3 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
![]() |
d304cc3d3e |
DB: 2017-11-24
116602 new exploits Too many to list! |
||
![]() |
4b39f0d26d |
DB: 2017-11-16
23 new exploits VideoLAN VLC Media Player 0.8.6a - Unspecified Denial of Service (1) VideoLAN VLC Media Player 0.8.6a - Denial of Service (1) Microsoft Windows Explorer - '.AVI' Unspecified Denial of Service Microsoft Windows Explorer - '.AVI' File Denial of Service Microsoft Windows Explorer - Unspecified '.ANI' File Denial of Service Microsoft Windows Explorer - '.ANI' File Denial of Service Microsoft Windows Explorer - Unspecified '.doc' File Denial of Service Microsoft Windows Explorer - '.doc' File Denial of Service CDBurnerXP 4.2.4.1351 - Local Crash (Denial of Service) Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Multiple Vulnerabilities iPhone / iTouch FtpDisc 1.0 3 - ExploitsInOne Buffer Overflow Denial of Service iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service Aladdin eToken PKI Client 4.5 - Virtual File Handling Unspecified Memory Corruption (PoC) Aladdin eToken PKI Client 4.5 - Virtual File Handling Memory Corruption (PoC) Webby WebServer - SEH Control (PoC) Webby WebServer - Overflow (SEH) (PoC) Quick 'n Easy FTP Server Lite 3.1 - Exploit Quick 'n Easy FTP Server Lite 3.1 - Denial of Service Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC) Subtitle Translation Wizard 3.0.0 - Overflow (SEH) (PoC) FFDshow - SEH Exception Leading to Null Pointer on Read FFDshow - Overflow (SEH) Exception Leading to Null Pointer on Read Microsoft Internet Explorer - MSHTML Findtext Processing Issue Microsoft Internet Explorer - MSHTML Findtext Processing Exploit Oreans WinLicense 2.1.8.0 - XML File Handling Unspecified Memory Corruption Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption Debian suidmanager 0.18 - Exploit AMD K6 Processor - Exploit Apple Personal Web Sharing 1.1 - Remote Denial of Service AMD K6 Processor - Denial of Service Sun Solaris 7.0 - 'procfs' Denial of Service S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - identd Denial of Service S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service Debian 2.1/2.2 / Mandrake 6.0/6.1/7.0 / RedHat 6.x - rpc.lockd Remote Denial of Service Debian 2.1/2.2 / Mandrake 6.0/6.1/7.0 / RedHat 6.x - 'rpc.lockd' Remote Denial of Service D-Link DIR605L - Denial of Service RedHat Linux 6.1 i386 - Tmpwatch Recursive Write Denial of Service (Linux Kernel) ReiserFS 3.5.28 - Code Execution / Denial of Service ReiserFS 3.5.28 (Linux Kernel) - Code Execution / Denial of Service IBM AIX 4.3.3/5.1/5.2 libIM - Buffer Overflow IBM AIX 4.3.3/5.1/5.2 - 'libIM' Buffer Overflow xfstt 1.2/1.4 - Unspecified Memory Disclosure xfstt 1.2/1.4 - Memory Disclosure ViRobot Linux Server 2.0 - Exploit Linux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x/2.6.x - Multiple ISO9660 Filesystem Handling Vulnerabilities IBM AIX 5.x - Invscout Local Buffer Overflow IBM AIX 5.x - 'Invscout' Local Buffer Overflow Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Unspecified Buffer Overflow Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Buffer Overflow Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption (MS06-012) Microsoft Excel 95/97/2000/2002/2003/2004 - Memory Corruption (MS06-012) IBM Tivoli Directory Server 6.0 - Unspecified LDAP Memory Corruption IBM Tivoli Directory Server 6.0 - LDAP Memory Corruption Quake 3 Engine - CL_ParseDownload Remote Buffer Overflow Quake 3 Engine - 'CL_ParseDownload' Remote Buffer Overflow Zabbix 1.1.2 - Multiple Unspecified Remote Code Execution Vulnerabilities Zabbix 1.1.2 - Multiple Remote Code Execution Vulnerabilities VideoLAN VLC Media Player 0.8.6a - Unspecified Denial of Service (2) VideoLAN VLC Media Player 0.8.6a - Denial of Service (2) Sun Solaris 10 - ICMP Unspecified Remote Denial of Service Sun Solaris 10 - ICMP Remote Denial of Service Mozilla Firefox 2.0.0.2 - Unspecified GIF Handling Denial of Service Mozilla Firefox 2.0.0.2 - '.GIF' Handling Denial of Service Progress WebSpeed 3.0/3.1 - Denial of Service GStreamer 0.10.15 - Multiple Unspecified Remote Denial of Service Vulnerabilities GStreamer 0.10.15 - Multiple Remote Denial of Service Vulnerabilities Wireshark 0.99.8 - X.509sat Dissector Unspecified Denial of Service Wireshark 0.99.8 - LDAP Dissector Unspecified Denial of Service Wireshark 0.99.8 - SCCP Dissector Decode As Feature Unspecified Denial of Service Wireshark 0.99.8 - X.509sat Dissector Denial of Service Wireshark 0.99.8 - LDAP Dissector Denial of Service Wireshark 0.99.8 - SCCP Dissector Decode As Feature Denial of Service Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service (1) Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service (2) Nokia Lotus Notes Connector - 'lnresobject.dll' Unspecified Remote Denial of Service Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Remote Denial of Service (1) Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Remote Denial of Service (2) Nokia Lotus Notes Connector - 'lnresobject.dll' Remote Denial of Service Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion (Denial of Service) Wireshark 1.2.1 - TLS Dissector 1.2 Conversation Handling Unspecified Remote Denial of Service Wireshark 1.2.1 - GSM A RR Dissector packet.c Unspecified Remote Denial of Service Wireshark 1.2.1 - OpcUa Dissector Resource Exhaustion (Denial of Service) Wireshark 1.2.1 - TLS Dissector 1.2 Conversation Handling Remote Denial of Service Wireshark 1.2.1 - GSM A RR Dissector packet.c Remote Denial of Service Opera Web Browser < 11.60 - Multiple Denial of Service / Unspecified Vulnerabilities Opera Web Browser < 11.60 - Denial of Service / Multiple Vulnerabilities SmallFTPd - Unspecified Denial of Service SmallFTPd - Denial of Service Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Exploitable Kernel NULL Dereference Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Kernel NULL Dereference Apple Mac OSX - IOSCSIPeripheralDeviceType00 Userclient Type 12 Exploitable Kernel NULL Dereference Apple Mac OSX - IOSCSIPeripheralDeviceType00 Userclient Type 12 Kernel NULL Dereference Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient Exploitable NULL Dereference Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient NULL Dereference Microsoft Windows - 'gdi32.dll' Multiple Issues 'EMF CREATECOLORSPACEW' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple Issues 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple 'EMF CREATECOLORSPACEW' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055) Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in IOAudioEngine Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Null Pointer Dereference in IOAudioEngine Apple OS X/iOS - mach_ports_register Multiple Memory Safety Issues Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety Exploits Linux Kernel 3.10.0-327/4.8.0-22 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Linux Kernel 4.8.0-22/3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine Microsoft Windows Kernel - 'win32k.sys' Multiple Issues 'NtGdiGetDIBitsInternal' System Call Microsoft Windows Kernel - 'win32k.sys' Multiple 'NtGdiGetDIBitsInternal' System Call Mandrake Linux 8.2 /usr/mail - Local Exploit Mandrake Linux 8.2 - '/usr/mail' Local Exploit RedHat 6.2 /sbin/restore - Exploit RedHat 6.2 - '/sbin/restore' Privilege Escalation dump 0.4b15 (RedHat 6.2) - Exploit dump 0.4b15 (RedHat 6.2) - Privilege Escalation xsoldier 0.96 (RedHat 6.2) - Exploit Pine (Local Message Grabber) - Exploit xsoldier 0.96 (RedHat 6.2) - Buffer Overflow Pine (Local Message Grabber) - Local Message Read Seyon 2.1 rev. 4b i586-Linux - Exploit Seyon 2.1 rev. 4b i586-Linux (RedHat 4.0/5.1) - Overflow glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploit glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - File Read suid_perl 5.001 - Exploit suid_perl 5.001 - Command Execution Sendmail 8.11.x (Linux/i386) - Exploit Sendmail 8.11.x (Linux/i386) - Privilege Escalation Microsoft Excel - Unspecified Remote Code Execution Microsoft Excel - Remote Code Execution Microsoft Word 2000 - Unspecified Code Execution Microsoft Word 2000 - Code Execution IBM AIX 5.3 sp6 - capture Terminal Sequence Privilege Escalation IBM AIX 5.3 sp6 - pioout Arbitrary Library Loading Privilege Escalation IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation IBM AIX 5.3 SP6 - 'pioout' Arbitrary Library Loading Privilege Escalation IBM AIX 5.3 libc - MALLOCDEBUG File Overwrite IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite Easy RM to MP3 Converter 2.7.3.700 - Exploit Easy RM to MP3 Converter 2.7.3.700 - Buffer Overflow Easy RM to MP3 27.3.700 (Windows XP SP3) - Exploit Easy RM to MP3 27.3.700 (Windows XP SP3) - Overflow Adobe Reader and Acrobat - Exploit Adobe Reader / Acrobat - '.PDF' File Overflow Mini-stream Ripper (Windows XP SP2/SP3) - Exploit Mini-stream Ripper (Windows XP SP2/SP3) - Local Overflow DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) Winamp 5.572 - Exploit (SEH) Winamp 5.572 - Overflow (SEH) ZipScan 2.2c - Exploit (SEH) ZipScan 2.2c - Overflow (SEH) Local Glibc shared library (.so) 2.11.1 - Exploit (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation Local Glibc Shared Library (.so) 2.11.1 - Code Execution ReiserFS (Linux Kernel 2.6.34-rc3 / RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation SyncBack Freeware 3.2.20.0 - Exploit SyncBack Freeware 3.2.20.0 - Overflow (SEH) Mediacoder 0.7.3.4672 - Exploit (SEH) Mediacoder 0.7.3.4672 - Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Exploit (SEH) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) DJ Studio Pro 8.1.3.2.1 - Exploit (SEH) DJ Studio Pro 8.1.3.2.1 - Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) (Metasploit) iworkstation 9.3.2.1.4 - Exploit (SEH) iworkstation 9.3.2.1.4 - Overflow (SEH) Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode) Nokia MultiMedia Player 1.0 - Overflow (SEH Unicode) POP Peeper 3.7 - Exploit (SEH) POP Peeper 3.7 - Overflow (SEH) DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass DVD X Player 5.5 Pro - Overflow (SEH + ASLR + DEP Bypass) DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) (Metasploit) BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass BlazeVideo HDTV Player 6.6 Professional - Overflow (SEH + ASLR + DEP Bypass) Slackware Linux 3.4 - 'liloconfig-color' Temporary file Slackware Linux 3.4 - 'makebootdisk' Temporary file Slackware Linux 3.4 - 'liloconfig-color' Temporary File Slackware Linux 3.4 - 'makebootdisk' Temporary File Slackware Linux 3.4 - 'netconfig' Temporary file Slackware Linux 3.4 - 'pkgtool' Temporary file Slackware Linux 3.4 - 'netconfig' Temporary File Slackware Linux 3.4 - 'pkgtool' Temporary File Debian suidmanager 0.18 - Command Execution BSDI BSD/OS 2.1 / FreeBSD 2.1 / IBM AIX 4.2 / SGI IRIX 6.4 / Sun SunOS 4.1.3 - Exploit HP HP-UX 10.20/11.0 / IBM AIX 4.3 / SCO Unixware 7.0 / Sun Solaris 2.6 - Exploit Slackware Linux 3.5 - Missing /etc/group Privilege Escalation BSDI BSD/OS 2.1 / FreeBSD 2.1 / IBM AIX 4.2 / SGI IRIX 6.4 / Sun SunOS 4.1.3 - Buffer Overrun HP HP-UX 10.20/11.0 / IBM AIX 4.3 / SCO Unixware 7.0 / Sun Solaris 2.6 - Change File Permission Slackware Linux 3.5 - '/etc/group' Privilege Escalation Sun Solaris 2.6 power management - Exploit Sun Solaris 2.6 - power management Exploit DataLynx suGuard 1.0 - Exploit Sun Solaris 2.5.1 PAM & unix_scheme - Exploit Solaris 2.5.1 ffbconfig - Exploit Solaris 2.5.1 chkey - Exploit Solaris 2.5.1 Ping - Exploit SGI IRIX 6.4 ioconfig - Exploit DataLynx suGuard 1.0 - Privilege Escalation Sun Solaris 2.5.1 PAM / unix_scheme - 'passwd' Privilege Escalation Solaris 2.5.1 - 'ffbconfig' Exploit Solaris 2.5.1 - 'chkey' Exploit Solaris 2.5.1 - 'Ping' Exploit SGI IRIX 6.4 - 'ioconfig' Exploit BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - xlock Exploit (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - xlock Exploit (2) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Exploit (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - '/usr/bin/X11/xlock' Privilege Escalation (2) Solaris 2.5.1 automount - Exploit Solaris 2.5.1 - 'automount' Exploit BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit Sun Solaris 7.0 dtprintinfo - Buffer Overflow Sun Solaris 7.0 lpset - Buffer Overflow BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Buffer Overflow Sun Solaris 7.0 - '/usr/bin/lpset' Buffer Overflow IBM Remote Control Software 1.0 - Exploit IBM Remote Control Software 1.0 - Code Execution Xcmail 0.99.6 - Exploit Xcmail 0.99.6 - Buffer Overflow Sun Solaris 7.0 ff.core - Exploit S.u.S.E. 5.2 lpc - Exploit Sun Solaris 7.0 - 'ff.core' Exploit S.u.S.E. 5.2 - 'lpc' Exploit SGI IRIX 6.2 cdplayer - Exploit SGI IRIX 6.2 - 'cdplayer' Exploit SGI IRIX 5.3 Cadmin - Exploit SGI IRIX 6.0.1 colorview - Exploit SGI IRIX 5.3 - 'Cadmin' Exploit SGI IRIX 6.0.1 - 'colorview' Exploit SGI IRIX 6.3 df - Exploit SGI IRIX 6.4 - datman/cdman Exploit SGI IRIX 6.3 - 'df' Exploit SGI IRIX 6.4 - datman/cdman Exploit RedHat Linux 2.1 - abuse.console Exploit SGI IRIX 6.2 fsdump - Exploit RedHat Linux 5.1 xosview - Exploit Slackware Linux 3.1 - Buffer Overflow RedHat Linux 2.1 - 'abuse.console' Exploit SGI IRIX 6.2 - 'fsdump' Exploit RedHat Linux 5.1 - xosview Slackware Linux 3.1 - '/usr/X11/bin/SuperProbe' Buffer Overflow IBM AIX 4.3 infod - Exploit IBM AIX 4.3 - 'infod' Exploit IBM AIX 4.2.1 snap - Insecure Temporary File Creation IBM AIX 4.2.1 - 'snap' Insecure Temporary File Creation SGI IRIX 6.4 inpview - Exploit RedHat Linux 5.0 msgchk - Exploit IBM AIX 4.2.1 portmir - Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 ping - Buffer Overflow IBM AIX 4.2 lchangelv - Buffer Overflow SGI IRIX 6.4 - 'inpview' Exploit RedHat Linux 5.0 - 'msgchk' Exploit IBM AIX 4.2.1 - '/usr/bin/portmir' Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 - 'ping' Buffer Overflow IBM AIX 4.2 - '/usr/sbin/lchangelv' Buffer Overflow RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 mailx - Exploit (1) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (1) SGI IRIX 6.4 netprint - Exploit SGI IRIX 6.4 - 'netprint' Exploit SGI IRIX 5.3/6.2 ordist - Exploit SGI IRIX 5.3/6.2 - 'ordist' Exploit SGI IRIX 5.3 pkgadjust - Exploit SGI IRIX 5.3 - 'pkgadjust' Exploit Sun Solaris 7.0 procfs - Exploit IBM AIX 3.2.5 - IFS Exploit IBM AIX 4.2.1 lquerypv - Exploit IBM AIX 3.2.5 - 'IFS' Exploit IBM AIX 4.2.1 - 'lquerypv' File Read SGI IRIX 6.3 pset - Exploit SGI IRIX 6.4 rmail - Exploit SGI IRIX 6.3 - 'pset' Exploit SGI IRIX 6.4 - 'rmail' Exploit SGI IRIX 5.2/5.3 serial_ports - Exploit SGI IRIX 6.4 suid_exec - Exploit SGI IRIX 5.1/5.2 sgihelp - Exploit SGI IRIX 6.4 startmidi - Exploit SGI IRIX 5.2/5.3 - 'serial_ports' Exploit SGI IRIX 6.4 - 'suid_exec' Exploit SGI IRIX 5.1/5.2- 'sgihelp' Exploit SGI IRIX 6.4 - 'startmidi' Exploit SGI IRIX 6.4 xfsdump - Exploit SGI IRIX 6.4 - 'xfsdump' Exploit IBM AIX 4.3.1 adb - Exploit IBM AIX 4.3.1 - 'adb' Denial of Service Apple At Ease 5.0 - Exploit Samba < 2.0.5 - Exploit Apple At Ease 5.0 - Information Disclosure Samba < 2.0.5 - Overflow NetBSD 1.4 / OpenBSD 2.5 /Solaris 7.0 profil(2) - Exploit NetBSD 1.4 / OpenBSD 2.5 / Solaris 7.0 - 'profil(2)' Modify The Internal Data Space Mandriva Linux Mandrake 6.0 / Gnome Libs 1.0.8 espeaker - Local Buffer Overflow Mandriva Linux Mandrake 6.0 / Gnome Libs 1.0.8 - 'espeaker' Local Buffer Overflow HP-UX 10.20 newgrp - Exploit HP-UX 10.20 newgrp - Privilege Escalation BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - '/usr/bin/lpr' Buffer Overrun Privilege Escalation (2) BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon FreeBSD 3.3/Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (1) FreeBSD 3.3/Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (2) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (1) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (2) Solaris 7.0 kcms_configure - Exploit Solaris 7.0 - 'kcms_configure Exploit Windowmaker wmmon 1.0 b2 - Exploit Windowmaker wmmon 1.0 b2 - Command Execution Oracle8i Standard Edition 8.1.5 for Linux Installer - Exploit Oracle8i Standard Edition 8.1.5 for Linux Installer - Privilege Escalation Standard & Poors ComStock 4.2.4 - Exploit Standard & Poors ComStock 4.2.4 - Command Execution KDE 1.1.2 KApplication configfile - Exploit (1) KDE 1.1.2 KApplication configfile - Exploit (2) KDE 1.1.2 KApplication configfile - Exploit (3) KDE 1.1.2 KApplication configfile - Privilege Escalation (1) KDE 1.1.2 KApplication configfile - Privilege Escalation (2) KDE 1.1.2 KApplication configfile - Privilege Escalation (3) BSD 'mailx' 8.1.1-10 - Buffer Overflow (2) mailx 8.1.1-10 (BSD/Slackware) - Buffer Overflow (2) Mandrake 7.0/7.1 / RedHat Kon2 0.3.9 - fld Input File Overflow Mandrake 7.0/7.1 / RedHat Kon2 0.3.9 - '/usr/bin/fld' Input File Overflow IRIX 6.5.x - GR_OSView Buffer Overflow SGI IRIX 6.2 libgl.so - Buffer Overflow IRIX 6.5.x - dmplay Buffer Overflow IRIX 6.2/6.3 lpstat - Buffer Overflow IRIX 6.5.x - inpview Race Condition IRIX 6.5.x - '/usr/sbin/gr_osview' Buffer Overflow SGI IRIX 6.2 - 'libgl.so' Buffer Overflow IRIX 6.5.x - '/usr/sbin/dmplay' Buffer Overflow IRIX 6.2/6.3 - '/bin/lpstat' Buffer Overflow IRIX 6.5.x - '/usr/lib/InPerson/inpview' Race Condition IRIX 5.3/6.x - mail Exploit IRIX 5.3/6.x - '/usr/bin/mail' Buffer Overflow Libc locale - Exploit (1) Libc locale - Exploit (2) Libc locale - Privilege Escalation (1) Libc locale - Privilege Escalation (2) GNOME esound 0.2.19 - Unix Domain Socket Race Condition Apple Mac OSX 10 / HP-UX 9/10/11 / Mandriva 6/7 / RedHat 5/6 / SCO 5 / IRIX 6 - Shell redirection Race Condition Apple Mac OSX 10 / HP-UX 9/10/11 / Mandriva 6/7 / RedHat 5/6 / SCO 5 / IRIX 6 - Shell Redirection Race Condition IBM AIX 4.x - setsenv Buffer Overflow IBM AIX 4.3 digest - Buffer Overflow IBM AIX 4.x - enq Buffer Overflow IBM AIX 4.3.x - piobe Buffer Overflow IBM AIX 4.x - '/usr/bin/setsenv' Buffer Overflow IBM AIX 4.3 - '/usr/lib/lpd/digest' Buffer Overflow IBM AIX 4.x - 'enq' Buffer Overflow IBM AIX 4.3.x - '/usr/lib/lpd/piobe' Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 - CDE dtsession Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Buffer Overflow AIX 4.2/4.3 - piomkapqd Buffer Overflow AIX 4.2/4.3 - '/usr/lib/lpd/pio/etc/piomkapqd' Buffer Overflow (Linux Kernel 2.4.17-8) User-Mode Linux - Memory Access Privilege Escalation User-Mode Linux (Linux Kernel 2.4.17-8) - Memory Access Privilege Escalation (Linux Kernel) Grsecurity Kernel Patch 1.9.4 - Memory Protection Grsecurity Kernel Patch 1.9.4 (Linux Kernel) - Memory Protection QNX RTOS 6.1 - phlocale Environment Variable Buffer Overflow QNX RTOS 6.1 - PKG-Installer Buffer Overflow QNX RTOS 6.1 - '/usr/photon/bin/phlocale' Environment Variable Buffer Overflow QNX RTOS 6.1 - 'PKG-Installer' Buffer Overflow NCMedia Sound Editor Pro 7.5.1 - SEH + DEP Bypass NCMedia Sound Editor Pro 7.5.1 - Overflow (SEH + DEP Bypass) AFD 1.2.x - Working Directory Local Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow Privilege Escalation IBM AIX 4.3.x/5.1 - ERRPT Local Buffer Overflow IBM AIX 4.3.x/5.1 - 'ERRPT' Local Buffer Overflow HP-UX 10.x - rs.F3000 Unspecified Unauthorized Access HP-UX 10.x - rs.F3000 Unauthorized Access Leksbot 1.2 - Multiple Unspecified Vulnerabilities Leksbot 1.2 - Multiple Vulnerabilities IBM AIX 4.3.x/5.1 - LSMCODE Environment Variable Local Buffer Overflow IBM AIX 4.3.x/5.1 - 'LSMCODE' Environment Variable Local Buffer Overflow IBM UniVerse 10.0.0.9 - uvadmsh Privilege Escalation IBM UniVerse 10.0.0.9 - 'uvadmsh' Privilege Escalation ViRobot Linux Server 2.0 - Overflow (Linux Kernel 2.6) Samba 2.2.8 (Debian / Mandrake) - Share Privilege Escalation Samba 2.2.8 (Linux Kernel 2.6 / Debian / Mandrake) - Share Privilege Escalation Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (1) Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (2) Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (3) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (1) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (2) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (3) Nvidia Display Driver Service (Nsvr) - Exploit Nvidia Display Driver Service (Nsvr) - Buffer Overflow IBM AIX 5.3 - GetShell and GetCommand File Enumeration IBM AIX 5.3 - GetShell and GetCommand Partial File Disclosure IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Enumeration IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Disclosure Apple 2.0.4 - Safari Unspecified Local Apple 2.0.4 - Safari Local Exploit Systrace - Multiple System Call Wrappers Concurrency Vulnerabilities IBM AIX 6.1.8 libodm - Arbitrary File Write IBM AIX 6.1.8 - 'libodm' Arbitrary File Write Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation VeryPDF HTML Converter 2.0 - SEH/ToLower() Bypass Buffer Overflow VeryPDF HTML Converter 2.0 - Buffer Overflow (SEH/ToLower() Bypass) Symantec Encryption Desktop 10 - Buffer Overflow Privilege Escalation QEMU (Gentoo) - Local Priv Escalation QEMU (Gentoo) - Privilege Escalation Apache Tomcat 8/7/6 (RedHat-Based Distros) - Privilege Escalation Apache Tomcat 8/7/6 (RedHat Based Distros) - Privilege Escalation RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock) RedStar 3.0 Server - 'BEAM' / 'RSSMON' Command Injection (Shellshock) Microsoft WordPerfect Document Converter - Exploit (MS03-036) Microsoft WordPerfect Document Converter (Windows NT4 Workstation SP5/SP6 French) - File Template Buffer Overflow (MS03-036) CA BrightStor ARCserve Backup - Exploiter Tool CA BrightStor ARCserve Backup - Overflow NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - Exploit NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - File Write CDBurnerXP 4.2.4.1351 - Exploit PeerCast 0.1216 - Exploit (Metasploit) PeerCast 0.1216 - Stack Overflow (Metasploit) BigAnt Server 2.52 - Exploit (SEH) BigAnt Server 2.52 - Overflow (SEH) NetTransport Download Manager 2.90.510 - Exploit NetTransport Download Manager 2.90.510 - Overflow (SEH) File Sharing Wizard 1.5.0 - Exploit (SEH) File Sharing Wizard 1.5.0 - Overflow (SEH) Real Player 12.0.0.879 - Exploit Sun Java Web Server 7.0 u7 - Exploit (DEP Bypass) Real Player 12.0.0.879 - Code Execution Sun Java Web Server 7.0 u7 - Overflow (DEP Bypass) IBM AIX 5l FTPd - Remote DES Hash Exploit IBM AIX 5l - 'FTPd' Remote DES Hash Exploit Microsoft Data Access Components - Exploit (MS11-002) Microsoft Data Access Components - Overflow (PoC) (MS11-002) FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - 'LIST' Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Exploit (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Apple Personal Web Sharing 1.1 - Exploit id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Exploit id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Command Execution Metainfo Sendmail 2.0/2.5 & MetaIP 3.1 - Exploit Metainfo Sendmail 2.0/2.5 / MetaIP 3.1 - Upload / Execute Read Scripts IBM AIX 3.2/4.1 & SCO Unixware 7.1.1 & SGI IRIX 5.3 & Sun Solaris 2.5.1 - Exploit IBM AIX 3.2/4.1 / SCO Unixware 7.1.1 / SGI IRIX 5.3 / Sun Solaris 2.5.1 - Privilege Escalation HP HP-UX 10.34 rlpdaemon - Exploit HP HP-UX 10.34 rlpdaemon - Remote Overflow Ray Chan WWW Authorization Gateway 0.1 - Exploit Ray Chan WWW Authorization Gateway 0.1 - Command Execution Solaris 7.0 Coredump - Exploit Solaris 7.0 - 'Coredump' File Write IBM Scalable POWERparallel (SP) 2.0 sdrd - Exploit SGI IRIX 6.2 cgi-bin wrap - Exploit IBM Scalable POWERparallel (SP) 2.0 - 'sdrd' File Read SGI IRIX 6.2 - cgi-bin wrap Exploit SGI IRIX 6.5.2 nsd - Exploit SGI IRIX 6.5.2 - 'nsd'' Exploit IBM AIX 3.2.5 - login(1) Exploit IBM AIX 3.2.5 - 'login(1)' Exploit Compaq Java Applet for Presario SpawnApp - Exploit Compaq Java Applet for Presario SpawnApp - Code Execution Network Security Wizards Dragon-Fire IDS 1.0 - Exploit Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Exploit Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Information Disclosure IBM AIX 4.3.2 ftpd - Remote Buffer Overflow IBM AIX 4.3.2 - 'ftpd' Remote Buffer Overflow glFTPd 1.17.2 - Exploit glFTPd 1.17.2 - Code Execution Netopia R-series routers 4.6.2 - Exploit Netopia R-series Routers 4.6.2 - Modifying SNMP Tables Sun Java Web Server 1.1.3/2.0 Servlets - Exploit Sun Java Web Server 1.1.3/2.0 Servlets - information Disclosure IPFilter 3.x - Fragment Rule Bypass CGIWrap 2.x/3.x - Cross-Site Scripting AIX 4.1/4.2 - pdnsd Buffer Overflow AIX 4.1/4.2 - 'pdnsd' Buffer Overflow RedHat Linux 7.0 Apache - Remote 'Username' Enumeration RedHat Linux 7.0 Apache - Remote Username Enumeration Hylafax 4.1.x - HFaxD Unspecified Format String Hylafax 4.1.x - HFaxD Format String EZMeeting 3.x - 'EZNet.exe' Long HTTP Request Remote Buffer Overflow LHA 1.x - Multiple extract_one Buffer Overflow Vulnerabilities LHA 1.x - 'extract_one' Multiple Buffer Overflow Vulnerabilities Ethereal 0.x - Multiple Unspecified iSNS / SMB / SNMP Protocol Dissector Vulnerabilities Ethereal 0.x - Multiple iSNS / SMB / SNMP Protocol Dissector Vulnerabilities Oracle 9i - Multiple Unspecified Vulnerabilities Oracle 9i - Multiple Vulnerabilities File ELF 4.x - Header Unspecified Buffer Overflow File ELF 4.x - Header Buffer Overflow Microsoft PowerPoint 2003 - 'mso.dll' .PPT Processing Unspecified Code Execution Microsoft PowerPoint 2003 - 'powerpnt.exe' Unspecified Issue Microsoft PowerPoint 2003 - 'mso.dll' '.PPT' Processing Code Execution Microsoft PowerPoint 2003 - 'powerpnt.exe' Exploit CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Unspecified Arbitrary File Manipulation CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Unspecified Replay Attack CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Arbitrary File Manipulation CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Replay Attack Microsoft Internet Explorer 6 - Unspecified Code Execution (1) Microsoft Internet Explorer 6 - Unspecified Code Execution (2) Microsoft Internet Explorer 6 - Code Execution (1) Microsoft Internet Explorer 6 - Code Execution (2) GNU Tar 1.1x - GNUTYPE_NAMES Directory Traversal GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal TFTP Server TFTPDWin 0.4.2 - Unspecified Directory Traversal TFTP Server TFTPDWin 0.4.2 - Directory Traversal Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Unspecified Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Exploit Multiple CA Service Management Products - Unspecified Remote Command Execution Multiple CA Service Management Products - Remote Command Execution NovaStor NovaNET 12 - 'DtbClsLogin()' Remote Stack Buffer Overflow Bash - Environment Variables Code Injection (Shellshock) Bash - Environment Variables Command Injection (Shellshock) OpenVPN 2.2.29 - Remote Exploit (Shellshock) OpenVPN 2.2.29 - Remote Command Injection (Shellshock) Postfix SMTP 4.2.x < 4.2.48 - Remote Exploit (Shellshock) Apache mod_cgi - Remote Exploit (Shellshock) Postfix SMTP 4.2.x < 4.2.48 - Remote Command Injection (Shellshock) Apache mod_cgi - Remote Command Injection (Shellshock) Poison Ivy 2.3.2 - Unspecified Remote Buffer Overflow Poison Ivy 2.3.2 - Remote Buffer Overflow Samba 3.5.11/3.6.3 - Unspecified Remote Code Execution Samba 3.5.11/3.6.3 - Remote Code Execution Advantech Switch - Bash Environment Variable Code Injection (Shellshock) (Metasploit) Advantech Switch - Bash Environment Variable Command Injection (Shellshock) (Metasploit) Cisco UCS Manager 2.1(1b) - Remote Exploit (Shellshock) Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock) IPFire - Bash Environment Variable Injection (Shellshock) (Metasploit) IPFire - Bash Environment Variable Command Injection (Shellshock) (Metasploit) TrendMicro InterScan Web Security Virtual Appliance - Remote Code Execution (Shellshock) TrendMicro InterScan Web Security Virtual Appliance - Remote Command Injection (Shellshock) Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remote Type Confusion Poll It CGI 2.0 - Exploit Poll It CGI 2.0 - Multiple Vulnerabilities DreamPoll 3.1 - Exploit DreamPoll 3.1 - SQL Injection WordPress Plugin WP-Cumulus 1.20 - Exploit WordPress Plugin WP-Cumulus 1.20 - Full Path Disclosure / Cross-Site Scripting Public Media Manager - Exploit Public Media Manager - Remote File Inclusion Joomla! Component com_adagency - Exploit Joomla! Component com_adagency - Local File Inclusion File Upload Manager 1.3 - Exploit File Upload Manager 1.3 - Web Shell File Upload Joomla! Component com_caddy - Exploit Renista CMS - Exploit Renista CMS - SQL Injection BtiTracker 1.3.x < 1.4.x - Exploit BtiTracker 1.3.x < 1.4.x - SQL Injection WordPress Plugin Cimy Counter - Exploit WordPress Plugin Cimy Counter - Full Path Disclosure / Redirector / Cross-Site Scripting / HTTP Response Spitting Belkin F5D7234-4 v5 G Wireless Router - Exploit Belkin F5D7234-4 v5 G Wireless Router - Remote Hash Exposed WhatsApp Status Changer 0.2 - Exploit WhatsApp - Remote Change Status MySimpleNews 1.0 - Remotely Readable Administrator Password MySimpleNews 1.0 - Remote Readable Administrator Password SquirrelMail 1.2.11 - Exploit SquirrelMail 1.2.11 - Multiple Vulnerabilities D-Link DCS-936L Network Camera - Cross-Site Request Forgery Yappa-ng 1.x/2.x - Unspecified Remote File Inclusion Yappa-ng 1.x/2.x - Unspecified Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Aenovo - Multiple Unspecified Cross-Site Scripting Vulnerabilities Aenovo - Multiple Cross-Site Scripting Vulnerabilities Codegrrl - 'Protection.php' Unspecified Code Execution Codegrrl - 'Protection.php' Code Execution Red Mombin 0.7 - 'index.php' Unspecified Cross-Site Scripting Red Mombin 0.7 - 'process_login.php' Unspecified Cross-Site Scripting Red Mombin 0.7 - 'index.php' Cross-Site Scripting Red Mombin 0.7 - 'process_login.php' Cross-Site Scripting A-Blog 1.0 - Unspecified Cross-Site Scripting A-Blog 1.0 - Cross-Site Scripting Liens_Dynamiques 2.1 - Multiple Unspecified Cross-Site Scripting Vulnerabilities Liens_Dynamiques 2.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Akismet 2.1.3 - Unspecified WordPress Plugin Akismet 2.1.3 - Exploit SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Remote Command Execution Vulnerabilities UPC Ireland Cisco EPC 2425 Router / Horizon Box - Exploit UPC Ireland Cisco EPC 2425 Router / Horizon Box - WPA-PSK Handshake Information Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload Korean GHBoard - 'Component/upload.jsp' Arbitrary File Upload MyPHP Forum 3.0 - 'search.php' Multiple Unspecified SQL Injections MyPHP Forum 3.0 - 'search.php' Multiple SQL Injections Zoph 0.7.2.1 - Unspecified SQL Injection Zoph 0.7.2.1 - SQL Injection Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection Joomla! Component FreiChat 1.0/2.x - HTML Injection Bash CGI - Remote Code Execution (Shellshock) (Metasploit) Bash CGI - Remote Command Injection (Shellshock) (Metasploit) PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock) PHP < 5.6.2 - 'disable_functions()' Bypass Command Injection (Shellshock) Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Unspecified Security Vulnerabilities Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Security Vulnerabilities Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Unspecified Security Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security Exploit Netsweeper 4.0.8 - Authentication Bypass Issue Netsweeper 4.0.8 - Authentication Bypass SimpleInvoices invoices Module - Unspecified Customer Field Cross-Site Scripting SimpleInvoices invoices Module - Customer Field Cross-Site Scripting Bugzilla 4.2 - Tabular Reports Unspecified Cross-Site Scripting Bugzilla 4.2 - Tabular Reports Cross-Site Scripting iScripts AutoHoster - 'main_smtp.php' Unspecified Traversal iScripts AutoHoster - 'main_smtp.php' Traversal Exploit Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Exploits Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Exploit (Shellshock) Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock) NUUO NVRmini 2 3.0.8 - Remote Code Execution (Shellshock) NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock) Squid Analysis Report Generator 2.3.10 - Remote Code Execution |
||
![]() |
52c4bb1e58 |
DB: 2016-08-14
5 new exploits AWStats (5.0-6.3) Input Validation Hole in 'logfile' AWStats 5.0-6.3 - Input Validation Hole in 'logfile' Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross-Site Scripting Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-Site Scripting Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow WorldMail imapd 3.0 SEH Overflow (egg hunter) WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter) e107 website system 0.7.5 contact.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 download.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 admin.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 fpw.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 news.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - contact.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - download.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - admin.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - fpw.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - news.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 signup.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 submitnews.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - signup.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - submitnews.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 user.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - user.php Query String (PATH_INFO) Parameter XSS Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (1) PHP-Nuke Sarkilar Module 'id' Parameter SQL Injection PHP-Nuke Sarkilar Module - 'id' Parameter SQL Injection PHP-Nuke Nuke League Module 'tid' Parameter Cross-Site Scripting PHP-Nuke Nuke League Module - 'tid' Parameter Cross-Site Scripting Kimson CMS 'id' Parameter Cross-Site Scripting Kimson CMS - 'id' Parameter Cross-Site Scripting Ocean12 FAQ Manager Pro 'Keyword' Parameter Cross-Site Scripting Multiple Ocean12 Products 'Admin_ID' Parameter SQL Injection Ocean12 FAQ Manager Pro - 'Keyword' Parameter Cross-Site Scripting Multiple Ocean12 Products - 'Admin_ID' Parameter SQL Injection LinksPro 'OrderDirection' Parameter SQL Injection LinksPro - 'OrderDirection' Parameter SQL Injection PHP-Nuke Downloads Module 'url' Parameter SQL Injection PHP-Nuke Downloads Module - 'url' Parameter SQL Injection PHP 5.2.9 cURL 'safe_mode' and 'open_basedir' Restriction-Bypass PHP 5.2.9 cURL - 'safe_mode' and 'open_basedir' Restriction-Bypass PuterJam\'s Blog PJBlog3 3.0.6 \'action.asp\' SQL Injection PuterJam's Blog PJBlog3 3.0.6 - 'action.asp' SQL Injection PHP-Nuke 8.0 Downloads Module 'query' Parameter Cross-Site Scripting PHP-Nuke 8.0 Downloads Module - 'query' Parameter Cross-Site Scripting Oracle 10g Secure Enterprise Search 'search_p_groups' Parameter Cross-Site Scripting Oracle 10g Secure Enterprise Search - 'search_p_groups' Parameter Cross-Site Scripting Scriptsez Easy Image Downloader 'id' Parameter Cross-Site Scripting Scriptsez Easy Image Downloader - 'id' Parameter Cross-Site Scripting XOOPS 2.3.3 \\\'op\\\' Parameter Multiple Cross-Site Scripting Vulnerabilities XOOPS 2.3.3 - 'op' Parameter Multiple Cross-Site Scripting Vulnerabilities Joomla! CB Resume Builder 'group_id' Parameter SQL Injection X-Cart Email Subscription 'email' Parameter Cross-Site Scripting Joomla! CB Resume Builder - 'group_id' Parameter SQL Injection X-Cart Email Subscription - 'email' Parameter Cross-Site Scripting RunCMS 'forum' Parameter SQL Injection RunCMS - 'forum' Parameter SQL Injection Multiple JiRo's Products 'files/login.asp' Multiple SQL Injection Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injection Elxis 'filename' Parameter Directory Traversal Elxis - 'filename' Parameter Directory Traversal Ez Cart 'sid' Parameter Cross-Site Scripting Ez Cart - 'sid' Parameter Cross-Site Scripting Joomla! iF Portfolio Nexus 'controller' Parameter Remote File Inclusion Joomla! iF Portfolio Nexus - 'controller' Parameter Remote File Inclusion Joomla! Jobads 'type' Parameter SQL Injection Joomla! Jobads - 'type' Parameter SQL Injection Jamit Job Board 'post_id' Parameter Cross-Site Scripting Jamit Job Board - 'post_id' Parameter Cross-Site Scripting Tribisur 'cat' Parameter Cross-Site Scripting Tribisur - 'cat' Parameter Cross-Site Scripting Extreme Mobster 'login' Parameter Cross-Site Scripting Extreme Mobster - 'login' Parameter Cross-Site Scripting Subex Nikira Fraud Management System GUI 'message' Parameter Cross-Site Scripting Subex Nikira Fraud Management System GUI - 'message' Parameter Cross-Site Scripting Softbiz Jobs 'sbad_type' Parameter Cross-Site Scripting Softbiz Jobs - 'sbad_type' Parameter Cross-Site Scripting HD FLV Player Component for Joomla! 'id' Parameter SQL Injection HD FLV Player Component for Joomla! - 'id' Parameter SQL Injection Spectrum Software WebManager CMS 'pojam' Parameter Cross-Site Scripting Saskia's Shopsystem 'id' Parameter Local File Inclusion Spectrum Software WebManager CMS - 'pojam' Parameter Cross-Site Scripting Saskia's Shopsystem - 'id' Parameter Local File Inclusion Pars CMS 'RP' Parameter Multiple SQL Injection Pars CMS - 'RP' Parameter Multiple SQL Injection Kasseler CMS News Module 'id' Parameter SQL Injection Kasseler CMS News Module - 'id' Parameter SQL Injection Ziggurat Farsi CMS 'id' Parameter Unspecified Cross-Site Scripting Ziggurat Farsi CMS - 'id' Parameter Unspecified Cross-Site Scripting Vana CMS 'filename' Parameter Remote File Download Vana CMS - 'filename' Parameter Remote File Download Ziggurrat Farsi CMS 'bck' Parameter Directory Traversal Ziggurrat Farsi CMS - 'bck' Parameter Directory Traversal Viennabux Beta! 'cat' Parameter SQL Injection Viennabux Beta! - 'cat' Parameter SQL Injection HP System Management Homepage 'RedirectUrl' Parameter URI Redirection HP System Management Homepage - 'RedirectUrl' Parameter URI Redirection Sterlite SAM300 AX Router 'Stat_Radio' Parameter Cross-Site Scripting Sterlite SAM300 AX Router - 'Stat_Radio' Parameter Cross-Site Scripting Last Wizardz 'id' Parameter SQL Injection Last Wizardz - 'id' Parameter SQL Injection Plesk Server Administrator (PSA) 'locale' Parameter Local File Inclusion Plesk Server Administrator (PSA) - 'locale' Parameter Local File Inclusion VideoWhisper PHP 2 Way Video Chat 'r' Parameter Cross-Site Scripting VideoWhisper PHP 2 Way Video Chat - 'r' Parameter Cross-Site Scripting KubeSupport 'lang' Parameter SQL Injection KubeSupport - 'lang' Parameter SQL Injection ReCMS 'users_lang' Parameter Directory Traversal ReCMS - 'users_lang' Parameter Directory Traversal jCore 'search' Parameter Cross-Site Scripting jCore - 'search' Parameter Cross-Site Scripting PHP168 Template Editor 'filename' Parameter Directory Traversal PHP168 Template Editor - 'filename' Parameter Directory Traversal uzbl \'uzbl-core\' \'@SELECTED_URI\' Mouse Button Bindings Command Injection uzbl 'uzbl-core' - '@SELECTED_URI' Mouse Button Bindings Command Injection SyntaxCMS 'rows_per_page' Parameter SQL Injection Edit-X PHP CMS 'search_text' Parameter Cross-Site Scripting SyntaxCMS - 'rows_per_page' Parameter SQL Injection Edit-X PHP CMS - 'search_text' Parameter Cross-Site Scripting Nasim Guest Book 'page' Parameter Cross-Site Scripting Nasim Guest Book - 'page' Parameter Cross-Site Scripting FreeSchool 'key_words' Parameter Cross-Site Scripting FreeSchool - 'key_words' Parameter Cross-Site Scripting tourismscripts HotelBook 'hotel_id' Parameter Multiple SQL Injection tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injection Spiceworks 'query' Parameter Cross-Site Scripting Spiceworks - 'query' Parameter Cross-Site Scripting NWS-Classifieds 'cmd' Parameter Local File Inclusion NWS-Classifieds - 'cmd' Parameter Local File Inclusion WebAsyst Shop-Script PREMIUM 'searchstring' Parameter Cross-Site Scripting WebAsyst Shop-Script PREMIUM - 'searchstring' Parameter Cross-Site Scripting Web TV 'chn' Parameter Cross-Site Scripting Web TV - 'chn' Parameter Cross-Site Scripting Honest Traffic 'msg' Parameter Cross-Site Scripting Honest Traffic - 'msg' Parameter Cross-Site Scripting PHP Photo Vote 1.3F 'page' Parameter Cross-Site Scripting PHP Photo Vote 1.3F - 'page' Parameter Cross-Site Scripting Wap-motor 'image' Parameter Directory Traversal Wap-motor - 'image' Parameter Directory Traversal QuarkMail 'tf' Parameter Directory Traversal QuarkMail - 'tf' Parameter Directory Traversal Microsoft Windows VISTA 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution Microsoft Windows VISTA - 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution LES PACKS 'ID' Parameter SQL Injection LES PACKS - 'ID' Parameter SQL Injection PHPShop 2.1 EE 'name_new' Parameter Cross-Site Scripting PHPShop 2.1 EE - 'name_new' Parameter Cross-Site Scripting IBM OmniFind 'command' Parameter Cross-Site Scripting IBM OmniFind - 'command' Parameter Cross-Site Scripting Joomla Store Directory 'id' Parameter SQL Injection Joomla Store Directory - 'id' Parameter SQL Injection PHP State 'id' Parameter SQL Injection Joomla Jeformcr 'id' Parameter SQL Injection JExtensions Property Finder Component for Joomla! 'sf_id' Parameter SQL Injection PHP State - 'id' Parameter SQL Injection Joomla Jeformcr - 'id' Parameter SQL Injection JExtensions Property Finder Component for Joomla! - 'sf_id' Parameter SQL Injection Social Share 'postid' Parameter SQL Injection Social Share - 'postid' Parameter SQL Injection Openfiler 'device' Parameter Cross-Site Scripting Openfiler - 'device' Parameter Cross-Site Scripting Social Share 'username' Parameter SQL Injection Social Share - 'username' Parameter SQL Injection Social Share 'search' Parameter Cross-Site Scripting HotWeb Scripts HotWeb Rentals 'PageId' Parameter SQL Injection Social Share - 'search' Parameter Cross-Site Scripting HotWeb Scripts HotWeb Rentals - 'PageId' Parameter SQL Injection SnapProof 'retPageID' Parameter Cross-Site Scripting SnapProof - 'retPageID' Parameter Cross-Site Scripting VidiScript 'vp' Parameter Cross-Site Scripting VidiScript - 'vp' Parameter Cross-Site Scripting PHP-Fusion 'article_id' Parameter SQL Injection PHP-Fusion - 'article_id' Parameter SQL Injection Qianbo Enterprise Web Site Management System 'Keyword' Parameter Cross-Site Scripting RunCMS 'partners' Module 'id' Parameter SQL Injection Qianbo Enterprise Web Site Management System - 'Keyword' Parameter Cross-Site Scripting RunCMS 'partners' Module - 'id' Parameter SQL Injection Technicolor THOMSON TG585v7 Wireless Router 'url' Parameter Cross-Site Scripting Technicolor THOMSON TG585v7 Wireless Router - 'url' Parameter Cross-Site Scripting SyCtel Design 'menu' Parameter Multiple Local File Inclusion SyCtel Design - 'menu' Parameter Multiple Local File Inclusion phpGraphy 0.9.13 b 'theme_dir' Parameter Cross-Site Scripting phpGraphy 0.9.13 b - 'theme_dir' Parameter Cross-Site Scripting Web Auction 0.3.6 'lang' Parameter Cross-Site Scripting Web Auction 0.3.6 - 'lang' Parameter Cross-Site Scripting Multiple GoT.MY Products 'theme_dir' Parameter Cross-Site Scripting Multiple GoT.MY Products - 'theme_dir' Parameter Cross-Site Scripting Flash Tag Cloud And MT-Cumulus Plugin 'tagcloud' Parameter Cross-Site Scripting Flash Tag Cloud And MT-Cumulus Plugin - 'tagcloud' Parameter Cross-Site Scripting Joomla! 'com_cbcontact' Component 'contact_id' Parameter SQL Injection Joomla! 'com_cbcontact' Component - 'contact_id' Parameter SQL Injection Joomla! 'com_maplocator' Component 'cid' Parameter SQL Injection Joomla! 'com_maplocator' Component - 'cid' Parameter SQL Injection Tolinet Agencia 'id' Parameter SQL Injection Tolinet Agencia - 'id' Parameter SQL Injection WebFileExplorer 3.6 'user' and 'pass' SQL Injection WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection Sitemagic CMS 'SMTpl' Parameter Directory Traversal Sitemagic CMS - 'SMTpl' Parameter Directory Traversal Nodesforum '_nodesforum_node' Parameter SQL Injection Joomla! 'com_morfeoshow' Component 'idm' Parameter SQL Injection Nodesforum - '_nodesforum_node' Parameter SQL Injection Joomla! 'com_morfeoshow' Component - 'idm' Parameter SQL Injection Joomla! 'com_jr_tfb' Component 'controller' Parameter Local File Inclusion Joomla! 'com_jr_tfb' Component - 'controller' Parameter Local File Inclusion eTAWASOL 'id' Parameter SQL Injection eTAWASOL - 'id' Parameter SQL Injection Prontus CMS 'page' Parameter Cross-Site Scripting ICMusic '1.2 music_id' Parameter SQL Injection Prontus CMS - 'page' Parameter Cross-Site Scripting ICMusic 1.2 - 'music_id' Parameter SQL Injection Flowplayer 3.2.7 linkUrl' Parameter Cross-Site Scripting Flowplayer 3.2.7 - 'linkUrl' Parameter Cross-Site Scripting Easy Estate Rental 's_location' Parameter SQL Injection Joomla Foto Component 'id_categoria' Parameter SQL Injection Easy Estate Rental - 's_location' Parameter SQL Injection Joomla Foto Component - 'id_categoria' Parameter SQL Injection Joomla Juicy Gallery Component 'picId' Parameter SQL Injection Joomla Juicy Gallery Component - 'picId' Parameter SQL Injection Joomla Controller Component 'Itemid' Parameter SQL Injection Joomla Controller Component - 'Itemid' Parameter SQL Injection Synergy Software 'id' Parameter SQL Injection Godly Forums 'id' Parameter SQL Injection Synergy Software - 'id' Parameter SQL Injection Godly Forums - 'id' Parameter SQL Injection MyBB MyTabs Plugin 'tab' Parameter SQL Injection MyBB MyTabs Plugin - 'tab' Parameter SQL Injection mt LinkDatenbank 'b' Parameter Cross-Site Scripting mt LinkDatenbank - 'b' Parameter Cross-Site Scripting Joomla! Slideshow Gallery Component 'id' Parameter SQL Injection Joomla! Slideshow Gallery Component - 'id' Parameter SQL Injection Joomla! 'com_community' Component 'userid' Parameter SQL Injection Joomla! 'com_community' Component - 'userid' Parameter SQL Injection phpWebSite 'page_id' Parameter Cross-Site Scripting phpWebSite - 'page_id' Parameter Cross-Site Scripting Tourismscripts Hotel Portal 'hotel_city' Parameter HTML Injection VicBlog 'tag' Parameter SQL Injection Tourismscripts Hotel Portal - 'hotel_city' Parameter HTML Injection VicBlog - 'tag' Parameter SQL Injection Kisanji 'gr' Parameter Cross-Site Scripting Kisanji - 'gr' Parameter Cross-Site Scripting Joomla! 'com_biitatemplateshop' Component 'groups' Parameter SQL Injection Joomla! 'com_biitatemplateshop' Component - 'groups' Parameter SQL Injection Vanira CMS 'vtpidshow' Parameter SQL Injection Vanira CMS - 'vtpidshow' Parameter SQL Injection Joomla! 'com_expedition' Component 'id' Parameter SQL Injection Joomla! 'com_expedition' Component - 'id' Parameter SQL Injection Joomla! 'com_tree' Component 'key' Parameter SQL Injection Joomla! 'com_br' Component 'state_id' Parameter SQL Injection Joomla! 'com_shop' Component 'id' Parameter SQL Injection Joomla! 'com_tree' Component - 'key' Parameter SQL Injection Joomla! 'com_br' Component - 'state_id' Parameter SQL Injection Joomla! 'com_shop' Component - 'id' Parameter SQL Injection Splunk 4.1.6 'segment' Parameter Cross-Site Scripting Splunk 4.1.6 - 'segment' Parameter Cross-Site Scripting Multiple Cisco Products 'file' Parameter Directory Traversal Multiple Cisco Products - 'file' Parameter Directory Traversal IBSng B1.34(T96) 'str' Parameter Cross-Site Scripting IBSng B1.34(T96) - 'str' Parameter Cross-Site Scripting SmartJobBoard 'keywords' Parameter Cross-Site Scripting SmartJobBoard - 'keywords' Parameter Cross-Site Scripting Joomla Content Component 'year' Parameter SQL Injection Joomla Content Component - 'year' Parameter SQL Injection Webistry 1.6 'pid' Parameter SQL Injection Webistry 1.6 - 'pid' Parameter SQL Injection WordPress Skysa App Bar Plugin 'idnews' Parameter Cross-Site Scripting WordPress Skysa App Bar Plugin - 'idnews' Parameter Cross-Site Scripting Video Community Portal 'userID' Parameter SQL Injection Video Community Portal - 'userID' Parameter SQL Injection PHP Booking Calendar 10e 'page_info_message' Parameter Cross-Site Scripting Joomla! 'com_tsonymf' Component 'idofitem' Parameter SQL Injection PHP Booking Calendar 10e - 'page_info_message' Parameter Cross-Site Scripting Joomla! 'com_tsonymf' Component - 'idofitem' Parameter SQL Injection Joomla! 'com_caproductprices' Component 'id' Parameter SQL Injection Joomla! 'com_caproductprices' Component - 'id' Parameter SQL Injection GraphicsClone Script 'term' parameter Cross-Site Scripting GraphicsClone Script - 'term' parameter Cross-Site Scripting PostNuke pnAddressbook Module 'id' Parameter SQL Injection PostNuke pnAddressbook Module - 'id' Parameter SQL Injection Joomla! 'com_br' Component 'controller' Parameter Local File Inclusion Joomla! 'com_br' Component - 'controller' Parameter Local File Inclusion Joomla! Full 'com_full' Component 'id' Parameter SQL Injection Joomla! Full 'com_full' Component - 'id' Parameter SQL Injection Joomla! 'com_xball' Component 'team_id' Parameter SQL Injection Joomla! 'com_boss' Component 'controller' Parameter Local File Inclusion Joomla! 'com_xball' Component - 'team_id' Parameter SQL Injection Joomla! 'com_boss' Component - 'controller' Parameter Local File Inclusion Joomla! 'com_some' Component 'controller' Parameter Local File Inclusion Joomla! 'com_bulkenquery' Component 'controller' Parameter Local File Inclusion Joomla! 'com_kp' Component 'controller' Parameter Local File Inclusion Joomla! 'com_some' Component - 'controller' Parameter Local File Inclusion Joomla! 'com_bulkenquery' Component - 'controller' Parameter Local File Inclusion Joomla! 'com_kp' Component - 'controller' Parameter Local File Inclusion Ultimate Locator 'radius' Parameter SQL Injection Joomla! 'com_jesubmit' Component 'index.php' Arbitrary File Upload Ultimate Locator - 'radius' Parameter SQL Injection Joomla! 'com_jesubmit' Component - 'index.php' Arbitrary File Upload Joomla! 'com_motor' Component 'cid' Parameter SQL Injection Joomla! 'com_motor' Component - 'cid' Parameter SQL Injection Joomla! 'com_firmy' Component 'Id' Parameter SQL Injection Joomla! 'com_firmy' Component - 'Id' Parameter SQL Injection Joomla! 'com_crhotels' Component 'catid' Parameter SQL Injection Joomla! 'com_propertylab' Component 'id' Parameter SQL Injection Joomla! 'com_crhotels' Component - 'catid' Parameter SQL Injection Joomla! 'com_propertylab' Component - 'id' Parameter SQL Injection Joomla! 'com_cmotour' Component 'id' Parameter SQL Injection Joomla! 'com_cmotour' Component - 'id' Parameter SQL Injection Joomla! 'com_bnf' Component 'seccion_id' Parameter SQL Injection Joomla! 'com_bnf' Component - 'seccion_id' Parameter SQL Injection Joomla! Currency Converter Component 'from' Parameter Cross-Site Scripting Joomla! Currency Converter Component - 'from' Parameter Cross-Site Scripting RabbitWiki 'title' Parameter Cross-Site Scripting RabbitWiki - 'title' Parameter Cross-Site Scripting Zimbra 'view' Parameter Cross-Site Scripting Zimbra - 'view' Parameter Cross-Site Scripting SMW+ 1.5.6 'target' Parameter HTML Injection SMW+ 1.5.6 - 'target' Parameter HTML Injection ProWiki 'id' Parameter Cross-Site Scripting ProWiki - 'id' Parameter Cross-Site Scripting Tiki Wiki CMS Groupware 'url' Parameter URI Redirection Tiki Wiki CMS Groupware - 'url' Parameter URI Redirection Impulsio CMS 'id' Parameter SQL Injection Impulsio CMS - 'id' Parameter SQL Injection Joomla! X-Shop Component 'idd' Parameter SQL Injection Joomla! X-Shop Component - 'idd' Parameter SQL Injection Joomla! 'com_xvs' Component 'controller' Parameter Local File Inclusion Joomla! 'com_xvs' Component - 'controller' Parameter Local File Inclusion starCMS 'q' Parameter URI Cross-Site Scripting starCMS - 'q' Parameter URI Cross-Site Scripting JPM Article Script 6 'page2' Parameter SQL Injection JPM Article Script 6 - 'page2' Parameter SQL Injection LeKommerce 'id' Parameter SQL Injection LeKommerce - 'id' Parameter SQL Injection Event Calendar PHP 'cal_year' Parameter Cross-Site Scripting Event Calendar PHP - 'cal_year' Parameter Cross-Site Scripting XM Forum 'id' Parameter Multiple SQL Injection Uiga FanClub 'p' Parameter SQL Injection XM Forum - 'id' Parameter Multiple SQL Injection Uiga FanClub - 'p' Parameter SQL Injection WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross-Site Scripting WordPress WPsc MijnPress Plugin - 'rwflush' Parameter Cross-Site Scripting Ramui Forum Script 'query' Parameter Cross-Site Scripting Ramui Forum Script - 'query' Parameter Cross-Site Scripting GD Star Rating 1.9.16 'tpl_section' Parameter Cross-Site Scripting GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting LongTail JW Player 'debug' Parameter Cross-Site Scripting LongTail JW Player - 'debug' Parameter Cross-Site Scripting Small-Cms 'hostname' Parameter Remote PHP Code Injection Small-Cms - 'hostname' Parameter Remote PHP Code Injection Joomla! Alphacontent Component 'limitstart' Parameter SQL Injection Joomla! Alphacontent Component - 'limitstart' Parameter SQL Injection Flogr 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities Flogr - 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities e107 Image Gallery Plugin 'name' Parameter Remote File Disclosure e107 Image Gallery Plugin - 'name' Parameter Remote File Disclosure Joomla! 'com_szallasok' Component 'id' Parameter SQL Injection Joomla! 'com_szallasok' Component - 'id' Parameter SQL Injection SWFUpload 'movieName' Parameter Cross-Site Scripting SWFUpload - 'movieName' Parameter Cross-Site Scripting WordPress SocialFit Plugin 'msg' Parameter Cross-Site Scripting WordPress custom tables Plugin 'key' Parameter Cross-Site Scripting WordPress church_admin Plugin 'id' parameter Cross-Site Scripting WordPress SocialFit Plugin - 'msg' Parameter Cross-Site Scripting WordPress custom tables Plugin - 'key' Parameter Cross-Site Scripting WordPress church_admin Plugin - 'id' parameter Cross-Site Scripting sflog! 'section' Parameter Local File Inclusion sflog! - 'section' Parameter Local File Inclusion WebsitePanel 'ReturnUrl' Parameter URI Redirection WebsitePanel - 'ReturnUrl' Parameter URI Redirection WordPress Post Recommendations Plugin 'abspath' Parameter Remote File Inclusion web@all 'name' Parameter Cross-Site Scripting WordPress Post Recommendations Plugin - 'abspath' Parameter Remote File Inclusion web@all - 'name' Parameter Cross-Site Scripting Joomla! 'com_hello' Component 'controller' Parameter Local File Inclusion Joomla! 'com_hello' Component - 'controller' Parameter Local File Inclusion REDAXO 'subpage' Parameter Cross-Site Scripting Joomla Odudeprofile component 'profession' Parameter SQL Injection REDAXO - 'subpage' Parameter Cross-Site Scripting Joomla Odudeprofile component - 'profession' Parameter SQL Injection BarCodeWiz 'BarcodeWiz.dll' ActiveX Control 'Barcode' Method Remote Buffer Overflow BarCodeWiz 'BarcodeWiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow JW Player 'playerready' Parameter Cross-Site Scripting eNdonesia 'cid' Parameter SQL Injection JW Player - 'playerready' Parameter Cross-Site Scripting eNdonesia - 'cid' Parameter SQL Injection ntop 'arbfile' Parameter Cross-Site Scripting ntop - 'arbfile' Parameter Cross-Site Scripting Elefant CMS 'id' Parameter Cross-Site Scripting Elefant CMS - 'id' Parameter Cross-Site Scripting YT-Videos Script 'id' Parameter SQL Injection YT-Videos Script - 'id' Parameter SQL Injection GetSimple 'path' Parameter Local File Inclusion GetSimple - 'path' Parameter Local File Inclusion LISTSERV 16 'SHOWTPL' Parameter Cross-Site Scripting LISTSERV 16 - 'SHOWTPL' Parameter Cross-Site Scripting JPM Article Blog Script 6 'tid' Parameter Cross-Site Scripting JPM Article Blog Script 6 - 'tid' Parameter Cross-Site Scripting KindEditor 'name' Parameter Cross-Site Scripting KindEditor - 'name' Parameter Cross-Site Scripting PHP Web Scripts Ad Manager Pro 'page' Parameter Local File Inclusion PHP Web Scripts Ad Manager Pro - 'page' Parameter Local File Inclusion JW Player 'logo.link' Parameter Cross-Site Scripting JW Player - 'logo.link' Parameter Cross-Site Scripting PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Inclusion Joomla! Komento Component 'cid' Parameter SQL Injection PHP Web Scripts Text Exchange Pro - 'page' Parameter Local File Inclusion Joomla! Komento Component - 'cid' Parameter SQL Injection WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure WordPress Cloudsafe365 Plugin - 'file' Parameter Remote File Disclosure Wiki Web Help 'configpath' Parameter Remote File Inclusion Wiki Web Help - 'configpath' Parameter Remote File Inclusion LiteSpeed Web Server 'gtitle' parameter Cross-Site Scripting LiteSpeed Web Server - 'gtitle' parameter Cross-Site Scripting WordPress Download Monitor Plugin 'dlsearch' Parameter Cross-Site Scripting WordPress Download Monitor Plugin - 'dlsearch' Parameter Cross-Site Scripting FBDj 'id' Parameter SQL Injection FBDj - 'id' Parameter SQL Injection vBSEO 'u' parameter Cross-Site Scripting vBSEO - 'u' parameter Cross-Site Scripting WordPress Crayon Syntax Highlighter Plugin 'wp_load' Parameter Remote File Inclusion WordPress Crayon Syntax Highlighter Plugin - 'wp_load' Parameter Remote File Inclusion TAGWORX.CMS 'cid' Parameter SQL Injection TAGWORX.CMS - 'cid' Parameter SQL Injection WordPress Video Lead Form Plugin 'errMsg' Parameter Cross-Site Scripting WordPress Video Lead Form Plugin - 'errMsg' Parameter Cross-Site Scripting WordPress Token Manager Plugin 'tid' Parameter Cross-Site Scripting WordPress Token Manager Plugin - 'tid' Parameter Cross-Site Scripting Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross-Site Scripting Neturf eCommerce Shopping Cart - 'SearchFor' Parameter Cross-Site Scripting WordPress ABC Test Plugin 'id' Parameter Cross-Site Scripting WordPress ABC Test Plugin - 'id' Parameter Cross-Site Scripting Open Realty 'select_users_lang' Parameter Local File Inclusion Open Realty - 'select_users_lang' Parameter Local File Inclusion FirePass 7.0 SSL VPN 'refreshURL' Parameter URI Redirection FirePass 7.0 SSL VPN - 'refreshURL' Parameter URI Redirection SMF 'view' Parameter Cross-Site Scripting SMF - 'view' Parameter Cross-Site Scripting Gramophone 'rs' Parameter Cross-Site Scripting Gramophone - 'rs' Parameter Cross-Site Scripting Joomla! com_parcoauto Component 'idVeicolo' Parameter SQL Injection Joomla! com_parcoauto Component - 'idVeicolo' Parameter SQL Injection OrangeHRM 'sortField' Parameter SQL Injection WordPress FLV Player Plugin 'id' Parameter SQL Injection OrangeHRM - 'sortField' Parameter SQL Injection WordPress FLV Player Plugin - 'id' Parameter SQL Injection WordPress Kakao Theme 'ID' Parameter SQL Injection WordPress PHP Event Calendar Plugin 'cid' Parameter SQL Injection WordPress Eco-annu Plugin 'eid' Parameter SQL Injection WordPress Kakao Theme - 'ID' Parameter SQL Injection WordPress PHP Event Calendar Plugin - 'cid' Parameter SQL Injection WordPress Eco-annu Plugin - 'eid' Parameter SQL Injection WordPress Dailyedition-mouss Theme 'id' Parameter SQL Injection WordPress Tagged Albums Plugin 'id' Parameter SQL Injection WordPress Dailyedition-mouss Theme - 'id' Parameter SQL Injection WordPress Tagged Albums Plugin - 'id' Parameter SQL Injection Omni-Secure 'dir' Parameter Multiple File Disclosure Vulnerabilities Friends in War The FAQ Manager 'question' Parameter SQL Injection Omni-Secure - 'dir' Parameter Multiple File Disclosure Vulnerabilities Friends in War The FAQ Manager - 'question' Parameter SQL Injection openSIS 'modname' Parameter Local File Inclusion openSIS - 'modname' Parameter Local File Inclusion WordPress Madebymilk Theme 'id' Parameter SQL Injection WordPress Madebymilk Theme - 'id' Parameter SQL Injection WordPress Zingiri Web Shop Plugin 'path' Parameter Arbitrary File Upload WordPress Webplayer Plugin 'id' Parameter SQL Injection WordPress Plg Novana Plugin 'id' Parameter SQL Injection WordPress Zingiri Web Shop Plugin - 'path' Parameter Arbitrary File Upload WordPress Webplayer Plugin - 'id' Parameter SQL Injection WordPress Plg Novana Plugin - 'id' Parameter SQL Injection WordPress Magazine Basic Theme 'id' Parameter SQL Injection WordPress Magazine Basic Theme - 'id' Parameter SQL Injection WordPress Ads Box Plugin 'count' Parameter SQL Injection WordPress Ads Box Plugin - 'count' Parameter SQL Injection Forescout CounterACT 'a' Parameter Open Redirection WordPress Wp-ImageZoom Theme 'id' Parameter SQL Injection Forescout CounterACT - 'a' Parameter Open Redirection WordPress Wp-ImageZoom Theme - 'id' Parameter SQL Injection WordPress Toolbox Theme 'mls' Parameter SQL Injection Elastix 'page' Parameter Cross-Site Scripting TinyMCPUK 'test' Parameter Cross-Site Scripting WordPress Toolbox Theme - 'mls' Parameter SQL Injection Elastix - 'page' Parameter Cross-Site Scripting TinyMCPUK - 'test' Parameter Cross-Site Scripting WordPress Zingiri Forums Plugin 'language' Parameter Local File Inclusion WordPress Nest Theme 'codigo' Parameter SQL Injection Sourcefabric Newscoop 'f_email' Parameter SQL Injection WordPress Zingiri Forums Plugin - 'language' Parameter Local File Inclusion WordPress Nest Theme - 'codigo' Parameter SQL Injection Sourcefabric Newscoop - 'f_email' Parameter SQL Injection FOOT Gestion 'id' Parameter SQL Injection FOOT Gestion - 'id' Parameter SQL Injection PHP Address Book 'group' Parameter Cross-Site Scripting PHP Address Book - 'group' Parameter Cross-Site Scripting Joomla! ZT Autolinks Component 'controller' Parameter Local File Inclusion Joomla! Bit Component 'controller' Parameter Local File Inclusion Joomla! ZT Autolinks Component - 'controller' Parameter Local File Inclusion Joomla! Bit Component - 'controller' Parameter Local File Inclusion MyBB Transactions Plugin 'transaction' Parameter SQL Injection MyBB Transactions Plugin - 'transaction' Parameter SQL Injection WHM 'filtername' Parameter Cross-Site Scripting WHM - 'filtername' Parameter Cross-Site Scripting Havalite CMS 'comment' Parameter HTML Injection Havalite CMS - 'comment' Parameter HTML Injection WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross-Site Scripting WordPress NextGEN Gallery Plugin - 'test-head' Parameter Cross-Site Scripting WordPress Gallery Plugin 'filename_1' Parameter Remote Arbitrary File Access WordPress Gallery Plugin - 'filename_1' Parameter Remote Arbitrary File Access phpLiteAdmin 'table' Parameter SQL Injection IP.Gallery 'img' Parameter SQL Injection phpLiteAdmin - 'table' Parameter SQL Injection IP.Gallery - 'img' Parameter SQL Injection gpEasy CMS 'section' Parameter Cross-Site Scripting gpEasy CMS - 'section' Parameter Cross-Site Scripting iCart Pro 'section' Parameter SQL Injection iCart Pro - 'section' Parameter SQL Injection WordPress WP-Table Reloaded Plugin 'id' Parameter Cross-Site Scripting WordPress WP-Table Reloaded Plugin - 'id' Parameter Cross-Site Scripting WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross-Site Scripting WordPress CommentLuv Plugin - '_ajax_nonce' Parameter Cross-Site Scripting WordPress Audio Player Plugin 'playerID' Parameter Cross-Site Scripting WordPress Pinboard Theme 'tab' Parameter Cross-Site Scripting WordPress Audio Player Plugin - 'playerID' Parameter Cross-Site Scripting WordPress Pinboard Theme - 'tab' Parameter Cross-Site Scripting Squirrelcart 'table' Parameter Cross-Site Scripting Squirrelcart - 'table' Parameter Cross-Site Scripting OpenEMR 'site' Parameter Cross-Site Scripting OpenEMR - 'site' Parameter Cross-Site Scripting WordPress Uploader Plugin 'blog' Parameter Cross-Site Scripting WordPress Uploader Plugin - 'blog' Parameter Cross-Site Scripting WordPress Count Per Day Plugin 'daytoshow' Parameter Cross-Site Scripting WordPress Count Per Day Plugin - 'daytoshow' Parameter Cross-Site Scripting WordPress podPress Plugin 'playerID' Parameter Cross-Site Scripting WordPress podPress Plugin - 'playerID' Parameter Cross-Site Scripting Jaow CMS 'add_ons' Parameter Cross-Site Scripting Jaow CMS - 'add_ons' Parameter Cross-Site Scripting WordPress Feedweb Plugin 'wp_post_id' Parameter Cross-Site Scripting WordPress Feedweb Plugin - 'wp_post_id' Parameter Cross-Site Scripting Symphony 'sort' Parameter SQL Injection Symphony - 'sort' Parameter SQL Injection WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross-Site Scripting WordPress Traffic Analyzer Plugin - 'aoid' Parameter Cross-Site Scripting WordPress Spiffy XSPF Player Plugin 'playlist_id' Parameter SQL Injection WordPress Spiffy XSPF Player Plugin - 'playlist_id' Parameter SQL Injection WordPress Spider Video Player Plugin 'theme' Parameter SQL Injection Request Tracker 'ShowPending' Parameter SQL Injection WordPress Spider Video Player Plugin - 'theme' Parameter SQL Injection Request Tracker - 'ShowPending' Parameter SQL Injection Fork CMS 'file' Parameter Local File Inclusion Fork CMS - 'file' Parameter Local File Inclusion WordPress wp-FileManager Plugin 'path' Parameter Arbitrary File Download Open Flash Chart 'get-data' Parameter Cross-Site Scripting WordPress wp-FileManager Plugin - 'path' Parameter Arbitrary File Download Open Flash Chart - 'get-data' Parameter Cross-Site Scripting Jojo CMS 'search' Parameter Cross-Site Scripting Jojo CMS - 'search' Parameter Cross-Site Scripting WordPress Ambience Theme 'src' Parameter Cross-Site Scripting WordPress Ambience Theme - 'src' Parameter Cross-Site Scripting TaxiMonger for Android 'name' Parameter HTML Injection TaxiMonger for Android - 'name' Parameter HTML Injection ZamFoo 'date' Parameter Remote Command Injection ZamFoo - 'date' Parameter Remote Command Injection Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross-Site Scripting Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting WordPress WP Feed Plugin 'nid' Parameter SQL Injection WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross-Site Scripting WordPress WP Feed Plugin - 'nid' Parameter SQL Injection WordPress Category Grid View Gallery Plugin - 'ID' Parameter Cross-Site Scripting WordPress FlagEm Plugin 'cID' Parameter Cross-Site Scripting WordPress FlagEm Plugin - 'cID' Parameter Cross-Site Scripting Xibo 'layout' Parameter HTML Injection Xibo - 'layout' Parameter HTML Injection Flo CMS 'archivem' Parameter SQL Injection Flo CMS - 'archivem' Parameter SQL Injection eTransfer Lite 'file name' Parameter HTML Injection WordPress mukioplayer4wp Plugin 'cid' Parameter SQL Injection eTransfer Lite - 'file name' Parameter HTML Injection WordPress mukioplayer4wp Plugin - 'cid' Parameter SQL Injection Monstra CMS 'login' Parameter SQL Injection Monstra CMS - 'login' Parameter SQL Injection Joomla! JVideoClip Component 'uid' Parameter SQL Injection Joomla! JVideoClip Component - 'uid' Parameter SQL Injection WordPress WP-Realty Plugin 'listing_id' Parameter SQL Injection WordPress WP-Realty Plugin - 'listing_id' Parameter SQL Injection Joomla! Maian15 Component 'name' Parameter Arbitrary Shell Upload Joomla! Maian15 Component - 'name' Parameter Arbitrary Shell Upload Nagios XI 'tfPassword' Parameter SQL Injection Nagios XI - 'tfPassword' Parameter SQL Injection Enorth Webpublisher CMS 'thisday' Parameter SQL Injection Enorth Webpublisher CMS - 'thisday' Parameter SQL Injection WordPress Easy Career Openings Plugin 'jobid' Parameter SQL Injection WordPress Easy Career Openings Plugin - 'jobid' Parameter SQL Injection eduTrac 'showmask' Parameter Directory Traversal eduTrac - 'showmask' Parameter Directory Traversal Veno File Manager 'q' Parameter Arbitrary File Download Veno File Manager - 'q' Parameter Arbitrary File Download Leed 'id' Parameter SQL Injection Leed - 'id' Parameter SQL Injection xBoard 'post' Parameter Local File Inclusion xBoard - 'post' Parameter Local File Inclusion i-doit Pro 'objID' Parameter SQL Injection i-doit Pro - 'objID' Parameter SQL Injection Joomla! Sexy Polling Extension 'answer_id' Parameter SQL Injection Joomla! Sexy Polling Extension - 'answer_id' Parameter SQL Injection XOS Shop 'goto' Parameter SQL Injection XOS Shop - 'goto' Parameter SQL Injection Eventum 'hostname' Parameter Remote Code Execution Eventum - 'hostname' Parameter Remote Code Execution WordPress Relevanssi Plugin 'category_name' Parameter SQL Injection WordPress Relevanssi Plugin - 'category_name' Parameter SQL Injection Professional Designer E-Store 'id' Parameter Multiple SQL Injection Professional Designer E-Store - 'id' Parameter Multiple SQL Injection MeiuPic 'ctl' Parameter Local File Inclusion MeiuPic - 'ctl' Parameter Local File Inclusion Jorjweb 'id' Parameter SQL Injection qEngine 'run' Parameter Local File Inclusion Jorjweb - 'id' Parameter SQL Injection qEngine - 'run' Parameter Local File Inclusion Seo Panel 'file' Parameter Directory Traversal Seo Panel - 'file' Parameter Directory Traversal ZeusCart 'prodid' Parameter SQL Injection ZeusCart - 'prodid' Parameter SQL Injection VoipSwitch 'action' Parameter Local File Inclusion VoipSwitch - 'action' Parameter Local File Inclusion Joomla! Spider Video Player Extension 'theme' Parameter SQL Injection Joomla! Spider Video Player Extension - 'theme' Parameter SQL Injection Microsoft Office Excel Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Office Excel - Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Office Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099) FreePBX 13 / 14 - Remote Code Execution Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (2) Easy FTP Server - _APPE_ Command Buffer Overflow Remote Exploit |
Renamed from platforms/windows/dos/39694.txt (Browse further)