2 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Offensive Security
|
d304cc3d3e |
DB: 2017-11-24
116602 new exploits Too many to list! |
||
|
Offensive Security
|
dfa43e82f0 |
DB: 2017-11-17
137 new exploits Apache 2.x - Memory Leak Exploit Apache 2.x - Memory Leak Cisco IOS - using hping Remote Denial of Service Microsoft Windows - ASN.1 'LSASS.exe' Remote Exploit (MS04-007) Microsoft Windows - ASN.1 'LSASS.exe' Remote Denial of Service (MS04-007) Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call Exploit HP-UX 11.00/10.20 crontab - Overwrite Files Exploit Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call HP-UX 11.00/10.20 crontab - Overwrite Files Solaris 2.7/2.8 Catman - Local Insecure tmp Symlink Exploit SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber Exploit RedHat 6.1/6.2 - TTY Flood Users Exploit Solaris 2.7/2.8 Catman - Local Insecure tmp Symlink SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber RedHat 6.1/6.2 - TTY Flood Users Solaris 2.6 / 7 / 8 - Lock Users Out of mailx Exploit ProFTPd 1.2.0 rc2 - Memory Leakage Exploit Solaris 2.6 / 7 / 8 - Lock Users Out of mailx ProFTPd 1.2.0 rc2 - Memory Leakage Cisco (Multiple Products) - Automated Exploit Tool Cisco (Multiple Products) - Automated Tool TCP Connection Reset - Remote Denial of Service Microsoft Internet Explorer - Overly Trusted Location Cache Exploit Microsoft Internet Explorer - Overly Trusted Location Cache Microsoft Windows - JPEG Processing Buffer Overrun Exploit (MS04-028) Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028) Quake 3 Engine - Infostring Crash and Shutdown Exploit Quake 3 Engine - Infostring Crash and Shutdown Microsoft Windows - 'SMB' Transaction Response Handling Exploit (MS05-011) Microsoft Windows - 'SMB' Transaction Response Handling (MS05-011) MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion netPanzer 0.8 rev 952 - 'frameNum' Server Terminiation Exploit netPanzer 0.8 rev 952 - 'frameNum' Server Terminiation VMware 5.5.1 - COM Object Arbitrary Partition Table Delete Exploit VMware 5.5.1 - COM Object Arbitrary Partition Table Delete KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception Exploit KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception eIQnetworks Network Security Analyzer - Null Pointer Dereference Exploit eIQnetworks Network Security Analyzer - Null Pointer Dereference Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference Exploit Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference PHP 5.2.6 - 'sleep()' Local Memory Exhaust Exploit PHP 5.2.6 - 'sleep()' Local Memory Exhaust Ruby 1.9 - regex engine Remote Socket Memory Leak Exploit Ruby 1.9 - regex engine Remote Socket Memory Leak Ultra Office - ActiveX Control Arbitrary File Corruption Exploit Ultra Office - ActiveX Control Arbitrary File Corruption Flock Social Web Browser 1.2.5 - 'loop' Remote Denial of Service Microsoft Windows - GDI+ '.ICO' Remote Division By Zero Exploit Microsoft Windows - GDI+ '.ICO' Remote Division By Zero Microsoft Windows Vista - Access Violation from Limited Account Exploit (Blue Screen of Death) Microsoft Windows Vista - Access Violation from Limited Account (Blue Screen of Death) Novell Groupwise 8.0 - Malformed RCPT Command Off-by-One Exploit Novell Groupwise 8.0 - Malformed RCPT Command Off-by-One Mozilla Firefox - unclamped loop Denial of Service Zortam MP3 Player 1.50 - '.m3u' Integer Division by Zero Exploit Zortam MP3 Player 1.50 - '.m3u' Integer Division by Zero Firebird SQL - op_connect_request main listener shutdown Exploit Firebird SQL - op_connect_request main listener shutdown Kaspersky 2010 - Remote Memory Corruption / Denial of Service (PoC) VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Exploit Sagem Routers - Remote Reset Exploit Sagem Routers - Remote Reset TopDownloads MP3 Player 1.0 - '.m3u' Crash Exploit TopDownloads MP3 Player 1.0 - '.m3u' Crash Optimal Archive 1.38 - '.zip' File Exploit (SEH) (PoC) Optimal Archive 1.38 - '.zip' File (SEH) (PoC) Aircrack-NG Tools svn r1675 - Remote Exploit Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow Apple Mac OSX 10.6 - HFS FileSystem Exploit (Denial of Service) Apple Mac OSX 10.6 - HFS FileSystem (Denial of Service) Motorola SB5101 Hax0rware Rajko HTTPd - Remote Exploit (PoC) Motorola SB5101 Hax0rware Rajko HTTPd - Remote Denial of Service (PoC) FreeBSD - 'mountnfs()' Exploit FreeBSD - 'mountnfs()' Denial of Service AoAAudioExtractor 2.0.0.0 - ActiveX (PoC) (SEH) Microsoft Internet Explorer - MSHTML Findtext Processing Exploit Microsoft Internet Explorer - MSHTML Findtext Processing RedHat Linux - Stickiness of /tmp Exploit RedHat Linux - Stickiness of /tmp Microsoft Plug and Play Service - Overflow Exploit (MS05-039) (Metasploit) Microsoft Plug and Play Service - Overflow (MS05-039) (Metasploit) Linux 2.6.37-rc1 - serial_core TIOCGICOUNT Leak Exploit Linux 2.6.37-rc1 - serial_core TIOCGICOUNT Leak ZipWiz 2005 5.0 - '.zip' Buffer Corruption Exploit ZipWiz 2005 5.0 - '.zip' Buffer Corruption Simple HTTPd 1.42 - Denial of Servive Exploit Simple HTTPd 1.42 - Denial of Servive PeerBlock 1.1 - Blue Screen of Death Exploit PeerBlock 1.1 - Blue Screen of Death Spotify 0.8.2.610 - search func Memory Exhaustion Exploit Spotify 0.8.2.610 - search func Memory Exhaustion Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) Microsoft Windows - 'afd.sys' Local Kernel (PoC) (MS11-046) Digital Ultrix 4.0/4.1 - '/usr/bin/chroot' Exploit SunOS 4.1.1 - '/usr/release/bin/makeinstall' Exploit SunOS 4.1.1 - '/usr/release/bin/winstall' Exploit SunOS 4.1.3 - kmem setgid /etc/crash Exploit SunOS 4.1.3 - kmem setgid /etc/crash Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA Exploit Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA Linux Kernel 2.0/2.1/2.2 - autofs Exploit Linux Kernel 2.0/2.1/2.2 - 'autofs' Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Exploit Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Exploit Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET D-Link DIR605L - Denial of Service D-Link DIR-605L < 2.08 - Denial of Service Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer Overflow Check Microsoft Windows 3.11/95/NT 4.0/NT 3.5.1 - 'Out Of Band' Data Denial of Service (4) Microsoft Internet Explorer 5/6 - Self-Referential Object Denial of Service Kerio MailServer 5.6.3 subscribe Module - Overflow Exploit Kerio MailServer 5.6.3 subscribe Module - Overflow Kerio MailServer 5.6.3 list Module - Overflow Exploit Kerio MailServer 5.6.3 do_map Module - Overflow Exploit Kerio MailServer 5.6.3 list Module - Overflow Kerio MailServer 5.6.3 do_map Module - Overflow Microsoft Edge - 'Object.setPrototypeOf' Memory Corruption Red-M Red-Alert 3.1 - Remote Exploit Red-M Red-Alert 3.1 - Remote Denial of Service Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities Microsoft Internet Explorer 6 - Multiple COM Object Color Property Denial of Service Vulnerabilities Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities Microsoft Internet Explorer 6 - Multiple COM Object Color Property Denial of Service Vulnerabilities Gold MP4 Player 3.3 - Universal Exploit (SEH) (Metasploit) Gold MP4 Player 3.3 - Universal (SEH) (Metasploit) WS10 Data Server - SCADA Exploit Overflow (PoC) WS10 Data Server - SCADA Overflow (PoC) Kaspersky AntiVirus - DEX File Format Memory Corruption Kaspersky AntiVirus - '.DEX' File Format Memory Corruption Avast! - JetDb::IsExploited4x Performs Unbounded Search on Input Avast! - JetDb::Ised4x Performs Unbounded Search on Input pdfium IsFlagSet (v8 memory management) - SIGSEGV Exploit pdfium IsFlagSet (v8 memory management) - SIGSEGV Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety Exploits Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety s Microsoft Edge Chakra JIT - Type Confusion with switch Statements Microsoft Edge Chakra: JIT - 'OP_Memset' Type Confusion Mandrake Linux 8.2 - '/usr/mail' Local Exploit ICQ Pro 2003a - 'ca1-icq.asm' Password Bypass Exploit XGalaga 2.0.34 (RedHat 9.0) - Local Game Exploit xtokkaetama 1.0b (RedHat 9.0) - Local Game Exploit man-db 2.4.1 - 'open_cat_stream()' Local uid=man Exploit DameWare Mini Remote Control Server - System Exploit Mandrake Linux 8.2 - '/usr/mail' Local Overflow ICQ Pro 2003a - 'ca1-icq.asm' Password Bypass XGalaga 2.0.34 (RedHat 9.0) - Local Game xtokkaetama 1.0b (RedHat 9.0) - Local Game man-db 2.4.1 - 'open_cat_stream()' Local uid=man DameWare Mini Remote Control Server - System IBM DB2 - Universal Database 7.2 'db2licm' Local Exploit IBM DB2 - Universal Database 7.2 'db2licm' Local OpenBSD - 'ibcs2_exec' Kernel Local Exploit OpenBSD - 'ibcs2_exec' Kernel Local Microsoft Windows - ListBox/ComboBox Control Local Exploit (MS03-045) Microsoft Windows - ListBox/ComboBox Control Local (MS03-045) XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game SuSE Linux 9.0 - YaST Configuration Skribt Local Exploit SuSE Linux 9.0 - YaST Configuration Skribt Local RedHat 6.2 Restore and Dump - Local Exploit (Perl) RedHat 6.2 Restore and Dump - Privilege Escalation (Perl) BSDi 3.0/4.0 - rcvtty[mh] Local Exploit BSDi 3.0/4.0 - rcvtty[mh] Local Solaris locale - Format Strings 'noexec stack' Exploit GLIBC locale - bug mount Exploit dislocate 1.3 - Local i386 Exploit UUCP Exploit - File Creation/Overwriting Symlinks Exploit Solaris locale - Format Strings 'noexec stack' GLIBC locale - bug mount dislocate 1.3 - Local i386 UUCP - File Creation/Overwriting Symlinks GLIBC locale - Format Strings Exploit GLIBC locale - Format Strings RedHat 6.1 man - 'egid 15' Local Exploit RedHat 6.1 man - 'egid 15' Local splitvt < 1.6.5 - Local Exploit splitvt < 1.6.5 - Local IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Exploit Microsoft Windows Utility Manager - Local SYSTEM Exploit (MS04-011) IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Microsoft Windows Utility Manager - Local SYSTEM (MS04-011) Slackware 7.1 - '/usr/bin/mail' Local Exploit Slackware 7.1 - '/usr/bin/mail' Local GLIBC 2.1.3 - LD_PRELOAD Local Exploit GLIBC 2.1.3 - LD_PRELOAD Local Resolv+ (RESOLV_HOST_CONF) - Linux Library Local Exploit Resolv+ (RESOLV_HOST_CONF) - Linux Library Local Solaris 2.5.1 lp / lpsched - Symlink Exploit LibXt - 'XtAppInitialize()' Overflow *xterm Exploit Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer Exploit Solaris 2.5.1 lp / lpsched - Symlink LibXt - 'XtAppInitialize()' Overflow *xterm Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer Microsoft Windows Server 2000 - Universal Language Utility Manager Exploit (MS04-019) Microsoft Windows Task Scheduler (Windows XP/2000) - '.job' Exploit (MS04-022) Microsoft Windows Server 2000 - Utility Manager All-in-One Exploit (MS04-019) Microsoft Windows Server 2000 - Universal Language Utility Manager (MS04-019) Microsoft Windows Task Scheduler (Windows XP/2000) - '.job' (MS04-022) Microsoft Windows Server 2000 - Utility Manager All-in-One (MS04-019) Microsoft Windows XP - Task Scheduler '.job' Universal Exploit (MS04-022) Microsoft Windows XP - Task Scheduler '.job' Universal (MS04-022) ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit AOL Instant Messenger AIM - 'Away' Message Local Exploit OpenBSD - 'ftp' Exploit ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Overflow AOL Instant Messenger AIM - 'Away' Message Local OpenBSD - 'ftp' IPD (Integrity Protection Driver) - Local Exploit IPD (Integrity Protection Driver) - Local htpasswd Apache 1.3.31 - Local Exploit htpasswd Apache 1.3.31 - Local SudoEdit 1.6.8 - Local Change Permission Exploit SudoEdit 1.6.8 - Local Change Permission BSD bmon 1.2.1_2 - Local Exploit BSD bmon 1.2.1_2 - Local Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read Exploit Multiple AntiVirus - '.zip' Detection Bypass Exploit Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read Multiple AntiVirus - '.zip' Detection Bypass Cscope 15.5 - Symlink Exploit Cscope 15.5 - Symlink Microsoft Windows - Improper Token Validation Local Exploit Exim 4.41 - 'dns_build_reverse' Local Exploit (PoC) Peer2Mail 1.4 - Encrypted Password Dumper Exploit fkey 0.0.2 - Local File Accessibility Exploit Microsoft Windows - Improper Token Validation Local Exim 4.41 - 'dns_build_reverse' Local (PoC) Peer2Mail 1.4 - Encrypted Password Dumper fkey 0.0.2 - Local File Accessibility /usr/bin/trn (Not SUID) - Local Exploit Mandrake / Slackware /usr/bin/trn - Privilege Escalation (Not SUID) Linux ncpfs - Local Exploit ncpfs < 2.2.6 (Gentoo / Linux) - Privilege Escalation DelphiTurk FTP 1.0 - Passwords to Local Users Exploit DelphiTurk e-Posta 1.0 - Local Exploit GNU a2ps - 'Anything to PostScript' Not SUID Local Exploit VisualBoyAdvanced 1.7.x - Non SUID Local Shell Exploit DelphiTurk FTP 1.0 - Passwords to Local Users DelphiTurk e-Posta 1.0 - Local GNU a2ps - 'Anything to PostScript' Not SUID Local VisualBoyAdvanced 1.7.x - Non SUID Local Shell GetDataBack Data Recovery 2.31 - Local Exploit Aeon 0.2a - Local Linux Exploit (1) Aeon 0.2a - Local Linux Exploit (2) GetDataBack Data Recovery 2.31 - Local Aeon 0.2a - Local Linux (1) Aeon 0.2a - Local Linux (2) Microsoft Jet Database - 'msjet40.dll' Reverse Shell Exploit (1) Microsoft Jet Database - 'msjet40.dll' Reverse Shell (1) Oracle Database PL/SQL Statement - Multiple SQL Injections Exploits Oracle Database PL/SQL Statement - Multiple SQL Injections s Microsoft Windows - 'HTA' Script Execution Exploit (MS05-016) Microsoft Windows - 'HTA' Script Execution (MS05-016) Microsoft Jet Database - 'msjet40.dll' Reverse Shell Exploit (2) Microsoft Jet Database - 'msjet40.dll' Reverse Shell (2) Exim 4.41 - 'dns_build_reverse' Local Exploit Microsoft Windows - COM Structured Storage Local Exploit (MS05-012) ePSXe 1.6.0 - 'nogui()' Local Exploit Exim 4.41 - 'dns_build_reverse' Local Microsoft Windows - COM Structured Storage Local (MS05-012) ePSXe 1.6.0 - 'nogui()' Privilege Escalation Willing Webcam 2.8 - Licence Information Disclosure Local Exploit Willing Webcam 2.8 - Licence Information Disclosure Local Solaris (SPARC/x86) - Local Socket Hijack Exploit Solaris (SPARC/x86) - Local Socket Hijack MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (1) MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library (1) Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Exploit Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055) Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation (MS05-055) MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (2) MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library (2) Oracle 10g Release 2 - 'DBMS_EXPORT_EXTENSION' SQL Exploit Intel Wireless Service - 's24evmon.exe' Shared Memory Exploit Oracle 10g Release 2 - 'DBMS_EXPORT_EXTENSION' SQL Intel Wireless Service - 's24evmon.exe' Shared Memory Solaris 8/9 - '/usr/ucb/ps' Local Information Leak Exploit VMware 5.5.1 - 'ActiveX' Local Buffer Overflow Solaris 8/9 - '/usr/ucb/ps' Local Information Leak VMware 5.5.1 - 'ActiveX' Local Buffer Overflow TIBCO Rendezvous 7.4.11 - Password Extractor Local Exploit TIBCO Rendezvous 7.4.11 - Password Extractor Local Apple Mac OSX 10.4.7 - Mach Exception Handling Local Exploit (10.3.x) Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x) Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Exploit Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local HP Tru64 Alpha OSF1 5.1 - 'ps' Information Leak Exploit HP Tru64 Alpha OSF1 5.1 - 'ps' Information Leak Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local Exploit Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local PHP 5.2.1 - 'substr_compare()' Information Leak Exploit PHP 5.2.1 - 'substr_compare()' Information Leak PHP 'COM' Extensions - inconsistent Win32 'safe_mode' Bypass Exploit PHP 'COM' Extensions - inconsistent Win32 'safe_mode' Bypass PHP 5.2.0 (OSX) - EXT/Filter Space Trimming Buffer Underflow Exploit PHP 5.2.1 - 'session_regenerate_id()' Double-Free Exploit PHP 5.2.0/5.2.1 - Rejected Session ID Double-Free Exploit PHP 5.2.0 (OSX) - EXT/Filter Space Trimming Buffer Underflow PHP 5.2.1 - 'session_regenerate_id()' Double-Free PHP 5.2.0/5.2.1 - Rejected Session ID Double-Free PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Exploit PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow Exploit PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage Exploit PHP 5.2.1 - 'hash_update_file()' Freed Resource Usage Exploit PHP 5.2.1 - 'Unserialize()' Local Information Leak Exploit PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Exploit PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage PHP 5.2.1 - 'hash_update_file()' Freed Resource Usage PHP 5.2.1 - 'Unserialize()' Local Information Leak PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local East Wind Software - 'advdaudio.ocx 1.5.1.1' Local Buffer Overflow PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass PHP 'Perl' Extension - 'Safe_mode' Bypass Norman Virus Control - 'nvcoaft51.sys' ioctl BF672028 Exploit Norman Virus Control - 'nvcoaft51.sys' ioctl BF672028 Microsoft Visual Basic 6.0 - VBP_Open OLE Local CodeExec Exploit Microsoft Visual Basic 6.0 - VBP_Open OLE Local CodeExec PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Send ICMP Nasty Garbage (SING) - Append File Logrotate Exploit Send ICMP Nasty Garbage (SING) - Append File Logrotate SafeNet 10.4.0.12 - 'IPSecDrv.sys' Local kernel Ring0 SYSTEM Exploit SafeNet 10.4.0.12 - 'IPSecDrv.sys' Local kernel Ring0 SYSTEM DESlock+ < 3.2.6 - Local Kernel Ring0 link list zero SYSTEM Exploit DESlock+ < 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit DESlock+ < 3.2.6 - Local Kernel Ring0 link list zero SYSTEM DESlock+ < 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Solaris 8/9/10 - 'fifofs I_PEEK' Local Kernel Memory Leak Exploit Solaris 8/9/10 - 'fifofs I_PEEK' Local Kernel Memory Leak VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal Exploit Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM Exploit VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM Microsoft Windows Server 2003 - Token Kidnapping Local Exploit (PoC) Microsoft Windows Server 2003 - Token Kidnapping Local (PoC) Opera 9.62 - 'file://' Local Heap Overflow PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit Opera 9.62 - 'file://' Local Heap Overflow PHP 5.2.6 - 'error_log' Safe_mode Bypass RadASM 2.2.1.5 - '.rap' WindowCallProcA Pointer Hijack Exploit RadASM 2.2.1.5 - '.rap' WindowCallProcA Pointer Hijack PHP 'python' Extension - 'safe_mode' Local Bypass Exploit PHP 'python' Extension - 'safe_mode' Local Bypass Adobe Acrobat Reader - JBIG2 Universal Exploit Adobe Acrobat Reader - JBIG2 Universal xscreensaver 5.01 - Arbitrary File Disclosure Symlink Exploit xscreensaver 5.01 - Arbitrary File Disclosure Symlink Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (1) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (2) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (3) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer (SEH) (1) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer (SEH) (2) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer (SEH) (3) pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer Exploit (SEH) pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer (SEH) Xenorate Media Player 2.6.0.0 - '.xpl' Universal Local Buffer Exploit (SEH) Xenorate Media Player 2.6.0.0 - '.xpl' Universal Local Buffer (SEH) KSP 2006 FINAL - '.m3u' Universal Local Buffer Exploit (SEH) KSP 2006 FINAL - '.m3u' Universal Local Buffer (SEH) BSD (Multiple Distributions) - 'setusercontext()' Exploit BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities Fat Player 0.6b - '.wav' Universal Local Buffer Exploit Fat Player 0.6b - '.wav' Universal Local Buffer Media Jukebox 8 - '.m3u' Universal Local Buffer Exploit (SEH) Media Jukebox 8 - '.m3u' Universal Local Buffer (SEH) Media Jukebox 8 - '.pls' Universal Local Buffer Exploit (SEH) Media Jukebox 8 - '.pls' Universal Local Buffer (SEH) Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer Exploit (SEH) (1) Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer (SEH) (1) Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal Exploit Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer Exploit (SEH) (2) Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer (SEH) (2) Enlightenment - Linux Null PTR Dereference Exploit Framework Enlightenment - Linux Null PTR Dereference Framework AIMP2 Audio Converter - Playlist (SEH) AIMP2 Audio Converter - Playlist Overflow (SEH) VMware Fusion 2.0.5 - vmx86 kext Local Exploit (PoC) VMware Fusion 2.0.5 - vmx86 kext Local (PoC) VMware Virtual 8086 - Linux Local Ring0 Exploit VMware Virtual 8086 - Linux Local Ring0 Oracle - SYS.LT.MERGEWORKSPACE Evil Cursor Exploit Oracle - SYS.LT.COMPRESSWORKSPACETREE Evil Cursor Exploit Oracle - ctxsys.drvxtabc.create_tables Evil Cursor Exploit Oracle - ctxsys.drvxtabc.create_tables Exploit Oracle - SYS.LT.REMOVEWORKSPACE Evil Cursor Exploit Oracle - SYS.LT.MERGEWORKSPACE Evil Cursor Oracle - SYS.LT.COMPRESSWORKSPACETREE Evil Cursor Oracle - ctxsys.drvxtabc.create_tables Evil Cursor Oracle - ctxsys.drvxtabc.create_tables Oracle - SYS.LT.REMOVEWORKSPACE Evil Cursor Exploit Easy RM to MP3 2.7.3.700 - Ruby Easy RM to MP3 2.7.3.700 - (Ruby) VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Overflow Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM Exploit Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM WM Downloader 3.0.0.9 (Windows XP SP3) - PLS PLA Exploit WM Downloader 3.0.0.9 (Windows XP SP3) - PLS PLA Free MP3 CD Ripper 2.6 - '.wav' Exploit Free MP3 CD Ripper 2.6 - '.wav' Winamp 5.572 - 'whatsnew.txt' Exploit (SEH) (Metasploit) Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit) FreeBSD - 'nfs_mount()' Exploit FreeBSD 8.0/7.3/7.2 - 'nfs_mount()' Privilege Escalation GSM SIM Utility 5.15 - Direct RET Local Exploit GSM SIM Utility 5.15 - Direct RET Local Apple iOS - '.pdf' Jailbreak Exploit Exploit Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Exploit Apple iOS - '.pdf' Jailbreak Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Microsoft Excel - FEATHEADER Record Exploit (MS09-067) Microsoft Excel - FEATHEADER Record (MS09-067) Foxit Reader 4.0 - '.pdf' Jailbreak Exploit Foxit Reader 4.0 - '.pdf' Jailbreak Microsoft Vista - 'fveapi.dll' BitLocker Drive Encryption API Hijacking Exploit Microsoft Vista - 'fveapi.dll' BitLocker Drive Encryption API Hijacking AudioTran 1.4.2.4 - SafeSEH + SEHOP Exploit AudioTran 1.4.2.4 - SafeSEH + SEHOP Oracle Solaris - 'su' Local Exploit Oracle Solaris - 'su' Local Trend Micro Titanium Maximum Security 2011 - Local Kernel Exploit Trend Micro Titanium Maximum Security 2011 - Local Kernel G Data TotalCare 2011 - Local Kernel Exploit G Data TotalCare 2011 - Local Kernel DriveCrypt 5.3 - Local Kernel Ring0 SYSTEM Exploit DriveCrypt 5.3 - Local Kernel Ring0 SYSTEM FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak Exploit AoA DVD Creator 2.5 - ActiveX Stack Overflow AoA Mp4 Converter 4.1.0 - ActiveX Stack Overflow DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak AoA DVD Creator 2.5 - ActiveX Stack Overflow AoA Mp4 Converter 4.1.0 - ActiveX Stack Overflow DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM MPlayer (r33064 Lite) - Buffer Overflow + ROP Exploit MPlayer (r33064 Lite) - Buffer Overflow + ROP Adobe Reader X 10.0.0 < 10.0.1 - Atom Type Confusion Exploit Adobe Reader X 10.0.0 < 10.0.1 - Atom Type Confusion DVD X Player 5.5.0 Professional / Standard - '.plf' File Universal Exploit (ASLR + DEP Bypass) DVD X Player 5.5.0 Professional / Standard - '.plf' File Universal (ASLR + DEP Bypass) Linux Kernel 2.6.37-rc1 - 'serial_multiport_struct' Local Information Leak Exploit Linux Kernel 2.6.37-rc1 - 'serial_multiport_struct' Local Information Leak Microsoft Office 2008 SP0 (Mac) - RTF pFragments Exploit Microsoft Office 2008 SP0 (Mac) - RTF pFragments Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Exploit Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Overflow SGI IRIX 5.3/6.2 & SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Exploit SGI IRIX 6.4 & SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - 'LICENSEMGR_FILE_ROOT' Exploit Digital Ultrix 4.0/4.1 - '/usr/bin/chroot' Privilege Escalation SunOS 4.1.1 - '/usr/release/bin/makeinstall' Privilege Escalation SunOS 4.1.1 - '/usr/release/bin/winstall' Privilege Escalation SGI IRIX 5.3/6.2 / SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Privilege Escalation SGI IRIX 6.4 / SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - 'LICENSEMGR_FILE_ROOT' Privilege Escalation ISC BIND 4.9.7 -T1B - named SIGINT and SIGIOT Symlink Exploit ISC BIND 4.9.7 -T1B - named SIGINT / SIGIOT Symlink Sun Solaris 2.6 - power management Exploit Sun Solaris 7.0 - 'sdtcm_convert' Exploit Sun Solaris 2.6 - power management Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Overflow / Privilege Escalation Microsoft Windows - 'April Fools 2001' Exploit Microsoft Windows - 'April Fools 2001' Solaris 2.5.1 - 'ffbconfig' Exploit Solaris 2.5.1 - 'chkey' Exploit Solaris 2.5.1 - 'Ping' Exploit SGI IRIX 6.4 - 'ioconfig' Exploit Solaris 2.5.1 - 'ffbconfig' Privilege Escalation Solaris 2.5.1 - 'chkey' Privilege Escalation Solaris 2.5.1 - 'Ping' SGI IRIX 6.4 - 'ioconfig' Privilege Escalation BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Exploit (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Overflow / Privilege Escalation (1) Solaris 2.5.1 - 'automount' Exploit BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (3) Solaris 2.5.1 - 'automount' Privilege Escalation BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (3) Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Exploit Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Solaris 7.0 - 'cancel' Exploit Solaris 7.0 - 'chkperm' Exploit Solaris 7.0 - 'cancel' Privilege Escalation Solaris 7.0 - 'chkperm' G. Wilford man 2.3.10 - Symlink Exploit G. Wilford man 2.3.10 - Symlink S.u.S.E. Linux 5.2 - gnuplot Exploit S.u.S.E. Linux 5.2 - 'gnuplot' Stanford University bootpd 2.4.3 / Debian 2.0 - netstd Exploit X11R6 3.3.3 - Symlink Exploit Sun Solaris 7.0 - 'ff.core' Exploit S.u.S.E. 5.2 - 'lpc' Exploit SGI IRIX 6.2 - '/usr/lib/netaddpr' Exploit NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Exploit SGI IRIX 6.2 - 'cdplayer' Exploit Stanford University bootpd 2.4.3 / Debian 2.0 - netstd X11R6 3.3.3 - Symlink Sun Solaris 7.0 - 'ff.core' Privilege Escalation S.u.S.E. 5.2 - 'lpc' Privilege Escalation SGI IRIX 6.2 - '/usr/lib/netaddpr' Privilege Escalation NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' SGI IRIX 6.2 - 'cdplayer' Privilege Escalation SGI IRIX 5.3 - 'Cadmin' Exploit SGI IRIX 6.0.1 - 'colorview' Exploit SGI IRIX 5.3 - 'Cadmin' Privilege Escalation SGI IRIX 6.0.1 - 'colorview' SGI IRIX 6.2 - day5notifier Exploit SGI IRIX 6.3 - 'df' Exploit SGI IRIX 6.4 - datman/cdman Exploit SGI IRIX 6.2 - 'eject' Exploit (1) SGI IRIX 6.2 - 'eject' Exploit (2) RedHat Linux 2.1 - 'abuse.console' Exploit SGI IRIX 6.2 - 'fsdump' Exploit SGI IRIX 6.2 - 'day5notifier' SGI IRIX 6.3 - 'df' Privilege Escalation SGI IRIX 6.4 - 'datman'/'cdman' SGI IRIX 6.2 - 'eject' Privilege Escalation (1) SGI IRIX 6.2 - 'eject' Privilege Escalation (2) RedHat Linux 2.1 - 'abuse.console' Privilege Escalation SGI IRIX 6.2 - 'fsdump' Privilege Escalation IBM AIX 4.3 - 'infod' Exploit IBM AIX 4.3 - 'infod' Privilege Escalation SGI IRIX 6.4 - 'inpview' Exploit RedHat Linux 5.0 - 'msgchk' Exploit SGI IRIX 6.4 - 'inpview' Privilege Escalation RedHat Linux 5.0 - 'msgchk' Privilege Escalation SGI IRIX 6.4 - login Exploit RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (1) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (2) SGI IRIX 6.4 - 'netprint' Exploit SGI IRIX 6.4 - 'login' RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' (1) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' (2) SGI IRIX 6.4 - 'netprint' Privilege Escalation SGI IRIX 5.3/6.2 - 'ordist' Exploit SGI IRIX 5.3/6.2 - 'ordist' Privilege Escalation SGI IRIX 5.3 - 'pkgadjust' Exploit SGI IRIX 5.3 - 'pkgadjust' Privilege Escalation IBM AIX 3.2.5 - 'IFS' Exploit IBM AIX 3.2.5 - 'IFS' Privilege Escalation SGI IRIX 6.3 - 'pset' Exploit SGI IRIX 6.4 - 'rmail' Exploit SGI IRIX 6.3 - 'pset' Privilege Escalation SGI IRIX 6.4 - 'rmail' SGI IRIX 5.2/5.3 - 'serial_ports' Exploit SGI IRIX 6.4 - 'suid_exec' Exploit SGI IRIX 5.1/5.2- 'sgihelp' Exploit SGI IRIX 6.4 - 'startmidi' Exploit SGI IRIX 6.3 - 'Systour' / 'OutOfBox' Exploit SGI IRIX 6.4 - 'xfsdump' Exploit SGI IRIX 5.2/5.3 - 'serial_ports' Privilege Escalation SGI IRIX 6.4 - 'suid_exec' Privilege Escalation SGI IRIX 5.1/5.2 - 'sgihelp' SGI IRIX 6.4 - 'startmidi' Privilege Escalation SGI IRIX 6.3 - 'Systour' / 'OutOfBox' Privilege Escalation SGI IRIX 6.4 - 'xfsdump' Privilege Escalation Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS Exploit (2) Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2) GNU glibc 2.1/2.1.1 -6 - 'pt_chown' Exploit GNU glibc 2.1/2.1.1 -6 - 'pt_chown' Privilege Escalation Common Desktop Environment 2.1 20 / Solaris 7.0 - dtspcd Exploit Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd' SCO Open Server 5.0.5 - 'userOsa' Symlink Exploit SCO Open Server 5.0.5 - 'userOsa' Symlink BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow Exploit (1) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow Exploit (2) UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (1) UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (2) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow (1) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow (2) UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (1) UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (2) S.u.S.E. Linux 6.1/6.2 - cwdtools Exploit S.u.S.E. Linux 6.1/6.2 - 'cwdtools' Solaris 7.0 - 'kcms_configure Exploit Solaris 7.0 - 'kcms_configure' FreeBSD 3.3 - 'gdc' Symlink Exploit FreeBSD 3.3 - 'gdc' Symlink SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'uidadmin' Exploit SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'uidadmin' Privilege Escalation SCO Unixware 7.1 - 'pkg' Exploit SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink Exploit SCO Unixware 7.1 - 'pkg' Privilege Escalation SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink Nortel Networks Optivity NETarchitect 2.0 - PATH Exploit SGI IRIX 6.2 - midikeys/soundplayer Exploit Nortel Networks Optivity NETarchitect 2.0 - PATH SGI IRIX 6.2 - 'midikeys'/'soundplayer' Mandrake 6.x / RedHat 6.x / Turbolinux 3.5 b2/4.x/6.0.2 userhelper/PAM - Path Exploit (1) Mandrake 6.x / RedHat 6.x / Turbolinux 3.5 b2/4.x/6.0.2 userhelper/PAM - Path Exploit (2) Mandrake 6.x / RedHat 6.x / Turbolinux 3.5 b2/4.x/6.0.2 userhelper/PAM - Path (1) Mandrake 6.x / RedHat 6.x / Turbolinux 3.5 b2/4.x/6.0.2 userhelper/PAM - Path (2) FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - '/proc' FileSystem Exploit FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - '/proc' FileSystem Debian 2.1 - apcd Symlink Exploit Debian 2.1 - apcd Symlink SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink Exploit Microsoft Windows 95/98/NT 4.0 - autorun.inf Exploit FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Exploit Sun Workshop 5.0 - Licensing Manager Symlink Exploit SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Sun Workshop 5.0 - Licensing Manager Symlink Corel Linux OS 1.0 - buildxconfig Exploit Corel Linux OS 1.0 - setxconf Exploit Corel Linux OS 1.0 - buildxconfig Corel Linux OS 1.0 - 'setxconf' Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr Exploit (2) Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr (2) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (1) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (2) Halloween Linux 4.0 / S.u.S.E. Linux 6.0/6.1/6.2/6.3 - kreatecd Exploit Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - 'imwheel' (1) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - 'imwheel' (2) Halloween Linux 4.0 / S.u.S.E. Linux 6.0/6.1/6.2/6.3 - 'kreatecd' Be BeOS 4.0/4.5/5.0 - IP Packet Length Field Exploit QSSL QNX 4.25 A - 'crypt()' Exploit Be BeOS 4.0/4.5/5.0 - IP Packet Length Field QSSL QNX 4.25 A - 'crypt()' Privilege Escalation RedHat Linux 6.0/6.1/6.2 - pam_console Exploit RedHat Linux 6.0/6.1/6.2 - 'pam_console' Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - '/tmp' Symlink Exploit Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - '/tmp' Symlink OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink Exploit OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink HP-UX 10.20/11.0 - man '/tmp' Symlink Exploit HP-UX 10.20/11.0 - man '/tmp' Symlink Oracle Internet Directory 2.0.6 - oidldap Exploit Oracle Internet Directory 2.0.6 - oidldap HP-UX 10.20/11.0 - crontab '/tmp' File Exploit Exim Buffer 1.6.2/1.6.51 - Overflow Exploit HP-UX 10.20/11.0 - crontab '/tmp' File Exim Buffer 1.6.2/1.6.51 - Overflow PHP 5.3.4 Win Com Module - Com_sink Exploit PHP 5.3.4 Win Com Module - Com_sink Zoner Photo Studio 15 Build 3 - 'Zps.exe' Registry Value Parsing Exploit Zoner Photo Studio 15 Build 3 - 'Zps.exe' Registry Value Parsing BlazeVideo HDTV Player 6.6 Professional - Direct RETN Exploit Aviosoft Digital TV Player Professional 1.x - '.PLF' Direct Retn Exploit BlazeVideo HDTV Player 6.6 Professional - Direct RETN Aviosoft Digital TV Player Professional 1.x - '.PLF' Direct Retn BlazeDVD 6.1 - '.PLF' File Exploit (ASLR + DEP Bypass) (Metasploit) BlazeDVD 6.1 - '.PLF' File (ASLR + DEP Bypass) (Metasploit) Inmatrix Ltd. Zoom Player 8.5 - '.jpeg' Exploit Inmatrix Ltd. Zoom Player 8.5 - '.jpeg' HexChat 2.9.4 - Local Exploit HexChat 2.9.4 - Local Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - 'EPATHOBJ' Local Ring Exploit Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - 'EPATHOBJ' Local Ring Winamp 5.63 - 'winamp.ini' Local Exploit Winamp 5.63 - 'winamp.ini' Local Nginx (Debian-Based Distros + Gentoo) - 'logrotate' Privilege Escalation Nginx (Debian Based Distros + Gentoo) - 'logrotate' Privilege Escalation PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Apple 2.0.4 - Safari Local Exploit Apple 2.0.4 - Safari Local Notepad++ Plugin Notepad 1.5 - Local Exploit Notepad++ Plugin Notepad 1.5 - Local Overflow Castripper 2.50.70 - '.pls' DEP Bypass Exploit Castripper 2.50.70 - '.pls' DEP Bypass Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write Exploit (2) Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write (2) suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass Exploit suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Adobe Reader for Android - 'addJavascriptInterface' Exploit (Metasploit) Adobe Reader for Android < 11.2.0 - 'addJavascriptInterface' Local Overflow (Metasploit) glibc - NUL Byte gconv_translit_find Off-by-One Exploit glibc - NUL Byte gconv_translit_find Off-by-One Microsoft Windows - OLE Package Manager SandWorm Exploit Microsoft Windows - OLE Package Manager SandWorm PonyOS 3.0 - VFS Permissions Exploit PonyOS 3.0 - VFS Permissions PonyOS 3.0 - TTY 'ioctl()' Local Kernel Exploit PonyOS 3.0 - TTY 'ioctl()' Local Kernel Microsoft Windows - ClientCopyImage Win32k Exploit (MS15-051) (Metasploit) Microsoft Windows - ClientCopyImage Win32k (MS15-051) (Metasploit) Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Exploit Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Google Android - get_user/put_user Exploit (Metasploit) Google Android - get_user/put_user (Metasploit) IKEView.exe R60 - '.elg' Local Exploit (SEH) IKEView.exe R60 - '.elg' Local (SEH) IKEView R60 - Buffer Overflow Local Exploit (SEH) IKEView R60 - Buffer Overflow Local (SEH) Gold MP4 Player - '.swf' Local Exploit Gold MP4 Player - '.swf' Local Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File Exploit (Universal ASLR + DEP Bypass) Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File (Universal ASLR + DEP Bypass) Apple iOS < 10.3.1 - Kernel Exploit Apple iOS < 10.3.1 - Kernel Linux Kernel - 'offset2lib Stack Clash' Exploit Linux Kernel - 'offset2lib Stack Clash' Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC) Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit Microsoft IIS - WebDAV 'ntdll.dll' Remote Microsoft IIS 5.0 - WebDAV Remote (PoC) Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Microsoft Windows 2000/XP - SMB Authentication Remote Exploit RealServer < 8.0.2 (Windows Platforms) - Remote Exploit Microsoft Windows 2000/XP - SMB Authentication Remote RealServer < 8.0.2 (Windows Platforms) - Remote Overflow CommuniGate Pro Webmail 4.0.6 - Session Hijacking Exploit CommuniGate Pro Webmail 4.0.6 - Session Hijacking Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit Webfroot Shoutbox < 2.32 (Apache) - Local File Inclusion / Remote Code Execution Microsoft Internet Explorer - Object Tag Exploit (MS03-020) Apache 2.0.45 - 'APR' Remote Exploit Microsoft Internet Explorer - Object Tag (MS03-020) Apache 2.0.45 - 'APR' Remote Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Exploit Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Microsoft Windows Media Services - Remote Exploit (MS03-022) eXtremail 1.5.x (Linux) - Remote Format Strings Exploit ColdFusion MX - Remote Development Service Exploit Microsoft Windows Media Services - Remote (MS03-022) eXtremail 1.5.x (Linux) - Remote Format Strings ColdFusion MX - Remote Development Service Microsoft Windows Media Services - 'nsiislog.dll' Remote Exploit Microsoft Windows Media Services - 'nsiislog.dll' Remote Citadel/UX BBS 6.07 - Remote Exploit Citadel/UX BBS 6.07 - Remote Microsoft Windows XP/2000 - 'RPC DCOM' Remote Exploit (MS03-026) Microsoft Windows XP/2000 - 'RPC DCOM' Remote (MS03-026) Microsoft Windows - 'RPC DCOM' Remote Exploit (1) Microsoft Windows - 'RPC DCOM' Remote Exploit (2) Microsoft Windows - 'RPC DCOM' Remote (1) Microsoft Windows - 'RPC DCOM' Remote (2) Microsoft Windows - 'RPC DCOM' Remote Exploit (Universal) Microsoft Windows - 'RPC DCOM' Remote (Universal) Microsoft Internet Explorer - Object Data Remote Exploit (MS03-032) Microsoft Internet Explorer - Object Data Remote (MS03-032) Linux pam_lib_smb < 1.1.6 - '/bin/login' Remote Exploit Linux pam_lib_smb < 1.1.6 - '/bin/login' Remote Overflow MySQL 3.23.x/4.0.x - Remote Exploit MySQL 3.23.x/4.0.x - Remote Buffer Overflow Microsoft Windows - 'RPC DCOM2' Remote Exploit (MS03-039) Microsoft Windows - 'RPC DCOM2' Remote (MS03-039) Microsoft Windows - 'RPC2' Universal Exploit / Denial of Service (RPC3) (MS03-039) Microsoft Windows - 'RPC2' Universal / Denial of Service (RPC3) (MS03-039) NIPrint LPD-LPR Print Server 4.10 - Remote Exploit Microsoft Windows XP/2000 - RPC Remote Non Exec Memory Exploit NIPrint LPD-LPR Print Server 4.10 - Remote Microsoft Windows XP/2000 - RPC Remote Non Exec Memory Microsoft FrontPage Server Extensions - 'fp30reg.dll' Exploit (MS03-051) Microsoft Windows - Workstation Service WKSSVC Remote Exploit (MS03-049) IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Exploit Opera 7.22 - File Creation and Execution Exploit (WebServer) Microsoft Windows XP - Workstation Service Remote Exploit (MS03-049) Microsoft FrontPage Server Extensions - 'fp30reg.dll' (MS03-051) Microsoft Windows - Workstation Service WKSSVC Remote (MS03-049) IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Opera 7.22 - File Creation and Execution (WebServer) Microsoft Windows XP - Workstation Service Remote (MS03-049) Microsoft Windows Messenger Service (French) - Remote Exploit (MS03-043) Eznet 3.5.0 - Remote Stack Overflow Universal Exploit Microsoft Windows Messenger Service (French) - Remote (MS03-043) Eznet 3.5.0 - Remote Stack Overflow Universal RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Eudora 6.0.3 (Windows) - Attachment Spoofing Exploit Eudora 6.0.3 (Windows) - Attachment Spoofing Cisco - Cisco Global Exploiter Tool Cisco - Cisco Global er Tool BFTPd - 'vsprintf()' Format Strings Exploit INND/NNRP < 1.6.x - Overflow Exploit BFTPd - 'vsprintf()' Format Strings INND/NNRP < 1.6.x - Overflow BFTPd 1.0.12 - Remote Exploit BFTPd 1.0.12 - Remote Overflow Check Point VPN-1/FireWall-1 4.1 SP2 - Blocked Port Bypass Exploit OpenBSD ftpd 2.6/2.7 - Remote Exploit Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Exploit WU-FTPD 2.6.0 - Remote Format Strings Exploit Check Point VPN-1/FireWall-1 4.1 SP2 - Blocked Port Bypass OpenBSD ftpd 2.6/2.7 - Remote Linux Kernel 2.2 - TCP/IP Weakness Spoof IP WU-FTPD 2.6.0 - Remote Format Strings Cisco - Password Bruteforcer Exploit Netscape Enterprise Server 4.0/sparc/SunOS 5.7 - Remote Exploit Cisco - Password Bruteforcer Netscape Enterprise Server 4.0/sparc/SunOS 5.7 - Remote Command Execution IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote Exploit TCP Connection Reset - Remote Exploit IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote Microsoft Windows XP/2000 - 'Lsasrv.dll' Remote Universal Exploit (MS04-011) Microsoft Windows XP/2000 - 'Lsasrv.dll' Remote Universal (MS04-011) Borland Interbase 7.x - Remote Exploit Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Exploit Borland Interbase 7.x - Remote Buffer Overflow Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Microsoft Internet Explorer - Remote Application.Shell Exploit Microsoft Internet Explorer - Remote Application.Shell Microsoft Internet Explorer - Remote Wscript.Shell Exploit Linux imapd - Remote Overflow File Retrieve Exploit Microsoft Internet Explorer - Remote Wscript.Shell Linux imapd - Remote Overflow / File Retrieve OpenFTPd 0.30.2 - Remote Exploit OpenFTPd 0.30.2 - Remote Remote CVS 1.11.15 - 'error_prog_name' Remote Exploit WU-IMAP 2000.287(1-2) - Remote Exploit rsync 2.5.1 - Remote Exploit (1) rsync 2.5.1 - Remote Exploit (2) Remote CVS 1.11.15 - 'error_prog_name' Arbitrary Code Execution WU-IMAP 2000.287(1-2) - Remote rsync 2.5.1 - Remote (1) rsync 2.5.1 - Remote (2) D-Link DCS-900 Camera - Remote IP Address Changer Exploit D-Link DCS-900 Camera - Remote IP Address Changer AOL Instant Messenger AIM - 'Away' Message Remote Exploit (2) AOL Instant Messenger AIM - 'Away' Message Remote (2) Citadel/UX 6.23 - Remote USER Directive Exploit Citadel/UX 6.23 - Remote USER Directive Microsoft Windows - JPEG GDI+ Overflow Shellcode Exploit Microsoft Windows - JPEG GDI+ Overflow Shellcode Microsoft Windows - JPEG GDI+ Overflow Administrator Exploit (MS04-028) Microsoft Windows - JPEG GDI+ Overflow Download Shellcode Exploit (MS04-028) Microsoft Windows - JPEG GDI+ Overflow Administrator (MS04-028) Microsoft Windows - JPEG GDI+ Overflow Download Shellcode (MS04-028) Eudora 6.2.0.7 - Attachment Spoofer Exploit Eudora 6.2.0.7 - Attachment Spoofer Microsoft Windows - Compressed Zipped Folders Exploit (MS04-034) Microsoft Windows - Compressed Zipped Folders (MS04-034) PHP 4.3.7/5.0.0RC3 - memory_limit Remote Exploit PHP 4.3.7/5.0.0RC3 - memory_limit Remote SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Exploit SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Apple iTunes - Playlist Buffer Overflow Download Shellcode Exploit Apple iTunes - Playlist Buffer Overflow Download Shellcode Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit Microsoft Internet Explorer - '.ANI' Universal Exploit (MS05-002) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow Microsoft Internet Explorer - '.ANI' Universal (MS05-002) Microsoft Internet Explorer - '.ANI' Downloader Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Downloader (MS05-002) 3CServer 1.1 (FTP Server) - Remote Exploit MSN Messenger - '.png' Image Buffer Overflow Download Shellcode Exploit 3CServer 1.1 (FTP Server) - Remote MSN Messenger - '.png' Image Buffer Overflow Download Shellcode Exim 4.43 - 'auth_spa_server()' Remote Exploit (PoC) Exim 4.43 - 'auth_spa_server()' Remote (PoC) Thomson TCW690 - POST Password Validation Exploit SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Exploit Thomson TCW690 - POST Password Validation SHOUTcast 1.9.4 (Windows) - File Request Format String Remote LimeWire 4.1.2 < 4.5.6 - 'GET' Remote Exploit LimeWire 4.1.2 < 4.5.6 - 'GET' Remote Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote Exploit Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote MailEnable Enterprise 1.x - IMAPd Remote Exploit MailEnable Enterprise 1.x - IMAPd Remote HP-UX FTPD 1.1.214.4 - 'REST' Remote Brute Force Exploit HP-UX FTPD 1.1.214.4 - 'REST' Remote Brute Force dSMTP Mail Server 3.1b (Linux) - Format String Exploit dSMTP Mail Server 3.1b (Linux) - Format String ViRobot Advanced Server 2.0 - 'addschup' Remote Cookie Exploit ViRobot Advanced Server 2.0 - 'addschup' Remote Cookie Microsoft Windows Message Queuing - Buffer Overflow Universal Exploit (MS05-017) (v.0.3) Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Exploit Nokia Affix < 3.2.0 - btftp Remote Client Exploit Microsoft Windows Message Queuing - Buffer Overflow Universal (MS05-017) (v.0.3) Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Nokia Affix < 3.2.0 - btftp Remote Client Hosting Controller 0.6.1 HotFix 2.1 - Change Credit Limit Exploit Baby Web Server 2.6.2 - Command Validation Exploit Hosting Controller 0.6.1 HotFix 2.1 - Change Credit Limit Baby Web Server 2.6.2 - Command Validation Small HTTP Server 3.05.28 - Arbitrary Data Execution Exploit HP OpenView OmniBack II - Generic Remote Exploit Small HTTP Server 3.05.28 - Arbitrary Data Execution HP OpenView OmniBack II - Generic Remote CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote Exploit CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote Exploit (MS05-038) Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038) Veritas Backup Exec (Windows) - Remote File Access Exploit (Metasploit) Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (MS05-039) Veritas Backup Exec (Windows) - Remote File Access (Metasploit) Microsoft Windows Plug-and-Play Service - Remote Universal (MS05-039) Solaris 10 LPD - Arbitrary File Delete Exploit (Metasploit) Solaris 10 LPD - Arbitrary File Delete (Metasploit) Microsoft IIS 5.0 - '500-100.asp' Server Name Spoof Exploit Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (Spanish) (MS05-039) Microsoft Windows Plug-and-Play Service (French) - Remote Universal Exploit (MS05-039) Microsoft IIS 5.0 - '500-100.asp' Server Name Spoof Microsoft Windows Plug-and-Play Service - Remote Universal (Spanish) (MS05-039) Microsoft Windows Plug-and-Play Service (French) - Remote Universal (MS05-039) HP OpenView Network Node Manager 7.50 - Remote Exploit DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote Exploit HP OpenView Network Node Manager 7.50 - Remote DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote Mozilla Browsers - 0xAD (HOST:) Remote Heap Buffer Overrun Exploit (2) Mozilla Browsers - 0xAD (HOST:) Remote Heap Buffer Overrun (2) HP-UX FTP Server - Unauthenticated Directory Listing Exploit (Metasploit) HP-UX FTP Server - Unauthenticated Directory Listing (Metasploit) Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote Exploit Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Exploit Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote Exploit Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote Mirabilis ICQ 2003a - Buffer Overflow Download Shellcode Exploit Mirabilis ICQ 2003a - Buffer Overflow Download Shellcode Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote Exploit (3) Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote Exploit (4) Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote (3) Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote (4) Microsoft Windows - DTC Remote Exploit (PoC) (MS05-051) (2) Microsoft Windows - DTC Remote (PoC) (MS05-051) (2) Mercury Mail Transport System 4.01b - PH SERVER Remote Exploit Mercury Mail Transport System 4.01b - PH SERVER Remote Farmers WIFE 4.4 sp1 - 'FTP' Remote System Access Exploit Farmers WIFE 4.4 sp1 - 'FTP' Remote System Access Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote Exploit (Metasploit) Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote (Metasploit) Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (1) Microsoft Internet Explorer - 'createTextRang' Remote Exploit (Metasploit) Microsoft Internet Explorer - 'createTextRang' Download Shellcode (1) Microsoft Internet Explorer - 'createTextRang' Remote (Metasploit) Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (2) Microsoft Internet Explorer - 'createTextRang' Download Shellcode (2) MySQL 4.1.18/5.0.20 - Local/Remote Information Leakage Exploit MySQL 4.1.18/5.0.20 - Local/Remote Information Leakage Microsoft Windows - DHCP Client Broadcast Exploit (MS06-036) Microsoft Windows - DHCP Client Broadcast (MS06-036) Microsoft Windows - CanonicalizePathName() Remote Exploit (MS06-040) Microsoft Windows - CanonicalizePathName() Remote (MS06-040) Easy File Sharing FTP Server 2.0 - 'PASS' Remote Exploit (PoC) Easy File Sharing FTP Server 2.0 - 'PASS' Remote (PoC) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (HTML) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (1) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (2) McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - Source Remote Exploit (Metasploit) Microsoft Internet Explorer - WebViewFolderIcon setSlice() (HTML) Microsoft Internet Explorer - WebViewFolderIcon setSlice() (1) Microsoft Internet Explorer - WebViewFolderIcon setSlice() (2) McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - Source Remote (Metasploit) AEP SmartGate 4.3b - 'GET' Arbitrary File Download Exploit Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote Exploit AEP SmartGate 4.3b - 'GET' Arbitrary File Download Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote MiniHTTPServer Web Forum & File Sharing Server 4.0 - Add User Exploit MiniHTTPServer Web Forum & File Sharing Server 4.0 - Add User Easy File Sharing Web Server 4 - Remote Information Stealer Exploit EFS Easy Address Book Web Server 1.2 - Remote File Stream Exploit Easy File Sharing Web Server 4 - Remote Information Stealer EFS Easy Address Book Web Server 1.2 - Remote File Stream Oracle 9i/10g - 'read/write/execute' Exploitation Suite Oracle 9i/10g - 'read/write/execute' ation Suite Oracle 9i/10g - 'utl_file' FileSystem Access Exploit Oracle 9i/10g - 'utl_file' FileSystem Access Microsoft Windows - ASN.1 Remote Exploit (MS04-007) Microsoft Windows - ASN.1 Remote (MS04-007) Rediff Bol Downloader - ActiveX Control Execute Local File Exploit Rediff Bol Downloader - ActiveX Control Execute Local File Microsoft Internet Explorer - VML Download and Execute Exploit (MS07-004) Microsoft Internet Explorer - VML Download and Execute (MS07-004) PA168 Chipset IP Phones - Weak Session Management Exploit PA168 Chipset IP Phones - Weak Session Management Lotus Domino R6 Webmail - Remote Password Hash Dumper Exploit Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack Exploit Lotus Domino R6 Webmail - Remote Password Hash Dumper Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack Oracle 10g - KUPW$WORKER.MAIN Grant/Revoke dba Permission Exploit Oracle 10g - KUPV$FT.ATTACH_JOB Grant/Revoke dba Permission Exploit Oracle 10g - KUPW$WORKER.MAIN Grant/Revoke dba Permission Oracle 10g - KUPV$FT.ATTACH_JOB Grant/Revoke dba Permission NetProxy 4.03 - Web Filter Evasion / Bypass Logging Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode Exploit (Perl) NetProxy 4.03 - Web Filter Evasion / Bypass Logging 3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode (Perl) PHP 5.2.0 - EXT/Filter FDF Post Filter Bypass Exploit PHP 5.2.0 - EXT/Filter FDF Post Filter Bypass Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Exploit Mercur Messaging 2005 < SP4 - IMAP Remote Exploit (Egghunter) Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Mercur Messaging 2005 < SP4 - IMAP Remote (Egghunter) Microsoft DNS Server - Dynamic DNS Updates Remote Exploit Microsoft DNS Server - Dynamic DNS Updates Remote Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage Exploit Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage Microsoft Internet Explorer - Recordset Double-Free Memory Exploit (MS07-009) Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote Exploit Microsoft Internet Explorer - Recordset Double-Free Memory (MS07-009) Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Remote Code Exploit CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Remote Code IBM Lotus Domino Server 6.5 - Unauthenticated Remote Exploit IBM Lotus Domino Server 6.5 - Unauthenticated Remote Microsoft Windows - Animated Cursor '.ani' Remote Exploit (eeye patch Bypass) Microsoft Windows - Animated Cursor '.ani' Remote (eeye patch Bypass) Microsoft Windows - Animated Cursor '.ani' Universal Exploit Generator Microsoft Windows - Animated Cursor '.ani' Universal Generator MiniWebsvr 0.0.7 - Remote Directory Traversal Virtual CD 9.0.0.2 - 'vc9api.DLL' Remote Shell Commands Execution Exploit Virtual CD 9.0.0.2 - 'vc9api.DLL' Remote Shell Commands Execution EDraw Office Viewer Component - Unsafe Method Exploit EDraw Office Viewer Component - Unsafe Method Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Exploit Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote IBM Tivoli Provisioning Manager - Unauthenticated Remote Exploit IBM Tivoli Provisioning Manager - Unauthenticated Remote Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method Exploit Yahoo! Messenger Webcam 8.1 - 'Ywcvwr.dll' Download / Execute Exploit Yahoo! Messenger Webcam 8.1 - 'Ywcupl.dll' Download / Execute Exploit Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method Yahoo! Messenger Webcam 8.1 - 'Ywcvwr.dll' Download / Execute Yahoo! Messenger Webcam 8.1 - 'Ywcupl.dll' Download / Execute HP Digital Imaging 'hpqxml.dll 2.0.0.133' - Arbitrary Data Write Exploit HP Digital Imaging 'hpqxml.dll 2.0.0.133' - Arbitrary Data Write HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' Exploit HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' Apache Tomcat Connector mod_jk - 'exec-shield' Remote Exploit Apache Tomcat Connector mod_jk - 'exec-shield' Remote SecureBlackbox 'PGPBBox.dll 5.1.0.112' - Arbitrary Data Write Exploit SecureBlackbox 'PGPBBox.dll 5.1.0.112' - Arbitrary Data Write Nessus Vulnerability Scanner 3.0.6 - ActiveX Remote Delete File Exploit Nessus Vulnerability Scanner 3.0.6 - ActiveX Remote Delete File VMware 'IntraProcessLogging.dll' 5.5.3.42958 - Arbitrary Data Write Exploit VMware 'IntraProcessLogging.dll' 5.5.3.42958 - Arbitrary Data Write BIND 9 0.3beta - DNS Cache Poisoning Exploit BIND 9 0.3beta - DNS Cache Poisoning NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote Exploit NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote Telecom Italy Alice Messenger - Remote Registry Key Manipulation Exploit Telecom Italy Alice Messenger - Remote Registry Key Manipulation Lighttpd 1.4.16 - FastCGI Header Overflow Remote Exploit Lighttpd 1.4.16 - FastCGI Header Overflow Remote Apple QuickTime /w IE .qtl Version XAS - Remote Exploit (PoC) Apple QuickTime /w IE .qtl Version XAS - Remote (PoC) Lighttpd 1.4.17 - FastCGI Header Overflow Remote Exploit Lighttpd 1.4.17 - FastCGI Header Overflow Remote Motorola Timbuktu Pro 8.6.5 - File Deletion/Creation Exploit Tor < 0.1.2.16 - ControlPort Remote Rewrite Exploit Motorola Timbuktu Pro 8.6.5 - File Deletion/Creation Tor < 0.1.2.16 - ControlPort Remote Rewrite Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak Exploit PBEmail 7 - ActiveX Edition Insecure Method Exploit Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak PBEmail 7 - ActiveX Edition Insecure Method IBM Lotus Domino 7.0.2FP1 - IMAP4 Server LSUB Command Exploit IBM Lotus Domino 7.0.2FP1 - IMAP4 Server LSUB Command SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Exploit EDraw Flowchart ActiveX Control 2.0 - Insecure Method Exploit SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote EDraw Flowchart ActiveX Control 2.0 - Insecure Method Apple QuickTime 7.2/7.3 (Internet Explorer 7 / Firefox / Opera) - RTSP Response Universal Exploit Apple QuickTime 7.2/7.3 (Internet Explorer 7 / Firefox / Opera) - RTSP Response Universal Apple QuickTime 7.2/7.3 - RSTP Response Universal Exploit Apple QuickTime 7.2/7.3 (OSX/Windows) - RSTP Response Universal Exploit Apple QuickTime 7.2/7.3 - RSTP Response Universal Apple QuickTime 7.2/7.3 (OSX/Windows) - RSTP Response Universal Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue Exploit (MS07-065) Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue (MS07-065) Macrovision FlexNet - 'isusweb.dll' DownloadAndExecute Method Exploit Macrovision FlexNet - 'isusweb.dll' DownloadAndExecute Method Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' install Method Exploit Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' install Method MailBee Objects 5.5 - 'MailBee.dll' Remote Insecure Method Exploit Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method Exploit MailBee Objects 5.5 - 'MailBee.dll' Remote Insecure Method Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method Chilkat FTP ActiveX 2.0 - 'ChilkatCert.dll' Insecure Method Exploit Chilkat FTP ActiveX 2.0 - 'ChilkatCert.dll' Insecure Method Backup Exec System Recovery Manager 7.0.1 - Arbitrary File Upload Rising AntiVirus Online Scanner - Insecure Method Flaw Exploit Rising AntiVirus Online Scanner - Insecure Method Flaw NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal Exploit NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal IBiz E-Banking Integrator 2.0 - ActiveX Edition Insecure Method Exploit IBiz E-Banking Integrator 2.0 - ActiveX Edition Insecure Method C6 Messenger - ActiveX Remote Download and Execute Exploit C6 Messenger - ActiveX Remote Download and Execute Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download Exploit Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning Exploit (Metasploit) BIND 9.x - Remote DNS Cache Poisoning Exploit (Python) Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote Exploit BIND 9.x - Remote DNS Cache Poisoning Exploit BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning (Metasploit) BIND 9.x - Remote DNS Cache Poisoning (Python) Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote BIND 9.x - Remote DNS Cache Poisoning Cisco IOS 12.3(18) (FTP Server) - Remote Exploit (Attached to GDB) Cisco IOS 12.3(18) (FTP Server) - Remote (Attached to GDB) BIND 9.5.0-P2 - 'Randomized Ports' Remote DNS Cache Poisoning Exploit BIND 9.5.0-P2 - 'Randomized Ports' Remote DNS Cache Poisoning Belkin Wireless G Router / ADSL2 Modem - Authentication Bypass Sun Solaris 10 - snoop(1M) Utility Remote Exploit Friendly Technologies - Read/Write Registry/Read Files Exploit Google Chrome 0.2.149.27 - Automatic File Download Exploit Sun Solaris 10 - snoop(1M) Utility Remote Friendly Technologies - Read/Write Registry/Read Files Google Chrome 0.2.149.27 - Automatic File Download Microworld Mailscan 5.6.a - Password Reveal Exploit Microworld Mailscan 5.6.a - Password Reveal NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Exploit NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Chilkat XML - ActiveX Arbitrary File Creation/Execution Exploit Chilkat XML - ActiveX Arbitrary File Creation/Execution Autodesk DWF Viewer Control / LiveUpdate Module - Remote Exploit GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec Exploit Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) Autodesk DWF Viewer Control / LiveUpdate Module - Remote GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) (MS08-021) PowerTCP FTP Module - Multiple Exploit Techniques (SEH HeapSpray) PowerTCP FTP Module - Multiple Techniques (SEH HeapSpray) MW6 Aztec - ActiveX 'Aztec.dll' Remote Insecure Method Exploit MW6 Barcode - ActiveX 'Barcode.dll' Insecure Method Exploit MW6 Datamatrix - ActiveX 'Datamatrix.dll' Insecure Method Exploit MW6 PDF417 - ActiveX 'MW6PDF417.dll' Remote Insecure Method Exploit MW6 Aztec - ActiveX 'Aztec.dll' Remote Insecure Method MW6 Barcode - ActiveX 'Barcode.dll' Insecure Method MW6 Datamatrix - ActiveX 'Datamatrix.dll' Insecure Method MW6 PDF417 - ActiveX 'MW6PDF417.dll' Remote Insecure Method GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API Exploit (Metasploit) GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API (Metasploit) Microsoft Windows - SmbRelay3 NTLM Replay Exploit (MS08-068) Microsoft Windows - SmbRelay3 NTLM Replay (MS08-068) DD-WRT v24-sp1 - Cross-Site Reference Forgery Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow Chilkat FTP - ActiveX (SaveLastError) Insecure Method Exploit Chilkat FTP - ActiveX (SaveLastError) Insecure Method ExcelOCX ActiveX 3.2 - Download File Insecure Method Exploit ExcelOCX ActiveX 3.2 - Download File Insecure Method GuildFTPd FTP Server 0.999.14 - Remote Delete Files Exploit GuildFTPd FTP Server 0.999.14 - Remote Delete Files GeoVision LiveAudio - ActiveX Remote Freed-Memory Access Exploit Morovia Barcode ActiveX 3.6.2 - 'MrvBarCd.dll' Insecure Method Exploit RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Exploit GeoVision LiveAudio - ActiveX Remote Freed-Memory Access Morovia Barcode ActiveX 3.6.2 - 'MrvBarCd.dll' Insecure Method RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Sysax Multi Server 4.3 - Arbitrary Delete Files Exploit Sysax Multi Server 4.3 - Arbitrary Delete Files Expoit IncrediMail 5.86 - Cross-Site Scripting Script Execution Exploit IncrediMail 5.86 - Cross-Site Scripting Script Execution Pirelli Discus DRG A225 wifi router - WPA2PSK Default Algorithm Exploit Pirelli Discus DRG A225 wifi router - WPA2PSK Default Algorithm Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote httpdx 0.8 - FTP Server Delete/Get/Create Directories/Files Exploit httpdx 0.8 - FTP Server Delete/Get/Create Directories/Files Bopup Communications Server 3.2.26.5460 - Remote SYSTEM Exploit Bopup Communications Server 3.2.26.5460 - Remote SYSTEM Green Dam - Remote Change System Time Exploit Green Dam - Remote Change System Time Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Exploit Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection IBM Installation Manager 1.3.0 - 'iim://' URI handler Exploit EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote Exploit Oracle - Document Capture BlackIce DEVMODE Exploit IBM Installation Manager 1.3.0 - 'iim://' URI handler EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote Oracle - Document Capture BlackIce DEVMODE Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization Exploit (Metasploit) Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit) AoA MP4 Converter 4.1.2 - ActiveX Exploit AoA MP4 Converter 4.1.2 - ActiveX Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit (Metasploit) Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote (Metasploit) Unreal Tournament 2004 - 'Secure' Overflow Exploit (Metasploit) Unreal Tournament 2004 - 'Secure' Overflow (Metasploit) AoA Audio Extractor Basic 2.3.7 - ActiveX Exploit AoA DVD Creator 2.6.2 - ActiveX Exploit AoA Audio Extractor Basic 2.3.7 - ActiveX AoA DVD Creator 2.6.2 - ActiveX Microsoft Internet Explorer 6 - Aurora Exploit Microsoft Internet Explorer 6 - Aurora Exploit EFS Software Easy Chat Server 2.2 - Buffer Overflow EFS Software Easy Chat Server 2.2 - Buffer Overflow AOL 9.5 - ActiveX Heap Spray Exploit AOL 9.5 - ActiveX Heap Spray (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Exploit (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Microsoft Internet Explorer 6/7 - Remote Code Execution (Remote User Add Exploit) Microsoft Internet Explorer 6/7 - Remote Code Execution (Remote User Add) Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Exploit Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free Exploit (Metasploit) Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free (Metasploit) Magneto Net Resource ActiveX 4.0.0.5 - 'NetFileClose' Universal Exploit Magneto Net Resource ActiveX 4.0.0.5 - 'NetConnectionEnum' Universal Exploit Magneto Net Resource ActiveX 4.0.0.5 - 'NetShareEnum' Universal Exploit Magneto Net Resource ActiveX 4.0.0.5 - 'NetFileClose' Universal Magneto Net Resource ActiveX 4.0.0.5 - 'NetConnectionEnum' Universal Magneto Net Resource ActiveX 4.0.0.5 - 'NetShareEnum' Universal Xftp client 3.0 - 'PWD' Remote Exploit Xftp client 3.0 - 'PWD' Remote HP Digital Imaging - 'hpodio08.dll' Insecure Method Exploit HP Digital Imaging - 'hpodio08.dll' Insecure Method ProSSHD 1.2 - Authenticated Remote Exploit (ASLR + DEP Bypass) ProSSHD 1.2 - Authenticated Remote (ASLR + DEP Bypass) Litespeed Technologies - Web Server Remote Poison Null Byte Exploit Litespeed Technologies - Web Server Remote Poison Null Byte Sun Java Web Server 7.0 u7 - Remote Exploit Sun Java Web Server 7.0 u7 - Remote Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Exploit Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote IBM AIX 5l - 'FTPd' Remote DES Hash Exploit IBM AIX 5l - 'FTPd' Remote DES Hash Barcodewiz Barcode ActiveX Control 3.29 - Remote HeapSpray Exploit (Internet Explorer 6/7) Barcodewiz Barcode ActiveX Control 3.29 - Remote HeapSpray (Internet Explorer 6/7) AoA Audio Extractor - Remote ActiveX SEH JIT Spray Exploit (ASLR + DEP Bypass) SopCast 3.2.9 - Remote Exploit AoA Audio Extractor - Remote ActiveX SEH JIT Spray (ASLR + DEP Bypass) SopCast 3.2.9 - Remote Adobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer Exploit Adobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Exploit Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote AoA Audio Extractor 2.x - ActiveX ROP Exploit AoA Audio Extractor 2.x - ActiveX ROP Microsoft ASP.NET - Auto-Decryptor File Download Exploit (MS10-070) Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070) Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Google Android 2.0 < 2.1 - Reverse Shell Exploit Google Android 2.0 < 2.1 - Reverse Shell FreeBSD Litespeed Web Server 4.0.17 with PHP - Remote Exploit Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Crystal Reports Viewer 12.0.0.549 - 'PrintControl.dll' ActiveX Exploit Microsoft Internet Explorer 8 - CSS Parser Exploit Crystal Reports Viewer 12.0.0.549 - 'PrintControl.dll' ActiveX Microsoft Internet Explorer 8 - CSS Parser Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote Exploit Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote Sun Microsystems SunScreen Firewall - Root Exploit Sun Microsystems SunScreen Firewall - Privilege Escalation FTPGetter 3.58.0.21 - 'PASV' Buffer Overflow Exploit FTPGetter 3.58.0.21 - 'PASV' Buffer Overflow Sun Java - Calendar Deserialization Exploit (Metasploit) Sun Java - Calendar Deserialization (Metasploit) Java - 'Statement.invoke()' Trusted Method Chain Exploit (Metasploit) Java - 'Statement.invoke()' Trusted Method Chain (Metasploit) Veritas Backup Exec Name Service - Overflow Exploit (Metasploit) Veritas Backup Exec Name Service - Overflow (Metasploit) Microsoft Private Communications Transport - Overflow Exploit (MS04-011) (Metasploit) Microsoft Private Communications Transport - Overflow (MS04-011) (Metasploit) Microsoft RRAS Service - Overflow Exploit (MS06-025) (Metasploit) Microsoft RRAS Service - Overflow (MS06-025) (Metasploit) Microsoft NetDDE Service - Overflow Exploit (MS04-031) (Metasploit) Microsoft NetDDE Service - Overflow (MS04-031) (Metasploit) CA BrightStor Agent for Microsoft SQL - Overflow Exploit (Metasploit) CA BrightStor Agent for Microsoft SQL - Overflow (Metasploit) CA BrightStor Universal Agent - Overflow Exploit (Metasploit) CA BrightStor Universal Agent - Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow (Metasploit) Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit) Mozilla Firefox - Interleaving 'document.write' / 'appendChild' (Metasploit) Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX Exploit (Metasploit) Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX (Metasploit) Microsoft RPC DCOM Interface - Overflow Exploit (MS03-026) (Metasploit) Microsoft RPC DCOM Interface - Overflow (MS03-026) (Metasploit) Savant Web Server 3.1 - Overflow Exploit (Metasploit) Savant Web Server 3.1 - Overflow (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Overflow Exploit (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Overflow (Metasploit) Snort Back Orifice - Pre-Preprocessor Remote Exploit (Metasploit) Snort Back Orifice - Pre-Preprocessor Remote (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Overflow Exploit (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Overflow (Metasploit) KingView 6.5.3 SCADA - ActiveX Exploit KingView 6.5.3 SCADA - ActiveX Google Android 2.0/2.1/2.1.1 - WebKit Use-After-Free Exploit Google Android 2.0/2.1/2.1.1 - WebKit Use-After-Free Progea Movicon 11 - 'TCPUploadServer' Remote Exploit Progea Movicon 11 - 'TCPUploadServer' Remote Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (ASLR + DEP Bypass) Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass) IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM Exploit IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' Exploit (Metasploit) Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' (Metasploit) IBM Web Application Firewall - Bypass Exploit IBM Web Application Firewall - Bypass Symantec Backup Exec 12.5 - Man In The Middle Exploit Symantec Backup Exec 12.5 - Man In The Middle Mozilla Firefox 3.6.16 (Windows 7) - mChannel Object Use-After-Free Exploit Mozilla Firefox 3.6.16 (Windows 7) - mChannel Object Use-After-Free Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Exploit Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' JBoss AS 2.0 - Remote Exploit JBoss AS 2.0 - Remote NJStar Communicator 3.00 - MiniSMTP Server Remote Exploit (Metasploit) NJStar Communicator 3.00 - MiniSMTP Server Remote (Metasploit) Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETADATA procedure Exploit Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETADATA procedure CoDeSys SCADA 2.3 - Remote Exploit CoDeSys SCADA 2.3 - Remote Buffer Overflow CoCSoft Stream Down 6.8.0 - Universal Exploit (Metasploit) Reaver - WiFi Protected Setup (WPS) Exploit CoCSoft Stream Down 6.8.0 - Universal (Metasploit) Reaver - WiFi Protected Setup (WPS) Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Exploit Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Apache Tomcat - Account Scanner / 'PUT' Request Remote Exploit Apache Tomcat - Account Scanner / 'PUT' Request Remote McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Exploit McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Berkeley Sendmail 5.58 - Debug Exploit Berkeley Sendmail 5.58 - Debug SunView (SunOS 4.1.1) - selection_svc Exploit SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit SunView (SunOS 4.1.1) - 'selection_svc' Remote File Read SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS IRIX 6.4 - 'pfdisplay.cgi' Exploit IRIX 6.4 - 'pfdisplay.cgi' Metainfo Sendmail 2.0/2.5 / MetaIP 3.1 - Upload / Execute Read Scripts WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Exploit (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Exploit (2) Metainfo Sendmail 2.0/2.5 / MetaIP 3.1 - Upload / Execute Read Scripts WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Buffer Overflow (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Buffer Overflow (2) HP JetAdmin 1.0.9 Rev. D - symlink Exploit HP JetAdmin 1.0.9 Rev. D - symlink XM Easy Personal FTP Server 5.30 - Remote Format String Write4 Exploit XM Easy Personal FTP Server 5.30 - Remote Format String Write4 Western Digital's WD TV Live SMP/Hub - Root Exploit Western Digital's WD TV Live SMP/Hub - Privilege Escalation Debian 2.1 - httpd Exploit Debian 2.1 - httpd SGI IRIX 6.2 - cgi-bin wrap Exploit SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Exploit SGI IRIX 6.4 - cgi-bin handler Exploit SGI IRIX 6.5.2 - 'nsd'' Exploit SGI IRIX 6.2 - cgi-bin wrap SGI IRIX 6.3 - cgi-bin 'webdist.cgi' SGI IRIX 6.4 - cgi-bin handler SGI IRIX 6.5.2 - 'nsd' Information Gathering IBM AIX 3.2.5 - 'login(1)' Exploit IBM AIX 3.2.5 - 'login(1)' Privilege Escalation Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS Exploit (1) Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (1) Microsoft Windows 98a/98b/98SE / Solaris 2.6 - IRDP Exploit Microsoft Windows 98a/98b/98SE / Solaris 2.6 - IRDP ProFTPd 1.2 pre6 - 'snprintf' Remote Root Exploit ProFTPd 1.2 pre6 - 'snprintf' Remote Root Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit Microsoft Internet Explorer 5.0/4.0.1 - iFrame PHP/FI 1.0/FI 2.0/FI 2.0 b10 - mylog/mlog Exploit Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 Exploit (1) Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 Exploit (2) PHP/FI 1.0/FI 2.0/FI 2.0 b10 - mylog/mlog Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 (1) Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 (2) AN-HTTPd 1.2b - CGI Exploits AN-HTTPd 1.2b - CGI s Allaire ColdFusion Server 4.0/4.0.1 - 'CFCACHE' Exploit Allaire ColdFusion Server 4.0/4.0.1 - 'CFCACHE' Information Disclosure RedHat 6.1 / IRIX 6.5.18 - 'lpd' Exploit RedHat 6.1 / IRIX 6.5.18 - 'lpd' Command Execution A-V Tronics InetServ 3.0 - WebMail GET Exploit A-V Tronics InetServ 3.0 - WebMail GET Cat Soft Serv-U FTP Server 2.5/a/b (Windows 95/98/2000/NT 4.0) - Shortcut Exploit Cat Soft Serv-U FTP Server 2.5/a/b (Windows 95/98/2000/NT 4.0) - Shortcut SGI InfoSearch 1.0 / SGI IRIX 6.5.x - fname Exploit SGI InfoSearch 1.0 / SGI IRIX 6.5.x - fname Cisco IOS 11.x/12.x - HTTP %% Exploit Cisco IOS 11.x/12.x - HTTP %% Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 - FTP Server Exploit Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 - FTP Server NCSA httpd-campas 1.2 - sample script Exploit NCSA httpd-campas 1.2 - sample script Microsoft Internet Explorer 5.5 - 'Index.dat' Exploit (MS00-055) Microsoft Internet Explorer 5.5 - 'Index.dat' (MS00-055) Novell NetWare Web Server 2.x - convert.bas Exploit Novell NetWare Web Server 2.x - convert.bas Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Exploit Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Novell Netware Web Server 3.x - files.pl Exploit Novell Netware Web Server 3.x - files.pl SGI IRIX 3/4/5/6 / OpenLinux 1.0/1.1 - routed traceon Exploit SGI IRIX 3/4/5/6 / OpenLinux 1.0/1.1 - routed traceon Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Exploit Sitecom MD-25x - Multiple Vulnerabilities Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Buffer Overflow Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based Exploit (SEH) (ASLR + DEP Bypass) BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based (SEH) (ASLR + DEP Bypass) IBM System Director Agent - Remote System Level Exploit IBM System Director Agent - Remote System Level MySQL - 'Stuxnet Technique' Windows Remote System Exploit MySQL - 'Stuxnet Technique' Windows Remote System Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting ActFax 5.01 - RAW Server Exploit (Metasploit) ActFax 5.01 - RAW Server (Metasploit) Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Exploit Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Adobe ColdFusion APSB13-03 - Remote Exploit (Metasploit) Adobe ColdFusion APSB13-03 - Remote Multiple Vulnerabilities (Metasploit) Plesk < 9.5.4 - Remote Exploit Plesk < 9.5.4 - Remote PCMan FTP Server 2.0.7 - Remote Exploit (Metasploit) PCMan FTP Server 2.0.7 - Remote (Metasploit) (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval Exploit (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval PHP 4.x - 'copy() Safe_Mode' Bypass Exploit PHP 4.x - 'copy() Safe_Mode' Bypass Microsoft PowerPoint 2003 - 'powerpnt.exe' Exploit Microsoft PowerPoint 2003 - 'powerpnt.exe' Microsoft Internet Explorer 6 - Code Execution (1) Microsoft Internet Explorer 6 - Code Execution (2) Microsoft Internet Explorer 6 - Code Execution (1) Microsoft Internet Explorer 6 - Code Execution (2) Nginx 1.4.0 (Generic Linux x64) - Remote Exploit Nginx 1.4.0 (Generic Linux x64) - Remote PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit PHP 5.2.5 - cURL 'safe_mode' Security Bypass Oracle Forms and Reports 11.1 - Remote Exploit Oracle Forms and Reports 11.1 - Arbitrary Code Execution Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Exploit Novell eDirectory 8.x - eMBox Utility 'edirutil' Command OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (1) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (1) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (2) (DTLS Support) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support) Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow Exploit Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow SugarCRM 6.5.23 - REST PHP Object Injection Exploit (Metasploit) SugarCRM 6.5.23 - REST PHP Object Injection (Metasploit) NovaSTOR NovaNET 12.0 - Remote SYSTEM Exploit NovaSTOR NovaNET 12.0 - Remote SYSTEM Kolibri Web Server 2.0 - GET Exploit (SEH) Kolibri Web Server 2.0 - GET (SEH) GNU bash 4.3.11 - Environment Variable dhclient Exploit GNU bash 4.3.11 - Environment Variable dhclient Eclipse 3.6.1 - Help Server help/index.jsp URI Cross-Site Scripting Eclipse 3.6.1 - Help Server help/advanced/content.jsp URI Cross-Site Scripting Eclipse 3.6.1 - Help Server 'help/index.jsp' Cross-Site Scripting Eclipse 3.6.1 - Help Server 'help/advanced/content.jsp' Cross-Site Scripting Microsoft Windows - OLE Remote Code Execution 'Sandworm' Exploit (MS14-060) Microsoft Windows - OLE Remote Code Execution 'Sandworm' (MS14-060) tnftp (FreeBSD 8/9/10) - 'tnftp' Client Eide Exploit tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side VSAT Sailor 900 - Remote Exploit VSAT Sailor 900 - Remote Bsplayer 2.68 - HTTP Response Universal Exploit Bsplayer 2.68 - HTTP Response Universal MS SQL Server 2000/2005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit MS SQL Server 2000/2005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Microsoft Windows Media Center - MCL Exploit (MS15-100) (Metasploit) Microsoft Windows Media Center - MCL (MS15-100) (Metasploit) Adobe Flash - Object.unwatch Use-After-Free Exploit Adobe Flash - Object.unwatch Use-After-Free Google Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass) Google Android 5.0.1 - Metaphor Stagefright (ASLR Bypass) TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote Exploit TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote D-Link DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) D-Link DIR-Series Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) DC/OS Marathon UI - Docker Exploit (Metasploit) DC/OS Marathon UI - Docker (Metasploit) CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Exploit CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote Exploit PHP-Nuke 6.9 - 'cid' SQL Injection Remote Exploit phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote PHP-Nuke 6.9 - 'cid' SQL Injection Remote UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Exploit PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Code Execution PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote phpMyChat 0.14.5 - Remote Improper File Permissions Exploit e107 - 'include()' Remote Exploit phpMyChat 0.14.5 - Remote Improper File Permissions e107 - 'include()' Remote Siteman 1.1.10 - Remote Administrative Account Addition Exploit Siteman 1.1.10 - Remote Administrative Account Addition PostNuke PostWrap Module - Remote Exploit PHP-Nuke 7.4 - Admin Exploit PostNuke PostWrap Module - Remote PHP-Nuke 7.4 - Admin AWStats 5.7 < 6.2 - Multiple Remote Exploits (PoC) AWStats 5.7 < 6.2 - Multiple Remote Exploits AWStats 5.7 < 6.2 - Multiple Remote s (PoC) AWStats 5.7 < 6.2 - Multiple Remote s Aztek Forum 4.0 - 'myadmin.php' Database Dumper Exploit Aztek Forum 4.0 - 'myadmin.php' Database Dumper phpBB 2.0.13 - 'downloads.php' mod Remote Exploit phpBB 2.0.13 - 'Calendar Pro' mod Remote Exploit phpBB 2.0.13 - 'downloads.php' mod Remote phpBB 2.0.13 - 'Calendar Pro' mod Remote PhotoPost - Arbitrary Data Remote Exploit PhotoPost - Arbitrary Data Remote ZeroBoard 4.1 - preg_replace Remote nobody Shell Exploit ZeroBoard 4.1 - 'preg_replace' Remote Nobody Shell eXtropia Shopping Cart - 'web_store.cgi' Remote Exploit Mambo 4.5.2.1 - Fetch Password Hash Remote Exploit PHP Arena 1.1.3 - 'pafiledb.php' Remote Change Password Exploit eXtropia Shopping Cart - 'web_store.cgi' Remote Mambo 4.5.2.1 - Fetch Password Hash Remote PHP Arena 1.1.3 - 'pafiledb.php' Remote Change Password PHP-Fusion 6.00.105 - Accessible Database Backups Download Exploit PHP-Fusion 6.00.105 - Accessible Database Backups Download phpBB 2.0.15 - 'highlight' Database Authentication Details Exploit phpBB 2.0.15 - 'highlight' Database Authentication Details Hosting Controller 6.1 HotFix 2.2 - Add Domain without Quota Exploit Hosting Controller 6.1 HotFix 2.2 - Add Domain without Quota Simple PHP Blog 0.4.0 - Multiple Remote Exploits Simple PHP Blog 0.4.0 - Multiple Remote s MuOnline Loopholes Web Server - 'pkok.asp' SQL Injection Guppy 4.5.9 - 'REMOTE_ADDR' Remote Commands Execution Exploit Guppy 4.5.9 - 'REMOTE_ADDR' Remote Commands Execution SimpleBBS 1.1 - Remote Commands Execution Exploit SimpleBBS 1.1 - Remote Commands Execution SimpleBBS 1.1 - Remote Commands Execution Exploit (C) SimpleBBS 1.1 - Remote Commands Execution (C) Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote Exploit Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote phpBB 2.0.17 - 'signature_bbcode_uid' Remote Command Exploit phpDocumentor 1.3.0 rc4 - Remote Commands Execution Exploit phpBB 2.0.17 - 'signature_bbcode_uid' Remote Command phpDocumentor 1.3.0 rc4 - Remote Commands Execution Magic News Plus 1.0.3 - Admin Pass Change Exploit Magic News Plus 1.0.3 - Admin Pass Change creLoaded 6.15 - 'HTMLAREA' Automated Perl Exploit creLoaded 6.15 - 'HTMLAREA' Automated Perl CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution Exploit SPIP 1.8.2g - Remote Commands Execution Exploit CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution SPIP 1.8.2g - Remote Commands Execution DocMGR 0.54.2 - 'file_exists' Remote Commands Execution Exploit DocMGR 0.54.2 - 'file_exists' Remote Commands Execution EnterpriseGS 1.0 rc4 - Remote Commands Execution Exploit FlySpray 0.9.7 - 'install-0.9.7.php' Remote Commands Execution Exploit EnterpriseGS 1.0 rc4 - Remote Commands Execution FlySpray 0.9.7 - 'install-0.9.7.php' Remote Commands Execution PHPKIT 1.6.1R2 - 'filecheck' Remote Commands Execution Exploit PHPKIT 1.6.1R2 - 'filecheck' Remote Commands Execution Coppermine Photo Gallery 1.4.3 - Remote Commands Execution Exploit Coppermine Photo Gallery 1.4.3 - Remote Commands Execution GeekLog 1.x - 'error.log' (gpc = Off) Remote Commands Execution Exploit GeekLog 1.x - 'error.log' (gpc = Off) Remote Commands Execution VHCS 2.4.7.1 - Add User Authentication Bypass Pentacle In-Out Board 6.03 - 'login.asp' Remote Authentication Bypass Farsinews 2.5 - Directory Traversal Arbitrary 'users.db' Access Exploit Farsinews 2.5 - Directory Traversal Arbitrary 'users.db' Access PHP-Stats 0.1.9.1 - Remote Commands Execution Exploit PHP-Stats 0.1.9.1 - Remote Commands Execution Gallery 2.0.3 - stepOrder[] Remote Commands Execution Exploit Gallery 2.0.3 - stepOrder[] Remote Commands Execution JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Simplog 0.9.2 - 's' Remote Commands Execution Exploit Simplog 0.9.2 - 's' Remote Commands Execution phpWebSite 0.10.2 - 'hub_dir' Remote Commands Execution Exploit phpWebSite 0.10.2 - 'hub_dir' Remote Commands Execution FlexBB 0.5.5 - '/inc/start.php?_COOKIE' SQL Bypass Exploit FlexBB 0.5.5 - '/inc/start.php?_COOKIE' SQL Bypass phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Exploit Sugar Suite Open Source 4.2 - 'OptimisticLock' Remote Exploit phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Sugar Suite Open Source 4.2 - 'OptimisticLock' Remote DeluxeBB 1.06 - 'Attachment mod_mime' Remote Exploit DeluxeBB 1.06 - 'Attachment mod_mime' Remote XOOPS 2.0.13.2 - 'xoopsOption[nocommon]' Remote Exploit XOOPS 2.0.13.2 - 'xoopsOption[nocommon]' Remote Command Execution Drupal 4.7 - 'Attachment mod_mime' Remote Exploit Drupal 4.7 - 'Attachment mod_mime' Remote EggBlog < 3.07 - Remote SQL Injection / Privilege Escalation Speedy ASP Forum - 'profileupdate.asp' User Pass Change Exploit Nukedit 4.9.6 - Unauthorized Admin Add Speedy ASP Forum - 'profileupdate.asp' User Pass Change Nukedit 4.9.6 - Unauthorized Admin Add aspWebLinks 2.0 - SQL Injection / Admin Pass Change Exploit aspWebLinks 2.0 - SQL Injection / Admin Pass Change FunkBoard CF0.71 - 'profile.php' Remote User Pass Change Exploit FunkBoard CF0.71 - 'profile.php' Remote User Pass Change myNewsletter 1.1.2 - 'adminLogin.asp' Authentication Bypass Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime Exploit Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime MyBulletinBoard (MyBB) 1.1.3 - 'usercp.php' Create Admin Exploit MyBulletinBoard (MyBB) 1.1.3 - 'usercp.php' Create Admin Phorum 5 - 'pm.php' Arbitrary Local Inclusion Exploit Phorum 5 - 'pm.php' Arbitrary Local Inclusion TinyPHP Forum 3.6 - 'makeAdmin' Remote Admin Maker Exploit TinyPHP Forum 3.6 - 'makeAdmin' Remote Admin Maker WEBInsta MM 1.3e - 'absolute_path' Remote File Inclusion Joomla! Component Poll 1.0.10 - Arbitrary Add Votes Exploit Joomla! Component Poll 1.0.10 - Arbitrary Add Votes Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Remote Exploit Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Remote Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics Remote Exploit Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics Remote PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote Exploit PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit TR Forum 2.0 - SQL Injection / Bypass Security Restriction phpBB 2.0.21 - Poison Null Byte Remote Exploit phpBB 2.0.21 - Poison Null Byte Remote Blog Pixel Motion 2.1.1 - PHP Code Execution / Create Admin Exploit Blog Pixel Motion 2.1.1 - PHP Code Execution / Create Admin Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users Exploit Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users Active Bulletin Board 1.1b2 - Remote User Pass Change Exploit Active Bulletin Board 1.1b2 - Remote User Pass Change JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface Exploit JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface PHP League 0.81 - 'config.php' Remote File Inclusion MiraksGalerie 2.62 - 'pcltar.lib.php' Remote File Inclusion E Annu 1.0 - Authentication Bypass / SQL Injection Invision Power Board 2.1.7 - 'Debug' Remote Password Change Exploit Invision Power Board 2.1.7 - 'Debug' Remote Password Change iPrimal Forums - '/admin/index.php' Change User Password Exploit iPrimal Forums - '/admin/index.php' Change User Password Online Event Registration 2.0 - 'save_profile.asp' Pass Change Exploit Online Event Registration 2.0 - 'save_profile.asp' Pass Change Bandwebsite 1.5 - 'LOGIN' Remote Add Admin Enthrallweb eClassifieds 1.0 - Remote User Pass Change Exploit Enthrallweb eCoupons 1.0 - 'myprofile.asp' Remote Pass Change Exploit Enthrallweb eNews 1.0 - Remote User Pass Change Exploit Enthrallweb eClassifieds 1.0 - Remote User Pass Change Enthrallweb eCoupons 1.0 - 'myprofile.asp' Remote Pass Change Enthrallweb eNews 1.0 - Remote User Pass Change Fishyshoop 0.930b - Remote Add Administrator Account Exploit Fishyshoop 0.930b - Remote Add Administrator Account Cahier de texte 2.2 - Bypass General Access Protection Exploit Cahier de texte 2.2 - Bypass General Access Protection Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin Exploit Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin IMGallery 2.5 - Create Uploader Script Exploit IMGallery 2.5 - Create Uploader Script TaskTracker 1.5 - 'Customize.asp' Remote Add Administrator Exploit TaskTracker 1.5 - 'Customize.asp' Remote Add Administrator FdWeB Espace Membre 2.01 - 'path' Remote File Inclusion GuppY 4.5.16 - Remote Commands Execution Exploit GuppY 4.5.16 - Remote Commands Execution Extcalendar 2 - 'profile.php' Remote User Pass Change Exploit Extcalendar 2 - 'profile.php' Remote User Pass Change Advanced Poll 2.0.5-dev - Remote Admin Session Generator Exploit Advanced Poll 2.0.5-dev - Remote Admin Session Generator Site-Assistant 0990 - 'paths[version]' Remote File Inclusion AT Contenator 1.0 - 'Root_To_Script' Remote File Inclusion VS-News-System 1.2.1 - 'newsordner' Remote File Inclusion VS-Link-Partner 2.1 - 'script_pfad' Remote File Inclusion VS-News-System 1.2.1 - 'newsordner' Remote File Inclusion VS-Link-Partner 2.1 - 'script_pfad' Remote File Inclusion S-Gastebuch 1.5.3 - 'gb_pfad' Remote File Inclusion AJ Dating 1.0 - 'view_profile.php' SQL Injection AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection AJ Dating 1.0 - 'view_profile.php' SQL Injection AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection JobSitePro 1.0 - 'search.php' SQL Injection JGBBS 3.0beta1 - 'search.asp?author' SQL Injection WSN Guest 1.21 - 'id' SQL Injection Dayfox Blog 4 - 'postpost.php' Remote Code Execution Orion-Blog 2.0 - Remote Authentication Bypass WSN Guest 1.21 - 'id' SQL Injection Dayfox Blog 4 - 'postpost.php' Remote Code Execution Orion-Blog 2.0 - Remote Authentication Bypass Particle Blogger 1.2.0 - 'post.php?postid' SQL Injection PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()' Exploit PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()' Guestbara 1.2 - Change Admin Login and Password Exploit Guestbara 1.2 - Change Admin Login and Password Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection eWebquiz 8 - 'eWebQuiz.asp' SQL Injection PBlang 4.66z - Remote Create Admin Exploit PBlang 4.66z - Remote Create Admin IceBB 1.0-rc5 - Remote Create Admin Exploit IceBB 1.0-rc5 - Remote Create Admin Joomla! Component D4JeZine 2.8 - Blind SQL Injection Web Content System 2.7.1 - Remote File Inclusion XOOPS Module Lykos Reviews 1.00 - 'index.php' SQL Injection WinMail Server 4.4 build 1124 - 'WebMail' Remote Add Super User Exploit WinMail Server 4.4 build 1124 - 'WebMail' Remote Add Super User XOOPS Module debaser 0.92 - 'genre.php' Blind SQL Injection XOOPS Module RM+Soft Gallery 1.0 - Blind SQL Injection XOOPS Module XFsection 1.07 - 'articleId' Blind SQL Injection XOOPS Module PopnupBlog 2.52 - 'postid' Blind SQL Injection phpMyNewsletter 0.6.10 - 'customize.php' Remote File Inclusion XOOPS Module WF-Snippets 1.02 (c) - Blind SQL Injection Mutant 0.9.2 - 'mutant_functions.php' Remote File Inclusion XOOPS Module WF-Snippets 1.02 (c) - Blind SQL Injection Mutant 0.9.2 - 'mutant_functions.php' Remote File Inclusion CodeBreak 1.1.2 - 'codebreak.php' Remote File Inclusion e107 0.7.8 - 'mailout.php' Authenticated Access Escalation Exploit e107 0.7.8 - 'mailout.php' Authenticated Access Escalation AimStats 3.2 - 'process.php?update' Remote Code Execution wavewoo 0.1.1 - 'loading.php?path_include' Remote File Inclusion The Merchant 2.2.0 - 'index.php?show' Remote File Inclusion phpMyPortal 3.0.0 RC3 - GLOBALS[CHEMINMODULES] Remote File Inclusion Snaps! Gallery 1.4.4 - Remote User Pass Change Exploit Snaps! Gallery 1.4.4 - Remote User Pass Change PHP FirstPost 0.1 - 'block.php?Include' Remote File Inclusion XOOPS Module resmanager 1.21 - Blind SQL Injection Alstrasoft e-Friends 4.21 - Admin Session Retrieve Exploit Alstrasoft Live Support 1.21 - Admin Credential Retrieve Exploit Alstrasoft e-Friends 4.21 - Admin Session Retrieve Alstrasoft Live Support 1.21 - Admin Credential Retrieve WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing Exploit WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve Exploit XOOPS Module icontent 1.0/4.5 - Remote File Inclusion RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve XOOPS Module icontent 1.0/4.5 - Remote File Inclusion NewsSync for phpBB 1.5.0rc6 - Remote File Inclusion PHP Real Estate Classifieds - Remote File Inclusion Solar Empire 2.9.1.1 - Blind SQL Injection / Hash Retrieve Exploit Solar Empire 2.9.1.1 - Blind SQL Injection / Hash Retrieve AV Tutorial Script 1.0 - Remote User Pass Change Exploit AV Tutorial Script 1.0 - Remote User Pass Change Vivvo CMS 3.4 - 'index.php' Blind SQL Injection JBlog 1.0 - Create / Delete Admin Authentication Bypass Fuzzylime CMS 3.0 - Local File Inclusion Flip 3.0 - Remote Admin Creation Exploit Flip 3.0 - Remote Admin Creation Drupal 5.2 - PHP Zend Hash Exploitation Vector Drupal 5.2 - PHP Zend Hash ation Vector PHP-AGTC Membership System 1.1a - Remote Add Admin IceBB 1.0-rc6 - Remote Database Authentication Details Exploit IceBB 1.0-rc6 - Remote Database Authentication Details Ucms 1.8 - Backdoor Remote Command Execution Snitz Forums 2000 - 'Active.asp' SQL Injection MonAlbum 0.87 - Arbitrary File Upload / Password Grabber Exploit MonAlbum 0.87 - Arbitrary File Upload / Password Grabber FreeWebShop 2.2.7 - 'cookie' Admin Password Grabber Exploit FreeWebShop 2.2.7 - 'cookie' Admin Password Grabber CuteNews 1.4.5 - Admin Password md5 Hash Fetching Exploit CuteNews 1.4.5 - Admin Password md5 Hash Fetching WebPortal CMS 0.6-beta - Remote Password Change Exploit WebPortal CMS 0.6-beta - Remote Password Change ClipShare 2.6 - Remote User Password Change Exploit ClipShare 2.6 - Remote User Password Change NetRisk 1.9.7 - Remote Password Change Exploit NetRisk 1.9.7 - Remote Password Change DomPHP 0.81 - Remote Add Administrator Exploit DomPHP 0.81 - Remote Add Administrator Evilsentinel 1.0.9 - Multiple Vulnerabilities Disable Exploit Evilsentinel 1.0.9 - Multiple Vulnerabilities Disable DigitalHive 2.0 RC2 - 'user_id' SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote Exploit MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote sCssBoard (Multiple Versions) - 'pwnpack' Remote Exploits sCssBoard (Multiple Versions) - 'pwnpack' Remote s PunBB 1.2.16 - Blind Password Recovery Exploit MultiCart 2.0 - 'productdetails.php' SQL Injection PunBB 1.2.16 - Blind Password Recovery MultiCart 2.0 - 'productdetails.php' SQL Injection QuickTalk Forum 1.6 - Blind SQL Injection Destar 0.2.2-5 - Arbitrary Add New User Exploit Destar 0.2.2-5 - Arbitrary Add New User phpBB Addon Fishing Cat Portal - Remote File Inclusion LightNEasy 1.2 - no database Remote Hash Retrieve Exploit LightNEasy 1.2 - no database Remote Hash Retrieve Joomla! Component JoomlaXplorer 1.6.2 - Remote Exploits Joomla! Component JoomlaXplorer 1.6.2 - Remote s OpenInvoice 0.9 - Arbitrary Change User Password Exploit OpenInvoice 0.9 - Arbitrary Change User Password txtCMS 0.3 - 'index.php' Local File Inclusion Zomplog 3.8.2 - 'newuser.php' Arbitrary Add Admin MeltingIce File System 1.0 - Arbitrary Add User Exploit MeltingIce File System 1.0 - Arbitrary Add User CMSimple 3.1 - Local File Inclusion / Arbitrary File Upload Telephone Directory 2008 - Arbitrary Delete Contact Exploit Telephone Directory 2008 - Arbitrary Delete Contact AuraCMS 2.2.2 - '/pages_data.php' Arbitrary Edit/Add/Delete Exploit AuraCMS 2.2.2 - '/pages_data.php' Arbitrary Edit/Add/Delete Scripteen Free Image Hosting Script 1.2 - 'cookie' Pass Grabber Exploit Scripteen Free Image Hosting Script 1.2 - 'cookie' Pass Grabber WordPress Plugin Download Manager 0.2 - Arbitrary File Upload IceBB 1.0-RC9.2 - Blind SQL Injection / Session Hijacking Exploit IceBB 1.0-RC9.2 - Blind SQL Injection / Session Hijacking moziloCMS 1.10.1 - 'download.php' Arbitrary Download File Exploit moziloCMS 1.10.1 - 'download.php' Arbitrary Download File LoveCMS 1.6.2 Final - Update Settings Remote Exploit LoveCMS 1.6.2 Final - Update Settings Remote Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password Exploit MemHT Portal 3.9.0 - Remote Create Shell Exploit Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password MemHT Portal 3.9.0 - Remote Create Shell WordPress 2.6.1 - SQL Column Truncation Admin Takeover Exploit WordPress 2.6.1 - SQL Column Truncation Admin Takeover phsBlog 0.2 - Bypass SQL Injection Filtering Exploit phsBlog 0.2 - Bypass SQL Injection Filtering Sports Clubs Web Panel 0.0.1 - Remote Game Delete Exploit Sports Clubs Web Panel 0.0.1 - Remote Game Delete Pluck CMS 4.5.3 - 'update.php' Remote File Corruption Exploit Pluck CMS 4.5.3 - 'update.php' Remote File Corruption Kusaba 1.0.4 - Remote Code Execution (2) Globsy 1.0 - Remote File Rewriting Exploit Globsy 1.0 - Remote File Rewriting LokiCMS 0.3.4 - 'index.php' Arbitrary Check File Exploit LokiCMS 0.3.4 - 'index.php' Arbitrary Check File Micro CMS 0.3.5 - Remote Add/Delete/Password Change Exploit Micro CMS 0.3.5 - Remote Add/Delete/Password Change FREEze Greetings 1.0 - Remote Password Retrieve Exploit FREEze Greetings 1.0 - Remote Password Retrieve wPortfolio 0.3 - Admin Password Changing Exploit wPortfolio 0.3 - Admin Password Changing vBulletin 3.7.3 - Visitor Message Cross-Site Request Forgery / Worm Exploit vBulletin 3.7.3 - Visitor Message Cross-Site Request Forgery / Worm Discuz! - Remote Reset User Password Exploit Discuz! - Remote Reset User Password All Club CMS 0.0.2 - Remote Database Configuration Retrieve Exploit All Club CMS 0.0.2 - Remote Database Configuration Retrieve OpenForum 0.66 Beta - Remote Reset Admin Password Exploit OpenForum 0.66 Beta - Remote Reset Admin Password IPNPro3 < 1.44 - Admin Password Changing Exploit DL PayCart 1.34 - Admin Password Changing Exploit Bonza Cart 1.10 - Admin Password Changing Exploit IPNPro3 < 1.44 - Admin Password Changing DL PayCart 1.34 - Admin Password Changing Bonza Cart 1.10 - Admin Password Changing Wysi Wiki Wyg 1.0 - Remote Password Retrieve Exploit Wysi Wiki Wyg 1.0 - Remote Password Retrieve Flatnux - html/JavaScript Injection Cookie Grabber Exploit Flatnux - html/JavaScript Injection Cookie Grabber BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Exploit BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Comersus Shopping Cart 6.0 - Remote User Pass Exploit Comersus Shopping Cart 6.0 - Remote User Pass Fhimage 1.2.1 - Remote Index Change Exploit Fhimage 1.2.1 - Remote Index Change Max.Blog 1.0.6 - Arbitrary Delete Post Exploit Max.Blog 1.0.6 - Arbitrary Delete Post OpenFiler 2.3 - (Authentication Bypass) Remote Password Change Exploit OpenFiler 2.3 - (Authentication Bypass) Remote Password Change txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges MemHT Portal 4.0.1 - Delete All Private Messages Exploit MemHT Portal 4.0.1 - Delete All Private Messages Traidnt up 2.0 - 'cookie' Add Extension Bypass Exploit Traidnt up 2.0 - 'cookie' Add Extension Bypass Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass Exploit) Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass ) eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password Exploit eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password TotalCalendar 2.4 - Remote Password Change Exploit TotalCalendar 2.4 - Remote Password Change Absolute Form Processor XE-V 1.5 - Remote Change Password Exploit Absolute Form Processor XE-V 1.5 - Remote Change Password Teraway LinkTracker 1.0 - Remote Password Change Exploit Teraway LinkTracker 1.0 - Remote Password Change VisionLms 1.0 - 'changePW.php' Remote Password Change Exploit VisionLms 1.0 - 'changePW.php' Remote Password Change MiniTwitter 0.2b - Remote User Options Changer Exploit MiniTwitter 0.2b - Remote User Options Changer Simple Customer 1.3 - Arbitrary Change Admin Password Job Script 2.0 - Arbitrary Change Admin Password Simple Customer 1.3 - Arbitrary Change Admin Password Job Script 2.0 - Arbitrary Change Admin Password MaxCMS 2.0 - 'm_username' Arbitrary Create Admin Exploit MaxCMS 2.0 - 'm_username' Arbitrary Create Admin 2DayBiz Template Monster Clone - 'edituser.php' Change Pass Exploit 2DayBiz Template Monster Clone - 'edituser.php' Change Pass PHP Article Publisher - Remote Change Admin Password Coppermine Photo Gallery 1.4.22 - Remote Exploit Coppermine Photo Gallery 1.4.22 - Remote Joomla! Component Casino 0.3.1 - Multiple SQL Injections Exploits Joomla! Component Casino 0.3.1 - Multiple SQL Injections s ZaoCMS - 'user_updated.php' Remote Change Password Exploit ZaoCMS - 'user_updated.php' Remote Change Password Mole Group Sky Hunter/Bus Ticket Scripts - Change Admin Password Ultimate Media Script 2.0 - Remote Change Content Gallarific - 'user.php' Arbirary Change Admin Information Exploit Ultimate Media Script 2.0 - Remote Change Content Gallarific - 'user.php' Arbirary Change Admin Information ShaadiClone 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin Online Grades & Attendance 3.2.6 - Credentials Changer SQL Exploit Online Grades & Attendance 3.2.6 - Credentials Changer SQL Web Directory PRO - 'Admins.php' Change Admin Password Host Directory PRO 2.1.0 - Remote Change Admin Password Grestul 1.2 - Remote Add Administrator Account Exploit Grestul 1.2 - Remote Add Administrator Account Evernew Free Joke Script 1.2 - Remote Change Password Exploit Evernew Free Joke Script 1.2 - Remote Change Password phpMyAdmin - pmaPWN! Code Injection Remote Code Execution Scanner & Exploit Tool phpMyAdmin - 'pmaPWN!' Code Injection / Remote Code Execution Messages Library 2.0 - Arbitrary Administrator Account Infinity 2.0.5 - Arbitrary Create Admin Exploit Infinity 2.0.5 - Arbitrary Create Admin webLeague 2.2.0 - 'install.php' Remote Change Password Exploit webLeague 2.2.0 - 'install.php' Remote Change Password JBLOG 1.5.1 - SQL Table Backup Exploit JBLOG 1.5.1 - SQL Table Backup Barracuda IMFirewall 620 - Exploit Barracuda IMFirewall 620 - Barracuda Web Firewall 660 Firmware 7.3.1.007 - Exploit Barracuda Web Firewall 660 Firmware 7.3.1.007 - XP Book 3.0 - login Admin Exploit XP Book 3.0 - login Admin Jax Guestbook 3.50 - Admin Login Exploit Jax Guestbook 3.50 - Admin Login ImageVue 2.0 - Remote Admin Login Exploit ImageVue 2.0 - Remote Admin Login SoftCab Sound Converter - 'sndConverter.ocx' ActiveX Insecure Method Exploit SoftCab Sound Converter - 'sndConverter.ocx' ActiveX Insecure Method Jevonweb Guestbook - Remote Admin Access Exploit Simple PHP Guestbook - Remote Admin Access Exploit Jevonweb Guestbook - Remote Admin Access Simple PHP Guestbook - Remote Admin Access PHPShop 0.6 - Bypass Exploit PHPShop 0.6 - Bypass Jax Calendar 1.34 - Remote Admin Access Exploit Jax Calendar 1.34 - Remote Admin Access al3jeb script - Remote Change Password Exploit al3jeb script - Remote Change Password Joomla! 1.5.12 - connect back Exploit Joomla! 1.5.12 - Connect Back Snif 1.5.2 - Any Filetype Download Exploit Snif 1.5.2 - Any Filetype Download bispage - Bypass Exploit bispage - Bypass Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Torrent Hoster - Remount Upload Exploit Torrent Hoster - Remount Upload Easy-Clanpage 2.2 - Multiple SQL Injections / Exploit Easy-Clanpage 2.2 - Multiple SQL Injections / PHP Jokesite 2.0 - exec Command Exploit PHP Jokesite 2.0 - exec Command Zyke CMS 1.1 - Bypass Exploit Zyke CMS 1.1 - Bypass Tochin eCommerce - Multiple Remote Exploits Tochin eCommerce - Multiple Remote s PHP-Nuke 8.2 - Arbitrary File Upload Exploit PHP-Nuke 8.2 - Arbitrary File Upload JCMS 2010 - File Download Exploit JCMS 2010 - File Download CakePHP 1.3.5/1.2.8 - 'Unserialize()' Exploit CakePHP 1.3.5/1.2.8 - 'Unserialize()' JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Exploit JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote CakePHP 1.3.5/1.2.8 - Cache Corruption Exploit (Metasploit) CakePHP 1.3.5/1.2.8 - Cache Corruption (Metasploit) N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code Exploit N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code iCMS 1.1 - Admin SQL Injection / Brute Force Exploit iCMS 1.1 - Admin SQL Injection / Brute Force WordPress Plugin Block-Spam-By-Math-Reloaded - Bypass Exploit WordPress Plugin Block-Spam-By-Math-Reloaded - Bypass COMTREND CT-5624 Router - Root/Support Password Disclosure/Change Exploit COMTREND CT-5624 Router - Root/Support Password Disclosure/Change Vonage VDV23 - Cross-Site Scripting TP-Link TL-WR740N - Cross-Site Scripting LanSweeper 6.0.100.75 - Cross-Site Scripting TRENDnet TEW-812DRU - Cross-Site Request Forgery/Command Injection Root Exploit TRENDnet TEW-812DRU - Cross-Site Request Forgery/Command Injection Root WordPress Plugin Akismet 2.1.3 - Exploit WordPress Plugin Akismet 2.1.3 - SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit SonicWALL Gms 7.x - Filter Bypass / Persistent Google Gmail IOS Mobile Application - Persistent / Persistent Cross-Site Scripting Google Gmail IOS Mobile Application - Persistent Cross-Site Scripting Feetan Inc WireShare 1.9.1 iOS - Persistent Exploit Feetan Inc WireShare 1.9.1 iOS - Persistent Seagate BlackArmor NAS - Root Exploit Seagate BlackArmor NAS - Privilege Escalation Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass Exploit Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass Private Photo+Video 1.1 Pro iOS - Persistent Exploit Private Photo+Video 1.1 Pro iOS - Persistent Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Bonefire 0.7.1 - Reinstall Admin Account Exploit Bonefire 0.7.1 - Reinstall Admin Account Kingsoft Webshield 1.1.0.62 - Cross-Site Scripting / Remote Command Execution NETGEAR WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access Exploit NETGEAR WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access PHPads 213607 - Authentication Bypass / Password Change Exploit PHPads 213607 - Authentication Bypass / Password Change D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit Wlsecrefresh.wl & Wlsecurity.wl D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Wlsecrefresh.wl & Wlsecurity.wl D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit DnsProxy.cmd D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored DnsProxy.cmd Seagate Central 2014.0410.0026-F - Remote Facebook Access Token Exploit Seagate Central 2014.0410.0026-F - Remote Facebook Access Token Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security Exploit Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security AirDroid iOS / Android / Win 3.1.3 - Persistent Exploit AirDroid iOS / Android / Win 3.1.3 - Persistent up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit up.time 7.5.0 - Upload and Execute Exploit up.time 7.5.0 - Arbitrary File Disclose and Delete up.time 7.5.0 - Upload and Execute MantisBT 1.2.19 - Host Header Exploit MantisBT 1.2.19 - Host Header SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration Exploit SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration JSSE - SKIP-TLS Exploit JSSE - SKIP-TLS D-Link DIR Series Routers - '/model/__show_info.php' Local File Disclosure D-Link DIR-Series Routers - '/model/__show_info.php' Local File Disclosure iScripts AutoHoster - 'main_smtp.php' Traversal Exploit iScripts AutoHoster - 'main_smtp.php' Traversal OpenMRS 2.3 (1.11.4) - XML External Entity Processing Exploit OpenMRS 2.3 (1.11.4) - XML External Entity Processing IBM Lotus Domino R8 - Password Hash Extraction Exploit IBM Lotus Domino R8 - Password Hash Extraction Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Exploits Trend Micro - 'CoreServiceShell.exe' Multiple HTTP s Dell OpenManage Server Administrator 8.3 - XML External Entity Exploit Dell OpenManage Server Administrator 8.3 - XML External Entity D-Link DIR8xx Routers - Leak Credentials D-Link DIR8xx Routers - Root Remote Code Execution D-Link DIR8xx Routers - Local Firmware Upload D-Link DIR-8xx Routers - Leak Credentials D-Link DIR-8xx Routers - Root Remote Code Execution D-Link DIR-8xx Routers - Local Firmware Upload TP-Link WR940N - Authenticated Remote Code Exploit TP-Link WR940N - Authenticated Remote Code Zeta Components Mail 1.8.1 - Remote Code Execution |
Renamed from platforms/php/webapps/8728.htm (Browse further)