Offensive Security
117f75fdfc
DB: 2017-06-13
...
5 new exploits
GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference
DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow
Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow
Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution
Easy File Sharing Web Server 7.2 - Authentication Bypass
2017-06-13 05:01:23 +00:00
Offensive Security
dea52f68f5
DB: 2017-06-12
...
8 new exploits
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC)
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
VMware vSphere Data Protection 5.x/6.x - Java Deserialization
EFS Easy Chat Server 3.1 - Buffer Overflow (SEH)
IPFire 2.19 - Remote Code Execution
eCom Cart 1.3 - SQL Injection
EFS Easy Chat Server 3.1 - Password Disclosure
EFS Easy Chat Server 3.1 - Password Reset
PaulShop - SQL Injection
2017-06-12 05:01:24 +00:00
Offensive Security
fbe517f675
DB: 2017-06-10
...
6 new exploits
Mapscrn 2.03 - Local Buffer Overflow
libcroco 0.6.12 - Denial of Service
libquicktime 1.2.4 - Denial of Service
Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition
Apple macOS - Disk Arbitration Daemon Race Condition
Craft CMS 2.6 - Cross-Site Scripting
2017-06-10 05:01:19 +00:00
Offensive Security
bed1811f1d
DB: 2017-06-09
...
4 new exploits
Linux Kernel - 'ping' Local Denial of Service
VMware Workstation 12 Pro - Denial of Service
Net Monitor for Employees Pro < 5.3.4 - Unquoted Service Path Privilege Escalation
Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
2017-06-09 05:01:17 +00:00
Offensive Security
b002e06bf6
DB: 2017-06-08
...
9 new exploits
Linux Kernel - 'ping' Local Denial of Service
Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service
PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption
Artifex MuPDF - Null Pointer Dereference
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference
DC/OS Marathon UI - Docker Exploit (Metasploit)
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
Xavier 2.4 - SQL Injection
Robert 0.5 - Multiple Vulnerabilities
2017-06-08 05:01:17 +00:00
Offensive Security
cd6e21e600
DB: 2017-06-06
...
11 new exploits
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
DNSTracer 1.8.1 - Buffer Overflow
Parallels Desktop - Virtual Machine Escape
Subsonic 6.1.1 - XML External Entity Injection
BIND 9.10.5 - Unquoted Service Path Privilege Escalation
Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
Subsonic 6.1.1 - Cross-Site Request Forgery
Subsonic 6.1.1 - Server-Side Request Forgery
Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
2017-06-06 05:01:15 +00:00
Offensive Security
42e94b4366
DB: 2017-06-05
...
26 new exploits
Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine
Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files
Microsoft MsMpEng - Use-After-Free via Saved Callers
WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit - 'Element::setAttributeNodeNS' Use-After-Free
reiserfstune 3.6.25 - Local Buffer Overflow
TiEmu 2.08 - Local Buffer Overflow
Octopus Deploy - Authenticated Code Execution (Metasploit)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities
Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes)
uc-http Daemon - Local File Inclusion / Directory Traversal
Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
Piwigo Plugin Facetag 0.0.3 - SQL Injection
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - SQL Injection
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
2017-06-05 05:01:15 +00:00
Offensive Security
b1d5f96f79
DB: 2017-05-27
...
6 new exploits
Sandboxie 5.18 - Local Denial of Service
JAD java Decompiler 1.5.8e - Local Buffer Overflow
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands
Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write
D-Link DCS Series Cameras - Insecure Crossdomain
QWR-1104 Wireless-N Router - Cross-Site Scripting
2017-05-27 05:01:15 +00:00
Offensive Security
d77e2b2ada
DB: 2017-05-26
...
11 new exploits
Apple WebKit / Safari 10.0.3(12602.4.8) - 'WebCore::FrameView::scheduleRelayout' Use-After-Free
Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine
Mozilla Firefox < 53 - 'gfxTextRun' Out-of-Bounds Read
Mozilla Firefox < 53 - 'ConvolvePixel' Memory Disclosure
WinRAR 3.60 Beta 6 - (SFX Path) Local Stack Overflow
WinRAR 3.60 Beta 6 - SFX Path Local Stack Overflow
Ability Server 2.34 - FTP STOR Buffer Overflow
Ability Server 2.34 - FTP 'STOR' Buffer Overflow
TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow
TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Buffer Overflow
Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (3)
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (3)
MailEnable Enterprise Edition 1.1 - (EXAMINE) Buffer Overflow
Eudora Qualcomm WorldMail 3.0 - (IMAPd) Remote Overflow
MailEnable Enterprise Edition 1.1 - 'EXAMINE' Buffer Overflow
Eudora Qualcomm WorldMail 3.0 - 'IMAPd' Remote Overflow
Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow
Alt-N MDaemon POP3 Server < 9.06 - 'USER' Remote Heap Overflow
HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow
HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Unauthenticated Overflow (SEH)
Microsoft Internet Explorer - XML Parsing Buffer Overflow (Windows Vista)
Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow
Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit)
Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Buffer Overflow (Metasploit)
qualcomm worldmail server 3.0 - Directory Traversal
Qualcomm WorldMail Server 3.0 - Directory Traversal
Samba 3.5.0 - Remote Code Execution
SolarWinds orion network performance monitor 10.2.2 - Multiple Vulnerabilities
SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities
Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php q Parameter' SQL Injection
Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php' q Parameter SQL Injection
PlaySMs 1.4 - 'import.php' Remote Code Execution
PlaySMS 1.4 - 'import.php' Remote Code Execution
Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting
WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting
WebKit - 'ContainerNode::parserInsertBefore' Universal Cross-Site Scripting
WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting
WebKit - Stealing Variables via Page Navigation in FrameLoader::clear
Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting
2017-05-26 05:01:18 +00:00
Offensive Security
2907a841a7
DB: 2017-05-24
...
9 new exploits
Apple iOS/macOS - Memory Corruption Due to Bad Bounds Checking in NSCharacterSet Coding for NSKeyedUnarchiver
Apple iOS/macOS - NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in [NSBuiltinCharacterSet initWithCoder:]
Apple iOS/macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in 'TIKeyboardLayout initWithCoder:'
Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin'
Apple iOS/macOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization
Apple iOS/macOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Option Handling
Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization
KDE 4/5 - 'KAuth' Privilege Escalation
VX Search Enterprise 9.5.12 - GET Buffer Overflow (Metasploit)
2017-05-24 05:01:19 +00:00
Offensive Security
bc7f6091d4
DB: 2017-05-23
...
4 new exploits
Apple macOS - '32-bit syscall exit' Kernel Register Leak
Apple macOS - 'stackshot' Raw Frame Pointers
Linux Kernel 4.11 - eBPF Verifier Log Leaks Lower Half of map Pointer
VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Config Host Root Privilege Escalation
Joomla! 3.7.0 - 'com_fields' SQL Injection
Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC)
2017-05-23 05:01:15 +00:00
Offensive Security
7eac4c3a2c
DB: 2017-05-16
...
10 new exploits
Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH)
Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)
Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token
Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure
Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys
Quest Privilege Manager - pmmasterd Buffer Overflow (Metasploit)
PlaySms 1.4 - Remote Code Execution
Mailcow 0.14 - Cross-Site Request Forgery
Admidio 3.2.8 - Cross-Site Request Forgery
2017-05-16 05:01:17 +00:00
Offensive Security
b8fcb1ba1f
DB: 2017-05-14
...
1 new exploits
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation
2017-05-14 05:01:18 +00:00
Offensive Security
66b205e6c7
DB: 2017-05-13
...
3 new exploits
Cerberus FTP Server 1.x - Buffer Overflow Denial of Service
Palo Alto Networks PanOS root_trace - Privilege Escalation
Palo Alto Networks PanOS - root_reboot Privilege Escalation
Palo Alto Networks PanOS - 'root_trace' Privilege Escalation
Palo Alto Networks PanOS - 'root_reboot' Privilege Escalation
Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation
Linux Kernel 4.8.0 (Ubuntu) - Packet Socket Local Privilege Escalation
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation
Microsoft IIS WebDav - ScStoragePathFromUrl Overflow (Metasploit)
Microsoft IIS - WebDav 'ScStoragePathFromUrl' Overflow (Metasploit)
Vanilla Forums < 2.3 - Remote Code Execution
N-able N-central - Cross-Site Request Forgery
CMS Made Simple 2.1.6 - Multiple Vulnerabilities
2017-05-13 05:01:18 +00:00
Offensive Security
b6bbf710eb
DB: 2017-05-12
...
5 new exploits
OpenVPN 2.4.0 - Unauthenticated Denial of Service
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Privilege Escalation (3)
Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation
Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)
Microsoft Windows - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)
Microsoft IIS WebDav - ScStoragePathFromUrl Overflow (Metasploit)
2017-05-12 05:01:18 +00:00
Offensive Security
5aee851cfb
DB: 2017-05-11
...
5 new exploits
PocketPC Mms Composer - (WAPPush) Denial of Service
PocketPC Mms Composer - 'WAPPush' Denial of Service
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs)
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoC)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoC)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service) (PoC)
Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion
Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035)
Microsoft Internet Explorer 8/9/10 - 'CInput' Use-After-Free Crash (PoC) (MS14-035)
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1)
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Privilege Escalation (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
HT Editor 2.0.20 - Buffer Overflow (ROP PoC)
HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC)
Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation
Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Privilege Escalation
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2)
Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1)
Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow (Metasploit)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit)
Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing
Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing
Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities
Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3)
Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)
Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion
visual tools dvr 3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities
Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities
Microsoft Internet Explorer 8 / 9 - Steal Any Cookie
Microsoft Internet Explorer 8/9 - Steal Any Cookie
PHPOpenChat 2.3.4/3.0.1 - ENGLISH_poc.php Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion
COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change
COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change
Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities
C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S_ DVR - Credentials Disclosure / Authentication Bypass
C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass
AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities
AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass
BanManager WebUI 1.5.8 - PHP Code Injection
Gongwalker API Manager 1.1 - Cross-Site Request Forgery
2017-05-11 05:01:18 +00:00
Offensive Security
4e3947178d
DB: 2017-05-10
...
10 new exploits
LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls
LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers
LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflows
wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One
Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution
Crypttech CryptoLog - Remote Code Execution (Metasploit)
BSD/x86 - portbind port 31337 Shellcode (83 bytes)
BSD/x86 - portbind port random Shellcode (143 bytes)
BSD/x86 - Portbind Port 31337 Shellcode (83 bytes)
BSD/x86 - Portbind Random Port Shellcode (143 bytes)
BSD/x86 - execve /bin/sh Crypt /bin/sh Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)
BSD/x86 - reverse 6969 portbind Shellcode (129 bytes)
BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)
FreeBSD/x86 - portbind 4883 with auth Shellcode (222 bytes)
FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes)
FreeBSD/x86 - connect (Port 31337) Shellcode (102 bytes)
FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
Linux/x86 - execve Null Free Shellcode (Generator)
Linux/x86 - Portbind Payload Shellcode (Generator)
Windows XP SP1 - Portbind Payload Shellcode (Generator)
Linux/x86 - execve Null-Free Shellcode (Generator)
Linux/x86 - Portbind Shellcode (Generator)
Windows XP SP1 - Portbind Shellcode (Generator)
Linux/x86 - cmd Null Free Shellcode (Generator)
Linux/x86 - cmd Null-Free Shellcode (Generator)
Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Connectback Port 21 Shellcode
Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind Shellcode (276 bytes)
Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes)
Linux/SPARC - portbind port 8975 Shellcode (284 bytes)
Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes)
Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes)
Linux/x86 - bindport 8000 & execve iptables -F Shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access Shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux Shellcode (179 bytes)
Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes)
Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture Shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Connect Back Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - setuid/portbind (Port 31337) Shellcode (96 bytes)
Linux/x86 - portbind (2707) Shellcode (84 bytes)
Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes)
Linux/x86 - Portbind 2707 Shellcode (84 bytes)
Linux/x86 - SET_PORT() portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) Shellcode (86 bytes)
Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes)
Linux/x86 - Portbind Port 64713 Shellcode (86 bytes)
Linux/x86 - portbind port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add user 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - portbind port 5074 Shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add user 't00r' Shellcode (82 bytes)
Linux/x86 - Portbind Port 5074 Shellcode (92 bytes)
Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add User 't00r' Shellcode (82 bytes)
Linux/x86-64 - bindshell port 4444 Shellcode (132 bytes)
Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes)
NetBSD/x86 - callback Shellcode (port 6666) (83 bytes)
NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes)
OpenBSD/x86 - portbind port 6969 Shellcode (148 bytes)
OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes)
Solaris/SPARC - portbind (port 6666) Shellcode (240 bytes)
Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes)
Solaris/SPARC - portbind port 6789 Shellcode (228 bytes)
Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes)
Solaris/SPARC - portbinding Shellcode (240 bytes)
Solaris/x86 - portbind/TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free Shellcode (39 bytes)
Solaris/SPARC - Portbind Shellcode (240 bytes)
Solaris/x86 - Portbind TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes)
Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 Shellcode
Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode
Win32 - telnetbind by Winexec 23 port Shellcode (111 bytes)
Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe Shellcode (32 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - download and execute Shellcode (124 bytes)
Win32 - Download & Execute Shellcode (124 bytes)
Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows XP - download and exec source Shellcode
Windows XP SP1 - Portshell on port 58821 Shellcode (116 bytes)
Windows XP - Download & Exec Shellcode
Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes)
Win64 - (URLDownloadToFileA) download and execute Shellcode (218+ bytes)
Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes)
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 Shellcode
FreeBSD/x86 - portbind (Port 1337) Shellcode (167 bytes)
Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode
FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes)
Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)
Windows XP Professional SP2 (English) - Message Box Null-Free Shellcode (16 bytes)
Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)
Win32 XP SP2 FR - calc Shellcode (19 bytes)
Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Win32 XP SP3 English - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe Shellcode (26 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Windows XP Home Edition SP2 English - calc.exe Shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe Shellcode (37 bytes)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)
Windows XP Professional SP2 ITA - calc.exe Shellcode (36 bytes)
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Windows XP SP2 (FR) - Download & Exec Shellcode
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Windows 7 Professional SP1 x64 (FR) - (Beep) Shellcode (39 bytes)
Linux/x86 - netcat connect back port 8080 Shellcode (76 bytes)
Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ Shellcode (390 bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes)
Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86 - bind shell port 64533 Shellcode (97 bytes)
Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes)
Linux - 125 bind port to 6778 XOR encoded polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic Shellcode (91 bytes)
Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes)
Linux/x86 - netcat bindshell port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)
Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
BSD/x86 - bindshell on port 2525 Shellcode (167 bytes)
BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes)
Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Win32/XP Pro SP3 (EN) x86 - Add new local administrator _secuid0_ Shellcode (113 bytes)
Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)
ARM - Bindshell port 0x1337 Shellcode
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
ARM - Bindshell Port 0x1337 Shellcode
OSX/Intel (x86-64) - setuid shell Shellcode (51 bytes)
OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)
Win32 - speaking Shellcode
Win32 - Speaking 'You got pwned!' Shellcode
BSD/x86 - 31337 portbind + fork Shellcode (111 bytes)
BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes)
Linux/x86 - netcat bindshell port 6666 Shellcode (69 bytes)
Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes)
Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)
Linux/MIPS - connect back Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)
Windows XP Pro SP3 - Full ROP calc Shellcode (428 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)
Windows RT ARM - Bind Shell (Port 4444) Shellcode
Windows RT ARM - Bind Shell Port 4444 Shellcode
Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows XP x86-64 - Download & execute Shellcode (Generator)
Windows XP x86-64 - Download & Execute Shellcode (Generator)
Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)
Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes)
Win32/XP SP3 - Create (_file.txt_) Shellcode (83 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)
OSX/x86-64 - /bin/sh Null Free Shellcode (34 bytes)
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)
OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes)
OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes)
Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)
Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes)
Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes)
Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)
Windows XP < 10 - WinExec Null-Free Shellcode (Python) (Generator)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes)
Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes)
Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)
Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes)
Linux/x86-64 - bindshell (Port 5600) Shellcode (81 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes)
Linux/x86-64 - bindshell (Port 5600) Shellcode (86 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes)
Linux/x86 - Bind TCP Port 1472 (IPv6) Shellcode (1250 bytes)
Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes)
Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)
Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes)
Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes)
Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)
Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes)
Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes)
Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)
Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes)
Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes)
Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes)
LogRhythm Network Monitor - Authentication Bypass / Command Injection
I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
2017-05-10 05:01:16 +00:00
Offensive Security
6f37b94a66
DB: 2017-05-09
...
5 new exploits
RPCBind / libtirpc - Denial of Service
Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH)
Xen 64bit PV Guest - pagetable use-after-type-change Breakout
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
2017-05-09 04:46:38 +00:00
Offensive Security
8f3ada9286
DB: 2017-05-05
...
3 new exploits
Internet Explorer 11 - CMarkup::DestroySplayTree Use-After-Free
Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-Free
Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free
WordPress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit
WordPress 2.6.1 - SQL Column Truncation Admin Takeover Exploit
WordPress Core & Plugins - Privileges Unchecked in admin.php / Multiple Information
WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures
WordPress 2.8.1 - (url) Cross-Site Scripting
WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 NS8.1)
WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-comments-post.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-feed.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-trackback.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-comments-post.php' Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-feed.php' Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-trackback.php' Remote File Inclusion
WordPress 2.x - PHP_Self Cross-Site Scripting
WordPress < 2.1.2 - PHP_Self Cross-Site Scripting
WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection
WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection
WordPress 4.6 - Unauthenticated Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
2017-05-05 05:01:18 +00:00
Offensive Security
6515e26356
DB: 2017-05-03
...
1 new exploits
MySQL <= 5.6.35 / <= 5.7.17 - Integer Overflow
MySQL < 5.6.35 / < 5.7.17 - Integer Overflow
Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit)
Tuleap Project Wiki 8.3 <= 9.6.99.86 - Command Injection
Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection
2017-05-03 05:01:17 +00:00
Offensive Security
4aa75d9fe9
DB: 2017-05-02
...
5 new exploits
MySQL <= 5.6.35 / <= 5.7.17 - Integer Overflow
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Privilege Escalation
HideMyAss Pro VPN Client for macOS 3.x - Privilege Escalation
Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities
Tuleap Project Wiki 8.3 <= 9.6.99.86 - Command Injection
2017-05-02 05:01:18 +00:00
Offensive Security
9e9bf495c2
DB: 2017-04-26
...
26 new exploits
PHP 5.4.0RC6 (x64t) - Denial of Service
PHP 5.4.0RC6 (x64) - Denial of Service
Evostream Media Server 1.7.1 (x64) - Denial of Service
PrivateTunnel Client 2.8 - Local Buffer Overflow (SEH)
VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Dmitry 1.3a - Local Buffer Overflow
Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Apple Safari - Array concat Memory Corruption
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free
VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation
Dell Customer Connect 1.3.28.0 - Privilege Escalation
LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation
Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit
Nginx 1.4.0 (Generic Linux x64) - Remote Exploit
Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution
Microsoft Office Word - Malicious Hta Execution (Metasploit)
WePresent WiPG-1000 - Command Injection (Metasploit)
OSX/Intel - setuid shell x86_64 Shellcode (51 bytes)
OSX/Intel (x86-64) - setuid shell Shellcode (51 bytes)
OSX/Intel (x86_64) - reverse_tcp shell Shellcode (131 bytes)
OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes)
Linux x86 / x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 / x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 / x86_64 - Read /etc/passwd Shellcode (156 bytes)
Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)
Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86-64 - Egghunter Shellcode (38 bytes)
Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery
WordPress Plugin KittyCatfish 2.2 - SQL Injection
WordPress Plugin Car Rental System 2.5 - SQL Injection
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection
WordPress Plugin Wow Forms 2.1 - SQL Injection
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE
Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection
October CMS 1.0.412 - Multiple Vulnerabilities
2017-04-26 05:01:18 +00:00
Offensive Security
ebb6cf8831
DB: 2017-04-24
...
2 new exploits
SquirrelMail < 1.4.22 - Remote Code Execution
Linux/x86 - Egg-hunter Shellcode (18 bytes)
2017-04-24 05:01:21 +00:00
Offensive Security
5386bd7110
DB: 2017-04-21
...
10 new exploits
Femitter FTP Server 1.03 - (RETR) Remote Denial of Service (PoC)
Femitter FTP Server 1.03 - 'RETR' Remote Denial of Service (PoC)
VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Microsoft Windows 10 10586 - IEETWCollector Arbitrary Directory/File Deletion Privilege Escalation
Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation
VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation
3proxy 0.5.3g (Linux) - proxy.c logurl() Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - proxy.c logurl() Remote Buffer Overflow
3proxy 0.5.3g - proxy.c logurl() Remote Overflow (exec-shield)
3proxy 0.5.3g (Linux) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g - (exec-shield) 'proxy.c' 'logurl()' Remote Overflow
3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)
Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripting
2017-04-21 05:01:18 +00:00
Offensive Security
3c86b861c2
DB: 2017-04-19
...
4 new exploits
Microsoft Windows - Uncredentialed SMB RCE (MS17-010) (Metasploit)
Microsoft Windows - Unauthenticated SMB Remote Code Execution (MS17-010) (Metasploit)
pinfo 0.6.9 - Local Buffer Overflow
Tenable Appliance < 4.5 - Unauthenticated Remote Root Code Execution
Microsoft Word - .RTF Remote Code Execution
Huawei HG532n - Command Injection (Metasploit)
2017-04-19 05:01:17 +00:00
Offensive Security
b725a55435
DB: 2017-04-16
...
1 new exploits
HP-UX B11.11 - /usr/bin/ct Local Format String Privilege Escalation
HP-UX B11.11 - '/usr/bin/ct' Format String Privilege Escalation
rsync 2.5.7 - Local Stack Overflow Privilege Escalation
rsync 2.5.7 - Stack Overflow Privilege Escalation
Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow Privilege Escalation
Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow Privilege Escalation
Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Local Kernel Mode Privilege Escalation
Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Kernel Mode Privilege Escalation
MSI - 'NTIOLib.sys' / 'WinIO.sys' Local Privilege Escalation
MSI - 'NTIOLib.sys' / 'WinIO.sys' Privilege Escalation
Linux Kernel UDEV < 1.4.1 - Netlink Privilege Escalation (Metasploit)
Linux Kernel UDEV < 1.4.1 - 'Netlink' Privilege Escalation (Metasploit)
Apache::Gallery 0.4/0.5/0.6 - Insecure Local File Storage Privilege Escalation
Apache::Gallery 0.4/0.5/0.6 - Insecure File Storage Privilege Escalation
Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow Privilege Escalation (1)
Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow Privilege Escalation (1)
Symantec Workspace Virtualization 6.4.1895.0 - Local Kernel Mode Privilege Escalation
Symantec Workspace Virtualization 6.4.1895.0 - Kernel Mode Privilege Escalation
Microsoft Windows - 'NDPROXY' Local SYSTEM Privilege Escalation (MS14-002)
Microsoft Windows - 'NDPROXY' SYSTEM Privilege Escalation (MS14-002)
Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation
Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation
Microsoft Windows - Local procedure Call (LPC) Privilege Escalation
Microsoft Windows - Local Procedure Call (LPC) Privilege Escalation
Symantec Encryption Desktop 10 - Local Buffer Overflow Privilege Escalation
Symantec Encryption Desktop 10 - Buffer Overflow Privilege Escalation
Wowza Streaming Engine 4.5.0 - Local Privilege Escalation
Wowza Streaming Engine 4.5.0 - Privilege Escalation
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
Linux Kernel 4.8.0 UDEV < 232 - Privilege Escalation
PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Local Kernel Exploit
PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Kernel Privilege Escalation
2017-04-16 05:01:17 +00:00
Offensive Security
aabd4b35b3
DB: 2017-04-14
...
12 new exploits
Microsoft Windows Kernel win32k.sys - Multiple Bugs in the NtGdiGetDIBitsInternal System Call
Microsoft Windows Kernel - 'win32kfull!SfnINLPUAHDRAWMENUITEM' Stack Memory Disclosure
PonyOS 3.0 - tty ioctl() Local Kernel Exploit
PonyOS 3.0 - TTY 'ioctl()' Local Kernel Exploit
Solaris 7 - 11 (x86 & SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation
Solaris 7 < 11 (x86 / SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation
GNS3 Mac OS-X 1.5.2 - 'ubridge' Privilege Escalation
PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Local Kernel Exploit
Adobe Creative Cloud Desktop Application <= 4.0.0.185 - Privilege Escalation
Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)
Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage Exploit
Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
Linux/x86-64 - execve(_/bin/sh_) Shellcode (31 bytes)
Coppermine Gallery < 1.5.44 - Directory Traversal Weaknesses
SedSystems D3 Decimator - Multiple Vulnerabilities
agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery
agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)
2017-04-14 05:01:15 +00:00
Offensive Security
814ba132f8
DB: 2017-04-12
...
18 new exploits
Apple WebKit - 'JSC::B3::Procedure::resetReachability' Use-After-Free
Apple WebKit - 'Document::adoptNode' Use-After-Free
Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow
Proxifier for Mac 2.18 - Multiple Vulnerabilities
Proxifier for Mac 2.17 / 2.18 - Privesc Escalation
Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout
Quest Privilege Manager 6.0.0 - Arbitrary File Write
Adobe Multiple Products - XML Injection File Content Disclosure
MyClassifiedScript 5.1 - SQL Injection
Social Directory Script 2.0 - SQL Injection
FAQ Script 3.1.3 - 'category_id' Parameter SQL Injection
WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection
MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting
MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal
Brother MFC-J6520DW - Authentication Bypass / Password Change
Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element
2017-04-12 05:01:16 +00:00
Offensive Security
6624e39c26
DB: 2017-04-05
...
31 new exploits
macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow
macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption
macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability
macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn
macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking
macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption
macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free
macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking
Broadcom Wi-Fi SoC - Heap Overflow in _wlc_tdls_cal_mic_chk_ Due to Large RSN IE in TDLS Setup Confirm Frame
Apple WebKit 10.0.2 - HTMLInputElement Use-After-Free
Apple WebKit - 'RenderLayer' Use-After-Free
Apple WebKit - Negative-Size memmove in HTMLFormElement
Apple WebKit - 'FormSubmission::create' Use-After-Free
Apple WebKit - 'ComposedTreeIterator::traverseNextInShadowTree' Use-After-Free
Apple WebKit - 'table' Use-After-Free
Apple WebKit - 'WebCore::toJS' Use-After-Free
macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device
Bluecoat ASG 6.6/CAS 1.3 - Privilege Escalation (Metasploit)
Bluecoat ASG 6.6/CAS 1.3 - OS Command Injection (Metasploit)
Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow Exploit
SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit)
Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit)
Broadcom Wi-Fi SoC - 'dhd_handle_swc_evt' Heap Overflow
Pixie 1.0.4 - Arbitrary File Upload
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
Apple WebKit 10.0.2(12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion
Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
Maian Uploader 4.0 - 'index.php' keywords Parameter Cross-Site Scripting
Maian Uploader 4.0 - admin/index.php keywords Parameter Cross-Site Scripting
Maian Uploader 4.0 - admin/inc/header.php Multiple Parameter Cross-Site Scripting
Maian Uploader 4.0 - 'keywords' Parameter Cross-Site Scripting
Maian Uploader 4.0 - 'index.php' Cross-Site Scripting
Maian Uploader 4.0 - 'header.php' Cross-Site Scripting
Maian Uploader 4.0 - 'user' Parameter SQL Injection
Maian Survey 1.1 - 'survey' Parameter SQL Injection
Maian Greetings 2.1 - 'cat' Parameter SQL Injection
2017-04-05 05:01:18 +00:00
Offensive Security
8ce122cbaf
DB: 2017-04-04
...
3 new exploits
BackBox OS - Denial of Service
Apache Tomcat 6/7/8/9 - Information Disclosure
Zyxel_ EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection
2017-04-04 05:01:25 +00:00
Offensive Security
0320cba051
DB: 2017-04-02
...
6 new exploits
Microsoft Internet Explorer 11 - Crash PoC (1)
Microsoft Internet Explorer 11 - Crash (PoC) (1)
Microsoft Windows SQL Server - Denial of Service Remote Exploit (MS03-031)
Microsoft Windows SQL Server - Remote Denial of Service (MS03-031)
Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow PoC (MS03-046)
Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (PoC) (MS03-046)
Microsoft Windows - MSDTC Service Remote Memory Modification PoC (MS05-051)
Microsoft Windows - MSDTC Service Remote Memory Modification (PoC) (MS05-051)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (1)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1)
Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (1)
Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (1)
Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (3)
Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (3)
Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (2)
Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (2)
Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC (Metasploit)
Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)
Microsoft Windows - DNS Resolution Remote Denial of Service PoC (MS06-041)
Microsoft Windows - DNS Resolution Remote Denial of Service (PoC) (MS06-041)
Microsoft Excel - Malformed Palette Record Denial of Service PoC (MS07-002)
Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002)
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow PoCs
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs)
Visual Basic - 'vbe6.dll' Local Stack Overflow PoC / Denial of Service
Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service
freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC)
Microsoft Internet Explorer GDI+ - PoC (MS08-052)
Microsoft Internet Explorer GDI+ - (PoC) (MS08-052)
Microsoft Windows - GDI+ PoC (MS08-052) (2)
Microsoft Windows - GDI+ (PoC) (MS08-052) (2)
Microsoft Windows - InternalOpenColorProfile Heap Overflow PoC (MS08-046)
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption PoC/Denial of Service
Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service
Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray)
Apple Safari - 'ARGUMENTS' Array Integer Overflow (PoC) (New Heap Spray)
Adobe Acrobat Reader - JBIG2 Local Buffer Overflow PoC (2)
Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC) (2)
eZip Wizard 3.0 - Local Stack Buffer Overflow PoC (SEH)
eZip Wizard 3.0 - Local Stack Buffer Overflow (PoC) (SEH)
Chasys Media Player 1.1 - '.pls' Local Buffer Overflow PoC (SEH)
Chasys Media Player 1.1 - '.pls' Local Buffer Overflow (PoC) (SEH)
Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (1)
Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (1)
Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (2)
Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (2)
Microsoft Internet Explorer - EMBED Memory Corruption PoC (MS09-014)
Microsoft Internet Explorer - EMBED Memory Corruption (PoC) (MS09-014)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow PoCs
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs)
AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow PoC (SEH)
AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow (PoC) (SEH)
MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC
MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs)
JetAudio 7.5.3 COWON Media Center - '.wav' Crash
Streaming Audio Player 0.9 - (skin) Local Stack Overflow PoC (SEH)
Soritong MP3 Player 1.0 - (SKIN) Local Stack Overflow PoC (SEH)
Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (PoC) (SEH)
Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH)
Tuniac 090517c - '.m3u' Local File Crash (PoC)
HTML Email Creator & Sender 2.3 - Local Buffer Overflow PoC (SEH)
HTML Email Creator & Sender 2.3 - Local Buffer Overflow (PoC) (SEH)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (1)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (2)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (1)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (2)
BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow PoC (2)
BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow (PoC) (2)
Eureka Email Client 2.2q - PoC Buffer Overflow
Eureka Email Client 2.2q - Buffer Overflow (PoC)
Microsoft Windows 7 / Server 2008 R2 - Remote Kernel Crash
Microsoft Windows 7 / 2008 R2 - Remote Kernel Crash
Picpuz 2.1.1 - Buffer Overflow Denial of Service/PoC
Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC)
Total MultiMedia Features - Denial of Service PoC for Sony Ericsson Phones
Total MultiMedia Features - Sony Ericsson Phones Denial of Service (PoC)
Mozilla Firefox 3.6 - (XML parser) Memory Corruption PoC/Denial of Service
Mozilla Firefox 3.6 - (XML parser) Memory Corruption (PoC) / Denial of Service
iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service/PoC
iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service (PoC)
RCA DCM425 Cable Modem - micro_httpd Denial of Service/PoC
RCA DCM425 Cable Modem - 'micro_httpd' Denial of Service (PoC)
Free MP3 CD Ripper 2.6 - '.wav' PoC
Free MP3 CD Ripper 2.6 - '.wav' (PoC)
Anyzip 1.1 - '.zip' PoC (SEH)
Anyzip 1.1 - '.zip' (PoC) (SEH)
Microsoft Windows - SMB Client-Side Bug PoC (MS10-006)
Microsoft Windows - SMB Client-Side Bug (PoC) (MS10-006)
Webby WebServer - PoC SEH control
Webby WebServer - SEH Control (PoC)
FreeBSD 8.0 ftpd - off-by one PoC (FreeBSD-SA-10:05)
FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off- By One (PoC)
Microsoft Windows Vista/Server 2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
AoAAudioExtractor 2.0.0.0 - ActiveX PoC (SEH)
AoAAudioExtractor 2.0.0.0 - ActiveX (PoC) (SEH)
Mozilla Firefox - Memory Corruption PoC (Simplified)
Mozilla Firefox - (Simplified) Memory Corruption (PoC)
Microsoft Windows - Win32k Pointer Dereferencement PoC (MS10-098)
Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098)
Elecard MPEG Player 5.7 - Local Buffer Overflow PoC (SEH)
Elecard MPEG Player 5.7 - Local Buffer Overflow (PoC) (SEH)
Microsoft Windows XP - WmiTraceMessageVa Integer Truncation PoC (MS11-011)
Microsoft Windows XP - WmiTraceMessageVa Integer Truncation (PoC) (MS11-011)
Real player 14.0.2.633 - Buffer Overflow / Denial of ServiceExploit
Real player 14.0.2.633 - Buffer Overflow / Denial of Service
IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - '.ICO' With Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - '.ICO' Without Transparent Colour Denial of Service / Remote Denial of Service
Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel Denial of Service
Microsoft Windows Vista/2008 - 'nsiproxy.sys' Local Kernel Denial of Service
D-Link DSL-2650U - Denial of Service/PoC
D-Link DSL-2650U - Denial of Service (PoC)
Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun PoC (MS11-077)
Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun (PoC) (MS11-077)
Opera 11.52 - PoC Denial of Service
Opera 11.52 - Denial of Service (PoC)
Microsoft Win32k - Null Pointer De-reference PoC (MS11-077)
Microsoft Win32k - Null Pointer De-reference (PoC) (MS11-077)
Microsoft Windows - 'afd.sys' PoC (MS11-046)
Microsoft Windows - 'afd.sys' (PoC) (MS11-046)
Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (MS12-034)
Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE (PoC) (MS12-034)
Wyse - Machine Remote Power off (DOS) without any Privilege (Metasploit)
Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit)
Microsoft Windows Server 2000/NT 4.0 - TCP/IP Printing Service Denial of Service
Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service
Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (PoC)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5)
Microsoft Windows Server 2000/NT - Terminal Server Service RDP Denial of Service
Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service
Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (1)
Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (2)
Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1)
Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2)
Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft PoCket Internet Explorer 3.0 - Denial of Service
Microsoft Pocket Internet Explorer 3.0 - Denial of Service
Microsoft Windows - HWND_BROADCAST PoC (MS13-005)
Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005)
Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash PoC
Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash (PoC)
Apple Safari 3 for Windows - Document.Location Denial of Service
Apple Safari 3 for Windows - 'Document.Location' Denial of Service
PotPlayer 1.5.42509 Beta - Denial of Service (Integer Division by Zero Exploit)
PotPlayer 1.5.42509 Beta - Integer Division by Zero Denial of Service
Apple Safari 3.0.x - for Windows Document.Location.Hash Buffer Overflow
Apple Safari 3.0.x for Windows - 'Document.Location.Hash' Buffer Overflow
Android Web Browser - GIF File Heap Based Buffer Overflow
Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow
Android Web Browser - BMP File Integer Overflow
Google Android Web Browser - '.BMP' File Integer Overflow
Gold MP4 Player 3.3 - Buffer Overflow PoC (SEH)
Gold MP4 Player 3.3 - Buffer Overflow (PoC) (SEH)
Microsoft Windows Server 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service
Microsoft Windows Vista/2003 - 'UnhookWindowsHookEx' Local Denial of Service
Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035)
Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035)
Microsoft Internet Explorer - Memory Corruption PoC (MS14-029)
Microsoft Internet Explorer - Memory Corruption (PoC) (MS14-029)
UniPDF 1.1 - Crash (PoC) (SEH)
Brasero CD/DVD Burner 3.4.1 - '.m3u' Buffer Overflow Crash (PoC)
Microsoft Windows - 'HTTP.sys' PoC (MS15-034)
Microsoft Windows - 'HTTP.sys' (PoC) (MS15-034)
UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC)
Microsoft Internet Explorer 11 - Crash PoC (2)
Microsoft Internet Explorer 11 - Crash (PoC) (2)
Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow
Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow
QNX RTOS 6.3.0 - Insecure rc.local Permissions Plus System Crash
QNX RTOS 6.3.0 - Insecure 'rc.local' Permissions System Crash / Privilege Escalation
Microsoft Windows - NtClose DeadLock PoC (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030)
Microsoft Windows - NtClose DeadLock (PoC) (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation (PoC) (MS06-030)
PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - zip:// URL Wrapper Buffer Overflow
PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - 'zip://' URL Wrapper Buffer Overflow
Apache Tomcat (Windows) - runtime.getRuntime().exec() Privilege Escalation
Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Privilege Escalation
Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow PoC (SEH)
Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow (PoC) (SEH)
Streaming Audio Player 0.9 - (skin) Local Stack Overflow (SEH)
Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (SEH)
Tuniac 090517c - '.m3u' Local File Crash (PoC)
Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (1)
Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit)
Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (1)
Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit)
Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3)
Microsoft HTML Help Workshop 4.74 - '.hhp' Index Buffer Overflow (Metasploit) (3)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (2)
Microsoft HTML Help Workshop 4.74 - '.hhp' Cotent Buffer Overflow (Metasploit) (2)
Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (2)
Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (2)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4)
Microsoft HTML Help Workshop 4.74 - '.hhp' compiled Buffer Overflow (Metasploit) (4)
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (without egg-hunter) (Metasploit)
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without Egg-Hunter) (Metasploit)
PHP 5.3.6 - Buffer Overflow PoC (ROP)
PHP 5.3.6 - Buffer Overflow (ROP) (PoC)
Microsoft Windows Server 2000/NT 4 - DLL Search Path
Microsoft Windows NT 4/2000 - DLL Search Path
Microsoft Windows Server 2000/NT 4 - NTFS File Hiding
Microsoft Windows NT 4/2000 - NTFS File Hiding
Microsoft Windows Server 2000/NT 4.0 - Process Handle Local Privilege Elevation
Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (1)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (2)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (3)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (4)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (5)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (6)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (7)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (8)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8)
Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (1)
Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (2)
Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1)
Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2)
Microsoft Windows Server 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows Server 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation
PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_parameters' Argument Arbitrary File Creation
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Microsoft Windows Server 2003/2008/XP/Vista - WMI Service Isolation Privilege Escalation
Microsoft Windows XP/Vista/2003/2008 - WMI Service Isolation Privilege Escalation
Adobe Reader for Android - addJavascriptInterface Exploit (Metasploit)
Adobe Reader for Android - 'addJavascriptInterface' Exploit (Metasploit)
UniPDF 1.1 - Crash PoC (SEH overwritten)
Brasero CD/DVD Burner 3.4.1 - 'm3u' Buffer Overflow Crash (PoC)
UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC)
Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass PoC (MS15-052)
Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052)
Android - get_user/put_user Exploit (Metasploit)
Google Android - get_user/put_user Exploit (Metasploit)
Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell)
Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell)
Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#)
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#)
Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (2)
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)
MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit)
ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (1)
Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit)
Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (1)
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit)
Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit)
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2)
Ultr@VNC 1.0.1 - client Log::ReallyPrint Buffer Overflow
Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow
Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow (Metasploit)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (1)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (1)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit)
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2)
Microsoft Internet Explorer 7 - Arbitrary File Rewrite PoC (MS07-027)
Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (1)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit)
ImageStation - 'SonyISUpload.cab 1.0.0.38' ActiveX Buffer Overflow
ImageStation - 'SonyISUpload.cab' 1.0.0.38 ActiveX Buffer Overflow
IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow
Microsoft XML Core Services DTD - Cross-Domain Scripting PoC (MS08-069)
Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069)
Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption PoC (MS09-002)
Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002)
Apple Mac OSX - Java applet Remote Deserialization Remote PoC (2)
Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2)
Microsoft Windows live messenger plus! fileserver 1.0 - Directory Traversal
Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal
JetAudio 7.5.3 COWON Media Center - '.wav' Crash
DistCC Daemon - Command Execution (Metasploit) (1)
DistCC Daemon - Command Execution (Metasploit)
Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit)
mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit)
Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit)
mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit)
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (1)
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit)
Veritas NetBackup - Remote Command Execution (Metasploit) (1)
Veritas NetBackup - Remote Command Execution (Metasploit)
Pegasus Mail Client 4.51 - PoC Buffer Overflow
Pegasus Mail Client 4.51 - Buffer Overflow (PoC)
Irix LPD tagprinter - Command Execution (Metasploit) (1)
Irix LPD tagprinter - Command Execution (Metasploit)
Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (1)
Xtacacsd 4.1.2 - 'report()' Buffer Overflow (Metasploit)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (1)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)
Tandberg E & EX & C Series Endpoints - Default Credentials for Root Account
Tandberg E & EX & C Series Endpoints - Default Root Account Credentials
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (2)
Veritas NetBackup - Remote Command Execution (Metasploit) (2)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (2)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (2)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (1)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (2)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (1)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (2)
httpdx - tolog() Function Format String (Metasploit) (1)
httpdx - 'tolog()' Function Format String (Metasploit) (1)
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1)
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit)
httpdx - tolog() Function Format String (Metasploit) (2)
httpdx - 'tolog()' Function Format String (Metasploit) (2)
Irix LPD tagprinter - Command Execution (Metasploit) (2)
Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (2)
DistCC Daemon - Command Execution (Metasploit) (2)
HP Data Protector Client 6.11 - EXEC_SETUP Remote Code Execution PoC (ZDI-11-056)
HP Data Protector Client 6.11 - EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC)
HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC)
Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (1)
Mozilla Firefox 3.6.16 (Windows) - mChannel Use-After-Free (Metasploit) (1)
Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit)
Opera 10/11 - Bad Nesting with Frameset Tag Memory Corruption (Metasploit)
Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (2)
Mozilla Firefox 3.6.16 (OSX) - mChannel Use-After-Free (Metasploit) (2)
HP SiteScope - Remote Code Execution (Metasploit) (1)
HP SiteScope (Linux/Windows) - Remote Code Execution (Metasploit)
Microsoft Windows Server 2000/NT 4/XP - Help Facility ActiveX Control Buffer Overflow
Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow
Microsoft Windows Server 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow
Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow
thttpd 2.2x - defang Remote Buffer Overflow
thttpd 2.2x - 'defang' Remote Buffer Overflow
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (2)
Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit)
Dovecot with Exim - sender_address Parameter Remote Command Execution
Dovecot with Exim - 'sender_address' Parameter Remote Command Execution
HP SiteScope - Remote Code Execution (Metasploit) (2)
HP SiteScope (Windows) - Remote Code Execution (Metasploit)
Western Digital Arkeia - Remote Code Execution (Metasploit) (1)
Western Digital Arkeia < 10.0.10 - Remote Code Execution (Metasploit)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (2)
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (1)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
Western Digital Arkeia - Remote Code Execution (Metasploit) (2)
Western Digital Arkeia < 11.0.12 - Remote Code Execution (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1)
E-Uploader Pro 1.0 - Image Upload with Code Execution
E-Uploader Pro 1.0 - Image Upload / Code Execution
ASPapp Knowledge Base - 'CatId' Parameter SQL Injection
ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (1)
ASPapp KnowledgeBase - 'catid' Parameter SQL Injection
ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (2)
ea-gBook 0.1 - Remote Command Execution with Remote File Inclusion (c99)
ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion (c99)
Flatchat 3.0 - 'pmscript.php with' Local File Inclusion
Flatchat 3.0 - 'pmscript.php' Local File Inclusion
Joomla! Component huruhelpdesk - SQL Injection
Joomla! Component Huru Helpdesk - SQL Injection (1)
PGAUTOPro - SQL Injection / Cross-Site Scripting
PGAUTOPro - SQL Injection / Cross-Site Scripting (1)
Joomla! Component Huru Helpdesk - SQL Injection
Joomla! Component Huru Helpdesk - SQL Injection (2)
SoftwareDEP Classified Script 2.5 - SQL Injection
SoftwareDEP Classified Script 2.5 - SQL Injection (1)
WordPress Plugin pay with tweet 1.1 - Multiple Vulnerabilities
WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities
Software DEP Classified Script 2.5 - SQL Injection
SoftwareDEP Classified Script 2.5 - SQL Injection (2)
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (1)
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (2)
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1)
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2)
OnlineArts DailyDose 1.1 - Denial of Servicee.pl Remote Command Execution
OnlineArts DailyDose 1.1 - 'dose.pl' Remote Command Execution
PHPOpenChat 2.3.4/3.0.1 - PoC_loginform.php phpbb_root_path Parameter Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - PoC.php Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php' phpbb_root_path Parameter Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion
ActiveNews Manager - 'articleId' Parameter SQL Injection
ActiveNews Manager - 'articleId' Parameter SQL Injection (1)
Active News Manager - 'articleId' Parameter SQL Injection
ActiveNews Manager - 'articleId' Parameter SQL Injection (2)
Sagem Fast 3304-V2 - Authentication Bypass
Sagem Fast 3304-V2 - Authentication Bypass (1)
PG Auto Pro - SQL Injection / Cross-Site Scripting
PGAUTOPro - SQL Injection / Cross-Site Scripting (2)
Sagem FAST3304-V2 - Authentication Bypass
Sagem FAST3304-V2 - Authentication Bypass (2)
Trend Micro - Multiple HTTP Problems with CoreServiceShell.exe
Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues
phpATM 1.32 - Arbitrary File Upload / Remote Command Execution (Windows Servers)
phpATM 1.32 (Windows) - Arbitrary File Upload / Remote Command Execution
Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)
2017-04-02 05:01:18 +00:00
Offensive Security
6d17bc529d
DB: 2017-03-31
...
4 new exploits
dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow (PoC)
dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow (PoC)
Spider Solitaire - Denial of Service (PoC)
Spider Solitaire - Denial of Service (PoC)
Baby FTP Server 1.24 - Denial of Service
Baby FTP Server 1.24 - Denial of Service (1)
Baby FTP server 1.24 - Denial of Service
Baby FTP server 1.24 - Denial of Service (2)
Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation
Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation
Evostream Media Server 1.7.1 (x64) - Denial of Service
Evostream Media Server 1.7.1 (x64) - Denial of Service
Cerberus FTP Server 8.0.10.1 - Denial of Service
Cerberus FTP Server 8.0.10.1 - Denial of Service
Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
Solaris 10 sysinfo() - Local Kernel Memory Disclosure
Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1)
Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure
Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC)
Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC)
Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation
Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (1)
Forticlient 5.2.3 Windows 10 x64 (Pre Anniversary) - Privilege Escalation
Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Privilege Escalation
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation
Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation
Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation
Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (2)
Yahoo! Music Jukebox 2.2 - AddImage() ActiveX Remote Buffer Overflow (1)
Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (1)
dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow
dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow
Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (1)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2)
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1)
Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2)
Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2)
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2)
D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (2)
D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit)
D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (1)
D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit)
Azure Data Expert Ultimate 2.2.16 - Buffer Overflow
Azure Data Expert Ultimate 2.2.16 - Buffer Overflow
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1)
Article Script 1.6.3 - 'rss.php' SQL Injection (1)
Article Script 1.6.3 - 'rss.php' SQL Injection
DBHcms 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - 'code' Remote File Inclusion
LaserNet CMS 1.5 - SQL Injection (2)
LaserNet CMS 1.5 - SQL Injection
Clever Copy 3.0 - 'postview.php' SQL Injection (1)
Clever Copy 3.0 - 'postview.php' SQL Injection
phpAuction - 'profile.php' SQL Injection
phpAuction - 'profile.php' SQL Injection (1)
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (1)
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (2)
Matterdaddy Market 1.1 - Multiple SQL Injections (1)
Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections
PHPWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection (1)
PHPWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection (2)
Zeeways Shaadi Clone 2.0 - Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass (1)
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1)
DBHcms 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - 'dbhcms_core_dir' Remote File Inclusion
E-book Store - Multiple Vulnerabilities (1)
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)
E-book Store - Multiple Vulnerabilities (2)
E-book Store - Multiple Vulnerabilities
Classifieds Script - SQL Injection
Classifieds Script - 'rate' SQL Injection
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (2)
DBHcms 1.1.4 - SQL Injection
DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection
LaserNet CMS 1.5 - SQL Injection (1)
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (2)
Article Script 1.6.3 - 'rss.php' SQL Injection (2)
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (1)
Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (1)
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (2)
Fonality trixbox 2.4.2 - Cross-Site Scripting
Fonality trixbox 2.4.2 - Cross-Site Scripting (1)
Fonality trixbox 2.4.2 - Cross-Site Scripting (2)
Clever Copy 3.0 - 'postview.php' SQL Injection (2)
phpAuction - 'profile.php' SQL Injection
phpAuction - 'profile.php' SQL Injection (2)
Zeeways Shaadi Clone 2.0 - Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass (2)
DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2)
Matterdaddy Market 1.1 - Multiple SQL Injections (2)
Matterdaddy Market 1.1 - 'cat_name' Multiple SQL Injections
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)
Huawei Flybox B660 - Cross-Site Request Forgery
Huawei Flybox B660 - Cross-Site Request Forgery (1)
Huawei Flybox B660 - Cross-Site Request Forgery
Huawei Flybox B660 - Cross-Site Request Forgery (2)
Classifieds Script - SQL Injection
Classifieds Script - 'term' SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)
2017-03-31 05:01:16 +00:00
Offensive Security
8e03027ae5
DB: 2017-03-30
...
18 new exploits
FUSE fusermount Tool - Race Condition
Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure
Apache 2.2 - Scoreboard Invalid Free On Shutdown
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
FUSE fusermount Tool - Race Condition
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation
AUFS (Ubuntu 15.10) - 'allow_userns' Fuse/Xattr User Namespaces Privilege Escalation
Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation
Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation
NTP - Privilege Escalation
Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation
Disk Sorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow
DiskBoss Enterprise 7.8.16 - 'Import Command' Buffer Overflow
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow
Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH)
Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Just Dial Clone Script - 'fid' SQL Injection
Just Dial Clone Script - 'fid' Parameter SQL Injection
Just Dial Clone Script - 'srch' SQL Injection
Just Dial Clone Script - 'srch' Parameter SQL Injection
Opensource Classified Ads Script - 'keyword' Parameter SQL Injection
EyesOfNetwork (EON) 5.1 - SQL Injection
2017-03-30 05:01:15 +00:00
Offensive Security
1f8c35c0c0
DB: 2017-03-28
...
25 new exploits
Samba < 3.6.2 (x86) - Denial of Serviec (PoC)
Samba < 3.6.2 (x86) - Denial of Service (PoC)
Microsoft Visual Studio 2015 update 3 - Denial of Service
Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow
Apple Safari - 'DateTimeFormat.format' Type Confusion
Apple Safari - Builtin JavaScript Allows Function.caller to be Used in Strict Mode
Apple Safari - Out-of-Bounds Read when Calling Bound Function
QNAP QTS < 4.2.4 - Domain Privilege Escalation
Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
Github Enterprise - Default Session Secret And Deserialization (Metasploit)
B2B Alibaba Clone Script - SQL Injection
B2B Alibaba Clone Script - 'IndustryID' Parameter SQL Injection
Just Another Video Script 1.4.3 - SQL Injection
Adult Tube Video Script - SQL Injection
Alibaba Clone Script - SQL Injection
B2B Marketplace Script 2.0 - SQL Injection
Php Real Estate Property Script - SQL Injection
Courier Tracking Software 6.0 - SQL Injection
Parcel Delivery Booking Script 1.0 - SQL Injection
Delux Same Day Delivery Script 1.0 - SQL Injection
Hotel Booking Script 1.0 - SQL Injection
Tour Package Booking 1.0 - SQL Injection
Professional Bus Booking Script - 'hid_Busid' Parameter SQL Injection
CouponPHP CMS 3.1 - 'code' Parameter SQL Injection
EyesOfNetwork (EON) 5.0 - Remote Code Execution
EyesOfNetwork (EON) 5.0 - SQL Injection
Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution (Metasploit)
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
2017-03-28 05:01:16 +00:00
Offensive Security
570f8aec26
DB: 2017-03-25
...
6 new exploits
wifirxpower - Local Buffer Overflow
Miele Professional PG 8528 - Directory Traversal
NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow (Metasploit)
Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit)
Gr8 Tutorial Script - SQL Injection
Gr8 Gallery Script - SQL Injection
2017-03-25 05:01:17 +00:00
Offensive Security
3ad96f313d
DB: 2017-03-24
...
39 new exploits
Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection (Metasploit)
Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)
Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit)
Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) (Metasploit)
EMC Replication Manager < 5.3 - Command Execution (Metasploit)
MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)
Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070) (Metasploit)
CA Arcserve D2D - GWT RPC Credential Information Disclosure (Metasploit)
Lenovo System Update - Privilege Escalation (Metasploit)
Firebird - Relational Database CNCT Group Number Buffer Overflow (Metasploit)
HP Intelligent Management Center < 5.0 E0102 - UAM Buffer Overflow (Metasploit)
VMware Host Guest Client Redirector - DLL Side Loading (Metasploit)
CADA 3S CoDeSys Gateway Server - Directory Traversal (Metasploit)
MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit)
SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit)
Ceragon FibeAir IP-10 - SSH Private Key Exposure (Metasploit)
ExaGrid - Known SSH Key and Default Password (Metasploit)
GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)
Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit)
SSH - User Code Execution (Metasploit)
Redmine SCM Repository - Arbitrary Command Execution (Metasploit)
Linux/x86 - Bind Shell Shellcode (42 bytes)
Linux/x86 - Bind Shell Shellcode (44 bytes)
Joomla! Component Modern Booking 1.0 - 'coupon' Parameter SQL Injection
Flippa Clone - SQL Injection
Centreon < 2.5.1 / Centreon Enterprise Server < 2.2 - SQL Injection / Command Injection (Metasploit)
D-Link/TRENDnet - NCC Service Command Injection (Metasploit)
Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)
MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'license.php' Remote Command Execution (Metasploit)
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'welcome' Remote Command Execution (Metasploit)
PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit)
SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)
WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - Unauthenticated File Upload (Metasploit)
SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)
WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)
Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)
2017-03-24 05:01:16 +00:00
Offensive Security
93635f1158
DB: 2017-03-22
...
1 new exploits
Joomla! Component Extra Search 2.2.8 - 'establename' Parameter SQL Injection
2017-03-22 05:01:16 +00:00
Offensive Security
07432556e0
DB: 2017-03-21
...
26 new exploits
FTPShell Client 6.53 - Local Buffer Overflow
FTPShell Client 6.53 - 'Session name' Local Buffer Overflow
FTPShell Server 6.56 - 'ChangePassword' Buffer Overflow
ExtraPuTTY 0.29-RC2 - Denial of Service
Google Nest Cam 5.2.1
- Buffer Overflow Conditions Over Bluetooth LE
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)
Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Buffer Overflow in 'USP10!FillAlternatesList' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011)
Microsoft GDI+ - 'gdiplus!GetRECTSForPlayback' Out-of-Bounds Read (MS17-013)
Microsoft Color Management Module 'icm32.dll' - 'icm32!Fill_ushort_ELUTs_from_lut16Tag' Out-of-Bounds Read (MS17-013)
Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)
Microsoft Color Management Module 'icm32.dll' - 'icm32!LHCalc3toX_Di16_Do16_Lut8_G32' Out-of-Bounds Read (MS17-013)
Mozilla Firefox - 'table' Use-After-Free
Microsoft Internet Explorer - 'textarea.defaultValue' Memory Disclosure (MS17-006)
HttpServer 1.0 - Directory Traversal
Cobbler 2.8.0 - Authenticated Remote Code Execution
Joomla! Component JooCart 2.x - 'product_id' Parameter SQL Injection
Joomla! Component jCart for OpenCart 2.0 - 'product_id' Parameter SQL Injection
phplist 3.2.6 - SQL Injection
D-Link DGS-1510 - Multiple Vulnerabilities
2017-03-21 05:01:17 +00:00
Offensive Security
66117c63f5
DB: 2017-03-16
...
16 new exploits
Adobe Flash - Metadata Parsing Out-of-Bounds Read
Adobe Flash - MovieClip Attach init Object Use-After-Free
Adobe Flash - ATF Thumbnailing Heap Overflow
Adobe Flash - ATF Planar Decompression Heap Overflow
Adobe Flash - AVC Header Slicing Heap Overflow
Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow
USBPcap - Privilege Escalation
USBPcap 1.1.0.0 (WireShark 2.2.5) - Privilege Escalation
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation
Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)
Cisco Firepower Management Console 6.0 - Post Authentication UserAdd
Cisco Firepower Management Console 6.0 - Post Authentication UserAdd (Metasploit)
IBM WebSphere - RCE Java Deserialization (Metasploit)
Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit)
Joomla! Component Vik Appointments 1.5 - SQL Injection
Joomla! Component Vik Rent Items 1.3 - SQL Injection
Joomla! Component Vik Rent Car 1.11 - SQL Injection
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution
Steam Profile Integration 2.0.11 - SQL injection
Sitecore CMS 8.1 Update-3 - Cross-Site Scripting
2017-03-16 05:01:20 +00:00
Offensive Security
8359f0a6a2
DB: 2017-03-14
...
5 new exploits
Cerberus FTP Server 8.0.10.1 - Denial of Service
VirtualBox - Cooperating VMs can Escape from Shared Folder
Netgear R7000 and R6400 - cgi-bin Command Injection (Metasploit)
Car Workshop System - SQL Injection
Fiyo CMS 2.0.6.1 - Privilege Escalation
2017-03-14 05:01:18 +00:00
Offensive Security
6e7ec5be32
DB: 2017-03-10
...
20 new exploits
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service
Apache Struts2 - Skill Name Remote Code Execution
Apache Struts 2 - Skill Name Remote Code Execution
Linux - Reverse Shell Shellcode (65 bytes)
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)
Linux - TCP Reverse Shell Shellcode (65 bytes)
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)
Windows x86 - Executable Directory Search Shellcode (130 bytes)
Apache Struts2 < 2.3.1 - Multiple Vulnerabilities
Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities
Country on Sale Script - SQL Injection
Media Search Engine Script - 'search' Parameter SQL Injection
Soundify 1.1 - 'tid' Parameter SQL Injection
BistroStays 3.0 - 'guests' Parameter SQL Injection
Nlance 2.2 - SQL Injection
Busewe 1.2 - SQL Injection
Fashmark 1.2 - 'category' Parameter SQL Injection
TradeMart 1.1 - SQL Injection
Drupal 7.x Module Services - Remote Code Execution
WordPress Plugin Mac Photo Gallery 3.0 - Arbitrary File Download
WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection
WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download
WordPress Plugin PICA Photo Gallery 1.0 - SQL Injection
Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution
FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery
2017-03-10 05:01:18 +00:00
Offensive Security
06a7933be4
DB: 2017-03-09
...
8 new exploits
USBPcap - Privilege Escalation
Linux - Reverse Shell Shellcode (66 bytes)
Linux - Reverse Shell Shellcode (65 bytes)
Themeforest Clone Script - SQL Injection
Graphicriver Clone Script - SQL Injection
Codecanyon Clone Script - SQL Injection
Audiojungle Clone Script - SQL Injection
Videohive Clone Script - SQL Injection
Envato Clone Script - SQL Injection
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
2017-03-09 05:01:19 +00:00
Offensive Security
7fa7a111c4
DB: 2017-03-01
...
5 new exploits
BlueIris 4.5.1.4 - Denial of Service
Synchronet BBS 3.16c - Denial of Service
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Privilege Escalation
Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery
2017-03-01 05:01:18 +00:00
Offensive Security
3f1035a488
DB: 2017-02-27
...
2 new exploits
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation
2017-02-27 05:01:20 +00:00
Offensive Security
3710b90d25
DB: 2017-02-24
...
6 new exploits
macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read
Linux/x86-64 - Egghunter Shellcode (38 bytes)
WordPress Plugin Mail Masta 1.0 - SQL Injection
Joomla! Component Store for K2 3.8.2 - SQL Injection
Joomla! Component UserExtranet 1.3.1 - SQL Injection
Joomla! Component MultiTier 3.1 - SQL Injection
2017-02-24 05:01:18 +00:00
Offensive Security
c7c1c7d92e
DB: 2017-02-23
...
13 new exploits
EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)
EasyCom For PHP 4.0.0 - Denial of Service
Google Chrome - 'layout' Out-of-Bounds Read
Shutter 0.93.1 - Code Execution
DiskSavvy Enterprise - GET Buffer Overflow (Metasploit)
Disk Savvy Enterprise - GET Buffer Overflow (Metasploit)
Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH)
Joomla! Component ContentMap 1.3.8 - 'contentid' Parameter SQL Injection
Joomla! Component VehicleManager 3.9 - SQL Injection
Joomla! Component RealEstateManager 3.9 - SQL Injection
Joomla! Component BookLibrary 3.6.1 - SQL Injection
Joomla! Component MediaLibrary Basic 3.5 - SQL Injection
Lock Photos Album&Videos Safe 4.3 - Directory Traversal
ProjectSend r754 - Insecure Direct Object Reference
Teradici Management Console 2.2.0 - Privilege Escalation
2017-02-23 05:01:18 +00:00
Offensive Security
ae0dd9fa7c
DB: 2017-02-20
...
14 new exploits
Linux - Reverse Shell Shellcode (66 bytes)
Joomla! Component com_Joomlaoc - 'id' SQL Injection
Joomla! Component Joomloc 1.0 - 'id' Parameter SQL Injection
Joomla! Component com_awdwall 1.5.4 - Local File Inclusion / SQL Injection
Joomla! Component AWDwall 1.5.4 - Local File Inclusion / SQL Injection
Joomla! Component 'com_osproperty' 2.0.2 - Unrestricted Arbitrary File Upload
Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload
Horde 3.3.5 - Administration Interface admin/PHPshell.php PATH_INFO Parameter Cross-Site Scripting
Horde 3.3.5 - Cross-Site Scripting
Joomla! Component Joomloc-CAT 4.1.3 - 'ville' Parameter SQL Injection
Joomla! Component Joomloc-Lite 1.3.2 - 'site_id' Parameter SQL Injection
Joomla! Component JomWALL 4.0 - 'wuid' Parameter SQL Injection
Joomla! Component OS Property 3.0.8 - SQL Injection
Joomla! Component EShop 2.5.1 - 'id' Parameter SQL Injection
Joomla! Component OS Services Booking 2.5.1 - SQL Injection
Joomla! Component Room Management 1.0 - SQL Injection
Joomla! Component Bazaar Platform 3.0 - SQL Injection
Joomla! Component Google Map Store Locator 4.4 - SQL Injection
Joomla! Component Most Wanted Real Estate 1.1.0 - SQL Injection
NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution
Sawmill Enterprise 8.7.9 - Authentication Bypass
PHPShell 2.4 - Session Fixation
2017-02-20 05:01:17 +00:00
Offensive Security
2f2ccec5c2
DB: 2017-02-17
...
8 new exploits
Linux - Dual/Multi mode Bind Shell Shellcode (156 bytes)
Joomla! Component 'com_spidercalendar' - SQL Injection
Joomla! Component Spider Calendar - SQL Injection
Joomla! Component 'com_spidercatalog' - 'Product_ID' Parameter SQL Injection
Joomla! Component Spider Catalog 1.1 - 'Product_ID' Parameter SQL Injection
Joomla! Component 'com_spidercalendar' - 'date' Parameter Blind SQL Injection
Joomla! Component Spider Calendar - 'date' Parameter Blind SQL Injection
Joomla! Component 'com_spidercalendar' 3.2.6 - SQL Injection
Joomla! Component Spider Calendar 3.2.6 - SQL Injection
Joomla! Component 'com_spidercontacts' 1.3.6 - 'contacts_id' Parameter SQL Injection
Joomla! Component Spider Contacts 1.3.6 - 'contacts_id' Parameter SQL Injection
Joomla! Component 'com_spiderfaq' - SQL Injection
Joomla! Component Spider FAQ - SQL Injection
Joomla! Component Spider Calendar Lite 3.2.16 - SQL Injection
Joomla! Component Spider Catalog Lite 1.8.10 - SQL Injection
Joomla! Component Spider Facebook 1.6.1 - SQL Injection
Joomla! Component Spider FAQ Lite 1.3.1 - SQL Injection
WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting
dotCMS 3.6.1 - Blind Boolean SQL Injection
Joomla! Component JEmbedAll 1.4 - SQL Injection
2017-02-17 05:01:19 +00:00
Offensive Security
2f4b2745b1
DB: 2017-02-15
...
11 new exploits
Linux Kernel 3.10.0 (CentOS7) - Denial of Service
LG G4 - lgdrmserver Binder Service Multiple Race Conditions
LG G4 - lghashstorageserver Directory Traversal
LG G4 - Touchscreen Driver write_log Kernel Read/Write
Google Android - Inter-process munmap in android.util.MemoryIntArray
Google Android - android.util.MemoryIntArray Ashmem Race Conditions
Microsoft Edge - TypedArray.sort Use-After-Free (MS16-145)
ShadeYouVPN Client 2.0.1.11 - Privilege Escalation
ntfs-3g - Unsanitized modprobe Environment Privilege Escalation
MLdonkey 2.9.7 - HTTP DOUBLE SLASH Arbitrary File Disclosure
MLdonkey 2.9.7 - Arbitrary File Disclosure
Mldonkey 2.5 -4 - Web Interface Error Message Cross-Site Scripting
MLdonkey 2.5-4 - Cross-Site Scripting
Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit)
Joomla! Component NeoRecruit 1.4 - 'id' SQL Injection
Joomla! Component NeoRecruit 1.4 - 'id' Parameter SQL Injection
taifajobs 1.0 - (jobid) SQL Injection
taifajobs 1.0 - 'jobid' Parameter SQL Injection
Pyrophobia 2.1.3.1 - modules/out.php id Parameter Cross-Site Scripting
Pyrophobia 2.1.3.1 - admin/index.php Multiple Parameter Traversal Arbitrary File Access
Pyrophobia 2.1.3.1 - Cross-Site Scripting
Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access
Itech B2B Script 4.29 - Multiple Vulnerabilities
2017-02-15 05:01:16 +00:00
Offensive Security
8b6bfd7f93
DB: 2017-02-13
...
19 new exploits
Cimetrics BACstac 6.2f - Privilege Escalation
Cimetrics BACnet Explorer 4.0 - XML External Entity Injection
SonicDICOM PACS 2.3.2 - Cross-Site Scripting
SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)
SonicDICOM PACS 2.3.2 - Privilege Escalation
Kodi 17.1 - Arbitrary File Disclosure
WhizBiz 1.9 - SQL Injection
TI Online Examination System 2.0 - SQL Injection
Viavi Real Estate - SQL Injection
Viavi Movie Review - 'id' Parameter SQL Injection
Viavi Product Review - 'id' Parameter SQL Injection
Quadz School Management System 3.1 - 'uisd' Parameter SQL Injection
Domains & Hostings Manager PRO 3.0 - 'entries' Parameter SQL Injection
Joomla! Component onisPetitions 2.5 - 'tag' Parameter SQL Injection
Joomla! Component onisQuotes 2.5 - 'tag' Parameter SQL Injection
Joomla! Component onisMusic 2 - 'tag' Parameter SQL Injection
Joomla! Component Sponsor Wall 7.0 - 'wallid' Parameter SQL Injection
Joomla! Component Vik Booking 1.7 - SQL Injection
Joomla! Component Soccer Bet 4.1.5 - 'cat' Parameter SQL Injection
2017-02-13 05:01:18 +00:00
Offensive Security