8.1 - custom_vars.php Remote File Inclusion
Glossword 1.8.1 - 'custom_vars.php' Remote File Inclusion

GeekLog 2.x - ImageImageMagick.php Remote File Inclusion
GeekLog 2.x - 'ImageImageMagick.php' Remote File Inclusion

Vizayn Urun Tanitim Sistemi 0.2 - (tr) SQL Injection
Vizayn Urun Tanitim Sistemi 0.2 - 'tr' SQL Injection

WBB2-Addon: Acrotxt 1.0 - (show) SQL Injection
WBB2-Addon: Acrotxt 1.0 - 'show' SQL Injection

STPHPLibrary - (STPHPLIB_DIR) Remote File Inclusion
STPHPLibrary - 'STPHPLIB_DIR' Remote File Inclusion

phpFFL 1.24 - PHPFFL_FILE_ROOT Remote File Inclusion
phpFFL 1.24 - 'PHPFFL_FILE_ROOT' Remote File Inclusion

phpBB Mod OpenID 0.2.0 - BBStore.php Remote File Inclusion
phpBB Mod OpenID 0.2.0 - 'BBStore.php' Remote File Inclusion

LiveAlbum 0.9.0 - common.php Remote File Inclusion
LiveAlbum 0.9.0 - 'common.php' Remote File Inclusion

Pindorama 0.1 - client.php Remote File Inclusion
Pindorama 0.1 - 'client.php' Remote File Inclusion
Socketmail 2.2.8 - fnc-readmail3.php Remote File Inclusion
TOWeLS 0.1 - scripture.php Remote File Inclusion
Socketmail 2.2.8 - 'fnc-readmail3.php' Remote File Inclusion
TOWeLS 0.1 - 'scripture.php' Remote File Inclusion

Sige 0.1 - sige_init.php Remote File Inclusion
Sige 0.1 - 'sige_init.php' Remote File Inclusion

Scribe 0.2 - Remote PHP Code Execution
Scribe 0.2 - PHP Remote Code Execution

patBBcode 1.0 - bbcodeSource.php Remote File Inclusion
patBBcode 1.0 - 'bbcodeSource.php' Remote File Inclusion

Tilde CMS 4.x - (aarstal) SQL Injection
Tilde CMS 4.x - 'aarstal' SQL Injection

CityWriter 0.9.7 - head.php Remote File Inclusion
CityWriter 0.9.7 - 'head.php' Remote File Inclusion

PhpMyDesktop/Arcade 1.0 Final - (phpdns_basedir) Remote File Inclusion
PhpMyDesktop/Arcade 1.0 Final - 'phpdns_basedir' Remote File Inclusion

WebSihirbazi 5.1.1 - (pageid) SQL Injection
WebSihirbazi 5.1.1 - 'pageid' SQL Injection

Blakord Portal Beta 1.3.A - (all modules) SQL Injection
Blakord Portal Beta 1.3.A - (All Modules) SQL Injection

PHP Links 1.3 - smarty.php Remote File Inclusion
PHP Links 1.3 - 'smarty.php' Remote File Inclusion

Aterr 0.9.1 - Local File Inclusion (PHP5)
Aterr 0.9.1 - PHP5 Local File Inclusion

phpEmployment - (PHP upload) Arbitrary File Upload
phpEmployment - 'PHP Upload' Arbitrary File Upload

XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution

Xplode CMS - (wrap_script) SQL Injection
Xplode CMS - 'wrap_script' SQL Injection

VS PANEL 7.3.6 - (Cat_ID) SQL Injection
VS PANEL 7.3.6 - 'Cat_ID' SQL Injection

WebMember 1.0 - (formID) SQL Injection
WebMember 1.0 - 'formID' SQL Injection

Dokuwiki 2009-02-14 - Remote/Temporary File Inclusion
Dokuwiki 2009-02-14 - Temporary/Remote File Inclusion

Kjtechforce mailman b1 - (code) SQL Injection Delete Row
Kjtechforce mailman b1 - (Delete Row) 'code' SQL Injection

Virtue Classifieds - (category) SQL Injection
Virtue Classifieds - 'category' SQL Injection

XOOPS Celepar Module Qas - (codigo) SQL Injection
XOOPS Celepar Module Qas - 'codigo' SQL Injection

URA 3.0 - (cat) SQL Injection
URA 3.0 - 'cat' SQL Injection

TYPO3 CMS 4.0 - (showUid) SQL Injection
TYPO3 CMS 4.0 - 'showUid' SQL Injection

Typing Pal 1.0 - (idTableProduit) SQL Injection
Typing Pal 1.0 - 'idTableProduit' SQL Injection

Videos Broadcast Yourself 2 - (UploadID) SQL Injection
Videos Broadcast Yourself 2 - 'UploadID' SQL Injection

Uiga Church Portal - (year) SQL Injection
Uiga Church Portal - 'year' SQL Injection

Network Management/Inventory System - header.php Remote File Inclusion
Network Management/Inventory System - 'header.php' Remote File Inclusion

BASE 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit)
BASE 1.2.4 - 'base_qry_common.php' Remote File Inclusion (Metasploit)

PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection
PHP-Nuke 8.0 - (News Module) Cross-Site Scripting / HTML Code Injection

Vivid Ads Shopping Cart - (prodid) SQL Injection
Vivid Ads Shopping Cart - 'prodid' SQL Injection

WorldPay Script Shop - (productdetail) SQL Injection
WorldPay Script Shop - 'productdetail' SQL Injection

tincan ltd - (section) SQL Injection
tincan ltd - 'section' SQL Injection

Template Seller Pro 3.25 - (tempid) SQL Injection
Template Seller Pro 3.25 - 'tempid' SQL Injection

Webloader 7 < 8 - (vid) SQL Injection
Webloader 7 < 8 - 'vid' SQL Injection

web5000 - (page_show) SQL Injection
web5000 - 'page_show' SQL Injection

Cosmos Solutions CMS - (id= / page=) SQL Injection
Cosmos Solutions CMS - 'id=' / 'page=' SQL Injection

iBoutique - (page) SQL Injection / Cross-Site Scripting
iBoutique - 'page' SQL Injection / Cross-Site Scripting

OpenX - (phpAdsNew) Remote File Inclusion
OpenX - 'phpAdsNew' Remote File Inclusion

System Shop - (Module aktka) SQL Injection
System Shop - 'Module aktka' SQL Injection

TikiWiki tiki-graph_formula - Remote PHP Code Execution (Metasploit)
TikiWiki tiki-graph_formula - PHP Remote Code Execution (Metasploit)

vBulletin 4.0.x 4.1.3 - (messagegroupid) SQL Injection
vBulletin 4.0.x 4.1.3 - 'messagegroupid' SQL Injection

PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (1)
PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (1)

YABB SE 0.8/1.4/1.5 - Packages.php Remote File Inclusion
YABB SE 0.8/1.4/1.5 - 'Packages.php' Remote File Inclusion

Invision Board 1.1.1 - ipchat.php Remote File Inclusion
Invision Board 1.1.1 - 'ipchat.php' Remote File Inclusion

Typo3 3.5 b5 - Translations.php Remote File Inclusion
Typo3 3.5 b5 - 'Translations.php' Remote File Inclusion

Webchat 0.77 - Defines.php Remote File Inclusion
Webchat 0.77 - 'Defines.php' Remote File Inclusion

PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection
PHP-Nuke 6.5 - (Multiple Downloads Module) SQL Injection

ttCMS 2.2/2.3 - header.php Remote File Inclusion
ttCMS 2.2/2.3 - 'header.php' Remote File Inclusion

PMachine 2.2.1 - Lib.Inc.php Remote File Inclusion Command Execution
PMachine 2.2.1 - 'Lib.Inc.php' Remote File Inclusion / Command Execution

HolaCMS 1.2.x - HTMLtags.php Local File Inclusion
HolaCMS 1.2.x - 'HTMLtags.php' Local File Inclusion

WebCalendar 0.9.x - Multiple Module SQL Injection
WebCalendar 0.9.x - (Multiple Modules) SQL Injection

PHP-Nuke 6.x - Multiple Module SQL Injection
PHP-Nuke 6.x - (Multiple Modules) SQL Injection

EasyDynamicPages 1.0 - 'config_page.php' Remote PHP File Inclusion
EasyDynamicPages 1.0 - 'config_page.php' PHP Remote File Inclusion

VisualShapers EZContents 1.4/2.0 - module.php Remote Command Execution
VisualShapers EZContents 1.4/2.0 - 'module.php' Remote Command Execution

Mambo Open Source 4.5/4.6 - mod_mainmenu.php Remote File Inclusion
Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion

PHPGedView 2.x - [GED_File]_conf.php Remote File Inclusion
PHPGedView 2.x - '[GED_File]_conf.php' Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script fonctions.lib.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script derniers_commentaires.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script 'fonctions.lib.php' Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script 'derniers_commentaires.php' Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script 'admin.php' Remote File Inclusion
VisualShapers EZContents 1.x/2.0 - db.php Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - archivednews.php Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion

VirtuaSystems VirtuaNews 1.0.x - Multiple Module Cross-Site Scripting Vulnerabilities
VirtuaSystems VirtuaNews 1.0.x - (Multiple Modules) Cross-Site Scripting Vulnerabilities

WarpSpeed 4nAlbum Module 0.92 - displaycategory.php basepath Parameter Remote File Inclusion
WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php' 'basepath' Parameter Remote File Inclusion

Gemitel 3.50 - affich.php Remote File Inclusion Command Injection
Gemitel 3.50 - 'affich.php' Remote File Inclusion / Command Injection

phpBB 2.0.x - album_portal.php Remote File Inclusion
phpBB 2.0.x - 'album_portal.php' Remote File Inclusion

Mail Manage EX 3.1.8 MMEX - Script Settings Parameter Remote PHP File Inclusion
Mail Manage EX 3.1.8 MMEX - Script Settings Parameter PHP Remote File Inclusion

Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - Common.php Remote File Inclusion
Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - 'Common.php' Remote File Inclusion

@lexPHPTeam @lex Guestbook 3.12 - Remote PHP File Inclusion
@lexPHPTeam @lex Guestbook 3.12 - PHP Remote File Inclusion

phpBB 2.0.x - 'admin_cash.php' Remote PHP File Inclusion
phpBB 2.0.x - 'admin_cash.php' PHP Remote File Inclusion

Stadtaus.Com Download Center Lite 1.5 - Remote PHP File Inclusion
Stadtaus.Com Download Center Lite 1.5 - PHP Remote File Inclusion

Work System eCommerce 3.0.3/3.0.4 - forum.php Remote File Inclusion
Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion

phpGroupWare 0.9.14 - Tables_Update.Inc.php Remote File Inclusion
phpGroupWare 0.9.14 - 'Tables_Update.Inc.php' Remote File Inclusion

PANews 2.0 - Remote PHP Script Code Execution
PANews 2.0 - PHP Remote Code Execution

VoteBox 2.0 - Votebox.php Remote File Inclusion
VoteBox 2.0 - 'Votebox.php' Remote File Inclusion

McNews 1.x - install.php Arbitrary File Inclusion
McNews 1.x - 'install.php' Arbitrary File Inclusion

Vortex Portal 2.0 - content.php act Parameter Remote File Inclusion
Vortex Portal 2.0 - 'content.php' act Parameter Remote File Inclusion

phpBB 1.x/2.0.x - Knowledge Base Module KB.php SQL Injection
phpBB 1.x/2.0.x - (Knowledge Base Module) 'KB.php' SQL Injection

GrayCMS 1.1 - error.php Remote File Inclusion
GrayCMS 1.1 - 'error.php' Remote File Inclusion

PHP Poll Creator 1.0.1 - Poll_Vote.php Remote File Inclusion
PHP Poll Creator 1.0.1 - 'Poll_Vote.php' Remote File Inclusion

MWChat 6.7 - Start_Lobby.php Remote File Inclusion
MWChat 6.7 - 'Start_Lobby.php' Remote File Inclusion

Popper Webmail 1.41 - ChildWindow.Inc.php Remote File Inclusion
Popper Webmail 1.41 - 'ChildWindow.Inc.php' Remote File Inclusion

RaXnet Cacti 0.5/0.6/0.8 - Config_Settings.php Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 - 'Config_Settings.php' Remote File Inclusion

RaXnet Cacti 0.5/0.6/0.8 - Top_Graph_Header.php Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 - 'Top_Graph_Header.php' Remote File Inclusion

MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion
MyGuestbook 0.6.1 - 'Form.Inc.php3' Remote File Inclusion

Comdev eCommerce 3.0 - config.php Remote File Inclusion
Comdev eCommerce 3.0 - 'config.php' Remote File Inclusion

PHPWebNotes 2.0 - Api.php Remote File Inclusion
PHPWebNotes 2.0 - 'Api.php' Remote File Inclusion

Autolinks 2.1 Pro - Al_initialize.php Remote File Inclusion
Autolinks 2.1 Pro - 'Al_initialize.php' Remote File Inclusion
MySource 2.14 - Socket.php PEAR_PATH Remote File Inclusion
MySource 2.14 - Request.php PEAR_PATH Remote File Inclusion
MySource 2.14 - 'Socket.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Request.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - mail.php PEAR_PATH Remote File Inclusion
MySource 2.14 - Date.php PEAR_PATH Remote File Inclusion
MySource 2.14 - Span.php PEAR_PATH Remote File Inclusion
MySource 2.14 - mimeDecode.php PEAR_PATH Remote File Inclusion
MySource 2.14 - mime.php PEAR_PATH Remote File Inclusion
MySource 2.14 - 'mail.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Date.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Span.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mimeDecode.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mime.php' 'PEAR_PATH' Remote File Inclusion

Help Center Live 1.0/1.2/2.0 - module.php Local File Inclusion
Help Center Live 1.0/1.2/2.0 - 'module.php' Local File Inclusion

Tru-Zone Nuke ET 3.x - Search Module SQL Injection
Tru-Zone Nuke ET 3.x - (Search Module) SQL Injection

vtiger CRM 4.2 - RSS Aggregation Module Feed Cross-Site Scripting
vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting

CF_Nuke 4.6 - index.cfm Local File Inclusion
CF_Nuke 4.6 - 'index.cfm' Local File Inclusion

Tolva 0.1 - Usermods.php Remote File Inclusion
Tolva 0.1 - 'Usermods.php' Remote File Inclusion

SPiD 1.3.1 - Scan_Lang_Insert.php Local File Inclusion
SPiD 1.3.1 - 'Scan_Lang_Insert.php' Local File Inclusion

PHORUM 3.x/5.x - Common.php Remote File Inclusion
PHORUM 3.x/5.x - 'Common.php' Remote File Inclusion

SPIP 1.8.3 - Spip_login.php Remote File Inclusion
SPIP 1.8.3 - 'Spip_login.php' Remote File Inclusion

CyBoards PHP Lite 1.21/1.25 - Common.php Remote File Inclusion
CyBoards PHP Lite 1.21/1.25 - 'Common.php' Remote File Inclusion

Monster Top List 1.4 - functions.php Remote File Inclusion
Monster Top List 1.4 - 'functions.php' Remote File Inclusion

I-RATER Platinum - Common.php Remote File Inclusion
I-RATER Platinum - 'Common.php' Remote File Inclusion

I-RATER Platinum - Config_settings.TPL.php Remote File Inclusion
I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion

Advanced Guestbook 2.x - Addentry.php Remote File Inclusion
Advanced Guestbook 2.x - 'Addentry.php' Remote File Inclusion
DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion
phpBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion
DMCounter 0.9.2 -b - 'Kopf.php' Remote File Inclusion
phpBB Knowledge Base 2.0.2 - 'Mod KB_constants.php' Remote File Inclusion

ISPConfig 2.2.2/2.2.3 - Session.INC.php Remote File Inclusion
ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion

RadScripts RadLance 7.0 - popup.php Local File Inclusion
RadScripts RadLance 7.0 - 'popup.php' Local File Inclusion

osTicket 1.x - Open_form.php Remote File Inclusion
osTicket 1.x - 'Open_form.php' Remote File Inclusion

Squirrelmail 1.4.x - Redirect.php Local File Inclusion
Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion

phpBB 2.0.x - template.php Remote File Inclusion
phpBB 2.0.x - 'template.php' Remote File Inclusion

phpBB - BBRSS.php Remote File Inclusion
phpBB - 'BBRSS.php' Remote File Inclusion

eNpaper1 - Root_Header.php Remote File Inclusion
eNpaper1 - 'Root_Header.php' Remote File Inclusion

CrisoftRicette 1.0 - Cookbook.php Remote File Inclusion
CrisoftRicette 1.0 - 'Cookbook.php' Remote File Inclusion

MF Piadas 1.0 - admin.php Remote File Inclusion
MF Piadas 1.0 - 'admin.php' Remote File Inclusion

SiteBuilder-FX - top.php Remote File Inclusion
SiteBuilder-FX - 'top.php' Remote File Inclusion

Blog:CMS 4.1 - Thumb.php Remote File Inclusion
Blog:CMS 4.1 - 'Thumb.php' Remote File Inclusion

Extcalendar 2.0 - Extcalendar.php Remote File Inclusion
Extcalendar 2.0 - 'Extcalendar.php' Remote File Inclusion

RW::Download - stats.php Remote File Inclusion
RW::Download - 'stats.php' Remote File Inclusion

PHP Event Calendar 1.4 - calendar.php Remote File Inclusion
PHP Event Calendar 1.4 - 'calendar.php' Remote File Inclusion

Forum 5 - pm.php Local File Inclusion
Forum 5 - 'pm.php' Local File Inclusion

Advanced Poll 2.0.2 - common.inc.php Remote File Inclusion
Advanced Poll 2.0.2 - 'common.inc.php' Remote File Inclusion

Prince Clan Chess Club 0.8 - Include.PCchess.php Remote File Inclusion
Prince Clan Chess Club 0.8 - 'Include.PCchess.php' Remote File Inclusion

Bosdates 3.x/4.0 - Payment.php Remote File Inclusion
Bosdates 3.x/4.0 - 'Payment.php' Remote File Inclusion

Moskool 1.5 Component - Admin.Moskool.php Remote File Inclusion
Moskool 1.5 Component - 'Admin.Moskool.php' Remote File Inclusion

WoW Roster 1.5 - hsList.php subdir Parameter Remote File Inclusion
WoW Roster 1.5 - 'hsList.php' 'subdir' Parameter Remote File Inclusion
VWar 1.5 - war.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - member.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - calendar.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - challenge.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - joinus.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - news.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - stats.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'war.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'member.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'calendar.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'challenge.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'joinus.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'news.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'stats.php' vwar_root Parameter Remote File Inclusion

Mafia Moblog 6 - Big.php Remote File Inclusion
Mafia Moblog 6 - 'Big.php' Remote File Inclusion

WEBinsta Mailing List Manager 1.3 - Install3.php Remote File Inclusion
WEBinsta Mailing List Manager 1.3 - 'Install3.php' Remote File Inclusion

Zen Cart Web Shopping Cart 1.x - autoload_func.php autoLoadConfig[999][0][loadFile] Parameter Remote File Inclusion
Zen Cart Web Shopping Cart 1.x - 'autoload_func.php' 'autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion

Jetbox CMS 2.1 - Search_function.php Remote File Inclusion
Jetbox CMS 2.1 - 'Search_function.php' Remote File Inclusion

In-portal In-Link 2.3.4 - ADODB_DIR.php Remote File Inclusion
In-portal In-Link 2.3.4 - 'ADODB_DIR.php' Remote File Inclusion

PHP-Proxima 6.0 - BB_Smilies.php Local File Inclusion
PHP-Proxima 6.0 - 'BB_Smilies.php' Local File Inclusion
WM-News 0.5 - print.php Local File Inclusion
Ractive Popper 1.41 - Childwindow.Inc.php Remote File Inclusion
WM-News 0.5 - 'print.php' Local File Inclusion
Ractive Popper 1.41 - 'Childwindow.Inc.php' Remote File Inclusion

Exporia 0.3 - Common.php Remote File Inclusion
Exporia 0.3 - 'Common.php' Remote File Inclusion

My-BIC 0.6.5 - Mybic_Server.php Remote File Inclusion
My-BIC 0.6.5 - 'Mybic_Server.php' Remote File Inclusion

Geotarget - script.php Remote File Inclusion
Geotarget - 'script.php' Remote File Inclusion

PHPSelect Web Development - index.php3 Remote File Inclusion
PHPSelect Web Development - 'index.php3' Remote File Inclusion

PHP Web Scripts Easy Banner - functions.php Remote File Inclusion
PHP Web Scripts Easy Banner - 'functions.php' Remote File Inclusion

PHP Polling Creator 1.03 - functions.inc.php Remote File Inclusion
PHP Polling Creator 1.03 - 'functions.inc.php' Remote File Inclusion
Softerra PHP Developer Library 1.5.3 - Grid3.lib.php Remote File Inclusion
BlueShoes Framework 4.6 - GoogleSearch.php Remote File Inclusion
Tagit2b - DelTagUser.php Remote File Inclusion
Softerra PHP Developer Library 1.5.3 - 'Grid3.lib.php' Remote File Inclusion
BlueShoes Framework 4.6 - 'GoogleSearch.php' Remote File Inclusion
Tagit2b - 'DelTagUser.php' Remote File Inclusion

CommunityPortals 1.0 - bug.php Remote File Inclusion
CommunityPortals 1.0 - 'bug.php' Remote File Inclusion

PHP TopSites FREE 1.022b - config.php Remote File Inclusion
PHP TopSites FREE 1.022b - 'config.php' Remote File Inclusion

Buzlas 2006-1 Full - Archive_Topic.php Remote File Inclusion
Buzlas 2006-1 Full - 'Archive_Topic.php' Remote File Inclusion

phpBB Add Name Module - Not_Mem.php Remote File Inclusion
phpBB Add Name Module - 'Not_Mem.php' Remote File Inclusion
RamaCMS - ADODB.Inc.php Remote File Inclusion
H-Sphere Webshell 2.x - 'login.php' Cross-Site Scripting
Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion
Lodel CMS 0.7.3 - Calcul-page.php Remote File Inclusion
RamaCMS - 'ADODB.Inc.php' Remote File Inclusion
H-Sphere WebShell 2.x - 'login.php' Cross-Site Scripting
Mambo Module MOStlyCE 4.5.4 - 'HTMLTemplate.php' Remote File Inclusion
Lodel CMS 0.7.3 - 'Calcul-page.php' Remote File Inclusion

Maintain 3.0.0-RC2 - Example6.php Remote File Inclusion
Maintain 3.0.0-RC2 - 'Example6.php' Remote File Inclusion

Zorum 3.5 - DBProperty.php Remote File Inclusion
Zorum 3.5 - 'DBProperty.php' Remote File Inclusion

PHPMyConferences 8.0.2 - Init.php Remote File Inclusion
PHPMyConferences 8.0.2 - 'Init.php' Remote File Inclusion

PHPTreeView 1.0 - TreeViewClass.php Remote File Inclusion
PHPTreeView 1.0 - 'TreeViewClass.php' Remote File Inclusion

PLS-Bannieres 1.21 - Bannieres.php Remote File Inclusion
PLS-Bannieres 1.21 - 'Bannieres.php' Remote File Inclusion

The Search Engine Project 0.942 - Configfunction.php Remote File Inclusion
The Search Engine Project 0.942 - 'Configfunction.php' Remote File Inclusion

KnowledgeBuilder 2.2 - visEdit_Control.Class.php Remote File Inclusion
KnowledgeBuilder 2.2 - 'visEdit_Control.Class.php' Remote File Inclusion

NewP News Publishing System 1.0 - Class.Database.php Remote File Inclusion
NewP News Publishing System 1.0 - 'Class.Database.php' Remote File Inclusion

Advanced Guestbook 2.3.1 - admin.php Remote File Inclusion
Advanced Guestbook 2.3.1 - 'admin.php' Remote File Inclusion

@cid Stats 2.3 - Install.php3 Remote File Inclusion
@cid Stats 2.3 - 'Install.php3' Remote File Inclusion

PHPMyChat 0.14/0.15 - Languages.Lib.php Local File Inclusion
PHPMyChat 0.14/0.15 - 'Languages.Lib.php' Local File Inclusion

PHPdebug 1.1 - Debug_test.php Remote File Inclusion
PHPdebug 1.1 - 'Debug_test.php' Remote File Inclusion

eXtreme-fusion 4.02 - Fusion_Forum_View.php Local File Inclusion
eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion
Easy Banner Pro 2.8 - info.php Remote File Inclusion
Edit-X - Edit_Address.php Remote File Inclusion
Easy Banner Pro 2.8 - 'info.php' Remote File Inclusion
Edit-X - 'Edit_Address.php' Remote File Inclusion

OpenEMR 2.8.2 - Import_XML.php Remote File Inclusion
OpenEMR 2.8.2 - 'Import_XML.php' Remote File Inclusion

PHPProbid 5.24 - Lang.php Remote File Inclusion
PHPProbid 5.24 - 'Lang.php' Remote File Inclusion

MySQLNewsEngine - Affichearticles.php3 Remote File Inclusion
MySQLNewsEngine - 'Affichearticles.php3' Remote File Inclusion

Meganoide's News 1.1.1 - Include.php Remote File Inclusion
Meganoide's News 1.1.1 - 'Include.php' Remote File Inclusion

Shop Kit Plus - StyleCSS.php Local File Inclusion
Shop Kit Plus - 'StyleCSS.php' Local File Inclusion
Pickle 0.3 - download.php Local File Inclusion
Active Calendar 1.2 - showcode.php Local File Inclusion
Pickle 0.3 - 'download.php' Local File Inclusion
Active Calendar 1.2 - 'showcode.php' Local File Inclusion

JCCorp URLShrink Free 1.3.1 - CreateURL.php Remote File Inclusion
JCCorp URLShrink Free 1.3.1 - 'CreateURL.php' Remote File Inclusion

Weekly Drawing Contest 0.0.1 - Check_Vote.php Local File Inclusion
Weekly Drawing Contest 0.0.1 - 'Check_Vote.php' Local File Inclusion

WordPress < 2.1.2 - PHP_Self Cross-Site Scripting
WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting

Satel Lite - Satellite.php Local File Inclusion
Satel Lite - 'Satellite.php' Local File Inclusion

eCardMAX HotEditor 4.0 - Keyboard.php Local File Inclusion
eCardMAX HotEditor 4.0 - 'Keyboard.php' Local File Inclusion

MyNews 4.2.2 - Week_Events.php Remote File Inclusion
MyNews 4.2.2 - 'Week_Events.php' Remote File Inclusion
Web Service Deluxe News Manager 1.0.1 Deluxe - footer.php Local File Inclusion
Actionpoll 1.1 - Actionpoll.php Remote File Inclusion
Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion
Actionpoll 1.1 - 'Actionpoll.php' Remote File Inclusion

Fully Modded PHPBB2 - phpbb_root_path Remote File Inclusion
Fully Modded PHPBB2 - 'phpbb_root_path' Remote File Inclusion

PHP Turbulence 0.0.1 - Turbulence.php Remote File Inclusion
PHP Turbulence 0.0.1 - 'Turbulence.php' Remote File Inclusion
Allfaclassifieds 6.04 - Level2.php Remote File Inclusion
PHPMyBibli 1.32 - Init.Inc.php Remote File Inclusion
Allfaclassifieds 6.04 - 'Level2.php' Remote File Inclusion
PHPMyBibli 1.32 - 'Init.Inc.php' Remote File Inclusion

ACVSWS - Transport.php Remote File Inclusion
ACVSWS - 'Transport.php' Remote File Inclusion

Lms 1.5.x - RTMessageAdd.php Remote File Inclusion
Lms 1.5.x - 'RTMessageAdd.php' Remote File Inclusion
MyNewsGroups 0.6 - Include.php Remote File Inclusion
PHPMyTGP 1.4 - AddVIP.php Remote File Inclusion
MyNewsGroups 0.6 - 'Include.php' Remote File Inclusion
PHPMyTGP 1.4 - 'AddVIP.php' Remote File Inclusion

Comus 2.0 - Accept.php Remote File Inclusion
Comus 2.0 - 'Accept.php' Remote File Inclusion
HTMLEditBox 2.2 - config.php Remote File Inclusion
DynaTracker 1.5.1 - includes_handler.php base_path Remote File Inclusion
DynaTracker 1.5.1 - action.php base_path Remote File Inclusion
HTMLEditBox 2.2 - 'config.php' Remote File Inclusion
DynaTracker 1.5.1 - 'includes_handler.php' 'base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'action.php' 'base_path' Remote File Inclusion

Doruk100Net - Info.php Remote File Inclusion
Doruk100Net - 'Info.php' Remote File Inclusion

PHPSecurityAdmin 4.0.2 - Logout.php Remote File Inclusion
PHPSecurityAdmin 4.0.2 - 'Logout.php' Remote File Inclusion

PHP Content Architect 0.9 pre 1.2 - MFA_Theme.php Remote File Inclusion
PHP Content Architect 0.9 pre 1.2 - 'MFA_Theme.php' Remote File Inclusion

PHPHostBot 1.05 - Authorize.php Remote File Inclusion
PHPHostBot 1.05 - 'Authorize.php' Remote File Inclusion

PHMe 0.0.2 - Function_List.php Local File Inclusion
PHMe 0.0.2 - 'Function_List.php' Local File Inclusion
VietPHP - _functions.php dirpath Parameter Remote File Inclusion
VietPHP - admin/index.php language Parameter Remote File Inclusion
VietPHP - '_functions.php' dirpath Parameter Remote File Inclusion
VietPHP - 'admin/index.php' language Parameter Remote File Inclusion

Coppermine Photo Gallery 1.3/1.4 - YABBSE.INC.php Remote File Inclusion
Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion

Shoutbox 1.0 - Shoutbox.php Remote File Inclusion
Shoutbox 1.0 - 'Shoutbox.php' Remote File Inclusion
Web News 1.1 - feed.php config[root_ordner] Parameter Remote File Inclusion
Web News 1.1 - news.php config[root_ordner] Parameter Remote File Inclusion
Lib2 PHP Library 0.2 - My_Statistics.php Remote File Inclusion
Web News 1.1 - 'feed.php' 'config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'news.php' 'config[root_ordner]' Parameter Remote File Inclusion
Lib2 PHP Library 0.2 - 'My_Statistics.php' Remote File Inclusion
Dalai Forum 1.1 - forumreply.php Local File Inclusion
Firesoft - Class_TPL.php Remote File Inclusion
Dalai Forum 1.1 - 'forumreply.php' Local File Inclusion
Firesoft - 'Class_TPL.php' Remote File Inclusion

PHP-Nuke 8.0 - autohtml.php Local File Inclusion
PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion

Content Builder 0.7.5 - postComment.php Remote File Inclusion
Content Builder 0.7.5 - 'postComment.php' Remote File Inclusion

Jeebles Technology Jeebles Directory 2.9.60 - download.php Local File Inclusion
Jeebles Technology Jeebles Directory 2.9.60 - 'download.php' Local File Inclusion

PHPbasic basicFramework 1.0 - Includes.php Remote File Inclusion
PHPbasic basicFramework 1.0 - 'Includes.php' Remote File Inclusion

Galmeta Post 0.2 - Upload_Config.php Remote File Inclusion
Galmeta Post 0.2 - 'Upload_Config.php' Remote File Inclusion

MyBlog 1.x - Games.php ID Remote File Inclusion
MyBlog 1.x - 'Games.php' 'ID' Remote File Inclusion

PHPMyTourney 2 - tourney/index.php Remote File Inclusion
PHPMyTourney 2 - 'tourney/index.php' Remote File Inclusion
W-Agora 4.0 - add_user.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - create_forum.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - create_user.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - delete_notes.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - delete_user.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - edit_forum.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - mail_users.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - moderate_notes.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - reorder_forums.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'add_user.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'create_forum.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'create_user.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'delete_notes.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'delete_user.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'edit_forum.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'mail_users.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'moderate_notes.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'reorder_forums.php' bn_dir_default Parameter Remote File Inclusion

XOOPS 2.0.18 - modules/system/admin.php fct Parameter Traversal Local File Inclusion
XOOPS 2.0.18 - 'modules/system/admin.php' 'fct' Parameter Traversal Local File Inclusion

Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Webshell
Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Web Shell

C99Shell 1.0 Pre-Release build 16 - 'ch99.php' Cross-Site Scripting
C99Shell 1.0 Pre-Release build 16 (Web Shell) - 'ch99.php' Cross-Site Scripting

C99 Shell - 'c99.php' Authentication Bypass
C99Shell (Web Shell) - 'c99.php' Authentication Bypass

W-Agora 4.2.1 - search.php3 bn Parameter Traversal Local File Inclusion
W-Agora 4.2.1 - 'search.php3' 'bn' Parameter Traversal Local File Inclusion

Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' Remote PHP Code Execution
Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' PHP Remote Code Execution

MySQLDumper 1.24.4 - 'menu.php' Remote PHP Code Execution
MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution

Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / Remote PHP Code Execution
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution

Zend Framework 2.4.2 - XML eXternal Entity Injection (XXE) on PHP FPM
Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection

Nuts CMS - Remote PHP Code Injection / Execution
Nuts CMS - PHP Remote Code Injection / Execution

WordPress Plugin WP Super Cache - Remote PHP Code Execution
WordPress Plugin WP Super Cache - PHP Remote Code Execution

b374k Web Shell 3.2.3/2.8 - Cross-Site Request Forgery / Command Injection
b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection

Ovidentia online Module 2.8 - GLOBALS[babAddonPhpPath] Remote File Inclusion
Ovidentia online Module 2.8 - 'GLOBALS[babAddonPhpPath]' Remote File Inclusion

XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection
XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection

ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials Remote SYSTEM Code Execution
ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials SYSTEM Remote Code Execution

Apache - HTTP OPTIONS Memory Leak
Apache < 2.2.34 / < 2.4.27 - HTTP OPTIONS Memory Leak
Foodspotting Clone 1.0 - SQL Injection
iTech Gigs Script 1.20 - 'cat' Parameter SQL Injection
Tecnovision DLX Spot - Authentication Bypass
Tecnovision DLX Spot - Arbitrary File Upload
 2017-09-20 05:01:20 +00:00
Offensive Security
ef4c288da7 DB: 2017-09-19 
16 new exploits

Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1)
Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (1)

Cam2pc 4.6.2 - BMP Image Processing Integer Overflow
Cam2pc 4.6.2 - '.BMP' Image Processing Integer Overflow
Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering Unspecified Buffer Overflow
Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering CMP Fencepost Denial of Service
Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Unspecified Buffer Overflow
Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering CMP Fencepost Denial of Service

Apple QuickTime 6.4/6.5/7.0.x - PictureViewer JPEG/PICT File Buffer Overflow
Apple QuickTime 6.4/6.5/7.0.x - PictureViewer '.JPEG'/.PICT' File Buffer Overflow

Tony Cook Imager 0.4x - JPEG and TGA Images Denial of Service
Tony Cook Imager 0.4x - '.JPEG' / '.TGA' Images Denial of Service

Microsoft Windows Kernel - 'win32k!NtQueryCompositionSurfaceBinding' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetFontResourceInfoInternalW' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure
Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure

Adobe Reader X 10.1.4.38 - BMP/RLE Heap Corruption
Adobe Reader X 10.1.4.38 - '.BMP'/'.RLE' Heap Corruption

XV 3.x - BMP Parsing Local Buffer Overflow
XV 3.x - '.BMP' Parsing Local Buffer Overflow

Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2)

GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized JPEG Image Access
GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized '.JPEG' Image Access

Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload (Metasploit)
Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit)

XOOPS 2.3.2 - (mydirname) Remote PHP Code Execution
XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution

Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)
UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass
iBall ADSL2+ Home Router - Authentication Bypass
Apache - HTTP OPTIONS Memory Leak
 2017-09-19 05:01:33 +00:00
Offensive Security
590c03106b DB: 2017-09-13 
15 new exploits

tcprewrite - Heap-Based Buffer Overflow
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization

Docker Daemon - Unprotected TCP Socket

Jungo DriverWizard WinDriver <= 12.4.0 - Kernel Pool Overflow

Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
osTicket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
PHP Dashboards NEW 4.4 - Arbitrary File Read
PHP Dashboards NEW 4.4 - SQL Injection
JobStar Monster Clone Script 1.0 - SQL Injection
iTech Book Store Script 2.02 - SQL Injection
iTech StockPhoto Script 2.02 - SQL Injection
EduStar Udemy Clone Script 1.0 - SQL Injection
AirStar Airbnb Clone Script 1.0 - SQL Injection
osTicket 1.10 - SQL Injection
FoodStar 1.0 - SQL Injection
Gr8 Multiple Search Engine Script 1.0 - SQL Injection
inClick Cloud Server 5.0 - SQL Injection
 2017-09-13 05:01:22 +00:00
Offensive Security
a1eeba1263 DB: 2017-09-07 
9 new exploits

Sambar FTP Server 6.4 - (SIZE) Remote Denial of Service
Sambar FTP Server 6.4 - 'SIZE' Remote Denial of Service

Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)
Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)

2WIRE DSL Router (xslt) - Denial of Service
2WIRE DSL Router - 'xslt' Denial of Service

ooVoo 1.7.1.35 - (URL Protocol) Remote Unicode Buffer Overflow (PoC)
ooVoo 1.7.1.35 - 'URL Protocol' Remote Unicode Buffer Overflow (PoC)

Optimal Archive 1.38 - '.zip' File (SEH) (PoC)
Optimal Archive 1.38 - '.zip' File Exploit (SEH) (PoC)

Subtitle Translation Wizard 3.0.0 - (SEH) (PoC)
Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC)

Virtual DJ Trial 6.1.2 - Buffer Overflow (SEH) Crash (PoC)
Virtual DJ Trial 6.1.2 - Buffer Overflow Crash (SEH) (PoC)

VideoLAN VLC Media Player 1.1.9 - XSPF Local File Integer Overflow in XSPF Playlist parser
VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow

Winlog Lite SCADA HMI system - (SEH) Overwrite
Winlog Lite SCADA HMI system - Overwrite (SEH)

FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC)
FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC)
Sony PC Companion 2.1 - (DownloadURLToFile()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Load()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (CheckCompatibility()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow

Sambar Server 6.0 - results.stm Post Request Buffer Overflow
Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow

Samba nttrans Reply - Integer Overflow
Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) Denial of Service
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service)

i.FTP 2.21 - (SEH) Overflow Crash (PoC)
i.FTP 2.21 - Overflow Crash (SEH) (PoC)

Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC)
Sam Spade 1.14 - Scan From IP Address Field Overflow Crash (SEH) (PoC)

TECO SG2 FBD Client 3.51 - '.gfb' Overwrite (SEH) Buffer Overflow
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH)

Network Scanner 4.0.0.0 - (SEH)Crash (PoC)
Network Scanner 4.0.0.0 - Crash (SEH) (PoC)

Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service)

Symantec AntiVirus - Remote Stack Buffer Overflow in dec2lha Library
Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow

WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales
WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow

Firebird 1.0.2 FreeBSD 4.7-RELEASE - Privilege Escalation
Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Privilege Escalation

CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH)
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode)
Quick Player 1.2 - Unicode Buffer Overflow
DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit
Quick Player 1.2 - Unicode Buffer Overflow (1)
DJ Studio Pro 5.1.6.5.2 - Exploit (SEH)

Quick Player 1.2 - Unicode Buffer Overflow (Bindshell)
Quick Player 1.2 - Unicode Buffer Overflow (2)

Winamp 5.572 - (SEH) Exploit
Winamp 5.572 - Exploit (SEH)

ZipScan 2.2c - (SEH) Exploit
ZipScan 2.2c - Exploit (SEH)

Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit)
Winamp 5.572 - 'whatsnew.txt' Exploit (SEH) (Metasploit)

Mediacoder 0.7.3.4672 - (SEH) Exploit
Mediacoder 0.7.3.4672 - Exploit (SEH)

SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow (PoC)
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC)
MoreAmp - '.maf' Local Stack Buffer Overflow (SEH) (calc)
BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow
MoreAmp - '.maf' Local Stack Buffer Overflow (SEH)
BlazeDVD 6.0 - '.plf' File Universal Buffer Overflow (SEH)

ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit)
ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass (SEH) (Metasploit)

MP3 Workstation 9.2.1.1.2 - (SEH) Exploit
MP3 Workstation 9.2.1.1.2 - Exploit (SEH)

DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit
DJ Studio Pro 8.1.3.2.1 - Exploit (SEH)

MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit)
MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit)

iworkstation 9.3.2.1.4 - (SEH) Exploit
iworkstation 9.3.2.1.4 - Exploit (SEH)

Winamp 5.6 - Arbitrary Code Execution in MIDI Parser
Winamp 5.6 - 'MIDI Parser' Arbitrary Code Execution

BS.Player 2.57 - Buffer Overflow (Unicode SEH)
BS.Player 2.57 - Buffer Overflow (SEH Unicode)

Nokia MultiMedia Player 1.0 - (SEH Unicode)
Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode)

POP Peeper 3.7 - (SEH) Exploit
POP Peeper 3.7 - Exploit (SEH)

Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (Unicode SEH)
Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (SEH Unicode)

BS.Player 2.57 - Buffer Overflow (Unicode SEH) (Metasploit)
BS.Player 2.57 - Buffer Overflow (SEH Unicode) (Metasploit)

DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit)
DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit)

Samba 2.0.7 SWAT - Logfile Permissions
Samba 2.0.7 - SWAT Logfile Permissions

Static HTTP Server 1.0 - (SEH) Overflow
Static HTTP Server 1.0 - Overflow (SEH)

ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (SEH Unicode)

Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH) 'UNICODE'
Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH Unicode)

GOM Player 2.2.53.5169 - Buffer Overflow (SEH) (.reg)
GOM Player 2.2.53.5169 - '.reg' Buffer Overflow (SEH)

Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter)
Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)

Total Commander 8.52 - Overwrite (SEH) Buffer Overflow
Total Commander 8.52 - Overwrite Buffer Overflow (SEH)
TECO SG2 LAD Client 3.51 - '.gen' Overwrite (SEH) Buffer Overflow
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite (SEH) Buffer Overflow
TECO SG2 LAD Client 3.51 - '.gen' Overwrite Buffer Overflow (SEH)
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite Buffer Overflow (SEH)
Jungo DriverWizard WinDriver - Kernel Pool Overflow
Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation
Tor - Linux Sandbox Breakout via X11

Samba < 2.2.8 (Linux/BSD) - Remote Code Execution

Samba 3.0.4 SWAT - Authorisation Buffer Overflow
Samba 3.0.4 - SWAT Authorisation Buffer Overflow

BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) Universal
BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH)

Samba 2.2.x - nttrans Overflow (Metasploit)
Samba 2.2.x - 'nttrans' Overflow (Metasploit)

BigAnt Server 2.52 - (SEH) Exploit
BigAnt Server 2.52 - Exploit (SEH)

File Sharing Wizard 1.5.0 - (SEH) Exploit
File Sharing Wizard 1.5.0 - Exploit (SEH)

Samba - 'Username' map script' Command Execution (Metasploit)
Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)

Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
Samba 2.2.8 (BSD x86) - 'trans2open' Overflow Exploit (Metasploit)

Samba 2.0.7 SWAT - Logging Failure
Samba 2.0.7 - SWAT Logging Failure

Sambar Server 4.4/5.0 - pagecount File Overwrite
Sambar Server 4.4/5.0 - 'pagecount' File Overwrite

Sambar Server 5.x - results.stm Cross-Site Scripting
Sambar Server 5.x - 'results.stm' Cross-Site Scripting

Samba SMB 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow
Samba 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow

BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass)
BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based Exploit (SEH) (ASLR + DEP Bypass)

Sambar 5.x - Open Proxy / Authentication Bypass
Sambar Server 5.x - Open Proxy / Authentication Bypass
Sambar Server 6.1 Beta 2 - show.asp show Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - showperf.asp title Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - showini.asp Arbitrary File Access
Sambar Server 6.1 Beta 2 - 'show.asp' show Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - 'showperf.asp' title Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - 'showini.asp' Arbitrary File Access

Sambar Server 5.x/6.0/6.1 - results.stm indexname Cross-Site Scripting
Sambar Server 5.x/6.0/6.1 - 'results.stm' indexname Cross-Site Scripting

Ruby 1.9.1 - WEBrick Terminal Escape Sequence in Logs Command Injection
Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection

Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection
Varnish 2.0.6 - 'Terminal Escape Sequence in Logs' Command Injection
Yaws 1.55 - Terminal Escape Sequence in Logs Command Injection
Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection
Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection
Orion Application Server 2.0.7 - 'Terminal Escape Sequence in Logs' Command Injection

Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH)
Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH)

Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH)

Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit)

WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures
WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures

PHP-Nuke 8.0 - Cross-Site Scripting / HTML Code Injection in News Module
PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection

PHP-decoda - Cross-Site Scripting In Video Tag
PHP-decoda - 'Video Tag' Cross-Site Scripting
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API
vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting
vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection

Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)

WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear'
WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation

FineCMS 1.0  - Multiple Vulnerabilities
FineCMS 1.0 - Multiple Vulnerabilities

A2billing 2.x - SQL Injection
Cory Support - 'pr' Parameter SQL Injection
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection
 2017-09-07 05:01:26 +00:00
Offensive Security
427165968d DB: 2017-09-05 
9 new exploits

IBM Notes 8.5.x/9.0.x - Denial of Service (2)
Lotus Notes Diagnostic Tool 8.5/9.0 - Privilege Escalation
RubyGems < 2.6.13 - Arbitrary File Overwrite
Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow
Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' Parameter SQL Injection
Joomla! Component CheckList 1.1.0 - SQL Injection
Wireless Repeater BE126 - Remote Code Execution
CodeMeter 6.50 - Cross-Site Scripting
Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery
 2017-09-05 05:01:31 +00:00
Offensive Security
572d7c5002 DB: 2017-09-04 
2 new exploits

IBM Notes 8.5.x/9.0.x - Denial of Service

FineCMS 1.0  - Multiple Vulnerabilities
 2017-09-04 05:01:22 +00:00
Offensive Security
c7b4bfd8e6 DB: 2017-08-23 
23 new exploits

Microsoft Windows 7 SP1 x86 -  GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow
Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow
VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow
Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit)

IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit)

BSD - Passive Connection Shellcode (124 bytes)
BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)
BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes)
BSD/x86 - Bind Shell  31337/TCP + setuid(0) Shellcode (94 bytes)
BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes)
BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes)
BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes)
BSD/x86 - Bind Random Port Shellcode (143 bytes)
BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes)
BSD/x86 - execve /bin/sh Shellcode (27 bytes)
BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes)
BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)
BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes)
BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes)
BSD/x86 - cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes)
BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes)
BSD/x86 - execve /bin/cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes)
FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes)
BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes)
FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes)
FreeBSD/x86 - kill all processes Shellcode (12 bytes)
FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes)
FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes)
FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes)
FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes)
FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes)

FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes)

FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes)
FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)

FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes)
Linux/x86 - Bind Shellcode (Generator)
Windows XP SP1 - Bind Shellcode (Generator)
(Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode
Linux/x86 - cmd Null-Free Shellcode (Generator)
(Generator) - Alphanumeric Shellcode (Encoder/Decoder)
Linux/x86 - Bind TCP Shellcode (Generator)
Windows XP SP1 - Bind TCP Shell Shellcode (Generator)
Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator)
Linux/x86 - Command Null-Free Shellcode (Generator)
Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Win32 - Multi-Format Encoding Tool Shellcode (Generator)
iOS - Version-independent Shellcode
Cisco IOS - Connectback 21/TCP Shellcode
Windows x86 - Multi-Format Encoding Tool Shellcode (Generator)
iOS Version-independent - Null-Free Shellcode
Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode
Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth Shell  Shellcode (88+ bytes)  (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes)

Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes)
Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes)

Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes)
Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes)
Linux/x86 - killall5 polymorphic Shellcode (61 bytes)
Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes)
Linux/x86 - reboot() polymorphic Shellcode (57 bytes)
Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes)

Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes)
Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)

Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes)
Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)

Linux/x86 - Shellcode Obfuscator (Generator)
Linux/x86 - Shellcode Obfuscator Null-Free (Generator)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)

Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)

Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes)
Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)

Linux/x86 - /sbin/iptables -F Shellcode (40 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F)  Shellcode (40 bytes)

Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes)
Linux/x86 - executes command after setreuid Shellcode (49+ bytes)
Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + executes command (49+ bytes)
Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes)
Linux/x86 - Bind 2707/TCP Shellcode (84 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)
Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes)
Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes)  (Generator)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)

Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)

Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes)
Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes)
Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind 64713/TCP Shellcode (86 bytes)
Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)

Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)

Linux/x86 - TCP Proxy Shellcode (236 bytes)
Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes)
Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)

Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)

Linux/x86 - Reverse  TCP Shell Shellcode (90 bytes)  (Generator)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes)
Linux/x86 - snoop /dev/dsp Shellcode (172 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes)
Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - chroot + standart Shellcode (66 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - setreuid/execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Shellcode (64 bytes)
Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes)
Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)
Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes)
Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - iptables -F Shellcode (45 bytes)
Linux/x86 - iptables -F Shellcode (58 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F)  Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F)  Shellcode (58 bytes)

Linux/x86 - connect Shellcode (120 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)

Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind 5074/TCP Shellcode (92 bytes)
Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes)
Linux/x86 - Add User (t00r) Shellcode (82 bytes)
Linux/x86 - Add User Shellcode (104 bytes)
Linux/x86 - break chroot Shellcode (34 bytes)
Linux/x86 - break chroot Shellcode (46 bytes)
Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes)
Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)
Linux/x86 - Add Root User Shellcode (104 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)

Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)

Linux/x86 - chroot()/execve() code Shellcode (80 bytes)
Linux/x86 - Add User (z) Shellcode (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes)
Linux/x86 - Add Root User (z) Shellcode (70 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)
OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)
Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)
OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes)
OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes)
OSX/PPC - sync()_ reboot() Shellcode (32 bytes)
OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes)
OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes)
OSX/PPC - sync() + reboot() Shellcode (32 bytes)

OSX/PPC - Add user _r00t_ Shellcode (219 bytes)
OSX/PPC - Add Root User (r00t) Shellcode (219 bytes)
Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes)
Solaris/SPARC -  Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid/execve Shellcode (56 bytes)
Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes)
Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes)
Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve Shellcode (56 bytes)
Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes)
Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode
Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes)
Win32 - SEH Omelet Shellcode
Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes)
Win32 - PEB!NtGlobalFlags Shellcode (14 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)
Win32/XP SP2 - cmd.exe Shellcode (57 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Win32 - ConnectBack + Download A File + Save + Execute Shellcode
Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes)
Win32 - Download File + Execute Shellcode (192 bytes)
Win32 - Download File + Execute Shellcode (124 bytes)
Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box Shellcode (110 bytes)
Win32 - WinExec() Command Parameter Shellcode (104+ bytes)
Win32 - Download File + Execute Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - SEH Omelet Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode
Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes)
Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes)
Windows x86 - Download File + Execute Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)

Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes)  (Generator)
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)
Windows XP - Download File + Execute Shellcode
Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes)
Windows XP - Download File + Execute Null-Free Shellcode
Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)

Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes)
Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Win32 XP SP3 - ShellExecuteA Shellcode
Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode
FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes)
Win32/XP SP2 - calc.exe Shellcode (45 bytes)
Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode
FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes)
Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)

Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes)
Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)

Linux/x86 - break chroot Shellcode (79 bytes)
Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes)

Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes)
Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)

Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - disabled modsecurity Shellcode (64 bytes)
Win32 - JITed Stage-0 Shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Linux/x86 - Disabled modsecurity Shellcode (64 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes)
Win32 - MessageBox Shellcode (Metasploit)
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode
Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes)
Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode
Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes)
Linux - write() + exit(0) Shellcode (Genearator With Customizable Text)
Linux/x86 - chmod  0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)
Linux - write() + exit(0) Shellcode (Generator)

Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)
Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes)

Windows XP SP2 (FR) - Download File + Execute Shellcode
Windows XP SP2 (French) - Download File + Execute Shellcode

Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes)
Linux/x86 -  Disable ASLR Security Shellcode Shellcode (106 bytes)
Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes)
Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)

Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)

Linux/x86 - Reverse  Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)

Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes)
Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes)
Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes)
Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)

Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)

Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes)
Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)
Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes)
Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind Shell 64533 Shellcode (97 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)
Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode
Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes)
Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode
Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)

Win32 - Write-to-file Shellcode (278 bytes)
Windows x86 - Write-to-file Null-Free Shellcode (278 bytes)
Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 English - MessageBoxA Shellcode (87 bytes)
BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes)
Win32 - Checksum Routine Shellcode (18 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)
Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes)
BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes)
Windows x86 - Checksum Routine Shellcode (18 bytes)

Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader Port 0x1337 Shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode
ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader (0x1337/TCP) Shellcode
ARM - ifconfig eth0 192.168.0.2 up Shellcode
ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes)
Win32 - Speaking 'You got pwned!' Shellcode
FreeBSD/x86 - connect back Shellcode (81 bytes)
BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes)
Win32 - eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)
Linux/x86 - ASLR deactivation Shellcode (83 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Linux/x86 - Reverse  TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)
Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator)
BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes)
Windows x86 - eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)
Linux/x86 - Disable ASLR Security Shellcode (83 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)
Linux/x86 - Egghunter Shellcode (29 bytes)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes)
Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator)
Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)

Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes)
Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes)

Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes)

Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode

Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes)
Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)

Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)

Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes)
Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)
Windows x64 - Bind TCP Shell Shellcode (508 bytes)
Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes)
Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)

Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes)
Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes)

Windows RT ARM - Bind Shell 4444/TCP Shellcode
Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode
Windows - Messagebox Shellcode (113 bytes)
Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)
Windows - Messagebox Null-FreeShellcode (113 bytes)
Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)
Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)
Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes)
Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes)
Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes)
Linux/x86 - Disable ASLR Shellcode (84 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)
Linux/x86 - Disable ASLR Security Shellcode (84 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)
Win32/XP SP3 - Restart computer Shellcode (57 bytes)
Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes)
Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)

Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)
Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes)
Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)
Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)
Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes)
Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes)
Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes)
Linux/x86 - exec('/bin/dash') Shellcode (45 bytes)
Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)
Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)
Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes)
Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode
Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)
Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)
Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes)
OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes)
Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes)

Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator)
Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator)
OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes)
Linux/x86-64 - /bin/sh Shellcode (34 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)
OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)
Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes)

Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python)
Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes)
Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)

Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)

Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes)
Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)

Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes)
Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)

Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes)
Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes)

Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)

Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)
Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)
Win32 .Net Framework - Execute Native x86 Shellcode
Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)

Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator)
Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes)
Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)
Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)

Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes)
Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shellcode (64 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes)
Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes)
Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)
Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)
Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)
Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes)
Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes)
Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes)

Windows x64 - WinExec() Shellcode (93 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)

Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86 - Reverse Netcat + mkfifo  (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)

Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes)
Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes)

Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)

Windows x86 - Executable Directory Search Shellcode (130 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)

Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)

Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)

Linux/x86 - Bind Shell Shellcode (44 bytes)
Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes)
Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes)
Linux/x86 - Disable ASLR Security Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)
Linux/x86-64 - /bin/sh Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes)
Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)

Linux x86 - /bin/sh Shellcode (24 bytes)
Linux x86 - execve /bin/sh Shellcode (24 bytes)

Linux/x86_64 - kill All Processes Shellcode (19 bytes)
Linux/x86_64 - Kill All Processes Shellcode (19 bytes)

Php Cloud mining Script - Authentication Bypass
(Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass
 2017-08-23 05:01:29 +00:00
Offensive Security
1a85ec2c87 DB: 2017-08-18 
21 new exploits

Microsoft Office Products - Array Index Bounds Error (Unpatched) (PoC)
Microsoft Office Products - Array Index Bounds Error (PoC)

JAD java Decompiler 1.5.8g - (argument) Local Crash
JAD java Decompiler 1.5.8g - 'argument' Local Crash
Microsoft Edge Chakra - 'PreVisitCatch' Missing Call
Microsoft Edge Chakra - 'chakra!Js::GlobalObject' Integer overflow
Microsoft Edge Chakra - Buffer Overflow
Microsoft Edge Chakra - NULL Pointer Dereference
Microsoft Edge Chakra - Heap Buffer Overflow
Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrectly Re-parses
Microsoft Edge Chakra - Incorrect Usage of 'PushPopFrameHelper' in 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule'
Microsoft Edge Chakra - Incorrect Usage of 'TryUndeleteProperty'
Microsoft Edge Chakra - 'EmitAssignment' uses the 'this' Register Without Initializing
Microsoft Edge Chakra - Incorrect JIT Optimization with TypedArray Setter #2
Microsoft Edge Chakra - 'JavascriptArray::ConcatArgs' Type Confusion
Microsoft Edge Chakra - 'JavascriptFunction::EntryCall' Fails to Handle 'CallInfo' Properly
Microsoft Edge Chakra - Uninitialized Arguments
Microsoft Edge Chakra - Uninitialized Arguments (2)
Microsoft Edge Chakra - 'EmitNew' Integer Overflow
Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3
Adobe Flash - Invoke Accesses Trait Out-of-Bounds
Microsoft Edge - Out-of-Bounds Access when Fetching Source

Audiotran 1.4.1 - Direct RET Buffer Overflow
Audiotran 1.4.1 - Buffer Overflow (Direct RET)

GSM SIM Utility 5.15 - Local Exploit Direct Ret ver
GSM SIM Utility 5.15 - Local Exploit (Direct RET)

DVD X Player 5.5.0 Pro / Standard - Universal Exploit (ASLR + DEP Bypass)
DVD X Player 5.5.0 Professional / Standard - '.plf' File Universal Exploit (ASLR + DEP Bypass)

CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution
CVS Kit CVS Server 1.10.8 - 'Checkin.prog' Binary Execution
BlazeVideo HDTV Player 6.6 Professional - Direct Retn Exploit
Aviosoft Digital TV Player Professional 1.x - Direct Retn Exploit
BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct Retn)
Aviosoft Digital TV Player Professional 1.x - '.PLF' Exploit (Direct Retn)

BlazeDVD 6.1 - PLF Exploit (DEP + ASLR Bypass) (Metasploit)
BlazeDVD 6.1 - '.PLF' File Exploit (DEP + ASLR Bypass) (Metasploit)

AudioCoder 0.8.22 - '.m3u' Direct Retn Buffer Overflow
AudioCoder 0.8.22 - '.m3u' Buffer Overflow (Direct Retn)

AudioCoder 0.8.22 - '.lst' Direct Retn Buffer Overflow
AudioCoder 0.8.22 - '.lst' Buffer Overflow (Direct Retn)

BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct Ret)
BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct RET)

BlazeDVD Pro 7.0 - '.plf' Buffer Overflow (SEH)
BlazeDVD Pro Player 7.0 - '.plf' Buffer Overflow (SEH)

BlazeDVD Pro 7.0 - '.plf' Stack Based Buffer Overflow (Direct RET)
BlazeDVD Pro Player 7.0 - '.plf' Stack Based Buffer Overflow (Direct RET)

Apple Mac OSX Install.Framework - SUID root Runner Binary Privilege Escalation
Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation

Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation
Xamarin Studio for Mac 6.2.1 (build 3) / 6.3 (build 863) - Privilege Escalation

RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass (Patched EXE)
RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass

Symphony 1.7.01 - (non-patched) Remote Code Execution
Symphony 1.7.01 (non-patched) - Remote Code Execution
Binary Board System 0.2.5 - reply.pl Multiple Parameter Cross-Site Scripting
Binary Board System 0.2.5 - stats.pl Multiple Parameter Cross-Site Scripting
Binary Board System 0.2.5 - toc.pl board Parameter Cross-Site Scripting
Binary Board System 0.2.5 - 'reply.pl' Multiple Parameter Cross-Site Scripting
Binary Board System 0.2.5 - 'stats.pl' Multiple Parameter Cross-Site Scripting
Binary Board System 0.2.5 - 'toc.pl' 'board' Parameter Cross-Site Scripting

Orchard 1.3.9 - 'ReturnUrl' Parameter URI redirection
Orchard 1.3.9 - 'ReturnUrl' Parameter URI Redirection

WebsitePanel - 'ReturnUrl' Parameter URI redirection
WebsitePanel - 'ReturnUrl' Parameter URI Redirection
Online Quiz Project 1.0 - SQL Injection
Photogallery Project 1.0 - SQL Injection
Doctor Patient Project 1.0 - SQL Injection
 2017-08-18 05:01:20 +00:00
Offensive Security
bc1dac1620 DB: 2017-08-15 
3 new exploits

GetRight 5.2a - Skin File (.grs) Buffer Overflow
GetRight 5.2a - '.grs' Skin File Buffer Overflow

Tomabo MP4 Converter 3.19.15 - Denial of Service

Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation

Winamp 5.04 - Skin File (.wsz) Remote Code Execution
Winamp 5.04 - '.wsz' Skin File Remote Code Execution

PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled)
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit

Concrete5 < 5.4.2.1 - Multiple Vulnerabilities
Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities

Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection

Concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting
Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting

Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion
Concrete5 CMS 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion

Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross Site Scripting

Concrete5 8.1.0 - 'Host' Header Injection
Concrete5 CMS 8.1.0 - 'Host' Header Injection

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery

Red-Gate SQL Monitor < 3.10/4.2 - Authentication Bypass
Red-Gate SQL Monitor < 3.10 / 4.2 - Authentication Bypass
 2017-08-15 05:01:22 +00:00
Offensive Security
79b3065b37 DB: 2017-08-05 
2 new exploits

Zookeeper 3.5.2 Client - Denial of Service

Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection
 2017-08-05 05:01:29 +00:00
Offensive Security
baeaf13b13 DB: 2017-08-02 
9 new exploits

libmad 0.15.1b - 'mp3' Memory Corruption

iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation
SKILLS.com.au Industry App - MITM Remote Code Execution
Virtual Postage (VPA) - MITM Remote Code Execution
Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit)
Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload
VehicleWorkshop - Authentication Bypass
VehicleWorkshop - Arbitrary File Upload
SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection
 2017-08-02 05:01:31 +00:00
Offensive Security
25e79a8750 DB: 2017-07-30 
1 new exploits

vBulletin 4.2.3 - 'ForumRunner' SQL Injection
vBulletin 3.6.0 < 4.2.3 - 'ForumRunner' SQL Injection

GitHub Enterprise < 2.8.7 - Remote Code Execution
 2017-07-30 05:01:23 +00:00
Offensive Security
2351348891 DB: 2017-07-26 
6 new exploits

WebKit JSC - 'DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry)' Incorrect Scope Register Handling
WebKit JSC - 'arrayProtoFuncSplice' Uninitialized Memory Reference
WebKit JSC - 'JSArray::appendMemcpy' Uninitialized Memory Copy
WebKit JSC - 'ArgumentsEliminationPhase::transform' Incorrect LoadVarargs Handling
WebKit JSC - 'ObjectPatternNode::appendEntry' Stack Use-After-Free

WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting
 2017-07-26 05:01:21 +00:00
Offensive Security
e27b6b8408 DB: 2017-07-25 
17 new exploits

Linux Kernel 2.6.32-642 /3.16.0-4 - 'inode' Integer Overflow
Linux Kernel 2.6.32-642/3.16.0-4 - 'inode' Integer Overflow
WebKit - 'WebCore::AccessibilityNodeObject::textUnderElement' Use-After-Free
WebKit - 'WebCore::AccessibilityRenderObject::handleAriaExpandedChanged' Use-After-Free
WebKit - 'WebCore::Node::nextSibling' Use-After-Free
WebKit - 'WebCore::RenderSearchField::addSearchResult' Heap Buffer Overflow
WebKit - 'WebCore::InputType::element' Use-After-Free
WebKit - 'WebCore::RenderObject' with Accessibility Enabled Use-After-Free
WebKit - 'WebCore::Node::getFlag' Use-After-Free
WebKit - 'WebCore::getCachedWrapper' Use-After-Free

Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - ScsiAccess Privilege Escalation
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Privilege Escalation
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (SUID)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (SUID Method)

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition Privilege Escalation (/etc/passwd)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (/etc/passwd)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)
MAWK 1.3.3-17 - Local Buffer Overflow
Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)
Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)
IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit)
VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit)
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit)
PaulShop - SQL Injection / Cross-Site Scripting
REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution
REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure
 2017-07-25 05:01:20 +00:00
Offensive Security
9640473c86 DB: 2017-07-20 
23 new exploits

Linux Kernel 3.0.5 - 'test_root()' Function Local Denial of Service
Linux Kernel 3.0.5 - 'test_root()' Local Denial of Service

SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit)
SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force)

Kaspersky 17.0.0 - Local CA root Incorrectly Protected
Kaspersky 17.0.0 - Local CA Root Incorrectly Protected

Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow (DEP Bypass)

WICD - Local Privilege Esclation Exploit
WICD 1.7.1 - Local Privilege Escalation

Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions
Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions
Oracle Solaris 11.1/11.3 (RSH) - Local Privilege Escalation 'Stack Clash' Exploit
OpenBSD - 'at' Local Privilege Escalation 'Stack Clash' Exploit
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation
OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation

Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation
Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation

HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow

McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution

Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution

Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution

Trend Micro Interscan VirusWall localweb - Directory Traversal

Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)

Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting

Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)

XAMPP 1.6.x - 'showcode.php' Local File Inclusion

Yealink VoIP Phone SIP-T38G - Local File Inclusion

InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion

Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)

DreamBox DM800 - 'file' Parameter Local File Disclosure

Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting

TP-Link TL-WR841N Router - Local File Inclusion

Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities

Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure

Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes)

Vivvo Article Manager 3.4 - (root) Local File Inclusion
Vivvo Article Manager 3.4 - 'root' Local File Inclusion

60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion
60cycleCMS 2.5.2 - 'DOCUMENT_ROOT' Multiple Local File Inclusion

HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow

McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution

Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution

Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution

Trend Micro Interscan VirusWall localweb - Directory Traversal

Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)

Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting
Campsite 2.6.1 - 'LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion

Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)

XAMPP 1.6.x - 'showcode.php' Local File Inclusion

Yealink VoIP Phone SIP-T38G - Local File Inclusion

InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion

Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)

DreamBox DM800 - 'file' Parameter Local File Disclosure

Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting

TP-Link TL-WR841N Router - Local File Inclusion

Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities

Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure

Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit)
Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)
Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection
Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)
Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)
Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)
Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection
 2017-07-20 05:01:21 +00:00
Offensive Security
21f7dd8438 DB: 2017-07-19 
11 new exploits

Microsoft Internet Explorer 11.0.9600.18617 - 'CMarkup::DestroySplayTree' Memory Corruption
Microsoft Internet Explorer 11.1066.14393.0 - VBScript Arithmetic Functions Type Confusion
Microsoft Windows Kernel - 'IOCTL 0x120007 (NsiGetParameter)' nsiproxy/netio Pool Memory Disclosure

Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation

Belkin NetCam F7D7601 - Multiple Vulnerabilities
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)

Sophos Web Appliance 4.3.1.1 - Session Fixation
Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit)
Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit)
PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting
 2017-07-19 05:01:23 +00:00
Offensive Security
635e0e935f DB: 2017-07-15 
4 new exploits

Counter Strike: Condition Zero - '.BSP' Map File Code Execution

Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution
Apache Struts 2.3.x Showcase - Remote Code Execution (PoC)
WDTV Live SMP 2.03.20 - Remote Password Reset
 2017-07-15 05:01:21 +00:00
Offensive Security
22bf5da098 DB: 2017-07-08 
2 new exploits

Firefox 54.0.1 - Denial of Service

Lepide Auditor Suite - 'createdb()' Web Console Database Injection Remote Code Execution
Lepide Auditor Suite - 'createdb()' Web Console Database Injection / Remote Code Execution
Yaws 1.91 - Remote File Disclosure
Price Comparison Script 2017.1.8 - SQL Injection
Clickbank Affiliate Marketplace Script 2017 - SQL Injection
 2017-07-08 05:01:21 +00:00
Offensive Security
da85974f2a DB: 2017-07-01 
3 new exploits

LG MRA58K - 'ASFParser::SetMetaData' Stack Overflow
Google Chrome - Out-of-Bounds Access in RegExp Stubs

ActiveMQ < 5.14.0 - web shell upload (Metasploit)
ActiveMQ < 5.14.0 - Web Shell Upload (Metasploit)

Humax HG100R 2.0.6 - Backup File Download
 2017-07-01 05:01:21 +00:00
Offensive Security
6ab9a26ee4 DB: 2017-06-27 
10 new exploits

PHP Exif Extension - 'exif_read_data()' Function Remote Denial of Service
PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service

PHP phar extension 1.1.1 - Heap Overflow
PHP 'phar' Extension 1.1.1 - Heap Overflow

PHP 5.2.1 GD Extension - '.WBMP' File Integer Overflow Vulnerabilities
PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities

PHP 5.3.1 - 'session_save_path()' 'Safe_mode' Restriction-Bypass
PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot

PHP 5.3.2 xmlrpc Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.x - 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x - 'Zip' Extension 'stream_get_contents()' Function Denial of Service
PHP 5.3.x  'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service

unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write
unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write
NTFS 3.1 - Master File Table Denial of Service
LAME 3.99.5 - 'II_step_one' Buffer Overflow
LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow

PHP COM extensions - (inconsistent Win32) Safe_mode Bypass Exploit
PHP 'COM' Extensions - (inconsistent Win32) 'safe_mode' Bypass Exploit

PHP 5.2.3 Tidy extension - Local Buffer Overflow
PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow

PHP 5.2.3 - Win32std ext. Safe_mode/disable_functions Protections Bypass
PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass

PHP 5.x - (Win32service) Local Safe Mode Bypass Exploit
PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit
PHP FFI Extension 5.0.5 - Local Safe_mode Bypass
PHP Perl Extension - Safe_mode BypassExploit
PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local  Bypass Exploit
PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit

PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass
PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit

PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass
PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass

PHP 5.x - COM functions Safe_mode and disable_function Bypass
PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass

PHP 5.2.6 - (error_log) Safe_mode Bypass
PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit

PHP - Safe_mode Bypass via proc_open() and custom Environment
PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment

PHP python extension safe_mode - Bypass Local
PHP 'python' Extension - 'safe_mode' Local Bypass Exploit

PHP 3 < 5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass
PHP 3 < 5 - Ini_Restore() 'Safe_mode' / 'open_basedir' Restriction Bypass

PHP 5.2 - Session.Save_Path() Safe_mode and open_basedir Restriction Bypass
PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass

PHP 5.2 - FOpen Safe_mode Restriction-Bypass
PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit

PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities

suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass
suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit

PHP 5.2.9 cURL - 'Safe_mode' and 'open_basedir' Restriction-Bypass
PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit

JAD Java Decompiler 1.5.8e - Buffer Overflow

Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass/RCI Exploit
Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit

Network Tool 0.2 PHP-Nuke Addon - MetaCharacter Filtering Command Execution
PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution

PHP 4.x/5.x - Html_Entity_Decode() Information Disclosure
PHP 4.x/5.x - 'Html_Entity_Decode()' Information Disclosure

PHP 4.x - copy() Function Safe Mode Bypass
PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit

PHP 5.2.5 - cURL 'safe mode' Security Bypass
PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit

PHP 5.x (5.3.x 5.3.2) - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities

Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution
Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution

Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)

Crypttech CryptoLog - Remote Code Execution (Metasploit)
Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)
Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit)

Linux/x86 - Bind Shell Shellcode (75 bytes)

JiRos Banner Experience 1.0 - (Create Authentication Bypass) Remote Exploit
JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit

XOOPS myAds Module - (lid) SQL Injection
XOOPS myAds Module - 'lid' SQL Injection

PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit
PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit

Kolang - proc_open PHP safe mode Bypass 4.3.10 - 5.3.0 Exploit
Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit
SmarterMail 7.x (7.2.3925) - Persistent Cross-Site Scripting
SmarterMail 7.x (7.2.3925) - LDAP Injection
SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting
SmarterMail < 7.2.3925 - LDAP Injection

MaticMarket 2.02 for PHP-Nuke - Local File Inclusion
PHP-Nuke MaticMarket 2.02 - Local File Inclusion

WordPress Plugin BuddyPress plugin 1.5.x < 1.5.5 - SQL Injection
WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection

Search Enhanced Module 1.1/2.0 for PHP-Nuke - HTML Injection
PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection

SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit
SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit

Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Exploit
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit

PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock)
PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock)

phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection

pragmaMx 1.12.1 - modules.php URI Cross-Site Scripting
pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting

Glossaire Module for XOOPS - '/modules/glossaire/glossaire-aff.php' SQL Injection
XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection

ATutor LMS - install_modules.php Cross-Site Request Forgery / Remote Code Execution
ATutor LMS - 'install_modules.php' Cross-Site Request Forgery / Remote Code Execution

vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API

Eltek SmartPack - Backdoor Account
 2017-06-27 05:01:26 +00:00
Offensive Security
66671632b5 DB: 2017-06-24 
16 new exploits

Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption
Microsoft Windows - 'USP10!ttoGetTableData' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!SubstituteNtoM' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!CreateIndexTable' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!NextCharInLiga' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!otlSinglePosLookup::getCoverageTable' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!otlValueRecord::adjustPos' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!otlReverseChainingLookup::apply' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'nt!NtQueryInformationResourceManager (information class 0)' Kernel Stack Memory Disclosure
Microsoft Windows - Kernel ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table
Microsoft Windows - 'nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation)' Kernel Stack Memory Disclosure
unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write
Microsoft Edge - 'CssParser::RecordProperty' Type Confusion
Adobe Flash - AVC Edge Processing Out-of-Bounds Read
Adobe Flash - Image Decoding Out-of-Bounds Read
Adobe Flash - ATF Parser Heap Corruption

Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
 2017-06-24 05:01:27 +00:00
Offensive Security
248f7e7480 DB: 2017-06-17 
7 new exploits

WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions
WebKit JSC - arrayProtoFuncSplice does not Initialize all Indices
WebKit JSC - JIT Optimization Check Failed in IntegerCheckCombiningPhase::handleBlock
WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales

Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow (DEP Bypass)
KBVault MySQL 0.16a - Arbitrary File Upload
Joomla! Component JoomRecipe 1.0.3 - SQL Injection
 2017-06-17 05:01:25 +00:00
Offensive Security
dea52f68f5 DB: 2017-06-12 
8 new exploits

Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC)

Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
VMware vSphere Data Protection 5.x/6.x - Java Deserialization
EFS Easy Chat Server 3.1 - Buffer Overflow (SEH)
IPFire 2.19 - Remote Code Execution
eCom Cart 1.3 - SQL Injection
EFS Easy Chat Server 3.1 - Password Disclosure
EFS Easy Chat Server 3.1 - Password Reset
PaulShop - SQL Injection
 2017-06-12 05:01:24 +00:00
Offensive Security
fbe517f675 DB: 2017-06-10 
6 new exploits

Mapscrn 2.03 - Local Buffer Overflow
libcroco 0.6.12 - Denial of Service
libquicktime 1.2.4 - Denial of Service
Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition
Apple macOS - Disk Arbitration Daemon Race Condition

Craft CMS 2.6 - Cross-Site Scripting
 2017-06-10 05:01:19 +00:00
Offensive Security
0ef7d9b9ec DB: 2017-06-07 
8 new exploits

Wireshark 2.2.6 - IPv6 Dissector Denial of Service
Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service
Apple Safari 10.1 - Spread Operator Integer Overflow Remote Code Execution
Home Web Server 1.9.1 build 164 - Remote Code Execution

Linux/x86-64 - /bin/sh Shellcode (31 bytes)
Kronos Telestaff < 2.92EU29 - SQL Injection
WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting
Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure
 2017-06-07 05:01:18 +00:00
Offensive Security
42e94b4366 DB: 2017-06-05 
26 new exploits

Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine

Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files
Microsoft MsMpEng - Use-After-Free via Saved Callers
WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit - 'Element::setAttributeNodeNS' Use-After-Free
reiserfstune 3.6.25 - Local Buffer Overflow

TiEmu 2.08 - Local Buffer Overflow
Octopus Deploy - Authenticated Code Execution (Metasploit)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)

CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities

Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes)

uc-http Daemon - Local File Inclusion / Directory Traversal
Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow

WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
Piwigo Plugin Facetag 0.0.3 - SQL Injection
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - SQL Injection
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
 2017-06-05 05:01:15 +00:00
Offensive Security
d77e2b2ada DB: 2017-05-26 
11 new exploits

Apple WebKit / Safari 10.0.3(12602.4.8) - 'WebCore::FrameView::scheduleRelayout' Use-After-Free
Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine
Mozilla Firefox < 53 - 'gfxTextRun' Out-of-Bounds Read
Mozilla Firefox < 53 - 'ConvolvePixel' Memory Disclosure

WinRAR 3.60 Beta 6 - (SFX Path) Local Stack Overflow
WinRAR 3.60 Beta 6 - SFX Path Local Stack Overflow

Ability Server 2.34 - FTP STOR Buffer Overflow
Ability Server 2.34 - FTP 'STOR' Buffer Overflow

TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow
TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Buffer Overflow

Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (3)
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (3)
MailEnable Enterprise Edition 1.1 - (EXAMINE) Buffer Overflow
Eudora Qualcomm WorldMail 3.0 - (IMAPd) Remote Overflow
MailEnable Enterprise Edition 1.1 - 'EXAMINE' Buffer Overflow
Eudora Qualcomm WorldMail 3.0 - 'IMAPd' Remote Overflow

Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow
Alt-N MDaemon POP3 Server < 9.06 - 'USER' Remote Heap Overflow

HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow
HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Unauthenticated Overflow (SEH)

Microsoft Internet Explorer - XML Parsing Buffer Overflow (Windows Vista)
Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow

Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit)
Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Buffer Overflow (Metasploit)

qualcomm worldmail server 3.0 - Directory Traversal
Qualcomm WorldMail Server 3.0 - Directory Traversal

Samba 3.5.0 - Remote Code Execution

SolarWinds orion network performance monitor 10.2.2 - Multiple Vulnerabilities
SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities

Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php q Parameter' SQL Injection
Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php' q Parameter SQL Injection

PlaySMs 1.4 - 'import.php' Remote Code Execution
PlaySMS 1.4 - 'import.php' Remote Code Execution
Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting
WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting
WebKit - 'ContainerNode::parserInsertBefore' Universal Cross-Site Scripting
WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting
WebKit - Stealing Variables via Page Navigation in FrameLoader::clear
Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting
 2017-05-26 05:01:18 +00:00
Offensive Security
2907a841a7 DB: 2017-05-24 
9 new exploits

Apple iOS/macOS - Memory Corruption Due to Bad Bounds Checking in NSCharacterSet Coding for NSKeyedUnarchiver
Apple iOS/macOS - NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in [NSBuiltinCharacterSet initWithCoder:]
Apple iOS/macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in 'TIKeyboardLayout initWithCoder:'
Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin'
Apple iOS/macOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization
Apple iOS/macOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Option Handling
Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization

KDE 4/5 - 'KAuth' Privilege Escalation

VX Search Enterprise 9.5.12 - GET Buffer Overflow (Metasploit)
 2017-05-24 05:01:19 +00:00
Offensive Security
94f7a8c8f5 DB: 2017-05-18 
15 new exploits

Apple iOS < 10.3.2 - Notifications API Denial of Service
Adobe Flash - AVC Deblocking Out-of-Bounds Read
Adobe Flash - Margin Handling Heap Corruption
Adobe Flash - Out-of-Bounds Read in Getting TextField Width
Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Mozilla Firefox 50 - 55 - Stack Overflow Denial of Service

Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation
Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit)
Serviio Media Server - checkStreamUrl Command Execution (Metasploit)
WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit)
Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution

Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes)
INFOR EAM 11.0 Build 201410 - 'filtervalue' SQL Injection
INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields
 2017-05-18 05:01:18 +00:00
Offensive Security
b6bbf710eb DB: 2017-05-12 
5 new exploits

OpenVPN 2.4.0 - Unauthenticated Denial of Service

Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Privilege Escalation (3)

Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation

Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)
Microsoft Windows - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)

Microsoft IIS WebDav - ScStoragePathFromUrl Overflow (Metasploit)
 2017-05-12 05:01:18 +00:00
Offensive Security
4e3947178d DB: 2017-05-10 
10 new exploits

LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls
LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers
LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflows
wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One
Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution
Crypttech CryptoLog - Remote Code Execution (Metasploit)
BSD/x86 - portbind port 31337 Shellcode (83 bytes)
BSD/x86 - portbind port random Shellcode (143 bytes)
BSD/x86 - Portbind Port 31337 Shellcode (83 bytes)
BSD/x86 - Portbind Random Port Shellcode (143 bytes)

BSD/x86 - execve /bin/sh Crypt /bin/sh Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)

BSD/x86 - reverse 6969 portbind Shellcode (129 bytes)
BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)

FreeBSD/x86 - portbind 4883 with auth Shellcode (222 bytes)
FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes)

FreeBSD/x86 - connect (Port 31337) Shellcode (102 bytes)
FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
Linux/x86 - execve Null Free Shellcode (Generator)
Linux/x86 - Portbind Payload Shellcode (Generator)
Windows XP SP1 - Portbind Payload Shellcode (Generator)
Linux/x86 - execve Null-Free Shellcode (Generator)
Linux/x86 - Portbind Shellcode (Generator)
Windows XP SP1 - Portbind Shellcode (Generator)

Linux/x86 - cmd Null Free Shellcode (Generator)
Linux/x86 - cmd Null-Free Shellcode (Generator)

Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Connectback Port 21 Shellcode

Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind Shellcode (276 bytes)
Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes)

Linux/SPARC - portbind port 8975 Shellcode (284 bytes)
Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes)

Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes)
Linux/x86 - bindport 8000 & execve iptables -F Shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access Shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux Shellcode (179 bytes)
Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes)
Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture Shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)

Linux/x86 - Connect Back Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - setuid/portbind (Port 31337) Shellcode (96 bytes)
Linux/x86 - portbind (2707) Shellcode (84 bytes)
Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes)
Linux/x86 - Portbind 2707 Shellcode (84 bytes)

Linux/x86 - SET_PORT() portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) Shellcode (86 bytes)
Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes)
Linux/x86 - Portbind Port 64713 Shellcode (86 bytes)
Linux/x86 - portbind port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add user 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - portbind port 5074 Shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add user 't00r' Shellcode (82 bytes)
Linux/x86 - Portbind Port 5074 Shellcode (92 bytes)
Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add User 't00r' Shellcode (82 bytes)

Linux/x86-64 - bindshell port 4444 Shellcode (132 bytes)
Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes)

NetBSD/x86 - callback Shellcode (port 6666) (83 bytes)
NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes)

OpenBSD/x86 - portbind port 6969 Shellcode (148 bytes)
OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes)

Solaris/SPARC - portbind (port 6666) Shellcode (240 bytes)
Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes)

Solaris/SPARC - portbind port 6789 Shellcode (228 bytes)
Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes)
Solaris/SPARC - portbinding Shellcode (240 bytes)
Solaris/x86 - portbind/TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free Shellcode (39 bytes)
Solaris/SPARC - Portbind Shellcode (240 bytes)
Solaris/x86 - Portbind TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes)

Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 Shellcode
Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode

Win32 - telnetbind by Winexec 23 port Shellcode (111 bytes)
Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes)

Win32 XP SP2 FR - Sellcode cmd.exe Shellcode (32 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)

Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)

Win32 - download and execute Shellcode (124 bytes)
Win32 - Download & Execute Shellcode (124 bytes)

Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows XP - download and exec source Shellcode
Windows XP SP1 - Portshell on port 58821 Shellcode (116 bytes)
Windows XP - Download & Exec Shellcode
Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes)

Win64 - (URLDownloadToFileA) download and execute Shellcode (218+ bytes)
Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes)
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 Shellcode
FreeBSD/x86 - portbind (Port 1337) Shellcode (167 bytes)
Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode
FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes)
Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)
Windows XP Professional SP2 (English) - Message Box Null-Free Shellcode (16 bytes)
Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)

Win32 XP SP2 FR - calc Shellcode (19 bytes)
Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Win32 XP SP3 English - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe Shellcode (26 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Windows XP Home Edition SP2 English - calc.exe Shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe Shellcode (37 bytes)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)

Windows XP Professional SP2 ITA - calc.exe Shellcode (36 bytes)
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)

Windows XP SP2 FR - Download and Exec Shellcode
Windows XP SP2 (FR) - Download & Exec Shellcode

Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Windows 7 Professional SP1 x64 (FR) - (Beep) Shellcode (39 bytes)

Linux/x86 - netcat connect back port 8080 Shellcode (76 bytes)
Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ Shellcode (390 bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes)
Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)

Linux/x86 - bind shell port 64533 Shellcode (97 bytes)
Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes)
Linux - 125 bind port to 6778 XOR encoded polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic Shellcode (91 bytes)
Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes)
Linux/x86 - netcat bindshell port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)
Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)

BSD/x86 - bindshell on port 2525 Shellcode (167 bytes)
BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes)

Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Win32/XP Pro SP3 (EN) x86 - Add new local administrator _secuid0_ Shellcode (113 bytes)
Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)
ARM - Bindshell port 0x1337 Shellcode
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
ARM - Bindshell Port 0x1337 Shellcode

OSX/Intel (x86-64) - setuid shell  Shellcode (51 bytes)
OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)

Win32 - speaking Shellcode
Win32 - Speaking 'You got pwned!' Shellcode

BSD/x86 - 31337 portbind + fork Shellcode (111 bytes)
BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes)

Linux/x86 - netcat bindshell port 6666 Shellcode (69 bytes)
Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes)

Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)

Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)

Linux/MIPS - connect back Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)

Windows XP Pro SP3 - Full ROP calc Shellcode (428 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)

Windows RT ARM - Bind Shell (Port 4444) Shellcode
Windows RT ARM - Bind Shell Port 4444 Shellcode

Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)

Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes)

Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)

Windows XP x86-64 - Download & execute Shellcode (Generator)
Windows XP x86-64 - Download & Execute Shellcode (Generator)

Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)
Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes)

Win32/XP SP3 - Create (_file.txt_) Shellcode (83 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)

Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)

OSX/x86-64 - /bin/sh Null Free Shellcode (34 bytes)
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)

OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes)
OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes)

Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)

Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes)
Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes)

Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)
Windows XP < 10 - WinExec Null-Free Shellcode (Python) (Generator)

Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes)

Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes)

Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)
Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes)

Linux/x86-64 - bindshell (Port 5600) Shellcode (81 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes)

Linux/x86-64 - bindshell (Port 5600) Shellcode (86 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes)

Linux/x86 - Bind TCP Port 1472 (IPv6) Shellcode (1250 bytes)
Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes)

Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)
Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes)

Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes)

Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)
Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes)
Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes)
Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)
Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes)
Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes)

Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes)
LogRhythm Network Monitor - Authentication Bypass / Command Injection
I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
 2017-05-10 05:01:16 +00:00
Offensive Security
4aa75d9fe9 DB: 2017-05-02 
5 new exploits

MySQL <= 5.6.35 / <= 5.7.17 - Integer Overflow
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Privilege Escalation
HideMyAss Pro VPN Client for macOS 3.x - Privilege Escalation
Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities
Tuleap Project Wiki 8.3 <= 9.6.99.86 - Command Injection
 2017-05-02 05:01:18 +00:00
Offensive Security
e4147fb21e DB: 2017-05-01 
5 new exploits

Panda Free Antivirus - 'PSKMAD.sys' Denial of Service
IrfanView 4.44 - Denial of Service
Emby MediaServer 3.2.5 - SQL Injection
Emby MediaServer 3.2.5 - Password Reset
Emby MediaServer 3.2.5 - Directory Traversal
 2017-05-01 05:01:18 +00:00
Offensive Security
9e9bf495c2 DB: 2017-04-26 
26 new exploits

PHP 5.4.0RC6 (x64t) - Denial of Service
PHP 5.4.0RC6 (x64) - Denial of Service

Evostream Media Server 1.7.1 (x64) - Denial of Service

PrivateTunnel Client 2.8 - Local Buffer Overflow (SEH)
VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Dmitry 1.3a - Local Buffer Overflow
Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Apple Safari - Array concat Memory Corruption
Oracle VirtualBox Guest Additions 5.1.18 -  Unprivileged Windows User-Mode Guest Code Double-Free
VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation
Dell Customer Connect 1.3.28.0 - Privilege Escalation
LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation

Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit
Nginx 1.4.0 (Generic Linux x64) - Remote Exploit
Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution
Microsoft Office Word - Malicious Hta Execution (Metasploit)
WePresent WiPG-1000 - Command Injection (Metasploit)

OSX/Intel - setuid shell x86_64 Shellcode (51 bytes)
OSX/Intel (x86-64) - setuid shell  Shellcode (51 bytes)

OSX/Intel (x86_64) - reverse_tcp shell Shellcode (131 bytes)
OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes)
Linux x86 / x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 / x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 / x86_64 - Read /etc/passwd Shellcode (156 bytes)
Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)

Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)

Linux/x86-64 - Egghunter Shellcode (38 bytes)

Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery
WordPress Plugin KittyCatfish 2.2 - SQL Injection
WordPress Plugin Car Rental System 2.5 - SQL Injection
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection
WordPress Plugin Wow Forms 2.1 - SQL Injection
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE
Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection
October CMS 1.0.412 - Multiple Vulnerabilities
 2017-04-26 05:01:18 +00:00
Offensive Security
5386bd7110 DB: 2017-04-21 
10 new exploits

Femitter FTP Server 1.03 - (RETR) Remote Denial of Service (PoC)
Femitter FTP Server 1.03 - 'RETR' Remote Denial of Service (PoC)
VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Microsoft Windows 10 10586 - IEETWCollector Arbitrary Directory/File Deletion Privilege Escalation
Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation
VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation
3proxy 0.5.3g (Linux) - proxy.c logurl() Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - proxy.c logurl() Remote Buffer Overflow
3proxy 0.5.3g - proxy.c logurl() Remote Overflow (exec-shield)
3proxy 0.5.3g (Linux) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g - (exec-shield) 'proxy.c' 'logurl()' Remote Overflow

3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)

Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution

Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting

Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripting
 2017-04-21 05:01:18 +00:00