exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00
Offensive Security	4b39f0d26d	DB: 2017-11-16 23 new exploits VideoLAN VLC Media Player 0.8.6a - Unspecified Denial of Service (1) VideoLAN VLC Media Player 0.8.6a - Denial of Service (1) Microsoft Windows Explorer - '.AVI' Unspecified Denial of Service Microsoft Windows Explorer - '.AVI' File Denial of Service Microsoft Windows Explorer - Unspecified '.ANI' File Denial of Service Microsoft Windows Explorer - '.ANI' File Denial of Service Microsoft Windows Explorer - Unspecified '.doc' File Denial of Service Microsoft Windows Explorer - '.doc' File Denial of Service CDBurnerXP 4.2.4.1351 - Local Crash (Denial of Service) Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Multiple Vulnerabilities iPhone / iTouch FtpDisc 1.0 3 - ExploitsInOne Buffer Overflow Denial of Service iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service Aladdin eToken PKI Client 4.5 - Virtual File Handling Unspecified Memory Corruption (PoC) Aladdin eToken PKI Client 4.5 - Virtual File Handling Memory Corruption (PoC) Webby WebServer - SEH Control (PoC) Webby WebServer - Overflow (SEH) (PoC) Quick 'n Easy FTP Server Lite 3.1 - Exploit Quick 'n Easy FTP Server Lite 3.1 - Denial of Service Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC) Subtitle Translation Wizard 3.0.0 - Overflow (SEH) (PoC) FFDshow - SEH Exception Leading to Null Pointer on Read FFDshow - Overflow (SEH) Exception Leading to Null Pointer on Read Microsoft Internet Explorer - MSHTML Findtext Processing Issue Microsoft Internet Explorer - MSHTML Findtext Processing Exploit Oreans WinLicense 2.1.8.0 - XML File Handling Unspecified Memory Corruption Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption Debian suidmanager 0.18 - Exploit AMD K6 Processor - Exploit Apple Personal Web Sharing 1.1 - Remote Denial of Service AMD K6 Processor - Denial of Service Sun Solaris 7.0 - 'procfs' Denial of Service S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - identd Denial of Service S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service Debian 2.1/2.2 / Mandrake 6.0/6.1/7.0 / RedHat 6.x - rpc.lockd Remote Denial of Service Debian 2.1/2.2 / Mandrake 6.0/6.1/7.0 / RedHat 6.x - 'rpc.lockd' Remote Denial of Service D-Link DIR605L - Denial of Service RedHat Linux 6.1 i386 - Tmpwatch Recursive Write Denial of Service (Linux Kernel) ReiserFS 3.5.28 - Code Execution / Denial of Service ReiserFS 3.5.28 (Linux Kernel) - Code Execution / Denial of Service IBM AIX 4.3.3/5.1/5.2 libIM - Buffer Overflow IBM AIX 4.3.3/5.1/5.2 - 'libIM' Buffer Overflow xfstt 1.2/1.4 - Unspecified Memory Disclosure xfstt 1.2/1.4 - Memory Disclosure ViRobot Linux Server 2.0 - Exploit Linux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x/2.6.x - Multiple ISO9660 Filesystem Handling Vulnerabilities IBM AIX 5.x - Invscout Local Buffer Overflow IBM AIX 5.x - 'Invscout' Local Buffer Overflow Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Unspecified Buffer Overflow Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Buffer Overflow Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption (MS06-012) Microsoft Excel 95/97/2000/2002/2003/2004 - Memory Corruption (MS06-012) IBM Tivoli Directory Server 6.0 - Unspecified LDAP Memory Corruption IBM Tivoli Directory Server 6.0 - LDAP Memory Corruption Quake 3 Engine - CL_ParseDownload Remote Buffer Overflow Quake 3 Engine - 'CL_ParseDownload' Remote Buffer Overflow Zabbix 1.1.2 - Multiple Unspecified Remote Code Execution Vulnerabilities Zabbix 1.1.2 - Multiple Remote Code Execution Vulnerabilities VideoLAN VLC Media Player 0.8.6a - Unspecified Denial of Service (2) VideoLAN VLC Media Player 0.8.6a - Denial of Service (2) Sun Solaris 10 - ICMP Unspecified Remote Denial of Service Sun Solaris 10 - ICMP Remote Denial of Service Mozilla Firefox 2.0.0.2 - Unspecified GIF Handling Denial of Service Mozilla Firefox 2.0.0.2 - '.GIF' Handling Denial of Service Progress WebSpeed 3.0/3.1 - Denial of Service GStreamer 0.10.15 - Multiple Unspecified Remote Denial of Service Vulnerabilities GStreamer 0.10.15 - Multiple Remote Denial of Service Vulnerabilities Wireshark 0.99.8 - X.509sat Dissector Unspecified Denial of Service Wireshark 0.99.8 - LDAP Dissector Unspecified Denial of Service Wireshark 0.99.8 - SCCP Dissector Decode As Feature Unspecified Denial of Service Wireshark 0.99.8 - X.509sat Dissector Denial of Service Wireshark 0.99.8 - LDAP Dissector Denial of Service Wireshark 0.99.8 - SCCP Dissector Decode As Feature Denial of Service Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service (1) Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service (2) Nokia Lotus Notes Connector - 'lnresobject.dll' Unspecified Remote Denial of Service Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Remote Denial of Service (1) Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Remote Denial of Service (2) Nokia Lotus Notes Connector - 'lnresobject.dll' Remote Denial of Service Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion (Denial of Service) Wireshark 1.2.1 - TLS Dissector 1.2 Conversation Handling Unspecified Remote Denial of Service Wireshark 1.2.1 - GSM A RR Dissector packet.c Unspecified Remote Denial of Service Wireshark 1.2.1 - OpcUa Dissector Resource Exhaustion (Denial of Service) Wireshark 1.2.1 - TLS Dissector 1.2 Conversation Handling Remote Denial of Service Wireshark 1.2.1 - GSM A RR Dissector packet.c Remote Denial of Service Opera Web Browser < 11.60 - Multiple Denial of Service / Unspecified Vulnerabilities Opera Web Browser < 11.60 - Denial of Service / Multiple Vulnerabilities SmallFTPd - Unspecified Denial of Service SmallFTPd - Denial of Service Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Exploitable Kernel NULL Dereference Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Kernel NULL Dereference Apple Mac OSX - IOSCSIPeripheralDeviceType00 Userclient Type 12 Exploitable Kernel NULL Dereference Apple Mac OSX - IOSCSIPeripheralDeviceType00 Userclient Type 12 Kernel NULL Dereference Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient Exploitable NULL Dereference Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient NULL Dereference Microsoft Windows - 'gdi32.dll' Multiple Issues 'EMF CREATECOLORSPACEW' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple Issues 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple 'EMF CREATECOLORSPACEW' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055) Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in IOAudioEngine Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Null Pointer Dereference in IOAudioEngine Apple OS X/iOS - mach_ports_register Multiple Memory Safety Issues Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety Exploits Linux Kernel 3.10.0-327/4.8.0-22 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Linux Kernel 4.8.0-22/3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine Microsoft Windows Kernel - 'win32k.sys' Multiple Issues 'NtGdiGetDIBitsInternal' System Call Microsoft Windows Kernel - 'win32k.sys' Multiple 'NtGdiGetDIBitsInternal' System Call Mandrake Linux 8.2 /usr/mail - Local Exploit Mandrake Linux 8.2 - '/usr/mail' Local Exploit RedHat 6.2 /sbin/restore - Exploit RedHat 6.2 - '/sbin/restore' Privilege Escalation dump 0.4b15 (RedHat 6.2) - Exploit dump 0.4b15 (RedHat 6.2) - Privilege Escalation xsoldier 0.96 (RedHat 6.2) - Exploit Pine (Local Message Grabber) - Exploit xsoldier 0.96 (RedHat 6.2) - Buffer Overflow Pine (Local Message Grabber) - Local Message Read Seyon 2.1 rev. 4b i586-Linux - Exploit Seyon 2.1 rev. 4b i586-Linux (RedHat 4.0/5.1) - Overflow glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploit glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - File Read suid_perl 5.001 - Exploit suid_perl 5.001 - Command Execution Sendmail 8.11.x (Linux/i386) - Exploit Sendmail 8.11.x (Linux/i386) - Privilege Escalation Microsoft Excel - Unspecified Remote Code Execution Microsoft Excel - Remote Code Execution Microsoft Word 2000 - Unspecified Code Execution Microsoft Word 2000 - Code Execution IBM AIX 5.3 sp6 - capture Terminal Sequence Privilege Escalation IBM AIX 5.3 sp6 - pioout Arbitrary Library Loading Privilege Escalation IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation IBM AIX 5.3 SP6 - 'pioout' Arbitrary Library Loading Privilege Escalation IBM AIX 5.3 libc - MALLOCDEBUG File Overwrite IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite Easy RM to MP3 Converter 2.7.3.700 - Exploit Easy RM to MP3 Converter 2.7.3.700 - Buffer Overflow Easy RM to MP3 27.3.700 (Windows XP SP3) - Exploit Easy RM to MP3 27.3.700 (Windows XP SP3) - Overflow Adobe Reader and Acrobat - Exploit Adobe Reader / Acrobat - '.PDF' File Overflow Mini-stream Ripper (Windows XP SP2/SP3) - Exploit Mini-stream Ripper (Windows XP SP2/SP3) - Local Overflow DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) Winamp 5.572 - Exploit (SEH) Winamp 5.572 - Overflow (SEH) ZipScan 2.2c - Exploit (SEH) ZipScan 2.2c - Overflow (SEH) Local Glibc shared library (.so) 2.11.1 - Exploit (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation Local Glibc Shared Library (.so) 2.11.1 - Code Execution ReiserFS (Linux Kernel 2.6.34-rc3 / RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation SyncBack Freeware 3.2.20.0 - Exploit SyncBack Freeware 3.2.20.0 - Overflow (SEH) Mediacoder 0.7.3.4672 - Exploit (SEH) Mediacoder 0.7.3.4672 - Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Exploit (SEH) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) DJ Studio Pro 8.1.3.2.1 - Exploit (SEH) DJ Studio Pro 8.1.3.2.1 - Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) (Metasploit) iworkstation 9.3.2.1.4 - Exploit (SEH) iworkstation 9.3.2.1.4 - Overflow (SEH) Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode) Nokia MultiMedia Player 1.0 - Overflow (SEH Unicode) POP Peeper 3.7 - Exploit (SEH) POP Peeper 3.7 - Overflow (SEH) DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass DVD X Player 5.5 Pro - Overflow (SEH + ASLR + DEP Bypass) DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) (Metasploit) BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass BlazeVideo HDTV Player 6.6 Professional - Overflow (SEH + ASLR + DEP Bypass) Slackware Linux 3.4 - 'liloconfig-color' Temporary file Slackware Linux 3.4 - 'makebootdisk' Temporary file Slackware Linux 3.4 - 'liloconfig-color' Temporary File Slackware Linux 3.4 - 'makebootdisk' Temporary File Slackware Linux 3.4 - 'netconfig' Temporary file Slackware Linux 3.4 - 'pkgtool' Temporary file Slackware Linux 3.4 - 'netconfig' Temporary File Slackware Linux 3.4 - 'pkgtool' Temporary File Debian suidmanager 0.18 - Command Execution BSDI BSD/OS 2.1 / FreeBSD 2.1 / IBM AIX 4.2 / SGI IRIX 6.4 / Sun SunOS 4.1.3 - Exploit HP HP-UX 10.20/11.0 / IBM AIX 4.3 / SCO Unixware 7.0 / Sun Solaris 2.6 - Exploit Slackware Linux 3.5 - Missing /etc/group Privilege Escalation BSDI BSD/OS 2.1 / FreeBSD 2.1 / IBM AIX 4.2 / SGI IRIX 6.4 / Sun SunOS 4.1.3 - Buffer Overrun HP HP-UX 10.20/11.0 / IBM AIX 4.3 / SCO Unixware 7.0 / Sun Solaris 2.6 - Change File Permission Slackware Linux 3.5 - '/etc/group' Privilege Escalation Sun Solaris 2.6 power management - Exploit Sun Solaris 2.6 - power management Exploit DataLynx suGuard 1.0 - Exploit Sun Solaris 2.5.1 PAM & unix_scheme - Exploit Solaris 2.5.1 ffbconfig - Exploit Solaris 2.5.1 chkey - Exploit Solaris 2.5.1 Ping - Exploit SGI IRIX 6.4 ioconfig - Exploit DataLynx suGuard 1.0 - Privilege Escalation Sun Solaris 2.5.1 PAM / unix_scheme - 'passwd' Privilege Escalation Solaris 2.5.1 - 'ffbconfig' Exploit Solaris 2.5.1 - 'chkey' Exploit Solaris 2.5.1 - 'Ping' Exploit SGI IRIX 6.4 - 'ioconfig' Exploit BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - xlock Exploit (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - xlock Exploit (2) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Exploit (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - '/usr/bin/X11/xlock' Privilege Escalation (2) Solaris 2.5.1 automount - Exploit Solaris 2.5.1 - 'automount' Exploit BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit Sun Solaris 7.0 dtprintinfo - Buffer Overflow Sun Solaris 7.0 lpset - Buffer Overflow BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Buffer Overflow Sun Solaris 7.0 - '/usr/bin/lpset' Buffer Overflow IBM Remote Control Software 1.0 - Exploit IBM Remote Control Software 1.0 - Code Execution Xcmail 0.99.6 - Exploit Xcmail 0.99.6 - Buffer Overflow Sun Solaris 7.0 ff.core - Exploit S.u.S.E. 5.2 lpc - Exploit Sun Solaris 7.0 - 'ff.core' Exploit S.u.S.E. 5.2 - 'lpc' Exploit SGI IRIX 6.2 cdplayer - Exploit SGI IRIX 6.2 - 'cdplayer' Exploit SGI IRIX 5.3 Cadmin - Exploit SGI IRIX 6.0.1 colorview - Exploit SGI IRIX 5.3 - 'Cadmin' Exploit SGI IRIX 6.0.1 - 'colorview' Exploit SGI IRIX 6.3 df - Exploit SGI IRIX 6.4 - datman/cdman Exploit SGI IRIX 6.3 - 'df' Exploit SGI IRIX 6.4 - datman/cdman Exploit RedHat Linux 2.1 - abuse.console Exploit SGI IRIX 6.2 fsdump - Exploit RedHat Linux 5.1 xosview - Exploit Slackware Linux 3.1 - Buffer Overflow RedHat Linux 2.1 - 'abuse.console' Exploit SGI IRIX 6.2 - 'fsdump' Exploit RedHat Linux 5.1 - xosview Slackware Linux 3.1 - '/usr/X11/bin/SuperProbe' Buffer Overflow IBM AIX 4.3 infod - Exploit IBM AIX 4.3 - 'infod' Exploit IBM AIX 4.2.1 snap - Insecure Temporary File Creation IBM AIX 4.2.1 - 'snap' Insecure Temporary File Creation SGI IRIX 6.4 inpview - Exploit RedHat Linux 5.0 msgchk - Exploit IBM AIX 4.2.1 portmir - Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 ping - Buffer Overflow IBM AIX 4.2 lchangelv - Buffer Overflow SGI IRIX 6.4 - 'inpview' Exploit RedHat Linux 5.0 - 'msgchk' Exploit IBM AIX 4.2.1 - '/usr/bin/portmir' Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 - 'ping' Buffer Overflow IBM AIX 4.2 - '/usr/sbin/lchangelv' Buffer Overflow RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 mailx - Exploit (1) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (1) SGI IRIX 6.4 netprint - Exploit SGI IRIX 6.4 - 'netprint' Exploit SGI IRIX 5.3/6.2 ordist - Exploit SGI IRIX 5.3/6.2 - 'ordist' Exploit SGI IRIX 5.3 pkgadjust - Exploit SGI IRIX 5.3 - 'pkgadjust' Exploit Sun Solaris 7.0 procfs - Exploit IBM AIX 3.2.5 - IFS Exploit IBM AIX 4.2.1 lquerypv - Exploit IBM AIX 3.2.5 - 'IFS' Exploit IBM AIX 4.2.1 - 'lquerypv' File Read SGI IRIX 6.3 pset - Exploit SGI IRIX 6.4 rmail - Exploit SGI IRIX 6.3 - 'pset' Exploit SGI IRIX 6.4 - 'rmail' Exploit SGI IRIX 5.2/5.3 serial_ports - Exploit SGI IRIX 6.4 suid_exec - Exploit SGI IRIX 5.1/5.2 sgihelp - Exploit SGI IRIX 6.4 startmidi - Exploit SGI IRIX 5.2/5.3 - 'serial_ports' Exploit SGI IRIX 6.4 - 'suid_exec' Exploit SGI IRIX 5.1/5.2- 'sgihelp' Exploit SGI IRIX 6.4 - 'startmidi' Exploit SGI IRIX 6.4 xfsdump - Exploit SGI IRIX 6.4 - 'xfsdump' Exploit IBM AIX 4.3.1 adb - Exploit IBM AIX 4.3.1 - 'adb' Denial of Service Apple At Ease 5.0 - Exploit Samba < 2.0.5 - Exploit Apple At Ease 5.0 - Information Disclosure Samba < 2.0.5 - Overflow NetBSD 1.4 / OpenBSD 2.5 /Solaris 7.0 profil(2) - Exploit NetBSD 1.4 / OpenBSD 2.5 / Solaris 7.0 - 'profil(2)' Modify The Internal Data Space Mandriva Linux Mandrake 6.0 / Gnome Libs 1.0.8 espeaker - Local Buffer Overflow Mandriva Linux Mandrake 6.0 / Gnome Libs 1.0.8 - 'espeaker' Local Buffer Overflow HP-UX 10.20 newgrp - Exploit HP-UX 10.20 newgrp - Privilege Escalation BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - '/usr/bin/lpr' Buffer Overrun Privilege Escalation (2) BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon FreeBSD 3.3/Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (1) FreeBSD 3.3/Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (2) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (1) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (2) Solaris 7.0 kcms_configure - Exploit Solaris 7.0 - 'kcms_configure Exploit Windowmaker wmmon 1.0 b2 - Exploit Windowmaker wmmon 1.0 b2 - Command Execution Oracle8i Standard Edition 8.1.5 for Linux Installer - Exploit Oracle8i Standard Edition 8.1.5 for Linux Installer - Privilege Escalation Standard & Poors ComStock 4.2.4 - Exploit Standard & Poors ComStock 4.2.4 - Command Execution KDE 1.1.2 KApplication configfile - Exploit (1) KDE 1.1.2 KApplication configfile - Exploit (2) KDE 1.1.2 KApplication configfile - Exploit (3) KDE 1.1.2 KApplication configfile - Privilege Escalation (1) KDE 1.1.2 KApplication configfile - Privilege Escalation (2) KDE 1.1.2 KApplication configfile - Privilege Escalation (3) BSD 'mailx' 8.1.1-10 - Buffer Overflow (2) mailx 8.1.1-10 (BSD/Slackware) - Buffer Overflow (2) Mandrake 7.0/7.1 / RedHat Kon2 0.3.9 - fld Input File Overflow Mandrake 7.0/7.1 / RedHat Kon2 0.3.9 - '/usr/bin/fld' Input File Overflow IRIX 6.5.x - GR_OSView Buffer Overflow SGI IRIX 6.2 libgl.so - Buffer Overflow IRIX 6.5.x - dmplay Buffer Overflow IRIX 6.2/6.3 lpstat - Buffer Overflow IRIX 6.5.x - inpview Race Condition IRIX 6.5.x - '/usr/sbin/gr_osview' Buffer Overflow SGI IRIX 6.2 - 'libgl.so' Buffer Overflow IRIX 6.5.x - '/usr/sbin/dmplay' Buffer Overflow IRIX 6.2/6.3 - '/bin/lpstat' Buffer Overflow IRIX 6.5.x - '/usr/lib/InPerson/inpview' Race Condition IRIX 5.3/6.x - mail Exploit IRIX 5.3/6.x - '/usr/bin/mail' Buffer Overflow Libc locale - Exploit (1) Libc locale - Exploit (2) Libc locale - Privilege Escalation (1) Libc locale - Privilege Escalation (2) GNOME esound 0.2.19 - Unix Domain Socket Race Condition Apple Mac OSX 10 / HP-UX 9/10/11 / Mandriva 6/7 / RedHat 5/6 / SCO 5 / IRIX 6 - Shell redirection Race Condition Apple Mac OSX 10 / HP-UX 9/10/11 / Mandriva 6/7 / RedHat 5/6 / SCO 5 / IRIX 6 - Shell Redirection Race Condition IBM AIX 4.x - setsenv Buffer Overflow IBM AIX 4.3 digest - Buffer Overflow IBM AIX 4.x - enq Buffer Overflow IBM AIX 4.3.x - piobe Buffer Overflow IBM AIX 4.x - '/usr/bin/setsenv' Buffer Overflow IBM AIX 4.3 - '/usr/lib/lpd/digest' Buffer Overflow IBM AIX 4.x - 'enq' Buffer Overflow IBM AIX 4.3.x - '/usr/lib/lpd/piobe' Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 - CDE dtsession Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Buffer Overflow AIX 4.2/4.3 - piomkapqd Buffer Overflow AIX 4.2/4.3 - '/usr/lib/lpd/pio/etc/piomkapqd' Buffer Overflow (Linux Kernel 2.4.17-8) User-Mode Linux - Memory Access Privilege Escalation User-Mode Linux (Linux Kernel 2.4.17-8) - Memory Access Privilege Escalation (Linux Kernel) Grsecurity Kernel Patch 1.9.4 - Memory Protection Grsecurity Kernel Patch 1.9.4 (Linux Kernel) - Memory Protection QNX RTOS 6.1 - phlocale Environment Variable Buffer Overflow QNX RTOS 6.1 - PKG-Installer Buffer Overflow QNX RTOS 6.1 - '/usr/photon/bin/phlocale' Environment Variable Buffer Overflow QNX RTOS 6.1 - 'PKG-Installer' Buffer Overflow NCMedia Sound Editor Pro 7.5.1 - SEH + DEP Bypass NCMedia Sound Editor Pro 7.5.1 - Overflow (SEH + DEP Bypass) AFD 1.2.x - Working Directory Local Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow Privilege Escalation IBM AIX 4.3.x/5.1 - ERRPT Local Buffer Overflow IBM AIX 4.3.x/5.1 - 'ERRPT' Local Buffer Overflow HP-UX 10.x - rs.F3000 Unspecified Unauthorized Access HP-UX 10.x - rs.F3000 Unauthorized Access Leksbot 1.2 - Multiple Unspecified Vulnerabilities Leksbot 1.2 - Multiple Vulnerabilities IBM AIX 4.3.x/5.1 - LSMCODE Environment Variable Local Buffer Overflow IBM AIX 4.3.x/5.1 - 'LSMCODE' Environment Variable Local Buffer Overflow IBM UniVerse 10.0.0.9 - uvadmsh Privilege Escalation IBM UniVerse 10.0.0.9 - 'uvadmsh' Privilege Escalation ViRobot Linux Server 2.0 - Overflow (Linux Kernel 2.6) Samba 2.2.8 (Debian / Mandrake) - Share Privilege Escalation Samba 2.2.8 (Linux Kernel 2.6 / Debian / Mandrake) - Share Privilege Escalation Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (1) Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (2) Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (3) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (1) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (2) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (3) Nvidia Display Driver Service (Nsvr) - Exploit Nvidia Display Driver Service (Nsvr) - Buffer Overflow IBM AIX 5.3 - GetShell and GetCommand File Enumeration IBM AIX 5.3 - GetShell and GetCommand Partial File Disclosure IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Enumeration IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Disclosure Apple 2.0.4 - Safari Unspecified Local Apple 2.0.4 - Safari Local Exploit Systrace - Multiple System Call Wrappers Concurrency Vulnerabilities IBM AIX 6.1.8 libodm - Arbitrary File Write IBM AIX 6.1.8 - 'libodm' Arbitrary File Write Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation VeryPDF HTML Converter 2.0 - SEH/ToLower() Bypass Buffer Overflow VeryPDF HTML Converter 2.0 - Buffer Overflow (SEH/ToLower() Bypass) Symantec Encryption Desktop 10 - Buffer Overflow Privilege Escalation QEMU (Gentoo) - Local Priv Escalation QEMU (Gentoo) - Privilege Escalation Apache Tomcat 8/7/6 (RedHat-Based Distros) - Privilege Escalation Apache Tomcat 8/7/6 (RedHat Based Distros) - Privilege Escalation RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock) RedStar 3.0 Server - 'BEAM' / 'RSSMON' Command Injection (Shellshock) Microsoft WordPerfect Document Converter - Exploit (MS03-036) Microsoft WordPerfect Document Converter (Windows NT4 Workstation SP5/SP6 French) - File Template Buffer Overflow (MS03-036) CA BrightStor ARCserve Backup - Exploiter Tool CA BrightStor ARCserve Backup - Overflow NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - Exploit NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - File Write CDBurnerXP 4.2.4.1351 - Exploit PeerCast 0.1216 - Exploit (Metasploit) PeerCast 0.1216 - Stack Overflow (Metasploit) BigAnt Server 2.52 - Exploit (SEH) BigAnt Server 2.52 - Overflow (SEH) NetTransport Download Manager 2.90.510 - Exploit NetTransport Download Manager 2.90.510 - Overflow (SEH) File Sharing Wizard 1.5.0 - Exploit (SEH) File Sharing Wizard 1.5.0 - Overflow (SEH) Real Player 12.0.0.879 - Exploit Sun Java Web Server 7.0 u7 - Exploit (DEP Bypass) Real Player 12.0.0.879 - Code Execution Sun Java Web Server 7.0 u7 - Overflow (DEP Bypass) IBM AIX 5l FTPd - Remote DES Hash Exploit IBM AIX 5l - 'FTPd' Remote DES Hash Exploit Microsoft Data Access Components - Exploit (MS11-002) Microsoft Data Access Components - Overflow (PoC) (MS11-002) FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - 'LIST' Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Exploit (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Apple Personal Web Sharing 1.1 - Exploit id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Exploit id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Command Execution Metainfo Sendmail 2.0/2.5 & MetaIP 3.1 - Exploit Metainfo Sendmail 2.0/2.5 / MetaIP 3.1 - Upload / Execute Read Scripts IBM AIX 3.2/4.1 & SCO Unixware 7.1.1 & SGI IRIX 5.3 & Sun Solaris 2.5.1 - Exploit IBM AIX 3.2/4.1 / SCO Unixware 7.1.1 / SGI IRIX 5.3 / Sun Solaris 2.5.1 - Privilege Escalation HP HP-UX 10.34 rlpdaemon - Exploit HP HP-UX 10.34 rlpdaemon - Remote Overflow Ray Chan WWW Authorization Gateway 0.1 - Exploit Ray Chan WWW Authorization Gateway 0.1 - Command Execution Solaris 7.0 Coredump - Exploit Solaris 7.0 - 'Coredump' File Write IBM Scalable POWERparallel (SP) 2.0 sdrd - Exploit SGI IRIX 6.2 cgi-bin wrap - Exploit IBM Scalable POWERparallel (SP) 2.0 - 'sdrd' File Read SGI IRIX 6.2 - cgi-bin wrap Exploit SGI IRIX 6.5.2 nsd - Exploit SGI IRIX 6.5.2 - 'nsd'' Exploit IBM AIX 3.2.5 - login(1) Exploit IBM AIX 3.2.5 - 'login(1)' Exploit Compaq Java Applet for Presario SpawnApp - Exploit Compaq Java Applet for Presario SpawnApp - Code Execution Network Security Wizards Dragon-Fire IDS 1.0 - Exploit Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Exploit Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Information Disclosure IBM AIX 4.3.2 ftpd - Remote Buffer Overflow IBM AIX 4.3.2 - 'ftpd' Remote Buffer Overflow glFTPd 1.17.2 - Exploit glFTPd 1.17.2 - Code Execution Netopia R-series routers 4.6.2 - Exploit Netopia R-series Routers 4.6.2 - Modifying SNMP Tables Sun Java Web Server 1.1.3/2.0 Servlets - Exploit Sun Java Web Server 1.1.3/2.0 Servlets - information Disclosure IPFilter 3.x - Fragment Rule Bypass CGIWrap 2.x/3.x - Cross-Site Scripting AIX 4.1/4.2 - pdnsd Buffer Overflow AIX 4.1/4.2 - 'pdnsd' Buffer Overflow RedHat Linux 7.0 Apache - Remote 'Username' Enumeration RedHat Linux 7.0 Apache - Remote Username Enumeration Hylafax 4.1.x - HFaxD Unspecified Format String Hylafax 4.1.x - HFaxD Format String EZMeeting 3.x - 'EZNet.exe' Long HTTP Request Remote Buffer Overflow LHA 1.x - Multiple extract_one Buffer Overflow Vulnerabilities LHA 1.x - 'extract_one' Multiple Buffer Overflow Vulnerabilities Ethereal 0.x - Multiple Unspecified iSNS / SMB / SNMP Protocol Dissector Vulnerabilities Ethereal 0.x - Multiple iSNS / SMB / SNMP Protocol Dissector Vulnerabilities Oracle 9i - Multiple Unspecified Vulnerabilities Oracle 9i - Multiple Vulnerabilities File ELF 4.x - Header Unspecified Buffer Overflow File ELF 4.x - Header Buffer Overflow Microsoft PowerPoint 2003 - 'mso.dll' .PPT Processing Unspecified Code Execution Microsoft PowerPoint 2003 - 'powerpnt.exe' Unspecified Issue Microsoft PowerPoint 2003 - 'mso.dll' '.PPT' Processing Code Execution Microsoft PowerPoint 2003 - 'powerpnt.exe' Exploit CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Unspecified Arbitrary File Manipulation CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Unspecified Replay Attack CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Arbitrary File Manipulation CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Replay Attack Microsoft Internet Explorer 6 - Unspecified Code Execution (1) Microsoft Internet Explorer 6 - Unspecified Code Execution (2) Microsoft Internet Explorer 6 - Code Execution (1) Microsoft Internet Explorer 6 - Code Execution (2) GNU Tar 1.1x - GNUTYPE_NAMES Directory Traversal GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal TFTP Server TFTPDWin 0.4.2 - Unspecified Directory Traversal TFTP Server TFTPDWin 0.4.2 - Directory Traversal Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Unspecified Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Exploit Multiple CA Service Management Products - Unspecified Remote Command Execution Multiple CA Service Management Products - Remote Command Execution NovaStor NovaNET 12 - 'DtbClsLogin()' Remote Stack Buffer Overflow Bash - Environment Variables Code Injection (Shellshock) Bash - Environment Variables Command Injection (Shellshock) OpenVPN 2.2.29 - Remote Exploit (Shellshock) OpenVPN 2.2.29 - Remote Command Injection (Shellshock) Postfix SMTP 4.2.x < 4.2.48 - Remote Exploit (Shellshock) Apache mod_cgi - Remote Exploit (Shellshock) Postfix SMTP 4.2.x < 4.2.48 - Remote Command Injection (Shellshock) Apache mod_cgi - Remote Command Injection (Shellshock) Poison Ivy 2.3.2 - Unspecified Remote Buffer Overflow Poison Ivy 2.3.2 - Remote Buffer Overflow Samba 3.5.11/3.6.3 - Unspecified Remote Code Execution Samba 3.5.11/3.6.3 - Remote Code Execution Advantech Switch - Bash Environment Variable Code Injection (Shellshock) (Metasploit) Advantech Switch - Bash Environment Variable Command Injection (Shellshock) (Metasploit) Cisco UCS Manager 2.1(1b) - Remote Exploit (Shellshock) Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock) IPFire - Bash Environment Variable Injection (Shellshock) (Metasploit) IPFire - Bash Environment Variable Command Injection (Shellshock) (Metasploit) TrendMicro InterScan Web Security Virtual Appliance - Remote Code Execution (Shellshock) TrendMicro InterScan Web Security Virtual Appliance - Remote Command Injection (Shellshock) Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remote Type Confusion Poll It CGI 2.0 - Exploit Poll It CGI 2.0 - Multiple Vulnerabilities DreamPoll 3.1 - Exploit DreamPoll 3.1 - SQL Injection WordPress Plugin WP-Cumulus 1.20 - Exploit WordPress Plugin WP-Cumulus 1.20 - Full Path Disclosure / Cross-Site Scripting Public Media Manager - Exploit Public Media Manager - Remote File Inclusion Joomla! Component com_adagency - Exploit Joomla! Component com_adagency - Local File Inclusion File Upload Manager 1.3 - Exploit File Upload Manager 1.3 - Web Shell File Upload Joomla! Component com_caddy - Exploit Renista CMS - Exploit Renista CMS - SQL Injection BtiTracker 1.3.x < 1.4.x - Exploit BtiTracker 1.3.x < 1.4.x - SQL Injection WordPress Plugin Cimy Counter - Exploit WordPress Plugin Cimy Counter - Full Path Disclosure / Redirector / Cross-Site Scripting / HTTP Response Spitting Belkin F5D7234-4 v5 G Wireless Router - Exploit Belkin F5D7234-4 v5 G Wireless Router - Remote Hash Exposed WhatsApp Status Changer 0.2 - Exploit WhatsApp - Remote Change Status MySimpleNews 1.0 - Remotely Readable Administrator Password MySimpleNews 1.0 - Remote Readable Administrator Password SquirrelMail 1.2.11 - Exploit SquirrelMail 1.2.11 - Multiple Vulnerabilities D-Link DCS-936L Network Camera - Cross-Site Request Forgery Yappa-ng 1.x/2.x - Unspecified Remote File Inclusion Yappa-ng 1.x/2.x - Unspecified Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Aenovo - Multiple Unspecified Cross-Site Scripting Vulnerabilities Aenovo - Multiple Cross-Site Scripting Vulnerabilities Codegrrl - 'Protection.php' Unspecified Code Execution Codegrrl - 'Protection.php' Code Execution Red Mombin 0.7 - 'index.php' Unspecified Cross-Site Scripting Red Mombin 0.7 - 'process_login.php' Unspecified Cross-Site Scripting Red Mombin 0.7 - 'index.php' Cross-Site Scripting Red Mombin 0.7 - 'process_login.php' Cross-Site Scripting A-Blog 1.0 - Unspecified Cross-Site Scripting A-Blog 1.0 - Cross-Site Scripting Liens_Dynamiques 2.1 - Multiple Unspecified Cross-Site Scripting Vulnerabilities Liens_Dynamiques 2.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Akismet 2.1.3 - Unspecified WordPress Plugin Akismet 2.1.3 - Exploit SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Remote Command Execution Vulnerabilities UPC Ireland Cisco EPC 2425 Router / Horizon Box - Exploit UPC Ireland Cisco EPC 2425 Router / Horizon Box - WPA-PSK Handshake Information Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload Korean GHBoard - 'Component/upload.jsp' Arbitrary File Upload MyPHP Forum 3.0 - 'search.php' Multiple Unspecified SQL Injections MyPHP Forum 3.0 - 'search.php' Multiple SQL Injections Zoph 0.7.2.1 - Unspecified SQL Injection Zoph 0.7.2.1 - SQL Injection Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection Joomla! Component FreiChat 1.0/2.x - HTML Injection Bash CGI - Remote Code Execution (Shellshock) (Metasploit) Bash CGI - Remote Command Injection (Shellshock) (Metasploit) PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock) PHP < 5.6.2 - 'disable_functions()' Bypass Command Injection (Shellshock) Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Unspecified Security Vulnerabilities Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Security Vulnerabilities Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Unspecified Security Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security Exploit Netsweeper 4.0.8 - Authentication Bypass Issue Netsweeper 4.0.8 - Authentication Bypass SimpleInvoices invoices Module - Unspecified Customer Field Cross-Site Scripting SimpleInvoices invoices Module - Customer Field Cross-Site Scripting Bugzilla 4.2 - Tabular Reports Unspecified Cross-Site Scripting Bugzilla 4.2 - Tabular Reports Cross-Site Scripting iScripts AutoHoster - 'main_smtp.php' Unspecified Traversal iScripts AutoHoster - 'main_smtp.php' Traversal Exploit Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Exploits Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Exploit (Shellshock) Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock) NUUO NVRmini 2 3.0.8 - Remote Code Execution (Shellshock) NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock) Squid Analysis Report Generator 2.3.10 - Remote Code Execution	2017-11-16 10:02:26 +00:00
Offensive Security	c7b4bfd8e6	DB: 2017-08-23 23 new exploits Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit) IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit) BSD - Passive Connection Shellcode (124 bytes) BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes) BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes) BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh Shellcode (27 bytes) BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes) BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes) BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes) BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes) FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes) BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes) FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - kill all processes Shellcode (12 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes) FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Kill All Processes Shellcode (12 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes) FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes) FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) (Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode Linux/x86 - cmd Null-Free Shellcode (Generator) (Generator) - Alphanumeric Shellcode (Encoder/Decoder) Linux/x86 - Bind TCP Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) Linux/x86 - Command Null-Free Shellcode (Generator) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Win32 - Multi-Format Encoding Tool Shellcode (Generator) iOS - Version-independent Shellcode Cisco IOS - Connectback 21/TCP Shellcode Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) iOS Version-independent - Null-Free Shellcode Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/x86 - killall5 polymorphic Shellcode (61 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - reboot() polymorphic Shellcode (57 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator (Generator) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - /sbin/iptables -F Shellcode (40 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - executes command after setreuid Shellcode (49+ bytes) Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + executes command (49+ bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes) Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes) Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - TCP Proxy Shellcode (236 bytes) Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes) Linux/x86 - snoop /dev/dsp Shellcode (172 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - setreuid/execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - iptables -F Shellcode (45 bytes) Linux/x86 - iptables -F Shellcode (58 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - connect Shellcode (120 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - break chroot Shellcode (34 bytes) Linux/x86 - break chroot Shellcode (46 bytes) Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - chroot()/execve() code Shellcode (80 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes) Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes) BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes) OSX/PPC - sync()_ reboot() Shellcode (32 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes) OSX/PPC - sync() + reboot() Shellcode (32 bytes) OSX/PPC - Add user _r00t_ Shellcode (219 bytes) OSX/PPC - Add Root User (r00t) Shellcode (219 bytes) Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid/execve Shellcode (56 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid + execve Shellcode (56 bytes) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes) Win32 - SEH Omelet Shellcode Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - PEB!NtGlobalFlags Shellcode (14 bytes) Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes) Win32/XP SP2 - cmd.exe Shellcode (57 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Win32 - ConnectBack + Download A File + Save + Execute Shellcode Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes) Win32 - Download File + Execute Shellcode (192 bytes) Win32 - Download File + Execute Shellcode (124 bytes) Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box Shellcode (110 bytes) Win32 - WinExec() Command Parameter Shellcode (104+ bytes) Win32 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - SEH Omelet Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes) Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes) Windows x86 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP - Download File + Execute Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Windows XP - Download File + Execute Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Win32 XP SP3 - ShellExecuteA Shellcode Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Win32/XP SP2 - calc.exe Shellcode (45 bytes) Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - break chroot Shellcode (79 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Win32 XP SP2 (FR) - calc Shellcode (19 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes) Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes) Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - disabled modsecurity Shellcode (64 bytes) Win32 - JITed Stage-0 Shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Linux/x86 - Disabled modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes) Win32 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Generator) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes) Windows XP SP2 (FR) - Download File + Execute Shellcode Windows XP SP2 (French) - Download File + Execute Shellcode Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes) Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes) Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Win32 - Write-to-file Shellcode (278 bytes) Windows x86 - Write-to-file Null-Free Shellcode (278 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 English - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) Win32 - Checksum Routine Shellcode (18 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) Windows x86 - Checksum Routine Shellcode (18 bytes) Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes) Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes) Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader Port 0x1337 Shellcode ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader (0x1337/TCP) Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes) Win32 - Speaking 'You got pwned!' Shellcode FreeBSD/x86 - connect back Shellcode (81 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Win32 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes) Linux/x86 - ASLR deactivation Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes) Windows x86 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes) Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes) Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes) Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes) Windows x64 - Bind TCP Shell Shellcode (508 bytes) Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes) Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows - Messagebox Shellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Windows - Add Administrator 'BroK3n' Shellcode (194 bytes) Windows - Messagebox Null-FreeShellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes) Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - Disable ASLR Shellcode (84 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes) Win32/XP SP3 - Restart computer Shellcode (57 bytes) Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes) Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes) Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes) Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes) Linux/x86 - exec('/bin/dash') Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes) Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes) Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - /bin/sh Shellcode (34 bytes) Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Win32 .Net Framework - Execute Native x86 Shellcode Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes) Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x64 - WinExec() Shellcode (93 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes) Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Windows x86 - Executable Directory Search Shellcode (130 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Linux/x86 - Bind Shell Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes) Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Disable ASLR Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux x86 - /bin/sh Shellcode (24 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86_64 - kill All Processes Shellcode (19 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Php Cloud mining Script - Authentication Bypass (Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass	2017-08-23 05:01:29 +00:00
Offensive Security	86f822c557	DB: 2017-06-23 11 new exploits Microsoft Windows - ASN.1 LSASS.exe Remote Exploit (MS04-007) Microsoft Windows - ASN.1 'LSASS.exe' Remote Exploit (MS04-007) Slackware Linux - /usr/bin/ppp-off Insecure /tmp Call Exploit Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call Exploit Microsoft Windows XP/2000 - TCP Connection Reset Remote Attack Tool Microsoft Windows XP/2000 - TCP Connection Reset Remote Exploit PostgreSQL 8.01 - Remote Reboot Denial of Service PostgreSQL 8.01 - Remote Reboot (Denial of Service) Cisco IP Phone 7940 - (Reboot) Denial of Service Cisco IP Phone 7940 - Reboot (Denial of Service) Cisco Aironet Wireless Access Points - Memory Exhaustion ARP Attack Denial of Service Cisco Aironet Wireless Access Points - Memory Exhaustion ARP (Denial of Service) Dropbear / OpenSSH Server - (MAX_UNAUTH_CLIENTS) Denial of Service Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIENTS' Denial of Service 2WIRE Modems/Routers - CRLF Denial of Service 2WIRE Modems/Routers - 'CRLF' Denial of Service FTP Explorer 1.0.1 Build 047 - (CPU Consumption) Remote Denial of Service FTP Explorer 1.0.1 Build 047 - Remote CPU Consumption (Denial of Service) Cisco Phone 7940/7960 - (SIP INVITE) Remote Denial of Service Cisco Phone 7940/7960 - 'SIP INVITE' Remote Denial of Service Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Hang / Crash (Denial of Service) Mozilla Firefox 2.0.0.3 / Gran Paradiso 3.0a3 - Hang / Crash (Denial of Service) Linksys SPA941 - (remote reboot) Remote Denial of Service Linksys SPA941 - Remote Reboot (Denial of Service) CA BrightStor Backup 11.5.2.0 - caloggderd.exe Denial of Service CA BrightStor Backup 11.5.2.0 - Mediasvr.exe Denial of Service CA BrightStor Backup 11.5.2.0 - 'caloggderd.exe' Denial of Service CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Denial of Service Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial of Service Galaxy FTP Server 1.0 (Neostrada Livebox DSL Router) - Denial of Service Mcafee EPO 4.0 - FrameworkService.exe Remote Denial of Service Mcafee EPO 4.0 - 'FrameworkService.exe' Remote Denial of Service Xerox Phaser 8400 - (reboot) Remote Denial of Service Xerox Phaser 8400 - Remote Reboot (Denial of Service) Microsoft Windows Mobile 6.0 - Device long name Remote Reboot Exploit Microsoft Windows Mobile 6.0 - Device Long Name Remote Reboot (Denial of Service) Linksys WAG54G v2 (Wireless ADSL Router) - httpd Denial of Service Linksys WAG54G v2 Wireless ADSL Router - httpd Denial of Service Netgear SSL312 Router - Denial of Service NETGEAR SSL312 Router - Denial of Service Netgear WGR614v9 Wireless Router - Denial of Service NETGEAR WGR614v9 Wireless Router - Denial of Service Gigaset SE461 WiMAX router - Remote Denial of Service Gigaset SE461 WiMAX Router - Remote Denial of Service Netgear DG632 Router - Remote Denial of Service NETGEAR DG632 Router - Remote Denial of Service Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (Denial of Service) (PoC) Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot Exploit Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot (Denial of Service) Siemens Gigaset SE361 WLAN - Remote Reboot Exploit Siemens Gigaset SE361 WLAN - Remote Reboot (Denial of Service) Apple Mac OSX 10.6 - HFS File System Attack (Denial of Service) Apple Mac OSX 10.6 - HFS FileSystem Exploit (Denial of Service) HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe' 'execvp_nc' Remote Code Execution Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe Denial of Service (PoC) Cyclope Internet Filtering Proxy 4.0 - 'CEPMServer.exe' Denial of Service (PoC) AirTies-4450 - Unauthorized Remote Reboot AirTies-4450 - Unauthorized Remote Reboot (Denial of Service) Digital Ultrix 4.0/4.1 - /usr/bin/chroot Exploit SunOS 4.1.1 - /usr/release/bin/makeinstall Exploit SunOS 4.1.1 - /usr/release/bin/winstall Exploit Digital Ultrix 4.0/4.1 - '/usr/bin/chroot' Exploit SunOS 4.1.1 - '/usr/release/bin/makeinstall' Exploit SunOS 4.1.1 - '/usr/release/bin/winstall' Exploit Linux Kernel 2.2 - 'ldd core' Force Reboot Linux Kernel 2.2 - 'ldd core' Force Reboot (Denial of Service) Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - visiadmin.exe Denial of Service Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - 'visiadmin.exe' Denial of Service OReilly WebSite 1.x/2.0 - win-c-sample.exe Buffer Overflow OReilly WebSite 1.x/2.0 - 'win-c-sample.exe' Buffer Overflow Microsoft Internet Explorer 5.0.1/5.5 - 'mstask.exe' CPU Consumption Microsoft Internet Explorer 5.0.1/5.5 - 'mstask.exe' CPU Consumption (Denial of Service) ID Software Quake 3 - 'smurf attack' Denial of Service ID Software Quake 3 - 'SMURF' Denial of Service Melange Chat System 2.0.2 Beta 2 - /yell Remote Buffer Overflow Melange Chat System 2.0.2 Beta 2 - '/yell' Remote Buffer Overflow Microsoft Windows NT/2000 - cmd.exe CD Buffer Overflow Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow Gordano Messaging Suite 9.0 - WWW.exe Denial of Service Gordano Messaging Suite 9.0 - 'WWW.exe' Denial of Service TYPSoft FTP Server 1.1 - Remote CPU Consumption Denial of Service TYPSoft FTP Server 1.1 - Remote CPU Consumption (Denial of Service) Microsoft Windows XP - explorer.exe Remote Denial of Service Microsoft Windows XP - 'explorer.exe' Remote Denial of Service VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions VMware Workstation - 'vprintproxy.exe' JPEG2000 Images Multiple Memory Corruptions Gattaca Server 2003 - web.tmpl Language Variable CPU Consumption Denial of Service Gattaca Server 2003 - 'web.tmpl' 'Language' Parameter CPU Consumption (Denial of Service) VMware Workstation - vprintproxy.exe TrueType NAME Tables Heap Buffer Overflow VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow Microsoft Windows XP - explorer.exe .tiff Image Denial of Service Microsoft Windows XP - 'explorer.exe' '.tiff' Image Denial of Service Microsoft Windows XP - TSShutdn.exe Remote Denial of Service Microsoft Windows XP - 'TSShutdn.exe' Remote Denial of Service Orenosv HTTP/FTP Server 0.8.1 - CGISSI.exe Remote Buffer Overflow Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow PHPMailer 1.7 - Data() Function Remote Denial of Service PHPMailer 1.7 - 'Data()' Function Remote Denial of Service Sights 'N Sounds Streaming Media Server 2.0.3 - SWS.exe Buffer Overflow Sights 'N Sounds Streaming Media Server 2.0.3 - 'SWS.exe' Buffer Overflow DSocks 1.3 - Name Variable Buffer Overflow DSocks 1.3 - 'Name' Parameter Buffer Overflow Microsoft Class Package Export Tool 5.0.2752 - Clspack.exe Local Buffer Overflow Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow Android Zygote - Socket and Fork bomb Attack Android Zygote - Socket and Fork Bomb (Denial of Service) Nvidia NView 3.5 - Keystone.exe Local Denial of Service Nvidia NView 3.5 - 'Keystone.exe' Local Denial of Service Ipswitch WS_FTP 2007 Professional - WSFTPURL.exe Local Memory Corruption Ipswitch WS_FTP 2007 Professional - 'WSFTPURL.exe' Local Memory Corruption Larson Network Print Server 9.4.2 build 105 - (LstNPS) NPSpcSVR.exe License Command Remote Overflow Larson Network Print Server 9.4.2 build 105 (LstNPS) - 'NPSpcSVR.exe' License Command Remote Overflow Linksys WRH54G 1.1.3 - (Wireless-G Router) Malformed HTTP Request Denial of Service Linksys WRH54G 1.1.3 Wireless-G Router - Malformed HTTP Request Denial of Service Ability FTP Server 2.1.4 - afsmain.exe USER Command Remote Denial of Service Ability FTP Server 2.1.4 - 'afsmain.exe' USER Command Remote Denial of Service Adobe Flash - Setting Variable Use-After-Free Adobe Flash - 'Setting' Variable Use-After-Free Git 1.9.5 - ssh-agent.exe Buffer Overflow Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow Apple Mac OSX 10.11 - FTS Deep Structure of the File System Buffer Overflow Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow Adobe Flash TextField Variable - Use-After Free Adobe Flash TextField.Variable Setter - Use-After-Free Adobe Flash - 'TextField' Variable Use-After Free Adobe Flash - TextField.Variable Setter Use-After-Free Seowon Intech WiMAX SWC-9100 Router - /cgi-bin/reboot.cgi Unauthenticated Remote Reboot Denial of Service Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Unauthenticated Remote Reboot (Denial of Service) Microsoft WinDbg - logviewer.exe Crash (PoC) Microsoft WinDbg - 'logviewer.exe' Crash (PoC) Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Stack Memory Disclosure Microsoft Windows - 'win32k!NtGdiGetTextMetricsW' Kernel Stack Memory Disclosure Microsoft Windows - 'win32k!NtGdiGetRealizationInfo' Kernel Stack Memory Disclosure Microsoft Windows - 'win32k!ClientPrinterThunk' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationJobObject (BasicLimitInformation_ ExtendedLimitInformation)' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessVmCounters)' Kernel Stack Memory Disclosure Microsoft Windows - 'win32k!NtGdiMakeFontDir' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 12)' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 28)' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationTransaction (information class 1)' Kernel Stack Memory Disclosure UUCP Exploit - File Creation/Overwriting (symlinks) Exploit UUCP Exploit - File Creation/Overwriting (Symlinks) Exploit HP-UX 11.0 - /bin/cu Privilege Escalation HP-UX 11.0 - '/bin/cu' Privilege Escalation Solaris 2.6 / 2.7 - /usr/bin/write Local Overflow Solaris 2.6 / 2.7 - '/usr/bin/write' Local Overflow IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) - /usr/bin/lpstat Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - /usr/lib/print/netprint Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Exploit Tru64 UNIX 4.0g - /usr/bin/at Privilege Escalation Slackware 7.1 - /usr/bin/mail Local Exploit Tru64 UNIX 4.0g - '/usr/bin/at' Privilege Escalation Slackware 7.1 - '/usr/bin/mail' Local Exploit Solaris 2.4 - /bin/fdformat Local Buffer Overflows Solaris 2.5.1 lp and lpsched - Symlink Vulnerabilities Solaris 2.4 - '/bin/fdformat' Local Buffer Overflow Solaris 2.5.1 lp / lpsched - Symlink Vulnerabilities AIX 4.2 - /usr/dt/bin/dtterm Local Buffer Overflow AIX 4.2 - '/usr/dt/bin/dtterm' Local Buffer Overflow SGI IRIX - /bin/login Local Buffer Overflow IRIX 5.3 - /usr/sbin/iwsh Buffer Overflow Privilege Escalation SGI IRIX - '/bin/login Local' Buffer Overflow IRIX 5.3 - '/usr/sbin/iwsh' Buffer Overflow Privilege Escalation Apple Mac OSX 10.3.7 - mRouter Privilege Escalation Apple Mac OSX 10.3.7 - 'mRouter' Privilege Escalation Sudo 1.6.8p9 - (SHELLOPTS/PS4 ENV variables) Privilege Escalation Sudo 1.6.8p9 - SHELLOPTS/PS4 Environment Variables Privilege Escalation Appfluent Database IDS < 2.1.0.103 - (Env Variable) Local Exploit Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Exploit HP-UX 11i - (LIBC TZ enviroment Variable) Privilege Escalation HP-UX 11i - 'LIBC TZ' Enviroment Variable Privilege Escalation Xcode OpenBase 10.0.0 (OSX) - (symlink) Privilege Escalation Xcode OpenBase 10.0.0 (OSX) - Symlink Privilege Escalation Adobe Photoshop CS2 - / CS3 Unspecified '.bmp' File Buffer Overflow Adobe Photoshop CS2 / CS3 - Unspecified '.bmp' File Buffer Overflow Debian - (symlink attack in login) Arbitrary File Ownership (PoC) Debian - (Symlink In Login) Arbitrary File Ownership (PoC) Cain & Abel 4.9.25 - (Cisco IOS-MD5) Local Buffer Overflow Cain & Abel 4.9.25 - 'Cisco IOS-MD5' Local Buffer Overflow xscreensaver 5.01 - Arbitrary File Disclosure Symlink Attack xscreensaver 5.01 - Arbitrary File Disclosure Symlink Exploit PHP 5.2.12/5.3.1 - symlink() open_basedir Bypass PHP 5.2.12/5.3.1 - 'symlink()' open_basedir Bypass HP OpenView Network Node Manager (OV NNM) 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovwebsnmpsrv.exe' Buffer Overflow (SEH) Microsoft Windows 7 - 'wab32res.dll' wab.exe DLL Microsoft Windows 7 - 'wab32res.dll' 'wab.exe' DLL Hijacking Oracle 10/11g - exp.exe Parameter file Local Buffer Overflow (PoC) Oracle 10/11g - 'exp.exe' 'file' Parameter Local Buffer Overflow (PoC) ISC BIND 4.9.7 -T1B - named SIGINT and SIGIOT symlink ISC BIND 4.9.7 -T1B - named SIGINT and SIGIOT Symlink Exploit Hancom Office 2007 - Reboot.ini Clear-Text Passwords Hancom Office 2007 - 'Reboot.ini' Clear-Text Passwords G. Wilford man 2.3.10 - Symlink G. Wilford man 2.3.10 - Symlink Exploit X11R6 3.3.3 - Symlink X11R6 3.3.3 - Symlink Exploit SGI IRIX 6.2 - /usr/lib/netaddpr Exploit SGI IRIX 6.2 - '/usr/lib/netaddpr' Exploit SCO Open Server 5.0.5 - 'userOsa' symlink SCO Open Server 5.0.5 - 'userOsa' Symlink Exploit Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Spoolss.exe DLL Insertion Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Spoolss.exe' DLL Insertion FreeBSD 3.3 gdc - Symlink FreeBSD 3.3 gdc - Symlink Exploit SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink Exploit FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - /proc File Sytem FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - '/proc' FileSystem Exploit Debian 2.1 - apcd Symlink Debian 2.1 - apcd Symlink Exploit SCO Unixware 7.1/7.1.1 - ARCserver /tmp symlink SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink Exploit Sun Workshop 5.0 - Licensing Manager Symlink Sun Workshop 5.0 - Licensing Manager Symlink Exploit Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - /tmp Symlink Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - '/tmp' Symlink Exploit OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink Exploit KDE 1.1 - /1.1.1/1.1.2/1.2 kdesud DISPLAY Environment Variable Overflow KDE 1.1/1.1.1/1.1.2/1.2 - kdesud DISPLAY Environment Variable Overflow HP-UX 10.20/11.0 man - /tmp Symlink Exploit HP-UX 10.20/11.0 - man '/tmp' Symlink Exploit HP-UX 10.20/11.0 crontab - /tmp File HP-UX 10.20/11.0 - crontab '/tmp' File Exploit Solaris 10 Patch 137097-01 - Symlink Attack Privilege Escalation Solaris 10 Patch 137097-01 - Symlink Privilege Escalation Tower Toppler 0.99.1 - Display Variable Local Buffer Overflow Tower Toppler 0.99.1 - 'Display' Parameter Local Buffer Overflow Microsoft Windows Server 2000 - RegEdit.exe Registry Key Value Buffer Overflow Microsoft Windows Server 2000 - 'RegEdit.exe' Registry Key Value Buffer Overflow RedHat 9.0 / Slackware 8.1 - /bin/mail Carbon Copy Field Buffer Overrun RedHat 9.0 / Slackware 8.1 - '/bin/mail' Carbon Copy Field Buffer Overrun Linux Kernel 2.2.x / 2.4.x - /proc Filesystem Potential Information Disclosure Linux Kernel 2.2.x / 2.4.x - '/proc' Filesystem Potential Information Disclosure Microsoft Windows XP/2000 - RunDLL32.exe Buffer Overflow Microsoft Windows XP/2000 - 'RunDLL32.exe' Buffer Overflow Tower Toppler 0.96 - HOME Environment Variable Local Buffer Overflow Tower Toppler 0.96 - 'HOME Environment' Parameter Local Buffer Overflow Top 1.x/2.0 - Home Environment Variable Local Buffer Overflow Top 1.x/2.0 - 'Home Environment' Parameter Local Buffer Overflow XBlast 2.6.1 - HOME Environment Variable Buffer Overflow XBlast 2.6.1 - 'HOME Environment' Variable Buffer Overflow XPCD 2.0.8 - Home Environment Variable Local Buffer Overflow XPCD 2.0.8 - 'Home Environment' Variable Local Buffer Overflow XSOK 1.0 2 - LANG Environment Variable Local Buffer Overrun XSOK 1.0 2 - 'LANG Environment' Variable Local Buffer Overrun Linux Kernel 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure Linux Kernel 2.6.32-5 (Debian 6.0.5) - '/dev/ptmx' Key Stroke Timing Local Disclosure ELinks Relative 0.10.6 - /011.1 Path Arbitrary Code Execution ELinks Relative 0.10.6 / 011.1 - Path Arbitrary Code Execution Oracle - HtmlConverter.exe Buffer Overflow Oracle - 'HtmlConverter.exe' Buffer Overflow Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation Linux pam_lib_smb < 1.1.6 - /bin/login Remote Exploit Linux pam_lib_smb < 1.1.6 - '/bin/login' Remote Exploit Microsoft Windows - DHCP Client Broadcast Attack Exploit (MS06-036) Microsoft Windows - DHCP Client Broadcast Exploit (MS06-036) Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - (FTP) Remote Exploit Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - 'FTP' Remote Exploit Oracle 9i / 10g - 'utl_file' File System Access Exploit Oracle 9i / 10g - 'utl_file' FileSystem Access Exploit HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'ovalarmsrv.exe' Remote Overflow Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb) Cisco IOS 12.3(18) - FTP Server Remote Exploit (Attached to GDB) Sagem F@ST (Routers) - (dhcp hostname attack) Cross-Site Request Forgery Sagem F@ST Routers - DHCP Hostname Cross-Site Request Forgery Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Attack (PoC) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC) Microsoft Windows - SmbRelay3 NTLM Replay Attack Tool/Exploit (MS08-068) Microsoft Windows - SmbRelay3 NTLM Replay Exploit (MS08-068) Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting Attack Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting Apple Safari 3.2.x - (XXE attack) Local File Theft Apple Safari 3.2.x - (XXE) Local File Theft Netgear DG632 Router - Authentication Bypass NETGEAR DG632 Router - Authentication Bypass BRS Webweaver 1.33 - /Scripts Access Restriction Bypass BRS Webweaver 1.33 - '/Scripts' Access Restriction Bypass Ada Image Server 0.6.7 - imgsrv.exe Buffer Overflow Ada Image Server 0.6.7 - 'imgsrv.exe' Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Unauthenticated Remote Buffer Overflow HMS HICP Protocol + Intellicom - NetBiterConfig.exe Remote Buffer Overflow Cisco ASA 8.x - VPN SSL module Clientless URL-list control Bypass HMS HICP Protocol + Intellicom - 'NetBiterConfig.exe' Remote Buffer Overflow Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass HP OpenView Network Node Manager (OV NNM) - OvWebHelp.exe CGI Topic Overflow HP OpenView Network Node Manager (OV NNM) - 'OvWebHelp.exe' CGI Topic Overflow HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid MaxAge Remote Code Execution HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid ICount Remote Code Execution HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid Hostname Remote Code Execution minerCPP 0.4b - Remote Buffer Overflow / Format String Attack Exploit minerCPP 0.4b - Remote Buffer Overflow / Format String Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution COMTREND ADSL Router CT-5367 C01_R12 - Remote Code Execution HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (1) HP - 'OmniInet.exe' MSG_PROTOCOL Buffer Overflow (Metasploit) (1) HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (2) HP - 'OmniInet.exe' MSG_PROTOCOL Buffer Overflow (Metasploit) (2) Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (MS10-023) (Metasploit) Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023) (Metasploit) IBM Lotus Domino Sametime - STMux.exe Stack Buffer Overflow (Metasploit) IBM Lotus Domino Sametime - 'STMux.exe' Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager - Snmp.exe CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'Snmp.exe' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - OvWebHelp.exe CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'OvWebHelp.exe' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - Toolbar.exe CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovalarm.exe' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - OpenView5.exe CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'OpenView5.exe' CGI Buffer Overflow (Metasploit) IBM TPM for OS Deployment 5.1.0.x - rembo.exe Buffer Overflow (Metasploit) IBM TPM for OS Deployment 5.1.0.x - 'rembo.exe' Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - EarthAgent.exe Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'OvJavaLocale' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'execvp' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager - snmpviewer.exe Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovwebsnmpsrv.exe ovutil Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe' 'schdParams' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'ICount' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'main' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' Unrecognized Option Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'ovutil' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'Hostname' CGI Buffer Overflow (Metasploit) 7-Technologies IGSS 9.00.00 b11063 - IGSSdataServer.exe Stack Overflow (Metasploit) 7-Technologies IGSS 9.00.00 b11063 - 'IGSSdataServer.exe' Stack Overflow (Metasploit) Citrix Provisioning Services 5.6 - streamprocess.exe Buffer Overflow (Metasploit) Citrix Provisioning Services 5.6 - 'streamprocess.exe' Buffer Overflow (Metasploit) FactoryLink - vrn.exe Opcode 9 Buffer Overflow (Metasploit) FactoryLink - 'vrn.exe' Opcode 9 Buffer Overflow (Metasploit) HP - OmniInet.exe Opcode 27 Buffer Overflow (Metasploit) HP - 'OmniInet.exe' Opcode 27 Buffer Overflow (Metasploit) Symantec Backup Exec 12.5 - MiTM Attack Symantec Backup Exec 12.5 - Man In The Middle Exploit HP OpenView Network Node Manager - Toolbar.exe CGI Cookie Handling Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Cookie Handling Buffer Overflow (Metasploit) Sunway Force Control SCADA 6.1 SP3 - httpsrv.exe Exploit Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Exploit Procyon Core Server HMI 1.13 - Coreservice.exe Stack Buffer Overflow (Metasploit) Procyon Core Server HMI 1.13 - 'Coreservice.exe' Stack Buffer Overflow (Metasploit) HP Diagnostics Server - magentservice.exe Overflow (Metasploit) HP Diagnostics Server - 'magentservice.exe' Overflow (Metasploit) Sunway ForceControl - SNMP NetDBServer.exe Opcode 0x57 (Metasploit) Sunway ForceControl - SNMP 'NetDBServer.exe' Opcode 0x57 (Metasploit) Trend Micro Control Manger 5.5 - CmdProcessor.exe Stack Buffer Overflow (Metasploit) Trend Micro Control Manger 5.5 - 'CmdProcessor.exe' Stack Buffer Overflow (Metasploit) Antelope Software W4-Server 2.6 a/Win32 - Cgitest.exe Buffer Overflow Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Buffer Overflow Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities Netscape Enterprise Server / Novell Groupwise 5.2/5.5 - 'GWWEB.EXE' Multiple Vulnerabilities FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - htimage.exe File Existence Disclosure FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - 'htimage.exe' File Existence Disclosure NAI Net Tools PKI Server 1.0 - strong.exe Buffer Overflow NAI Net Tools PKI Server 1.0 - 'strong.exe' Buffer Overflow Mandrake 6.1/7.0/7.1 - /perl http Directory Disclosure Mandrake 6.1/7.0/7.1 - '/perl' HTTP Directory Disclosure Microsoft IIS 3.0 - newdsn.exe File Creation Microsoft IIS 3.0 - 'newdsn.exe' File Creation Greg Matthews - Classifieds.cgi 1.0 Hidden Variable Greg Matthews - 'Classifieds.cgi' 1.0 Hidden Variable WebCom datakommunikation Guestbook 0.1 - wguest.exe Arbitrary File Access WebCom datakommunikation Guestbook 0.1 - rguest.exe Arbitrary File Access WebCom datakommunikation Guestbook 0.1 - 'wguest.exe' Arbitrary File Access WebCom datakommunikation Guestbook 0.1 - 'rguest.exe' Arbitrary File Access MetaProducts Offline Explorer 1.x - File System Disclosure MetaProducts Offline Explorer 1.x - FileSystem Disclosure Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Attack Detection Evasion Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Detection Evasion Webmin 1.580 - /file/show.cgi Remote Command Execution (Metasploit) Webmin 1.580 - '/file/show.cgi' Remote Command Execution (Metasploit) HP Operations Agent Opcode - coda.exe 0x8c Buffer Overflow (Metasploit) HP Operations Agent - Opcode coda.exe 0x34 Buffer Overflow (Metasploit) HP Operations Agent - Opcode 'coda.exe' 0x8c Buffer Overflow (Metasploit) HP Operations Agent - Opcode 'coda.exe' 0x34 Buffer Overflow (Metasploit) Netgear FM114P ProSafe Wireless Router - UPnP Information Disclosure NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure Netgear FM114P ProSafe Wireless Router - Rule Bypass NETGEAR FM114P ProSafe Wireless Router - Rule Bypass M-TECH P-Synch 6.2.5 - nph-psf.exe css Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - nph-psa.exe css Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Cross-Site Scripting Microsoft Internet Explorer 6 -' %USERPROFILE%' File Execution Microsoft Internet Explorer 6 - '%USERPROFILE%' File Execution EZMeeting 3.x - EZNet.exe Long HTTP Request Remote Buffer Overflow EZMeeting 3.x - 'EZNet.exe' Long HTTP Request Remote Buffer Overflow Enterasys NetSight - nssyslogd.exe Buffer Overflow (Metasploit) IBM Cognos - tm1admsd.exe Overflow (Metasploit) Enterasys NetSight - 'nssyslogd.exe' Buffer Overflow (Metasploit) IBM Cognos - 'tm1admsd.exe' Overflow (Metasploit) Webcam Corp Webcam Watchdog 4.0.1 - sresult.exe Cross-Site Scripting Webcam Corp Webcam Watchdog 4.0.1 - 'sresult.exe' Cross-Site Scripting Microsoft Windows XP/2000/2003 -'winhlp32' Phrase Integer Overflow Microsoft Windows XP/2000/2003 - 'winhlp32' Phrase Integer Overflow Oracle 8.x/9.x/10.x - Database Multiple SQL Injection Oracle 8.x/9.x/10.x Database - Multiple SQL Injections SAP Business Connector 4.6/4.7 - chopSAPLog.dsp fullName Variable Arbitrary File Disclosure SAP Business Connector 4.6/4.7 - deleteSingle fullName Variable Arbitrary File Deletion SAP Business Connector 4.6/4.7 - adapter-index.dsp url Variable Arbitrary Site Redirect SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp' 'fullName' Parameter Arbitrary File Disclosure SAP Business Connector 4.6/4.7 - 'deleteSingle' 'fullName' Parameter Arbitrary File Deletion SAP Business Connector 4.6/4.7 - 'adapter-index.dsp' 'url' Parameter Arbitrary Site Redirect Microsoft PowerPoint 2003 - powerpnt.exe Unspecified Issue Microsoft PowerPoint 2003 - 'powerpnt.exe' Unspecified Issue Cruiseworks 1.09 - Cws.exe Doc Directory Traversal Cruiseworks 1.09 - Cws.exe Doc Buffer Overflow Cruiseworks 1.09 - 'Cws.exe' Doc Directory Traversal Cruiseworks 1.09 - 'Cws.exe' Doc Buffer Overflow aBitWhizzy - whizzypic.php d Variable Traversal Arbitrary Directory Listing aBitWhizzy - 'whizzypic.php' 'd' ParameterTraversal Arbitrary Directory Listing LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow LANDesk Management Suite 8.7 Alert Service - 'AOLSRVR.exe' Buffer Overflow Trend Micro ServerProtect 5.58 - SpntSvc.exe Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow ABB MicroSCADA - wserver.exe Remote Code Execution (Metasploit) ABB MicroSCADA - 'wserver.exe' Remote Code Execution (Metasploit) SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities SAP DB 7.x Web Server - 'WAHTTP.exe' Multiple Buffer Overflow Vulnerabilities Cisco User-Changeable Password (UCP) 3.3.4.12.5 - CSUserCGI.exe Help Facility Cross-Site Scripting Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSUserCGI.exe' Help Facility Cross-Site Scripting HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access HP OpenView Network Node Manager (OV NNM) 7.x - 'OpenView5.exe' Action Parameter Traversal Arbitrary File Access F5 FirePass 6.0.2.3 - /vdesk/admincon/webyfiers.php css_exceptions Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - /vdesk/admincon/index.php sql_matchscope Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php' 'css_exceptions' Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php' 'sql_matchscope' Parameter Cross-Site Scripting GE Proficy CIMPLICITY - gefebt.exe Remote Code Execution (Metasploit) GE Proficy CIMPLICITY - 'gefebt.exe' Remote Code Execution (Metasploit) SolidWorks Workgroup PDM 2014 - pdmwService.exe Arbitrary File Write (Metasploit) SolidWorks Workgroup PDM 2014 - 'pdmwService.exe' Arbitrary File Write (Metasploit) Yokogawa CENTUM CS 3000 - BKHOdeq.exe Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - BKBCopyD.exe Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Buffer Overflow (Metasploit) Apache Geronimo 2.1.x - /console/portal/Server/Monitoring Multiple Parameter Cross-Site Scripting Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Parameter Cross-Site Scripting Comtrend CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting COMTREND CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - /diagnose Multiple Parameter Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - /configuration Multiple Parameter Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - /scripter.php Multiple Parameter Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - '/diagnose' Multiple Parameter Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - '/configuration' Multiple Parameter Cross-Site Scripting Juniper Junos 8.5/9.0 J-Web Interface - '/scripter.php' Multiple Parameter Cross-Site Scripting Yokogawa CS3000 - BKESimmgr.exe Buffer Overflow (Metasploit) Yokogawa CS3000 - 'BKESimmgr.exe' Buffer Overflow (Metasploit) Yokogawa CS3000 - BKFSim_vhfd.exe Buffer Overflow (Metasploit) Yokogawa CS3000 - 'BKFSim_vhfd.exe' Buffer Overflow (Metasploit) U.S.Robotics USR5463 0.06 - Firmware setup_ddns.exe HTML Injection U.S.Robotics USR5463 0.06 Firmware - 'setup_ddns.exe' HTML Injection WhatsApp 2.11.476 - Remote Reboot/Crash App Android Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu.maf jdeowpBackButtonProtect Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu_Menu.mafService e1.namespace Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu_OCL.mafService e1.namespace Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/MafletClose.mafService RENDER_MAFLET Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget Parameter Cross-Site Scripting WhatsApp 2.11.476 (Android) - Remote Reboot/Crash App (Denial of Service) Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf' 'jdeowpBackButtonProtect' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService' 'e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService' 'e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService' 'RENDER_MAFLET' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService' 'jdemafjasLinkTarget' Parameter Cross-Site Scripting Linksys WRT54GL (Wireless Router) - Cross-Site Request Forgery Linksys WRT54GL Wireless Router - Cross-Site Request Forgery Cisco Linksys E4200 - /apply.cgi Multiple Parameter Cross-Site Scripting Cisco Linksys E4200 - '/apply.cgi' Multiple Parameter Cross-Site Scripting Seowon Intech WiMAX SWC-9100 Router - /cgi-bin/diagnostic.cgi ping_ipaddr Parameter Remote Code Execution Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi' 'ping_ipaddr' Parameter Remote Code Execution Netgear D6300B - /diag.cgi IPAddr4 Parameter Remote Command Execution Netgear D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution Comtrend CT-5361T Router - Password.cgi Cross-Site Request Forgery (Admin Password Manipulation) COMTREND CT-5361T Router - 'Password.cgi' Cross-Site Request Forgery (Admin Password Manipulation) Alfresco - /proxy endpoint Parameter Server-Side Request Forgery Alfresco - /cmisbrowser url Parameter Server-Side Request Forgery Alfresco - '/proxy' 'endpoint' Parameter Server-Side Request Forgery Alfresco - '/cmisbrowser' 'url' Parameter Server-Side Request Forgery PhpTagCool 1.0.3 - SQL Injection Attacks Exploit PhpTagCool 1.0.3 - SQL Injection phpBB 2.0.18 - Remote Brute Force/Dictionary Attack Tool (2) phpBB 2.0.18 - Remote Brute Force/Dictionary (2) Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Attack Vectors Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Yrch 1.0 - 'plug.inc.php path Variable' Remote File Inclusion Yrch 1.0 - 'plug.inc.php' 'path' Parameter Remote File Inclusion Vizayn Haber - 'haberdetay.asp id Variable' SQL Injection Vizayn Haber - 'haberdetay.asp' 'id' Parameter SQL Injection iG Calendar 1.0 - 'user.php id Variable' SQL Injection iG Calendar 1.0 - 'user.php' 'id' Parameter SQL Injection MGB 0.5.4.5 - 'email.php id Variable' SQL Injection MGB 0.5.4.5 - 'email.php' 'id' Parameter SQL Injection Alstrasoft e-Friends 4.98 - (seid) Multiple SQL Injection Alstrasoft e-Friends 4.98 - 'seid' Multiple SQL Injections MyPHP Forum 3.0 - (Final) Multiple SQL Injection MyPHP Forum 3.0 (Final) - Multiple SQL Injections File Store PRO 3.2 - Multiple Blind SQL Injection File Store PRO 3.2 - Multiple Blind SQL Injections AssetMan 2.5-b - SQL Injection using Session Fixation Attack AssetMan 2.5-b - SQL Injection using Session Fixation Kasra CMS - 'index.php' Multiple SQL Injection Kasra CMS - 'index.php' Multiple SQL Injections NEWSolved 1.1.6 - 'login grabber' Multiple SQL Injection NEWSolved 1.1.6 - 'login grabber' Multiple SQL Injections T-HTB Manager 0.5 - Multiple Blind SQL Injection T-HTB Manager 0.5 - Multiple Blind SQL Injections Joomla! Component com_oziogallery2 - / IMAGIN Arbitrary file write Joomla! Component com_oziogallery2 / IMAGIN - Arbitrary File Write Open Bulletin Board - Multiple Blind SQL Injection Open Bulletin Board - Multiple Blind SQL Injections AJ Matrix 3.1 - 'id' Multiple SQL Injection AJ Matrix 3.1 - 'id' Multiple SQL Injections Zylone IT - Multiple Blind SQL Injection Zylone IT - Multiple Blind SQL Injections WhiteBoard 0.1.30 - Multiple Blind SQL Injection WhiteBoard 0.1.30 - Multiple Blind SQL Injections AV Arcade 3 - Cookie SQL Injection Authentication Bypass AV Arcade 3 - Cookie SQL Injection / Authentication Bypass Joomla! Component Teams - Multiple Blind SQL Injection Joomla! Component Teams - Multiple Blind SQL Injections AneCMS - /registre/next SQL Injection AneCMS - '/registre/next' SQL Injection Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injections Joomla! Component Clantools 1.2.3 - Multiple Blind SQL Injection Joomla! Component Clantools 1.2.3 - Multiple Blind SQL Injections ColdOfficeView 2.04 - Multiple Blind SQL Injection ColdOfficeView 2.04 - Multiple Blind SQL Injections Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injection Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injections Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injection Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injections Projekt Shop - 'details.php' Multiple SQL Injection Projekt Shop - 'details.php' Multiple SQL Injections PixelPost 1.7.3 - Multiple POST Variables SQL Injection PixelPost 1.7.3 - Multiple POST Parameter SQL Injections Webcat - Multiple Blind SQL Injection Webcat - Multiple Blind SQL Injections LiteRadius 3.2 - Multiple Blind SQL Injection LiteRadius 3.2 - Multiple Blind SQL Injections PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injection PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injections Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit COMTREND CT-5624 Router - Root/Support Password Disclosure/Change Exploit Sagem F@ST 2604 (ADSL Router) - Cross-Site Request Forgery Sagem F@ST 2604 ADSL Router - Cross-Site Request Forgery Rivettracker 1.03 - Multiple SQL Injection Rivettracker 1.03 - Multiple SQL Injections ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injection ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injections PHP Ticket System Beta 1 - 'index.php p Parameter' SQL Injection PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection X-Cart Gold 4.5 - 'products_map.php symb Parameter' Cross-Site Scripting X-Cart Gold 4.5 - 'products_map.php' 'symb' Parameter Cross-Site Scripting Symantec Web Gateway 5.0.2 - 'blocked.php id Parameter' Blind SQL Injection Symantec Web Gateway 5.0.2 - 'blocked.php' 'id' Parameter Blind SQL Injection Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid Parameter' Blind SQL Injection Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php' 'groupid' Parameter Blind SQL Injection Openconstructor CMS 3.12.0 - 'id' Parameter Multiple SQL Injection Openconstructor CMS 3.12.0 - 'id' Parameter Multiple SQL Injections YourArcadeScript 2.4 - 'index.php id Parameter' SQL Injection YourArcadeScript 2.4 - 'index.php' 'id' Parameter SQL Injection AV Arcade Free Edition - 'add_rating.php id Parameter' Blind SQL Injection AV Arcade Free Edition - 'add_rating.php' 'id' Parameter Blind SQL Injection QNAP Turbo NAS TS-1279U-RP - Multiple Path Injection QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections Blog Mod 0.1.9 - 'index.php month Parameter' SQL Injection Blog Mod 0.1.9 - 'index.php' 'month' Parameter SQL Injection Authoria HR Suite - AthCGI.exe Cross-Site Scripting Authoria HR Suite - 'AthCGI.exe' Cross-Site Scripting MyBB Profile Albums Plugin 0.9 - 'albums.php album Parameter' SQL Injection MyBB Profile Albums Plugin 0.9 - 'albums.php' 'album' Parameter SQL Injection M-TECH P-Synch 6.2.5 - nph-psf.exe css Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - nph-psa.exe css Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Remote File Inclusion friendsinwar FAQ Manager - SQL Injection (Authentication Bypass) friendsinwar FAQ Manager - SQL Injection / Authentication Bypass friendsinwar FAQ Manager - 'view_faq.php question Parameter' SQL Injection friendsinwar FAQ Manager - 'view_faq.php' 'question' Parameter SQL Injection SmartCMS - 'index.php idx Parameter' SQL Injection SmartCMS - 'index.php' 'idx' Parameter SQL Injection SmartCMS - 'index.php menuitem Parameter' SQL Injection / Cross-Site Scripting SmartCMS - 'index.php' 'menuitem' Parameter SQL Injection / Cross-Site Scripting Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injection Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injections MyBB AwayList Plugin - 'index.php id Parameter' SQL Injection MyBB AwayList Plugin - 'index.php' 'id' Parameter SQL Injection PHP-Nuke Error Manager Module 2.1 - error.php language Variable Full Path Disclosure PHP-Nuke Error Manager Module 2.1 - error.php Multiple Variables Cross-Site Scripting PHP-Nuke Error Manager Module 2.1 - 'error.php' 'language' Parameter Full Path Disclosure PHP-Nuke Error Manager Module 2.1 - 'error.php' Multiple Parameters Cross-Site Scripting phpHeaven phpMyChat 0.14.5 - edituser.php3 do_not_login Variable Authentication Bypass phpHeaven phpMyChat 0.14.5 - 'edituser.php3' 'do_not_login' Parameter Authentication Bypass NConf 1.3 - 'detail.php detail_admin_items.php id Parameter' SQL Injection NConf 1.3 - 'detail.php' 'detail_admin_items.php' 'id' Parameter SQL Injection Gattaca Server 2003 - Language Variable Path Exposure Gattaca Server 2003 - 'Language' Parameter Path Exposure AntiBoard 0.6/0.7 - antiboard.php Multiple Parameter SQL Injection AntiBoard 0.6/0.7 - antiboard.php Multiple Parameter SQL Injections Scripts Genie Gallery Personals - 'gallery.php L Parameter' SQL Injection Scripts Genie Gallery Personals - 'gallery.php' L' Parameter SQL Injection AdaptCMS 2.0.4 - 'config.php question Parameter' SQL Injection AdaptCMS 2.0.4 - 'config.php' 'question' Parameter SQL Injection Scripts Genie Domain Trader - 'catalog.php id Parameter' SQL Injection Scripts Genie Domain Trader - 'catalog.php' 'id' Parameter SQL Injection Scripts Genie Games Site Script - 'index.php id Parameter' SQL Injection Scripts Genie Games Site Script - 'index.php' 'id' Parameter SQL Injection Scripts Genie Top Sites - 'out.php id Parameter' SQL Injection Scripts Genie Top Sites - 'out.php' 'id' Parameter SQL Injection Scripts Genie Hot Scripts Clone - 'showcategory.php cid Parameter' SQL Injection Scripts Genie Hot Scripts Clone - 'showcategory.php' 'cid' Parameter SQL Injection PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id Parameter' SQL Injection PHPMyRecipes 1.2.2 - 'viewrecipe.php' 'r_id' Parameter SQL Injection MTP Image Gallery 1.0 - 'edit_photos.php title Parameter' Cross-Site Scripting MTP Image Gallery 1.0 - 'edit_photos.php' 'title' Parameter Cross-Site Scripting D-Link DSL-2740B (ADSL Router) - Authentication Bypass D-Link DSL-2740B ADSL Router - Authentication Bypass TIPS MailPost 5.1.1 - APPEND Variable Cross-Site Scripting TIPS MailPost 5.1.1 - 'APPEND' Parameter Cross-Site Scripting DUclassified 4.x - adDetail.asp Multiple Parameter SQL Injection DUclassified 4.x - 'adDetail.asp' Multiple Parameter SQL Injections Rebus:list - 'list.php list_id Parameter' SQL Injection Rebus:list - 'list.php' 'list_id' Parameter SQL Injection SynConnect Pms - 'index.php loginid Parameter' SQL Injection SynConnect Pms - 'index.php' 'loginid' Parameter SQL Injection AWS Xms 2.5 - 'importer.php what Parameter' Directory Traversal Pollen CMS 0.6 - 'index.php p Parameter' Local File Disclosure AWS Xms 2.5 - 'importer.php' 'what' Parameter Directory Traversal Pollen CMS 0.6 - 'index.php' 'p' Paramete' Local File Disclosure WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash Parameter' SQL Injection WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php' 'hash Parameter SQL Injection Kayako eSupport 2.x - Ticket System Multiple SQL Injection Kayako eSupport 2.x - Ticket System Multiple SQL Injections BibORB 1.3.2 Login Module - Multiple Parameter SQL Injection BibORB 1.3.2 Login Module - Multiple Parameter SQL Injections Active Auction House - default.asp Multiple SQL Injection Active Auction House - 'default.asp' Multiple SQL Injections CubeCart 2.0.x - 'index.php' Multiple Variable Full Path Disclosure CubeCart 2.0.x - tellafriend.php product Variable Full Path Disclosure CubeCart 2.0.x - view_cart.php add Variable Full Path Disclosure CubeCart 2.0.x - view_product.php product Variable Full Path Disclosure CubeCart 2.0.x - 'index.php' Multiple Parameter Full Path Disclosure CubeCart 2.0.x - 'tellafriend.php' 'product' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_cart.php' 'add' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_product.php' 'product' Parameter Full Path Disclosure OneWorldStore - 'OWListProduct.asp' Multiple SQL Injection OneWorldStore - 'OWListProduct.asp' Multiple SQL Injections WHMCS 4.x - 'invoicefunctions.php id Parameter' SQL Injection WHMCS 4.x - 'invoicefunctions.php' 'id' Parameter SQL Injection DUportal Pro 3.4 - default.asp Multiple Parameter SQL Injection DUportal Pro 3.4 - 'default.asp' Multiple Parameter SQL Injections DUportal Pro 3.4 - inc_vote.asp Multiple Parameter SQL Injection DUportal Pro 3.4 - result.asp Multiple Parameter SQL Injection DUportal Pro 3.4 - cat.asp Multiple Parameter SQL Injection DUportal Pro 3.4 - detail.asp Multiple Parameter SQL Injection DUportal Pro 3.4 - 'inc_vote.asp' Multiple Parameter SQL Injections DUportal Pro 3.4 - 'result.asp' Multiple Parameter SQL Injections DUportal Pro 3.4 - 'cat.asp' Multiple Parameter SQL Injections DUportal Pro 3.4 - 'detail.asp' Multiple Parameter SQL Injections DUportal 3.1.2 - inc_rating.asp Multiple Parameter SQL Injection DUportal 3.1.2 - 'inc_rating.asp' Multiple Parameter SQL Injections StorePortal 2.63 - default.asp Multiple SQL Injection StorePortal 2.63 - 'default.asp' Multiple SQL Injections MetaCart2 - SearchAction.asp Multiple SQL Injection MetaCart2 - 'SearchAction.asp' Multiple SQL Injections Claroline E-Learning 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline E-Learning 1.5/1.6 - 'userInfo.php' Multiple Parameter SQL Injections JGS-Portal 3.0.1 - ID Variable SQL Injection JGS-Portal 3.0.1 - 'ID' Parameter SQL Injection AVE.CMS 2.09 - 'index.php module Parameter' Blind SQL Injection AVE.CMS 2.09 - 'index.php' 'module' Parameter Blind SQL Injection RadioCMS 2.2 - 'menager.php playlist_id Parameter' SQL Injection RadioCMS 2.2 - 'menager.php' 'playlist_id' Parameter SQL Injection NPDS 4.8 - /5.0 modules.php Lettre Parameter Cross-Site Scripting NPDS 4.8 /5.0 - 'modules.php' Lettre Parameter Cross-Site Scripting Ampache 3.4.3 - 'login.php' Multiple SQL Injection Ampache 3.4.3 - 'login.php' Multiple SQL Injections FlatNuke 2.5.x - 'index.php' where Variable Full Path Disclosure FlatNuke 2.5.x - 'index.php' 'where' Parameter Full Path Disclosure CarLine Forum Russian Board 4.2 - reply_in.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - 'reply_in.php' Multiple Parameter SQL Injections CarLine Forum Russian Board 4.2 - memory.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - line.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - in.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - enter.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - 'memory.php' Multiple Parameter SQL Injections CarLine Forum Russian Board 4.2 - 'line.php' Multiple Parameter SQL Injections CarLine Forum Russian Board 4.2 - 'in.php' Multiple Parameter SQL Injections CarLine Forum Russian Board 4.2 - 'enter.php' Multiple Parameter SQL Injections osTicket 1.2/1.3 - view.php inc Variable Arbitrary Local File Inclusion osTicket 1.2/1.3 - 'view.php' 'inc' Parameter Arbitrary Local File Inclusion Ruubikcms 1.1.1 - 'tinybrowser.php folder Parameter' Directory Traversal Ruubikcms 1.1.1 - 'tinybrowser.php' 'folder' Parameter Directory Traversal Simple PHP Agenda 2.2.8 - 'edit_event.php eventid Parameter' SQL Injection Simple PHP Agenda 2.2.8 - 'edit_event.php' 'eventid' Parameter SQL Injection PHPFreeNews 1.40 - searchresults.php Multiple SQL Injection PHPFreeNews 1.40 - searchresults.php Multiple SQL Injections Aenovo - /Password/default.asp Password Field SQL Injection Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection Aenovo - '/Password/default.asp' Password Field SQL Injection Aenovo - '/incs/searchdisplay.asp' strSQL Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - /admincp/user.php Multiple Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - /admincp/usertitle.php usertitleid Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - /admincp/usertools.php ids Parameter SQL Injection NooToplist 1.0 - 'index.php' Multiple SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - /admincp/css.php group Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - /admincp/index.php Multiple Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - /admincp/user.php email Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - /admincp/language.php goto Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - /admincp/modlog.php orderby Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - /admincp/template.php Multiple Parameter Cross-Site Scripting MX Shop 3.2 - 'index.php' Multiple SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' Multiple Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php' 'usertitleid' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php' 'ids' Parameter SQL Injection NooToplist 1.0 - 'index.php' Multiple SQL Injections vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php' 'group' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/index.php' Multiple Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' 'email' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php' 'goto' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php' 'orderby' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/template.php' Multiple Parameter Cross-Site Scripting MX Shop 3.2 - 'index.php' Multiple SQL Injections Top Games Script 1.2 - 'play.php gid Parameter' SQL Injection Top Games Script 1.2 - 'play.php' 'gid' Parameter SQL Injection Elemata CMS RC3.0 - 'global.php id Parameter' SQL Injection Elemata CMS RC3.0 - 'global.php' 'id' Parameter SQL Injection Woltlab 1.1/2.x - Info-DB Info_db.php Multiple SQL Injection Woltlab 1.1/2.x - 'Info-DB Info_db.php' Multiple SQL Injections OaBoard 1.0 - forum.php Multiple SQL Injection OaBoard 1.0 - 'forum.php' Multiple SQL Injections Comersus Backoffice 4.x/5.0/6.0 - /comersus/database/comersus.mdb Direct Request Database Disclosure Comersus Backoffice 4.x/5.0/6.0 - '/comersus/database/comersus.mdb' Direct Request Database Disclosure PHP-Charts 1.0 - 'index.php type Parameter' Remote Code Execution PHP-Charts 1.0 - 'index.php' 'type' Parameter Remote Code Execution PHPList Mailing List Manager 2.x - /admin/admin.php id Parameter SQL Injection PHPList Mailing List Manager 2.x - /admin/editattributes.php id Parameter SQL Injection PHPList Mailing List Manager 2.x - /admin/eventlog.php Multiple Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - /admin/configure.php id Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - /admin/users.php find Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/admin.php' 'id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/editattributes.php' 'id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/eventlog.php' Multiple Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/configure.php' 'id' Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/users.php' 'find' Parameter Cross-Site Scripting Walla TeleSite 3.0 - ts.exe tsurl Variable Arbitrary Article Access Walla TeleSite 3.0 - ts.exe sug Parameter Cross-Site Scripting Walla TeleSite 3.0 - ts.exe sug Parameter SQL Injection Walla TeleSite 3.0 - 'ts.exe' 'tsurl' Parameter Arbitrary Article Access Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter Cross-Site Scripting Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter SQL Injection Pearl Forums 2.0 - 'index.php' Multiple SQL Injection Pearl Forums 2.0 - 'index.php' Multiple SQL Injections Helpdesk Issue Manager 0.x - find.php Multiple Parameter SQL Injection Helpdesk Issue Manager 0.x - 'find.php' Multiple Parameter SQL Injection PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injection Cars Portal 1.1 - 'index.php' Multiple SQL Injection PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injections Cars Portal 1.1 - 'index.php' Multiple SQL Injections IceWarp Universal WebMail - /accounts/inc/include.php Multiple Parameter Remote File Inclusion IceWarp Universal WebMail - /admin/inc/include.php Multiple Parameter Remote File Inclusion IceWarp Universal WebMail - /dir/include.html lang Parameter Local File Inclusion IceWarp Universal WebMail - /mail/settings.html Language Parameter Local File Inclusion IceWarp Universal WebMail - /mail/index.html lang_settings Parameter Remote File Inclusion IceWarp Universal WebMail - /mail/include.html Crafted HTTP_USER_AGENT Arbitrary File Access IceWarp Universal WebMail - '/accounts/inc/include.php' Multiple Parameter Remote File Inclusion IceWarp Universal WebMail - '/admin/inc/include.php' Multiple Parameter Remote File Inclusion IceWarp Universal WebMail - '/dir/include.html' 'lang' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/settings.html' 'Language' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/index.html' 'lang_settings' Parameter Remote File Inclusion IceWarp Universal WebMail - '/mail/include.html' Crafted HTTP_USER_AGENT Arbitrary File Access PHPJournaler 1.0 - Readold Variable SQL Injection PHPJournaler 1.0 - 'Readold' Parameter SQL Injection ScozNet ScozBook 1.1 - AdminName Variable SQL Injection ScozNet ScozBook 1.1 - 'AdminName' Parameter SQL Injection OnePlug CMS - /press/details.asp Press_Release_ID Parameter SQL Injection OnePlug CMS - /services/details.asp Service_ID Parameter SQL Injection OnePlug CMS - /products/details.asp Product_ID Parameter SQL Injection OnePlug CMS - '/press/details.asp' 'Press_Release_ID' Parameter SQL Injection OnePlug CMS - '/services/details.asp' 'Service_ID' Parameter SQL Injection OnePlug CMS - '/products/details.asp' 'Product_ID' Parameter SQL Injection Venom Board - Post.php3 Multiple SQL Injection Venom Board - 'Post.php3' Multiple SQL Injections microBlog 2.0 - 'index.php' Multiple SQL Injection microBlog 2.0 - 'index.php' Multiple SQL Injections NewsPHP - 'index.php' Multiple SQL Injection NewsPHP - 'index.php' Multiple SQL Injections ZixForum 1.12 - forum.asp Multiple SQL Injection ZixForum 1.12 - forum.asp Multiple SQL Injections HiveMail 1.2.2/1.3 - addressbook.update.php contactgroupid Variable Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - folders.update.php folderid Variable Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - 'addressbook.update.php' 'contactgroupid' Parameter Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - 'folders.update.php' 'folderid' Parameter Arbitrary PHP Command Execution ImageVue 0.16.1 - readfolder.php path Variable Arbitrary Directory Listing ImageVue 0.16.1 - 'readfolder.php' 'path' Parameter Arbitrary Directory Listing dotProject 2.0 - /modules/projects/gantt.php dPconfig[root_dir] Parameter Remote File Inclusion dotProject 2.0 - /includes/db_connect.php baseDir Remote File Inclusion dotProject 2.0 - /includes/session.php baseDir Parameter Remote File Inclusion dotProject 2.0 - /modules/projects/gantt2.php dPconfig[root_dir] Parameter Remote File Inclusion dotProject 2.0 - /modules/projects/vw_files.php dPconfig[root_dir] Parameter Remote File Inclusion dotProject 2.0 - /modules/admin/vw_usr_roles.php baseDir Parameter Remote File Inclusion dotProject 2.0 - /modules/public/calendar.php baseDir Parameter Remote File Inclusion dotProject 2.0 - /modules/public/date_format.php baseDir Parameter Remote File Inclusion dotProject 2.0 - /modules/tasks/gantt.php baseDir Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/gantt.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/includes/db_connect.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/includes/session.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/gantt2.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/vw_files.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/admin/vw_usr_roles.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/calendar.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/date_format.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/tasks/gantt.php' 'baseDir' Parameter Remote File Inclusion MyBB 1.0.3 - private.php Multiple SQL Injection MyBB 1.0.3 - 'private.php' Multiple SQL Injections Ginkgo CMS - 'index.php rang Parameter' SQL Injection Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection Telmanik CMS Press 1.01b - 'pages.php page_name Parameter' SQL Injection Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection DCI-Taskeen 1.03 - basket.php Multiple Parameter SQL Injection DCI-Taskeen 1.03 - cat.php Multiple Parameter SQL Injection DCI-Taskeen 1.03 - 'basket.php' Multiple Parameter SQL Injections DCI-Taskeen 1.03 - 'cat.php' Multiple Parameter SQL Injections sBlog 0.7.2 - search.php keyword Variable POST Method Cross-Site Scripting sBlog 0.7.2 - comments_do.php Multiple Variable POST Method Cross-Site Scripting sBlog 0.7.2 - 'search.php' 'keyword' Parameter POST Method Cross-Site Scripting sBlog 0.7.2 - 'comments_do.php' Multiple Variable POST Method Cross-Site Scripting PHPFox 3.6.0 (build3) - Multiple SQL Injection PHPFox 3.6.0 (build3) - Multiple SQL Injections Verisign MPKI 6.0 - Haydn.exe Cross-Site Scripting Verisign MPKI 6.0 - 'Haydn.exe' Cross-Site Scripting DSLogin 1.0 - 'index.php' Multiple SQL Injection DSLogin 1.0 - 'index.php' Multiple SQL Injections MLMAuction Script - 'gallery.php id Parameter' SQL Injection MLMAuction Script - 'gallery.php' 'id' Parameter SQL Injection PHPMyForum 4.0 - 'index.php' type Variable CRLF Injection PHPMyForum 4.0 - 'index.php' 'type' Parameter CRLF Injection APT-webshop 3.0/4.0 - modules.php Multiple SQL Injection APT-webshop 3.0/4.0 - modules.php Multiple SQL Injections Cisco CallManager 3.x/4.x - Web Interface ccmadmin/phonelist.asp pattern Parameter Cross-Site Scripting Cisco CallManager 3.x/4.x - Web Interface ccmuser/logon.asp Cross-Site Scripting Cisco CallManager 3.x/4.x - Web Interface 'ccmadmin/phonelist.asp' Pattern Parameter Cross-Site Scripting Cisco CallManager 3.x/4.x - Web Interface 'ccmuser/logon.asp' Cross-Site Scripting 321soft PHP-Gallery 0.9 - 'index.php' path Variable Arbitrary Directory Listing 321soft PHP-Gallery 0.9 - 'index.php' 'path' Parameter Arbitrary Directory Listing Pacheckbook 1.1 - 'index.php' Multiple SQL Injection Pacheckbook 1.1 - 'index.php' Multiple SQL Injections Creative Software UK Community Portal 1.1 - PollResults.php Multiple Parameter SQL Injection Creative Software UK Community Portal 1.1 - 'PollResults.php' Multiple Parameter SQL Injections EvoTopsite 2.0 - 'index.php' Multiple SQL Injection timobraun Dynamic Galerie 1.0 - 'index.php' pfad Variable Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - galerie.php pfad Variable Arbitrary Directory Listing EvoTopsite 2.0 - 'index.php' Multiple SQL Injections timobraun Dynamic Galerie 1.0 - 'index.php' 'pfad' Parameter Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - 'galerie.php' 'pfad' Parameter Arbitrary Directory Listing Gphotos 1.4/1.5 - 'index.php' rep Variable Traversal Arbitrary Directory Listing Gphotos 1.4/1.5 - 'index.php' 'rep' Parameter Traversal Arbitrary Directory Listing Mini-NUKE 2.3 - Your_Account.asp Multiple SQL Injection Mini-NUKE 2.3 - 'Your_Account.asp' Multiple SQL Injections Woltlab Burning Board FLVideo Addon - 'video.php value Parameter' SQL Injection Woltlab Burning Board FLVideo Addon - 'video.php' 'value' Parameter SQL Injection glFusion 1.3.0 - 'search.php cat_id Parameter' SQL Injection glFusion 1.3.0 - 'search.php' 'cat_id' Parameter SQL Injection Geodesic Solutions Multiple Products - 'index.php' b Parameter SQL Injection Geodesic Solutions Multiple Products - 'index.php' 'b' Parameter SQL Injection RadScripts - a_editpage.php Filename Variable Arbitrary File Overwrite RadScripts - 'a_editpage.php' 'Filename' Parameter Arbitrary File Overwrite Banex PHP MySQL Banner Exchange 2.21 - admin.php Multiple Parameter SQL Injection Banex PHP MySQL Banner Exchange 2.21 - 'admin.php' Multiple Parameter SQL Injections XennoBB 2.1 - profile.php Multiple SQL Injection XennoBB 2.1 - 'profile.php' Multiple SQL Injections Vtiger CRM 5.4.0 - 'index.php onlyforuser Parameter' SQL Injection Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection CubeCart 3.0.x - /admin/print_order.php order_id Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/print_order.php' 'order_id' Parameter Cross-Site Scripting CubeCart 3.0.x - /admin/nav.php Multiple Parameter Cross-Site Scripting CubeCart 3.0.x - /admin/image.php image Parameter Cross-Site Scripting CubeCart 3.0.x - /admin/header.inc.php Multiple Parameter Cross-Site Scripting CubeCart 3.0.x - /footer.inc.php la_pow_by Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/nav.php' Multiple Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/image.php' 'image' Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/header.inc.php' Multiple Parameter Cross-Site Scripting CubeCart 3.0.x - '/footer.inc.php' 'la_pow_by' Parameter Cross-Site Scripting AckerTodo 4.2 - 'login.php' Multiple SQL Injection AckerTodo 4.2 - 'login.php' Multiple SQL Injections Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage Parameter' SQL Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php' 'sondage' Parameter SQL Injection INFINICART - browsesubcat.asp Multiple Parameter SQL Injection INFINICART - 'browsesubcat.asp' Multiple Parameter SQL Injection Car Site Manager - csm/asp/listings.asp Multiple Parameter SQL Injection Car Site Manager - 'csm/asp/listings.asp' Multiple Parameter SQL Injections Dragon Internet Events Listing 2.0.01 - admin_login.asp Multiple Field SQL Injection ASPIntranet 2.1 - Multiple SQL Injection Dragon Internet Events Listing 2.0.01 - 'admin_login.asp' Multiple Field SQL Injections ASPIntranet 2.1 - Multiple SQL Injections Image Gallery with Access Database - default.asp Multiple Parameter SQL Injection Image Gallery with Access Database - 'default.asp' Multiple Parameter SQL Injection 20/20 Applications Data Shed 1.0 - listings.asp Multiple Parameter SQL Injection 20/20 Applications Data Shed 1.0 - 'listings.asp' Multiple Parameter SQL Injections BestWebApp Dating Site Login Component - Multiple Field SQL Injection BestWebApp Dating Site Login Component - Multiple Field SQL Injections Enthrallweb eClassifieds - ad.asp Multiple Parameter SQL Injection Enthrallweb eClassifieds - 'ad.asp' Multiple Parameter SQL Injection BirdBlog 1.4 - /admin/admincore.php msg Parameter Cross-Site Scripting BirdBlog 1.4 - /admin/comments.php month Parameter Cross-Site Scripting BirdBlog 1.4 - /admin/entries.php month Parameter Cross-Site Scripting BirdBlog 1.4 - /admin/logs.php page Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/admincore.php' 'msg' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/comments.php' 'month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/entries.php' 'month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/logs.php' 'page' Parameter Cross-Site Scripting Grandora Rialto 1.6 - /admin/default.asp Multiple Field SQL Injection Grandora Rialto 1.6 - '/admin/default.asp' Multiple Field SQL Injection Grandora Rialto 1.6 - searchkey.asp Multiple Parameter SQL Injection Grandora Rialto 1.6 - searchmain.asp Multiple Parameter SQL Injection Grandora Rialto 1.6 - searchoption.asp Multiple Parameter SQL Injection Grandora Rialto 1.6 - 'searchkey.asp' Multiple Parameter SQL Injection Grandora Rialto 1.6 - 'searchmain.asp' Multiple Parameter SQL Injection Grandora Rialto 1.6 - 'searchoption.asp' Multiple Parameter SQL Injection Enthrallweb eHomes - compareHomes.asp Multiple Parameter SQL Injection Enthrallweb eHomes - result.asp Multiple Parameter SQL Injection Enthrallweb eHomes - 'compareHomes.asp' Multiple Parameter SQL Injection Enthrallweb eHomes - 'result.asp' Multiple Parameter SQL Injection DUdownload 1.0/1.1 - detail.asp Multiple Parameter SQL Injection DUdownload 1.0/1.1 - 'detail.asp' Multiple Parameter SQL Injections Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injection Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injections ClickContact - default.asp Multiple SQL Injection ClickContact - 'default.asp' Multiple SQL Injections Dol Storye - Dettaglio.asp Multiple SQL Injection Dol Storye - 'Dettaglio.asp' Multiple SQL Injections Efkan Forum 1.0 - Grup Variable SQL Injection Efkan Forum 1.0 - 'Grup' Parameter SQL Injection EditTag 1.2 - edittag.cgi file Variable Arbitrary File Disclosure EditTag 1.2 - edittag.pl file Variable Arbitrary File Disclosure EditTag 1.2 - edittag_mp.cgi file Variable Arbitrary File Disclosure EditTag 1.2 - edittag_mp.pl file Variable Arbitrary File Disclosure EditTag 1.2 - 'edittag.cgi' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag.pl' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.cgi' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.pl' 'file' Parameter Arbitrary File Disclosure Indexu 5.0/5.3 - mailing_list.php Multiple Variables Cross-Site Scripting Indexu 5.0/5.3 - 'mailing_list.php' Multiple Parameters Cross-Site Scripting Project'Or RIA 3.4.0 - 'objectDetail.php objectId Parameter' SQL Injection Project'Or RIA 3.4.0 - 'objectDetail.php' 'objectId' Parameter SQL Injection WordPress 2.1.1 - 'wp-includes/theme.php' iz Variable Arbitrary Command Execution Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Variable SQL Injection WordPress 2.1.1 - 'wp-includes/theme.php' 'iz' Parameter Arbitrary Command Execution Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Parameter SQL Injection aBitWhizzy - whizzylink.php d Variable Traversal Arbitrary Directory Listing aBitWhizzy - 'whizzylink.php' 'd' Parameter Traversal Arbitrary Directory Listing MyBloggie 2.1.x - 'index.php' Multiple SQL Injection MyBloggie 2.1.x - 'index.php' Multiple SQL Injections PHPLive! 3.2.2 - super/info.php BASE_URL Variable Parameter Cross-Site Scripting PHPLive! 3.2.2 - 'super/info.php' 'BASE_URL' Parameter Parameter Cross-Site Scripting JFFNms 0.8.3 - auth.php Multiple Parameter SQL Injection JFFNms 0.8.3 - 'auth.php' Multiple Parameter SQL Injection DotClear 1.2.x - /ecrire/trackback.php post_id Parameter Cross-Site Scripting DotClear 1.2.x - /tools/thememng/index.php tool_url Parameter Cross-Site Scripting DotClear 1.2.x - '/ecrire/trackback.php' 'post_id' Parameter Cross-Site Scripting DotClear 1.2.x - '/tools/thememng/index.php' 'tool_url' Parameter Cross-Site Scripting PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injection PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injections Exponent CMS 0.96.5/0.96.6 - iconspopup.php icodir Variable Traversal Arbitrary Directory Listing Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php' 'icodir' Parameter Traversal Arbitrary Directory Listing Phorum 5.1.20 - admin.php module[] Variable Full Path Disclosure Phorum 5.1.20 - 'admin.php' 'module[]' Parameter Full Path Disclosure Chamilo Lms 1.9.6 - 'profile.php password0 Parameter' SQL Injection Dokeos 2.2 RC2 - 'index.php language Parameter' SQL Injection Chamilo Lms 1.9.6 - 'profile.php' 'password0 Parameter SQL Injection Dokeos 2.2 RC2 - 'index.php' 'language' Parameter SQL Injection UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Variable Full Path Disclosure UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Parameters Full Path Disclosure PHPAccounts 0.5 - 'index.php' Multiple SQL Injection PHPAccounts 0.5 - 'index.php' Multiple SQL Injections NetFlow Analyzer 5 - /jspui/applicationList.jsp alpha Parameter Cross-Site Scripting NetFlow Analyzer 5 - /jspui/appConfig.jsp task Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/applicationList.jsp' 'alpha' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/appConfig.jsp' 'task' Parameter Cross-Site Scripting NetFlow Analyzer 5 - /jspui/selectDevice.jsp rtype Parameter Cross-Site Scripting NetFlow Analyzer 5 - /jspui/customReport.jsp rtype Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/selectDevice.jsp' 'rtype' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/customReport.jsp' 'rtype' Parameter Cross-Site Scripting geoBlog MOD_1.0 - deletecomment.php id Variable Arbitrary Comment Deletion geoBlog MOD_1.0 - deleteblog.php id Variable Arbitrary Blog Deletion geoBlog MOD_1.0 - 'deletecomment.php' 'id' Parameter Arbitrary Comment Deletion geoBlog MOD_1.0 - 'deleteblog.php' 'id' Parameter Arbitrary Blog Deletion Next Gen Portfolio Manager - default.asp Multiple SQL Injection Next Gen Portfolio Manager - 'default.asp' Multiple SQL Injections ACG News 1.0 - 'index.php' Multiple SQL Injection Cisco CallManager 4.2 - / CUCM 4.2 Logon Page lang Parameter SQL Injection ACG News 1.0 - 'index.php' Multiple SQL Injections Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' Parameter SQL Injection WebBatch - webbatch.exe URL Cross-Site Scripting WebBatch - webbatch.exe dumpinputdata Variable Remote Information Disclosure WebBatch - 'webbatch.exe' URL Cross-Site Scripting WebBatch - 'webbatch.exe' 'dumpinputdata' Parameter Remote Information Disclosure NetWin DNews - Dnewsweb.exe Multiple Cross-Site Scripting Vulnerabilities NetWin DNews - 'Dnewsweb.exe' Multiple Cross-Site Scripting Vulnerabilities Scott Manktelow Design Stride 1.0 - Courses detail.php Multiple SQL Injection Scott Manktelow Design Stride 1.0 Courses - 'detail.php' Multiple SQL Injections Article Dashboard - 'admin/login.php' Multiple SQL Injection Article Dashboard - 'admin/login.php' Multiple SQL Injections Multi-Forums - Directory.php Multiple SQL Injection Multi-Forums - 'Directory.php' Multiple SQL Injections JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injection JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injections Absolute News Manager .NET 5.1 - 'pages/default.aspx' template Variable Remote File Access Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple Parameter SQL Injection Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple Parameter SQL Injections phpRPG 0.8 - /tmp Directory PHPSESSID Cookie Session Hijacking phpRPG 0.8 - '/tmp' Directory PHPSESSID Cookie Session Hijacking Web Sihirbazi 5.1.1 - 'default.asp' Multiple SQL Injection Web Sihirbazi 5.1.1 - 'default.asp' Multiple SQL Injections eTicket 1.5.5.2 - search.php Multiple Parameter SQL Injection eTicket 1.5.5.2 - admin.php Multiple Parameter SQL Injection eTicket 1.5.5.2 - 'search.php' Multiple Parameter SQL Injection eTicket 1.5.5.2 - 'admin.php' Multiple Parameter SQL Injection Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/login.jsp Multiple Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/account/findForSelect.jsp resultsForm Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/help/index.jsp helpUrl Variable Remote Frame Injection Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/user/main.jsp activeControl Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/login.jsp' Multiple Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp' 'resultsForm' Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp' 'helpUrl' Parameter Remote Frame Injection Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp' 'activeControl' Parameter Cross-Site Scripting MyBB 1.2.10 - 'moderation.php' Multiple SQL Injection MyBB 1.2.10 - 'moderation.php' Multiple SQL Injections PacerCMS 0.6 - 'id' Parameter Multiple SQL Injection PacerCMS 0.6 - 'id' Parameter Multiple SQL Injections Ipswitch WS_FTP Server 6 - /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass Ipswitch WS_FTP Server 6 - '/WSFTPSVR/FTPLogServer/LogViewer.asp' Authentication Bypass Cacti 0.8.7 - tree.php Multiple Parameter SQL Injection Cacti 0.8.7 - 'tree.php' Multiple Parameter SQL Injections Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injection Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injections WebcamXP 3.72.440/4.05.280 Beta - /pocketpc camnum Variable Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - /show_gallery_pic id Variable Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc' 'camnum' Parameter Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic' 'id' Parameter Arbitrary Memory Disclosure Elastic Path 4.1 - 'manager/FileManager.jsp' dir Variable Traversal Arbitrary Directory Listing Elastic Path 4.1 - 'manager/FileManager.jsp' 'dir' Parameter Traversal Arbitrary Directory Listing osCommerce 2.3.3.4 - 'geo_zones.php zID Parameter' SQL Injection osCommerce 2.3.3.4 - 'geo_zones.php' 'zID' Parameter SQL Injection D-Link DSL-2750B (ADSL Router) - Cross-Site Request Forgery D-Link DSL-2750B ADSL Route) - Cross-Site Request Forgery Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities Concrete5 5.6.2.1 - 'index.php cID Parameter' SQL Injection Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection TLM CMS 1.1 - 'index.php' Multiple SQL Injection TLM CMS 1.1 - 'index.php' Multiple SQL Injections RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injection RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injections IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injection IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injections WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php track Parameter' SQL Injection WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php' 'track' Parameter SQL Injection JustPORTAL 1.0 - 'site' Parameter Multiple SQL Injection Proje ASP Portal 2.0 - 'id' Parameter Multiple SQL Injection dvbbs 8.2 - 'login.asp' Multiple SQL Injection JustPORTAL 1.0 - 'site' Parameter Multiple SQL Injections Proje ASP Portal 2.0 - 'id' Parameter Multiple SQL Injections dvbbs 8.2 - 'login.asp' Multiple SQL Injections Te Ecard - 'id' Parameter Multiple SQL Injection Te Ecard - 'id' Parameter Multiple SQL Injections Benja CMS 0.1 - /admin/admin_edit_submenu.php URL Cross-Site Scripting Benja CMS 0.1 - '/admin/admin_edit_submenu.php' URL Cross-Site Scripting Benja CMS 0.1 - /admin/admin_edit_topmenu.php URL Cross-Site Scripting Benja CMS 0.1 - '/admin/admin_edit_topmenu.php' URL Cross-Site Scripting PHP Ticket System Beta 1 - 'get_all_created_by_user.php id Parameter' SQL Injection PHP Ticket System Beta 1 - 'get_all_created_by_user.php' 'id' Parameter SQL Injection webERP 4.11.3 - 'SalesInquiry.php SortBy Parameter' SQL Injection webERP 4.11.3 - 'SalesInquiry.php' 'SortBy' Parameter SQL Injection couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injection couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injections Claroline 1.8.9 - claroline/redirector.php url Variable Arbitrary Site Redirect Claroline 1.8.9 - 'claroline/redirector.php' 'url' Parameter Arbitrary Site Redirect EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection / Cross-Site Scripting EasyPublish 3.0 - 'read' Parameter Multiple SQL Injections / Cross-Site Scripting ownCloud 4.0.x/4.5.x - 'upload.php Filename Parameter' Remote Code Execution ownCloud 4.0.x/4.5.x - 'upload.php' 'Filename' Parameter Remote Code Execution Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injection Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injections ZYXEL Router P-660HN-T1A - Login Bypass ZYXEL P-660HN-T1A Router - Login Bypass PromoProducts - 'view_product.php' Multiple SQL Injection PromoProducts - 'view_product.php' Multiple SQL Injections EasyRealtorPRO 2008 - 'site_search.php' Multiple SQL Injection EasyRealtorPRO 2008 - 'site_search.php' Multiple SQL Injections OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injection OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i Parameter' SQL Injection InterWorx Control Panel 5.0.13 build 574 - 'xhr.php' 'i' Parameter SQL Injection Tandis CMS 2.5 - 'index.php' Multiple SQL Injection Tandis CMS 2.5 - 'index.php' Multiple SQL Injections TWiki 4.x - SEARCH Variable Remote Command Execution TWiki 4.x - URLPARAM Variable Cross-Site Scripting TWiki 4.x - 'SEARCH' Parameter Remote Command Execution TWiki 4.x - 'URLPARAM' Parameter Cross-Site Scripting DO-CMS 3.0 - 'p' Parameter Multiple SQL Injection DO-CMS 3.0 - 'p' Parameter Multiple SQL Injections MKPortal 1.2.1 - /modules/blog/index.php Home Template Textarea SQL Injection MKPortal 1.2.1 - /modules/rss/handler_image.php i Parameter Cross-Site Scripting MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection MKPortal 1.2.1 - '/modules/rss/handler_image.php' 'i' Parameter Cross-Site Scripting Banking@Home 2.1 - 'login.asp' Multiple SQL Injection Banking@Home 2.1 - 'login.asp' Multiple SQL Injections kitForm CRM Extension 0.43 - 'sorter.php sorter_value Parameter' SQL Injection kitForm CRM Extension 0.43 - 'sorter.ph' 'sorter_value' Parameter SQL Injection dompdf 0.6.0 - 'dompdf.php read Parameter' Arbitrary File Read dompdf 0.6.0 - 'dompdf.php' 'read' Parameter Arbitrary File Read Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injection Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injections VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injection VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injections Pars CMS - 'RP' Parameter Multiple SQL Injection Pars CMS - 'RP' Parameter Multiple SQL Injections tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injection tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injections MODx 1.0.3 - 'index.php' Multiple SQL Injection MODx 1.0.3 - 'index.php' Multiple SQL Injections HuronCMS - 'index.php' Multiple SQL Injection HuronCMS - 'index.php' Multiple SQL Injections 4x CMS - 'login.php' Multiple SQL Injection 4x CMS - 'login.php' Multiple SQL Injections Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injection Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injections ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injection ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections GREEZLE - Global Real Estate Agent Login Multiple SQL Injection (GREEZLE) Global Real Estate Agent Login - Multiple SQL Injections SaffaTunes CMS - 'news.php' Multiple SQL Injection SaffaTunes CMS - 'news.php' Multiple SQL Injections pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injection pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injections DiamondList - /user/main/update_settings setting[site_title] Parameter Cross-Site Scripting DiamondList - /user/main/update_category category[description] Parameter Cross-Site Scripting DiamondList - '/user/main/update_settings' 'setting[site_title]' Parameter Cross-Site Scripting DiamondList - '/user/main/update_category' 'category[description]' Parameter Cross-Site Scripting vBulletin 4.0.x < 4.1.2 - 'search.php cat Parameter' SQL Injection vBulletin 4.0.x < 4.1.2 - 'search.php' 'cat' Parameter SQL Injection Mulitple WordPress Themes - 'admin-ajax.php img Parameter' Arbitrary File Download Mulitple WordPress Themes - 'admin-ajax.php' 'img' Parameter Arbitrary File Download tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injection tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injections APBook 1.3 - Admin Login Multiple SQL Injection APBook 1.3 - Admin Login Multiple SQL Injections MODx manager - /controllers/default/resource/tvs.php class_key Parameter Traversal Local File Inclusion MODx manager - '/controllers/default/resource/tvs.php' 'class_key' Parameter Traversal Local File Inclusion Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter' SQL Injection Bacula-Web 5.2.10 - 'joblogs.php' 'jobid Parameter SQL Injection PHP Scripts Now Riddles - /riddles/results.php searchQuery Parameter Cross-Site Scripting PHP Scripts Now Riddles - /riddles/list.php catid Parameter SQL Injection PHP Scripts Now Riddles - '/riddles/results.php' 'searchQuery' Parameter Cross-Site Scripting PHP Scripts Now Riddles - '/riddles/list.php' 'catid' Parameter SQL Injection Easy Banner 2009.05.18 - member.php Multiple Parameter SQL Injection Authentication Bypass Easy Banner 2009.05.18 - 'member.php' Multiple Parameter SQL Injection / Authentication Bypass E-lokaler CMS 2 - Admin Login Multiple SQL Injection E-lokaler CMS 2 - Admin Login Multiple SQL Injections Blog:CMS 4.2.1 e - Multiple HTML Injection / Cross-Site Scripting Blog:CMS 4.2.1 e - Multiple HTML Injections / Cross-Site Scripting Piwigo 2.6.0 - 'picture.php rate Parameter' SQL Injection Piwigo 2.6.0 - 'picture.php' 'rate' Parameter SQL Injection Eleanor CMS - Cross-Site Scripting / Multiple SQL Injection Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections Netgear WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit NETGEAR WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter' SQL Injection PHPMyRecipes 1.2.2 - 'dosearch.php' 'words_exact Parameter SQL Injection Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injection Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections BoutikOne - search.php Multiple Parameter SQL Injection BoutikOne - 'search.php' Multiple Parameter SQL Injections Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injection Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injections Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injection Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injection Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injections GuppY 4.6.14 - 'lng' Parameter Multiple SQL Injection GuppY 4.6.14 - 'lng' Parameter Multiple SQL Injections Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass Soitec SmartEnergy 1.4 - SCADA Login SQL Injection / Authentication Bypass CIK Telecom VoIP router SVG6000RW - Privilege Escalation / Command Execution CIK Telecom VoIP Router SVG6000RW - Privilege Escalation / Command Execution PHPMyRecipes 1.2.2 - 'browse.php category Parameter' SQL Injection PHPMyRecipes 1.2.2 - 'browse.php' 'category' Parameter SQL Injection 4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injection 4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injections TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injection TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injections Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injection Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injections Mambo Component Docman 1.3.0 - Multiple SQL Injection Mambo Component Docman 1.3.0 - Multiple SQL Injections ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injection ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injections Paliz Portal - Cross-Site Scripting / Multiple SQL Injection Paliz Portal - Cross-Site Scripting / Multiple SQL Injections Sphider 1.3.x - Admin Panel Multiple SQL Injection Sphider 1.3.x - Admin Panel Multiple SQL Injections Code Widgets Online Job Application - 'admin.asp' Multiple SQL Injection Code Widgets Online Job Application - 'admin.asp' Multiple SQL Injections Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injection Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injections EasyGallery 5 - 'index.php' Multiple SQL Injection EasyGallery 5 - 'index.php' Multiple SQL Injections Xenon - 'id' Parameter Multiple SQL Injection Xenon - 'id' Parameter Multiple SQL Injections eFront 3.6.10 - 'professor.php' Script Multiple SQL Injection eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injection eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injections Dolibarr ERP/CRM - /user/index.php Multiple Parameter SQL Injection Dolibarr ERP/CRM - /user/info.php id Parameter SQL Injection Dolibarr ERP/CRM - /admin/boxes.php rowid Parameter SQL Injection Dolibarr ERP/CRM - '/user/index.php' Multiple Parameter SQL Injections Dolibarr ERP/CRM - '/user/info.php' 'id' Parameter SQL Injection Dolibarr ERP/CRM - '/admin/boxes.php' 'rowid' Parameter SQL Injection PrestaShop 1.4.4.1 - /modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition Parameter Cross-Site Scripting PrestaShop 1.4.4.1 - /admin/ajaxfilemanager/ajax_save_text.php Multiple Parameter Cross-Site Scripting PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php' 'Expedition' Parameter Cross-Site Scripting PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Parameter Cross-Site Scripting Manx 1.0.1 - /admin/admin_blocks.php Filename Parameter Traversal Arbitrary File Access Manx 1.0.1 - /admin/admin_pages.php Filename Parameter Traversal Arbitrary File Access Manx 1.0.1 - '/admin/admin_blocks.php' 'Filename' Parameter Traversal Arbitrary File Access Manx 1.0.1 - '/admin/admin_pages.php' 'Filename' Parameter Traversal Arbitrary File Access SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injection SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injections Balero CMS 0.7.2 - Multiple Blind SQL Injection Balero CMS 0.7.2 - Multiple Blind SQL Injections WordPress Plugin'WP Mobile Edition 2.7 - Remote File Disclosure WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injection CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections Dotclear 2.4.1.2 - /admin/auth.php login_data Parameter Cross-Site Scripting Dotclear 2.4.1.2 - /admin/blogs.php nb Parameter Cross-Site Scripting Dotclear 2.4.1.2 - /admin/comments.php Multiple Parameter Cross-Site Scripting Dotclear 2.4.1.2 - /admin/plugin.php page Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/auth.php' 'login_data' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/blogs.php' 'nb' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/comments.php' Multiple Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/plugin.php' 'page' Parameter Cross-Site Scripting SAP Business Objects InfoView System - /help/helpredir.aspx guide Parameter Cross-Site Scripting SAP Business Objects InfoView System - /webi/webi_modify.aspx id Parameter Cross-Site Scripting SAP Business Objects InfoView System - '/help/helpredir.aspx' 'guide' Parameter Cross-Site Scripting SAP Business Objects InfoView System - '/webi/webi_modify.aspx' 'id' Parameter Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 - /lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml() Method Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php' 'String::stripUnsafeHtml()' Method Cross-Site Scripting PHP Designer 2007 - Personal Multiple SQL Injection PHP Designer 2007 Personal - Multiple SQL Injections WordPress Plugin All-in-One Event Calendar 1.4 agenda-widget.php Multiple Parameter Cross-Site Scripting WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Parameter Cross-Site Scripting XOOPS 2.5.4 - /modules/pm/pmlite.php to_userid Parameter Cross-Site Scripting XOOPS 2.5.4 - /tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php Multiple Parameter Cross-Site Scripting XOOPS 2.5.4 - '/modules/pm/pmlite.php' 'to_userid' Parameter Cross-Site Scripting XOOPS 2.5.4 - '/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php' Multiple Parameter Cross-Site Scripting XM Forum - 'id' Parameter Multiple SQL Injection XM Forum - 'id' Parameter Multiple SQL Injections AdaptCMS 2.0.2 TinyURL Plugin - admin.php Multiple Parameter SQL Injection AdaptCMS 2.0.2 TinyURL Plugin - 'admin.php' Multiple Parameter SQL Injections Classified Ads Script PHP - 'admin.php' Multiple SQL Injection Classified Ads Script PHP - 'admin.php' Multiple SQL Injections Limny - 'index.php' Multiple SQL Injection Limny - 'index.php' Multiple SQL Injections TCExam 11.2.x - /admin/code/tce_edit_answer.php Multiple Parameter SQL Injection TCExam 11.2.x - /admin/code/tce_edit_question.php subject_module_id Parameter SQL Injection TCExam 11.2.x - '/admin/code/tce_edit_answer.php' Multiple Parameter SQL Injection TCExam 11.2.x - '/admin/code/tce_edit_question.php' 'subject_module_id' Parameter SQL Injection jCore - /admin/index.php path Parameter Cross-Site Scripting jCore - '/admin/index.php' 'path' Parameter Cross-Site Scripting Netsweeper 4.0.8 - SQL Injection Authentication Bypass Netsweeper 4.0.8 - SQL Injection / Authentication Bypass dotProject 2.1.x - 'index.php' Multiple Parameter SQL Injection dotProject 2.1.x - 'index.php' Multiple Parameter SQL Injections MantisBT 1.2.19 - Host Header Attack MantisBT 1.2.19 - Host Header Exploit WordPress Plugin RokBox Plugin - /wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext Parameter Cross-Site Scripting WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf' 'abouttext' Parameter Cross-Site Scripting cPanel WebHost Manager (WHM) - /webmail/x3/mail/clientconf.html acct Parameter Cross-Site Scripting cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html' 'acct' Parameter Cross-Site Scripting WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php reqID Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php reqID Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php' 'reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php' 'reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php' 'reqID' Parameter SQL Injection PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injection PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections ezStats for Battlefield 3 - /ezStats2/compare.php Multiple Parameter Cross-Site Scripting ezStats for Battlefield 3 - '/ezStats2/compare.php' Multiple Parameter Cross-Site Scripting PHP Address Book - /addressbook/register/delete_user.php id Parameter SQL Injection PHP Address Book - /addressbook/register/edit_user.php id Parameter SQL Injection PHP Address Book - /addressbook/register/edit_user_save.php Multiple Parameter SQL Injection PHP Address Book - /addressbook/register/linktick.php site Parameter SQL Injection PHP Address Book - /addressbook/register/reset_password.php Multiple Parameter SQL Injection PHP Address Book - /addressbook/register/reset_password_save.php Multiple Parameter SQL Injection PHP Address Book - /addressbook/register/router.php BasicLogin Cookie Parameter SQL Injection PHP Address Book - /addressbook/register/traffic.php var Parameter SQL Injection PHP Address Book - /addressbook/register/user_add_save.php email Parameter SQL Injection PHP Address Book - /addressbook/register/checklogin.php 'Username' Parameter SQL Injection PHP Address Book - /addressbook/register/admin_index.php q Parameter SQL Injection PHP Address Book - '/addressbook/register/delete_user.php' 'id' Parameter SQL Injection PHP Address Book - '/addressbook/register/edit_user.php' 'id' Parameter SQL Injection PHP Address Book - '/addressbook/register/edit_user_save.php' Multiple Parameter SQL Injection PHP Address Book - '/addressbook/register/linktick.php' 'site' Parameter SQL Injection PHP Address Book - '/addressbook/register/reset_password.php' Multiple Parameter SQL Injection PHP Address Book - '/addressbook/register/reset_password_save.php' Multiple Parameter SQL Injection PHP Address Book - '/addressbook/register/router.php' 'BasicLogin' Cookie Parameter SQL Injection PHP Address Book - '/addressbook/register/traffic.php' 'var' Parameter SQL Injection PHP Address Book - '/addressbook/register/user_add_save.php' 'email' Parameter SQL Injection PHP Address Book - '/addressbook/register/checklogin.php' 'Username' Parameter SQL Injection PHP Address Book - '/addressbook/register/admin_index.php' 'q' Parameter SQL Injection Hero Framework - /users/login 'Username' Parameter Cross-Site Scripting Hero Framework - /users/forgot_password error Parameter Cross-Site Scripting Hero Framework - '/users/login' 'Username' Parameter Cross-Site Scripting Hero Framework - '/users/forgot_password' 'error' Parameter Cross-Site Scripting RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injection RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injections NetApp OnCommand System Manager - /zapiServlet CIFS Configuration Management Interface Multiple Parameter Cross-Site Scripting NetApp OnCommand System Manager - /zapiServlet User Management Interface Multiple Parameter Cross-Site Scripting NetApp OnCommand System Manager - '/zapiServlet' CIFS Configuration Management Interface Multiple Parameter Cross-Site Scripting NetApp OnCommand System Manager - '/zapiServlet' User Management Interface Multiple Parameter Cross-Site Scripting Jahia xCM - /engines/manager.jsp site Parameter Cross-Site Scripting Jahia xCM - '/engines/manager.jsp' 'site' Parameter Cross-Site Scripting D-Link DIR-816L (Wireless Router) - Cross-Site Request Forgery D-Link DIR-816L Wireless Router - Cross-Site Request Forgery Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Parameter Multiple SQL Injection Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Parameter Multiple SQL Injections NeoBill - /modules/nullregistrar/PHPwhois/example.php query Parameter Remote Code Execution NeoBill - /install/include/solidstate.php Multiple Parameter SQL Injection NeoBill - '/modules/nullregistrar/PHPwhois/example.php' 'query' Parameter Remote Code Execution NeoBill - '/install/include/solidstate.php' Multiple Parameter SQL Injection C2C Forward Auction Creator 2.0 - /auction/asp/list.asp pa Parameter SQL Injection C2C Forward Auction Creator - /auction/casp/Admin.asp SQL Injection Admin Authentication Bypass C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp' 'pa' Parameter SQL Injection C2C Forward Auction Creator - '/auction/casp/Admin.asp' SQL Injection (Admin Authentication Bypass) Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injection Authentication Bypass Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injections / Authentication Bypass Command School Student Management System - /sw/admin_grades.php id Parameter SQL Injection Command School Student Management System - /sw/admin_terms.php id Parameter SQL Injection Command School Student Management System - /sw/admin_school_years.php id Parameter SQL Injection Command School Student Management System - /sw/admin_sgrades.php id Parameter SQL Injection Command School Student Management System - /sw/admin_media_codes_1.php id Parameter SQL Injection Command School Student Management System - /sw/admin_infraction_codes.php id Parameter SQL Injection Command School Student Management System - /sw/admin_generations.php id Parameter SQL Injection Command School Student Management System - /sw/admin_relations.php id Parameter SQL Injection Command School Student Management System - /sw/admin_titles.php id Parameter SQL Injection Command School Student Management System - /sw/health_allergies.php id Parameter SQL Injection Command School Student Management System - /sw/admin_school_names.php id Parameter SQL Injection Command School Student Management System - /sw/admin_subjects.php id Parameter SQL Injection Command School Student Management System - /sw/backup/backup_ray2.php Database Backup Direct Request Information Disclosure Command School Student Management System - /sw/Admin_change_Password.php Cross-Site Request Forgery (Admin Password Manipulation) Command School Student Management System - /sw/add_topic.php Cross-Site Request Forgery (Topic Creation) Command School Student Management System - '/sw/admin_grades.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_terms.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_years.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_sgrades.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_media_codes_1.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_infraction_codes.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_generations.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_relations.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_titles.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/health_allergies.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_names.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_subjects.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/backup/backup_ray2.php' Database Backup Direct Request Information Disclosure Command School Student Management System - '/sw/Admin_change_Password.php' Cross-Site Request Forgery (Admin Password Manipulation) Command School Student Management System - '/sw/add_topic.php' Cross-Site Request Forgery (Topic Creation) Dredge School Administration System - /DSM/loader.php Id Parameter SQL Injection Dredge School Administration System - /DSM/loader.php Account Information Disclosure Dredge School Administration System - /DSM/loader.php Cross-Site Request Forgery (Admin Account Manipulation) Dredge School Administration System - /DSM/Backup/processbackup.php Database Backup Information Disclosure Dredge School Administration System - '/DSM/loader.php' 'Id' Parameter SQL Injection Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Manipulation) Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Disclosure UAEPD Shopping Script - /products.php Multiple Parameter SQL Injection UAEPD Shopping Script - /news.php id Parameter SQL Injection UAEPD Shopping Script - '/products.php' Multiple Parameter SQL Injection UAEPD Shopping Script - '/news.php' 'id' Parameter SQL Injection BloofoxCMS - /bloofox/index.php 'Username' Parameter SQL Injection BloofoxCMS - /bloofox/admin/index.php 'Username' Parameter SQL Injection BloofoxCMS - /admin/index.php Cross-Site Request Forgery (Add Admin) BloofoxCMS - '/bloofox/index.php' 'Username' Parameter SQL Injection BloofoxCMS - '/bloofox/admin/index.php' 'Username' Parameter SQL Injection BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin) Professional Designer E-Store - 'id' Parameter Multiple SQL Injection GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injection Professional Designer E-Store - 'id' Parameter Multiple SQL Injections GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injections Xangati - /servlet/MGConfigData Multiple Parameter Directory Traversal Xangati - /servlet/Installer file Parameter Directory Traversal Xangati - '/servlet/MGConfigData' Multiple Parameter Directory Traversal Xangati - '/servlet/Installer' 'file' Parameter Directory Traversal Caldera - /costview2/jobs.php tr Parameter SQL Injection Caldera - /costview2/printers.php tr Parameter SQL Injection Caldera - '/costview2/jobs.php' 'tr' Parameter SQL Injection Caldera - '/costview2/printers.php' 'tr' Parameter SQL Injection WordPress Plugin BSK PDF Manager - 'wp-admin/admin.php' Multiple SQL Injection WordPress Plugin BSK PDF Manager - 'wp-admin/admin.php' Multiple SQL Injections ol-commerce - /OL-Commerce/affiliate_signup.php a_country Parameter SQL Injection ol-commerce - /OL-Commerce/affiliate_show_banner.php affiliate_banner_id Parameter SQL Injection ol-commerce - /OL-Commerce/create_account.php country Parameter SQL Injection ol-commerce - /OL-Commerce/admin/create_account.php entry_country_id Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_signup.php' 'a_country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_show_banner.php' 'affiliate_banner_id' Parameter SQL Injection OL-Commerce - '/OL-Commerce/create_account.php' 'country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/admin/create_account.php' 'entry_country_id' Parameter SQL Injection NUUO NVRmini 2 3.0.8 - Multiple OS Command Injection NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections Multiple Netgear Routers - Password Disclosure Multiple NETGEAR Routers - Password Disclosure WebKit - Stealing Variables via Page Navigation in FrameLoader::clear WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear'	2017-06-23 05:01:28 +00:00

4 commits