exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	117f75fdfc	DB: 2017-06-13 5 new exploits GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution Easy File Sharing Web Server 7.2 - Authentication Bypass	2017-06-13 05:01:23 +00:00
Offensive Security	fbe517f675	DB: 2017-06-10 6 new exploits Mapscrn 2.03 - Local Buffer Overflow libcroco 0.6.12 - Denial of Service libquicktime 1.2.4 - Denial of Service Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition Apple macOS - Disk Arbitration Daemon Race Condition Craft CMS 2.6 - Cross-Site Scripting	2017-06-10 05:01:19 +00:00
Offensive Security	bed1811f1d	DB: 2017-06-09 4 new exploits Linux Kernel - 'ping' Local Denial of Service VMware Workstation 12 Pro - Denial of Service Net Monitor for Employees Pro < 5.3.4 - Unquoted Service Path Privilege Escalation Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)	2017-06-09 05:01:17 +00:00
Offensive Security	b002e06bf6	DB: 2017-06-08 9 new exploits Linux Kernel - 'ping' Local Denial of Service Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption Artifex MuPDF - Null Pointer Dereference Artifex MuPDF mujstest 1.10a - Null Pointer Dereference DC/OS Marathon UI - Docker Exploit (Metasploit) Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting Xavier 2.4 - SQL Injection Robert 0.5 - Multiple Vulnerabilities	2017-06-08 05:01:17 +00:00
Offensive Security	cd6e21e600	DB: 2017-06-06 11 new exploits Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow DNSTracer 1.8.1 - Buffer Overflow Parallels Desktop - Virtual Machine Escape Subsonic 6.1.1 - XML External Entity Injection BIND 9.10.5 - Unquoted Service Path Privilege Escalation Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution Subsonic 6.1.1 - Cross-Site Request Forgery Subsonic 6.1.1 - Server-Side Request Forgery Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting	2017-06-06 05:01:15 +00:00
Offensive Security	42e94b4366	DB: 2017-06-05 26 new exploits Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files Microsoft MsMpEng - Use-After-Free via Saved Callers WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope WebKit - 'Element::setAttributeNodeNS' Use-After-Free reiserfstune 3.6.25 - Local Buffer Overflow TiEmu 2.08 - Local Buffer Overflow Octopus Deploy - Authenticated Code Execution (Metasploit) Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit) CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes) Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes) uc-http Daemon - Local File Inclusion / Directory Traversal Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root Piwigo Plugin Facetag 0.0.3 - SQL Injection OV3 Online Administration 3.0 - Directory Traversal OV3 Online Administration 3.0 - Remote Code Execution OV3 Online Administration 3.0 - SQL Injection Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting	2017-06-05 05:01:15 +00:00
Offensive Security	bc7f6091d4	DB: 2017-05-23 4 new exploits Apple macOS - '32-bit syscall exit' Kernel Register Leak Apple macOS - 'stackshot' Raw Frame Pointers Linux Kernel 4.11 - eBPF Verifier Log Leaks Lower Half of map Pointer VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Config Host Root Privilege Escalation Joomla! 3.7.0 - 'com_fields' SQL Injection Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC)	2017-05-23 05:01:15 +00:00
Offensive Security	5aee851cfb	DB: 2017-05-11 5 new exploits PocketPC Mms Composer - (WAPPush) Denial of Service PocketPC Mms Composer - 'WAPPush' Denial of Service BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs) BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoC) DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs) DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoC) otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs) otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service) (PoC) Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035) Microsoft Internet Explorer 8/9/10 - 'CInput' Use-After-Free Crash (PoC) (MS14-035) SAP SAPCAR 721.510 - Heap-Based Buffer Overflow Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1) Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Privilege Escalation (1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1) Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2) Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1) Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2) HT Editor 2.0.20 - Buffer Overflow (ROP PoC) HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC) Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Privilege Escalation Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2) Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2) Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1) Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow (Metasploit) Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit) Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2) Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3) Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010) Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion visual tools dvr 3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities Microsoft Internet Explorer 8 / 9 - Steal Any Cookie Microsoft Internet Explorer 8/9 - Steal Any Cookie PHPOpenChat 2.3.4/3.0.1 - ENGLISH_poc.php Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S_ DVR - Credentials Disclosure / Authentication Bypass C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass BanManager WebUI 1.5.8 - PHP Code Injection Gongwalker API Manager 1.1 - Cross-Site Request Forgery	2017-05-11 05:01:18 +00:00
Offensive Security	6f37b94a66	DB: 2017-05-09 5 new exploits RPCBind / libtirpc - Denial of Service Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH) Xen 64bit PV Guest - pagetable use-after-type-change Breakout Linux/x86 - Disable ASLR Shellcode (80 bytes) Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)	2017-05-09 04:46:38 +00:00
Offensive Security	9e9bf495c2	DB: 2017-04-26 26 new exploits PHP 5.4.0RC6 (x64t) - Denial of Service PHP 5.4.0RC6 (x64) - Denial of Service Evostream Media Server 1.7.1 (x64) - Denial of Service PrivateTunnel Client 2.8 - Local Buffer Overflow (SEH) VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write Dmitry 1.3a - Local Buffer Overflow Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write Apple Safari - Array concat Memory Corruption Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free VirtualBox - Cooperating VMs can Escape from Shared Folder PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation Dell Customer Connect 1.3.28.0 - Privilege Escalation LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit Nginx 1.4.0 (Generic Linux x64) - Remote Exploit Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution Microsoft Office Word - Malicious Hta Execution (Metasploit) WePresent WiPG-1000 - Command Injection (Metasploit) OSX/Intel - setuid shell x86_64 Shellcode (51 bytes) OSX/Intel (x86-64) - setuid shell Shellcode (51 bytes) OSX/Intel (x86_64) - reverse_tcp shell Shellcode (131 bytes) OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes) Linux x86 / x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes) Linux x86 / x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes) Linux x86 / x86_64 - Read /etc/passwd Shellcode (156 bytes) Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes) Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes) Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes) Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Linux/x86-64 - Reverse Shell Shellcode (84 bytes) FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery WordPress Plugin KittyCatfish 2.2 - SQL Injection WordPress Plugin Car Rental System 2.5 - SQL Injection WordPress Plugin Wow Viral Signups 2.1 - SQL Injection WordPress Plugin Wow Forms 2.1 - SQL Injection Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection October CMS 1.0.412 - Multiple Vulnerabilities	2017-04-26 05:01:18 +00:00
Offensive Security	3c86b861c2	DB: 2017-04-19 4 new exploits Microsoft Windows - Uncredentialed SMB RCE (MS17-010) (Metasploit) Microsoft Windows - Unauthenticated SMB Remote Code Execution (MS17-010) (Metasploit) pinfo 0.6.9 - Local Buffer Overflow Tenable Appliance < 4.5 - Unauthenticated Remote Root Code Execution Microsoft Word - .RTF Remote Code Execution Huawei HG532n - Command Injection (Metasploit)	2017-04-19 05:01:17 +00:00
Offensive Security	8ce122cbaf	DB: 2017-04-04 3 new exploits BackBox OS - Denial of Service Apache Tomcat 6/7/8/9 - Information Disclosure Zyxel_ EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection	2017-04-04 05:01:25 +00:00
Offensive Security	0320cba051	DB: 2017-04-02 6 new exploits Microsoft Internet Explorer 11 - Crash PoC (1) Microsoft Internet Explorer 11 - Crash (PoC) (1) Microsoft Windows SQL Server - Denial of Service Remote Exploit (MS03-031) Microsoft Windows SQL Server - Remote Denial of Service (MS03-031) Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow PoC (MS03-046) Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (PoC) (MS03-046) Microsoft Windows - MSDTC Service Remote Memory Modification PoC (MS05-051) Microsoft Windows - MSDTC Service Remote Memory Modification (PoC) (MS05-051) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (1) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1) Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (1) Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (1) Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (3) Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (3) Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (2) Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (2) Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC (Metasploit) Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit) Microsoft Windows - DNS Resolution Remote Denial of Service PoC (MS06-041) Microsoft Windows - DNS Resolution Remote Denial of Service (PoC) (MS06-041) Microsoft Excel - Malformed Palette Record Denial of Service PoC (MS07-002) Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002) BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow PoCs BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs) Visual Basic - 'vbe6.dll' Local Stack Overflow PoC / Denial of Service Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC) Microsoft Internet Explorer GDI+ - PoC (MS08-052) Microsoft Internet Explorer GDI+ - (PoC) (MS08-052) Microsoft Windows - GDI+ PoC (MS08-052) (2) Microsoft Windows - GDI+ (PoC) (MS08-052) (2) Microsoft Windows - InternalOpenColorProfile Heap Overflow PoC (MS08-046) GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption PoC/Denial of Service Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046) GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Apple Safari - 'ARGUMENTS' Array Integer Overflow (PoC) (New Heap Spray) Adobe Acrobat Reader - JBIG2 Local Buffer Overflow PoC (2) Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC) (2) eZip Wizard 3.0 - Local Stack Buffer Overflow PoC (SEH) eZip Wizard 3.0 - Local Stack Buffer Overflow (PoC) (SEH) Chasys Media Player 1.1 - '.pls' Local Buffer Overflow PoC (SEH) Chasys Media Player 1.1 - '.pls' Local Buffer Overflow (PoC) (SEH) Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (1) Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (1) Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (2) Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (2) Microsoft Internet Explorer - EMBED Memory Corruption PoC (MS09-014) Microsoft Internet Explorer - EMBED Memory Corruption (PoC) (MS09-014) DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow PoCs DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs) AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow PoC (SEH) AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow (PoC) (SEH) MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC) otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs) JetAudio 7.5.3 COWON Media Center - '.wav' Crash Streaming Audio Player 0.9 - (skin) Local Stack Overflow PoC (SEH) Soritong MP3 Player 1.0 - (SKIN) Local Stack Overflow PoC (SEH) Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (PoC) (SEH) Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH) Tuniac 090517c - '.m3u' Local File Crash (PoC) HTML Email Creator & Sender 2.3 - Local Buffer Overflow PoC (SEH) HTML Email Creator & Sender 2.3 - Local Buffer Overflow (PoC) (SEH) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (1) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (2) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (1) PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (2) BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow PoC (2) BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow (PoC) (2) Eureka Email Client 2.2q - PoC Buffer Overflow Eureka Email Client 2.2q - Buffer Overflow (PoC) Microsoft Windows 7 / Server 2008 R2 - Remote Kernel Crash Microsoft Windows 7 / 2008 R2 - Remote Kernel Crash Picpuz 2.1.1 - Buffer Overflow Denial of Service/PoC Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC) Total MultiMedia Features - Denial of Service PoC for Sony Ericsson Phones Total MultiMedia Features - Sony Ericsson Phones Denial of Service (PoC) Mozilla Firefox 3.6 - (XML parser) Memory Corruption PoC/Denial of Service Mozilla Firefox 3.6 - (XML parser) Memory Corruption (PoC) / Denial of Service iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service/PoC iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service (PoC) RCA DCM425 Cable Modem - micro_httpd Denial of Service/PoC RCA DCM425 Cable Modem - 'micro_httpd' Denial of Service (PoC) Free MP3 CD Ripper 2.6 - '.wav' PoC Free MP3 CD Ripper 2.6 - '.wav' (PoC) Anyzip 1.1 - '.zip' PoC (SEH) Anyzip 1.1 - '.zip' (PoC) (SEH) Microsoft Windows - SMB Client-Side Bug PoC (MS10-006) Microsoft Windows - SMB Client-Side Bug (PoC) (MS10-006) Webby WebServer - PoC SEH control Webby WebServer - SEH Control (PoC) FreeBSD 8.0 ftpd - off-by one PoC (FreeBSD-SA-10:05) FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off- By One (PoC) Microsoft Windows Vista/Server 2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free AoAAudioExtractor 2.0.0.0 - ActiveX PoC (SEH) AoAAudioExtractor 2.0.0.0 - ActiveX (PoC) (SEH) Mozilla Firefox - Memory Corruption PoC (Simplified) Mozilla Firefox - (Simplified) Memory Corruption (PoC) Microsoft Windows - Win32k Pointer Dereferencement PoC (MS10-098) Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098) Elecard MPEG Player 5.7 - Local Buffer Overflow PoC (SEH) Elecard MPEG Player 5.7 - Local Buffer Overflow (PoC) (SEH) Microsoft Windows XP - WmiTraceMessageVa Integer Truncation PoC (MS11-011) Microsoft Windows XP - WmiTraceMessageVa Integer Truncation (PoC) (MS11-011) Real player 14.0.2.633 - Buffer Overflow / Denial of ServiceExploit Real player 14.0.2.633 - Buffer Overflow / Denial of Service IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - '.ICO' With Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - '.ICO' Without Transparent Colour Denial of Service / Remote Denial of Service Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel Denial of Service Microsoft Windows Vista/2008 - 'nsiproxy.sys' Local Kernel Denial of Service D-Link DSL-2650U - Denial of Service/PoC D-Link DSL-2650U - Denial of Service (PoC) Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun PoC (MS11-077) Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun (PoC) (MS11-077) Opera 11.52 - PoC Denial of Service Opera 11.52 - Denial of Service (PoC) Microsoft Win32k - Null Pointer De-reference PoC (MS11-077) Microsoft Win32k - Null Pointer De-reference (PoC) (MS11-077) Microsoft Windows - 'afd.sys' PoC (MS11-046) Microsoft Windows - 'afd.sys' (PoC) (MS11-046) Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (MS12-034) Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE (PoC) (MS12-034) Wyse - Machine Remote Power off (DOS) without any Privilege (Metasploit) Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit) Microsoft Windows Server 2000/NT 4.0 - TCP/IP Printing Service Denial of Service Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Crash PoC (Null Pointer Dereference) Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (PoC) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4) FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4) FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5) Microsoft Windows Server 2000/NT - Terminal Server Service RDP Denial of Service Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (1) Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (2) Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1) Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2) Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2) Microsoft PoCket Internet Explorer 3.0 - Denial of Service Microsoft Pocket Internet Explorer 3.0 - Denial of Service Microsoft Windows - HWND_BROADCAST PoC (MS13-005) Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005) Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash PoC Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash (PoC) Apple Safari 3 for Windows - Document.Location Denial of Service Apple Safari 3 for Windows - 'Document.Location' Denial of Service PotPlayer 1.5.42509 Beta - Denial of Service (Integer Division by Zero Exploit) PotPlayer 1.5.42509 Beta - Integer Division by Zero Denial of Service Apple Safari 3.0.x - for Windows Document.Location.Hash Buffer Overflow Apple Safari 3.0.x for Windows - 'Document.Location.Hash' Buffer Overflow Android Web Browser - GIF File Heap Based Buffer Overflow Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow Android Web Browser - BMP File Integer Overflow Google Android Web Browser - '.BMP' File Integer Overflow Gold MP4 Player 3.3 - Buffer Overflow PoC (SEH) Gold MP4 Player 3.3 - Buffer Overflow (PoC) (SEH) Microsoft Windows Server 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service Microsoft Windows Vista/2003 - 'UnhookWindowsHookEx' Local Denial of Service Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035) Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035) Microsoft Internet Explorer - Memory Corruption PoC (MS14-029) Microsoft Internet Explorer - Memory Corruption (PoC) (MS14-029) UniPDF 1.1 - Crash (PoC) (SEH) Brasero CD/DVD Burner 3.4.1 - '.m3u' Buffer Overflow Crash (PoC) Microsoft Windows - 'HTTP.sys' PoC (MS15-034) Microsoft Windows - 'HTTP.sys' (PoC) (MS15-034) UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC) Microsoft Internet Explorer 11 - Crash PoC (2) Microsoft Internet Explorer 11 - Crash (PoC) (2) Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow QNX RTOS 6.3.0 - Insecure rc.local Permissions Plus System Crash QNX RTOS 6.3.0 - Insecure 'rc.local' Permissions System Crash / Privilege Escalation Microsoft Windows - NtClose DeadLock PoC (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030) Microsoft Windows - NtClose DeadLock (PoC) (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation (PoC) (MS06-030) PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - zip:// URL Wrapper Buffer Overflow PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - 'zip://' URL Wrapper Buffer Overflow Apache Tomcat (Windows) - runtime.getRuntime().exec() Privilege Escalation Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Privilege Escalation Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow PoC (SEH) Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow (PoC) (SEH) Streaming Audio Player 0.9 - (skin) Local Stack Overflow (SEH) Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (SEH) Tuniac 090517c - '.m3u' Local File Crash (PoC) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (1) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (1) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3) Microsoft HTML Help Workshop 4.74 - '.hhp' Index Buffer Overflow (Metasploit) (3) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (2) Microsoft HTML Help Workshop 4.74 - '.hhp' Cotent Buffer Overflow (Metasploit) (2) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (2) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (2) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4) Microsoft HTML Help Workshop 4.74 - '.hhp' compiled Buffer Overflow (Metasploit) (4) Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (without egg-hunter) (Metasploit) Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without Egg-Hunter) (Metasploit) PHP 5.3.6 - Buffer Overflow PoC (ROP) PHP 5.3.6 - Buffer Overflow (ROP) (PoC) Microsoft Windows Server 2000/NT 4 - DLL Search Path Microsoft Windows NT 4/2000 - DLL Search Path Microsoft Windows Server 2000/NT 4 - NTFS File Hiding Microsoft Windows NT 4/2000 - NTFS File Hiding Microsoft Windows Server 2000/NT 4.0 - Process Handle Local Privilege Elevation Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (1) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (2) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (3) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (4) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (5) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (6) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (7) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (8) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8) Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (1) Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (2) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2) Microsoft Windows Server 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows Server 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_parameters' Argument Arbitrary File Creation Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit) Microsoft Windows Server 2003/2008/XP/Vista - WMI Service Isolation Privilege Escalation Microsoft Windows XP/Vista/2003/2008 - WMI Service Isolation Privilege Escalation Adobe Reader for Android - addJavascriptInterface Exploit (Metasploit) Adobe Reader for Android - 'addJavascriptInterface' Exploit (Metasploit) UniPDF 1.1 - Crash PoC (SEH overwritten) Brasero CD/DVD Burner 3.4.1 - 'm3u' Buffer Overflow Crash (PoC) UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass PoC (MS15-052) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052) Android - get_user/put_user Exploit (Metasploit) Google Android - get_user/put_user Exploit (Metasploit) Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#) Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#) Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (2) Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit) Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit) MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit) MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit) ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (1) Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (1) Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2) Ultr@VNC 1.0.1 - client Log::ReallyPrint Buffer Overflow Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow (Metasploit) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (1) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (1) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2) Microsoft Internet Explorer 7 - Arbitrary File Rewrite PoC (MS07-027) Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (1) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) ImageStation - 'SonyISUpload.cab 1.0.0.38' ActiveX Buffer Overflow ImageStation - 'SonyISUpload.cab' 1.0.0.38 ActiveX Buffer Overflow IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow Microsoft XML Core Services DTD - Cross-Domain Scripting PoC (MS08-069) Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption PoC (MS09-002) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002) Apple Mac OSX - Java applet Remote Deserialization Remote PoC (2) Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2) Microsoft Windows live messenger plus! fileserver 1.0 - Directory Traversal Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal JetAudio 7.5.3 COWON Media Center - '.wav' Crash DistCC Daemon - Command Execution (Metasploit) (1) DistCC Daemon - Command Execution (Metasploit) Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit) mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit) Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit) mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit) Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (1) Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) Veritas NetBackup - Remote Command Execution (Metasploit) (1) Veritas NetBackup - Remote Command Execution (Metasploit) Pegasus Mail Client 4.51 - PoC Buffer Overflow Pegasus Mail Client 4.51 - Buffer Overflow (PoC) Irix LPD tagprinter - Command Execution (Metasploit) (1) Irix LPD tagprinter - Command Execution (Metasploit) Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (1) Xtacacsd 4.1.2 - 'report()' Buffer Overflow (Metasploit) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (1) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) Tandberg E & EX & C Series Endpoints - Default Credentials for Root Account Tandberg E & EX & C Series Endpoints - Default Root Account Credentials Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (2) Veritas NetBackup - Remote Command Execution (Metasploit) (2) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (2) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (2) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (1) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (2) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (1) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (2) httpdx - tolog() Function Format String (Metasploit) (1) httpdx - 'tolog()' Function Format String (Metasploit) (1) Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1) Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) httpdx - tolog() Function Format String (Metasploit) (2) httpdx - 'tolog()' Function Format String (Metasploit) (2) Irix LPD tagprinter - Command Execution (Metasploit) (2) Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (2) DistCC Daemon - Command Execution (Metasploit) (2) HP Data Protector Client 6.11 - EXEC_SETUP Remote Code Execution PoC (ZDI-11-056) HP Data Protector Client 6.11 - EXEC_CMD Remote Code Execution PoC (ZDI-11-055) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC) Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (1) Mozilla Firefox 3.6.16 (Windows) - mChannel Use-After-Free (Metasploit) (1) Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit) Opera 10/11 - Bad Nesting with Frameset Tag Memory Corruption (Metasploit) Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (2) Mozilla Firefox 3.6.16 (OSX) - mChannel Use-After-Free (Metasploit) (2) HP SiteScope - Remote Code Execution (Metasploit) (1) HP SiteScope (Linux/Windows) - Remote Code Execution (Metasploit) Microsoft Windows Server 2000/NT 4/XP - Help Facility ActiveX Control Buffer Overflow Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow Microsoft Windows Server 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow thttpd 2.2x - defang Remote Buffer Overflow thttpd 2.2x - 'defang' Remote Buffer Overflow Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (2) Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit) Dovecot with Exim - sender_address Parameter Remote Command Execution Dovecot with Exim - 'sender_address' Parameter Remote Command Execution HP SiteScope - Remote Code Execution (Metasploit) (2) HP SiteScope (Windows) - Remote Code Execution (Metasploit) Western Digital Arkeia - Remote Code Execution (Metasploit) (1) Western Digital Arkeia < 10.0.10 - Remote Code Execution (Metasploit) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (2) Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (1) Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) Western Digital Arkeia - Remote Code Execution (Metasploit) (2) Western Digital Arkeia < 11.0.12 - Remote Code Execution (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) E-Uploader Pro 1.0 - Image Upload with Code Execution E-Uploader Pro 1.0 - Image Upload / Code Execution ASPapp Knowledge Base - 'CatId' Parameter SQL Injection ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (1) ASPapp KnowledgeBase - 'catid' Parameter SQL Injection ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (2) ea-gBook 0.1 - Remote Command Execution with Remote File Inclusion (c99) ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion (c99) Flatchat 3.0 - 'pmscript.php with' Local File Inclusion Flatchat 3.0 - 'pmscript.php' Local File Inclusion Joomla! Component huruhelpdesk - SQL Injection Joomla! Component Huru Helpdesk - SQL Injection (1) PGAUTOPro - SQL Injection / Cross-Site Scripting PGAUTOPro - SQL Injection / Cross-Site Scripting (1) Joomla! Component Huru Helpdesk - SQL Injection Joomla! Component Huru Helpdesk - SQL Injection (2) SoftwareDEP Classified Script 2.5 - SQL Injection SoftwareDEP Classified Script 2.5 - SQL Injection (1) WordPress Plugin pay with tweet 1.1 - Multiple Vulnerabilities WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities Software DEP Classified Script 2.5 - SQL Injection SoftwareDEP Classified Script 2.5 - SQL Injection (2) Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (1) Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (2) Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1) Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2) OnlineArts DailyDose 1.1 - Denial of Servicee.pl Remote Command Execution OnlineArts DailyDose 1.1 - 'dose.pl' Remote Command Execution PHPOpenChat 2.3.4/3.0.1 - PoC_loginform.php phpbb_root_path Parameter Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - PoC.php Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php' phpbb_root_path Parameter Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion ActiveNews Manager - 'articleId' Parameter SQL Injection ActiveNews Manager - 'articleId' Parameter SQL Injection (1) Active News Manager - 'articleId' Parameter SQL Injection ActiveNews Manager - 'articleId' Parameter SQL Injection (2) Sagem Fast 3304-V2 - Authentication Bypass Sagem Fast 3304-V2 - Authentication Bypass (1) PG Auto Pro - SQL Injection / Cross-Site Scripting PGAUTOPro - SQL Injection / Cross-Site Scripting (2) Sagem FAST3304-V2 - Authentication Bypass Sagem FAST3304-V2 - Authentication Bypass (2) Trend Micro - Multiple HTTP Problems with CoreServiceShell.exe Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues phpATM 1.32 - Arbitrary File Upload / Remote Command Execution (Windows Servers) phpATM 1.32 (Windows) - Arbitrary File Upload / Remote Command Execution Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)	2017-04-02 05:01:18 +00:00
Offensive Security	6d17bc529d	DB: 2017-03-31 4 new exploits dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow (PoC) dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow (PoC) Spider Solitaire - Denial of Service (PoC) Spider Solitaire - Denial of Service (PoC) Baby FTP Server 1.24 - Denial of Service Baby FTP Server 1.24 - Denial of Service (1) Baby FTP server 1.24 - Denial of Service Baby FTP server 1.24 - Denial of Service (2) Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Evostream Media Server 1.7.1 (x64) - Denial of Service Evostream Media Server 1.7.1 (x64) - Denial of Service Cerberus FTP Server 8.0.10.1 - Denial of Service Cerberus FTP Server 8.0.10.1 - Denial of Service Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Solaris 10 sysinfo() - Local Kernel Memory Disclosure Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1) Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC) Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC) Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008) Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008) Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2) Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (1) Forticlient 5.2.3 Windows 10 x64 (Pre Anniversary) - Privilege Escalation Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Privilege Escalation Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (2) Yahoo! Music Jukebox 2.2 - AddImage() ActiveX Remote Buffer Overflow (1) Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (1) dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (1) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1) Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2) Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2) D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (2) D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit) D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (1) D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit) Azure Data Expert Ultimate 2.2.16 - Buffer Overflow Azure Data Expert Ultimate 2.2.16 - Buffer Overflow Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) Article Script 1.6.3 - 'rss.php' SQL Injection (1) Article Script 1.6.3 - 'rss.php' SQL Injection DBHcms 1.1.4 - Remote File Inclusion DBHcms 1.1.4 - 'code' Remote File Inclusion LaserNet CMS 1.5 - SQL Injection (2) LaserNet CMS 1.5 - SQL Injection Clever Copy 3.0 - 'postview.php' SQL Injection (1) Clever Copy 3.0 - 'postview.php' SQL Injection phpAuction - 'profile.php' SQL Injection phpAuction - 'profile.php' SQL Injection (1) Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (1) Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (2) Matterdaddy Market 1.1 - Multiple SQL Injections (1) Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections PHPWebGallery 1.3.4 - Blind SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection (1) PHPWebGallery 1.3.4 - Blind SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection (2) Zeeways Shaadi Clone 2.0 - Authentication Bypass Zeeways Shaadi Clone 2.0 - Authentication Bypass (1) Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1) DBHcms 1.1.4 - Remote File Inclusion DBHcms 1.1.4 - 'dbhcms_core_dir' Remote File Inclusion E-book Store - Multiple Vulnerabilities (1) Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1) E-book Store - Multiple Vulnerabilities (2) E-book Store - Multiple Vulnerabilities Classifieds Script - SQL Injection Classifieds Script - 'rate' SQL Injection Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (2) DBHcms 1.1.4 - SQL Injection DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection LaserNet CMS 1.5 - SQL Injection (1) Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (2) Article Script 1.6.3 - 'rss.php' SQL Injection (2) Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (1) Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (1) LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (2) Fonality trixbox 2.4.2 - Cross-Site Scripting Fonality trixbox 2.4.2 - Cross-Site Scripting (1) Fonality trixbox 2.4.2 - Cross-Site Scripting (2) Clever Copy 3.0 - 'postview.php' SQL Injection (2) phpAuction - 'profile.php' SQL Injection phpAuction - 'profile.php' SQL Injection (2) Zeeways Shaadi Clone 2.0 - Authentication Bypass Zeeways Shaadi Clone 2.0 - Authentication Bypass (2) DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2) Matterdaddy Market 1.1 - Multiple SQL Injections (2) Matterdaddy Market 1.1 - 'cat_name' Multiple SQL Injections WordPress Plugin WP Private Messages 1.0.1 - SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1) Huawei Flybox B660 - Cross-Site Request Forgery Huawei Flybox B660 - Cross-Site Request Forgery (1) Huawei Flybox B660 - Cross-Site Request Forgery Huawei Flybox B660 - Cross-Site Request Forgery (2) Classifieds Script - SQL Injection Classifieds Script - 'term' SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)	2017-03-31 05:01:16 +00:00
Offensive Security	8e03027ae5	DB: 2017-03-30 18 new exploits FUSE fusermount Tool - Race Condition Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure Apache 2.2 - Scoreboard Invalid Free On Shutdown Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow FUSE fusermount Tool - Race Condition Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation AUFS (Ubuntu 15.10) - 'allow_userns' Fuse/Xattr User Namespaces Privilege Escalation Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation NTP - Privilege Escalation Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation Disk Sorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow DiskBoss Enterprise 7.8.16 - 'Import Command' Buffer Overflow Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH) Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes) Just Dial Clone Script - 'fid' SQL Injection Just Dial Clone Script - 'fid' Parameter SQL Injection Just Dial Clone Script - 'srch' SQL Injection Just Dial Clone Script - 'srch' Parameter SQL Injection Opensource Classified Ads Script - 'keyword' Parameter SQL Injection EyesOfNetwork (EON) 5.1 - SQL Injection	2017-03-30 05:01:15 +00:00
Offensive Security	570f8aec26	DB: 2017-03-25 6 new exploits wifirxpower - Local Buffer Overflow Miele Professional PG 8528 - Directory Traversal NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow (Metasploit) Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit) Gr8 Tutorial Script - SQL Injection Gr8 Gallery Script - SQL Injection	2017-03-25 05:01:17 +00:00
Offensive Security	3f1035a488	DB: 2017-02-27 2 new exploits Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation	2017-02-27 05:01:20 +00:00
Offensive Security	2f4b2745b1	DB: 2017-02-15 11 new exploits Linux Kernel 3.10.0 (CentOS7) - Denial of Service LG G4 - lgdrmserver Binder Service Multiple Race Conditions LG G4 - lghashstorageserver Directory Traversal LG G4 - Touchscreen Driver write_log Kernel Read/Write Google Android - Inter-process munmap in android.util.MemoryIntArray Google Android - android.util.MemoryIntArray Ashmem Race Conditions Microsoft Edge - TypedArray.sort Use-After-Free (MS16-145) ShadeYouVPN Client 2.0.1.11 - Privilege Escalation ntfs-3g - Unsanitized modprobe Environment Privilege Escalation MLdonkey 2.9.7 - HTTP DOUBLE SLASH Arbitrary File Disclosure MLdonkey 2.9.7 - Arbitrary File Disclosure Mldonkey 2.5 -4 - Web Interface Error Message Cross-Site Scripting MLdonkey 2.5-4 - Cross-Site Scripting Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit) Joomla! Component NeoRecruit 1.4 - 'id' SQL Injection Joomla! Component NeoRecruit 1.4 - 'id' Parameter SQL Injection taifajobs 1.0 - (jobid) SQL Injection taifajobs 1.0 - 'jobid' Parameter SQL Injection Pyrophobia 2.1.3.1 - modules/out.php id Parameter Cross-Site Scripting Pyrophobia 2.1.3.1 - admin/index.php Multiple Parameter Traversal Arbitrary File Access Pyrophobia 2.1.3.1 - Cross-Site Scripting Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access Itech B2B Script 4.29 - Multiple Vulnerabilities	2017-02-15 05:01:16 +00:00
Offensive Security	d1a0e8f9fd	DB: 2017-02-09 3 new exploits Zookeeper 3.5.2 - Denial of Service Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes) YapBB 1.2 - (forumID) Blind SQL Injection YapBB 1.2 - 'forumID' Parameter Blind SQL Injection ClearBudget 0.6.1 - (Misspelled htaccess) Insecure DD ClearBudget 0.6.1 - Insecure Database Download phpYabs 0.1.2 - (Azione) Remote File Inclusion phpYabs 0.1.2 - 'Azione' Parameter Remote File Inclusion IF-CMS 2.0 - 'frame.php id' Blind SQL Injection IF-CMS 2.0 - 'id' Parameter Blind SQL Injection BusinessSpace 1.2 - 'id' SQL Injection A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection BusinessSpace 1.2 - 'id' Parameter SQL Injection A Better Member-Based ASP Photo Gallery - 'entry' Parameter SQL Injection FlexCMS - (catId) SQL Injection FlexCMS 2.5 - 'catId' Parameter SQL Injection Thyme 1.3 - (export_to) Local File Inclusion Papoo CMS 3.x - (pfadhier) Local File Inclusion q-news 2.0 - Remote Command Execution Potato News 1.0.0 - (user) Local File Inclusion Thyme 1.3 - 'export_to' Parameter Local File Inclusion Papoo CMS 3.x - 'pfadhier' Parameter Local File Inclusion Q-News 2.0 - Remote Command Execution Potato News 1.0.0 - Local File Inclusion Mynews 0_10 - Authentication Bypass Mynews 0.10 - Authentication Bypass Muviko Video CMS - SQL Injection Multi Outlets POS 3.1 - 'id' Parameter SQL Injection	2017-02-09 05:01:17 +00:00
Offensive Security	2ff74c7c1b	DB: 2017-02-08 9 new exploits Zookeeper 3.5.2 - Denial of Service OpenBSD HTTPd < 6.0 - Memory Exhaustion Denial of Service ThisIsWhyImBroke Clone Script 4.0.0 - 'id' Parameter SQL Injection Fully Featured News CMS 1.0 - 'id' Parameter SQL Injection MySQL File Uploader 1.0 - 'id' Parameter SQL Injection Easy Support Tools 1.0 - 'stt' Parameter SQL Injection Easy Web Search 3 - 'id' Parameter SQL Injection FTP Made Easy PRO 1.2 - Arbitrary File Download Easy File Uploader 1.2 - Arbitrary File Download Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure	2017-02-08 05:01:17 +00:00
Offensive Security	1a4e6f50a9	DB: 2017-02-01 65 new exploits Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC) Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x32/x64) - LZH archive parsing (PoC) ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x86/x64) - LZH archive parsing (PoC) Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read Samba < 3.6.2 (x86) - Denial of Serviec (PoC) Adobe Flash - Bad Dereference at 0x23c on Linux x64 Adobe Flash (Linux x64) - Bad Dereference at 0x23c Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited Core FTP Server 32-bit Build 587 - Heap Overflow Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC) Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC) RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation RedHat 6.2 /usr/bin/rcp - 'SUID' Privilege Escalation Setuid perl - PerlIO_Debug() Root Owned File Creation Privilege Escalation Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid) Qpopper 4.0.8 (Linux) - (poppassd) Privilege Escalation Wireless Tools 26 (IWConfig) - Privilege Escalation Qpopper 4.0.8 (Linux) - 'poppassd' Privilege Escalation Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure Rocks Clusters 4.1 - (umount-loop) Privilege Escalation Rocks Clusters 4.1 - (mount-loop) Privilege Escalation Rocks Clusters 4.1 - 'umount-loop' Privilege Escalation Rocks Clusters 4.1 - 'mount-loop' Privilege Escalation PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation Postfix 2.6-20080814 - (symlink) Privilege Escalation Postfix 2.6-20080814 - 'symlink' Privilege Escalation Oracle Database Vault - ptrace(2) Privilege Escalation Oracle Database Vault - 'ptrace(2)' Privilege Escalation Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off-by-One Local Exploit Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Local Exploit Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1) Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load (Privilege Escalation) GNU C Library 2.x (libc6) - (Dynamic Linker LD_AUDIT Arbitrary DSO Load) Privilege Escalation Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Privilege Escalation (1) Free Download Manager - Torrent Parsing Buffer Overflow (Metasploit) Free Download Manager 3.0 Build 844 - Torrent Parsing Buffer Overflow (Metasploit) VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit) PolicyKit polkit-1 < 0.101 - Linux Privilege Escalation PolicyKit polkit-1 < 0.101 - Privilege Escalation Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail) (1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail 8.10.1) (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) QNX RTOS 4.25/6.1 - phgrafxPrivilege Escalation QNX RTOS 4.25/6.1 - phgrafx-startup Privilege Escalation QNX RTOS 4.25/6.1 - 'phgrafx' Privilege Escalation QNX RTOS 4.25/6.1 - 'phgrafx-startup' Privilege Escalation Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure Microsoft Windows 10 10586 (x32/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111) Microsoft Windows 10 10586 (x86/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111) MySQL 3.23.x - mysqld Privilege Escalation MySQL 3.23.x - 'mysqld' Privilege Escalation Platform Load Sharing Facility 4/5/6 - EAuth Privilege Escalation MTools 3.9.x - MFormat Privilege Escalation Platform Load Sharing Facility 4/5/6 - 'EAuth' Privilege Escalation MTools 3.9.x - 'MFormat' Privilege Escalation Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1) sudo 1.8.0 < 1.8.3p1 (sudo_debug) - Privilege Escalation + glibc FORTIFY_SOURCE Bypass sudo 1.8.0 < 1.8.3p1 (sudo_debug) - glibc FORTIFY_SOURCE Bypass + Privilege Escalation Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2) ZABBIX 1.1.4/1.4.2 - daemon_start Privilege Escalation ZABBIX 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3) LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit) Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3) TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure Linux Kernel 3.13 - Privilege Escalation PoC (SGID) Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC) OSSEC 2.8 - hosts.deny Privilege Escalation OSSEC 2.8 - 'hosts.deny' Privilege Escalation Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Privilege Escalation Linux espfix64 - Privilege Escalation (Nested NMIs Interrupting) Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) RHEL 7.0/7.1 - abrt/sosreport Privilege Escalation RHEL 7.0/7.1 - 'abrt/sosreport' Privilege Escalation MySQL 5.5.45 (x64) - Local Credentials Disclosure Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Privilege Escalation Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' bpf(BPF_PROG_LOAD) Privilege Escalation ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation Microsoft Windows 7 (x32/x64) - Group Policy Privilege Escalation (MS16-072) Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072) Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) Viscosity 1.6.7 - Privilege Escalation BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution Solaris /bin/login (SPARC/x86) - Remote Code Execution gpsdrive 2.09 (x86) - (friendsd2) Remote Format String PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit) dproxy-nexgen (Linux/x86) - Buffer Overflow dproxy-nexgen (Linux x86) - Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit) AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit) 32bit FTP Client - Stack Buffer Overflow (Metasploit) Free Download Manager - Remote Control Server Buffer Overflow (Metasploit) Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit) CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit) Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit) Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit) Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit) Webmin 0.x - RPC Function Privilege Escalation Webmin 0.x - 'RPC' Function Privilege Escalation Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit Nginx 1.4.0 (x64) - (Generic Linux) Remote Exploit Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit technote 7.2 - Remote File Inclusion Technote 7.2 - Remote File Inclusion JAWS 0.2/0.3 - 'index.php' gadget Parameter Traversal Arbitrary File Access JAWS 0.2/0.3 - Cookie Manipulation Authentication Bypass JAWS 0.2/0.3 - 'index.php' action Parameter Cross-Site Scripting Jaws 0.2/0.3 - 'gadget' Parameter Traversal Arbitrary File Access Jaws 0.2/0.3 - Cookie Manipulation Authentication Bypass Jaws 0.2/0.3 - 'action' Parameter Cross-Site Scripting JAWS 0.2/0.3/0.4 - ControlPanel.php SQL Injection Jaws 0.2/0.3/0.4 - ControlPanel.php SQL Injection JAWS Glossary 0.4/0.5 - Cross-Site Scripting Jaws Glossary 0.4/0.5 - Cross-Site Scripting JAWS 0.x - Remote File Inclusion Jaws 0.x - Remote File Inclusion FlatNux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities Multiple Netgear Routers - Password Disclosure Video Sharing Script 4.94 - 'uid' Parameter SQL Injection Netman 204 - Backdoor Account / Password Reset	2017-02-01 05:01:19 +00:00
Offensive Security	bac881f89a	DB: 2017-01-03 3 new exploits QNAP NAS Devices - Heap Overflow Castle Rock Computing SNMPc 7.0.19 - Community String Stack Based Buffer Overflow Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH) PHPFanBase 2.x - (protection.php) Remote File Inclusion PHPFanBase 2.x - 'protection.php' Remote File Inclusion DigiAffiliate 1.4 - (visu_user.asp id) SQL Injection DigiAffiliate 1.4 - 'id' Parameter SQL Injection ExoPHPDesk 1.2.1 - (faq.php) SQL Injection ExoPHPDesk 1.2.1 - 'faq.php' SQL Injection MiniGal b13 - (image backdoor) Remote Code Execution MiniGal b13 - Remote Code Execution PHP Auto Listings - 'moreinfo.php pg' SQL Injection Pre Simple CMS - SQL Injection (Authentication Bypass) PHP Auto Listings - 'pg' Parameter SQL Injection Pre Simple CMS - Authentication Bypass Harlandscripts drinks - (recid) SQL Injection Harlandscripts drinks - 'recid' Parameter SQL Injection Mole Group Taxi Calc Dist Script - (Authentication Bypass) SQL Injection Mole Group Taxi Calc Dist Script - Authentication Bypass DevelopItEasy Membership System 1.3 - (Authentication Bypass) SQL Injection DevelopItEasy Membership System 1.3 - Authentication Bypass NICE FAQ Script - (Authentication Bypass) SQL Injection NICE FAQ Script - Authentication Bypass SoftComplex PHP Image Gallery 1.0 - (Authentication Bypass) SQL Injection SoftComplex PHP Image Gallery 1.0 - Authentication Bypass DELTAScripts PHP Classifieds 7.5 - (Authentication Bypass) SQL Injection DELTAScripts PHP Links 1.3 - (Authentication Bypass) SQL Injection DELTAScripts PHP Shop 1.0 - (Authentication Bypass) SQL Injection SoftComplex PHP Image Gallery - (ctg) SQL Injection DELTAScripts PHP Classifieds 7.5 - Authentication Bypass DELTAScripts PHP Links 1.3 - Authentication Bypass DELTAScripts PHP Shop 1.0 - Authentication Bypass SoftComplex PHP Image Gallery - 'ctg' Parameter SQL Injection TurnkeyForms Business Survey Pro 1.0 - 'id' SQL Injection Mole Group Pizza - (manufacturers_id) Script SQL Injection TurnkeyForms Business Survey Pro 1.0 - 'id' Parameter SQL Injection Mole Group Pizza - 'manufacturers_id' Parameter SQL Injection E-topbiz Online Store 1 - (Authentication Bypass) SQL Injection PHP Auto Listings Script - (Authentication Bypass) SQL Injection Mole Group Rental Script - (Authentication Bypass) SQL Injection MyioSoft Ajax Portal 3.0 - (Authentication Bypass) SQL Injection MyioSoft EasyBookMarker - (Authentication Bypass) SQL Injection MyioSoft EasyCalendar - (Authentication Bypass) SQL Injection E-topbiz Online Store 1 - Authentication Bypass PHP Auto Listings Script - Authentication Bypass Mole Group Rental Script - Authentication Bypass MyioSoft Ajax Portal 3.0 - Authentication Bypass MyioSoft EasyBookMarker 4.0 - Authentication Bypass MyioSoft EasyCalendar - Authentication Bypass E-topbiz Online Store 1 - 'cat_id' SQL Injection E-topbiz Online Store 1 - 'cat_id' Parameter SQL Injection Myiosoft EasyBookMarker 4 - (Parent) SQL Injection Myiosoft EasyBookMarker 4 - 'Parent' Parameter SQL Injection Enthusiast 3.1.4 - (show_joined.php path) Remote File Inclusion V3 Chat Profiles/Dating Script 3.0.2 - (Authentication Bypass) SQL Injection Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass DigiAffiliate 1.4 - (Authentication Bypass) SQL Injection Mole Group Airline Ticket Script - (Authentication Bypass) SQL Injection DigiAffiliate 1.4 - Authentication Bypass Mole Group Airline Ticket Script - Authentication Bypass ExoPHPDesk 1.2 Final - (Authentication Bypass) SQL Injection ZEEMATRI 3.0 - (bannerclick.php adid) SQL Injection ExoPHPDesk 1.2 Final - Authentication Bypass ZEEMATRI 3.0 - 'adid' Parameter SQL Injection Joomla! Component com_books - (book_id) SQL Injection Joomla! Component com_books - 'book_id' Parameter SQL Injection Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection Joomla! / Mambo Component com_catalogproduction - 'id' Parameter SQL Injection PozScripts Business Directory Script - 'cid' SQL Injection PozScripts Business Directory Script - 'cid' Parameter SQL Injection Alstrasoft Web Host Directory - (Authentication Bypass) SQL Injection Quick Poll Script - 'code.php id' SQL Injection Alstrasoft Web Host Directory - Authentication Bypass Quick Poll Script - 'id' Parameter SQL Injection Bankoi Webhost Panel 1.20 - (Authentication Bypass) SQL Injection Bankoi Webhost Panel 1.20 - Authentication Bypass Minigal b13 - 'index.php list' Remote File Disclosure yahoo answers - 'id' SQL Injection Minigal b13 - Remote File Disclosure yahoo answers - 'id' Parameter SQL Injection PHPstore Wholesale - 'track.php?id' SQL Injection PHPstore Wholesale - 'id' Parameter SQL Injection E-topbiz ADManager 4 - (group) Blind SQL Injection E-topbiz ADManager 4 - 'group' Parameter Blind SQL Injection PHPfan 3.3.4 - (init.php includepath) Remote File Inclusion Jadu Galaxies - 'categoryId' Blind SQL Injection PHPfan 3.3.4 - 'init.php' Remote File Inclusion Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection MemHT Portal 4.0.1 - (avatar) Remote Code Execution MemHT Portal 4.0.1 - Remote Code Execution MemHT Portal 4.0.1 - (pvtmsg) Delete All Private Messages Exploit MemHT Portal 4.0.1 - Delete All Private Messages Exploit MyioSoft Ajax Portal 3.0 - (page) SQL Injection MyioSoft Ajax Portal 3.0 - 'page' Parameter SQL Injection X10media Mp3 Search Engine < 1.6.2 Admin Access X10media Mp3 Search Engine < 1.6.2 - Admin Access Arab Portal 2.2 - (Authentication Bypass) SQL Injection Arab Portal 2.2 - Authentication Bypass Arab Portal 2.x - (forum.php qc) SQL Injection Arab Portal 2.x - 'forum.php' SQL Injection Arab Portal 2.2 - (mod.php module) Local File Inclusion Arab Portal 2.2 - 'mod.php' Local File Inclusion Collabtive - SQL Injection Collabtive 0.65 - SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - showproduct.php SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - showcat.php SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - 'showproduct.php' SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - 'showcat.php' SQL Injection All Enthusiast PhotoPost PHP Pro 5.0 - adm-photo.php Arbitrary Image Manipulation All Enthusiast PhotoPost PHP Pro 5.0 - 'adm-photo.php' Arbitrary Image Manipulation Collabtive 1.0 - (manageuser.php task Parameter) SQL Injection Collabtive 1.0 - 'manageuser.php' SQL Injection Arab Portal 2.0 - Link.php SQL Injection Arab Portal 2.0 - 'Link.php' SQL Injection Arab Portal System 2.0 - online.php title Parameter Cross-Site Scripting Arab Portal System 2.0 - download.php title Parameter Cross-Site Scripting Arab Portal 2.0 - 'online.php' Cross-Site Scripting Arab Portal 2.0 - 'download.php' Cross-Site Scripting ExoPHPDesk 1.2 - Pipe.php Remote File Inclusion ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion Collabtive 1.1 - (managetimetracker.php id Parameter) SQL Injection Collabtive 1.1 - 'managetimetracker.php' SQL Injection Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass Zeeways Shaadi Clone 2.0 - Authentication Bypass PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution	2017-01-03 05:01:17 +00:00
Offensive Security	18d8085c6d	DB: 2016-12-18 13 new exploits Microsoft Internet Explorer 9 MSHTML - CMarkup::ReloadInCompatView Use-After-Free Microsoft Internet Explorer 9 IEFRAME - CMarkup::RemovePointerPos Use-After-Free (MS13-055) Orthanc DICOM Server 1.1.0 - Memory Corruption Microsoft Internet Explorer 9 - MSHTML CMarkup::ReloadInCompatView Use-After-Free Microsoft Internet Explorer 9 - IEFRAME CMarkup::RemovePointerPos Use-After-Free (MS13-055) OsiriX DICOM Viewer 8.0.1 - Memory Corruption ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow DCMTK 3.6.0 storescp - Stack Buffer Overflow Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service Microsoft Internet Explorer 9 IEFRAME - CMarkupPointer::MoveToGap Use-After-Free Microsoft Internet Explorer 9 IEFRAME - CView::EnsureSize Use-After-Free (MS13-021) Nagios < 4.2.4 - Privilege Escalation iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free Alienvault OSSIM - SQL Injection / Remote Code Execution (Metasploit) Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit) Alienvault OSSIM < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution Alienvault Open Source SIEM (OSSIM) < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution Alienvault OSSIM - av-centerd Command Injection (Metasploit) Alienvault Open Source SIEM (OSSIM) - av-centerd Command Injection (Metasploit) Horos 2.1.0 Web Portal - Directory Traversal Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Alienvault OSSIM Open Source SIEM 3.1 - Multiple Security Vulnerabilities Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Security Vulnerabilities Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault OSSIM 4.1.2 - Multiple SQL Injections Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections Alienvault OSSIM Open Source SIEM 4.1 - Multiple SQL Vulnerabilities Alienvault Open Source SIEM (OSSIM) 4.1 - Multiple SQL Vulnerabilities Alienvault 4.3.1 - Unauthenticated SQL Injection Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting Alienvault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit) Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit) Alienvault OSSIM 4.3 - Cross-Site Request Forgery Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery WHMCS Addon VMPanel 2.7.4 - SQL Injection WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery	2016-12-18 05:01:16 +00:00
Offensive Security	32e86030d5	DB: 2016-12-15 3 new exploits minix 3.1.2a - tty panic Local Denial of Service minix 3.1.2a - tty panic Remote Denial of Service Minix 3.1.2a - tty panic Local Denial of Service Minix 3.1.2a - tty panic Remote Denial of Service Microsoft IIS 5.0 - WebDav Lock Method Memory Leak Denial of Service Microsoft IIS 5.0 - WebDAV Lock Method Memory Leak Denial of Service MINIX 3.3.0 - Local Denial of Service (PoC) Minix 3.3.0 - Local Denial of Service (PoC) MINIX 3.3.0 - Remote TCP/IP Stack Denial of Service Minix 3.3.0 - Remote TCP/IP Stack Denial of Service Apache 2.4.23 (mod_http2) - Denial of Service Adobe Animate 15.2.1.95 - Memory Corruption CoolPlayer - m3u File Local Buffer Overflow CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit) Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDAV Privilege Escalation (MS16-016) (Metasploit) Apache Tomcat (WebDAV) - Remote File Disclosure Apache Tomcat - (WebDAV) Remote File Disclosure Apache Tomcat (WebDAV) - Remote File Disclosure (SSL) Apache Tomcat - (WebDAV) Remote File Disclosure (SSL) APT - Repository Signing Bypass via Memory Allocation Failure PHPFootball 1.6 - (show.php) Remote Database Disclosure PHPFootball 1.6 - Remote Database Disclosure Aprox CMS Engine 5 (1.0.4) - Local File Inclusion Aprox CMS Engine 5.1.0.4 - Local File Inclusion PHP Help Agent 1.1 - (content) Local File Inclusion PHP Help Agent 1.1 - 'content' Parameter Local File Inclusion Alstrasoft Affiliate Network Pro - (pgm) SQL Injection Alstrasoft Affiliate Network Pro - 'pgm' Parameter SQL Injection PHPHoo3 <= 5.2.6 - (PHPHoo3.php viewCat) SQL Injection Alstrasoft Video Share Enterprise 4.5.1 - (UID) SQL Injection PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection Alstrasoft Video Share Enterprise 4.5.1 - 'UID' Parameter SQL Injection Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Aprox CMS Engine 5.(1.0.4) - 'index.php' SQL Injection Siteframe - 'folder.php id' SQL Injection PHPFootball 1.6 - (show.php) SQL Injection DigiLeave 1.2 - (info_book.asp book_id) Blind SQL Injection HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection Aprox CMS Engine 5.1.0.4 - 'index.php' SQL Injection Siteframe CMS 3.2.3 - 'folder.php' SQL Injection PHPFootball 1.6 - SQL Injection DigiLeave 1.2 - 'book_id' Parameter Blind SQL Injection HRS Multi - 'key' Parameter Blind SQL Injection MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection MojoAuto - 'mojoAuto.cgi mojo' Blind SQL Injection EZWebAlbum (dlfilename) - Remote File Disclosure Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection ShopCartDx 4.30 - 'pid' SQL Injection MojoPersonals - Blind SQL Injection MojoJobs - Blind SQL Injection MojoAuto - Blind SQL Injection EZWebAlbum - Remote File Disclosure Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection ShopCartDx 4.30 - 'pid' Parameter SQL Injection YouTube blog 0.1 - (Remote File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Pre Survey Poll - 'default.asp catid' SQL Injection Atom Photoblog 1.1.5b1 - (photoId) SQL Injection ibase 2.03 - 'download.php' Remote File Disclosure YouTube blog 0.1 - Remote File Inclusion / SQL Injection / Cross-Site Scripting Pre Survey Poll - 'catid' Parameter SQL Injection Atom Photoblog 1.1.5b1 - 'photoId' Parameter SQL Injection ibase 2.03 - Remote File Disclosure Live Music Plus 1.1.0 - 'id' SQL Injection xrms 1.99.2 - (Remote File Inclusion / Cross-Site Scripting / Information Gathering) Multiple Vulnerabilities Live Music Plus 1.1.0 - 'id' Parameter SQL Injection XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering FizzMedia 1.51.2 - (comment.php mid) SQL Injection PHPTest 0.6.3 - (picture.php image_id) SQL Injection FizzMedia 1.51.2 - SQL Injection PHPTest 0.6.3 - SQL Injection Mobius 1.4.4.1 - (browse.php id) SQL Injection EPShop < 3.0 - 'pid' SQL Injection Mobius 1.4.4.1 - SQL Injection EPShop < 3.0 - 'pid' Parameter SQL Injection TriO 2.1 - (browse.php id) SQL Injection CMScout 2.05 - (common.php bit) Local File Inclusion Getacoder clone - (sb_protype) SQL Injection GC Auction Platinum - (cate_id) SQL Injection SiteAdmin CMS - (art) SQL Injection TriO 2.1 - 'browse.php' SQL Injection CMScout 2.05 - 'bit' Parameter Local File Inclusion Getacoder clone - 'sb_protype' Parameter SQL Injection GC Auction Platinum - 'cate_id' Parameter SQL Injection SiteAdmin CMS - 'art' Parameter SQL Injection Youtuber Clone - 'ugroups.php UID' SQL Injection Youtuber Clone - SQL Injection PixelPost 1.7.1 - (language_full) Local File Inclusion PixelPost 1.7.1 - 'language_full' Parameter Local File Inclusion ViArt Shop 3.5 - (category_id) SQL Injection Minishowcase 09b136 - 'lang' Local File Inclusion ViArt Shop 3.5 - 'category_id' Parameter SQL Injection Minishowcase 09b136 - 'lang' Parameter Local File Inclusion Gregarius 0.5.4 - rsargs[] SQL Injection PHP Hosting Directory 2.0 - (admin.php rd) Remote File Inclusion HIOX Random Ad 1.3 - (hioxRandomAd.php hm) Remote File Inclusion hiox browser Statistics 2.0 - Remote File Inclusion Gregarius 0.5.4 - SQL Injection PHP Hosting Directory 2.0 - Remote File Inclusion HIOX Random Ad 1.3 - Remote File Inclusion HIOX Browser Statistics 2.0 - Remote File Inclusion nzFotolog 0.4.1 - (action_file) Local File Inclusion ZeeReviews - 'comments.php ItemID' SQL Injection nzFotolog 0.4.1 - 'action_file' Parameter Local File Inclusion ZeeReviews - SQL Injection Article Friendly Pro/Standard - (Cat) SQL Injection Article Friendly Pro/Standard - SQL Injection PozScripts Classified Ads Script - 'cid' SQL Injection TubeGuru Video Sharing Script - (UID) SQL Injection PozScripts Classified Ads Script - 'cid' Parameter SQL Injection TubeGuru Video Sharing Script - 'UID' Parameter SQL Injection pligg 9.9.0 - (Cross-Site Scripting / Local File Inclusion / SQL Injection) Multiple Vulnerabilities pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection camera life 2.6.2b4 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting Alstrasoft Article Manager Pro - (Authentication Bypass) SQL Injection Alstrasoft Article Manager Pro 1.6 - Authentication Bypass viart shopping cart 3.5 - Multiple Vulnerabilities Viart shopping cart 3.5 - Multiple Vulnerabilities PHPFootball 1.6 - (filter.php) Remote Hash Disclosure PHPFootball 1.6 - Remote Hash Disclosure talkback 2.3.14 - Multiple Vulnerabilities Siteframe CMS 3.2.x - (SQL Injection / phpinfo()) Multiple Vulnerabilities TalkBack 2.3.14 - Multiple Vulnerabilities Siteframe CMS 3.2.x - SQL Injection / phpinfo() CMScout - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities CMScout - Cross-Site Scripting / HTML Injection ShopCartDx 4.30 - (products.php) Blind SQL Injection ShopCartDx 4.30 - 'products.php' Blind SQL Injection viart shop 4.0.5 - Multiple Vulnerabilities ViArt Shop 4.0.5 - Multiple Vulnerabilities Siteframe 3.2.3 - (user.php) SQL Injection Siteframe CMS 3.2.3 - 'user.php' SQL Injection viart shop 4.0.5 - Cross-Site Request Forgery ViArt Shop 4.0.5 - Cross-Site Request Forgery Siteframe 2.2.4 - search.php Cross-Site Scripting Siteframe 2.2.4 - download.php Information Disclosure Siteframe CMS 2.2.4 - 'download.php' Information Disclosure phpx 3.2.3 - Multiple Vulnerabilities PHPX 3.2.3 - Multiple Vulnerabilities PHPX 3.x - admin/page.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/news.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/user.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/images.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/forums.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'page.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'news.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'user.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'images.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'forums.php' Cross-Site Request Forgery / Arbitrary Command Execution Alstrasoft Video Share Enterprise 4.x - MyajaxPHP.php Remote File Inclusion Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php Multiple Parameter Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - merchants/temp.php rowid Parameter Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php uploadProducts Action pgmid Parameter SQL Injection Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection PHPX 3.5.15/3.5.16 - print.php news_id Parameter SQL Injection PHPX 3.5.15/3.5.16 - forums.php Multiple Parameter SQL Injection PHPX 3.5.15/3.5.16 - users.php user_id Parameter SQL Injection PHPX 3.5.15/3.5.16 - news.php Multiple Parameter SQL Injection PHPX 3.5.15/3.5.16 - gallery.php Multiple Parameter SQL Injection PHPX 3.5.15/3.5.16 - 'print.php' SQL Injection PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection PHPX 3.5.15/3.5.16 - 'users.php' SQL Injection PHPX 3.5.15/3.5.16 - 'news.php' SQL Injection PHPX 3.5.15/3.5.16 - 'gallery.php' SQL Injection XRms 1.99.2 - activities/some.php title Parameter Cross-Site Scripting XRms 1.99.2 - companies/some.php company_name Parameter Cross-Site Scripting XRms 1.99.2 - contacts/some.php last_name Parameter Cross-Site Scripting XRms 1.99.2 - campaigns/some.php campaign_title Parameter Cross-Site Scripting XRms 1.99.2 - opportunities/some.php opportunity_title Parameter Cross-Site Scripting XRms 1.99.2 - cases/some.php case_title Parameter Cross-Site Scripting XRms 1.99.2 - files/some.php file_id Parameter Cross-Site Scripting XRms 1.99.2 - reports/custom/mileage.php starting Parameter Cross-Site Scripting XRms 1.99.2 - 'title' Parameter Cross-Site Scripting XRms 1.99.2 - 'company_name' Parameter Cross-Site Scripting XRms 1.99.2 - 'last_name' Parameter Cross-Site Scripting XRms 1.99.2 - 'campaign_title' Parameter Cross-Site Scripting XRms 1.99.2 - 'opportunity_title' Parameter Cross-Site Scripting XRms 1.99.2 - 'case_title' Parameter Cross-Site Scripting XRms 1.99.2 - 'file_id' Parameter Cross-Site Scripting XRms 1.99.2 - 'starting' Parameter Cross-Site Scripting Pligg 1.0.4 - 'install1.php' Cross-Site Scripting Joomla! Component DT Register - 'cat' SQL Injection Joomla! Component DT Register - 'cat' Parameter SQL Injection	2016-12-15 13:07:17 +00:00
Offensive Security	b080c70f8b	DB: 2016-12-14 7 new exploits Microsoft Internet Explorer 9 IEFRAME - CSelectionInteractButtonBehavior::_UpdateButtonLocation Use-After-Free (MS13-047) Xitami Web Server 5.0a0 - Denial of Service OpenSSL 1.1.0a/1.1.0b - Denial of Service Serva 3.0.0 HTTP Server - Denial of Service iOS 10.1.x - Certificate File Memory Corruption OpenBSD 4.0 - (vga) Privilege Escalation OpenBSD 4.0 - 'vga' Privilege Escalation 10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow MyBloggie 2.1.4 - (trackback.php) Multiple SQL Injections MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injections AShop Deluxe 4.x - (catalogue.php cat) SQL Injection AShop Deluxe 4.x - 'catalogue.php' SQL Injection HIOX Banner Rotator 1.3 - (hm) Remote File Inclusion HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion CAT2 - (spaw_root) Local File Inclusion CAT2 - 'spaw_root' Parameter Local File Inclusion MyBloggie 2.1.3 - search.php SQL Injection MyBloggie 2.1.2/2.1.3 - upload.php Multiple Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - delcomment.php Multiple Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - deluser.php 'id' Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - addcat.php errormsg Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - edituser.php errormsg Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - adduser.php errormsg Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - editcat.php errormsg Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - add.php trackback_url Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - delcat.php cat_id Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - del.php post_id Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'delcomment.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'deluser.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'addcat.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'trackback_url' Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scripting MyBloggie 2.1.x - Multiple Remote File Inclusion MyBloggie 2.1.x - MyBloggie_Root_Path Parameter Multiple Remote File Inclusion MyBloggie 2.1.x - 'MyBloggie_Root_Path' Parameter Remote File Inclusion AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter Cross-Site Scripting AShop Deluxe 4.5 - ashop/basket.php cat Parameter Cross-Site Scripting AShop Deluxe 4.5 - ashop/search.php SearchString Parameter Cross-Site Scripting AShop Deluxe 4.5 - shipping.php Multiple Parameter Cross-Site Scripting AShop Deluxe 4.5 - admin/editcatalogue.php cat Parameter Cross-Site Scripting AShop Deluxe 4.5 - admin/salesadmin.php resultpage Parameter Cross-Site Scripting AShop Deluxe 4.5 - 'catalogue.php' Cross-Site Scripting AShop Deluxe 4.5 - 'basket.php' Cross-Site Scripting AShop Deluxe 4.5 - 'search.php' Cross-Site Scripting AShop Deluxe 4.5 - 'shipping.php' Cross-Site Scripting AShop Deluxe 4.5 - 'editcatalogue.php' Cross-Site Scripting AShop Deluxe 4.5 - 'salesadmin.php' Cross-Site Scripting MyBloggie 2.1.5 - 'index.php' PATH_INFO Parameter Cross-Site Scripting MyBloggie 2.1.5 - 'index.php' Cross-Site Scripting MyBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting MyBloggie 2.1.5 - 'login.php' Cross-Site Scripting Smart Guard Network Manager 6.3.2 - SQL Injection WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery	2016-12-14 05:01:23 +00:00
Offensive Security	0231ae9ba7	DB: 2016-12-09 5 new exploits Dual DHCP DNS Server 7.29 - Denial of Service TP-LINK TD-W8951ND - Denial of Service OpenSSH 7.2 - Denial of Service Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Advanced Webhost Billing System (AWBS) - cart2.php Remote File Inclusion Advanced Webhost Billing System (AWBS) 2.4.0 - 'cart2.php' Remote File Inclusion AWBS 2.7.1 - (news.php viewnews) SQL Injection Anata CMS 1.0b5 - (change.php) Arbitrary Add Admin Advanced Webhost Billing System (AWBS) 2.7.1 - 'news.php' SQL Injection Anata CMS 1.0b5 - 'change.php' Arbitrary Add Admin Simple Machines Forum 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass Simple Machines Forum (SMF) 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass Simple Machines Forum (SMF) - Multiple Security Vulnerabilities Simple Machines Forum (SMF) 1.1.10/2.0 RC2 - Multiple Security Vulnerabilities Advanced Webhost Billing System 2.2.2 - contact.php Multiple Cross-Site Scripting Vulnerabilities Advanced Webhost Billing System 2.9.2 - 'oid' Parameter SQL Injection Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' Parameter SQL Injection Simple Machines Forum (SMF) 2.0.2 - 'index.php' scheduled Parameter Cross-Site Scripting Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Parameter Cross-Site Scripting Cisco Unified Communications Manager 7/8/9 - Directory Traversal	2016-12-09 05:01:19 +00:00
Offensive Security	855e59f932	DB: 2016-12-07 9 new exploits MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC) Asterisk - (SIP channel driver / in pedantic mode) Remote Crash Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC) Asterisk 1.2.x - (SIP channel driver / in pedantic mode) Remote Crash F5 BIG-IP - Remote Root Authentication Bypass (1) F5 BIG-IP - Authentication Bypass (1) Ntpd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow NetCat 0.7.1 - Denial of Service Microsoft Event Viewer 1.0 - XML External Entity Injection Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection Apache CouchDB 2.0.0 - Local Privilege Escalation Samba 2.2.8 - Remote Root Exploit Samba 2.2.8 - Remote Code Execution Microsoft Windows - WebDAV Remote Root Exploit (2) Microsoft Windows - WebDAV Remote Code Execution (2) Microsoft IIS 5.0 - WebDAV Remote Root Exploit (3) (xwdav) Microsoft IIS 5.0 - WebDAV Remote Code Execution (3) (xwdav) miniSQL (mSQL) 1.3 - Remote GID Root Exploit miniSQL (mSQL) 1.3 - GID Remote Code Execution Real Server 7/8/9 (Windows / Linux) - Remote Root Exploit GtkFtpd 1.0.4 - Remote Root Buffer Overflow Real Server 7/8/9 (Windows / Linux) - Remote Code Execution GtkFtpd 1.0.4 - Buffer Overflow Solaris Sadmind - Default Configuration Remote Root Exploit Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit Solaris Sadmind - Default Configuration Remote Code Execution Knox Arkeia Pro 5.1.12 - Backup Remote Code Execution ProFTPd 1.2.9rc2 - ASCII File Remote Root Exploit ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution ProFTPd 1.2.7 < 1.2.9rc2 - Remote Root / Brute Force Exploit ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execution / Brute Force Cyrus IMSPD 1.7 - abook_dbname Remote Root Exploit Cyrus IMSPD 1.7 - 'abook_dbname' Remote Code Execution Ethereal 0.10.0 < 0.10.2 - IGAP Overflow Remote Root Exploit Ethereal 0.10.0 < 0.10.2 - IGAP Overflow Monit 4.1 - Remote Root Buffer Overflow Monit 4.2 - Remote Root Buffer Overflow Monit 4.1 - Buffer Overflow Monit 4.2 - Buffer Overflow INND/NNRP < 1.6.x - Remote Root Overflow INND/NNRP < 1.6.x - Overflow Exploit LPRng (RedHat 7.0) - lpd Remote Root Format String LPRng (RedHat 7.0) - 'lpd' Format String BeroFTPD 1.3.4(1) (Linux/x86) - Remote Root Exploit BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution BIND 8.2.x - (TSIG) Remote Root Stack Overflow (1) BIND 8.2.x - (TSIG) Remote Root Stack Overflow (2) BIND 8.2.x - (TSIG) Remote Root Stack Overflow (3) BIND 8.2.x - (TSIG) Remote Root Stack Overflow (4) BIND 8.2.x - (TSIG) Stack Overflow (1) BIND 8.2.x - (TSIG) Stack Overflow (2) BIND 8.2.x - (TSIG) Stack Overflow (3) BIND 8.2.x - (TSIG) Stack Overflow (4) HP Web JetAdmin 6.5 - (connectedNodes.ovpl) Remote Root Exploit HP Web JetAdmin 6.5 - 'connectedNodes.ovpl' Remote Code Execution CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow Root Exploit CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow Solaris /bin/login (SPARC/x86) - Remote Root Exploit Solaris /bin/login (SPARC/x86) - Remote Code Execution Drcat 0.5.0-beta - (drcatd) Remote Root Exploit Drcat 0.5.0-beta - 'drcatd' Remote Code Execution Dropbear SSH 0.34 - Remote Root Exploit Dropbear SSH 0.34 - Remote Code Execution Apple Mac OSX 10.3.3 - AppleFileServer Remote Root Overflow Apple Mac OSX 10.3.3 - AppleFileServer Overflow Remote Code Execution Monit 4.2 - Basic Authentication Remote Root Exploit Monit 4.2 - Basic Authentication Remote Code Execution WvTFTPd 0.9 - Remote Root Heap Overflow WvTFTPd 0.9 - Heap Overflow Qwik SMTP 0.3 - Remote Root Format String Qwik SMTP 0.3 - Format String Citadel/UX 6.27 - Remote Root Format String Citadel/UX 6.27 - Format String Knox Arkeia Server Backup 5.3.x - Remote Root Exploit Knox Arkeia Server Backup 5.3.x - Remote Code Execution Smail 3.2.0.120 - Remote Root Heap Overflow mtftpd 0.0.3 - Remote Root Exploit Smail 3.2.0.120 - Heap Overflow mtftpd 0.0.3 - Remote Code Execution dSMTP Mail Server 3.1b - Linux Remote Root Format String dSMTP Mail Server 3.1b (Linux) - Format String Exploit IPSwitch IMail Server 8.15 - IMAPD Remote Root Exploit IPSwitch IMail Server 8.15 - IMAPD Remote Code Execution linux-ftpd-ssl 0.17 - (MKD/CWD) Remote Root Exploit linux-ftpd-ssl 0.17 - 'MKD'/'CWD' Remote Code Execution MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow GNU InetUtils ftpd 1.4.2 - (ld.so.preload) Remote Root Exploit GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution ProFTPd 1.2.9 rc2 - (ASCII File) Remote Root Exploit ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution dproxy-nexgen (Linux/x86) - Remote Root Buffer Overflow dproxy-nexgen (Linux/x86) - Buffer Overflow Kerberos 1.5.1 - Kadmind Remote Root Buffer Overflow Kerberos 1.5.1 - Kadmind Buffer Overflow webdesproxy 0.0.1 - GET Request Remote Root Exploit (exec-shield) webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Root Exploit VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow Alt-N MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow Sun Solaris 10 - rpc.ypupdated Remote Root Exploit Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Code Execution Sun Solaris 10 - rpc.ypupdated Remote Root Exploit (Metasploit) Sun Solaris 10 - rpc.ypupdated Remote Code Execution (Metasploit) Trixbox 2.6.1 - (langChoice) Remote Root Exploit (Python) Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python) Solaris 9 (UltraSPARC) - sadmind Remote Root Exploit Solaris 9 (UltraSPARC) - sadmind Remote Code Execution Apache SpamAssassin Milter Plugin 0.3.1 - Remote Root Command Execution Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution Microworld eScan AntiVirus < 3.x - Remote Root Command Execution Microworld eScan AntiVirus < 3.x - Remote Code Execution AIX5l with FTP-Server - Remote Root Hash Disclosure AIX5l with FTP-Server - Hash Disclosure McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Root Remote Code Execution) McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution) ProFTPd 1.3.3c - Compromised Source Remote Root Trojan ProFTPd 1.3.3c - Compromised Source (Trojan) Remote Code Execution Comtrend ADSL Router CT-5367 C01_R12 - Remote Root Exploit Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit) Alt-N MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit) ACTi ASOC 2200 Web Configurator 2.6 - Remote Root Command Execution ACTi ASOC 2200 Web Configurator 2.6 - Remote Command Execution DreamBox DM800 1.5rc1 - Remote Root File Disclosure DreamBox DM800 1.5rc1 - File Disclosure TelnetD encrypt_keyid - Remote Root Function Pointer Overwrite TelnetD encrypt_keyid - Function Pointer Overwrite F5 BIG-IP - Remote Root Authentication Bypass (2) MySQL - Remote Root Authentication Bypass F5 BIG-IP - Authentication Bypass (2) MySQL - Authentication Bypass ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection ManageEngine Security Manager Plus 5.5 build 5505 - Remote Root/SYSTEM SQL Injection WIDZ 1.0/1.5 - Remote Root Compromise WIDZ 1.0/1.5 - Remote Code Execution Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH) DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow proManager 0.73 - (note.php) SQL Injection ProManager 0.73 - 'note.php' SQL Injection pNews 1.1.0 - (nbs) Remote File Inclusion pNews 1.1.0 - 'nbs' Parameter Remote File Inclusion Power Phlogger 2.0.9 - (config.inc.php3) File Inclusion Power Phlogger 2.0.9 - 'config.inc.php3' File Inclusion eFiction 3.1.1 - (path_to_smf) Remote File Inclusion eFiction 3.1.1 - 'path_to_smf' Remote File Inclusion FlexPHPNews 0.0.5 - (news.php newsid) SQL Injection FlexPHPNews 0.0.5 - 'newsid' Parameter SQL Injection Achievo 1.1.0 - (atk.inc config_atkroot) Remote File Inclusion Achievo 1.1.0 - 'config_atkroot' Parameter Remote File Inclusion SimpNews 2.40.01 - (print.php newnr) SQL Injection SimpNews 2.40.01 - 'newnr' Parameter SQL Injection PHPNews 0.93 - (format_menue) Remote File Inclusion PHPNews 0.93 - 'format_menue' Parameter Remote File Inclusion meBiblio 0.4.5 - (index.php action) Remote File Inclusion meBiblio 0.4.5 - 'action' Parameter Remote File Inclusion Joomla! Component rapidrecipe 1.6.5 - SQL Injection Joomla! Component Rapid Recipe 1.6.5 - SQL Injection mebiblio 0.4.7 - (SQL Injection / Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities mebiblio 0.4.7 - SQL Injection / Arbitrary File Upload / Cross-Site Scripting pLog - 'albumID' SQL Injection smeweb 1.4b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities PLog 1.0.6 - 'albumID' Parameter SQL Injection smeweb 1.4b - SQL Injection / Cross-Site Scripting Joomla! Component joomradio 1.0 - 'id' SQL Injection Joomla! Component JoomRadio 1.0 - 'id' Parameter SQL Injection Battle Blog 1.25 - (comment.asp) SQL Injection Battle Blog 1.25 - 'comment.asp' SQL Injection 1Book Guestbook Script - Code Execution 1Book Guestbook Script 1.0.1 - Code Execution PHP-Address Book 3.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Joomla! Component EasyBook 1.1 - (gbid) SQL Injection 427bb 2.3.1 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting Joomla! Component EasyBook 1.1 - 'gbid' Parameter SQL Injection 427bb 2.3.1 - SQL Injection / Cross-Site Scripting Power Phlogger 2.2.5 - (css_str) SQL Injection pSys 0.7.0.a - (shownews) SQL Injection Joomla! Component JoomlaDate - (user) SQL Injection Power Phlogger 2.2.5 - 'css_str' Parameter SQL Injection pSys 0.7.0.a - 'shownews' Parameter SQL Injection Joomla! Component JoomlaDate 1.2 - 'user' Parameter SQL Injection JiRo?s FAQ Manager (read.asp fID) 1.0 - SQL Injection phpinv 0.8.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Joomla! Component yvcomment 1.16 - Blind SQL Injection JiRo's FAQ Manager eXperience 1.0 - 'fID' Parameter SQL Injection phpinv 0.8.0 - Local File Inclusion / Cross-Site Scripting Joomla! Component yvComment 1.16 - Blind SQL Injection BrowserCRM 5.002.00 - (clients.php) Remote File Inclusion BrowserCRM 5.002.00 - 'clients.php' Remote File Inclusion Joomla! Component rapidrecipe - SQL Injection Joomla! Component Rapid Recipe 1.6.6/1.6.7 - SQL Injection Joomla! Component iJoomla! News Portal - 'itemID' SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' Parameter SQL Injection real estate Web site 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities telephone directory 2008 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ASPilot Pilot Cart 7.3 - (article) SQL Injection real estate Web site 1.0 - SQL Injection / Cross-Site Scripting Telephone Directory 2008 - SQL Injection / Cross-Site Scripting ASPilot Pilot Cart 7.3 - 'article' Parameter SQL Injection Flux CMS 1.5.0 - (loadsave.php) Arbitrary File Overwrite pNews 2.08 - (shownews) SQL Injection Flux CMS 1.5.0 - 'loadsave.php' Arbitrary File Overwrite pNews 2.08 - 'shownews' Parameter SQL Injection ErfurtWiki R1.02b - (css) Local File Inclusion DCFM Blog 0.9.4 - (comments) SQL Injection yblog 0.2.2.2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Insanely Simple Blog 0.5 - (index) SQL Injection ASPPortal Free Version - 'Topic_Id' SQL Injection Experts 1.0.0 - (answer.php) SQL Injection SyndeoCMS 2.6.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ErfurtWiki R1.02b - Local File Inclusion DCFM Blog 0.9.4 - SQL Injection Yblog 0.2.2.2 - Cross-Site Scripting / SQL Injection Insanely Simple Blog 0.5 - SQL Injection ASPPortal Free Version - 'Topic_Id' Parameter SQL Injection Experts 1.0.0 - 'answer.php' SQL Injection SyndeoCMS 2.6.0 - Local File Inclusion / Cross-Site Scripting Yuhhu 2008 SuperStar - 'board' SQL Injection Yuhhu 2008 SuperStar - 'board' Parameter SQL Injection eFiction 3.0 - (toplists.php list) SQL Injection eFiction 3.0 - 'toplists.php' SQL Injection pSys 0.7.0 Alpha - (chatbox.php) SQL Injection pSys 0.7.0 Alpha - 'chatbox.php' SQL Injection pNews 2.03 - (newsid) SQL Injection pNews 2.03 - 'newsid' Parameter SQL Injection Joomla! Component JooBlog 0.1.1 - (PostID) SQL Injection Joomla! Component JooBlog 0.1.1 - 'PostID' Parameter SQL Injection FlexPHPNews 0.0.6 & PRO - (Authentication Bypass) SQL Injection FlexPHPNews 0.0.6 & PRO - Authentication Bypass E-ShopSystem - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities E-ShopSystem - Authentication Bypass / SQL Injection Battle Blog 1.25 - (uploadform.asp) Arbitrary File Upload Battle Blog 1.25 - 'uploadform.asp' Arbitrary File Upload 427BB Fourtwosevenbb 2.3.2 - SQL Injection 427BB 2.3.2 - SQL Injection Joomla! Component 'com_joomradio' - SQL Injection Joomla! Component JoomRadio 1.0 - SQL Injection Joomla! Component 'com_elite_experts' - SQL Injection Joomla! Component Elite Experts - SQL Injection ASPilot Pilot Cart 7.3 - newsroom.asp SQL Injection ASPilot Pilot Cart 7.3 - 'newsroom.asp' SQL Injection Contrexx ShopSystem 2.2 SP3 (catId) - Blind SQL Injection Contrexx ShopSystem 2.2 SP3 - 'catId' Parameter Blind SQL Injection Comtrend Router CT-5624 - Remote Root/Support Password Disclosure/Change Exploit Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit alt-n mdaemon free 12.5.4 - Persistent Cross-Site Scripting Alt-N MDaemon free 12.5.4 - Persistent Cross-Site Scripting SimpNews 2.0.1/2.13 - PATH_SIMPNEWS Remote File Inclusion SimpNews 2.0.1/2.13 - 'path_simpnews' Parameter Remote File Inclusion PHPNews 1.2.3/1.2.4 - auth.php Remote File Inclusion PHPNews 1.2.3/1.2.4 - 'auth.php' Remote File Inclusion PHPSysInfo 2.0/2.3 - 'index.php' sensor_program Parameter Cross-Site Scripting PHPSysInfo 2.0/2.3 - system_footer.php Multiple Parameter Cross-Site Scripting PHPSysInfo 2.0/2.3 - 'sensor_program' Parameter Cross-Site Scripting PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting Seowonintech Routers fw: 2.3.9 - Remote Root File Disclosure Seowonintech Routers fw: 2.3.9 - File Disclosure PHPNews 1.2.x - auth.php SQL Injection PHPNews 1.2.x - 'auth.php' SQL Injection efiction 1.0/1.1/2.0 - titles.php let Parameter Cross-Site Scripting efiction 1.0/1.1/2.0 - titles.php let Parameter SQL Injection efiction 1.0/1.1/2.0 - viewstory.php sid Parameter SQL Injection efiction 1.0/1.1/2.0 - viewuser.php uid Parameter SQL Injection efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting efiction 1.0/1.1/2.0 - 'titles.php' SQL Injection efiction 1.0/1.1/2.0 - 'sid' Parameter SQL Injection efiction 1.0/1.1/2.0 - 'uid' Parameter SQL Injection 427BB 2.2 - showthread.php SQL Injection 427BB 2.2 - 'showthread.php' SQL Injection BrowserCRM - results.php Cross-Site Scripting Simpnews 2.x - Wap_short_news.php Remote File Inclusion Simpnews 2.x - 'Wap_short_news.php' Remote File Inclusion ZYXEL Prestige 660H-61 ADSL Router - RPSysAdmin.HTML Cross-Site Scripting ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting Yblog - funk.php id Parameter Cross-Site Scripting Yblog - tem.php action Parameter Cross-Site Scripting Yblog - uss.php action Parameter Cross-Site Scripting Yblog - 'funk.php' Cross-Site Scripting Yblog - 'tem.php' Cross-Site Scripting Yblog - 'uss.php' Cross-Site Scripting Simpnews 2.x - admin/index.php Unspecified Cross-Site Scripting Simpnews 2.x - admin/pwlost.php Unspecified Cross-Site Scripting Simpnews 2.x - 'index.php' Cross-Site Scripting Simpnews 2.x - 'pwlost.php' Cross-Site Scripting PHPNews 1.3 - Link_Temp.php Multiple Cross-Site Scripting Vulnerabilities PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting Insanely Simple Blog 0.4/0.5 - 'index.php' current_subsection Parameter SQL Injection Insanely Simple Blog 0.4/0.5 - Blog Anonymous Blog Entry Cross-Site Scripting Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting SimpNews 2.41.3 - admin/layout2b.php l_username Parameter Cross-Site Scripting SimpNews 2.41.3 - comment.php backurl Parameter Cross-Site Scripting SimpNews 2.41.3 - 'l_username' Parameter Cross-Site Scripting SimpNews 2.41.3 - 'backurl' Parameter Cross-Site Scripting BrowserCRM 5.100.1 - modules/Documents/version_list.php parent_id Parameter SQL Injection BrowserCRM 5.100.1 - modules/Documents/index.php contact_id Parameter SQL Injection BrowserCRM 5.100.1 - Multiple Script URI Cross-Site Scripting BrowserCRM 5.100.1 - license/index.php framed Parameter Cross-Site Scripting BrowserCRM 5.100.1 - licence/view.php framed Parameter Cross-Site Scripting BrowserCRM 5.100.1 - pub/clients.php login[] Parameter Cross-Site Scripting BrowserCRM 5.100.1 - 'index.php' login[] Parameter Cross-Site Scripting BrowserCRM 5.100.1 - 'parent_id' Parameter SQL Injection BrowserCRM 5.100.1 - 'contact_id' Parameter SQL Injection BrowserCRM 5.100.1 - URI Cross-Site Scripting BrowserCRM 5.100.1 - 'framed' Parameter Cross-Site Scripting Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting	2016-12-07 05:01:17 +00:00
Offensive Security	aa4fced35c	DB: 2016-12-05	2016-12-05 05:01:20 +00:00
Offensive Security	91b12c469e	DB: 2016-11-29 16 new exploits rdesktop 1.5.0 - iso_recv_msg() Integer Underflow (PoC) rdesktop 1.5.0 - process_redirect_pdu() BSS Overflow (PoC) rdesktop 1.5.0 - 'iso_recv_msg()' Integer Underflow (PoC) rdesktop 1.5.0 - 'process_redirect_pdu()' BSS Overflow (PoC) NTP 4.2.8p3 - Denial of Service Microsoft Internet Explorer 8 MSHTML - 'SRunPointer::SpanQualifier/RunType' Out-Of-Bounds Read (MS15-009) Microsoft Internet Explorer 11 MSHTML - 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion Microsoft Internet Explorer 10 MSHTML - 'CEditAdorner::Detach' Use-After-Free (MS13-047) Microsoft Internet Explorer 8 / 9 / 10 / 11 MSHTML - 'DOMImplementation' Type Confusion (MS16-009) Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation Linux Kernel 2.6.x < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Privilege Escalation Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86_64) - 'compat' Privilege Escalation Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86_64) - 'sock_diag_handlers[]' Privilege Escalation (1) Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1) Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Privilege Escalation (2) Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access) Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (Write Access) Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (Write Access) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation TFTP Server 1.4 - Buffer Overflow Remote Exploit (2) TFTP Server 1.4 - Remote Buffer Overflow (2) TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit) TFTP Server 1.4 - ST WRQ Buffer Overflow (Metasploit) Android - 'BadKernel' Remote Code Execution VX Search Enterprise 9.1.12 - Buffer Overflow Sync Breeze Enterprise 9.1.16 - Buffer Overflow Disk Sorter Enterprise 9.1.12 - Buffer Overflow Dup Scout Enterprise 9.1.14 - Buffer Overflow Disk Savvy Enterprise 9.1.14 - Buffer Overflow Disk Pulse Enterprise 9.1.16 - Buffer Overflow Linux/x86 - Egg-hunter Shellcode (25 bytes) Linux/x86 - Egg-hunter Shellcode (31 bytes) RunCMS 1.2 - (class.forumposts.php) Arbitrary Remote File Inclusion RunCMS 1.2 - 'class.forumposts.php' Arbitrary Remote File Inclusion CMS Faethon 1.3.2 - (mainpath) Remote File Inclusion CMS Faethon 1.3.2 - 'mainpath' Parameter Remote File Inclusion CMS Faethon 2.0 - (mainpath) Remote File Inclusion CMS Faethon 2.0 - 'mainpath' Parameter Remote File Inclusion SazCart 1.5 - (cart.php) Remote File Inclusion SazCart 1.5 - 'cart.php' Remote File Inclusion Cyberfolio 2.0 RC1 - (av) Remote File Inclusion Cyberfolio 2.0 RC1 - 'av' Parameter Remote File Inclusion FipsCMS 4.5 - (index.asp) SQL Injection FipsCMS 4.5 - 'index.asp' SQL Injection AJ Classifieds 1.0 - (postingdetails.php) SQL Injection AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection RunCMS 1.5.2 - (debug_show.php) SQL Injection RunCMS 1.5.2 - 'debug_show.php' SQL Injection OneCMS 2.4 - (userreviews.php abc) SQL Injection OneCMS 2.4 - 'abc' Parameter SQL Injection RunCMS 1.6 - disclaimer.php Remote File Overwrite RunCMS 1.6 - 'disclaimer.php' Remote File Overwrite PHPEasyData 1.5.4 - 'cat_id' SQL Injection FipsCMS - 'print.asp lg' SQL Injection Galleristic 1.0 - (index.php cat) SQL Injection gameCMS Lite 1.0 - (index.php systemId) SQL Injection PHPEasyData 1.5.4 - 'cat_id' Parameter SQL Injection FipsCMS 2.1 - 'print.asp' SQL Injection Galleristic 1.0 - 'cat' Parameter SQL Injection GameCMS Lite 1.0 - 'systemId' Parameter SQL Injection CMS Faethon 2.2 Ultimate - (Remote File Inclusion / Cross-Site Scripting) Multiple Remote Vulnerabilities CMS Faethon 2.2 Ultimate - Remote File Inclusion / Cross-Site Scripting MusicBox 2.3.7 - (artistId) SQL Injection RunCMS 1.6.1 - (msg_image) SQL Injection MusicBox 2.3.7 - 'artistId' Parameter SQL Injection RunCMS 1.6.1 - 'msg_image' Parameter SQL Injection vShare YouTube Clone 2.6 - (tid) SQL Injection vShare YouTube Clone 2.6 - 'tid' Parameter SQL Injection Cyberfolio 7.12 - (rep) Remote File Inclusion miniBloggie 1.0 - (del.php) Arbitrary Delete Post Cyberfolio 7.12 - 'rep' Parameter Remote File Inclusion miniBloggie 1.0 - 'del.php' Arbitrary Delete Post SazCart 1.5.1 - (prodid) SQL Injection SazCart 1.5.1 - 'prodid' Parameter SQL Injection Phoenix View CMS Pre Alpha2 - (SQL Injection / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Phoenix View CMS Pre Alpha2 - SQL Injection / Local File Inclusion / Cross-Site Scripting Ktools Photostore 3.5.1 - (gallery.php gid) SQL Injection Ktools Photostore 3.5.1 - 'gid' Parameter SQL Injection Joomla! Component com_datsogallery 1.6 - Blind SQL Injection Joomla! Component Datsogallery 1.6 - Blind SQL Injection Vortex CMS - 'index.php pageid' Blind SQL Injection AJ Article 1.0 - (featured_article.php) SQL Injection AJ Auction 6.2.1 - (classifide_ad.php) SQL Injection Vortex CMS - 'pageid' Parameter Blind SQL Injection AJ Article 1.0 - 'featured_article.php' SQL Injection AJ Auction 6.2.1 - 'classifide_ad.php' SQL Injection clanlite 2.x - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ClanLite 2.x - SQL Injection / Cross-Site Scripting OneCMS 2.5 - (install_mod.php) Local File Inclusion OneCMS 2.5 - 'install_mod.php' Local File Inclusion AJ Auction Web 2.0 - (cate_id) SQL Injection AJ Auction 1.0 - 'id' SQL Injection AJ Auction Web 2.0 - 'cate_id' Parameter SQL Injection AJ Auction 1.0 - 'id' Parameter SQL Injection FipsCMS Light 2.1 - (r) SQL Injection FipsCMS Light 2.1 - 'r' Parameter SQL Injection AJ Auction Pro Platinum Skin - 'detail.php item_id' SQL Injection AJ Auction Pro Platinum Skin - 'item_id' Parameter SQL Injection AJ Auction Pro Platinum - (seller_id) SQL Injection AJ Auction Pro Platinum - 'seller_id' Parameter SQL Injection miniBloggie 1.0 - (del.php) Blind SQL Injection miniBloggie 1.0 - 'del.php' Blind SQL Injection AJ Article - 'featured_article.php mode' SQL Injection AJ ARTICLE - (Authentication Bypass) SQL Injection AJ Article 1.0 - Authentication Bypass Cyberfolio 7.12.2 - (css.php theme) Local File Inclusion Cyberfolio 7.12.2 - 'theme' Parameter Local File Inclusion AJ ARTICLE - Remote Authentication Bypass AJ Article 1.0 - Remote Authentication Bypass MusicBox 2.3.8 - (viewalbums.php artistId) SQL Injection MusicBox 2.3.8 - 'viewalbums.php' SQL Injection AJ Auction Pro OOPD 2.3 - 'id' SQL Injection AJ Auction Pro OOPD 2.3 - 'id' Parameter SQL Injection BigACE CMS 2.5 - 'Username' SQL Injection BigACE 2.5 - SQL Injection ZeusCart 2.3 - 'maincatid' SQL Injection ZeusCart 2.3 - 'maincatid' Parameter SQL Injection BigACE CMS 2.6 - (cmd) Local File Inclusion BigACE 2.6 - 'cmd' Parameter Local File Inclusion RunCMS 1.6.3 - (double ext) Remote Shell Injection RunCMS 1.6.3 - Remote Shell Injection AJ Auction Pro OOPD 2.x - (store.php id) SQL Injection AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection RunCMS 2m1 - store() SQL Injection RunCMS 2ma - post.php SQL Injection RunCMS 2m1 - 'store()' SQL Injection RunCMS 2ma - 'post.php' SQL Injection AJ Article - Persistent Cross-Site Scripting AJ Article 3.0 - Cross-Site Scripting admidio 2.3.5 - Multiple Vulnerabilities Admidio 2.3.5 - Multiple Vulnerabilities RunCMS 1.1/1.2 Newbb_plus and Messages Modules - Multiple SQL Injections RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection MusicBox 2.3 - Type Parameter SQL Injection MusicBox 2.3 - 'type' Parameter SQL Injection RunCMS 1.x - Bigshow.php Cross-Site Scripting RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting RunCMS 1.2/1.3 - PMLite.php SQL Injection RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection RunCMS 1.x - Ratefile.php Cross-Site Scripting RunCMS 1.x - 'Ratefile.php' Cross-Site Scripting BigACE CMS 2.7.8 - Cross-Site Request Forgery (Add Admin) BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin) MusicBox 2.3 - 'index.php' Multiple Parameter SQL Injection MusicBox 2.3 - 'index.php' Multiple Parameter Cross-Site Scripting MusicBox 2.3 - cart.php Multiple Parameter Cross-Site Scripting MusicBox 2.3 - 'index.php' SQL Injection MusicBox 2.3 - 'index.php' Cross-Site Scripting MusicBox 2.3 - 'cart.php' Cross-Site Scripting MusicBox 2.3.4 - Page Parameter SQL Injection MusicBox 2.3.4 - 'page' Parameter SQL Injection MyWebland miniBloggie 1.0 - Fname Remote File Inclusion miniBloggie 1.0 - 'Fname' Remote File Inclusion BigACE 1.8.2 - item_main.php GLOBALS Parameter Remote File Inclusion BigACE 1.8.2 - upload_form.php GLOBALS Parameter Remote File Inclusion BigACE 1.8.2 - download.cmd.php GLOBALS Parameter Remote File Inclusion BigACE 1.8.2 - admin.cmd.php GLOBALS Parameter Remote File Inclusion BigACE 1.8.2 - 'item_main.php' Remote File Inclusion BigACE 1.8.2 - 'upload_form.php' Remote File Inclusion BigACE 1.8.2 - 'download.cmd.php' Remote File Inclusion BigACE 1.8.2 - 'admin.cmd.php' Remote File Inclusion ClanLite - Config-PHP.php Remote File Inclusion ClanLite - 'conf-php.php' Remote File Inclusion FipsCMS 2.1 - PID Parameter SQL Injection FipsCMS 2.1 - 'pid' Parameter SQL Injection RunCMS 1.6.1 - votepolls.php bbPath[path] Parameter Remote File Inclusion RunCMS 1.6.1 - config.php bbPath[root_theme] Parameter Remote File Inclusion RunCMS 1.6.1 - 'bbPath[path]' Parameter Remote File Inclusion RunCMS 1.6.1 - 'bbPath[root_theme]' Parameter Remote File Inclusion FipsCMS 2.1 - 'forum/neu.asp' SQL Injection FipsCMS 2.1 - 'neu.asp' SQL Injection OneCMS 2.6.1 - admin/admin.php cat Parameter Cross-Site Scripting OneCMS 2.6.1 - search.php search Parameter SQL Injection OneCMS 2.6.1 - admin/admin.php Short1 Parameter Cross-Site Scripting OneCMS 2.6.1 - 'cat' Parameter Cross-Site Scripting OneCMS 2.6.1 - 'search' Parameter SQL Injection OneCMS 2.6.1 - 'short1' Parameter Cross-Site Scripting RunCMS 'partners' Module - 'id' Parameter SQL Injection RunCMS Module Partners - 'id' Parameter SQL Injection Zeuscart v.4 - Multiple Vulnerabilities Zeuscart 4.0 - Multiple Vulnerabilities BigACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal BigACE 2.7.5 - 'LANGUAGE' Parameter Directory Traversal Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting Red Hat JBoss EAP - Deserialization of Untrusted Data	2016-11-29 05:01:20 +00:00
Offensive Security	38038a7128	DB: 2016-11-24 6 new exploits Linux Kernel 2.6.32-642 / 3.16.0-4 - 'inode' Integer Overflow UCanCode - Multiple Vulnerabilities Linux Kernel 2.6.9 <= 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (1) Linux Kernel 2.6.9 <= 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (2) Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (1) Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (2) Microsoft Windows Server 2008/2012 - LDAP RootDSE Netlogon Denial of Service (PoC) Microsoft Windows Server 2008/2012 - LDAP RootDSE Netlogon Denial of Service Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (PoC) (1) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (PoC) (2) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation (3) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (PoC) (1) Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Privilege Escalation (2) Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (PoC) Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Privilege Escalation Linux Kernel 2.6.9 / 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow Privilege Escalation Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Privilege Escalation Linux Kernel 2.6.30 < 2.6.30.1 / SELinux (RHEL 5) - Privilege Escalation Linux Kernel 2.6.9 / 2.6.11 (RHEL4) - SYS_EPoll_Wait Local Integer Overflow Privilege Escalation (2) Linux Kernel 2.6.18 - 'move_pages()' Information Leak Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak Linux Kenrel 2.6.10 < 2.6.31.5 - 'pipe.c' Privilege Escalation Windows x64 - Download & Execute Shellcode (358 bytes)	2016-11-24 05:01:19 +00:00
Offensive Security	dab1517032	DB: 2016-11-22 13 new exploits Borland Interbase 2007 - ibserver.exe Buffer Overflow (PoC) Borland Interbase 2007 - 'ibserver.exe' Buffer Overflow (PoC) Linux Kernel (Ubuntu / RedHat) - 'keyctl' Null Pointer Dereference Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Microsoft Edge Scripting Engine - Memory Corruption (MS16-129) Microsoft Edge - 'CTextExtractor::GetBlockText' Out-of-Bounds Read (MS16-104) Microsoft Internet Explorer 8 jscript - 'RegExpBase::FBadHeader' Use-After-Free (MS15-018) NTP 4.2.8p8 - Denial of Service Tumbleweed SecureTransport FileTransfer - ActiveX Buffer Overflow Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow Borland Interbase 2007 - PWD_db_aliased Buffer Overflow (Metasploit) Borland Interbase 2007 - 'PWD_db_aliased' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 sp2 - 'jrd8_create_database' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit) Borland Interbase - isc_create_database() Buffer Overflow (Metasploit) Borland Interbase - 'isc_create_database()' Buffer Overflow (Metasploit) Borland Interbase - isc_attach_database() Buffer Overflow (Metasploit) Borland Interbase - 'isc_attach_database()' Buffer Overflow (Metasploit) Borland Interbase - SVC_attach() Buffer Overflow (Metasploit) Borland Interbase - 'SVC_attach()' Buffer Overflow (Metasploit) Borland Interbase - Create-Request Buffer Overflow (Metasploit) Borland Interbase - 'Create-Request' Buffer Overflow (Metasploit) Borland Interbase - PWD_db_aliased() Buffer Overflow (Metasploit) Borland Interbase - open_marker_file() Buffer Overflow (Metasploit) Borland Interbase - 'PWD_db_aliased()' Buffer Overflow (Metasploit) Borland Interbase - 'open_marker_file()' Buffer Overflow (Metasploit) Borland Interbase - jrd8_create_database() Buffer Overflow (Metasploit) Borland Interbase - INET_connect() Buffer Overflow (Metasploit) Borland Interbase - 'jrd8_create_database()' Buffer Overflow (Metasploit) Borland Interbase - 'INET_connect()' Buffer Overflow (Metasploit) Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) phpunity.postcard - (gallery_path) Remote File Inclusion phpunity.postcard - 'gallery_path' Parameter Remote File Inclusion CcMail 1.0.1 - (update.php functions_dir) Remote File Inclusion CcMail 1.0.1 - 'functions_dir' Parameter Remote File Inclusion 1024 CMS 0.7 - (download.php item) Remote File Disclosure 1024 CMS 0.7 - 'download.php' Remote File Disclosure cpCommerce 1.1.0 - (category.php id_category) SQL Injection CPCommerce 1.1.0 - 'id_category' Parameter SQL Injection 1024 CMS 1.3.1 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities 1024 CMS 1.3.1 - Local File Inclusion / SQL Injection Mole 2.1.0 - (viewsource.php) Remote File Disclosure ChartDirector 4.1 - (viewsource.php) File Disclosure 724CMS 4.01 Enterprise - (index.php ID) SQL Injection My Gaming Ladder 7.5 - (ladderid) SQL Injection Mole 2.1.0 - 'viewsource.php' Remote File Disclosure ChartDirector 4.1 - 'viewsource.php' File Disclosure 724CMS 4.01 Enterprise - 'index.php' SQL Injection My Gaming Ladder 7.5 - 'ladderid' Parameter SQL Injection exbb 0.22 - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities Pligg CMS 9.9.0 - (editlink.php id) SQL Injection ExBB 0.22 - Local / Remote File Inclusion Pligg CMS 9.9.0 - 'editlink.php' SQL Injection Prediction Football 1.x - (matchid) SQL Injection Prediction Football 1.x - 'matchid' Parameter SQL Injection Free Photo Gallery Site Script - (path) File Disclosure Free Photo Gallery Site Script - 'path' Parameter File Disclosure LiveCart 1.1.1 - (category id) Blind SQL Injection Ksemail - 'index.php language' Local File Inclusion LiveCart 1.1.1 - 'id' Parameter Blind SQL Injection Ksemail - Local File Inclusion RX Maxsoft - 'popup_img.php fotoID' SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection RX Maxsoft - 'fotoID' Parameter SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' Parameter SQL Injection Pollbooth 2.0 - (pollID) SQL Injection cpcommerce 1.1.0 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities Pollbooth 2.0 - 'pollID' Parameter SQL Injection CPCommerce 1.1.0 - Cross-Site Scripting / Local File Inclusion SmallBiz eShop - (content_id) SQL Injection SmallBiz eShop - 'content_id' Parameter SQL Injection lightneasy sqlite / no database 1.2.2 - Multiple Vulnerabilities LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities PostcardMentor - 'step1.asp cat_fldAuto' SQL Injection PostcardMentor - 'cat_fldAuto' Parameter SQL Injection Pligg CMS 9.9.0 - (story.php id) SQL Injection Pligg CMS 9.9.0 - 'story.php' SQL Injection LokiCMS 0.3.4 - writeconfig() Remote Command Execution LokiCMS 0.3.4 - 'writeconfig()' Remote Command Execution cpCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass CPCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass cpCommerce 1.2.8 - (id_document) Blind SQL Injection CPCommerce 1.2.8 - 'id_document' Parameter Blind SQL Injection cpCommerce 1.2.x - GLOBALS[prefix] Arbitrary File Inclusion CPCommerce 1.2.x - 'GLOBALS[prefix]' Arbitrary File Inclusion ChartDirector 5.0.1 - (cacheId) Arbitrary File Disclosure ChartDirector 5.0.1 - 'cacheId' Parameter Arbitrary File Disclosure Pligg CMS 1.0.4 - (story.php?id) SQL Injection Pligg CMS 1.0.4 - 'story.php' SQL Injection 724CMS 4.59 Enterprise - SQL Injection 724CMS Enterprise 4.59 - SQL Injection lightneasy 3.2.2 - Multiple Vulnerabilities LightNEasy 3.2.2 - Multiple Vulnerabilities My Postcards 6.0 - MagicCard.cgi Arbitrary File Disclosure My Postcards 6.0 - 'MagicCard.cgi' Arbitrary File Disclosure Mambo Open Source 4.0.14 - PollBooth.php Multiple SQL Injection Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injection PhotoKorn 1.53/1.54 - postcard.php id Parameter SQL Injection PhotoKorn 1.53/1.54 - 'id' Parameter SQL Injection CPCommerce 1.1 - Manufacturer.php SQL Injection CPCommerce 1.1 - 'manufacturer.php' SQL Injection LiveCart 1.0.1 - user/remindPassword return Parameter Cross-Site Scripting LiveCart 1.0.1 - category q Parameter Cross-Site Scripting LiveCart 1.0.1 - order return Parameter Cross-Site Scripting LiveCart 1.0.1 - user/remindComplete email Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'q' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'email' Parameter Cross-Site Scripting Pligg CMS 1.x - module.php Multiple Parameter Cross-Site Scripting Pligg CMS 1.x - 'module.php' Multiple Parameter Cross-Site Scripting Pligg CMS 2.0.2 - (load_data_for_search.php) SQL Injection Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection CMS Made Simple 2.1.5 - Cross-Site Scripting Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery Mezzanine 4.2.0 - Cross-Site Scripting LEPTON 2.2.2 - SQL Injection LEPTON 2.2.2 - Remote Code Execution FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery FUDforum 3.0.6 - Local File Inclusion Wordpress Plugin Olimometer 2.56 - SQL Injection	2016-11-22 05:01:18 +00:00
Offensive Security	8948e76c12	DB: 2016-11-19 14 new exploits Microsoft Exchange 2000 - XEXCH50 Heap Overflow PoC (MS03-046) Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow PoC (MS03-046) Microsoft Windows - 'Jolt2.c' Denial of Service Microsoft Windows - 'Jolt2.c' Denial of Service (MS00-029) Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service (MS05-019) Ventrilo 2.3.0 - Remote Denial of Service (All Platforms) Ventrilo 2.3.0 (All Platforms) - Remote Denial of Service Microsoft Windows 2003/XP - (IGMP v3) Denial of Service (MS06-007) (1) Microsoft Windows Server 2003/XP - (IGMP v3) Denial of Service (MS06-007) (1) Microsoft Windows 2003/XP - (IGMP v3) Denial of Service (MS06-007) (2) Microsoft Windows Server 2003/XP - (IGMP v3) Denial of Service (MS06-007) (2) Microsoft Windows Vista - Access Violation from Limited Account Exploit (BSoD) Microsoft Windows Vista - Access Violation from Limited Account Exploit (Blue Screen of Death) Microsoft Windows 2003 - '.EOT' BSOD Crash Microsoft Windows 2003 - '.EOT' Blue Screen of Death Crash Microsoft Windows Vista/7 - SMB2.0 Negotiate Protocol Request Remote BSOD Microsoft Windows Vista/7 - SMB2.0 Negotiate Protocol Request Remote Blue Screen of Death (MS07-063) Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution (Metasploit) Microsoft Windows 2000<2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit) Google Chrome 4.1 - OOB Array Indexing Google Chrome 4.1 - Out-of-Bounds Array Indexing Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow 10-020 (PoC) Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC) CommView 6.1 (Build 636) - Local Denial of Service (BSOD) CommView 6.1 (Build 636) - Local Denial of Service (Blue Screen of Death) Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051) Microsoft Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051) Microsoft Cinepak Codec CVDecompress - Heap Overflow Microsoft Cinepak Codec CVDecompress - Heap Overflow (MS10-055) Microsoft Unicode Scripts Processor - Remote Code Execution Microsoft Unicode Scripts Processor - Remote Code Execution (MS10-063) Microsoft Office - HtmlDlgHelper Class Memory Corruption Microsoft Office - HtmlDlgHelper Class Memory Corruption (MS10-071) Microsoft Plug and Play Service - Overflow Exploit (Metasploit) Microsoft Plug and Play Service - Overflow Exploit (MS05-039) (Metasploit) Microsoft Excel - Axis Properties Record Parsing Buffer Overflow (PoC) Microsoft Excel - Axis Properties Record Parsing Buffer Overflow (PoC) (MS11-02) Microsoft HyperV - Persistent Denial of Service Microsoft HyperV - Persistent Denial of Service (MS11-047) Crush FTP 5 - 'APPE' command Remote JVM BSOD (PoC) Crush FTP 5 - 'APPE' command Remote JVM Blue Screen of Death (PoC) Microsoft WINS Service 5.2.3790.4520 - Memory Corruption Microsoft WINS - ECommEndDlg Input Validation Error Microsoft WINS Service 5.2.3790.4520 - Memory Corruption (MS11-035) Microsoft WINS - ECommEndDlg Input Validation Error (MS11-035/MS11-070) Win32k - Null Pointer De-reference PoC (MS11-077) Microsoft Win32k - Null Pointer De-reference PoC (MS11-077) Winows 7 keylayout - Blue Screen Microsoft Winows 7 - Keyoard Layout Blue Screen of Death (MS10-073) Apple Safari - GdiDrawStream BSoD Apple Safari - GdiDrawStream Blue Screen of Death PeerBlock 1.1 - BSOD Exploit PeerBlock 1.1 - Blue Screen of Death Exploit .NET Framework EncoderParameter - Integer Overflow Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025) Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (Post MS12-034) Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (MS12-034) Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037/MS12-039/MS12-050) Microsoft Windows Media Services 4.0/4.1 - Denial of Service Microsoft Windows Media Services 4.0/4.1 - Denial of Service (MS00-038) Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service (2) Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service (MS00-040) (2) Microsoft Windows NT 4.0 - Invalid LPC Request Denial of Service Microsoft Windows NT 4.0 - Invalid LPC Request Denial of Service (MS00-070) Microsoft IIS 4.0/5.0 - FTP Denial of Service Microsoft IIS 4.0/5.0 - FTP Denial of Service (MS01-026) Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service (MS03-031) Microsoft Windows XP/2000 - showHelp CHM File Execution Microsoft Windows XP/2000 - showHelp '.CHM' File Execution (MS03-004) Microsoft Windows 2000/2003/XP - MSDTC TIP Denial of Service Microsoft Windows 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051) Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption Vulnerabilities Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption Vulnerabilities (MS06-012) DirectShow - Arbitrary Memory Overwrite (MS13-056) Microsoft DirectShow - Arbitrary Memory Overwrite (MS13-056) Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (1) Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (MS08-025) (1) Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow (MS11-083) Microsoft Windows - 'ATMFD.dll' CharString Stream Out-of-Bounds Reads Microsoft Windows - 'ATMFD.dll' CharString Stream Out-of-Bounds Reads (MS15-021) Google Chrome - open-vcdiff OOB Read in Browser Process Integer Overflow Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow Avast! - OOB Write Decrypting PEncrypt Packed executables Avast! - Out-of-Bounds Write Decrypting PEncrypt Packed executables Microsoft Office - COM Object DLL Planting with 'WMALFXGFXDSP.dll' (MS16-007) Microsoft Office / COM Object - 'WMALFXGFXDSP.dll' DLL Planting (MS16-007) Apple Mac OSX Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type Apple Mac OSX Kernel - Out-of-Bounds Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type Microsoft Edge - 'Array.splice' Heap Overflow Moxa SoftCMS 1.5 - Denial of Service (PoC) Microsoft Edge - 'FillFromPrototypes' Type Confusion Microsoft Edge - 'Array.filter' Info Leak Microsoft Edge - 'Array.reverse' Overflow Palo Alto Networks PanOS appweb3 - Stack Buffer Overflow Microsoft Windows 2000 - Utility Manager Privilege Elevation Exploit (MS04-019) Microsoft Windows 2000 - POSIX Subsystem Privilege Escalation (MS04-020) Microsoft Windows 2000 - Universal Language Utility Manager Exploit (MS04-019) Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022) Microsoft Windows 2000 - Utility Manager All-in-One Exploit (MS04-019) Microsoft Windows Server 2000 - Utility Manager Privilege Elevation Exploit (MS04-019) Microsoft Windows Server 2000 - POSIX Subsystem Privilege Escalation (MS04-020) Microsoft Windows Server 2000 - Universal Language Utility Manager Exploit (MS04-019) Microsoft Windows Server 2000/XP - Task Scheduler .job Exploit (MS04-022) Microsoft Windows Server 2000 - Utility Manager All-in-One Exploit (MS04-019) Microsoft Windows 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055) Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055) Microsoft Windows 2000/XP - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030) Microsoft Windows Server 2000/XP - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030) Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) Microsoft Excel - 0x5D record Stack Overflow Microsoft Excel - 0x5D record Stack Overflow (MS10-038) Win32k - Keyboard Layout (MS10-073) Microsoft Win32k - Keyboard Layout (MS10-073) Adobe - Doc.media.newPlayer Use-After-Free (1) Adobe - 'util.printf()' Buffer Overflow (1) Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (1) Adobe - 'util.printf()' Buffer Overflow (Metasploit) (1) Adobe - FlateDecode Stream Predictor 02 Integer Overflow (1) Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (1) Adobe - JBIG2Decode Memory Corruption (1) Adobe - Collab.getIcon() Buffer Overflow (1) Adobe Flash Player - 'newfunction' Invalid Pointer Use (1) Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (Metasploit) Adobe - JBIG2Decode Memory Corruption (Metasploit) (1) Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (1) Adobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (1) Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (MS09-032/MS09-037) (Metasploit) Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (2) Media Jukebox 8.0.400 - Buffer Overflow (SEH) Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (Metasploit) (2) Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit) Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (2) Adobe - Doc.media.newPlayer Use-After-Free (2) Adobe - 'util.printf()' Buffer Overflow (2) Microsoft Excel - Malformed FEATHEADER Record (Metasploit) Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (Metasploit) (2) Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (2) Adobe - 'util.printf()' Buffer Overflow (Metasploit) (2) Microsoft Excel - Malformed FEATHEADER Record (MS09-067) (Metasploit) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (3) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3) WM Downloader 3.1.2.2 - Buffer Overflow (2) WM Downloader 3.1.2.2 - Buffer Overflow (Metasploit) (2) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (2) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (2) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2) Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (2) Adobe - FlateDecode Stream Predictor 02 Integer Overflow (2) Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (2) Microsoft Windows - CreateSizedDIBSECTION Stack Buffer Overflow (Metasploit) Microsoft Windows - CreateSizedDIBSECTION Stack Buffer Overflow (MS11-006) (Metasploit) gAlan 0.2.1 - Buffer Overflow (2) Microsoft PowerPoint Viewer - TextBytesAtom Stack Buffer Overflow (Metasploit) gAlan 0.2.1 - Buffer Overflow (Metasploit) (2) Microsoft PowerPoint Viewer - TextBytesAtom Stack Buffer Overflow (MS10-004) (Metasploit) BACnet OPC Client - Buffer Overflow (2) BACnet OPC Client - Buffer Overflow (Metasploit) (2) Adobe - JBIG2Decode Memory Corruption (2) Adobe - JBIG2Decode Memory Corruption (Metasploit) (2) Mini-stream 3.0.1.1 - Buffer Overflow (2) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (2) Adobe - Collab.getIcon() Buffer Overflow (2) Adobe PDF - Escape EXE Social Engineering (No JavaScript) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (4) Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (2) Adobe PDF - Escape EXE Social Engineering (No JavaScript)(Metasploit) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4) Microsoft Word - RTF pFragments Stack Buffer Overflow (File Format) Adobe Flash Player - 'newfunction' Invalid Pointer Use (2) Microsoft Word - '.RTF' pFragments Stack Buffer Overflow (File Format) (MS10-087) (Metasploit) Adobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (2) Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (1) Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (1) Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (Metasploit) Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (MS10-028) (Metasploit) Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit) Microsoft Excel 2007 SP2 - Buffer Overwrite Microsoft Excel 2007 SP2 - Buffer Overwrite (MS11-021) Mini-stream Ripper 3.0.1.1 - Buffer Overflow (3) Mini-stream Ripper 3.0.1.1 - Buffer Overflow (Metasploit) (3) Microsoft Excel 2007 - '.xlb' Buffer Overflow (MS11-021) Microsoft Excel 2007 - '.xlb' Buffer Overflow (MS11-021) (Metasploit) Microsoft Excel - Malformed OBJ Record Handling Overflow (MS11-038) Microsoft Excel - Malformed OBJ Record Handling Overflow (MS11-038) (Metasploit) Microsoft Office 2003 Home/Pro - Code Execution Microsoft Office 2003 Home/Pro - Code Execution (MS10-087) Microsoft Office - ClickOnce Unsafe Object Package Handling (MS12-005) Microsoft Office - ClickOnce Unsafe Object Package Handling (MS12-005) (Metasploit) Microsoft Windows - Task Scheduler XML Privilege Escalation (Metasploit) Microsoft Windows - Task Scheduler .XML Privilege Escalation (MS10-092) (Metasploit) Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request (MS00-003) Microsoft Windows Kernel - Intel x64 SYSRET (PoC) Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) (PoC) Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) Kerberos in Microsoft Windows - Security Feature Bypass (MS16-101) Microsoft Windows Kerberos - Security Feature Bypass (MS16-101) Microsoft Windows 2000/NT 4 - Local Descriptor Table Privilege Escalation Microsoft Windows 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation Microsoft Windows 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows - HWND_BROADCAST Low to Medium Integrity Privilege Escalation (MS13-005) Microsoft Windows - HWND_BROADCAST Low to Medium Integrity Privilege Escalation (MS13-005) (Metasploit) VMware - Setuid VMware-mount Unsafe popen(3) VMware - Setuid VMware-mount Unsafe popen(3) (Metasploit) Microsoft Windows - TrackPopupMenuEx Win32k NULL Page (Metasploit) Microsoft Windows - TrackPopupMenuEx Win32k NULL Page (MS13-081) (Metasploit) Microsoft Word - RTF Object Confusion (MS14-017) Microsoft Word - RTF Object Confusion (MS14-017) (Metasploit) Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei) Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit) .NET Deployment Service - IE Sandbox Escape (MS14-009) Registry Symlink - IE Sandbox Escape (MS13-097) Microsoft .NET Deployment Service - IE Sandbox Escape (MS14-009) (Metasploit) Microsoft Registry Symlink - IE Sandbox Escape (MS13-097) (Metasploit) Microsoft Windows - OLE Package Manager Code Execution (MS14-060) Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit) Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (Metasploit) Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (MS14-058) (Metasploit) Microsoft Windows - OLE Package Manager Code Execution Through Python (MS14-064) Microsoft Windows - OLE Package Manager Code Execution (MS14-064) Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit) Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit) Microsoft Remote Desktop Services - Web Proxy IE Sandbox Escape (MS15-004) Microsoft Remote Desktop Services - Web Proxy IE Sandbox Escape (MS15-004) (Metasploit) Microsoft Windows Server 2003 SP2 - Privilege Escalation Microsoft Windows Server 2003 SP2 - Privilege Escalation (MS14-070) Microsoft Windows XP/7 Kernel - 'win32k.sys' Keyboard Layout Privilege Escalation Microsoft Windows XP/7 Kernel - 'win32k.sys' Keyboard Layout Privilege Escalation (MS10-073) Publish-It - '.PUI' Buffer Overflow (SEH) Publish-It - '.PUI' Buffer Overflow (SEH) (Metasploit) Microsoft Windows - ClientCopyImage Win32k Exploit (Metasploit) Microsoft Windows - ClientCopyImage Win32k Exploit (MS15-051) (Metasploit) Microsoft Word - Local Machine Zone Remote Code Execution Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022) VideoCharge Studio - Buffer Overflow (SEH) VideoCharge Studio - Buffer Overflow (SEH) (Metasploit) Microsoft Windows - NtUserGetClipboardAccessToken Token Leak Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023) Microsoft Windows - Font Driver Buffer Overflow (MS15-078) Microsoft Windows - Font Driver Buffer Overflow (MS15-078) (Metasploit) Nagios 4.2.2 - Privilege Escalation ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit) Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset OOB Privilege Escalation Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit) VMware - Setuid VMware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010) VMware - Setuid VMware-mount Popen lsb_release Privilege Escalation Palo Alto Networks PanOS root_trace - Privilege Escalation Palo Alto Networks PanOS root_reboot - Privilege Escalation RealServer < 8.0.2 - Remote Exploit (Windows Platforms) RealServer < 8.0.2 (Windows Platforms) - Remote Exploit Microsoft Windows 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026) Microsoft Windows Server 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026) Microsoft Windows 2000/XP - Workstation Service Overflow (MS03-049) Microsoft Windows Server 2000/XP - Workstation Service Overflow (MS03-049) Microsoft Windows 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011) Microsoft Windows Server 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011) Microsoft Windows - 'WINS' Remote Buffer Overflow (3) Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045) (3) Microsoft Windows Message - Queuing Buffer Overflow Universal Exploit (MS05-017) (v.0.3) Microsoft Windows Message Queuing - Buffer Overflow Universal Exploit (MS05-017) (v.0.3) Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (Spanish) Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (French) Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (Spanish) (MS05-039) Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (French) (MS05-039) eIQnetworks License Manager - Remote Buffer Overflow (1) (Metasploit) eIQnetworks License Manager - Remote Buffer Overflow (2) (Metasploit) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) Microsoft Windows 2003 - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit) Microsoft Windows Server 2003 - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit) Broadcom Wireless Driver - Probe Response SSID Overflow (1) (Metasploit) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (1) Microsoft Windows - NetpManageIPCConnect - Stack Overflow (Python) Microsoft Windows - NetpManageIPCConnect - Stack Overflow (MS06-070) (Python) Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow Microsoft Speech API ActiveX Control (Windows XP SP2) - Remote Buffer Overflow Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow (MS07-033) Microsoft Speech API ActiveX Control (Windows XP SP2) - Remote Buffer Overflow (MS07-033) CCProxy 6.2 - Telnet Proxy Ping Overflow (1) (Metasploit) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (1) Microsoft Windows 2000 - AS SP4 Message Queue Exploit (MS07-065) Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue Exploit (MS07-065) Microsoft Windows Message Queuing Service - RPC Buffer Overflow Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) (MS09-054) Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly (MS03-044) Movie Maker - Remote Code Execution (MS10-016) Microsoft Movie Maker - Remote Code Execution (MS10-016) ASP.NET - Padding Oracle (MS10-070) Microsoft ASP.NET - Padding Oracle (MS10-070) ASP.NET - Padding Oracle File Download (MS10-070) Microsoft Windows - NTLM Weak Nonce Microsoft ASP.NET - Padding Oracle File Download (MS10-070) Microsoft Windows - NTLM Weak Nonce (MS10-012) ASP.NET - Auto-Decryptor File Download Exploit (MS10-070) Microsoft ASP.NET - Auto-Decryptor File Download Exploit (MS10-070) Wireshark - LWRES Dissector getaddrsbyname_request Buffer Overflow (loop) Wireshark - LWRES Dissector getaddrsbyname_request Buffer Overflow (Loop) (Metasploit) Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (1) PHP 4 - Unserialize() ZVAL Reference Counter Overflow (Cookie) Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (Metasploit) (1) PHP 4 - Unserialize() ZVAL Reference Counter Overflow (Cookie) (Metasploit) Axis2 - Authenticated Code Execution (via REST) Axis2 - Authenticated Code Execution (via REST) (Metasploit) Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP) Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP) (Metasploit) Microsoft Windows Media Services - ConnectFunnel Stack Buffer Overflow (Metasploit) Microsoft Private Communications Transport - Overflow Exploit (Metasploit) Microsoft Windows Media Services - ConnectFunnel Stack Buffer Overflow (MS10-025) (Metasploit) Microsoft Private Communications Transport - Overflow Exploit (MS04-011) (Metasploit) Microsoft IIS - ISAPI 'nsiislog.dll' ISAPI POST Overflow (Metasploit) Microsoft IIS - ISAPI FrontPage 'fp30reg.dll' Chunked Overflow (Metasploit) Microsoft IIS - Phone Book Service Overflow (Metasploit) Microsoft IIS - ISAPI 'nsiislog.dll' ISAPI POST Overflow (MS03-022) (Metasploit) Microsoft IIS - ISAPI FrontPage 'fp30reg.dll' Chunked Overflow (MS03-051) (Metasploit) Microsoft IIS - Phone Book Service Overflow (MS00-094) (Metasploit) Microsoft WINS - Service Memory Overwrite (Metasploit) Microsoft Windows - SMB Relay Code Execution (Metasploit) Microsoft Windows - Print Spooler Service Impersonation (MS10-061) Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067) Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (Metasploit) Microsoft RRAS Service - Overflow Exploit (Metasploit) Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (Metasploit) Microsoft Server Service - NetpwPathCanonicalize Overflow (Metasploit) Microsoft LSASS Service - DsRolerUpgradeDownlevelServer Overflow (Metasploit) Microsoft Services - 'nwwks.dll' (MS06-066) Microsoft WINS - Service Memory Overwrite (MS04-045) (Metasploit) Microsoft Windows - SMB Relay Code Execution (MS08-068) (Metasploit) Microsoft Windows - Print Spooler Service Impersonation (MS10-061) (Metasploit) Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067) (Metasploit) Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050) (Metasploit) Microsoft RRAS Service - Overflow Exploit (MS06-025) (Metasploit) Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (MS07-029) (Metasploit) Microsoft Server Service - NetpwPathCanonicalize Overflow (MS06-040) (Metasploit) Microsoft LSASS Service - DsRolerUpgradeDownlevelServer Overflow (MS04-011) (Metasploit) Microsoft Services - 'nwwks.dll' (MS06-066) (Metasploit) Microsoft NetDDE Service - Overflow Exploit (Metasploit) Microsoft Workstation Service - NetpManageIPCConnect Overflow (Metasploit) Microsoft Services - 'nwapi32.dll' (MS06-066) Microsoft NetDDE Service - Overflow Exploit (MS04-031) (Metasploit) Microsoft Workstation Service - NetpManageIPCConnect Overflow (MS06-070) (Metasploit) Microsoft Services - 'nwapi32.dll' (MS06-066) (Metasploit) Microsoft RRAS Service - RASMAN Registry Overflow (Metasploit) Microsoft RRAS Service - RASMAN Registry Overflow (MS06-025) (Metasploit) Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007) Microsoft Workstation Service - NetAddAlternateComputerName Overflow (Metasploit) Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (Metasploit) Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007) (Metasploit) Microsoft Workstation Service - NetAddAlternateComputerName Overflow (MS03-049) (Metasploit) Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (MS05-030) (Metasploit) Broadcom Wireless Driver - Probe Response SSID Overflow (2) (Metasploit) Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (2) Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (Metasploit) Microsoft SQL Server - Resolution Overflow (Metasploit) Microsoft SQL Server - Payload Execution (via SQL Injection) Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit) Microsoft SQL Server - Resolution Overflow (MS02-039) (Metasploit) Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit) Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (via SQL Injection) Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit) Microsoft SQL Server - Hello Overflow (Metasploit) Microsoft SQL Server - Hello Overflow (MS02-056) (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (1) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (1) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (2) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (2) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (3) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (3) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (1) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (1) IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (1) IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (Metasploit) (1) HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (1) HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (1) Microsoft DirectX DirectShow - SAMI Buffer Overflow (Metasploit) Microsoft DirectX DirectShow - SAMI Buffer Overflow (MS07-064) (Metasploit) HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (2) HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (2) Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (Metasploit) Microsoft IIS 4.0 - '.htr' Path Overflow (Metasploit) Microsoft IIS 5.0 - Printer Host Header Overflow (Metasploit) Microsoft IIS 5.0 - WebDAV 'ntdll.dll' Path Overflow (Metasploit) Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (MS01-026) (Metasploit) Microsoft IIS 4.0 - '.htr' Path Overflow (MS02-018) (Metasploit) Microsoft IIS 5.0 - Printer Host Header Overflow (MS01-023) (Metasploit) Microsoft IIS 5.0 - WebDAV 'ntdll.dll' Path Overflow (MS03-007) (Metasploit) Microsoft IIS 5.0 - IDQ Path Overflow (Metasploit) Microsoft IIS 5.0 - IDQ Path Overflow (MS01-033) (Metasploit) Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (1) Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (Metasploit) (1) Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (Metasploit) Microsoft Visual Studio - Msmask32.ocx ActiveX Buffer Overflow (Metasploit) Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit) Microsoft Visual Studio - Msmask32.ocx ActiveX Buffer Overflow (MS08-070) (Metasploit) Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (Metasploit) Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) (Metasploit) Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) (MS07-017) (Metasploit) Microsoft Internet Explorer - XML Core Services HTTP Request Handling (Metasploit) Microsoft Internet Explorer - CSS Recursive Import Use-After-Free (Metasploit) Microsoft Internet Explorer - XML Core Services HTTP Request Handling (MS06-071) (Metasploit) Microsoft Internet Explorer - CSS Recursive Import Use-After-Free (MS11-003) (Metasploit) Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (MS09-043) (Metasploit) Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (Metasploit) Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (Metasploit) Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (MS10-023) (Metasploit) Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043) (Metasploit) Microsoft Help Center - Cross-Site Scripting / Command Execution (Metasploit) Microsoft Internet Explorer - Style getElementsByTagName Memory Corruption (Metasploit) Microsoft Help Center - Cross-Site Scripting / Command Execution (MS10-042) (Metasploit) Microsoft Internet Explorer - Style getElementsByTagName Memory Corruption (MS09-072) (Metasploit) Microsoft Internet Explorer - CSS SetUserClip Memory Corruption (Metasploit) Microsoft Internet Explorer - CSS SetUserClip Memory Corruption (MS10-090) (Metasploit) Microsoft Internet Explorer 7 - CFunctionPointer Uninitialized Memory Corruption (Metasploit) Microsoft Internet Explorer 7 - CFunctionPointer Uninitialized Memory Corruption (MS09-002) (Metasploit) Microsoft Internet Explorer - COM CreateObject Code Execution (Metasploit) Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (2) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (MS06-057) (Metasploit) (2) Microsoft Internet Explorer - Tabular Data Control ActiveX Memory Corruption (Metasploit) Microsoft Internet Explorer - Tabular Data Control ActiveX Memory Corruption (MS10-018) (Metasploit) Microsoft Windows - Shell LNK Code Execution (Metasploit) Microsoft Windows - Shell LNK Code Execution (MS10-046) (Metasploit) Microsoft Internet Explorer - createTextRange() Code Execution (Metasploit) Microsoft Internet Explorer - createTextRange() Code Execution (MS06-013) (Metasploit) Microsoft Internet Explorer - Object Type (MS03-020) Microsoft Internet Explorer - Object Type (MS03-020) (Metasploit) Microsoft Internet Explorer - Data Binding Memory Corruption (Metasploit) Microsoft Internet Explorer - Data Binding Memory Corruption (MS08-078) (Metasploit) Microsoft Internet Explorer - DHTML Behaviour Use-After-Free (Metasploit) Microsoft Internet Explorer - DHTML Behaviour Use-After-Free (MS10-018) (Metasploit) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (1) Microsoft Internet Explorer - (VML) Fill Method Code Execution (Metasploit) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (1) Microsoft Internet Explorer - (VML) Fill Method Code Execution (MS06-055) (Metasploit) Microsoft Internet Explorer - 'Aurora' Memory Corruption (Metasploit) Microsoft Internet Explorer - 'Aurora' Memory Corruption (MS10-002) (Metasploit) Microsoft Windows XP/2003/Vista - Metafile Escape() SetAbortProc Code Execution (Metasploit) Microsoft Windows XP/2003/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit) CCProxy 6.2 - Telnet Proxy Ping Overflow (2) (Metasploit) CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (2) Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) Outlook - ATTACH_BY_REF_RESOLVE File Execution (Metasploit) Outlook - ATTACH_BY_REF_ONLY File Execution (Metasploit) Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) (MS07-017) (Metasploit) Microsoft Outlook - ATTACH_BY_REF_RESOLVE File Execution (MS10-045) (Metasploit) Microsoft Outlook - ATTACH_BY_REF_ONLY File Execution (MS10-045) (Metasploit) Odin Secure FTP 4.1 - Stack Buffer Overflow (LIST) Odin Secure FTP 4.1 - Stack Buffer Overflow (LIST) (Metasploit) FTPGetter Standard 3.55.0.05 - Stack Buffer Overflow (PWD) FTPGetter Standard 3.55.0.05 - Stack Buffer Overflow (PWD) (Metasploit) httpdx - tolog() Function Format String (1) httpdx - tolog() Function Format String (Metasploit) (1) Microsoft IIS FTP Server - NLST Response Overflow (Metasploit) Microsoft IIS FTP Server - NLST Response Overflow (MS09-053) (Metasploit) Microsoft Message Queueing Service - Path Overflow (Metasploit) Microsoft DNS RPC Service - extractQuotedChar() Overflow (TCP) Microsoft RPC DCOM Interface - Overflow Exploit (Metasploit) Microsoft Message Queueing Service - DNS Name Path Overflow (Metasploit) Microsoft Message Queueing Service - Path Overflow (MS05-017) (Metasploit) Microsoft DNS RPC Service - extractQuotedChar() TCP Overflow (MS07-029) (Metasploit) Microsoft RPC DCOM Interface - Overflow Exploit (MS03-026) (Metasploit) Microsoft Message Queueing Service - DNS Name Path Overflow (MS07-065) (Metasploit) IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (2) IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (Metasploit) (2) Novell ZENworks Configuration Management 10.2.0 - Remote Execution (1) Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1) httpdx - tolog() Function Format String (2) httpdx - tolog() Function Format String (Metasploit) (2) Exchange 2000 - XEXCH50 Heap Overflow (MS03-046) Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (MS03-046) (Metasploit) NetSupport Manager Agent - Remote Buffer Overflow (2) NetSupport Manager Agent - Remote Buffer Overflow (Metasploit) (2) Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (Metasploit) (1) Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (Metasploit) (2) SquirrelMail PGP Plugin - Command Execution (SMTP) SquirrelMail PGP Plugin - Command Execution (SMTP) (Metasploit) ToolTalk - rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX) ToolTalk - rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX) (Metasploit) Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (2) Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (2) Microsoft Internet Explorer - MSHTML!CObjectElement Use-After-Free (MS11-050) Microsoft Internet Explorer - MSHTML!CObjectElement Use-After-Free (MS11-050) (Metasploit) Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview (.lzh attachment) Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview ('.lzh' Attachment) (Metasploit) Mozilla Firefox - 'nsTreeRange' Dangling Pointer (1) Mozilla Firefox - 'nsTreeRange' Dangling Pointer (Metasploit) (1) Mozilla Firefox 3.6.16 - mChannel Use-After-Free (1) Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (1) Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit) ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (2) ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (Metasploit) (2) Mozilla Firefox - Array.reduceRight() Integer Overflow (2) Mozilla Firefox - Array.reduceRight() Integer Overflow (Metasploit) (2) Microsoft Internet Explorer - JavaScript OnLoad Handler Remote Code Execution (Metasploit) Microsoft Internet Explorer - JavaScript OnLoad Handler Remote Code Execution (MS05-054) (Metasploit) Mozilla Firefox 3.6.16 - mChannel Use-After-Free (2) Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (2) Microsoft Windows - midiOutPlayNextPolyEvent Heap Overflow (MS12-004) Microsoft Windows - midiOutPlayNextPolyEvent Heap Overflow (MS12-004) (Metasploit) Sun Java Web Start Plugin - Command Line Argument Injection (2012) Sun Java Web Start Plugin - Command Line Argument Injection (2012) (Metasploit) Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002) Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002) (Metasploit) Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027) Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027) (Metasploit) quickshare file share 1.2.1 - Directory Traversal (2) quickshare file share 1.2.1 - Directory Traversal (Metasploit) (2) Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (Metasploit) Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (MS02-065) (Metasploit) Microsoft Internet Explorer - Same ID Property Deleted Object Handling Memory Corruption (MS12-037) Microsoft Internet Explorer - Same ID Property Deleted Object Handling Memory Corruption (MS12-037) (Metasploit) ComSndFTP 1.3.7 Beta - USER Format String (Write4) Microsoft XML Core Services - MSXML Uninitialized Memory Corruption (Metasploit) ComSndFTP 1.3.7 Beta - USER Format String (Write4) (Metasploit) Microsoft XML Core Services - MSXML Uninitialized Memory Corruption (MS12-043) (Metasploit) Microsoft Internet Explorer 5.0/4.0.1 - JavaScript URL redirection Microsoft Internet Explorer 5.0/4.0.1 - JavaScript URL Redirection (MS99-043) Microsoft Office SharePoint Server 2007 - Remote Code Execution (Metasploit) Microsoft Office SharePoint Server 2007 - Remote Code Execution (MS10-104) (Metasploit) Microsoft IIS 3.0/4.0 / Microsoft index server 2.0 - Directory Traversal Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 - Directory Traversal (MS00-006) Microsoft Internet Explorer - Fixed Table Col Span Heap Overflow (Metasploit) Microsoft Internet Explorer - Fixed Table Col Span Heap Overflow (MS12-037) (Metasploit) Microsoft Internet Explorer 5.5 - Index.dat Microsoft Internet Explorer 5.5 - 'Index.dat' Exploit (MS00-055) Microsoft Visual Studio RAD Support - Buffer Overflow (Metasploit) Microsoft Visual Studio RAD Support - Buffer Overflow (MS03-051) (Metasploit) JBoss - DeploymentFileRepository WAR Deployment (via JMXInvokerServlet) JBoss - DeploymentFileRepository WAR Deployment (via JMXInvokerServlet) (Metasploit) Microsoft Internet Explorer 5 - Zone Spoofing Microsoft Internet Explorer 5 - Zone Spoofing (MS01-055) HP SiteScope - Remote Code Execution (1) HP SiteScope - Remote Code Execution (Metasploit) (1) Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure (MS02-023) Metasploit Web UI - Diagnostic Console Command Execution Metasploit Web UI - Diagnostic Console Command Execution (Metasploit) Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027) Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant (MS02-047) Microsoft Internet Explorer - execCommand Use-After-Free (MS12-063) Microsoft Internet Explorer - execCommand Use-After-Free (MS12-063) (Metasploit) Microsoft Internet Explorer 5 - XML Page Object Type Validation Microsoft Internet Explorer 5 - XML Page Object Type Validation (MS03-040) Microsoft Windows XP/2000 - Messenger Service Buffer Overrun Microsoft Windows XP/2000 - Messenger Service Buffer Overrun (MS03-043) Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass (MS04-013) Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004) Microsoft Internet Explorer - Option Element Use-After-Free (Metasploit) Microsoft Internet Explorer - Option Element Use-After-Free (MS11-081) (Metasploit) Java Applet JMX - Remote Code Execution (1) Java Applet JMX - Remote Code Execution (Metasploit) (1) myServer 0.6.2 - math_sum.mscgi Multiple Parameter Cross-Site Scripting MyServer 0.6.2 - math_sum.mscgi Multiple Parameter Cross-Site Scripting VMware OVF Tools - Format String (1) VMware OVF Tools - Format String (Metasploit) (1) VMware OVF Tools - Format String (2) VMware OVF Tools - Format String (Metasploit) (2) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) Java Applet JMX - Remote Code Execution (2) Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) Java Applet JMX - Remote Code Execution (Metasploit) (2) Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038) Novell ZENworks Configuration Management 10.2.0 - Remote Execution (2) Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (2) phpMyAdmin - Authenticated Remote Code Execution via preg_replace() phpMyAdmin - 'preg_replace' Authenticated Remote Code Execution (Metasploit) Microsoft Internet Explorer 5.0.1 - Content Advisor File Handling Buffer Overflow Microsoft Internet Explorer 5.0.1 - Content Advisor File Handling Buffer Overflow (MS05-020) Microsoft Internet Explorer - textNode Use-After-Free (Metasploit) Microsoft Internet Explorer - textNode Use-After-Free (MS13-037) (Metasploit) Microsoft Internet Explorer - COALineDashStyleArray Integer Overflow (MS13-009) Microsoft Internet Explorer - COALineDashStyleArray Integer Overflow (MS13-009) (Metasploit) D-Link Devices - Unauthenticated Remote Command Execution (2) D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (2) D-Link Devices - Unauthenticated Remote Command Execution (1) D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (1) Microsoft Internet Explorer - CFlatMarkupPointer Use-After-Free (MS13-059) Microsoft Internet Explorer - CFlatMarkupPointer Use-After-Free (MS13-059) (Metasploit) Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055) HP SiteScope - Remote Code Execution (2) Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055) (Metasploit) HP SiteScope - Remote Code Execution (Metasploit) (2) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (2) Microsoft Internet Explorer - CCaret Use-After-Free (MS13-069) Microsoft Windows Theme File Handling - Arbitrary Code Execution (MS13-071) CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (2) Microsoft Internet Explorer - CCaret Use-After-Free (MS13-069) (Metasploit) Microsoft Windows Theme File Handling - Arbitrary Code Execution (MS13-071) (Metasploit) Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080) Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080) (Metasploit) Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090) Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access (MS12-022) Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090) (Metasploit) Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access (MS12-022) (Metasploit) Microsoft Internet Explorer - TextRange Use-After-Free (MS14-012) Microsoft Internet Explorer - TextRange Use-After-Free (MS14-012) (Metasploit) Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012) Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012) (Metasploit) Microsoft Windows Media Center - MCL Exploit (MS15-100) Microsoft Windows Media Center - MCL Exploit (MS15-100) (Metasploit) Advantech Switch - Bash Environment Variable Code Injection (Shellshock) Advantech Switch - Bash Environment Variable Code Injection (Shellshock) (Metasploit) Oracle BeeHive 2 - voice-servlet processEvaluation() Oracle BeeHive 2 - voice-servlet processEvaluation() (Metasploit) Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference (MS15-134) IPFire - Bash Environment Variable Injection (Shellshock) IPFire - Bash Environment Variable Injection (Shellshock) (Metasploit) Ruby on Rails - Dynamic Render File Upload / Remote Code Execution Ruby on Rails - Dynamic Render File Upload / Remote Code Execution (Metasploit) FTPShell Client 5.24 - 'PWD' Remote Buffer Overflow Windows x64 - Reverse Shell TCP Shellcode (694 bytes) phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (2) phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2) PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (2) PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (2) (Metasploit) Wordpress Plugin BBS e-Franchise 1.1.1 - SQL Injection Wordpress Plugin Product Catalog 8 1.2.0 - SQL Injection EditMe CMS - Cross-Site Request Forgery (Add New Admin)	2016-11-19 05:01:21 +00:00
Offensive Security	2e7215ec08	DB: 2016-11-16 8 new exploits MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial of Service MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial Of Service MailEnable Professional/Enterprise 2.37 - Denial of Service MailEnable Professional/Enterprise 2.37 - Denial Of Service Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial of Service Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial Of Service MailEnable SMTP Service - VRFY/EXPN Command Buffer Overflow Denial of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial Of Service VideoLAN VLC Media Player - Subtitle StripTags() Function Memory Corruption VideoLAN VLC Media Player 1.1 - Subtitle StripTags() Function Memory Corruption VideoLAN VLC Media Player - XSPF Local File Integer Overflow in XSPF Playlist parser VideoLAN VLC Media Player 1.1.9 - XSPF Local File Integer Overflow in XSPF Playlist parser VideoLAN VLC Media Player - '.3gp' File Divide-by-Zero Denial of Service VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial Of Service VideoLAN VLC Media Player - '.wav' File Memory Corruption VideoLAN VLC Media Player 2.1.3 - '.wav' File Memory Corruption Microsoft Edge 11.0.10240.16384 - 'edgehtml' CAttrArray::Destroy Use-After-Free Linux Kernel (Ubuntu / RedHat) - 'keyctl' Null Pointer Dereference Microsoft Windows Kernel - Registry Hive Loading 'nt!RtlEqualSid' Out-of-Bounds Read (MS16-138) VideoLAN VLC Media Player - '.TY' File Stack Based Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow VideoLAN VLC Media Player - 'wintab32.dll' DLL Hijacking VideoLAN VLC Media Player 1.1.3 - 'wintab32.dll' DLL Hijacking VideoLAN VLC Media Player - TiVo Buffer Overflow (Metasploit) VideoLAN VLC Media Player 0.9.4 - TiVo Buffer Overflow (Metasploit) VideoLAN VLC Media Player - MKV Memory Corruption (Metasploit) VideoLAN VLC Media Player 1.1.6 - 'MKV' Memory Corruption (Metasploit) VideoLAN VLC Media Player - RealText Subtitle Overflow (Metasploit) VideoLAN VLC Media Player 0.9.5 - RealText Subtitle Overflow (Metasploit) Microsoft Windows - VHDMP ZwDeleteFile Arbitrary File Deletion Privilege Escalation (MS16-138) Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation (MS16-138) Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138) MailEnable Pro/Ent 2.37 - (APPEND) Remote Buffer Overflow MailEnable Professional/Enterprise 2.37 - 'APPEND' Remote Buffer Overflow Versant Object Database 7.0.1.3 - Commands Execution Exploit Versant Object Database 7.0.1.3 - Commands Execution VHCS 2.4.7.1 - (vhcs2_daemon) Remote Root Exploit VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Root Exploit MDaemon IMAP server 9.6.4 - (FETCH) Remote Buffer Overflow MailEnable Pro/Ent 3.13 - (Fetch) Authenticated Remote Buffer Overflow MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow MailEnable Professional/Enterprise 3.13 - 'Fetch' Authenticated Remote Buffer Overflow VideoLAN VLC Media Player - AMV Dangling Pointer (Metasploit) VideoLAN VLC Media Player 1.1.4 - 'AMV' Dangling Pointer (Metasploit) VideoLAN VLC Media Player - ModPlug ReadS3M Stack Buffer Overflow (Metasploit) VideoLAN VLC Media Player 1.1.8 - ModPlug ReadS3M Stack Buffer Overflow (Metasploit) VideoLAN VLC Media Player - Mms Stream Handling Buffer Overflow (Metasploit) VideoLAN VLC Media Player 2.0.0 - Mms Stream Handling Buffer Overflow (Metasploit) Easy Internet Sharing Proxy Server 2.2 - SEH Overflow (Metasploit) Disk Pulse Enterprise 9.0.34 - Buffer Overflow Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow Disk Pulse Enterprise - Login Buffer Overflow' (Metasploit) Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow' (Metasploit) WinaXe 7.7 FTP Client - Remote Buffer Overflow (Metasploit) phpMyNewsletter 0.6.10 - (customize.php l) Remote File Inclusion phpMyNewsletter 0.6.10 - 'customize.php' Remote File Inclusion QuickTalk forum 1.3 - 'lang' Local File Inclusion QuickTicket 1.2 - (qti_checkname.php) Local File Inclusion QuickTalk forum 1.3 - 'lang' Parameter Local File Inclusion QuickTicket 1.2 - 'qti_checkname.php' Local File Inclusion Mambo Component com_Musica - 'id' SQL Injection phpArcadeScript 3.0RC2 - (userid) SQL Injection phpComasy 0.8 - (mod_project_id) SQL Injection Dynamic photo Gallery 1.02 - 'albumID' SQL Injection Mambo Component com_Musica - 'id' Parameter SQL Injection phpArcadeScript 3.0RC2 - 'userid' Parameter SQL Injection phpComasy 0.8 - 'mod_project_id' Parameter SQL Injection Dynamic photo Gallery 1.02 - 'albumID' Parameter SQL Injection XOOPS Module Glossario 2.2 - 'sid' SQL Injection XOOPS Module wfdownloads - 'cid' SQL Injection XOOPS Module Glossario 2.2 - 'sid' Parameter SQL Injection XOOPS Module wfdownloads - 'cid' Parameter SQL Injection Joomla! Component Candle 1.0 - (cID) SQL Injection QuickTicket 1.5 - (qti_usr.php id) SQL Injection Joomla! Component Candle 1.0 - 'cid' Parameter SQL Injection QuickTicket 1.5 - 'qti_usr.php' SQL Injection Mambo Component eWriting 1.2.1 - (cat) SQL Injection phpMyNewsletter 0.8b5 - (archives.php msg_id) SQL Injection Mapbender 2.4.4 - (mapFiler.php) Remote Code Execution Mapbender 2.4.4 - (gaz) SQL Injection Mambo Component eWriting 1.2.1 - 'cat' Parameter SQL Injection phpMyNewsletter 0.8b5 - 'msg_id' Parameter SQL Injection Mapbender 2.4.4 - 'mapFiler.php' Remote Code Execution Mapbender 2.4.4 - 'gaz' Parameter SQL Injection phpBB Mod FileBase - 'id' SQL Injection phpBB Mod FileBase 2.0 - 'id' Parameter SQL Injection XOOPS Module Gallery 0.2.2 - (gid) SQL Injection XOOPS Module My_eGallery 3.04 - (gid) SQL Injection XOOPS Module Gallery 0.2.2 - 'gid' Parameter SQL Injection XOOPS Module My_eGallery 3.04 - 'gid' Parameter SQL Injection XOOPS Module tutorials - 'printpage.php' SQL Injection XOOPS Module tutorials 2.1b - 'printpage.php' SQL Injection easygallery 5.0tr - Multiple Vulnerabilities EasyGallery 5.0tr - Multiple Vulnerabilities phpArcadeScript 4 - (cat) SQL Injection phpArcadeScript 4 - 'cat' Parameter SQL Injection phpComasy 0.9.1 - (entry_id) SQL Injection phpComasy 0.9.1 - 'entry_id' Parameter SQL Injection phpArcadeScript 4.0 - (linkout.php id) SQL Injection phpArcadeScript 4.0 - 'id' Parameter SQL Injection Myiosoft EasyGallery - 'catid' Blind SQL Injection EasyGallery - 'catid' Parameter Blind SQL Injection phpArcadeScript 2.0 - tellafriend.php gamename Parameter Cross-Site Scripting phpArcadeScript 2.0 - loginbox.php login_status Parameter Cross-Site Scripting phpArcadeScript 2.0 - 'index.php' submissionstatus Parameter Cross-Site Scripting phpArcadeScript 2.0 - browse.php Multiple Parameter Cross-Site Scripting phpArcadeScript 2.0 - displaygame.php gamefile Parameter Cross-Site Scripting EasyGallery 1.17 - EasyGallery.php Cross-Site Scripting Bloo 1.00 - Googlespell_Proxy.php Cross-Site Scripting Mitra Informatika Solusindo Cart - 'p' Parameter SQL Injection	2016-11-16 05:01:23 +00:00
Offensive Security	490539b3f3	DB: 2016-11-09 17 new exploits DigitalHive 2.0 RC2 - (base_include.php) Remote File Inclusion DigitalHive 2.0 RC2 - 'base_include.php' Remote File Inclusion DodosMail 2.0.1 - (dodosmail.php) Remote File Inclusion DodosMail 2.0.1 - 'dodosmail.php' Remote File Inclusion DoSePa 1.0.4 - (textview.php) Information Disclosure DoSePa 1.0.4 - 'textview.php' Information Disclosure TrueCrypt 4.3 - Privilege Escalation TrueCrypt 4.3 - 'setuid' Privilege Escalation w-Agora 4.2.1 - (cat) SQL Injection w-Agora 4.2.1 - 'cat' Parameter SQL Injection IPTBB 0.5.4 - (viewdir id) SQL Injection IPTBB 0.5.4 - 'id' Parameter SQL Injection LoudBlog 0.6.1 - (parsedpage) Remote Code Execution LoudBlog 0.6.1 - 'parsedpage' Parameter Remote Code Execution evilboard 0.1a - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities evilboard 0.1a - SQL Injection / Cross-Site Scripting QuickTime Player 7.3.1.70 - (rtsp) Buffer Overflow QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow DigitalHive 2.0 RC2 - (user_id) SQL Injection DigitalHive 2.0 RC2 - 'user_id' Parameter SQL Injection X7 Chat 2.0.5 - 'day' SQL Injection X7 Chat 2.0.5 - 'day' Parameter SQL Injection HP Data Protector 4.00-SP1b43064 - Remote Memory Leak/Dos Exploit HP Data Protector 4.00-SP1b43064 - Remote Memory Leak/DoS Cisco VPN Client - Integer Overflow (DOS) Cisco VPN Client - Integer Overflow (DoS) Multiple WordPress Plugins - timthumb.php File Upload Multiple WordPress Plugins - 'timthumb.php' File Upload glibc - LD_AUDIT Arbitrary DSO Load Privilege Escalation glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation NetServe FTP Client 1.0 - Local DOS (Overflow) NetServe FTP Client 1.0 - Local DoS (Overflow) Microsoft Windows Server 2008/2012 - LDAP RootDSE Netlogon Denial Of Service (PoC) Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080 / MS14-084) Internet Explorer 9 MSHTML - CPtsTextParaclient::CountApes Out-of-Bounds Read Microsoft Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Microsoft Internet Explorer 9 MSHTML - CPtsTextParaclient::CountApes Out-of-Bounds Read Linux Kernel 2.6.x < 2.6.7-rc3 - 'sys_chown()' Privilege Escalation Solaris 8/9 ps - Environment Variable Information leak Solaris 7/8/9 CDE libDtHelp - Buffer Overflow dtprintinfo Privilege Escalation Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation Solaris 8/9 passwd(1) - 'circ()' Stack-Based Buffer Overflow Privilege Escalation Linux Kernel - TCP Related Read Use-After-Free WordPress Plugin 'XCloner' 3.1.5 - Multiple Vulnerabilities WordPress Plugin 404 to 301 2.2.8 - Persistent Cross-Site Scripting WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting MOVISTAR ADSL Router BHS_RTA - Remote File Disclosure D-Link ADSL Router DSL-2730U/2750U/2750E - Remote File Disclosure NETGEAR ADSL Router JNR1010 - Authenticated Remote File Disclosure NETGEAR ADSL Router WNR500/WNR612v3/JNR1010/JNR2010 - Authenticated Remote File Disclosure PLANET ADSL Router AND-4101 - Remote File Disclosure Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit) Avira Antivirus 15.0.21.86 - '.zip' Directory Traversal / Command Execution	2016-11-09 05:01:25 +00:00
Offensive Security	1edbc5ecc4	DB: 2016-11-04 14 new exploits Microsoft Windows - Metafile (.WMF) Remote File Download Exploit Generator Microsoft Windows - Metafile '.WMF' Arbitrary File Download (Generator) Redaxo CMS 3.2 - 'INCLUDE_PATH' Remote File Inclusion Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion Mambo Component com_loudmouth 4.0j - Remote File Inclusion Mambo Component com_loudmouth 4.0j - Remote File Inclusion Sisfo Kampus 2006 - 'dwoprn.php f' Remote File Download Sisfo Kampus 2006 - 'dwoprn.php f' Arbitrary File Download Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection Joomla! / Mambo Component com_catalogproduction - 'id' SQL Injection Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection Megacubo 5.0.7 - (mega://) Remote File Download and Execute Exploit Megacubo 5.0.7 - 'mega://' Arbitrary File Download and Execute DMXReady SDK 1.1 - Remote File Download DMXReady SDK 1.1 - Arbitrary File Download Joomla! 1.5.12 RCE via TinyMCE - Arbitrary File Upload Joomla! 1.5.12 TinyMCE - Remote Code Execution (via Arbitrary File Upload) Joomla! Component Jw_allVideos - Remote File Download Joomla! Component Jw_allVideos - Arbitrary File Download Trouble Ticket Software - ttx.cgi Remote File Download Trouble Ticket Software - 'ttx.cgi' Arbitrary File Download Redaxo CMS 4.2.1 - Remote File Inclusion Redaxo 4.2.1 - Remote File Inclusion Joomla! Component Music Manager - Local File Inclusion Joomla! Component 'Music Manager' - Local File Inclusion Joomla! Component NeoRecruit (com_neorecruit Itemid) - Blind SQL Injection Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection Joomla! Component artforms 2.1b7.2 rc2 - Multiple Vulnerabilities Joomla! Component PaymentsPlus - Mtree 2.1.5 - Blind SQL Injection Joomla! Component 'com_artforms' 2.1b7.2 rc2 - Multiple Vulnerabilities Joomla! Component 'PaymentsPlus' 2.1.5 - Blind SQL Injection Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component IXXO Cart - SQL Injection Joomla! Component com_jomtube - (user_id) Blind SQL Injection / SQL Injection Joomla! Component redSHOP 1.0 (com_redshop pid) - SQL Injection Joomla! Component QuickFAQ (com_quickfaq) - Blind SQL Injection Joomla! Component 'Minify4Joomla' - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component 'IXXO Cart' - SQL Injection Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection Joomla! Component 'com_quickfaq' - Blind SQL Injection Joomla! Component MyHome (com_myhome) - Blind SQL Injection Joomla! Component MySms (com_mysms) - Arbitrary File Upload Joomla! Component Health & Fitness Stats - Persistent Cross-Site Scripting Joomla! Component 'com_myhome' - Blind SQL Injection Joomla! Component 'com_mysms' - Arbitrary File Upload Joomla! Component 'healthstats' - Persistent Cross-Site Scripting Joomla! Component Rapid Recipe - Persistent Cross-Site Scripting Joomla! Component 'Rapid-Recipe' - Persistent Cross-Site Scripting Joomla! Component EasyBlog - Persistent Cross-Site Scripting Joomla! Component 'EasyBlog' - Persistent Cross-Site Scripting Joomla! Component QContacts (com_qcontacts) - SQL Injection Joomla! Component 'com_qcontacts' - SQL Injection Joomla! Component RedShop 1.0.23.1 - Blind SQL Injection Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection Joomla! Component com_spa - SQL Injection (2) Joomla! Component com_staticxt - SQL Injection Joomla! Component 'com_spa' - SQL Injection (2) Joomla! Component 'com_staticxt' - SQL Injection Joomla! Component com_spa - SQL Injection (1) Joomla! Component 'com_spa' - SQL Injection (1) Joomla! Component com_golfcourseguide) 0.9.6.0 (Beta) / 1 (Beta - SQL Injection Joomla! Component com_huruhelpdesk - SQL Injection Joomla! Component com_iproperty - SQL Injection Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection Joomla! Component 'com_huruhelpdesk' - SQL Injection Joomla! Component 'com_iproperty' - SQL Injection Joomla! Component Ozio Gallery (com_oziogallery) - SQL Injection Joomla! Component ITArmory (com_itarmory) - SQL Injection Joomla! Component 'com_oziogallery' - SQL Injection Joomla! Component 'com_itarmory' - SQL Injection Joomla! Component com_joomdle) 0.24 - SQL Injection Joomla! Component com_youtube - SQL Injection Joomla! Component 'com_joomdle' 0.24 - SQL Injection Joomla! Component 'com_youtube' - SQL Injection Joomla! Component com_Joomla-visites - Remote File Inclusion Joomla! Component 'com_Joomla-visites' - Remote File Inclusion Joomla! Component TTVideo 1.0 - SQL Injection Joomla! Component 'com_ttvideo' 1.0 - SQL Injection Joomla! Component appointinator 1.0.1 - Multiple Vulnerabilities Joomla! Component 'com_appointinator' 1.0.1 - Multiple Vulnerabilities Joomla! Component PhotoMap Gallery 1.6.0 - Multiple Blind SQL Injections Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections Joomla! Component com_beamospetition - SQL Injection Joomla! Component 'com_beamospetition' - SQL Injection Caedo HTTPd Server 0.5.1 ALPHA - Remote File Download Caedo HTTPd Server 0.5.1 ALPHA - Arbitrary File Download Joomla! Component 1.0 'com_jdownloads' - Arbitrary File Upload Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload ADA IMGSVR 0.4 - Remote File Download ADA IMGSVR 0.4 - Arbitrary File Download Joomla! / Mambo Component com_buslicense - 'aid' Parameter SQL Injection Joomla! / Mambo Component 'com_buslicense' - 'aid' Parameter SQL Injection Joomla! / Mambo Component com_sermon 0.2 - 'gid' Parameter SQL Injection Joomla! / Mambo Component 'com_sermon' 0.2 - 'gid' Parameter SQL Injection Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_comments' 0.5.8.5g - 'id' Parameter SQL Injection Joomla! / Mambo Component com_iomezun - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_iomezun' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_Joomlavvz - 'id' Parameter SQL Injection Joomla! / Mambo Component com_most - 'secid' Parameter SQL Injection Joomla! / Mambo Component com_asortyment - 'katid' Parameter SQL Injection Joomla! / Mambo Component 'com_Joomlavvz' - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_most' - 'secid' Parameter SQL Injection Joomla! / Mambo Component 'com_asortyment' - 'katid' Parameter SQL Injection Joomla! / Mambo Component com_model - 'objid' Parameter SQL Injection Joomla! / Mambo Component com_omnirealestate - 'objid' Parameter SQL Injection Joomla! / Mambo Component 'com_model' - 'objid' Parameter SQL Injection Joomla! / Mambo Component 'com_omnirealestate' - 'objid' Parameter SQL Injection Joomla! / Mambo Component com_smslist - 'listid' Parameter SQL Injection Joomla! / Mambo Component com_activities - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_smslist' - 'listid' Parameter SQL Injection Joomla! / Mambo Component 'com_activities' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_lexikon - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_lexikon' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_team - SQL Injection Joomla! / Mambo Component com_iigcatalog - 'cat' Parameter SQL Injection Joomla! / Mambo Component com_formtool - 'catid' Parameter SQL Injection Joomla! / Mambo Component com_genealogy - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_team' - SQL Injection Joomla! / Mambo Component 'com_iigcatalog' - 'cat' Parameter SQL Injection Joomla! / Mambo Component 'com_formtool' - 'catid' Parameter SQL Injection Joomla! / Mambo Component 'com_genealogy' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_hello_world - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_hello_world' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_publication - 'pid' Parameter SQL Injection Joomla! / Mambo Component com_blog - 'pid' Parameter SQL Injection Joomla! / Mambo Component 'com_publication' - 'pid' Parameter SQL Injection Joomla! / Mambo Component 'com_blog' - 'pid' Parameter SQL Injection Joomla! / Mambo Component com_wines 1.0 - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_wines' 1.0 - 'id' Parameter SQL Injection Joomla! / Mambo Component com_inter - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_inter' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_guide - 'category' Parameter SQL Injection Joomla! / Mambo Component 'com_guide' - 'category' Parameter SQL Injection Joomla! / Mambo Component com_is 1.0.1 - Multiple SQL Injections Joomla! / Mambo Component 'com_is' 1.0.1 - Multiple SQL Injections Joomla! / Mambo Component com_utchat 0.2 - Multiple Remote File Inclusion Joomla! / Mambo Component 'com_utchat' 0.2 - Multiple Remote File Inclusion Vana CMS - 'Filename' Parameter Remote File Download Vana CMS - 'Filename' Parameter Arbitrary File Download Joomla! Component Rapid-Recipe - HTML Injection Joomla! Component 'Rapid-Recipe' - HTML Injection Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection REDAXO - 'subpage' Parameter Cross-Site Scripting Redaxo CMS 5.0.0 - Multiple Vulnerabilities Redaxo 5.0.0 - Multiple Vulnerabilities DarkComet Server - Remote File Download Exploit (Metasploit) DarkComet Server - Arbitrary File Download (Metasploit) WinaXe 7.7 'FTP client' - Remote Buffer Overflow Rapid PHP Editor 14.1 - Remote Command Execution Memcached 1.4.33 - PoC (1) Memcached 1.4.33 - PoC (2) Memcached 1.4.33 - PoC (3) SweetRice 1.5.1 - Arbitrary File Download Axessh 4.2 - Denial Of Service SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution ETchat 3.7 - Cross-Site Request Forgery sNews 1.7.1 - Cross-Site Request Forgery sNews 1.7.1 - Arbitrary File Upload PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow nodCMS - Cross-Site Request Forgery Redaxo 5.2.0 - Cross-Site Request Forgery	2016-11-04 05:01:21 +00:00
Offensive Security	d97b4f7c48	DB: 2016-10-28	2016-10-28 11:54:09 +00:00
Offensive Security	da85686a94	DB: 2016-10-28 6 new exploits Real Server < 8.0.2 - Remote Exploit (Windows Platforms) RealServer < 8.0.2 - Remote Exploit (Windows Platforms) OpenSSH/PAM 3.6.1p1 - Remote Users Ident (gossh.sh) OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident CdRecord 2.0 - Mandrake Privilege Escalation CDRTools CDRecord 2.0 - Mandrake Privilege Escalation LeapFTP 2.7.x - Remote Buffer Overflow LeapWare LeapFTP 2.7.x - Remote Buffer Overflow GNU Cfengine 2.-2.0.3 - Remote Stack Overflow GNU CFEngine 2.-2.0.3 - Remote Stack Overflow IA WebMail 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit Xsok 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit Serv-U FTPD 3.x/4.x - 'SITE CHMOD' Command Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow PSOProxy 0.91 - Remote Buffer Overflow (Windows 2000/XP) IPSwitch IMail LDAP Daemon - Remote Buffer Overflow Serv-U FTPD 3.x/4.x/5.x - (MDTM) Remote Overflow Proxy-Pro Professional GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow PSOProxy 0.91 (Windows 2000/XP) - Remote Buffer Overflow IPSwitch IMail LDAP Daemon/Service - Buffer Overflow RhinoSoft Serv-U FTPd Server 3.x/4.x/5.x - (MDTM) Remote Overflow Traceroute - Privilege Escalation LBL Traceroute - Privilege Escalation Perl (Redhat 6.2) - Restore and Dump Local Exploit Redhat 6.2 Restore and Dump - Local Exploit (Perl) HP-UX 11.00/10.20 - crontab Overwrite Files Exploit Solaris/SPARC 2.7 / 7 - locale Format String HP-UX 11.00/10.20 crontab - Overwrite Files Exploit Solaris/SPARC 2.7 / 7 locale - Format String Solaris - locale Format Strings (noexec stack) Exploit Solaris locale - Format Strings (noexec stack) Exploit glibc - locale bug mount Exploit GLIBC locale - bug mount Exploit Red Hat 6.2 xsoldier-0.96 - Exploit Red Hat 6.2 xsoldier 0.96 - Exploit OpenBSD 2.6 / 2.7 ftpd - Remote Exploit OpenBSD ftpd 2.6 / 2.7 - Remote Exploit GLIBC - Locale Format Strings Exploit GLIBC locale - Format Strings Exploit IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) - /usr/lib/print/netprint Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - /usr/lib/print/netprint Local Exploit SquirrelMail - chpasswd Buffer Overflow SquirrelMail - 'chpasswd' Buffer Overflow rlpr 2.04 - msg() Remote Format String Rlpr 2.04 - msg() Remote Format String Solaris 2.5.0/2.5.1 ps & chkey - Data Buffer Exploit Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer Exploit IRIX - Multiple Buffer Overflows (LsD) SGI IRIX - Multiple Buffer Overflows (LsD) IRIX - /bin/login Local Buffer Overflow SGI IRIX - /bin/login Local Buffer Overflow Solaris 2.4 - passwd & yppasswd & nispasswd Overflows Solaris 2.4 passwd / yppasswd / nispasswd - Overflows BlackJumboDog - Remote Buffer Overflow BlackJumboDog FTP Server - Remote Buffer Overflow Ollydbg 1.10 - Format String OllyDbg 1.10 - Format String SquirrelMail - (chpasswd) Privilege Escalation (Brute Force Exploit) SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit) CDRecord - '$RSH' exec() SUID Shell Creation CDRecord's ReadCD - '$RSH' exec() SUID Shell Creation MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow Alt-N MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow HP-UX 11.0/11.11 swxxx - Privilege Escalation HP-UX 11.0/11.11 - swxxx Privilege Escalation Zinf 2.2.1 - Local Buffer Overflow Zinf Audio Player 2.2.1 - Local Buffer Overflow ShixxNote 6.net - Remote Buffer Overflow ShixxNOTE 6.net - Remote Buffer Overflow MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow MailCarrier 2.51 - Remote Buffer Overflow SLMail 5.5 - POP3 PASS Buffer Overflow TABS MailCarrier 2.51 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow eZshopper - 'loadpage.cgi' Directory Traversal Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (1) Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1) Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (2) Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2) Microsoft Internet Explorer - '.ANI' files handling Universal Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Universal Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' files handling Downloader Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Downloader Exploit (MS05-002) Savant Web Server 3.1 - Remote Buffer Overflow (French Windows OS support) Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow Serv-U FTP Server 4.x - 'site chmod' Remote Buffer Overflow RhinoSoft Serv-U FTPd Server 4.x - 'site chmod' Remote Buffer Overflow Knet 1.04c - Buffer Overflow Denial of Service KNet Web Server 1.04c - Buffer Overflow Denial of Service Einstein 1.01 - Local Password Disclosure (asm) Einstein 1.01 - Local Password Disclosure (ASM) RealPlayer 10 - '.smil' Local Buffer Overflow RealNetworks RealPlayer 10 - '.smil' Local Buffer Overflow phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial 2) phpBB 2.0.12 - Session Handling Authentication Bypass UBB Threads < 6.5.2 Beta - (mailthread.php) SQL Injection UBBCentral UBB.Threads < 6.5.2 Beta - (mailthread.php) SQL Injection XML-RPC Library 1.3.0 - (xmlrpc.php) Remote Code Injection XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection xmlrpc.php Library 1.3.0 - Remote Command Execution (2) xmlrpc.php Library 1.3.0 - Remote Command Execution (3) XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2) XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3) wMailServer 1.0 - Remote Denial of Service SoftiaCom wMailServer 1.0 - Remote Denial of Service ZENworks 6.5 Desktop/Server Management - Remote Stack Overflow (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) BusinessMail 4.60.00 - Remote Buffer Overflow BusinessMail Server 4.60.00 - Remote Buffer Overflow WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit) Alt-N WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit) Wireless Tools 26 - (iwconfig) Privilege Escalation (some setuid) Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid) Mercury Mail 4.01a (Pegasus) - IMAP Buffer Overflow Mercury/32 Mail Server 4.01a (Pegasus) - IMAP Buffer Overflow CA iGateway - (debug mode) Remote Buffer Overflow CA iTechnology iGateway - (debug mode) Remote Buffer Overflow Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit) KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit) Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp) KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp) Zorum Forum 3.5 - (rollid) SQL Injection Zorum Forum 3.5 - 'rollid' SQL Injection SaphpLesson 2.0 - (forumid) SQL Injection saPHP Lesson 2.0 - (forumid) SQL Injection zawhttpd 0.8.23 - (GET) Remote Buffer Overflow Denial of Service zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service Zix Forum 1.12 - (layid) SQL Injection Zix Forum 1.12 - 'layid' SQL Injection QBik Wingate 6.1.1.1077 - (POST) Remote Buffer Overflow QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow INDEXU 5.0.1 - (admin_template_path) Remote File Inclusion Indexu 5.0.1 - (admin_template_path) Remote File Inclusion SmartSiteCMS 1.0 - (root) Multiple Remote File Inclusion SmartSite CMS 1.0 - (root) Multiple Remote File Inclusion Solaris 10 - sysinfo() Local Kernel Memory Disclosure Solaris 10 sysinfo() - Local Kernel Memory Disclosure SAPID CMS 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion SAPID 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion ZZ:FlashChat 3.1 - (adminlog) Remote File Inclusion ZZ:FlashChat 3.1 - 'adminlog' Remote File Inclusion WFTPD 3.23 - (SIZE) Remote Buffer Overflow Texas Imperial Software WFTPD 3.23 - (SIZE) Remote Buffer Overflow Apache < 1.3.37 / 2.0.59 / 2.2.3 - (mod_rewrite) Remote Overflow (PoC) Apache (mod_rewrite) < 1.3.37 / 2.0.59 / 2.2.3 - Remote Overflow (PoC) Tr Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit X11R6 <= 6.4 XKEYBOARD (solaris/x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco/x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion Telekorn Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion ZoomStats 1.0.2 - (mysql.php) Remote File Inclusion ZoomStats 1.0.2 - 'mysql.php' Remote File Inclusion Microsoft Internet Explorer (VML) - Remote Buffer Overflow (SP2) (Perl) Microsoft Internet Explorer - (VML) Remote Buffer Overflow (SP2) (Perl) PHPMyWebmin 1.0 - (window.php) Remote File Inclusion phpMyWebmin 1.0 - (window.php) Remote File Inclusion VideoDB 2.2.1 - (pdf.php) Remote File Inclusion VideoDB 2.2.1 - 'pdf.php' Remote File Inclusion Microsoft Office 2003 - PPT Local Buffer Overflow (PoC) Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC) Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 (libnspr) - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 libnspr - Constructor Privilege Escalation Solaris 10 (libnspr) - Constructor Privilege Escalation Microsoft Windows NAT Helper Components - 'ipnathlp.dll' Remote Denial of Service Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service 3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow (PoC) 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow (PoC) 3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit BlazeVideo HDTV Player 2.1 - Malformed PLF Buffer Overflow (PoC) BlazeVideo HDTV Player 2.1 - Malformed '.PLF' Buffer Overflow (PoC) AT-TFTP 1.9 - (Long Filename) Remote Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - (Long Filename) Remote Buffer Overflow DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow KDE 3.5 - (libkhtml) 4.2.0 / Unhandled HTML Parse Exception Exploit KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception Exploit Irokez CMS 0.7.1 - Multiple Remote File Inclusion Irokez Blog 0.7.1 - Multiple Remote File Inclusion PHP-update 2.7 - Multiple Vulnerabilities PHP-Update 2.7 - Multiple Vulnerabilities Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) TFTPDWIN 0.4.2 - Remote Buffer Overflow ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow 3Com TFTP Service 2.0.1 - Remote Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) 2.0.1 - Remote Buffer Overflow (Metasploit) FdScript 1.3.2 - 'download.php' Remote File Disclosure FD Script 1.3.2 - 'download.php' Remote File Disclosure Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit) Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit) SunOS 5.10/5.11 - in.TelnetD Remote Authentication Bypass SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass ZebraFeeds 1.0 - (zf_path) Remote File Inclusion ZebraFeeds 1.0 - 'zf_path' Remote File Inclusion MailEnable Enterprise 2.32 < 2.34 - Remote Buffer Overflow MailEnable Professional 2.35 - Remote Buffer Overflow MailEnable IMAPD Enterprise 2.32 < 2.34 - Remote Buffer Overflow MailEnable IMAPD Professional 2.35 - Remote Buffer Overflow Ipswitch WS_FTP 5.05 - (XMD5) Remote Buffer Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - (XMD5) Remote Buffer Overflow (Metasploit) Oracle 10g KUPW$WORKER.MAIN - SQL Injection (2) Oracle 10g - KUPW$WORKER.MAIN SQL Injection (2) 3Com TFTP Service 2.0.1 - (Long Transporting Mode) Exploit (Perl) madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow 3Com TFTP Service (3CTftpSvc) 2.0.1 - (Long Transporting Mode) Exploit (Perl) Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow TFTPDWIN Server 0.4.2 - (UDP) Denial of Service ProSysInfo TFTP Server TFTPDWIN 0.4.2 - (UDP) Denial of Service NetVios Portal - 'page.asp' SQL Injection NetVIOS Portal - 'page.asp' SQL Injection Mercury Mail 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow Mercury/32 Mail Server 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow Apache Mod_Rewrite (Windows x86) - Off-by-One Remote Overflow Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow Microsoft Windows GDI - Privilege Escalation (MS07-017) (1) Microsoft Windows - GDI Privilege Escalation (MS07-017) (1) qdblog 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Microsoft Windows GDI - Privilege Escalation (MS07-017) (2) Microsoft Windows - GDI Privilege Escalation (MS07-017) (2) Zomplog 3.8 - (force_download.php) Remote File Disclosure Zomplog 3.8 - 'force_download.php' Remote File Disclosure Versalsoft HTTP File Upload - ActiveX 6.36 (AddFile) Remote Denial of Service Versalsoft HTTP File Uploader - ActiveX 6.36 (AddFile) Remote Denial of Service Gimp 2.2.14 (Win x86) - '.ras' Download/Execute Buffer Overflow GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (PoC) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (PoC) Apache 2.0.58 Mod_Rewrite - Remote Overflow (Windows 2003) Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (1) UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (2) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (1) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (2) Microsoft Windows GDI+ - ICO File Remote Denial of Service Microsoft Windows - GDI+ '.ICO' File Remote Denial of Service Safari 3 for Windows Beta - Remote Command Execution (PoC) Apple Safari 3 for Windows Beta - Remote Command Execution (PoC) YourFreeScreamer 1.0 - (serverPath) Remote File Inclusion YourFreeScreamer 1.0 - 'serverPath' Remote File Inclusion BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow PHPEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection phpEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection Oracle 9i/10g Evil Views - Change Passwords Exploit Oracle 9i/10g - Evil Views Change Passwords Exploit Savant 3.1 - GET Request Remote Overflow (Universal) Savant Web Server 3.1 - GET Request Remote Overflow (Universal) Easy Chat Server 2.2 - Remote Denial of Service EFS Easy Chat Server 2.2 - Remote Denial of Service Mercury SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 3.32-4.51 - SMTP Unauthenticated EIP Overwrite Mercury/32 Mail Server 3.32<4.51 - SMTP Unauthenticated EIP Overwrite Thomson SIP phone ST 2030 - Remote Denial of Service Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service MSN messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft MSN Messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft Visual Basic Enterprise Edition 6.0 SP6 - Code Execution Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution AskJeeves Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow Ask.com/AskJeeves Toolbar Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow MDPro 1.0.76 - SQL Injection MD-Pro 1.0.76 - SQL Injection ZZ FlashChat 3.1 - (help.php) Local File Inclusion ZZ FlashChat 3.1 - 'help.php' Local File Inclusion PHP-AGTC membership system 1.1a - Remote Add Admin PHP-AGTC Membership System 1.1a - Remote Add Admin Quick and Dirty Blog 0.4 - (categories.php) Local File Inclusion Quick and Dirty Blog (qdblog) 0.4 - (categories.php) Local File Inclusion badblue 2.72b - Multiple Vulnerabilities BadBlue 2.72b - Multiple Vulnerabilities SquirrelMail G/PGP Plugin - deletekey() Command Injection SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection hp software update client 3.0.8.4 - Multiple Vulnerabilities HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities Microsoft Visual InterDev 6.0-SP6 - '.sln' Local Buffer Overflow Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow QuickTime Player 7.3.1.70 - RTSP Remote Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC) Gradman 0.1.3 - (agregar_info.php) Local File Inclusion Gradman 0.1.3 - 'agregar_info.php' Local File Inclusion mybulletinboard (MyBB) 1.2.10 - Multiple Vulnerabilities MyBulletinBoard (MyBB) 1.2.10 - Multiple Vulnerabilities Mini File Host 1.2 - (upload.php language) Local File Inclusion Crystal Reports XI Release 2 - (Enterprise Tree Control) ActiveX Buffer Overflow/Denial of Service Mini File Host 1.2 - 'language' Parameter Local File Inclusion Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow/Denial of Service Gradman 0.1.3 - (info.php tabla) Local File Inclusion Small Axe 0.3.1 - (linkbar.php cfile) Remote File Inclusion Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.dsr' File Handling Buffer Overflow Gradman 0.1.3 - 'info.php' Local File Inclusion Small Axe 0.3.1 - 'cfile' Parameter Remote File Inclusion Microsoft Visual Basic Enterprise 6 SP6 - '.dsr' File Handling Buffer Overflow Mini File Host 1.2.1 - (upload.php language) Local File Inclusion Mini File Host 1.2.1 - 'language' Parameter Local File Inclusion Frimousse 0.0.2 - explorerdir.php Local Directory Traversal 360 Web Manager 3.0 - (IDFM) SQL Injection bloofox 0.3 - (SQL Injection / File Disclosure) Multiple Vulnerabilities Frimousse 0.0.2 - 'explorerdir.php' Local Directory Traversal 360 Web Manager 3.0 - 'IDFM' Parameter SQL Injection bloofox 0.3 - SQL Injection / File Disclosure Mooseguy Blog System 1.0 - (blog.php month) SQL Injection Mooseguy Blog System 1.0 - 'month' Parameter SQL Injection IDM-OS 1.0 - (download.php Filename) File Disclosure IDM-OS 1.0 - 'Filename' Parameter File Disclosure MoinMoin 1.5.x - MOIND_ID cookie Bug Remote Exploit aflog 1.01 - comments.php Cross-Site Scripting / SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote Exploit aflog 1.01 - Cross-Site Scripting / SQL Injection Easysitenetwork Recipe - 'categoryId' SQL Injection Coppermine Photo Gallery 1.4.14 - SQL Injection Easysitenetwork Recipe - 'categoryId' Parameter SQL Injection Coppermine Photo Gallery 1.4.10 - SQL Injection web wiz rich text editor 4.0 - Multiple Vulnerabilities Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities Seagull 0.6.3 - (optimizer.php files) Remote File Disclosure Seagull 0.6.3 - 'optimizer.php' Remote File Disclosure Joomla! Component Marketplace 1.1.1 - SQL Injection Joomla! Component com_Marketplace 1.1.1 - SQL Injection ASPapp - 'links.asp CatId' SQL Injection ASPapp Knowledge Base - 'links.asp CatId' SQL Injection ZYXEL ZyWALL Quagga/Zebra - (default pass) Remote Root Exploit ZYXEL ZyWALL Quagga/Zebra - (Default Password) Remote Root Exploit Quick TFTP Pro 2.1 - Remote SEH Overflow Quick TFTP Server Pro 2.1 - Remote SEH Overflow Microsoft Office XP SP3 - PPT File Buffer Overflow (MS08-016) Microsoft Office XP SP3 - '.PPT' File Buffer Overflow (MS08-016) HP OpenView NNM 7.5.1 - OVAS.exe SEH Unauthenticated Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow Microsoft Visual InterDev 6.0 - (SP6) SLN File Local Buffer Overflow (PoC) Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC) Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.DSR' File Local Buffer Overflow Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow hp openview nnm 7.53 - Multiple Vulnerabilities HP OpenView Network Node Manager (OV NNM) 7.53 - Multiple Vulnerabilities PHPKB 1.5 Knowledge Base - 'ID' SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection Microsoft Windows GDI - Image Parsing Stack Overflow (MS08-021) Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021) HP OpenView NNM 7.5.1 - ovalarmsrv.exe Remote Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ZeusCart 2.0 - (category_list.php) SQL Injection ZeusCart 2.0 - 'category_list.php' SQL Injection Zomplog 3.8.2 - (newuser.php) Arbitrary Add Admin Zomplog 3.8.2 - 'newuser.php' Arbitrary Add Admin Zomplog 3.8.2 - (force_download.php) File Disclosure Zomplog 3.8.2 - 'force_download.php' File Disclosure PHP AGTC-Membership System 1.1a - Arbitrary Add Admin PHP-AGTC Membership System 1.1a - Arbitrary Add Admin PHP Booking Calendar 10 d - SQL Injection phpBookingCalendar 10 d - SQL Injection SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC) Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC) Yuhhu 2008 SuperStar - (board) SQL Injection Yuhhu 2008 SuperStar - 'board' SQL Injection gravity board x 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities gl-sh deaf forum 6.5.5 - Multiple Vulnerabilities GL-SH Deaf Forum 6.5.5 - Multiple Vulnerabilities Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow trixbox - (langChoice) Local File Inclusion (connect-back) (2) Trixbox - (langChoice) Local File Inclusion (connect-back) (2) Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow Artic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Ppim 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities pPIM 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities Cisco WebEx Meeting Manager - 'atucfobj.dll' ActiveX Remote Buffer Overflow Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX Remote Buffer Overflow Ppim 1.0 - (upload/change Password) Multiple Vulnerabilities pPIM 1.0 - (upload/change Password) Multiple Vulnerabilities z-breaknews 2.0 - (single.php) SQL Injection z-breaknews 2.0 - 'single.php' SQL Injection Ultra Office - ActiveX Control Remote Buffer Overflow Ultra Shareware Office Control - ActiveX Control Remote Buffer Overflow Micrsoft Windows GDI - (CreateDIBPatternBrushPt) Heap Overflow (PoC) Microsoft Windows - GDI (CreateDIBPatternBrushPt) Heap Overflow (PoC) phpvid 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - (page) SQL Injection phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection Microsoft Windows Media Encoder XP SP2 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) Microsoft Windows Media Encoder (Windows XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash Apple QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash Microsoft Windows GDI+ - '.ico' Remote Division By Zero Exploit Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit Microsoft Windows GDI - (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) opennms < 1.5.96 - Multiple Vulnerabilities OpenNMS < 1.5.96 - Multiple Vulnerabilities yerba sacphp 6.3 - Multiple Vulnerabilities Yerba SACphp 6.3 - Multiple Vulnerabilities Microsoft Windows GDI+ - PoC (MS08-052) (2) Microsoft Windows - GDI+ PoC (MS08-052) (2) zeeproperty - (adid) SQL Injection zeeproperty - 'adid' SQL Injection TUGzip 3.00 archiver - '.zip' Local Buffer Overflow TugZip 3.00 Archiver - '.zip' Local Buffer Overflow AJ ARTICLE - 'featured_article.php mode' SQL Injection AJ Article - 'featured_article.php mode' SQL Injection Article Publisher PRO 1.5 - Insecure Cookie Handling Graugon PHP Article Publisher Pro 1.5 - Insecure Cookie Handling YourFreeWorld Classifieds - (category) SQL Injection YourFreeWorld Classifieds - 'category' SQL Injection PG Roomate Finder Solution - (Authentication Bypass) SQL Injection Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) Apple iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) asp AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection phpmygallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Hex Workshop 6.0 - (ColorMap files .cmap) Invalid Memory Reference (PoC) Hex Workshop 6.0 - '.cmap' Invalid Memory Reference (PoC) ProFTPd with mod_mysql - Authentication Bypass ProFTPd - 'mod_mysql' Authentication Bypass ppim 1.0 - Multiple Vulnerabilities pPIM 1.0 - Multiple Vulnerabilities Orbit 2.8.4 - Long Hostname Remote Buffer Overflow Orbit Downloader 2.8.4 - Long Hostname Remote Buffer Overflow Merak Media PLayer 3.2 - '.m3u' File Local Buffer Overflow (SEH) Merak Media Player 3.2 - '.m3u' File Local Buffer Overflow (SEH) Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Files Local Heap Overflow (PoC) Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Local Heap Overflow (PoC) bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Racer 0.5.3b5 - Remote Stack Buffer Overflow Racer 0.5.3 Beta 5 - Remote Stack Buffer Overflow Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash Apple Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash Gravity Board X 2.0b - SQL Injection / Authenticated Code Execution Gravity Board X 2.0 Beta - SQL Injection / Authenticated Code Execution Online Guestbook Pro - (display) Blind SQL Injection Esoftpro Online Guestbook Pro - (display) Blind SQL Injection tematres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ZaoCMS - (user_id) SQL Injection ZaoCMS - 'user_id' SQL Injection Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC) Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC) ZeeCareers 2.0 - (addAdminmembercode.php) Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection Impact Software AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection WebBoard 2.90 Beta - Remote File Disclosure 212Cafe WebBoard 2.90 Beta - Remote File Disclosure ZeusCart 2.3 - (maincatid) SQL Injection ZeusCart 2.3 - 'maincatid' SQL Injection DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection Worldweaver DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) OtsAv DJ/TV/Radio - Multiple Local Heap Overflow PoCs otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs Microsoft Office Web Components (Spreadsheet) - ActiveX Buffer Overflow (PoC) Microsoft Office Web Components (OWC) Spreadsheet - ActiveX Buffer Overflow (PoC) DD-WRT - (httpd service) Remote Command Execution DD-WRT HTTPd Daemon/Service - Remote Command Execution GLinks 2.1 - (cat) Blind SQL Injection Groone's GLink ORGanizer 2.1 - (cat) Blind SQL Injection XOOPS celepar module qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Amaya 11.2 W3C Editor/Browser - (defer) Remote Buffer Overflow (SEH) Amaya 11.2 - W3C Editor/Browser (defer) Remote Buffer Overflow (SEH) Payment Processor Script - 'shop.htm cid' SQL Injection Payment Processor Script (PPScript) - 'shop.htm cid' SQL Injection Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) Apple Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) BandCMS 0.10 - news.php Multiple SQL Injection Rock Band CMS 0.10 - news.php Multiple SQL Injection Microsoft IIS 5.0 (Windows 2000 SP4) - FTP Server Remote Stack Overflow Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Eureka Mail Client 2.2q - PoC Buffer Overflow Eureka Email Client 2.2q - PoC Buffer Overflow Solaris 8.0 - LPD Command Execution (Metasploit) Solaris 8.0 LPD - Command Execution (Metasploit) Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit) Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) Apple Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit) Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) ntpd 4.0.99j-k readvar - Buffer Overflow (Metasploit) NTPd 4.0.99j-k readvar - Buffer Overflow (Metasploit) Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) PoPToP < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) BulletProof FTP 2.63 b56 - Client Malformed '.bps' File Stack Buffer Overflow BulletProof FTP Client 2.63 b56 - Malformed '.bps' File Stack Buffer Overflow Dopewars 1.5.12 Server - Denial of Service Dopewars Server 1.5.12 - Denial of Service Free Download Manager Torrent File Parsing - Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) HP LaserJet printers - Multiple Persistent Cross-Site Scripting Vulnerabilities HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Adobe Shockwave 11.5.1.601 Player - Multiple Code Execution Adobe Shockwave Player 11.5.1.601 - Multiple Code Execution HP Power Manager Administration - Universal Buffer Overflow Hewlett-Packard (HP) Power Manager Administration Power Manager Administration - Universal Buffer Overflow Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service HP Openview NNM 7.53 - Invalid DB Error Code HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code Quick.Cart 3.4 and Quick.CMS 2.4 - Cross-Site Request Forgery Quick.Cart 3.4 / Quick.CMS 2.4 - Cross-Site Request Forgery Eureka Mail Client - Remote Buffer Overflow Eureka Email Client - Remote Buffer Overflow IDEAL Administration 2009 9.7 - Local Buffer Overflow PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow phpshop 0.8.1 - Multiple Vulnerabilities phpShop 0.8.1 - Multiple Vulnerabilities IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) PointDev IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) HP NNM 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow DigitalHive - Multiple Vulnerabilities Digital Hive - Multiple Vulnerabilities zabbix server - Multiple Vulnerabilities Zabbix Server - Multiple Vulnerabilities freekot - (Authentication Bypass) SQL Injection Digiappz Freekot - (Authentication Bypass) SQL Injection TFTP Daemon 1.9 - Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Denial of Service B2B Trading Marketplace - SQL Injection SoftBiz B2B trading Marketplace Script - SQL Injection Mini-stream - Windows XP SP2 and SP3 Exploit Mini-stream Ripper (Windows XP SP2/SP3) - Exploit Audiotran 1.4.1 - (Win XP SP2/SP3 English) Buffer Overflow Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Buffer Overflow Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service Apple Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service iTunes 9.0.1 - '.pls' Handling Buffer Overflow Apple iTunes 9.0.1 - '.pls' Handling Buffer Overflow Apple Safari 4.0.4 & Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service/PoC Apple Safari 4.0.4 / Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service (PoC) Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service Apple Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service bild flirt system 2.0 - 'index.php' 'id' SQL Injection Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection SAFARI APPLE 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) iOS Safari - Bad 'VML' Remote Denial of Service iOS Safari - Remote Denial of Service Apple iOS Safari - Bad 'VML' Remote Denial of Service Apple iOS Safari - Remote Denial of Service HP OpenView NNM - OvWebHelp.exe CGI Topic Overflow HP OpenView Network Node Manager (OV NNM) - OvWebHelp.exe CGI Topic Overflow Adobe Reader - Escape From PDF Adobe Reader - Escape From '.PDF' TugZip 3.5 - '.ZIP' File Buffer Overflow TugZip 3.5 Archiver - '.ZIP' File Buffer Overflow Joomla! Component jp_jobs - SQL Injection Joomla! Component com_jp_jobs - SQL Injection Joomla! Component QPersonel - SQL Injection Joomla! Component com_QPersonel - SQL Injection Bild Flirt 1.0 - SQL Injection Bild Flirt System 1.0 - SQL Injection Safari 4.0.5 - (531.22.7) Denial of Service Apple Safari 4.0.5 - (531.22.7) Denial of Service Webkit (Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service Safari 4.0.3 / 4.0.4 - Stack Exhaustion Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion 724CMS Enterprise 4.59 - SQL Injection PHPKB Knowledge Base Software 2.0 - Multilanguage Support - Multiple SQL Injections 724CMS 4.59 Enterprise - SQL Injection PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections Joomla! Component JE Job - Local File Inclusion Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Joomla! Component com_jejob 1.0 - 'catid' SQL Injection Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection Savy Soda Documents - (Mobile Office Suite) XLS Denial of Service Office^2 iPhone - XLS Denial of Service GoodiWare GoodReader iPhone - XLS Denial of Service Savy Soda Documents - (Mobile Office Suite) '.XLS' Denial of Service Office^2 iPhone - '.XLS' Denial of Service GoodiWare GoodReader iPhone - '.XLS' Denial of Service Yamamah (news) - SQL Injection / Source Code Disclosure Yamamah - 'news' SQL Injection / Source Code Disclosure Unreal IRCD 3.2.8.1 - Remote Downloader/Execute Trojan UnrealIRCd 3.2.8.1 - Remote Downloader/Execute Trojan k-search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities YPNinc JokeScript - (ypncat_id) SQL Injection YPNinc JokeScript - 'ypncat_id' SQL Injection YPNinc PHP Realty Script - (docID) SQL Injection YPNinc PHP Realty Script - 'docID' SQL Injection HP OpenView NNM - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView NNM - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView NNM - getnnmdata.exe CGI Invalid Hostname Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution Apple Mac OSX (Snow Leopard) EvoCam Web Server - ROP Remote Exploit Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Exploit HP NNM 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) Safari Browser 4.0.2 - Clickjacking Apple Safari 4.0.2 - Clickjacking Barcodewiz 3.29 - Barcode ActiveX Control Remote Heap Spray Exploit (Internet Explorer 6/7' Barcodewiz Barcode ActiveX Control 3.29 - Remote Heap Spray Exploit (Internet Explorer 6/7) Apple iOS - pdf Jailbreak Exploit Apple iOS - '.pdf' Jailbreak Exploit HP OpenView NNM 7.53 OvJavaLocale - Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow Microsoft Power Point 2010 - 'pptimpconv.dll' DLL Hijacking Microsoft PowerPoint 2010 - 'pptimpconv.dll' DLL Hijacking Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking Apple Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking MediaPlayer Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking HP OpenView NNM - webappmon.exe execvp_nc Remote Code Execution HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution AdaptCMS 2.0.1 Beta Release - Remote File Inclusion (Metasploit) AdaptCMS 2.0.1 Beta - Remote File Inclusion (Metasploit) DATAC RealWin 2.0 (Build 6.1.8.10) - Buffer Overflow DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow FatPlayer 0.6b - '.wav' Buffer Overflow (SEH) Fat Player 0.6b - '.wav' Buffer Overflow (SEH) CubeCart 2.0.1 - SQL Injection Brooky CubeCart 2.0.1 - SQL Injection DATAC RealWin SCADA 1.06 - Buffer Overflow DATAC RealWin SCADA Server 1.06 - Buffer Overflow pilot cart 7.3 - Multiple Vulnerabilities ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities Mp3-Nator 2.0 - Buffer Overflow (SEH) MP3-Nator 2.0 - Buffer Overflow (SEH) Safari 5.02 - Stack Overflow Denial of Service Apple Safari 5.02 - Stack Overflow Denial of Service Microsoft Windows Task Scheduler - Privilege Escalation Microsoft Windows - Task Scheduler Privilege Escalation Pandora Fms 3.1 - Authentication Bypass Pandora FMS 3.1 - Authentication Bypass bugtracker.net 3.4.4 - Multiple Vulnerabilities BugTracker.NET 3.4.4 - Multiple Vulnerabilities Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow WMITools ActiveX - Remote Command Execution Microsoft WMITools ActiveX - Remote Command Execution VideoSpirit Pro 1.68 - Local Buffer Overflow VeryTools VideoSpirit Pro 1.68 - Local Buffer Overflow Apple Mac OSX iTunes 8.1.1 - ITms Overflow (Metasploit) Apple iTunes 8.1.1 (Mac OSX) - ITms Overflow (Metasploit) PeaZip 2.6.1 - Zip Processing Command Injection (Metasploit) PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit) Sun Java - System Web Server WebDAV OPTIONS Buffer Overflow (Metasploit) Sun Java Web Server - System WebDAV OPTIONS Buffer Overflow (Metasploit) Apache Tomcat Manager Application Deployer - Authenticated Code Execution (Metasploit) Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit) Solaris sadmind - Command Execution (Metasploit) Solaris Sadmind - Command Execution (Metasploit) Sun Solaris - Telnet Remote Authentication Bypass (Metasploit) Sun Solaris Telnet - Remote Authentication Bypass (Metasploit) Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit) Oracle 8i TNS Listener - 'ARGUMENTS' Buffer Overflow (Metasploit) Motorola Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit) Oracle 8i - TNS Listener 'ARGUMENTS' Buffer Overflow (Metasploit) TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3CTftpSvc TFTP - Long Mode Buffer Overflow (Metasploit) Quick FTP Pro 2.1 - Transfer-Mode Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - Long Mode Buffer Overflow (Metasploit) Quick TFTP Server Pro 2.1 - Transfer-Mode Overflow (Metasploit) Allied Telesyn TFTP Server 1.9 - Long Filename Overflow (Metasploit) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Long Filename Overflow (Metasploit) CA BrightStor - ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit) Eureka Email 2.2q - ERR Remote Buffer Overflow (Metasploit) (2) Eureka Email Client 2.2q - ERR Remote Buffer Overflow (Metasploit) (2) FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) Kerio Firewall 2.1.4 - Authentication Packet Overflow (Metasploit) Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Kerio Personal Firewall 2.1.4 - Authentication Packet Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Mercury/32 <= 4.01b - LOGIN Buffer Overflow (Metasploit) Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) MailEnable IMAPD (2.35) - Login Request Buffer Overflow (Metasploit) Mercur 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit) Mdaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit) Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) MailEnable IMAPD Professional (2.35) - Login Request Buffer Overflow (Metasploit) Mercur MailServer 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) IMail IMAP4D - Delete Overflow (Metasploit) IPSwitch IMail IMAP4D - Delete Overflow (Metasploit) Mercury/32 4.01a - IMAP RENAME Buffer Overflow (Metasploit) Mercury/32 Mail Server 4.01a - IMAP RENAME Buffer Overflow (Metasploit) Ipswitch IMail - IMAP SEARCH Buffer Overflow (Metasploit) Ipswitch IMail Server - IMAP SEARCH Buffer Overflow (Metasploit) AOL Instant Messenger - goaway Overflow (Metasploit) AOL Instant Messenger AIM - goaway Overflow (Metasploit) Microsoft OWC Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Zenturi ProgramChecker - ActiveX Control Arbitrary File Download (Metasploit) Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit) Tumbleweed FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) RKD Software 'BarCodeAx.dll' 4.9 - ActiveX Remote Stack Buffer Overflow (Metasploit) RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Stack Buffer Overflow (Metasploit) RealNetworks RealPlayer - SMIL Buffer Overflow (Metasploit) RealNetworks RealPlayer - '.SMIL' Buffer Overflow (Metasploit) Adobe Shockwave - rcsL Memory Corruption (Metasploit) Adobe Shockwave Player - rcsL Memory Corruption (Metasploit) Microsoft Internet Explorer - VML Fill Method Code Execution (Metasploit) Microsoft Internet Explorer - (VML) Fill Method Code Execution (Metasploit) WebEx UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) ACDSee - XPM File Section Buffer Overflow (Metasploit) ACDSee - '.XPM' File Section Buffer Overflow (Metasploit) HT-MP3Player 1.0 HT3 - File Parsing Buffer Overflow (Metasploit) HT-MP3Player 1.0 - '.HT3' File Parsing Buffer Overflow (Metasploit) Orbital Viewer - ORB File Parsing Buffer Overflow (Metasploit) Orbital Viewer - '.ORB' File Parsing Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - pls Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Qbik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit) QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit) Medal Of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit) Medal of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit) Cesar FTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) Serv-U FTPD - MDTM Overflow (Metasploit) RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - XMD5 Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - (XMD5) Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP - 'Username' Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit) FileCopa FTP Server pre 18 Jul Version - Exploit (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit) SentinelLM - UDP Buffer Overflow (Metasploit) Sentinel LM - UDP Buffer Overflow (Metasploit) Apache module Mod_Rewrite - LDAP protocol Buffer Overflow (Metasploit) Xitami 2.5c2 Web Server - If-Modified-Since Overflow (Metasploit) Apache (mod_rewrite) - LDAP protocol Buffer Overflow (Metasploit) Xitami Web Server 2.5c2 - If-Modified-Since Overflow (Metasploit) Sambar 6 - Search Results Buffer Overflow (Metasploit) Sambar Server 6 - Search Results Buffer Overflow (Metasploit) IA WebMail 3.x - Buffer Overflow (Metasploit) IA WebMail Server 3.x - Buffer Overflow (Metasploit) Savant 3.1 Web Server - Overflow Exploit (Metasploit) Savant Web Server 3.1 - Overflow Exploit (Metasploit) HP OpenView NNM 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) Hewlett-Packard Power Manager Administration - Buffer Overflow (Metasploit) Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit) Ipswitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) IPSwitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) PSO Proxy 0.91 - Stack Buffer Overflow (Metasploit) PSOProxy 0.91 - Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovalarm.exe CGI Buffer Overflow (Metasploit) Apache mod_jk 1.2.20 - Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit) Apache Tomcat mod_jk 1.2.20 - Buffer Overflow (Metasploit) NaviCOPA 2.0.1 - URL Handling Buffer Overflow (Metasploit) NaviCOPA Web Server 2.0.1 - URL Handling Buffer Overflow (Metasploit) MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) YPOPS 0.6 - Buffer Overflow (Metasploit) YahooPOPs (YPOPS) 0.6 - Buffer Overflow (Metasploit) Mercury Mail SMTP AUTH CRAM-MD5 - Buffer Overflow (Metasploit) Mercury/32 Mail SMTPD - AUTH CRAM-MD5 Buffer Overflow (Metasploit) IMail LDAP Service - Buffer Overflow (Metasploit) IPSwitch IMail LDAP Daemon/Service - Buffer Overflow (Metasploit) GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) Poptop - Negative Read Overflow (Metasploit) UoW IMAP server - LSUB Buffer Overflow (Metasploit) PoPToP - Negative Read Overflow (Metasploit) UoW IMAPd Server - LSUB Buffer Overflow (Metasploit) DD-WRT HTTP Daemon - Arbitrary Command Execution (Metasploit) DD-WRT HTTPd Daemon/Service - Arbitrary Command Execution (Metasploit) Samba (Linux/x86) - trans2open Overflow (Metasploit) iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) AppleFileServer - LoginExt PathName Overflow (Metasploit) Samba (Linux x86) - trans2open Overflow (Metasploit) Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) AppleFileServer (OSX) - LoginExt PathName Overflow (Metasploit) Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Safari - Archive Metadata Command Execution (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Apple Safari - Archive Metadata Command Execution (Metasploit) iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Mail.app - Image Attachment Command Execution (Metasploit) Apple Mail.app - Image Attachment Command Execution (Metasploit) Apple Mac OSX QuickTime - RTSP Content-Type Overflow (Metasploit) Apple Mac OSX EvoCam - HTTP GET Buffer Overflow (Metasploit) Apple QuickTime (Mac OSX) - RTSP Content-Type Overflow (Metasploit) Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit) Samba trans2open (BSD/x86) - Overflow Exploit (Metasploit) Samba (BSD x86) - trans2open Overflow Exploit (Metasploit) PHP XML-RPC - Arbitrary Code Execution (Metasploit) XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit) AWStats 6.4 < 6.5 migrate - Remote Command Execution (Metasploit) HP Openview - connectedNodes.ovpl Remote Command Execution (Metasploit) AWStats 6.4 < 6.5 - migrate Remote Command Execution (Metasploit) HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit) TWiki Search Function - Arbitrary Command Execution (Metasploit) TWiki - Search Function Arbitrary Command Execution (Metasploit) Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit) The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit) Novell iPrint Client ActiveX Control 5.52 - Buffer Overflow (Metasploit) Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit) Kolibri 2.0 - HTTP Server HEAD Buffer Overflow (Metasploit) Kolibri HTTP Server 2.0 - HEAD Buffer Overflow (Metasploit) 7-Technologies igss 9.00.00.11059 - Multiple Vulnerabilities 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities HP OpenView NNM - nnmRptConfig nameParams Buffer Overflow (Metasploit) HP NNM - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP NNM - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig nameParams Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP OpenView NNM - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) VeryTools Video Spirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) VeryTools VideoSpirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) eyeos 1.9.0.2 - Persistent Cross-Site Scripting using image files eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files Golden FTP 4.70 - PASS Stack Buffer Overflow (Metasploit) Golden FTP Server 4.70 - PASS Stack Buffer Overflow (Metasploit) manageengine support center plus 7.8 build 7801 - Directory Traversal ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal Safari 5.0.6/5.1 - SVG DOM Processing (PoC) Apple Safari 5.0.6/5.1 - SVG DOM Processing (PoC) Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass) Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass) TugZip 3.5 - '.ZIP' File Parsing Buffer Overflow (Metasploit) TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit) Sports PHool 1.0 - Remote File Inclusion SportsPHool 1.0 - Remote File Inclusion Mini-stream 3.0.1.1 - Buffer Overflow (3) Mini-stream Ripper 3.0.1.1 - Buffer Overflow (3) Log1CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Log1 CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Zabbix 1.8.4 - (popup.php) SQL Injection Zabbix 1.8.4 - 'popup.php' SQL Injection CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit '.m3u' (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow SEH Exploit (Metasploit) Serv-U FTP Server < 4.2 - Buffer Overflow (Metasploit) RhinoSoft Serv-U FTPd Server < 4.2 - Buffer Overflow (Metasploit) Family Connections - less.php Remote Command Execution (Metasploit) Family Connections CMS - 'less.php' Remote Command Execution (Metasploit) FCMS 2.7.2 CMS - Multiple Persistent Cross-Site Scripting Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting openemr 4 - Multiple Vulnerabilities Safari - GdiDrawStream BSoD OpenEMR 4 - Multiple Vulnerabilities Apple Safari - GdiDrawStream BSoD clip bucket 2.6 - Multiple Vulnerabilities Clipbucket 2.6 - Multiple Vulnerabilities Tube Ace(Adult PHP Tube Script) - SQL Injection Tube Ace (Adult PHP Tube Script) - SQL Injection Dolibarr CMS 3.2.0 < Alpha - File Inclusion Dolibarr 3.2.0 < Alpha - File Inclusion PBLang - Local File Inclusion PBLang Bulletin Board System - Local File Inclusion NetDecision 4.5.1 - HTTP Server Buffer Overflow (Metasploit) Netmechanica NetDecision HTTP Server 4.5.1 - Buffer Overflow (Metasploit) Ricoh DC Software DL-10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow Sitecom WLM-2501 new - Multiple Cross-Site Request Forgery Vulnerabilities Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities Ricoh DC DL-10 SR10 - FTP USER Command Buffer Overflow (Metasploit) Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit) TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam - ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow Quest InTrust Annotation Objects - Uninitialized Pointer (Metasploit) Quest InTrust - Annotation Objects Uninitialized Pointer (Metasploit) TFTP Server for Windows 1.4 - ST WRQ Buffer Overflow (Metasploit) TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit) samsung net-i ware 1.37 - Multiple Vulnerabilities Samsung NET-i ware 1.37 - Multiple Vulnerabilities iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) Apple iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) GIMP - script-fu Server Buffer Overflow (Metasploit) GIMP script-fu - Server Buffer Overflow (Metasploit) SugarCRM 6.3.1 - Unserialize() PHP Code Execution (Metasploit) SugarCRM CE 6.3.1 - Unserialize() PHP Code Execution (Metasploit) Openfire 3.6.0a - Admin Console Authentication Bypass (Metasploit) Openfire Server 3.6.0a - Admin Console Authentication Bypass (Metasploit) Tiki Wiki 8.3 - Unserialize() PHP Code Execution (Metasploit) Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution (Metasploit) Ipswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption Ipswitch IMail Server 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption UoW imapd 10.234/12.264 - Buffer Overflow UoW imapd 10.234/12.264 - LSUB Buffer Overflow (Metasploit) UoW imapd 10.234/12.264 - COPY Buffer Overflow (Metasploit) UoW IMAPd Server 10.234/12.264 - Buffer Overflow UoW IMAPd Server 10.234/12.264 - LSUB Buffer Overflow (Metasploit) UoW IMAPd Serve 10.234/12.264 - COPY Buffer Overflow (Metasploit) RedHat 6.2 - Piranha Virtual Server Package Default Account and Password RedHat 6.2 Piranha Virtual Server Package - Default Account and Password Microsoft Windows - Escalate Task Scheduler XML Privilege Escalation (Metasploit) Microsoft Windows - Task Scheduler XML Privilege Escalation (Metasploit) hp jetadmin 5.5.177/jetadmin 5.6 - Directory Traversal HP JetAdmin 5.5.177/jetadmin 5.6 - Directory Traversal Alienvault OSSIM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection RedHat 6 - glibc/locale Subsystem Format String Solaris 2.6/7.0 - /locale Subsystem Format String RedHat 6 GLIBC/locale - Subsystem Format String Solaris 2.6/7.0 /locale - Subsystem Format String Solaris 2.6/7.0 - 'eject' locale Subsystem Format String Solaris 2.6/7.0 'eject' locale - Subsystem Format String Microsoft IIS 4.0/5.0 and PWS Extended Unicode - Directory Traversal (5) Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (5) RedHat restore 0.4 b15 - Insecure Environment Variables RedHat 0.4 b15 restore - Insecure Environment Variables Viscosity OpenVPN Client (OSX) - Privilege Escalation Viscosity - Privilege Escalation Solaris 2.x/7.0/8 catman - Race Condition (1) Solaris 2.x/7.0/8 catman - Race Condition (2) Solaris 2.x/7.0/8 Catman - Race Condition (1) Solaris 2.x/7.0/8 Catman - Race Condition (2) sap NetWeaver dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities T-dah Webmail - Multiple Persistent Cross-Site Scripting T-dah Webmail Client - Multiple Persistent Cross-Site Scripting Ntpd - Remote Buffer Overflow NTPd - Remote Buffer Overflow Ipswitch WS_FTP 2.0 - Anonymous Multiple FTP Command Buffer Overflow Ipswitch WS_FTP Server 2.0 - Anonymous Multiple FTP Command Buffer Overflow Solaris 2.x/7.0/8 lpd - Remote Command Execution HP-UX 11.0 SWVerify - Buffer Overflow Solaris 2.x/7.0/8 LPD - Remote Command Execution HP-UX 11.0 - SWVerify Buffer Overflow phusion WebServer 1.0 - Directory Traversal (1) phusion WebServer 1.0 - Directory Traversal (2) Phusion WebServer 1.0 - Directory Traversal (1) Phusion WebServer 1.0 - Directory Traversal (2) Progress 9.1 - sqlcpp Local Buffer Overflow Progress Database 9.1 - sqlcpp Local Buffer Overflow PsyBNC 2.3 - Oversized Passwords Denial of Service psyBNC 2.3 - Oversized Passwords Denial of Service Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1) Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2) WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1) WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2) Midicart - PHP Arbitrary File Upload Midicart PHP - Arbitrary File Upload otrs 3.1 - Persistent Cross-Site Scripting OTRS 3.1 - Persistent Cross-Site Scripting EType EServ 2.9x POP3 - Remote Denial of Service EType EServ 2.9x - POP3 Remote Denial of Service Invision Power Board 3.3.4 - 'Unserialize()' PHP Code Execution Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution Invision Power Board 3.3.4 - Unserialize Regex Bypass Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass ttCMS 2.2 - / ttForum 1.1 news.php template Parameter Remote File Inclusion ttCMS 2.2 - / ttForum 1.1 install.php installdir Parameter Remote File Inclusion ttCMS 2.2 / ttForum 1.1 - news.php template Parameter Remote File Inclusion ttCMS 2.2 / ttForum 1.1 - install.php installdir Parameter Remote File Inclusion Invision IP.Board 3.3.4 - Unserialize() PHP Code Execution (Metasploit) Invision Power Board (IP.Board) 3.3.4 - Unserialize() PHP Code Execution (Metasploit) NFR Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit) Novell File Reporter (NFR) Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit) Kerio MailServer 5.6.3 - add_acl Module Overflow Kerio MailServer 5.6.3 add_acl Module - Overflow phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 - pagemaster Module PAGE_id Parameter Cross-Site Scripting phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module - PAGE_id Parameter Cross-Site Scripting IBM System Director - Remote System Level Exploit IBM System Director Agent - Remote System Level Exploit Tectia SSH - USERAUTH Change Request Password Reset (Metasploit) (SSH.com Communications) SSH Tectia - USERAUTH Change Request Password Reset (Metasploit) Oracle MySQL for Microsoft Windows - MOF Execution (Metasploit) Oracle MySQL (Windows) - MOF Execution (Metasploit) CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1) CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2) GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1) GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2) IWConfig - Local ARGV Command Line Buffer Overflow (1) IWConfig - Local ARGV Command Line Buffer Overflow (2) IWConfig - Local ARGV Command Line Buffer Overflow (3) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (1) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (2) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (3) Novell File Reporter Agent - XML Parsing Remote Code Execution Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (1) RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (2) RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (1) RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (2) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4) Alan Ward A-Cart 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Nagios - history.cgi Remote Command Execution Nagios3 - history.cgi Remote Command Execution phpshop 2.0 - SQL Injection phpShop 2.0 - SQL Injection Freesshd - Authentication Bypass (Metasploit) FreeSSHD - Authentication Bypass (Metasploit) RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Open Proxy Relay RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Arbitrary File Access RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Open Proxy Relay RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Arbitrary File Access SLMail 5.5 - POP3 PASS Remote Buffer Overflow SLMail 5.5 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow AT-TFTP Server 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Microsoft Windows Light HTTPD 0.1 - Buffer Overflow Light HTTPD 0.1 (Windows) - Buffer Overflow MSN Messenger 6.2.0137 - '.png' Buffer Overflow Microsoft MSN Messenger 6.2.0137 - '.png' Buffer Overflow Smail-3 - Multiple Remote and Local Vulnerabilities Smail 3 - Multiple Remote and Local Vulnerabilities Cisco Linksys E4200 Firmware - Multiple Vulnerabilities Cisco Linksys E4200 - Multiple Vulnerabilities Salim Gasmi GLD 1.x - Postfix Greylisting Daemon Buffer Overflow Salim Gasmi GLD (Greylisting Daemon) 1.x - Postfix Greylisting Daemon Buffer Overflow Claroline 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection Claroline E-Learning 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline E-Learning 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection PHPCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection phpCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection NPDS 4.8 - /5.0 admin.php language Parameter Cross-Site Scripting NPDS 4.8 - /5.0 powerpack_f.php language Parameter Cross-Site Scripting NPDS 4.8 - /5.0 sdv_infos.php sitename Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - admin.php language Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - powerpack_f.php language Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - sdv_infos.php sitename Parameter Cross-Site Scripting NPDS 4.8 - /5.0 reviews.php title Parameter Cross-Site Scripting NPDS 4.8 - /5.0 reply.php image_subject Parameter Cross-Site Scripting NPDS 4.8 - /5.0 Glossaire Module terme Parameter SQL Injection NPDS 4.8 - /5.0 links.php Query Parameter SQL Injection NPDS 4.8 - /5.0 faq.php categories Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - reviews.php title Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - reply.php image_subject Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - Glossaire Module terme Parameter SQL Injection NPDS 4.8 < 5.0 - links.php Query Parameter SQL Injection NPDS 4.8 < 5.0 - faq.php categories Parameter Cross-Site Scripting SlimServe httpd 1.0/1.1 - Directory Traversal WhitSoft SlimServe httpd 1.0/1.1 - Directory Traversal Quick TFTP Server 2.2 - Denial of Service Quick TFTP Server Pro 2.2 - Denial of Service aeNovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection XMB 1.9.3 - u2u.php Cross-Site Scripting XMB Forum 1.9.3 - u2u.php Cross-Site Scripting PHPAlbum 0.2.3/4.1 - Local File Inclusion PHP Photo Album 0.2.3/4.1 - Local File Inclusion Zoom X4/X5 ADSL Modem - Multiple Vulnerabilities Zoom Telephonics X4/X5 ADSL Modem - Multiple Vulnerabilities BlazeDVD Pro player 6.1 - Stack Based Buffer Overflow (Direct Ret) BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct Ret) NetBSD mail.local - Privilege Escalation (Metasploit) NetBSD mail.local(8) - Privilege Escalation (Metasploit) PCMAN FTP 2.07 - PASS Command Buffer Overflow PCMan FTP Server 2.07 - PASS Command Buffer Overflow PCMAN FTP 2.07 - STOR Command Buffer Overflow PCMan FTP Server 2.07 - STOR Command Buffer Overflow EImagePro - - subList.asp CatID Parameter SQL Injection EImagePro - subList.asp CatID Parameter SQL Injection OZJournals 1.2 - Vname Parameter Cross-Site Scripting OZJournals 1.2 - 'Vname' Parameter Cross-Site Scripting SoftBiz Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBiz Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBiz Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBiz Dating Script 1.0 - news_desc.php id Parameter SQL Injection SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection OZJournals 1.5 - Multiple Input Validation Vulnerabilities Baby FTP server 1.24 - Denial of Service PCMAN FTP 2.07 - STOR Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit) Sophos Web Protection Appliance sblistpack - Arbitrary Command Execution (Metasploit) Sophos Web Protection Appliance - 'sblistpack' Arbitrary Command Execution (Metasploit) Festalon 0.5 - '.HES' Files Remote Heap Buffer Overflow Festalon 0.5 - '.HES' Remote Heap Buffer Overflow EZContents 2.0. - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion EZContents 2.0 - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion Google Earth 4.0.2091 (Beta) - KML/KMZ Files Buffer Overflow Google Earth 4.0.2091 (Beta) - '.KML'/'.KMZ' Buffer Overflow A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk Denial of Service Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service Microsoft Windows NDPROXY - Local SYSTEM Privilege Escalation (MS14-002) Microsoft Windows - 'NDPROXY' Local SYSTEM Privilege Escalation (MS14-002) Fish - Multiple Remote Buffer Overflow Vulnerabilities FiSH-irssi - Multiple Remote Buffer Overflow Vulnerabilities Microsoft Windows XP/2000 - 'WinMM.dll' .WAV Files Remote Denial of Service Microsoft Windows XP/2000 - 'WinMM.dll' / '.WAV' Remote Denial of Service Comersus Cart 7.0.7 Cart - comersus_message.asp redirectUrl Cross-Site Scripting Comersus Cart 7.0.7 - comersus_message.asp redirectUrl Cross-Site Scripting LanDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow SAP DB 7.x - Web Server WAHTTP.exe Multiple Buffer Overflow Vulnerabilities SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities Lanius CMS 1.2.14 - FAQ Module mid Parameter SQL Injection Lanius CMS 1.2.14 - EZSHOPINGCART Module cid Parameter SQL Injection Lanius CMS 1.2.14 FAQ Module - 'mid' Parameter SQL Injection Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' Parameter SQL Injection Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal SafeNet Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal Thomson SpeedTouch 2030 - SIP Invite Message Remote Denial of Service Thomson SpeedTouch ST 2030 (SIP Phone) - SIP Invite Message Remote Denial of Service Uebimiau 2.7.x - 'index.php' Cross-Site Scripting Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting Seagate BlackArmor - Root Exploit Seagate BlackArmor NAS - Root Exploit Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering Apple Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering PCMAN FTP 2.07 - ABOR Command Buffer Overflow PCMAN FTP 2.07 - CWD Command Buffer Overflow PCMan FTP Server 2.07 - ABOR Command Buffer Overflow PCMan FTP Server 2.07 - CWD Command Buffer Overflow HP OpenView Network Node Manager 7.x - (OV NNM) OpenView5.exe Action Parameter Traversal Arbitrary File Access HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access amfphp 1.2 - browser/details class Parameter Cross-Site Scripting amfPHP 1.2 - browser/details class Parameter Cross-Site Scripting PCMAN FTP 2.07 - Buffer Overflow PCMan FTP Server 2.07 - Buffer Overflow Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit Ultra Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit SAFARI Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities Apple Safari Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities Novell Groupwise Messenger 2.0 - Client Buffer Overflow Novell Groupwise Messenger 2.0 Client - Buffer Overflow Meeting Room Booking System - (MRBS) 1.2.6 day.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 week.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 month.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - day.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - week.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - month.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 report.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 help.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - report.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - help.php area Parameter Cross-Site Scripting Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities Oracle VM VirtualBox 3D Acceleration - Multiple Vulnerabilities OpenNms 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNms 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNms 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNms 1.5.x - HTTP Response Splitting OpenNMS 1.5.x - HTTP Response Splitting Lynx 2.8 - '.mailcap' and '.mime.type' Files Local Code Execution Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution Zeeways SHAADICLONE 2.0 - 'admin/home.php' Authentication Bypass Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass Pilot Group PG Roommate - SQL Injection Pilot Group PG Roommate Finder Solution - SQL Injection OpenSSL TLS Heartbeat Extension - Memory Disclosure OpenSSL TLS Heartbeat Extension - ''Heartbleed' Memory Disclosure OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions) OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS versions) Heartbleed OpenSSL - Information Leak Exploit (1) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (1) IBM Director 5.20 - CIM Server Privilege Escalation IBM System Director Agent 5.20 - CIM Server Privilege Escalation Heartbleed OpenSSL - Information Leak Exploit (2) DTLS Support OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (2) (DTLS Support) Kolibri 2.0 - GET Request Stack Buffer Overflow Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow Easy Chat Server 3.1 - Stack Buffer Overflow EFS Easy Chat Server 3.1 - Stack Buffer Overflow Sphider 1.3.6 - Multiple Vulnerabilities Sphider Search Engine 1.3.6 - Multiple Vulnerabilities Kolibri WebServer 2.0 - GET Request SEH Exploit Kolibri Web Server 2.0 - GET Request SEH Exploit MQAC.sys - Arbitrary Write Privilege Escalation (Metasploit) Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) VirtualBox - 3D Acceleration Virtual Machine Escape (Metasploit) VirtualBox Guest Additions - 'VBoxGuest.sys' Privilege Escalation (Metasploit) Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit) Oracle VM VirtualBox Guest Additions 4.3.10r93012 - 'VBoxGuest.sys' Privilege Escalation (Metasploit) Impact Software Ad Peeps - Cross-Site Scripting / HTML Injection Impact Software AdPeeps - Cross-Site Scripting / HTML Injection PPScript - 'shop.htm' SQL Injection Payment Processor Script (PPScript) - 'shop.htm' SQL Injection ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution Microsoft Windows OLE - Remote Code Execution 'Sandworm' Exploit (MS14-060) Microsoft Windows - OLE Remote Code Execution 'Sandworm' Exploit (MS14-060) Eclipse 3.3.2 IDE Help Server - help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting Eclipse 3.3.2 IDE - Help Server help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting TaskFreak 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting TaskFreak 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting TaskFreak 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting TaskFreak! 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting TaskFreak! 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting TaskFreak! 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting WordPress Plugin Wp Symposium 14.11 - Unauthenticated Arbitrary File Upload WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload Pandora 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) Pandora FMS 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) Oracle MySQL for Microsoft Windows - FILE Privilege Abuse (Metasploit) Oracle MySQL (Windows) - FILE Privilege Abuse (Metasploit) Exim ESMTP 4.80 glibc gethostbyname - Denial of Service Exim ESMTP 4.80 - glibc gethostbyname Denial of Service Support Incident Tracker - (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection Support Incident Tracker (SiT!) 3.63 p1 - search.php search_string Parameter SQL Injection alitbang CMS 3.3 - alumni.php hal Parameter SQL Injection Balitbang CMS 3.3 - alumni.php hal Parameter SQL Injection HP Network Node Manager i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting Publish-It - PUI Buffer Overflow (SEH) Publish-It - '.PUI' Buffer Overflow (SEH) WordPress Plugin WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin) WordPress Plugin Marketplace 2.4.0 - Remote Code Execution (Add Admin) Yaws 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Yaws-Wiki 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities abrt (Fedora 21) - Race Condition Abrt (Fedora 21) - Race Condition Webgate WESP SDK 1.2 - ChangePassword Stack Overflow WebGate WESP SDK 1.2 - ChangePassword Stack Overflow Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Oracle - Outside-In DOCX File Parsing Memory Corruption Oracle - Outside-In '.DOCX' File Parsing Memory Corruption iTunes 10.6.1.7 - '.pls' Title Buffer Overflow Apple iTunes 10.6.1.7 - '.pls' Title Buffer Overflow WordPress Plugin Leaflet Maps Marker 0.0.1 for - leaflet_marker.php id Parameter Cross-Site Scripting WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_marker.php id Parameter Cross-Site Scripting Microsoft Windows 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Microsoft Windows Server 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Mozilla Firefox < 39.03 - pdf.js Same Origin Policy Exploit Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Exploit Mozilla Firefox - pdf.js Privileged JavaScript Injection (Metasploit) Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit) MiniUPnP - Multiple Denial of Service Vulnerabilities MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities Kaseya Virtual System Administrator - Multiple Vulnerabilities (2) Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2) Safari - User-Assisted Applescript Exec Attack (Metasploit) Apple Safari - User-Assisted Applescript Exec Attack (Metasploit) Acrobat Reader DC 15.008.20082.15957 - PDF Parsing Memory Corruption Acrobat Reader DC 15.008.20082.15957 - '.PDF' Parsing Memory Corruption Dynamic Biz Website Builder - (QuickWeb) 1.0 apps/news-events/newdetail.asp id Parameter SQL Injection Dynamic Biz Website Builder (QuickWeb) 1.0 - apps/news-events/newdetail.asp id Parameter SQL Injection Xangati XSR And XNR - 'gui_input_test.pl' Remote Command Execution Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap Based Out-of-Bounds Read pdfium CPDF_TextObject::CalcPositionData - Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium CPDF_Function::Call - Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Based Buffer Overflow Foxit Reader 7.2.8.1124 - PDF Parsing Memory Corruption Foxit Reader 7.2.8.1124 - '.PDF' Parsing Memory Corruption Netgear ProSafe Network Management System 300 - Arbitrary File Upload (Metasploit) Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit) Novell Service Desk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Novell ServiceDesk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass MiCasa VeraLite - Remote Code Execution MiCasaVerde VeraLite - Remote Code Execution SmallFTPd 1.0.3 - 'mkd' Command Denial of Service SmallFTPd 1.0.3 - 'mkd' Command Denial Of Service GNU GTypist 2.9.5-2 - Local Buffer Overflow uSQLite 1.0.0 - Denial Of Service HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation Joomla 3.4.4 - 3.6.4 - Account Creation / Privilege Escalation CherryTree 0.36.9 - Memory Corruption (PoC)	2016-10-28 05:01:21 +00:00
Offensive Security	102574cb3e	DB: 2016-09-24 5 new exploits EVA-Web 1.1<= 2.2 - (index.php3) Remote File Inclusion EVA-Web 1.1 <= 2.2 - (index.php3) Remote File Inclusion WordPress Plugin Simple Forum 1.10-1.11 - SQL Injection WordPress Plugin Simple Forum 1.10 < 1.11 - SQL Injection Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4<11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) Linux Kernel 2.4.1<2.4.37 / 2.6.1<2.6.32-rc5 - 'pipe.c' Privilege Escalation (3) Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Privilege Escalation (3) Adobe Acrobat Reader 7<9 - U3D Buffer Overflow Adobe Acrobat Reader 7 < 9 - U3D Buffer Overflow Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow (Metasploit) Samba 3.0.21 < 3.0.24 - LSA trans names Heap Overflow (Metasploit) Mozilla Firefox 7 / 8<= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit) Mozilla Firefox 7 / 8 <= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit) Adobe Flash - Crash When Freeing Memory After AVC decoding Adobe Flash - Video Decompression Memory Corruption Linux - SELinux W+X Protection Bypass via AIO Zortam Mp3 Media Studio 21.15 - Insecure File Permissions Privilege Escalation Wise Care 365 4.27 / Wise Disk Cleaner 9.29 - Unquoted Service Path Privilege Escalation Microsoft MSN Messenger 1<4 - Malformed Invite Request Denial of Service Microsoft MSN Messenger 1 < 4 - Malformed Invite Request Denial of Service Kerio Control Unified Threat Management 9.1.0 build 1087_ 9.1.1 build 1324 - Multiple Vulnerabilities Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabilities Check Point VPN-1 SecureClient 4.0/4.1 - Policy Bypass Check Point VPN-1 SecureClient 4.0 < 4.1 - Policy Bypass Microsoft Excel 95<2004 - Malformed Graphic File Code Execution Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution Git-1.9.5 - ssh-agent.exe Buffer Overflow Git 1.9.5 - ssh-agent.exe Buffer Overflow Skybox Platform <=7.0.611 - Multiple Vulnerabilities Skybox Platform <= 7.0.611 - Multiple Vulnerabilities SOLIDserver <=5.0.4 - Local File Inclusion SOLIDserver <= 5.0.4 - Local File Inclusion WordPress Plugin DZS Videogallery <=8.60 - Multiple Vulnerabilities WordPress Plugin DZS Videogallery <= 8.60 - Multiple Vulnerabilities Microsoft Windows 7<10 / Server 2008-2012 (x32/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7<10 / Server 2008-2012 (x32/x64) - Privilege Escalation (MS16-032) (C#) Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#) Microsoft Windows 7<10 / 2008<2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032)	2016-09-24 05:05:07 +00:00
Offensive Security	b8ebed3824	DB: 2016-09-22 6 new exploits Setuid perl - PerlIO_Debug() Root owned file creation Setuid perl - PerlIO_Debug() Root Owned File Creation Privilege Escalation Kaltura 11.1.0-2 - Remote Code Execution (Metasploit) Openswan 2.4.12/2.6.16 - Insecure Temp File Creation Root Exploit Openswan 2.4.12/2.6.16 - Insecure Temp File Creation Privilege Escalation Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4<11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Root Exploit (5) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4<11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Root Exploit (1) Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1) VideoCache 1.9.2 - vccleaner Root VideoCache 1.9.2 - 'vccleaner' Privilege Escalation UK One Media CMS - 'id' Error Based SQL Injection UK One Media CMS - 'id' Error-Based SQL Injection xt:Commerce Gambio 2008 < 2010 - 'reviews.php' ERROR Based SQL Injection xt:Commerce Gambio 2008 < 2010 - 'reviews.php' Error-Based SQL Injection Axis2 - / SAP BusinessObjects Authenticated Code Execution (via SOAP) Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP) Ultimate eShop - Error Based SQL Injection Ultimate eShop - Error-Based SQL Injection WordPress Plugin Multiple - timthumb.php Vulnerabilities Multiple WordPress Plugins - timthumb.php File Upload Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Slackware Linux 3.5 - /etc/group missing results in Root access Slackware Linux 3.5 - /etc/group Missing Privilege Escalation Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service Sudo 1.6.3 - Unclean Environment Variable Root Program Execution Sudo 1.6.3 - Unclean Environment Variable Privilege Escalation Linux Kernel 2.0.x/2.2.x/2.4.x / FreeBSD 4.x - Network Device Driver Frame Padding Information Disclosure Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure Microsoft Office PowerPoint 2010 - Invalid Pointer Reference Symantec rar Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write sudo 1.8.0 < 1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURemote Code Execution Bypass sudo 1.8.0 < 1.8.3p1 (sudo_debug) - Privilege Escalation + glibc FORTIFY_SOURCE Bypass Microweber 0.905 - Error Based SQL Injection Microweber 0.905 - Error-Based SQL Injection WordPress Theme TimThumb 2.8.13 WebShot Plugin/ - Remote Code Execution Multiple WordPress Plugins (Using TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution	2016-09-22 05:06:28 +00:00
Offensive Security	d36011b4f9	DB: 2016-09-07 3 new exploits Too many to list!	2016-09-07 05:09:19 +00:00
Offensive Security	5e2fc10125	DB: 2016-09-03	2016-09-03 13:13:25 +00:00
Offensive Security	31a21bb68d	DB: 2016-09-03 14 new exploits Too many to list!	2016-09-03 05:08:42 +00:00
Offensive Security	1f0c845486	DB: 2016-08-31 3 new exploits Too many to list!	2016-08-31 05:07:37 +00:00
Offensive Security	6be90e9280	DB: 2016-08-24 5 new exploits Too many to list!	2016-08-24 05:06:46 +00:00
Offensive Security	832f9cf8b5	DB: 2016-08-11 10 new exploits Nagios Network Analyzer 2.2.1 - Multiple CSRF Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes) Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes) Microsoft Office Word 2007_2010_2013_2016 - Out-of-Bounds Read Remote Code Execution (MS16-099) vBulletin 5.2.2 - Preauth Server Side Request Forgery (SSRF) EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation EyeLock nano NXT 3.5 - Local File Disclosure EyeLock nano NXT 3.5 - Remote Root Exploit WebNMS Framework Server 5.2 and 5.2 SP1 - Multiple Vulnerabilities SAP SAPCAR - Multiple Vulnerabilities	2016-08-11 05:08:59 +00:00
Offensive Security	d1e88dd6d0	DB: 2016-07-30	2016-07-30 07:05:01 +00:00
Offensive Security	2a57bee5c6	DB: 2016-07-25 12 new exploits Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation Exploit Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes) Linux/x86 - execve shellcode null byte free (Generator) Linux/x86 - execve Null Free shellcode (Generator) Linux/x86 - cmd shellcode null free (Generator) Linux/x86 - cmd Null Free shellcode (Generator) iOS - Version-independent shellcode Linux/x86-64 - bindshell port:4444 shellcode (132 bytes) Linux/x86-64 - bindshell port 4444 shellcode (132 bytes) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free shellcode (39 bytes) Windows 5.0 < 7.0 x86 - null-free bindshell shellcode Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 shellcode Win32 - telnetbind by Winexec shellcode (111 bytes) Win32 - telnetbind by Winexec 23 port shellcode (111 bytes) Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes) Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes) Windows XP Pro SP2 English - _Message-Box_ Shellcode Null-Free (16 bytes) Windows XP Pro SP2 English - _Wordpad_ Shellcode Null Free (12 bytes) Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes) Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes) Linux/x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes) Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes) Win32 - Add new local administrator shellcode _secuid0_ (326 bytes) Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes) ARM - Bindshell port 0x1337shellcode ARM - Bindshell port 0x1337 shellcode Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite Linux Kernel <= 2.4.0 - Stack Infoleaks bsd/x86 - connect back Shellcode (81 bytes) FreeBSD/x86 - connect back Shellcode (81 bytes) Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Privilege Boundary Crossing Local Root Exploit Linux Kernel 2.0 / 2.1 - SIGIO Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process Linux Kernel 2.2 - 'ldd core' Force Reboot Debian 2.1_ Linux Kernel 2.0.x_ RedHat 5.2 - Packet Length with Options Linux Kernel 2.0.x (Debian 2.1 / RedHat 5.2) - Packet Length with Options Linux Kernel 2.2.x - Non-Readable File Ptrace Linux Kernel 2.2.x - Non-Readable File Ptrace Local Information Leak OS X 10.x_ FreeBSD 4.x_OpenBSD 2.x_Solaris 2.5/2.6/7.0/8 exec C Library Standard I/O File Descriptor Closure OS X 10.x_ FreeBSD 4.x_ OpenBSD 2.x_ Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (1) Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (2) Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (1) Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (2) Linux Kernel 2.4 - suid execve() System Call Race Condition PoC Linux Kernel 2.4 - suid execve() System Call Race Condition Executable File Read Proof of Concept Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read Linux Kernel <= 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure Microsoft Internet Explorer 6.0_ Firefox 0.x_Netscape 7.x - IMG Tag Multiple Vulnerabilities Microsoft Internet Explorer 6.0 / Firefox 0.x / Netscape 7.x - IMG Tag Multiple Vulnerabilities Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1) Linux/x86 - Reverse TCP Bind Shellcode (92 bytes) Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes) Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password) Linux/x86 - TCP Bind Shel shellcode l (96 bytes) Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes) Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Privilege Escalation Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes) OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes) OS-X/x86-64 - /bin/sh Null Free Shellcode (34 bytes) Mainframe/System Z - Bind Shell shellcode (2488 bytes) Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes) OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes) OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes) Ubuntu Apport - Local Privilege Escalation Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation Linux/x86-64 - Bindshell with Password shellcode (92 bytes) Linux/x86-64 - Bindshell 31173 port with Password shellcode (92 bytes) Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator) Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator) Linux/x86-64 - bind TCP port shellcode (103 bytes) Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes) Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes) Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes) Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes) Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes) Linux Kernel 3.10_ 3.18 + 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption Linux Kernel 3.10 / 3.18 / 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption Windows - Null-Free Shellcode Primitive Keylogger to File (431 (0x01AF) bytes) Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes) Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow) Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow) Windows - Null-Free Shellcode Functional Keylogger to File (601 (0x0259) bytes) Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes) Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes) Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes) Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes) Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes) Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes) Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)	2016-07-25 05:06:19 +00:00
Offensive Security	be496c36bc	DB: 2016-07-23 3 new exploits Mandrake Linux 8.2 - /usr/mail Local Exploit /usr/mail (Mandrake Linux 8.2) - Local Exploit Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3) Linux Kernel 2.2 - (TCP/IP Weakness) Exploit Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Exploit CDRecord's ReadCD - Local Root Privileges CDRecord's ReadCD - Local Root Exploit NetBSD FTPd / tnftpd Remote Stack Overflow PoC NetBSD FTPd / Tnftpd - Remote Stack Overflow PoC Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit (1) Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' ring0 Root Exploit (1) Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (1) Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1) SimpNews 2.16.2 and Below Multiple SQL Injection Vulnerabilities SimpNews <= 2.16.2 - Multiple SQL Injection Vulnerabilities NetBSD 5.0 and below Hack GENOCIDE Environment Overflow proof of concept NetBSD 5.0 and below Hack PATH Environment Overflow proof of concept NetBSD <= 5.0 - Hack GENOCIDE Environment Overflow proof of concept NetBSD <= 5.0 - Hack PATH Environment Overflow proof of concept Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (2) Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2) Linux Kernel < 2.6.34 (Ubuntu 10.10) - CAP_SYS_ADMIN x86 Local Privilege Escalation Exploit (1) Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (1) Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2) Linux Kernel < 2.6.34 (Ubuntu 10.10 x86/x64) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (2) Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Info Leak Exploit Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Information Leak Exploit NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1) NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1) - Exploit NetBSD <= 1.4_OpenBSD <= 2.5_Solaris <= 7.0 profil(2) NetBSD <= 1.4 / OpenBSD <= 2.5 /Solaris <= 7.0 profil(2) - Exploit FreeBSD 3.4/4.0/5.0_NetBSD 1.4 Unaligned IP Option Denial of Service FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service FreeBSD 2.2-4.2_NetBSD 1.2-4.5_OpenBSD 2.x ftpd glob() Buffer Overflow FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - glob() Buffer Overflow NetBSD 1.x TalkD User Validation NetBSD 1.x TalkD - User Validation FreeBSD 4.x_NetBSD 1.4.x/1.5.x/1.6_OpenBSD 3 pppd Arbitrary File Permission Modification Race Condition FreeBSD 4.x / NetBSD 1.4.x/1.5.x/1.6 / OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition Linux Kernel 2.4 - execve() System Call Race Condition PoC Linux Kernel 2.4 - suid execve() System Call Race Condition PoC Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC (1) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1) Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit (2) Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Local Root Exploit (2) NetBSD 3.1 Ftpd and Tnftpd Port Remote Buffer Overflow NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow OpenBSD 4.6 and NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.0/1/2 x64) - perf_swevent_init Local Root Exploit (3) Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3) Mozilla Firefox SeaMonkey <= 3.6.10 and Thunderbird <= 3.1.4 - 'document.write' Memory Corruption Mozilla Firefox SeaMonkey <= 3.6.10 / Thunderbird <= 3.1.4 - 'document.write' Memory Corruption Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities Linux Kernel <= 3.14.5 (RHEL/CentOS 7) - libfutex Local Root Linux Kernel <= 3.14.5 (RHEL / CentOS 7) - 'libfutex' Local Root Exploit NetBSD 5.1 Multiple 'libc/net' Functions Stack Buffer Overflow NetBSD 5.1 - Multiple 'libc/net' Functions Stack Buffer Overflow VSAT Sailor 900 - Remote Exploit Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept) Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - rootpipe Local Privilege Escalation Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation Apple OS X Entitlements Rootpipe Privilege Escalation Apple OS X Entitlements - 'Rootpipe' Privilege Escalation OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes) OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes) OS X Install.framework suid root Runner Binary Privilege Escalation OS X Install.framework - suid root Runner Binary Privilege Escalation Linux/MIPS Kernel 2.6.36 NetUSB - Remote Code Execution Exploit Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution Exploit Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes) Linux/x86-64 - bindshell (Port 5600) shellcode (81 bytes) Linux Kernel 4.4.x (Ubuntu 16.04) - double-fdput() in bpf(BPF_PROG_LOAD) Local Root Exploit Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Local Root Exploit Exim 4 (Debian/Ubuntu) - Spool Local Root Privilege Escalation Exim 4 (Debian / Ubuntu) - Spool Local Privilege Escalation Windows 7-10 and 2k8-2k12 x86/x64 - Secondary Logon Handle Privilege Escalation (MS16-032) Windows 7-10 and 2008-2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) Internet Explorer 11 (on Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051) Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051) Linux/x86-64 - Syscall Persistent Bind Shell + (Multi-terminal) + Password + Daemon (83_ 148_ 177 bytes) Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes) mail.local(8) (NetBSD) - Local Root Exploit (NetBSD-SA2016-006) Apache 2.4.7 & PHP <= 7.0.2 - openssl_seal() Uninitialized Memory Code Execution	2016-07-23 05:07:15 +00:00
Offensive Security	789febc361	DB: 2016-07-22 4 new exploits Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (1) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (2) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit (3) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Proof of Concept (2) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Validator (Proof of Concept) (1) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit (1) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Root Exploit (2) Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Elevation (1) Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Escalation (1) Linux Kernel 2.4 - 'uselib()' Privilege Elevation Exploit (2) Linux Kernel 2.4 - 'uselib()' Privilege Escalation Exploit (2) Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Local Root Exploit TFTP Server 1.4 - ST Buffer Overflow Exploit (0Day) TFTP Server 1.4 - ST Buffer Overflow Exploit Linux Kernel < 2.6.22 - ftruncate()/open() Local Exploit Linux Kernel < 2.6.22 - ftruncate()/open() Local Root Exploit MuPDF pdf_shade4.c Multiple Stack-Based Buffer Overflows MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack-Based Buffer Overflows (Linux Kernel <= 2.6.34-rc3) ReiserFS xattr (Redhat/Ubuntu 9.10) - Privilege Escalation ReiserFS xattr (Linux Kernel <= 2.6.34-rc3) (Redhat / Ubuntu 9.10) - Privilege Escalation Microsoft ASN.1 Library Bitstring Heap Overflow Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007) Linux Kernel 2.0 / 2.1 / 2.2 - autofs Linux Kernel 2.2 - ldd core Force Reboot Linux Kernel 2.2 - 'ldd core' Force Reboot OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1) OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2) OpenSSH 3.x - Challenge-Response Buffer Overflow Vulnerabilities (1) OpenSSH 3.x - Challenge-Response Buffer Overflow Vulnerabilities (2) Linux Kernel Samba 2.2.8 (Debian/Mandrake) - Share Local Privilege Elevation Linux Kernel Samba 2.2.8 (Debian / Mandrake) - Share Local Privilege Escalation Linux Kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition Local Privilege Escalation (x64) Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Local Privilege Escalation Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow Proof of Concept Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept) Apport/Abrt - Local Root Exploit Apport/Abrt (Ubuntu / Fedora) - Local Root Exploit Ubuntu usb-creator 0.2.x - Local Privilege Escalation usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Local Privilege Escalation Apport/Ubuntu - Local Root Race Condition Apport (Ubuntu 14.04/14.10/15.04) - Local Root Race Condition Linux Kernel 4.4.0-2 (Ubuntu 16.04) - netfilter target_offset OOB Local Root Exploit Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - netfilter target_offset OOB Local Root Exploit TFTP Server 1.4 - WRQ Buffer Overflow Exploit (Egghunter) Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes) TeamPass Passwords Management System 2.1.26 - Arbitrary File Download	2016-07-22 05:05:29 +00:00
Offensive Security	76bc268c80	DB: 2016-07-11	2016-07-11 05:06:57 +00:00

1 2 3 4 5

216 commits