exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00
Offensive Security	6f71665f8a	DB: 2017-11-23 28 new exploits Apache 2.0.45 - 'APR' Crash IPD (Integrity Protection Driver) - Denial of Service Ubuntu 6.06 DHCPd - Remote Denial of Service Ubuntu 6.06 - DHCPd Remote Denial of Service Core FTP LE 2.1 build 1612 - Local Buffer Overflow (PoC) CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC) Adobe Reader - Escape From '.PDF' Oracle Solaris - 'su' Crash SunOS 4.1.3 - kmem setgid /etc/crash Solaris 2.5.1 - 'Ping' System Panic (Denial of Service) Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1) - IP Options Linux Kernel 2.0/2.1/2.2 - 'autofs' Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / SuSE Linux 6.1) - IP Options Linux Kernel 2.0/2.1/2.2 - 'autofs' Denial of Service S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service SuSE Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' (Denial of Service) Adobe Flash - Use-After-Free in Drawing Methods 'this' Adobe Flash - Drawing Methods 'this' Use-After-Free Symantec AntiVirus - Integer Overflow in TNEF Decoder Symantec AntiVirus - TNEF Decoder Integer Overflow Apple iOS/macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in 'TIKeyboardLayout initWithCoder:' Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin' Apple iOS/macOS - 'TIKeyboardLayout initWithCoder:' NSKeyedArchiver Heap Corruption Due to Rounding Error Apple iOS/macOS - 'CAMediaTimingFunctionBuiltin' NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking Microsoft Edge Chakra - Incorrect Usage of 'PushPopFrameHelper' in 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Microsoft Edge Chakra - Incorrect Usage of 'TryUndeleteProperty' Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrect Usage of 'PushPopFrameHelper' (Denial of Service) Microsoft Edge Chakra - 'TryUndeleteProperty' Incorrect Usage (Denial of Service) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' (Denial of Service) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' (Denial of Service) Microsoft Edge Chakra - 'Parser::ParseCatch' does not Handle 'eval' Microsoft Edge Chakra - 'Parser::ParseCatch' Does Not Handle 'eval()' (Denial of Service) Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box' Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service) Xen - Unbounded Recursion in Pagetable De-typing Xen - Pagetable De-typing Unbounded Recursion Vonage VDV-23 - Denial of Service WebKit - 'WebCore::TreeScope::documentScope' Use-After-Free WebKit - 'WebCore::InputType::element' Use-After-Free WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free WebKit - 'WebCore::AXObjectCache::performDeferredCacheUpdate' Use-After-Free WebKit - 'WebCore::RenderText::localCaretRect' Out-of-Bounds Read WebKit - 'WebCore::SimpleLineLayout::RunResolver::runForPoint' Out-of-Bounds Read WebKit - 'WebCore::SVGPatternElement::collectPatternAttributes' Out-of-Bounds Read WebKit - 'WebCore::Style::TreeResolver::styleForElement' Use-After-Free WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free WebKit - 'WebCore::RenderObject::previousSibling' Use-After-Free WebKit - 'WebCore::FormSubmission::create' Use-After-Free IBM DB2 - Universal Database 7.2 'db2licm' Local IBM DB2 - Universal Database 7.2 'db2licm' Local Overflow OpenBSD - 'ibcs2_exec' Kernel Local OpenBSD - 'ibcs2_exec' Kernel Code Execution SuSE Linux 9.0 - YaST Configuration Skribt Local SuSE Linux 9.0 - YaST Configuration Skribt Overwrite Files BSDi 3.0/4.0 - rcvtty[mh] Local BSDi 3.0/4.0 - 'rcvtty[mh]' Privilege Escalation Solaris locale - Format Strings 'noexec stack' Solaris 2.6/7.0 - 'locale' Format Strings noexec stack Overflow RedHat 6.1 man - 'egid 15' Local RedHat 6.1 - 'man' Local Overflow / Privilege Escalation splitvt < 1.6.5 - Local splitvt < 1.6.5 - Overflow IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Privilege Escalation Slackware 7.1 - '/usr/bin/mail' Local Slackware 7.1 - '/usr/bin/mail' Privilege Escalation GLIBC 2.1.3 - LD_PRELOAD Local GLIBC 2.1.3 - 'LD_PRELOAD' Privilege Escalation Resolv+ (RESOLV_HOST_CONF) - Linux Library Local Resolv+ (RESOLV_HOST_CONF) - Linux Library Command Execution LibXt - 'XtAppInitialize()' Overflow xterm LibXt - 'XtAppInitialize()' Local Overflow xterm ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Overflow AOL Instant Messenger AIM - 'Away' Message Local OpenBSD - 'ftp' ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Local Overflow AOL Instant Messenger AIM - 'Away' Message Local Overflow OpenBSD - 'ftp' Local Overflow IPD (Integrity Protection Driver) - Local XV 3.x - '.BMP' Parsing Local Buffer Overflow htpasswd Apache 1.3.31 - Local htpasswd Apache 1.3.31 - Overflow GlobalScape - CuteFTP macros '.mcr' Local BSD bmon 1.2.1_2 - Local GlobalScape - CuteFTP macros '.mcr' Local File Write BSD bmon 1.2.1_2 - Local acls Bypass Microsoft Windows - Improper Token Validation Local Microsoft Windows - Improper Token Validation Privilege Escalation Apple iTunes - Playlist Parsing Local Buffer Overflow Setuid perl - 'PerlIO_Debug()' Overflow Setuid perl - 'PerlIO_Debug()' Local Overflow DelphiTurk e-Posta 1.0 - Local GNU a2ps - 'Anything to PostScript' Not SUID Local DelphiTurk e-Posta 1.0 - Credential Recover GNU a2ps - Anything to PostScript Not SUID Local Overflow GetDataBack Data Recovery 2.31 - Local GetDataBack Data Recovery 2.31 - Licence Recover Exim 4.41 - 'dns_build_reverse' Local Exim 4.41 - 'dns_build_reverse' Local Read Emails Willing Webcam 2.8 - Licence Information Disclosure Local Willing Webcam 2.8 - Licence Information Disclosure Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Overflow TIBCO Rendezvous 7.4.11 - Password Extractor Local TIBCO Rendezvous 7.4.11 - Password Extractor Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation XMPlay 3.3.0.4 - '.PLS' Local Buffer Overflow Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local Apache 1.3.33/1.3.34 (Ubuntu / Debian) - CGI TTY Privilege Escalation Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Privilege Escalation Apache 1.3.34/1.3.33 (Ubuntu / Debian) - CGI TTY Privilege Escalation PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Overflow PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Overflow Microsoft Windows - Animated Cursor '.ani' Overflow (Hardware DEP) Microsoft Windows - Animated Cursor '.ani' Local Overflow (Hardware DEP) Oracle 10g R1 - 'pitrig_drop' PLSQL Injection 'get users hash' Oracle 10g R1 - 'PITRIG_TRUNCATE' PLSQL Injection 'get users hash' Oracle 10g R1 - 'pitrig_drop' Get Users Hash / PL/SQL Injection Oracle 10g R1 - 'PITRIG_TRUNCATE' Get Users Hash / PL/SQL Injection Debian XTERM - 'DECRQSS/comments' Debian XTERM - 'DECRQSS/comments' Code Execution BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Remote Overflow BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Local Overflow HyperVM - File Permissions Local HyperVM - File Permissions Credential Disclosure Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Remote Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Overflow VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Overflow VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Local Overflow Adobe Reader - Escape From '.PDF' Execute Embedded Executable Free MP3 CD Ripper 2.6 - '.wav' Free MP3 CD Ripper 2.6 - '.wav' Local Overflow GSM SIM Utility 5.15 - Direct RET Local GSM SIM Utility 5.15 - Direct RET Overflow Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Local Overflow Oracle Solaris - 'su' Local Viscom VideoEdit Gold ActiveX 8.0 - Remote Code Execution Viscom VideoEdit Gold ActiveX 8.0 - Code Execution Digital Music Pad 8.2.3.4.8 - '.pls' Overflow (SEH) Digital Music Pad 8.2.3.4.8 - '.pls' Local Overflow (SEH) Adobe Flash Player - 'Button' Remote Code Execution (Metasploit) Adobe Flash Player - 'Button' Arbitrary Code Execution (Metasploit) MPlayer Lite r33064 - '.m3u' Overflow (SEH) MPlayer Lite r33064 - '.m3u' Local Overflow (SEH) ACDSee FotoSlate - '.PLP' File 'id' Overflow (Metasploit) ACDSee FotoSlate - '.PLP' File 'id' Local Overflow (Metasploit) Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Overflow Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Local Overflow SunOS 4.1.3 - '/etc/crash' SetGID kmem Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Overflow / Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation Microsoft Windows - 'April Fools 2001' Microsoft Windows - 'April Fools 2001' Set Incorrect Date Solaris 2.5.1 - 'Ping' BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Overflow / Privilege Escalation (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1) Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking 'Save Password' Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking Save Password BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (3) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3) Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Decrypt Pages Solaris 7.0 - 'chkperm' Solaris 7.0 - 'chkperm' Privilege Escalation S.u.S.E. Linux 5.2 - 'gnuplot' S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation S.u.S.E. 5.2 - 'lpc' Privilege Escalation S.u.S.E Linux 5.2 - 'lpc' Privilege Escalation NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Read File SGI IRIX 6.0.1 - 'colorview' SGI IRIX 6.0.1 - 'colorview' Read Files SGI IRIX 6.2 - 'day5notifier' SGI IRIX 6.2 - 'day5notifier' Privilege Escalation SGI IRIX 6.4 - 'datman'/'cdman' SGI IRIX 6.4 - 'datman'/'cdman' Privilege Escalation SGI IRIX 6.4 - 'login' SGI IRIX 6.4 - 'login' Privilege Escalation SGI IRIX 6.4 - 'rmail' SGI IRIX 6.4 - 'rmail' Privilege Escalation SGI IRIX 5.1/5.2 - 'sgihelp' SGI IRIX 5.1/5.2 - 'sgihelp' Privilege Escalation Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (2) RedHat Linux 4.2/5.2/6.0 / S.u.S.E. Linux 6.0/6.1 - Cron Buffer Overflow (1) RedHat Linux 4.2/5.2/6.0 / S.u.S.E. Linux 6.0/6.1 - Cron Buffer Overflow (2) RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (1) RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (2) Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd' Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd' Privilege Escalation S.u.S.E. Linux 6.2 sscw - HOME Environment Variable Buffer Overflow SuSE Linux 6.2 sscw - HOME Environment Variable Buffer Overflow S.u.S.E. Linux 6.1/6.2 - 'cwdtools' SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation Solaris 7.0 - 'kcms_configure' Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation FreeBSD 3.3 - Seyon setgid Dialer FreeBSD 3.3 - Seyon SetGID Dialer SGI IRIX 6.2 - 'midikeys'/'soundplayer' SGI IRIX 6.2 - 'midikeys'/'soundplayer' Privilege Escalation Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' Code Execution FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Privilege Escalation Corel Linux OS 1.0 - 'setxconf' Corel Linux OS 1.0 - 'setxconf' Privilege Escalation Halloween Linux 4.0 / S.u.S.E. Linux 6.0/6.1/6.2/6.3 - 'kreatecd' Halloween Linux 4.0 / SuSE Linux 6.0/6.1/6.2/6.3 - 'kreatecd' Privilege Escalation S.u.S.E. Linux 6.x - Arbitrary File Deletion SuSE Linux 6.x - Arbitrary File Deletion S.u.S.E. Linux 6.3/6.4 Gnomelib - Buffer Overflow SuSE Linux 6.3/6.4 Gnomelib - Buffer Overflow RedHat Linux 6.0/6.1/6.2 - 'pam_console' RedHat Linux 6.0/6.1/6.2 - 'pam_console' Monitor Activity After Logout S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3) CVSWeb Developer CVSWeb 1.80 - Insecure perl 'open' CVSWeb Developer CVSWeb 1.80 - Insecure Perl 'open' Code Execution Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart' Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart' Privilege Escalation Debian 2.2 / S.u.S.E 6.3/6.4/7.0 - man '-l' Format String Debian 2.2 / Su.S.E 6.3/6.4/7.0 - man '-l' Format String Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / SuSE Linux 6.x/7.0/7.1 - 'Man -S' Heap Overflow S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Shell Definition Format String S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Buffer Overflow SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Shell Definition Format String SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Buffer Overflow SCO OpenServer 5.0.x - 'mana' REMOTE_ADDR Authentication Bypass SCO OpenServer 5.0.x - 'mana' 'REMOTE_ADDR' Authentication Bypass Samhain Labs 1.x - HSFTP Remote Format String Inmatrix Ltd. Zoom Player 8.5 - '.jpeg' Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'File Memory Corruption / Arbitrary Code Execution LiquidXML Studio 2010 - ActiveX Remote LiquidXML Studio 2010 - ActiveX Code Execution HexChat 2.9.4 - Local HexChat 2.9.4 - Overflow Winamp 5.63 - 'winamp.ini' Local Winamp 5.63 - 'winamp.ini' Local Overflow Apple 2.0.4 - Safari Local Apple 2.0.4 - Safari Local Cross-Site Scripting Gold MP4 Player - '.swf' Local Gold MP4 Player - '.swf' Local Overflow Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr SetGID Privilege Escalation Linux Kernel - 'offset2lib Stack Clash' Linux Kernel - 'offset2lib' Stack Clash Microsoft IIS - WebDAV 'ntdll.dll' Remote Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow Microsoft Windows 2000/XP - SMB Authentication Remote Microsoft Windows 2000/XP - SMB Authentication Remote Overflow Apache 2.0.45 - 'APR' Remote Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Overflow Microsoft Windows Media Services - 'nsiislog.dll' Remote Microsoft Windows Media Services - 'nsiislog.dll' Remote Overflow Citadel/UX BBS 6.07 - Remote Citadel/UX BBS 6.07 - Remote Overflow NIPrint LPD-LPR Print Server 4.10 - Remote NIPrint LPD-LPR Print Server 4.10 - Remote Overflow IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Overflow Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Overflow RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Overflow INND/NNRP < 1.6.x - Overflow INND/NNRP < 1.6.x - Remote Overflow OpenBSD ftpd 2.6/2.7 - Remote OpenBSD ftpd 2.6/2.7 - Remote Overflow IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote Overflow Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Overflow OpenFTPd 0.30.2 - Remote OpenFTPd 0.30.2 - Remote Overflow WU-IMAP 2000.287(1-2) - Remote WU-IMAP 2000.287(1-2) - Remote Overflow XV 3.x - '.BMP' Parsing Local Buffer Overflow PHP 4.3.7/5.0.0RC3 - memory_limit Remote PHP 4.3.7/5.0.0RC3 - 'memory_limit' Remote Overflow SHOUTcast DNAS/Linux 1.9.4 - Format String Remote SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Overflow Apple iTunes - Playlist Parsing Local Buffer Overflow 3CServer 1.1 (FTP Server) - Remote 3CServer 1.1 (FTP Server) - Remote Overflow SHOUTcast 1.9.4 (Windows) - File Request Format String Remote SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Overflow LimeWire 4.1.2 < 4.5.6 - 'GET' Remote LimeWire 4.1.2 < 4.5.6 - 'GET' Remote File Read Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote Overflow MailEnable Enterprise 1.x - IMAPd Remote MailEnable Enterprise 1.x - IMAPd Remote Overflow Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow HP OpenView OmniBack II - Generic Remote HP OpenView OmniBack II - Generic Remote Command Execution CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote Overflow CA BrightStor ARCserve Backup - Overflow CA BrightStor ARCserve Backup - Remote Overflow HP OpenView Network Node Manager 7.50 - Remote DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote HP OpenView Network Node Manager 7.50 - Remote Command Execution DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote Overflow Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote Command Execution Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Command Execution Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote Command Execution Mercury Mail Transport System 4.01b - PH SERVER Remote Mercury Mail Transport System 4.01b - PH SERVER Remote Overflow Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote File System Access XMPlay 3.3.0.4 - '.PLS' Local/Remote Buffer Overflow 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Remote Overflow Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Overflow Microsoft DNS Server - Dynamic DNS Updates Remote Microsoft DNS Server - Dynamic DNS Update/Change Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote Overflow IBM Lotus Domino Server 6.5 - Unauthenticated Remote IBM Lotus Domino Server 6.5 - Unauthenticated Remote Overflow Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Overflow IBM Tivoli Provisioning Manager - Unauthenticated Remote IBM Tivoli Provisioning Manager - Unauthenticated Remote Overflow (Egghunter) HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' File Write Apache Tomcat Connector mod_jk - 'exec-shield' Remote Apache Tomcat Connector mod_jk - 'exec-shield' Remote Overflow NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Command Execution Lighttpd 1.4.16 - FastCGI Header Overflow Remote Lighttpd 1.4.16 - FastCGI Header Overflow Remote Command Execution Lighttpd 1.4.17 - FastCGI Header Overflow Remote Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution Move Networks Quantum Streaming Player - Overflow (SEH) Move Networks Quantum Streaming Player - Remote Overflow (SEH) Fonality trixbox - 'langChoice' Local File Inclusion (connect-back) (2) Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote File Download Sun Solaris 10 - snoop(1M) Utility Remote Sun Solaris 10 - snoop(1M) Utility Remote Command Execution NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Command Execution Autodesk DWF Viewer Control / LiveUpdate Module - Remote Autodesk DWF Viewer Control / LiveUpdate Module - Remote Code Execution Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Overflow Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Remote Overflow EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote Overflow Core FTP LE 2.1 build 1612 - Local Buffer Overflow (PoC) CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC) Samba 2.2.x - 'nttrans' Overflow (Metasploit) Samba 2.2.x - 'nttrans' Remote Overflow (Metasploit) Unreal Tournament 2004 - 'Secure' Overflow (Metasploit) Unreal Tournament 2004 - 'Secure' Remote Overflow (Metasploit) BigAnt Server 2.52 - Overflow (SEH) BigAnt Server 2.52 - Remote Overflow (SEH) NetTransport Download Manager 2.90.510 - Overflow (SEH) NetTransport Download Manager 2.90.510 - Remote Overflow (SEH) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Overflow Xftp client 3.0 - 'PWD' Remote Xftp client 3.0 - 'PWD' Remote Overflow File Sharing Wizard 1.5.0 - Overflow (SEH) File Sharing Wizard 1.5.0 - Remote Overflow (SEH) Sun Java Web Server 7.0 u7 - Remote Sun Java Web Server 7.0 u7 - Remote Overflow Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Overflow Sun Java Web Server 7.0 u7 - Overflow (DEP Bypass) Sun Java Web Server 7.0 u7 - Remote Overflow (DEP Bypass) SopCast 3.2.9 - Remote SopCast 3.2.9 - Remote Command Execution Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Exeuction Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Remote Overflow Microsoft Data Access Components - Overflow (PoC) (MS11-002) Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002) Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Command Execution Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit) Veritas Backup Exec Name Service - Overflow (Metasploit) Samba 2.2.8 (Solaris SPARC) - 'trans2open' Remote Overflow (Metasploit) Veritas Backup Exec Name Service - Remote Overflow (Metasploit) Microsoft Private Communications Transport - Overflow (MS04-011) (Metasploit) Microsoft Private Communications Transport - Remote Overflow (MS04-011) (Metasploit) Microsoft RRAS Service - Overflow (MS06-025) (Metasploit) Microsoft DNS RPC Service - 'extractQuotedChar()' Overflow 'SMB' (MS07-029) (Metasploit) Microsoft RRAS Service - Remote Overflow (MS06-025) (Metasploit) Microsoft DNS RPC Service - 'extractQuotedChar()' Remote Overflow 'SMB' (MS07-029) (Metasploit) Microsoft NetDDE Service - Overflow (MS04-031) (Metasploit) Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit) CA BrightStor Agent for Microsoft SQL - Overflow (Metasploit) CA BrightStor Agent for Microsoft SQL - Remote Overflow (Metasploit) CA BrightStor Universal Agent - Overflow (Metasploit) CA BrightStor Universal Agent - Remote Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Remote Overflow (Metasploit) Unreal Tournament 2004 (Windows) - 'secure' Overflow (Metasploit) Unreal Tournament 2004 (Windows) - 'secure' Remote Overflow (Metasploit) freeFTPd 1.0 - 'Username' Overflow (Metasploit) freeFTPd 1.0 - 'Username' Remote Overflow (Metasploit) War-FTPD 1.65 - 'Username' Overflow (Metasploit) War-FTPD 1.65 - 'Username' Remote Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP Server - 'Username' Remote Overflow (Metasploit) Microsoft RPC DCOM Interface - Overflow (MS03-026) (Metasploit) Microsoft RPC DCOM Interface - Remote Overflow (MS03-026) (Metasploit) MaxDB WebDBM - 'Database' Overflow (Metasploit) MaxDB WebDBM - 'Database' Remote Overflow (Metasploit) Savant Web Server 3.1 - Overflow (Metasploit) Savant Web Server 3.1 - Remote Overflow (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Overflow (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit) Unreal Tournament 2004 (Linux) - 'secure' Overflow (Metasploit) Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Remote Overflow (Metasploit) Samba 2.2.8 (OSX/PPC) - 'trans2open' Overflow (Metasploit) Samba 2.2.8 (OSX/PPC) - 'trans2open' Remote Overflow (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Overflow (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Remote Overflow (Metasploit) Progea Movicon 11 - 'TCPUploadServer' Remote Progea Movicon 11 - 'TCPUploadServer' Remote File System Easy File Sharing HTTP Server 7.2 - Overflow (SEH) (Metasploit) Easy File Sharing HTTP Server 7.2 - Remote Overflow (SEH) (Metasploit) Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Remote Overflow JBoss AS 2.0 - Remote JBoss AS 2.0 - Remote Command Execution WorldMail IMAPd 3.0 - Overflow (SEH) (Egghunter) WorldMail IMAPd 3.0 - Remote Overflow (SEH) (Egghunter) HP Diagnostics Server - 'magentservice.exe' Overflow (Metasploit) HP Diagnostics Server - 'magentservice.exe' Remote Overflow (Metasploit) Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Remote Overflow Adobe Flash Player - '.mp4 cprt' Overflow (Metasploit) Apache Tomcat - Account Scanner / 'PUT' Request Remote Adobe Flash Player - '.mp4 cprt' Remote Overflow (Metasploit) Apache Tomcat - Account Scanner / 'PUT' Request Command Execution McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Code Execution IRIX 6.4 - 'pfdisplay.cgi' IRIX 6.4 - 'pfdisplay.cgi' Code Execution SGI IRIX 6.3 - cgi-bin 'webdist.cgi' SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Command Execution Microsoft Internet Explorer 5 - ActiveX 'Object for constructing type libraries for scriptlets' Microsoft Internet Explorer 5 - ActiveX Object For Constructing Type Libraries For Scriptlets File Write Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog' Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog' Remote Overflow ALLMediaServer 0.8 - Overflow (SEH) ALLMediaServer 0.8 - Remote Overflow (SEH) S.u.S.E. Linux 6.3/6.4 - Installed Package Disclosure SuSE Linux 6.3/6.4 - Installed Package Disclosure Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Remote File Upload Samhain Labs 1.x - HSFTP Remote Format String GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Overflow GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Remote Overflow IBM Cognos - 'tm1admsd.exe' Overflow (Metasploit) IBM Cognos - 'tm1admsd.exe' Remote Overflow (Metasploit) Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Heap Spray Plesk < 9.5.4 - Remote Plesk < 9.5.4 - Remote Command Execution Microsoft PowerPoint 2003 - 'powerpnt.exe' Microsoft PowerPoint 2003 - 'powerpnt.exe' Remote Overflow HP LoadRunner - 'magentproc.exe' Overflow (Metasploit) HP LoadRunner - 'magentproc.exe' Remote Overflow (Metasploit) ImgSvr 0.6 - 'Template' Local File Inclusion Nginx 1.4.0 (Generic Linux x64) - Remote Nginx 1.4.0 (Generic Linux x64) - Remote Overflow Easy Internet Sharing Proxy Server 2.2 - Overflow (SEH) (Metasploit) Easy Internet Sharing Proxy Server 2.2 - Remote Overflow (SEH) (Metasploit) Oracle 9i/10g Database - Network Foundation Remote Oracle 9i/10g Database - Network Foundation Remote Overflow Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection Yaws 1.55 - 'Logs' Terminal Escape Sequence Command Injection Plesk Server Administrator (PSA) - 'locale' Local File Inclusion VSAT Sailor 900 - Remote VSAT Sailor 900 - Remote Overflow Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH) Easy File Sharing Web Server 7.2 - Remote Overflow (Egghunter) (SEH) TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote Command Execution Microsoft IIS - WebDav 'ScStoragePathFromUrl' Overflow (Metasploit) Microsoft IIS - WebDav 'ScStoragePathFromUrl' Remote Overflow (Metasploit) CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Code Execution phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote PHP-Nuke 6.9 - 'cid' SQL Injection Remote phpBB 2.0.6 - 'search_id' SQL Injection / MD5 Hash PHP-Nuke 6.9 - 'cid' SQL Injection AWStats 5.0 < 6.3 - Input Validation Hole in 'logfile' AWStats 5.0 < 6.3 - 'logfile' File Inclusion / Command Execution PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote phpBB - highlight Arbitrary File Upload 'Santy.A' PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Information Leak phpBB < 2.0.10 - 'Santy.A Worm' 'highlight' Arbitrary File Upload e107 - 'include()' Remote e107 - 'include()' Remote File Upload phpBB 2.0.10 - Bot Install Altavista 'ssh.D.Worm' phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista PostNuke PostWrap Module - Remote PostNuke PostWrap Module - Remote File Inclusion / Code Execution phpBB 2.0.13 - 'downloads.php' mod Remote phpBB 2.0.13 - 'Calendar Pro' mod Remote phpBB 2.0.13 - 'downloads.php' mod Get Hash phpBB 2.0.13 - 'Calendar Pro' mod Get Hash PhotoPost - Arbitrary Data Remote PhotoPost - Arbitrary Data Hash eXtropia Shopping Cart - 'web_store.cgi' Remote Mambo 4.5.2.1 - Fetch Password Hash Remote eXtropia Shopping Cart - 'web_store.cgi' Remote Command Execution Mambo 4.5.2.1 - Fetch Password Hash Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Remote Command Execution vuBB 0.2 - 'cookie' Final SQL Injection 'mq=off' vuBB 0.2 Final - 'cookie' SQL Injection JiRos Banner Experience 1.0 - Create Authentication Bypass Remote JiRos Banner Experience 1.0 - Unauthorised Create Admin phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Sugar Suite Open Source 4.2 - 'OptimisticLock' Remote phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Command Execution Sugar Suite Open Source 4.2 - 'OptimisticLock' Command Execution DeluxeBB 1.06 - 'Attachment mod_mime' Remote DeluxeBB 1.06 - 'Attachment mod_mime' Remote Command Execution Drupal 4.7 - 'Attachment mod_mime' Remote Drupal 4.7 - 'Attachment mod_mime' Remote Command Execution Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Remote Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Local File Inclusion Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics Remote Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote Command Execution phpBB 2.0.21 - Poison Null Byte Remote phpBB 2.0.21 - Poison Null Byte Remote File Upload PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()' PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Command Execution Philex 0.2.3 - Remote File Inclusion / File Disclosure Remote Philex 0.2.3 - Remote File Inclusion / File Disclosure MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass Fonality trixbox - 'langChoice' Local File Inclusion (connect-back) (2) LoveCMS 1.6.2 Final - Update Settings Remote LoveCMS 1.6.2 Final - Update Settings addalink 4 Beta - Write Approved Links Remote addalink 4 Beta - Write Approved Links The Rat CMS Alpha 2 - 'download.php' Remote The Rat CMS Alpha 2 - 'download.php' Priviledge Escalation Graugon Forum 1 - 'id' Command Injection 'via SQL Injection' Graugon Forum 1 - 'id' Command Injection / SQL Injection Coppermine Photo Gallery 1.4.22 - Remote Coppermine Photo Gallery 1.4.22 - SQL Injection Barracuda IMFirewall 620 - Barracuda IMFirewall 620 - Multiple Vulnerabilities Barracuda Web Firewall 660 Firmware 7.3.1.007 - Barracuda Web Firewall 660 Firmware 7.3.1.007 - Multiple Vulnerabilities CakePHP 1.3.5/1.2.8 - 'Unserialize()' CakePHP 1.3.5/1.2.8 - 'Unserialize()' File Inclusion JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Command Execution WordPress Plugin Akismet 2.1.3 - WordPress Plugin Akismet 2.1.3 - Cross-Site Scripting ImgSvr 0.6 - 'Template' Local File Inclusion Plesk Server Administrator (PSA) - 'locale' Local File Inclusion Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting	2017-11-23 05:02:28 +00:00

Author

SHA1

Message

Date

Offensive Security

d304cc3d3e

DB: 2017-11-24

116602 new exploits

Too many to list!

2017-11-24 20:56:23 +00:00

Offensive Security

6f71665f8a

DB: 2017-11-23

28 new exploits

Apache 2.0.45 - 'APR' Crash

IPD (Integrity Protection Driver) - Denial of Service

Ubuntu 6.06 DHCPd - Remote Denial of Service
Ubuntu 6.06 - DHCPd Remote Denial of Service
Core FTP LE 2.1 build 1612 - Local Buffer Overflow (PoC)
CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC)

Adobe Reader - Escape From '.PDF'

Oracle Solaris - 'su' Crash

SunOS 4.1.3 - kmem setgid /etc/crash

Solaris 2.5.1 - 'Ping' System Panic (Denial of Service)
Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1) - IP Options
Linux Kernel 2.0/2.1/2.2 - 'autofs'
Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / SuSE Linux 6.1) - IP Options
Linux Kernel 2.0/2.1/2.2 - 'autofs' Denial of Service

S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service
SuSE Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service

Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize'
Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' (Denial of Service)

Adobe Flash - Use-After-Free in Drawing Methods 'this'
Adobe Flash - Drawing Methods 'this' Use-After-Free

Symantec AntiVirus - Integer Overflow in TNEF Decoder
Symantec AntiVirus - TNEF Decoder Integer Overflow
Apple iOS/macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in 'TIKeyboardLayout initWithCoder:'
Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin'
Apple iOS/macOS - 'TIKeyboardLayout initWithCoder:' NSKeyedArchiver Heap Corruption Due to Rounding Error
Apple iOS/macOS - 'CAMediaTimingFunctionBuiltin' NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking
Microsoft Edge Chakra - Incorrect Usage of 'PushPopFrameHelper' in 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule'
Microsoft Edge Chakra - Incorrect Usage of 'TryUndeleteProperty'
Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrect Usage of 'PushPopFrameHelper' (Denial of Service)
Microsoft Edge Chakra - 'TryUndeleteProperty' Incorrect Usage  (Denial of Service)
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath'
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow'
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' (Denial of Service)
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' (Denial of Service)

Microsoft Edge Chakra - 'Parser::ParseCatch' does not Handle 'eval'
Microsoft Edge Chakra - 'Parser::ParseCatch' Does Not Handle 'eval()' (Denial of Service)

Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box'
Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service)

Xen - Unbounded Recursion in Pagetable De-typing
Xen - Pagetable De-typing  Unbounded Recursion

Vonage VDV-23 - Denial of Service
WebKit - 'WebCore::TreeScope::documentScope' Use-After-Free
WebKit - 'WebCore::InputType::element' Use-After-Free
WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free
WebKit - 'WebCore::AXObjectCache::performDeferredCacheUpdate' Use-After-Free
WebKit - 'WebCore::RenderText::localCaretRect' Out-of-Bounds Read
WebKit - 'WebCore::SimpleLineLayout::RunResolver::runForPoint' Out-of-Bounds Read
WebKit - 'WebCore::SVGPatternElement::collectPatternAttributes' Out-of-Bounds Read
WebKit - 'WebCore::Style::TreeResolver::styleForElement' Use-After-Free
WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free
WebKit - 'WebCore::RenderObject::previousSibling' Use-After-Free
WebKit - 'WebCore::FormSubmission::create' Use-After-Free

IBM DB2 - Universal Database 7.2 'db2licm' Local
IBM DB2 - Universal Database 7.2 'db2licm' Local Overflow

OpenBSD - 'ibcs2_exec' Kernel Local
OpenBSD - 'ibcs2_exec' Kernel Code Execution

SuSE Linux 9.0 - YaST Configuration Skribt Local
SuSE Linux 9.0 - YaST Configuration Skribt Overwrite Files

BSDi 3.0/4.0 - rcvtty[mh] Local
BSDi 3.0/4.0 - 'rcvtty[mh]' Privilege Escalation

Solaris locale - Format Strings 'noexec stack'
Solaris 2.6/7.0 - 'locale' Format Strings noexec stack Overflow

RedHat 6.1 man - 'egid 15' Local
RedHat 6.1 - 'man' Local Overflow / Privilege Escalation

splitvt < 1.6.5 - Local
splitvt < 1.6.5 - Overflow
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Privilege Escalation

Slackware 7.1 - '/usr/bin/mail' Local
Slackware 7.1 - '/usr/bin/mail' Privilege Escalation

GLIBC 2.1.3 - LD_PRELOAD Local
GLIBC 2.1.3 - 'LD_PRELOAD' Privilege Escalation

Resolv+ (RESOLV_HOST_CONF) - Linux Library Local
Resolv+ (RESOLV_HOST_CONF) - Linux Library Command Execution

LibXt - 'XtAppInitialize()' Overflow *xterm
LibXt - 'XtAppInitialize()' Local Overflow *xterm
ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Overflow
AOL Instant Messenger AIM - 'Away' Message Local
OpenBSD - 'ftp'
ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Local Overflow
AOL Instant Messenger AIM - 'Away' Message Local Overflow
OpenBSD - 'ftp' Local Overflow

IPD (Integrity Protection Driver) - Local
XV 3.x - '.BMP' Parsing Local Buffer Overflow

htpasswd Apache 1.3.31 - Local
htpasswd Apache 1.3.31 - Overflow
GlobalScape - CuteFTP macros '.mcr' Local
BSD bmon 1.2.1_2 - Local
GlobalScape - CuteFTP macros '.mcr' Local File Write
BSD bmon 1.2.1_2 - Local acls Bypass

Microsoft Windows - Improper Token Validation Local
Microsoft Windows - Improper Token Validation Privilege Escalation

Apple iTunes - Playlist Parsing Local Buffer Overflow

Setuid perl - 'PerlIO_Debug()' Overflow
Setuid perl - 'PerlIO_Debug()' Local Overflow
DelphiTurk e-Posta 1.0 - Local
GNU a2ps - 'Anything to PostScript' Not SUID Local
DelphiTurk e-Posta 1.0 - Credential Recover
GNU a2ps - Anything to PostScript Not SUID Local Overflow

GetDataBack Data Recovery 2.31 - Local
GetDataBack Data Recovery 2.31 - Licence Recover

Exim 4.41 - 'dns_build_reverse' Local
Exim 4.41 - 'dns_build_reverse' Local Read Emails

Willing Webcam 2.8 - Licence Information Disclosure Local
Willing Webcam 2.8 - Licence Information Disclosure

Appfluent Database IDS < 2.1.0.103 - Environment Variable Local
Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Overflow

TIBCO Rendezvous 7.4.11 - Password Extractor Local
TIBCO Rendezvous 7.4.11 - Password Extractor

Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local
Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation

XMPlay 3.3.0.4 - '.PLS' Local Buffer Overflow
Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local
Apache 1.3.33/1.3.34 (Ubuntu / Debian) - CGI TTY Privilege Escalation
Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Privilege Escalation
Apache 1.3.34/1.3.33 (Ubuntu / Debian) - CGI TTY Privilege Escalation

PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local
PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Overflow

PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local
PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Overflow

Microsoft Windows - Animated Cursor '.ani' Overflow (Hardware DEP)
Microsoft Windows - Animated Cursor '.ani' Local Overflow (Hardware DEP)
Oracle 10g R1 - 'pitrig_drop' PLSQL Injection 'get users hash'
Oracle 10g R1 - 'PITRIG_TRUNCATE' PLSQL Injection 'get users hash'
Oracle 10g R1 - 'pitrig_drop' Get Users Hash / PL/SQL Injection
Oracle 10g R1 - 'PITRIG_TRUNCATE' Get Users Hash / PL/SQL Injection

Debian XTERM - 'DECRQSS/comments'
Debian XTERM - 'DECRQSS/comments' Code Execution

BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Remote Overflow
BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Local Overflow

HyperVM - File Permissions Local
HyperVM - File Permissions Credential Disclosure

Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Remote
Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Overflow

VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Overflow
VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Local Overflow

Adobe Reader - Escape From '.PDF' Execute Embedded Executable

Free MP3 CD Ripper 2.6 - '.wav'
Free MP3 CD Ripper 2.6 - '.wav' Local Overflow

GSM SIM Utility 5.15 - Direct RET Local
GSM SIM Utility 5.15 - Direct RET Overflow

Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram'
Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Local Overflow

Oracle Solaris - 'su' Local

Viscom VideoEdit Gold ActiveX 8.0 - Remote Code Execution
Viscom VideoEdit Gold ActiveX 8.0 - Code Execution

Digital Music Pad 8.2.3.4.8 - '.pls' Overflow (SEH)
Digital Music Pad 8.2.3.4.8 - '.pls' Local Overflow (SEH)

Adobe Flash Player - 'Button' Remote Code Execution (Metasploit)
Adobe Flash Player - 'Button' Arbitrary Code Execution (Metasploit)

MPlayer Lite r33064 - '.m3u' Overflow (SEH)
MPlayer Lite r33064 - '.m3u' Local Overflow (SEH)

ACDSee FotoSlate - '.PLP' File 'id' Overflow (Metasploit)
ACDSee FotoSlate - '.PLP' File 'id' Local Overflow (Metasploit)

Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Overflow
Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Local Overflow

SunOS 4.1.3 -  '/etc/crash' SetGID kmem Privilege Escalation

Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Overflow / Privilege Escalation
Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation

Microsoft Windows - 'April Fools 2001'
Microsoft Windows - 'April Fools 2001' Set Incorrect Date

Solaris 2.5.1 - 'Ping'

BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Overflow / Privilege Escalation (1)
BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1)

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking 'Save Password'
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking Save Password
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (3)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3)

Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE'
Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Decrypt Pages

Solaris 7.0 - 'chkperm'
Solaris 7.0 - 'chkperm' Privilege Escalation

S.u.S.E. Linux 5.2 - 'gnuplot'
S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation

S.u.S.E. 5.2 - 'lpc' Privilege Escalation
S.u.S.E Linux 5.2 - 'lpc' Privilege Escalation

NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)'
NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Read File

SGI IRIX 6.0.1 - 'colorview'
SGI IRIX 6.0.1 - 'colorview' Read Files

SGI IRIX 6.2 - 'day5notifier'
SGI IRIX 6.2 - 'day5notifier' Privilege Escalation

SGI IRIX 6.4 - 'datman'/'cdman'
SGI IRIX 6.4 - 'datman'/'cdman' Privilege Escalation

SGI IRIX 6.4 - 'login'
SGI IRIX 6.4 - 'login' Privilege Escalation

SGI IRIX 6.4 - 'rmail'
SGI IRIX 6.4 - 'rmail' Privilege Escalation

SGI IRIX 5.1/5.2 - 'sgihelp'
SGI IRIX 5.1/5.2 - 'sgihelp' Privilege Escalation
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (1)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (2)
RedHat Linux 4.2/5.2/6.0 / S.u.S.E. Linux 6.0/6.1 - Cron Buffer Overflow (1)
RedHat Linux 4.2/5.2/6.0 / S.u.S.E. Linux 6.0/6.1 - Cron Buffer Overflow (2)
RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (1)
RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (2)

Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd'
Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd' Privilege Escalation

S.u.S.E. Linux 6.2 sscw - HOME Environment Variable Buffer Overflow
SuSE Linux 6.2 sscw - HOME Environment Variable Buffer Overflow

S.u.S.E. Linux 6.1/6.2 - 'cwdtools'
SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation

Solaris 7.0 - 'kcms_configure'
Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation

FreeBSD 3.3 - Seyon setgid Dialer
FreeBSD 3.3 - Seyon SetGID Dialer

SGI IRIX 6.2 - 'midikeys'/'soundplayer'
SGI IRIX 6.2 - 'midikeys'/'soundplayer' Privilege Escalation
Microsoft Windows 95/98/NT 4.0 - 'autorun.inf'
FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu'
Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' Code Execution
FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Privilege Escalation

Corel Linux OS 1.0 - 'setxconf'
Corel Linux OS 1.0 - 'setxconf' Privilege Escalation

Halloween Linux 4.0 / S.u.S.E. Linux 6.0/6.1/6.2/6.3 - 'kreatecd'
Halloween Linux 4.0 / SuSE Linux 6.0/6.1/6.2/6.3 - 'kreatecd' Privilege Escalation

S.u.S.E. Linux 6.x - Arbitrary File Deletion
SuSE Linux 6.x - Arbitrary File Deletion

S.u.S.E. Linux 6.3/6.4 Gnomelib - Buffer Overflow
SuSE Linux 6.3/6.4 Gnomelib - Buffer Overflow

RedHat Linux 6.0/6.1/6.2 - 'pam_console'
RedHat Linux 6.0/6.1/6.2 - 'pam_console' Monitor Activity After Logout
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1)
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2)
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3)
S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1)
S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2)
S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3)

CVSWeb Developer CVSWeb 1.80 - Insecure perl 'open'
CVSWeb Developer CVSWeb 1.80 - Insecure Perl 'open' Code Execution

Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart'
Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart' Privilege Escalation

Debian 2.2 / S.u.S.E 6.3/6.4/7.0 - man '-l' Format String
Debian 2.2 / Su.S.E 6.3/6.4/7.0 - man '-l' Format String

Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow
Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / SuSE Linux 6.x/7.0/7.1 - 'Man -S' Heap Overflow
S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Shell Definition Format String
S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Buffer Overflow
SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Shell Definition Format String
SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Buffer Overflow

SCO OpenServer 5.0.x - 'mana' REMOTE_ADDR Authentication Bypass
SCO OpenServer 5.0.x - 'mana' 'REMOTE_ADDR' Authentication Bypass

Samhain Labs 1.x - HSFTP Remote Format String

Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'
Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'File Memory Corruption / Arbitrary Code Execution

LiquidXML Studio 2010 - ActiveX Remote
LiquidXML Studio 2010 - ActiveX Code Execution

HexChat 2.9.4 - Local
HexChat 2.9.4 - Overflow

Winamp 5.63 - 'winamp.ini' Local
Winamp 5.63 - 'winamp.ini' Local Overflow

Apple 2.0.4 - Safari Local
Apple 2.0.4 - Safari Local Cross-Site Scripting

Gold MP4 Player - '.swf' Local
Gold MP4 Player - '.swf' Local Overflow

Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation
Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr SetGID Privilege Escalation

Linux Kernel - 'offset2lib Stack Clash'
Linux Kernel - 'offset2lib' Stack Clash

Microsoft IIS - WebDAV 'ntdll.dll' Remote
Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow

Microsoft Windows 2000/NT 4 - RPC Locator Service Remote
Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow

Microsoft Windows 2000/XP - SMB Authentication Remote
Microsoft Windows 2000/XP - SMB Authentication Remote Overflow

Apache 2.0.45 - 'APR' Remote

Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote
Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Overflow

Microsoft Windows Media Services - 'nsiislog.dll' Remote
Microsoft Windows Media Services - 'nsiislog.dll' Remote Overflow

Citadel/UX BBS 6.07 - Remote
Citadel/UX BBS 6.07 - Remote Overflow

NIPrint LPD-LPR Print Server 4.10 - Remote
NIPrint LPD-LPR Print Server 4.10 - Remote Overflow
IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote
Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote
IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Overflow
Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Overflow

RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote
RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Overflow

INND/NNRP < 1.6.x - Overflow
INND/NNRP < 1.6.x - Remote Overflow

OpenBSD ftpd 2.6/2.7 - Remote
OpenBSD ftpd 2.6/2.7 - Remote Overflow

IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote
IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote Overflow

Subversion 1.0.2 - 'svn_time_from_cstring()' Remote
Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Overflow

OpenFTPd 0.30.2 - Remote
OpenFTPd 0.30.2 - Remote Overflow

WU-IMAP 2000.287(1-2) - Remote
WU-IMAP 2000.287(1-2) - Remote Overflow

XV 3.x - '.BMP' Parsing Local Buffer Overflow

PHP 4.3.7/5.0.0RC3 - memory_limit Remote
PHP 4.3.7/5.0.0RC3 - 'memory_limit' Remote Overflow

SHOUTcast DNAS/Linux 1.9.4 - Format String Remote
SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Overflow

Apple iTunes - Playlist Parsing Local Buffer Overflow

3CServer 1.1 (FTP Server) - Remote
3CServer 1.1 (FTP Server) - Remote Overflow

SHOUTcast 1.9.4 (Windows) - File Request Format String Remote
SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Overflow

LimeWire 4.1.2 < 4.5.6 - 'GET' Remote
LimeWire 4.1.2 < 4.5.6 - 'GET' Remote File Read

Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote
Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote Overflow

MailEnable Enterprise 1.x - IMAPd Remote
MailEnable Enterprise 1.x - IMAPd Remote Overflow

Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote
Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow

HP OpenView OmniBack II - Generic Remote
HP OpenView OmniBack II - Generic Remote Command Execution

CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote
CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote Overflow

CA BrightStor ARCserve Backup - Overflow
CA BrightStor ARCserve Backup - Remote Overflow
HP OpenView Network Node Manager 7.50 - Remote
DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote
HP OpenView Network Node Manager 7.50 - Remote Command Execution
DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote Overflow
Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote
Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote
Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote
Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote Command Execution
Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Command Execution
Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote Command Execution

Mercury Mail Transport System 4.01b - PH SERVER Remote
Mercury Mail Transport System 4.01b - PH SERVER Remote Overflow

Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote
Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote File System Access

XMPlay 3.3.0.4 - '.PLS' Local/Remote Buffer Overflow

3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow
3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Remote Overflow

Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote
Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Overflow

Microsoft DNS Server - Dynamic DNS Updates Remote
Microsoft DNS Server - Dynamic DNS Update/Change

Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote
Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote Overflow

IBM Lotus Domino Server 6.5 - Unauthenticated Remote
IBM Lotus Domino Server 6.5 - Unauthenticated Remote Overflow

Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote
Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Overflow

IBM Tivoli Provisioning Manager - Unauthenticated Remote
IBM Tivoli Provisioning Manager - Unauthenticated Remote Overflow (Egghunter)

HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()'
HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' File Write

Apache Tomcat Connector mod_jk - 'exec-shield' Remote
Apache Tomcat Connector mod_jk - 'exec-shield' Remote Overflow

NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote
NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Command Execution

Lighttpd 1.4.16 - FastCGI Header Overflow Remote
Lighttpd 1.4.16 - FastCGI Header Overflow Remote Command Execution

Lighttpd 1.4.17 - FastCGI Header Overflow Remote
Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution

SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote
SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution

Move Networks Quantum Streaming Player - Overflow (SEH)
Move Networks Quantum Streaming Player - Remote Overflow (SEH)

Fonality trixbox - 'langChoice' Local File Inclusion (connect-back) (2)

Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote
Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote File Download

Sun Solaris 10 - snoop(1M) Utility Remote
Sun Solaris 10 - snoop(1M) Utility Remote Command Execution

NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll'
NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Command Execution

Autodesk DWF Viewer Control / LiveUpdate Module - Remote
Autodesk DWF Viewer Control / LiveUpdate Module - Remote Code Execution

Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote
Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Overflow

Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11'
Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Remote Overflow

EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote
EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote Overflow

Core FTP LE 2.1 build 1612 - Local Buffer Overflow (PoC)

CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC)

Samba 2.2.x - 'nttrans' Overflow (Metasploit)
Samba 2.2.x - 'nttrans' Remote Overflow (Metasploit)

Unreal Tournament 2004 - 'Secure' Overflow (Metasploit)
Unreal Tournament 2004 - 'Secure' Remote Overflow (Metasploit)

BigAnt Server 2.52 - Overflow (SEH)
BigAnt Server 2.52 - Remote Overflow (SEH)

NetTransport Download Manager 2.90.510 - Overflow (SEH)
NetTransport Download Manager 2.90.510 - Remote Overflow (SEH)

(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Overflow

Xftp client 3.0 - 'PWD' Remote
Xftp client 3.0 - 'PWD' Remote Overflow

File Sharing Wizard 1.5.0 - Overflow (SEH)
File Sharing Wizard 1.5.0 - Remote Overflow (SEH)

Sun Java Web Server 7.0 u7 - Remote
Sun Java Web Server 7.0 u7 - Remote Overflow

Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote
Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Overflow

Sun Java Web Server 7.0 u7 - Overflow (DEP Bypass)
Sun Java Web Server 7.0 u7 - Remote Overflow (DEP Bypass)

SopCast 3.2.9 - Remote
SopCast 3.2.9 - Remote Command Execution

Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote
Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Exeuction

Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild'
Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Remote Overflow
Microsoft Data Access Components - Overflow (PoC) (MS11-002)
Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote
Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002)
Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Command Execution
Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit)
Veritas Backup Exec Name Service - Overflow (Metasploit)
Samba 2.2.8 (Solaris SPARC) - 'trans2open' Remote Overflow (Metasploit)
Veritas Backup Exec Name Service - Remote Overflow (Metasploit)

Microsoft Private Communications Transport - Overflow (MS04-011) (Metasploit)
Microsoft Private Communications Transport - Remote Overflow (MS04-011) (Metasploit)
Microsoft RRAS Service - Overflow (MS06-025) (Metasploit)
Microsoft DNS RPC Service - 'extractQuotedChar()' Overflow 'SMB' (MS07-029) (Metasploit)
Microsoft RRAS Service - Remote Overflow (MS06-025) (Metasploit)
Microsoft DNS RPC Service - 'extractQuotedChar()' Remote Overflow 'SMB' (MS07-029) (Metasploit)

Microsoft NetDDE Service - Overflow (MS04-031) (Metasploit)
Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)

CA BrightStor Agent for Microsoft SQL - Overflow (Metasploit)
CA BrightStor Agent for Microsoft SQL - Remote Overflow (Metasploit)

CA BrightStor Universal Agent - Overflow (Metasploit)
CA BrightStor Universal Agent - Remote Overflow (Metasploit)

Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow (Metasploit)
Knox Arkeia Backup Client Type 77 (Windows x86) - Remote Overflow (Metasploit)

Unreal Tournament 2004 (Windows) - 'secure' Overflow (Metasploit)
Unreal Tournament 2004 (Windows) - 'secure' Remote Overflow (Metasploit)

freeFTPd 1.0 - 'Username' Overflow (Metasploit)
freeFTPd 1.0 - 'Username' Remote Overflow (Metasploit)

War-FTPD 1.65 - 'Username' Overflow (Metasploit)
War-FTPD 1.65 - 'Username' Remote Overflow (Metasploit)

3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit)
3Com 3CDaemon 2.0 FTP Server - 'Username' Remote Overflow (Metasploit)

Microsoft RPC DCOM Interface - Overflow (MS03-026) (Metasploit)
Microsoft RPC DCOM Interface - Remote Overflow (MS03-026) (Metasploit)

MaxDB WebDBM - 'Database' Overflow (Metasploit)
MaxDB WebDBM - 'Database' Remote Overflow (Metasploit)

Savant Web Server 3.1 - Overflow (Metasploit)
Savant Web Server 3.1 - Remote Overflow (Metasploit)

McAfee ePolicy Orchestrator / ProtectionPilot - Overflow (Metasploit)
McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit)

Unreal Tournament 2004 (Linux) - 'secure' Overflow (Metasploit)
Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow (Metasploit)

Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit)

Knox Arkeia Backup Client Type 77 (OSX) - Overflow (Metasploit)
Knox Arkeia Backup Client Type 77 (OSX) - Remote Overflow (Metasploit)

Samba 2.2.8 (OSX/PPC) - 'trans2open' Overflow (Metasploit)
Samba 2.2.8 (OSX/PPC) - 'trans2open' Remote Overflow (Metasploit)

Samba 2.2.8 (BSD x86) - 'trans2open' Overflow (Metasploit)
Samba 2.2.8 (BSD x86) - 'trans2open' Remote Overflow (Metasploit)

Progea Movicon 11 - 'TCPUploadServer' Remote
Progea Movicon 11 - 'TCPUploadServer' Remote File System

Easy File Sharing HTTP Server 7.2 - Overflow (SEH) (Metasploit)
Easy File Sharing HTTP Server 7.2 - Remote Overflow (SEH) (Metasploit)

Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe'
Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Remote Overflow

JBoss AS 2.0 - Remote
JBoss AS 2.0 - Remote Command Execution

WorldMail IMAPd 3.0 - Overflow (SEH) (Egghunter)
WorldMail IMAPd 3.0 - Remote Overflow (SEH) (Egghunter)

HP Diagnostics Server - 'magentservice.exe' Overflow (Metasploit)
HP Diagnostics Server - 'magentservice.exe' Remote Overflow (Metasploit)

Mozilla Firefox 4.0.1 - 'Array.reduceRight()'
Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Remote Overflow
Adobe Flash Player - '.mp4 cprt' Overflow (Metasploit)
Apache Tomcat - Account Scanner / 'PUT' Request Remote
Adobe Flash Player - '.mp4 cprt' Remote Overflow (Metasploit)
Apache Tomcat - Account Scanner / 'PUT' Request Command Execution

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()'
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Code Execution

IRIX 6.4 - 'pfdisplay.cgi'
IRIX 6.4 - 'pfdisplay.cgi' Code Execution

SGI IRIX 6.3 - cgi-bin 'webdist.cgi'
SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Command Execution

Microsoft Internet Explorer 5 - ActiveX 'Object for constructing type libraries for scriptlets'
Microsoft Internet Explorer 5 - ActiveX Object For Constructing Type Libraries For Scriptlets File Write

Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog'
Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog' Remote Overflow

ALLMediaServer 0.8 - Overflow (SEH)
ALLMediaServer 0.8 - Remote Overflow (SEH)

S.u.S.E. Linux 6.3/6.4 - Installed Package Disclosure
SuSE Linux 6.3/6.4 - Installed Package Disclosure

Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE'
Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Remote File Upload

Samhain Labs 1.x - HSFTP Remote Format String

GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Overflow
GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Remote Overflow

IBM Cognos - 'tm1admsd.exe' Overflow (Metasploit)
IBM Cognos - 'tm1admsd.exe' Remote Overflow (Metasploit)

Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote
Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Heap Spray

Plesk < 9.5.4 - Remote
Plesk < 9.5.4 - Remote Command Execution

Microsoft PowerPoint 2003 - 'powerpnt.exe'
Microsoft PowerPoint 2003 - 'powerpnt.exe' Remote Overflow

HP LoadRunner - 'magentproc.exe' Overflow (Metasploit)
HP LoadRunner - 'magentproc.exe' Remote Overflow (Metasploit)

ImgSvr 0.6 - 'Template' Local File Inclusion

Nginx 1.4.0 (Generic Linux x64) - Remote
Nginx 1.4.0 (Generic Linux x64) - Remote Overflow

Easy Internet Sharing Proxy Server 2.2 - Overflow (SEH) (Metasploit)
Easy Internet Sharing Proxy Server 2.2 - Remote Overflow (SEH) (Metasploit)

Oracle 9i/10g Database - Network Foundation Remote
Oracle 9i/10g Database - Network Foundation Remote Overflow

Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection
Yaws 1.55 - 'Logs' Terminal Escape Sequence Command Injection

Plesk Server Administrator (PSA) - 'locale' Local File Inclusion

VSAT Sailor 900 - Remote
VSAT Sailor 900 - Remote Overflow

Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH)
Easy File Sharing Web Server 7.2 - Remote Overflow (Egghunter) (SEH)

TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote
TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote Command Execution

Microsoft IIS - WebDav 'ScStoragePathFromUrl' Overflow (Metasploit)
Microsoft IIS - WebDav 'ScStoragePathFromUrl' Remote Overflow (Metasploit)

CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote
CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Code Execution
phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote
PHP-Nuke 6.9 - 'cid' SQL Injection Remote
phpBB 2.0.6 - 'search_id' SQL Injection / MD5 Hash
PHP-Nuke 6.9 - 'cid' SQL Injection

AWStats 5.0 < 6.3 - Input Validation Hole in 'logfile'
AWStats 5.0 < 6.3 - 'logfile' File Inclusion / Command Execution
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote
phpBB - highlight Arbitrary File Upload 'Santy.A'
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Information Leak
phpBB < 2.0.10 - 'Santy.A Worm' 'highlight' Arbitrary File Upload

e107 - 'include()' Remote
e107 - 'include()' Remote File Upload

phpBB 2.0.10 - Bot Install Altavista 'ssh.D.Worm'
phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista

PostNuke PostWrap Module - Remote
PostNuke PostWrap Module - Remote File Inclusion / Code Execution
phpBB 2.0.13 - 'downloads.php' mod Remote
phpBB 2.0.13 - 'Calendar Pro' mod Remote
phpBB 2.0.13 - 'downloads.php' mod Get Hash
phpBB 2.0.13 - 'Calendar Pro' mod Get Hash

PhotoPost - Arbitrary Data Remote
PhotoPost - Arbitrary Data Hash
eXtropia Shopping Cart - 'web_store.cgi' Remote
Mambo 4.5.2.1 - Fetch Password Hash Remote
eXtropia Shopping Cart - 'web_store.cgi' Remote Command Execution
Mambo 4.5.2.1 - Fetch Password Hash

Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote
Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Remote Command Execution

vuBB 0.2 - 'cookie' Final SQL Injection 'mq=off'
vuBB 0.2 Final - 'cookie' SQL Injection

JiRos Banner Experience 1.0 - Create Authentication Bypass Remote
JiRos Banner Experience 1.0 - Unauthorised Create Admin
phpBB 2.0.20 - Admin/Restore DB/default_lang Remote
Sugar Suite Open Source 4.2 - 'OptimisticLock' Remote
phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Command Execution
Sugar Suite Open Source 4.2 - 'OptimisticLock' Command Execution

DeluxeBB 1.06 - 'Attachment mod_mime' Remote
DeluxeBB 1.06 - 'Attachment mod_mime' Remote Command Execution

Drupal 4.7 - 'Attachment mod_mime' Remote
Drupal 4.7 - 'Attachment mod_mime' Remote Command Execution

Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Remote
Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Local File Inclusion

Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics Remote
Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics

PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote
PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote Command Execution

phpBB 2.0.21 - Poison Null Byte Remote
phpBB 2.0.21 - Poison Null Byte Remote File Upload

PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()'
PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Command Execution

Philex 0.2.3 - Remote File Inclusion / File Disclosure Remote
Philex 0.2.3 - Remote File Inclusion / File Disclosure

MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote
MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass

Fonality trixbox - 'langChoice' Local File Inclusion (connect-back) (2)

LoveCMS 1.6.2 Final - Update Settings Remote
LoveCMS 1.6.2 Final - Update Settings

addalink 4 Beta - Write Approved Links Remote
addalink 4 Beta - Write Approved Links

The Rat CMS Alpha 2 - 'download.php' Remote
The Rat CMS Alpha 2 - 'download.php' Priviledge Escalation

Graugon Forum 1 - 'id' Command Injection 'via SQL Injection'
Graugon Forum 1 - 'id' Command Injection / SQL Injection

Coppermine Photo Gallery 1.4.22 - Remote
Coppermine Photo Gallery 1.4.22 - SQL Injection

Barracuda IMFirewall 620 -
Barracuda IMFirewall 620 - Multiple Vulnerabilities

Barracuda Web Firewall 660 Firmware 7.3.1.007 -
Barracuda Web Firewall 660 Firmware 7.3.1.007 - Multiple Vulnerabilities

CakePHP 1.3.5/1.2.8 - 'Unserialize()'
CakePHP 1.3.5/1.2.8 - 'Unserialize()' File Inclusion

JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote
JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Command Execution

WordPress Plugin Akismet 2.1.3 -
WordPress Plugin Akismet 2.1.3 - Cross-Site Scripting

ImgSvr 0.6 - 'Template' Local File Inclusion

Plesk Server Administrator (PSA) - 'locale' Local File Inclusion

Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting

2017-11-23 05:02:28 +00:00

2 commits