bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1255 commits 1 branch 0 tags 292 MiB
Commit graph

32 commits

Author SHA1 Message Date
Offensive Security
574c0f2df8 DB: 2017-01-10 
5 new exploits

DirectAdmin 1.50.1 - Denial of Service

Joomla! Component 'com_menu' - SQL Injection
Joomla! Component com_menu - SQL Injection
Joomla! Component 'com_pcchess' - Local File Inclusion
Joomla! Component 'com_huruhelpdesk' - SQL Injection
Joomla! Component com_pcchess - Local File Inclusion
Joomla! Component huruhelpdesk - SQL Injection

Joomla! Component 'com_ca' - SQL Injection
Joomla! Component com_ca - SQL Injection

Joomla! Component 'com_education_classess' - SQL Injection
Joomla! Component education - SQL Injection

Joomla! Component 'com_Flashgames' - Local File Inclusion
Joomla! Component FlashGames 1.5.0 - Local File Inclusion
Joomla! Component 'com_cvmaker' - Local File Inclusion
Joomla! Component 'com_myfiles' - Local File Inclusion
Joomla! Component CV Maker 1.0 - Local File Inclusion
Joomla! Component My Files 1.0 - Local File Inclusion
Joomla! Component 'com_joommail' - Local File Inclusion
Joomla! Component 'com_memory' - Local File Inclusion
Joomla! Component JoomMail 1.0 - Local File Inclusion
Joomla! Component Memory Book 1.2 - Local File Inclusion

Joomla! Component 'com_diary' - Local File Inclusion
Joomla! Component Digital Diary 1.5.0 - Local File Inclusion

Joomla! Component 'com_jdrugstopics' - SQL Injection
Joomla! Component com_jdrugstopics - SQL Injection

Joomla! Component 'com_flexicontent' - Local File
Joomla! Component FLEXIcontent 1.5 - Local File Inclusion

Joomla! Component 'com_delicious' - Local File Inclusion
Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion

Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection
Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection

Joomla! Component 'com_pandafminigames' - SQL Injection
Joomla! Component com_pandafminigames - SQL Injection

Joomla! Component 'com_caddy' - Exploit
Joomla! Component com_caddy - Exploit

Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload
Joomla! Component com_jesectionfinder - Arbitrary File Upload

Joomla! Component 'com_camp' - SQL Injection
Joomla! Component com_camp - SQL Injection
Joomla! Component 'com_crowdsource' - SQL Injection
Joomla! Component 'com_event' - Multiple Vulnerabilities
Joomla! Component com_crowdsource - SQL Injection
Joomla! Component com_event - Multiple Vulnerabilities

Joomla! Component 'com_event' - SQL Injection
Joomla! Component com_event - SQL Injection

Joomla! Component 'com_packages' - SQL Injection
Joomla! Component com_packages - SQL Injection

Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection
Joomla! Component JE Poll - 'pollid' Parameter SQL Injection
Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection
Joomla! Component 'com_chronocontact' - Blind SQL Injection
Joomla! Component ChronoConnectivity - Blind SQL Injection
Joomla! Component ChronoForms - Blind SQL Injection

Joomla! Component 'com_lead' - SQL Injection
Joomla! Component com_lead - SQL Injection

Joomla! Component 'com_cinema' - SQL Injection
Joomla! Component cinema - SQL Injection
Joomla! Component 'com_jstore' - SQL Injection
Joomla! Component 'com_jtickets' - SQL Injection
Joomla! Component 'com_jcommunity' - SQL Injection
Joomla! Component 'com_jmarket' - SQL Injection
Joomla! Component 'com_jsubscription' - SQL Injection
Joomla! Component com_jstore - SQL Injection
Joomla! Component com_jtickets - SQL Injection
Joomla! Component com_jcommunity - SQL Injection
Joomla! Component com_jmarket - SQL Injection
Joomla! Component com_jsubscription - SQL Injection

Joomla! Component 'com_jnewsletter' - SQL Injection
Joomla! Component com_jnewsletter - SQL Injection

Joomla! Component 'com_joomdocs' - Cross-Site Scripting
Joomla! Component com_joomdocs - Cross-Site Scripting
Joomla! Component 'com_community' - Persistent Cross-Site Scripting
Joomla! Component 'com_jomestate' - Remote File Inclusion
Joomla! Component com_community - Persistent Cross-Site Scripting
Joomla! Component com_jomestate - Remote File Inclusion

Joomla! Component 'com_jejob' - Local File Inclusion
Joomla! Component com_jejob - Local File Inclusion

Joomla! Component 'com_dateconverter' 0.1 - SQL Injection
Joomla! Component com_dateconverter 0.1 - SQL Injection

Joomla! Component 'com_phocagallery' - SQL Injection
Joomla! Component Phoca Gallery 2.7.3 - SQL Injection

Joomla! Component 'com_jpodium' - SQL Injection
Joomla! Component JPodium 2.7.3 - SQL Injection

Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection
Joomla! Component com_jomtube - 'user_id' Parameter Blind SQL Injection
Joomla! Component 'com_myhome' - Blind SQL Injection
Joomla! Component 'com_mysms' - Arbitrary File Upload
Joomla! Component MyHome - Blind SQL Injection
Joomla! Component MySMS - Arbitrary File Upload

Joomla! Component 'com_iproperty' - SQL Injection
Joomla! Component com_iproperty - SQL Injection

Joomla! Component 'com_itarmory' - SQL Injection
Joomla! Component com_itarmory - SQL Injection

Joomla! Component 'com_neorecruit' 1.4 - SQL Injection
Joomla! Component NeoRecruit 1.4 - SQL Injection

Joomla! Component 'com_equipment' - SQL Injection
Joomla! Component com_equipment - SQL Injection
Joomla! Component 'com_Fabrik' - SQL Injection
Joomla! Component 'com_extcalendar' - Blind SQL Injection
Joomla! Component Fabrik - SQL Injection
Joomla! Component com_extcalendar - Blind SQL Injection

Joomla! Component 'com_jejob' - SQL Injection
Joomla! Component JE Job - SQL Injection

Joomla! Component 'com_jfuploader' < 2.12 - Arbitrary File Upload
Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload
Joomla! Component 'com_connect' - Local File Inclusion
Joomla! Component 'com_dcnews' - Local File Inclusion
Joomla! Component com_connect - Local File Inclusion
Joomla! Component com_dcnews - Local File Inclusion

Joomla! Component 'com_clan' - SQL Injection
Joomla! Component com_clan - SQL Injection

Joomla! Component 'com_clanlist' - SQL Injection
Joomla! Component com_clanlist - SQL Injection
Joomla! Component 'com_markt' - SQL Injection
Joomla! Component 'com_img' - Local File Inclusion
Joomla! Component com_markt - SQL Injection
Joomla! Component com_img - Local File Inclusion

Joomla! Component 'com_ccboard' 1.2-RC - Multiple Vulnerabilities
Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities

Joomla! Component 'com_maianmedia' - SQL Injection
Joomla! Component com_maianmedia - SQL Injection

Joomla! Component 'com_idoblog' - SQL Injection
Joomla! Component com_idoblog - SQL Injection

Joomla! Component 'com_people' 1.0.0 - SQL Injection
Joomla! Component People 1.0.0 - SQL Injection

Joomla! Component 'com_people' 1.0.0 - Local File Inclusion
Joomla! Component com_people 1.0.0 - Local File Inclusion

Joomla! Component 'com_jce' - Blind SQL Injection
Joomla! Component joomlacontenteditor - Blind SQL Injection

Joomla! Component 'com_hello' - SQL Injection
Joomla! Component com_hello - SQL Injection

Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload
Joomla! Component jDownloads 1.0 - Arbitrary File Upload

Joomla! Component 'com_jesubmit' - Local File Inclusion
Joomla! Component JE Story Submit - Local File Inclusion

Joomla! Component 'com_obSuggest' - Local File Inclusion
Joomla! Component obSuggest - Local File Inclusion

Joomla! Component 'com_jdirectory' - SQL Injection
Joomla! Component com_jdirectory - SQL Injection

Joomla! Component 'com_esearch' - SQL Injection
Joomla! Component Search 3.0.0 - SQL Injection

Joomla! Component 'com_joomtouch' - Local File Inclusion
Joomla! Component JoomTouch 1.0.2 - Local File Inclusion

Joomla! Component 'com_jce' 2.0.10 - Multiple Vulnerabilities
Joomla! Component joomlacontenteditor 2.0.10 - Multiple Vulnerabilities

Joomla! Component 'com_horses' - 'id' Parameter SQL Injection
Joomla! Component com_horses - 'id' Parameter SQL Injection

Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion
Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion

Joomla! Component 'com_jigsaw' - 'Controller' Parameter Directory Traversal
Joomla! Component com_jigsaw - 'Controller' Parameter Directory Traversal

Joomla! Component 'com_fireboard' - 'Itemid' Parameter SQL Injection
Joomla! Component com_fireboard - 'Itemid' Parameter SQL Injection

Joomla! Component 'com_dirfrm' - Multiple SQL Injections
Joomla! Component com_dirfrm - Multiple SQL Injections

Joomla! Component 'com_catalogue' - SQL Injection / Local File Inclusion
Joomla! Component Catalogue - SQL Injection / Local File Inclusion
Joomla! Component 'com_jeformcr' - 'id' Parameter SQL Injection
Joomla! Component 'com_jesectionfinder' - 'sf_id' Parameter SQL Injection
Joomla! Component Jeformcr - 'id' Parameter SQL Injection
Joomla! Component JExtensions Property Finder - 'sf_id' Parameter SQL Injection

Joomla! Component 'com_mailto' - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities

Joomla! Component 'com_classified' - SQL Injection
Joomla! Component Classified - SQL Injection

Joomla! Component 'com_frontenduseraccess' - Local File Inclusion
Joomla! Component com_frontenduseraccess - Local File Inclusion

Joomla! Component 'com_clan_members' - 'id' Parameter SQL Injection
Joomla! Component com_clan_members - 'id' Parameter SQL Injection

Joomla! Component 'com_phocadownload' - Local File Inclusion
Joomla! Component com_phocadownload - Local File Inclusion

Joomla! Component 'com_cbcontact' - 'contact_id' Parameter SQL Injection
Joomla! Component com_cbcontact - 'contact_id' Parameter SQL Injection

Joomla! Component 'com_maplocator' - 'cid' Parameter SQL Injection
Joomla! Component Map Locator - 'cid' Parameter SQL Injection

Joomla! Component 'com_ccboard' - SQL Injection / Arbitrary File Upload
Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload

Joomla! Component 'com_morfeoshow' - 'idm' Parameter SQL Injection
Joomla! Component com_morfeoshow - 'idm' Parameter SQL Injection

Joomla! Component 'com_jr_tfb' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_jr_tfb - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_foto' - 'id_categoria' Parameter SQL Injection
Joomla! Component 'com_juicy' - 'picId' Parameter SQL Injection
Joomla! Component 'com_hospital' - SQL Injection
Joomla! Component 'com_controller' - 'Itemid' Parameter SQL Injection
Joomla! Component Foto - 'id_categoria' Parameter SQL Injection
Joomla! Component Juicy Gallery - 'picId' Parameter SQL Injection
Joomla! Component com_hospital - SQL Injection
Joomla! Component Controller - 'Itemid' Parameter SQL Injection

Joomla! Component 'com_newssearch' - SQL Injection
Joomla! Component com_newssearch - SQL Injection

Joomla! Component 'com_community' - 'userid' Parameter SQL Injection
Joomla! Component com_community - 'userid' Parameter SQL Injection

Joomla! Component 'com_biitatemplateshop' - 'groups' Parameter SQL Injection
Joomla! Component Biitatemplateshop - 'groups' Parameter SQL Injection

Joomla! Component 'com_expedition' - 'id' Parameter SQL Injection
Joomla! Component com_expedition - 'id' Parameter SQL Injection

Joomla! Component 'com_br' - 'state_id' Parameter SQL Injection
Joomla! Component com_br - 'state_id' Parameter SQL Injection

Joomla! Component 'com_caproductprices' - 'id' Parameter SQL Injection
Joomla! Component com_caproductprices - 'id' Parameter SQL Injection

Joomla! Component 'com_br' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_br - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_full' - 'id' Parameter SQL Injection
Joomla! Component Full - 'id' Parameter SQL Injection
Joomla! Component 'com_boss' - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_car' - Multiple SQL Injections
Joomla! Component com_boss - 'Controller' Parameter Local File Inclusion
Joomla! Component com_car - Multiple SQL Injections

Joomla! Component 'com_bulkenquery' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_bulkenquery - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_jesubmit' - 'index.php' Arbitrary File Upload
Joomla! Component JE Story Submit - 'index.php' Arbitrary File Upload

Joomla! Component 'com_motor' - 'cid' Parameter SQL Injection
Joomla! Component com_motor - 'cid' Parameter SQL Injection
Joomla! Component 'com_firmy' - 'Id' Parameter SQL Injection
Joomla! Component 'com_crhotels' - 'catid' Parameter SQL Injection
Joomla! Component com_firmy - 'Id' Parameter SQL Injection
Joomla! Component com_crhotels - 'catid' Parameter SQL Injection

Joomla! Component 'com_cmotour' - 'id' Parameter SQL Injection
Joomla! Component com_cmotour - 'id' Parameter SQL Injection

Joomla! Component 'com_bnf' - 'seccion_id' Parameter SQL Injection
Joomla! Component com_bnf - 'seccion_id' Parameter SQL Injection

Joomla! Component 'com_machine' - Multiple SQL Injections
Joomla! Component Machine - Multiple SQL Injections

Joomla! Component 'com_joomsport' - SQL Injection / Arbitrary File Upload
Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload

Joomla! Component 'com_dv' - 'upload.php' Arbitrary File Upload
Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload

Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload
Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload
Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component 'com_jcalpro' - SQL Injection
Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component JCal Pro Calendar - SQL Injection

Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection
Joomla! Component Odudeprofile 2.8 - 'profession' Parameter SQL Injection

Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities
Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities

Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection
Joomla! Component Parcoauto - 'idVeicolo' Parameter SQL Injection

Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection
Joomla! Component JVideoClip 1.5.1 - 'uid' Parameter SQL Injection

Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload
Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload

Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection
Joomla! Component Inneradmission - 'index.php' SQL Injection

Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection
Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection

Joomla! Component 'com_payplans' 3.3.6 - SQL Injection
Joomla! Component com_payplans 3.3.6 - SQL Injection

Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection
Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection

Joomla! Component 'com_bt_media' - SQL Injection
Joomla! Component com_bt_media 1.0 - SQL Injection

Joomla! Component 'com_guru' - SQL Injection
Joomla! Component Guru Pro - SQL Injection

DirectAdmin 1.50.1 - Denial of Service
Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting
My Link Trader 1.1 - Authentication Bypass
My Php Dating 2.0 - 'path' Parameter SQL Injection
My Php Dating 2.0 - 'id' Parameter SQL Injection
 2017-01-10 05:01:19 +00:00
Offensive Security
5e2fc10125 DB: 2016-09-03 2016-09-03 13:13:25 +00:00
Offensive Security
31a21bb68d DB: 2016-09-03 
14 new exploits

Too many to list!
 2016-09-03 05:08:42 +00:00
Offensive Security
3a2154afbd DB: 2016-09-01 
15 new exploits

WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Dislcosure/Arbitrary File Upload
PHP 5.0.0 - snmpwalkoid() Local Denial of Service
PHP 5.0.0 - fbird_[p]connect() Local Denial of Service
PHP 5.0.0 - snmpwalk() Local Denial of Service
PHP 5.0.0 - snmprealwalk() Local Denial of Service
PHP 5.0.0 - snmpset() Local Denial of Service
PHP 7.0 - AppendIterator::append Local Denial of Service
ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation
ZKTeco ZKBioSecurity 3.0 - Hardcoded Credentials Remote SYSTEM Code Execution
ZKTeco ZKBioSecurity 3.0 - (Add Superadmin) Cross-Site Request Forgery
ZKTeco ZKBioSecurity 3.0 - Directory Traversal
ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authorization Bypass
ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting
PHP 7.0 - JsonSerializable::jsonSerialize json_encode Local Denial of Service
 2016-09-01 05:08:40 +00:00
Offensive Security
1f0c845486 DB: 2016-08-31 
3 new exploits

Too many to list!
 2016-08-31 05:07:37 +00:00
Offensive Security
760d823bc8 DB: 2016-08-30 
18 new exploits

Too many to list!
 2016-08-30 05:08:40 +00:00
Offensive Security
9680c9c2cb DB: 2016-07-27 
6 new exploits

Invision Power Board <= 3.0.4_ <= 3.0.4_ <= 2.3.6 - LFI and SQL Injection
Invision Power Board <= 3.0.4 / <= 3.0.4 / <= 2.3.6 - LFI and SQL Injection

Linux/x86 - connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes)
Linux/x86 - Connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes)

Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes)
Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes)

Win32 - connectback_ receive_ save and execute shellcode
Win32 - Connectback_ receive_ save and execute shellcode

DVD X Player 5.5 Professional (.plf) Universal Buffer Overflow
DVD X Player 5.5 Professional - (.plf) Universal Buffer Overflow

DVD X Player 5.5.0 Pro / Standard - Universal Exploit (DEP+ASLR Bypass)
DVD X Player 5.5.0 Pro / Standard - Universal Exploit (DEP + ASLR Bypass)

ISC BIND <= 8.2.2_IRIX <= 6.5.17_Solaris 7.0 - (NXT Overflow and Denial of Service) Vulnerabilities
ISC BIND <= 8.2.2 / IRIX <= 6.5.17 / Solaris 7.0 - (NXT Overflow and Denial of Service) Vulnerabilities

LedgerSMB1.0/1.1_SQL-Ledger 2.6.x Login Parameter Local File Include And Authentication Bypass Vulnerabilities
LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - Login Parameter Local File Include And Authentication Bypass Vulnerabilities

Lighttpd <= 1.4.15 - Multiple Code Execution_ Denial of Service and Information Disclosure Vulnerabilities
Lighttpd <= 1.4.15 - Multiple Code Execution + Denial of Service + Information Disclosure Vulnerabilities

Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow
Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow Privilege Escalation

Windows TrackPopupMenu Win32k NULL Pointer Dereference
Windows - TrackPopupMenu Win32k NULL Pointer Dereference

ManageEngine OpManager_ Social IT Plus and IT360 - Multiple Vulnerabilities
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities

Wikipad 1.6.0 - Cross-Site Scripting_ HTML Injection and Information Disclosure Vulnerabilities
Wikipad 1.6.0 - Cross-Site Scripting + HTML Injection + Information Disclosure Vulnerabilities

concrete5 5.5.2.1 Information Disclosure_ SQL Injection and Cross Site Scripting Vulnerabilities
concrete5 5.5.2.1 - Information Disclosure + SQL Injection + Cross Site Scripting Vulnerabilities

RuubikCMS 1.1.x Cross Site Scripting_ Information Disclosure and Directory Traversal Vulnerabilities
RuubikCMS 1.1.x - Cross Site Scripting + Information Disclosure + Directory Traversal Vulnerabilities

Windows Kernel Win32k.sys Privilege Escalation Exploit (MS14-058)
Windows Kernel - Win32k.sys Privilege Escalation Exploit (MS14-058)

Tiki-Wiki CMS Calendar 14.2_ 12.5 LTS_ 9.11 LTS_ and 6.15 - Remote Code Execution
Tiki-Wiki CMS Calendar 14.2 / 12.5 LTS / 9.11 LTS / 6.15 - Remote Code Execution

PHP 7.0.8_ 5.6.23 and 5.5.37 - bzread() Out-of-Bounds Write
PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Post Auth Remote Root Exploit (Metasploit)
PHP File Vault 0.9 - Directory Traversal
Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities
Iris ID IrisAccess ICU 7000-2 - Remote Root Command Execution
Iris ID IrisAccess iCAM4000/iCAM7000 - Hardcoded Credentials Remote Shell Access
 2016-07-27 05:06:35 +00:00
Offensive Security
d06dff59f9 DB: 2016-07-26 
16 new exploits

Ubuntu Breezy 5.10 - Installer Password Disclosure
Ubuntu 5.10 - Installer Password Disclosure

BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes)
BSD/x86 - setuid/portbind 31337/TCP shellcode (94 bytes)
Linux/x86 - shellcode that forks a HTTP Server on port tcp/8800 (166 bytes)
Linux/x86 - listens for shellcode on tcp/5555 and jumps to it (83 bytes)
Linux/x86 - Forks a HTTP Server on port 8800/TCP shellcode (166 bytes)
Linux/x86 - Listens for shellcode on 5555/TCP and jumps to it (83 bytes)

Linux/x86 - Shellcode Polymorphic chmod(_/etc/shadow__666) (54 bytes)
Linux/x86 - Polymorphic chmod(_/etc/shadow__666) Shellcode (54 bytes)

Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes)
Linux/x86 - Add root user 'r00t' with no password to /etc/passwd shellcode (69 bytes)

Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes)
Linux/x86 - SET_PORT() portbind 31337/TCP shellcode (100 bytes)

Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - Add User 'xtz' without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP + fork() shellcode (98 bytes)

Linux/x86 - connect-back shellcode 127.0.0.1:31337/tcp (74 bytes)
Linux/x86 - Connect-back shellcode 127.0.0.1:31337/TCP (74 bytes)

Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes)
Linux/x86 - Add user 't00r' encrypt shellcode (116 bytes)

Linux/x86 - Add user _t00r_ shellcode (82 bytes)
Linux/x86 - Add user 't00r' shellcode (82 bytes)

Linux/x86 - Add user _z_ shellcode (70 bytes)
Linux/x86 - Add User 'z' shellcode (70 bytes)

Solaris/x86 - portbind/tcp shellcode (Generator)
Solaris/x86 - portbind/TCP shellcode (Generator)

Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)
Linux/x86 - append '/etc/passwd' & exit() shellcode (107 bytes)

Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes)
Linux/x86 - sends 'Phuck3d!' to all terminals shellcode (60 bytes)

Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall shellcode (39 bytes)

Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall shellcode (39 bytes)

Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes)
Linux/ARM - Add root user 'shell-storm' with password 'toor' shellcode (151 bytes)

OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes)
OS-X/Intel (x86_64) - reverse_tcp shell shellcode (131 bytes)

Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes)
Linux/SuperH (sh4) - Add root user 'shell-storm' with password 'toor' shellcode (143 bytes)

Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes)
Linux/MIPS - Add user(UID 0) 'rOOt' with password 'pwn3d' shellcode (164 bytes)

Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)

Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes)
Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)

OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes)
OS-X/x86-64 - 4444/TPC port bind Nullfree shellcode (144 bytes)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes)
Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bindshell 4444/TCP with Password Prompt shellcode (162 bytes)

Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes)
Linux/x86-64 - Bind 1472/TCP shellcode (IPv6) (199 bytes)

Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes)
Linux/x86 - Bind Shell Port 4444/TCP shellcode (656 bytes)

Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes)
Linux/x86 - Bind Shell Port 4444/TCP shellcode (98 bytes)

Rapid7 AppSpider 6.12 - Local Privilege Escalation
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)
Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)
MediaCoder 0.8.43.5852 - .m3u SEH Exploit
Drupal CODER Module 2.5 - Remote Command Execution (Metasploit)
CodoForum 3.2.1 - SQL Injection
CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter+ASLR bypass)
GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload
PHP gettext (gettext.php) 1.0.12 - Unauthenticated Code Execution
PHP 7.0.8_ 5.6.23 and 5.5.37 - bzread() Out-of-Bounds Write
Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities
Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities
Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities
Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities
 2016-07-26 05:04:05 +00:00
Offensive Security
3739831fb2 DB: 2016-06-24 
16 new exploits

Banner Exchange Script 1.0 - (targetid) Blind SQL Injection Vulnerability

PHP 5.3.3 - ibase_gen_id() off-by-one Overflow Vulnerability
ARM Bindshell port 0x1337
ARM Bind Connect UDP Port 68
ARM Loader Port 0x1337
ARM ifconfig eth0 and Assign Address
ARM Bindshell port 0x1337
ARM Bind Connect UDP Port 68
ARM Loader Port 0x1337
ARM ifconfig eth0 and Assign Address

G Data TotalCare 2011 - NtOpenKey Race Condition Vulnerability

ImpressPages CMS 3.8 - Stored XSS Vulnerability

Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery

Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability

Linux Netcat Reverse Shell - 32bit - 77 bytes

PrestaShop 1.4.4.1 modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php Multiple Parameter XSS
PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Parameter XSS
Getsimple CMS 3.3.10 - Arbitrary File Upload

op5 v7.1.9 Configuration Command Execution
op5 7.1.9 - Configuration Command Execution
Alibaba Clone B2B Script - Arbitrary File Disclosure
XuezhuLi FileSharing - Directory Traversal
XuezhuLi FileSharing - (Add User) CSRF
FinderView - Multiple Vulnerabilities
 2016-06-24 05:06:19 +00:00
Offensive Security
614fb1caf8 DB: 2016-05-12 
22 new exploits

PoPToP PPTP <= 1.1.4-b3 - Remote Root Exploit (poptop-sane.c)
PoPToP PPTP <= 1.1.4-b3 - 'poptop-sane.c' Remote Root Exploit

Atftpd 0.6 - Remote Root Exploit (atftpdx.c)
Atftpd 0.6 - 'atftpdx.c' Remote Root Exploit

Yahoo Messenger 5.5 - Remote Exploit (DSR-ducky.c)
Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Exploit

CCBILL CGI Remote Exploit for whereami.cgi (ccbillx.c)
CCBILL CGI - 'ccbillx.c' whereami.cgi Remote Exploit

Cisco IOS IPv4 Packet Denial of Service Exploit (cisco-bug-44020.c)
Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service Exploit

wu-ftpd 2.6.2 - Remote Denial of Service Exploit (wuftpd-freezer.c)
wu-ftpd 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service Exploit

Microsoft Windows - (Jolt2.c) Denial of Service Exploit
Microsoft Windows - 'Jolt2.c' Denial of Service Exploit

TCP SYN Denial of Service Exploit (bang.c)
TCP SYN - 'bang.c' Denial of Service Exploit

Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)
Apache HTTPd - Arbitrary Long HTTP Headers DoS

Linux Kernel <= 2.4.26- File Offset Pointer Handling Memory Disclosure Exploit
Linux Kernel <= 2.4.26 - File Offset Pointer Handling Memory Disclosure Exploit

Linux Kernel 2.6.x (Slackware 9.1/ Debian 3.0) - chown() Group Ownership Alteration Exploit
Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit

Veritas Backup Exec Agent 8.x/9.x - Browser Overflow (C)
Veritas Backup Exec Agent 8.x/9.x - Browser Overflow

Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
Apache OpenSSL - 'OpenFuckV2.c' Remote Exploit

CA License Server (GETCONFIG) Remote Buffer Overflow Exploit (c)
CA License Server (GETCONFIG) Remote Buffer Overflow Exploit

Aeon 0.2a - Local Linux Exploit (C)
Aeon 0.2a - Local Linux Exploit

Linux Kernel 2.4 / 2.6 - bluez Local Root Privilege Escalation Exploit (3)
Linux Kernel 2.4.x / 2.6.x - 'Bluez' Bluetooth Signed Buffer Index Local Root (3)

nbSMTP <= 0.99 (util.c) Client-Side Command Execution Exploit
nbSMTP <= 0.99 - 'util.c' Client-Side Command Execution Exploit

SuSE Linux <= 9.3 / 10 - (chfn) Local Root Privilege Escalation Exploit
Linux chfn (SuSE <= 9.3 / 10) - Local Privilege Escalation Exploit

SugarSuite Open Source <= 4.0beta Remote Code Execution Exploit (c)
SugarSuite Open Source <= 4.0beta - Remote Code Execution Exploit
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (c)
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (pl)
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (Perl)

OpenVMPSd <= 1.3 - Remote Format String Exploit (Multiple Targets)
OpenVMPSd <= 1.3 - Remote Format String Exploit

Ubuntu Breezy 5.10 Installer Password Disclosure Vulnerability
Ubuntu Breezy 5.10 - Installer Password Disclosure Vulnerability

X.Org X11 (X11R6.9.0/X11R7.0) - Local Root Privilege Escalation Exploit
X.Org X11 (X11R6.9.0/X11R7.0) - Local Privilege Escalation Exploit

DataLife Engine <= 4.1 - Remote SQL Injection Exploit (php)
DataLife Engine <= 4.1 - Remote SQL Injection Exploit (PHP)
Opera 9 IRC Client Remote Denial of Service Exploit (c)
Opera 9 IRC Client Remote Denial of Service Exploit (py)
Opera 9 - IRC Client Remote Denial of Service Exploit
Opera 9 IRC Client - Remote Denial of Service Exploit (Python)

Microsoft Windows PNG File IHDR Block Denial of Service Exploit PoC (c)
Microsoft Windows - PNG File IHDR Block Denial of Service Exploit PoC (1)

Microsoft Windows PNG File IHDR Block Denial of Service Exploit PoC (c) (2)
Microsoft Windows - PNG File IHDR Block Denial of Service Exploit PoC (2)

Microsoft Internet Explorer (VML) Remote Buffer Overflow Exploit (SP2) (pl)
Microsoft Internet Explorer (VML) - Remote Buffer Overflow Exploit (SP2) (Perl)

Microsoft Internet Explorer WebViewFolderIcon setSlice() Exploit (pl)
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (Perl)

Microsoft Internet Explorer WebViewFolderIcon setSlice() Exploit (c)
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit

cPanel <= 10.8.x - (cpwrap via mysqladmin) Local Root Exploit (php)
cPanel <= 10.8.x - (cpwrap via mysqladmin) Local Root Exploit (PHP)

Xfire <= 1.6.4 - Remote Denial of Service Exploit (pl)
Xfire <= 1.6.4 - Remote Denial of Service Exploit (Perl)

Microsoft Windows NetpManageIPCConnect Stack Overflow Exploit (py)
Microsoft Windows NetpManageIPCConnect - Stack Overflow Exploit (Python)

VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (c)
VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit

QK SMTP <= 3.01 (RCPT TO) Remote Buffer Overflow Exploit (pl)
QK SMTP <= 3.01 - (RCPT TO) Remote Buffer Overflow Exploit (Perl)

Ubuntu/Debian Apache 1.3.33/1.3.34 - (CGI TTY) Local Root Exploit
Apache 1.3.33/1.3.34 (Ubuntu / Debian) - (CGI TTY) Local Root Exploit

WarFTP 1.65 (USER) Remote Buffer Overlow Exploit (multiple targets)
WarFTP 1.65 (USER) Remote Buffer Overlow Exploit

XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit
XOOPS Module WF-Snippets <= 1.02 (c) - BLIND SQL Injection Exploit

IrfanView 3.99 - (.ani) Local Buffer Overflow Exploit (multiple targets)
IrfanView 3.99 - (.ani) Local Buffer Overflow Exploit

3proxy 0.5.3g logurl() Remote Buffer Overflow Exploit (Win32) (pl)
3proxy 0.5.3g logurl() - Remote Buffer Overflow Exploit (Win32) (Perl)

Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit (c)
Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit
fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (php)
fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (pl)
fuzzylime CMS 3.01 (polladd.php poll) Remote Code Execution Exploit (PHP)
fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution Exploit (Perl)

IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (pl)
IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (Perl)

IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow Exploit (c)
IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow Exploit

BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (py)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (Python)

BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (c)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit

CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (py)
CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (Python)

Browser3D 3.5 - (.sfs) Local Stack Overflow Exploit (c)
Browser3D 3.5 - (.sfs) Local Stack Overflow Exploit

Microsoft Internet Explorer 7 - Memory Corruption Exploit (MS09-002) (py)
Microsoft Internet Explorer 7 - Memory Corruption Exploit (MS09-002) (Python)

EFS Easy Chat Server Authentication Request Buffer Overflow Exploit (pl)
EFS Easy Chat Server - Authentication Request Buffer Overflow Exploit (Perl)

CastRipper 2.50.70 - (.m3u) Universal Stack Overflow Exploit (py)
CastRipper 2.50.70 - (.m3u) Universal Stack Overflow Exploit (Python)

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php)
Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (PHP)

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl)
Microsoft IIS 6.0 WebDAV - Remote Authentication Bypass Exploit (Perl)

kloxo 5.75 - (24 issues) Multiple Vulnerabilities
kloxo 5.75 - Multiple Vulnerabilities

Mozilla Firefox 3.5 (Font tags) Remote Heap Spray Exploit (pl)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (Perl)

Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation Exploit (C)
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation Exploit

MailEnable 1.52 HTTP Mail Service Stack BoF Exploit PoC
MailEnable 1.52 - HTTP Mail Service Stack BoF Exploit PoC

(Ubuntu 9.10/10.04) PAM 1.1.0 - MOTD File Tampering (Privilege Escalation)
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (1)

Cacti 0.8.7e: Multiple Security Issues
Cacti 0.8.7e - Multiple Vulnerabilities

(Tod Miller's) Sudo/SudoEdit 1.6.x < 1.6.9p21 & 1.7.x < 1.7.2p4 - Local Root Exploit
(Tod Miller's) Sudo/SudoEdit 1.6.x / 1.7.x (<= 1.6.9p21 / <= 1.7.2p4) - Local Root Exploit

PAM 1.1.0 MOTD (Ubuntu 9.10/10.04) - Local Root Exploit
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (2)

Linux Kernel < 2.6.36-rc1 CAN BCM (Ubuntu 10.04 / 2.6.32-21) - Privilege Escalation Exploit
Linux Kernel < 2.6.36-rc1 CAN BCM (Ubuntu 10.04 / 2.6.32) - Privilege Escalation Exploit

Ubuntu Linux - 'mountall' - Local Privilege Escalation Vulnerability
mountall <= 2.15.2 (Ubuntu 10.04/10.10) - Local Privilege Escalation Vulnerability

Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (.py)
Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (Python)

PHP Hosting Directory 2.0 Database Disclosure Exploit (.py)
PHP Hosting Directory 2.0 Database Disclosure Exploit (Python)

systemtap - Local Root Privilege Escalation Vulnerability
systemtap - Local Privilege Escalation Vulnerability

Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 110.10) - Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 11.10) - Local Privilege Escalation Exploit (2)

Kunena < 1.5.13_ < 1.6.3 - SQL Injection Vulnerability
Kunena < 1.5.13 / < 1.6.3 - SQL Injection Vulnerability

HP OpenView NNM 7.53_ 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow
HP OpenView NNM 7.53/7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow

Safari 5.0.6_ 5.1 - SVG DOM Processing PoC
Safari 5.0.6/5.1 - SVG DOM Processing PoC

Ubuntu <= 11.04 ftp client Local Buffer Overflow Crash PoC
FTP Client (Ubuntu <= 11.04) - Local Buffer Overflow Crash PoC

Acpid 1:2.0.10-1ubuntu2 - Privilege Boundary Crossing Vulnerability
Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit
RedHat Linux <= 6.0_ Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (1)
RedHat Linux <= 6.0_ Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (2)
RedHat Linux <= 6.0 / Slackware Linux <= 4.0 - Termcap tgetent() Buffer Overflow (1)
RedHat Linux <= 6.0 / Slackware Linux <= 4.0 - Termcap tgetent() Buffer Overflow (2)
Linux Kernel 2.2.x/2.4 .0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1)
Linux Kernel 2.2.x/2.4 .0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2)
Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1)
Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2)

Debian 2.x_RedHat 6.2_IRIX 5/6_ Solaris 2.x Mail Reply-To Field Vulnerability
Debian 2.x_ RedHat 6.2_ IRIX 5/6_ Solaris 2.x - Mail Reply-To Field Vulnerability

Pure-FTPd 1.0.21 (CentOS 6.2 & Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (1)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (2)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (3)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (4)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - loopback (land.c) DoS (5)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (1)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (2)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (3)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (4)
FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 - 'land.c' loopback DoS (5)

cPanel 5.0 - Openwebmail Local Privileges Escalation Vulnerability
cPanel 5.0 - Openwebmail Local Privilege Escalation Vulnerability

Linux-PAM 0.77 - Pam_Wheel Module getlogin() Username Spoofing Privileged Escalation Vulnerability
Linux PAM 0.77 - Pam_Wheel Module getlogin() Username Spoofing Privilege Escalation Vulnerability

Totem Movie Player (Ubuntu) 3.4.3 - Stack Corruption
Totem Movie Player 3.4.3 (Ubuntu) - Stack Corruption

Flightgear 2.0_ 2.4 - Remote Format String Exploit
Flightgear 2.0/2.4 - Remote Format String Exploit

Opera 7.x_ Firefox 1.0_ Internet Explorer 6.0 - Information Disclosure Weakness
Opera 7.x/Firefox 1.0/Internet Explorer 6.0 - Information Disclosure Weakness
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC Vulnerability (1)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (2)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (3)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root Vulnerability (4)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC (1)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root (2)
Linux Kernel <= 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root Vulnerability

Linux Kernel 2.6.37 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit
Linux Kernel 2.6.32 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit

Linux Kernel 3.8.x - open-time Capability file_ns_capable() Privilege Escalation
Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation

OSX <= 10.8.4 - Local Root Privilege Escalation (py)
OSX <= 10.8.4 - Local Privilege Escalation (Python)

Moodle 2.3.8_ 2.4.5 - Multiple Vulnerabilities
Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities

IBM AIX 6.1 / 7.1 - Local Root Privilege Escalation
IBM AIX 6.1 / 7.1 - Local Privilege Escalation

glibc and eglibc 2.5_ 2.7_ 2.13 - Buffer Overflow Vulnerability
glibc and eglibc 2.5/2.7/2.13 - Buffer Overflow Vulnerability

StatusNet/Laconica 0.7.4_ 0.8.2_ 0.9.0beta3 - Arbitrary File Reading
StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading

Links_ ELinks 'smbclient' Remote Command Execution Vulnerability
Links_ ELinks 'smbclient' - Remote Command Execution Vulnerability

Flyspray 0.9.9 - Information Disclosure_ HTML Injection and Cross-Site Scripting Vulnerabilities
Flyspray 0.9.9 - Information Disclosure/HTML Injection/Cross-Site Scripting

Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - Local Root (CONFIG_X86_X32=y)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Local Root Exploit

Symantec Endpoint Protection Manager 11.0_ 12.0_ 12.1 - Remote Command Execution Exploit
Symantec Endpoint Protection Manager 11.0/12.0/12.1 - Remote Command Execution Exploit

ownCloud 4.0.x_ 4.5.x (upload.php filename param) - Remote Code Execution
ownCloud 4.0.x/4.5.x (upload.php filename param) - Remote Code Execution
Procentia IntelliPen 1.1.12.1520 (Data.aspx_ value param) - Blind SQL Injection
Vtiger CRM 5.4.0_ 6.0 RC_ 6.0.0 GA (browse.php file param) - Local File Inclusion
Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection
Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA (browse.php file param) - Local File Inclusion
Haihaisoft HUPlayer 1.0.4.8 - (.m3u_ .pls_ .asx) Buffer Overflow (SEH)
Haihaisoft Universal Player 1.5.8 - (.m3u_ .pls_ .asx) Buffer Overflow (SEH)
Haihaisoft HUPlayer 1.0.4.8 - (.m3u/.pls/.asx) Buffer Overflow (SEH)
Haihaisoft Universal Player 1.5.8 - (.m3u/.pls/.asx) Buffer Overflow (SEH)

JIRA Issues Collector Directory Traversal
JIRA Issues Collector - Directory Traversal

CMSimple 4.4_ 4.4.2 - Remote File Inclusion
CMSimple 4.4/4.4.2 - Remote File Inclusion

Core FTP Server 1.2_ build 535_ 32-bit - Crash PoC
Core FTP Server 1.2 build 535 32-bit - Crash PoC

Samba <= 3.4.5 - Symlink Directory Traversal Vulnerability (C)
Samba <= 3.4.5 - Symlink Directory Traversal Vulnerability

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 4.1.x Bypass (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 4.1.x Bypass (MS12-037)

Linux Kernel < 3.2.0-23 (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation
Linux Kernel < 3.2.0-23  (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation

Symantec Endpoint Protection 11.x_ 12.x - Kernel Pool Overflow
Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow

Linux Kernel 3.16.1 - Remount FUSE Exploit
Linux Kernel < 3.16.1 - Remount FUSE Local Root Exploit

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 5.0 Bypass (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.0 Bypass (MS12-037)

Rejetto HTTP File Server (HFS) 2.3a_ 2.3b_ 2.3c - Remote Command Execution
Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 5.1 Bypass (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.1 Bypass (MS12-037)

Mac OS X - IOKit Keyboard Driver Root Privilege Escalation
Mac OS X - IOKit Keyboard Driver Privilege Escalation

Liferay Portal 7.0.0 M1_ 7.0.0 M2_ 7.0.0 M3 - Pre-Auth RCE
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Pre-Auth RCE

vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion_ SQL Injection & XSS
vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion/SQL Injection/XSS

MalwareBytes Anti-Exploit 1.03.1.1220_ 1.04.1.1012 Out-of-bounds Read DoS
MalwareBytes Anti-Exploit 1.03.1.1220/1.04.1.1012 Out-of-bounds Read DoS

JBoss AS 3_ 4_ 5_ 6 - Remote Command Execution
JBoss AS 3/4/5/6 - Remote Command Execution

Mac OS X < 10.7.5_ 10.8.2_ 10.9.5 10.10.2 - rootpipe Local Privilege Escalation
Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - rootpipe Local Privilege Escalation

Alienvault OSSIM/USM 4.14_ 4.15_ and 5.0 - Multiple Vulnerabilities
Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities

Pandora FMS 5.0_ 5.1 - Authentication Bypass
Pandora FMS 5.0/5.1 - Authentication Bypass

Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root (Shell)
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root Shell

Cisco AnyConnect Secure Mobility 2.x_ 3.x_ 4.x - Client DoS PoC
Cisco AnyConnect Secure Mobility 2.x/3.x/4.x - Client DoS PoC

Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root (Shadow File)
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Privilege Escalation (Access /etc/shadow)

Orchard CMS 1.7.3_ 1.8.2_ 1.9.0 - Stored XSS Vulnerability
Orchard CMS 1.7.3/1.8.2/1.9.0 - Stored XSS Vulnerability

Ubuntu 14.04 NetKit FTP Client - Crash/DoS PoC
NetKit FTP Client (Ubuntu 14.04) - Crash/DoS PoC

Interspire Email Marketer Cross Site Scripting_ HTML Injection_ and SQL Injection Vulnerabilities
Interspire Email Marketer - (Cross Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities

BigDump Cross Site Scripting_ SQL Injection_ and Arbitrary File Upload Vulnerabilities
BigDump - (Cross Site Scripting/SQL Injection/Arbitrary File Upload) Multiple Vulnerabilities

Elastix < 2.5 _ PHP Code Injection Exploit
Elastix < 2.5 - PHP Code Injection Exploit

Microsoft Office Excel 2007_ 2010_ 2013 - BIFFRecord Use-After-Free
Microsoft Office Excel 2007/2010/2013 - BIFFRecord Use-After-Free

OS X Regex Engine (TRE) - Integer Signedness and Overflow Issues
OS X Regex Engine (TRE) - (Integer Signedness and Overflow) Multiple Vulnerabilities

Linux Kernel 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability
Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability

Linux Kernel <=4.3.3 (Ubuntu 14.04_ 15.10) - overlayfs Local Root Exploit
Linux Kernel <= 4.3.3 (Ubuntu 14.04/15.10) - overlayfs Local Root Exploit

Exim < 4.86.2 - Local Root Privilege Escalation
Exim < 4.86.2 - Local Privilege Escalation
RHEL 7.1 (and CentOS) Kernel 3.10.0-229.x - snd-usb-audio Crash PoC
RHEL 7.1 (and CentOS) Kernel 3.10.0-229.x - iowarrior driver Crash PoC
Linux Kernel 3.10.0-229.x (RHEL 7.1. CentOS) - snd-usb-audio Crash PoC
Linux Kernel 3.10.0-229.x (RHEL 7.1. CentOS) - iowarrior driver Crash PoC

Trend Micro Deep Discovery Inspector 3.8_ 3.7 - CSRF Vulnerabilities
Trend Micro Deep Discovery Inspector 3.8/3.7 - CSRF Vulnerabilities

FireEye - Privilege Escalation to root from Malware Input Processor (uid=mip)
FireEye - Malware Input Processor (uid=mip) Privilege Escalation Exploit

Novell Service Desk 7.1.0_ 7.0.3 and 6.5 - Multiple Vulnerabilities
Novell Service Desk 7.1.0/7.0.3 and 6.5 - Multiple Vulnerabilities

Internet Explorer 9_ 10_ 11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)
Internet Explorer 9/10/11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)

Linux (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)
Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)

Linux (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Android Broadcom Wi-Fi Driver - Memory Corruption
CIScan 1.00 - Hostname/IP Field SEH Overwrite PoC
FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation
Intuit QuickBooks Desktop 2007 - 2016 - Arbitrary Code Execution
 2016-05-12 05:03:21 +00:00
Offensive Security
6290e0021e DB: 2016-04-02 
8 new exploits

Microsoft Windows 2000/XP - (RPC DCOM) Remote Exploit
Microsoft Windows 2000/XP - (RPC DCOM) Remote Exploit (MS03-026)

Microsoft Windows NT/2000/XP/2003/Vista/2008/7 - User Mode to Ring Escalation Vulnerability (KiTrap0D)
Microsoft Windows NT/2000/XP/2003/Vista/2008/7 - User Mode to Ring Escalation Vulnerability (KiTrap0D) (MS10-015)
PHP <= 7.0.4/5.5.33 - SNMP Format String Exploit
Windows Kernel - Bitmap Use-After-Free
Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read
Adobe Flash - URLStream.readObject Use-After-Free
Adobe Flash - TextField.maxChars Use-After-Free
Android - ih264d_process_intra_mb Memory Corruption
Adobe Flash - Color.setTransform Use-After-Free
PHP 5.5.33 - Invalid Memory Write
 2016-04-02 05:02:51 +00:00
Offensive Security
f98ebec3d2 DB: 2015-11-11 
11 new exploits
 2015-11-11 05:02:52 +00:00
Offensive Security
229204741f DB: 2015-09-10 
15 new exploits
 2015-09-10 05:04:12 +00:00
Offensive Security
9569f264ec DB: 2015-08-14 
191 new exploits
 2015-08-14 05:02:47 +00:00
Offensive Security
5df0c9137c DB: 2015-07-12 
11 new exploits
 2015-07-12 05:03:09 +00:00
Offensive Security
b3321b3426 DB: 2015-05-15 
17 new exploits
 2015-05-15 05:02:32 +00:00
Offensive Security
cc553d1147 DB: 2015-04-20 
11 new exploits
 2015-04-20 12:44:13 +00:00
Offensive Security
0607d0429f DB: 2015-04-09 
19 new exploits
 2015-04-09 08:36:09 +00:00
Offensive Security
5924dde297 DB: 2015-03-19 
2 new exploits
 2015-03-19 09:39:10 +00:00
Offensive Security
d944419211 Update: 2015-02-25 
21 new exploits
 2015-02-25 08:37:34 +00:00
Offensive Security
a828258c67 Update: 2015-02-15 
15 new exploits
 2015-02-15 08:35:27 +00:00
Offensive Security
b4ae4f9045 Updated 12_16_2014 2014-12-16 04:49:38 +00:00
Offensive Security
6a7030ba10 Updated 12_09_2014 2014-12-09 04:52:50 +00:00
Offensive Security
cd1ca949ad Updated 11_26_2014 2014-11-26 04:52:41 +00:00
Offensive Security
025d2b1b6e Updated 11_07_2014 2014-11-07 04:45:10 +00:00
Offensive Security
f550d4ce66 Updated 06_15_2014 2014-06-15 04:36:33 +00:00
Offensive Security
8c4a59c50c Updated 06_14_2014 2014-06-14 04:38:32 +00:00
Offensive Security
e6f333a7b5 Updated 06_04_2014 2014-06-04 04:36:26 +00:00
Offensive Security
34e961b15d Updated 04_08_2014 2014-04-08 04:35:51 +00:00
Offensive Security
82b5532aa7 Updated 01_08_2014 2014-01-08 04:24:23 +00:00
Offensive Security
30d9cc4c3d Updated 01_04_2014 2014-01-04 23:27:58 +00:00
Offensive Security
fffbf04102 Updated 2013-12-03 19:44:07 +00:00