bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1255 commits 1 branch 0 tags 267 MiB
Commit graph

14 commits

Author SHA1 Message Date
Offensive Security
b002e06bf6 DB: 2017-06-08 
9 new exploits

Linux Kernel - 'ping' Local Denial of Service
Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service
PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption
Artifex MuPDF - Null Pointer Dereference
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference

DC/OS Marathon UI - Docker Exploit (Metasploit)
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
Xavier 2.4 - SQL Injection
Robert 0.5 - Multiple Vulnerabilities
 2017-06-08 05:01:17 +00:00
Offensive Security
4e3947178d DB: 2017-05-10 
10 new exploits

LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls
LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers
LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflows
wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One
Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution
Crypttech CryptoLog - Remote Code Execution (Metasploit)
BSD/x86 - portbind port 31337 Shellcode (83 bytes)
BSD/x86 - portbind port random Shellcode (143 bytes)
BSD/x86 - Portbind Port 31337 Shellcode (83 bytes)
BSD/x86 - Portbind Random Port Shellcode (143 bytes)

BSD/x86 - execve /bin/sh Crypt /bin/sh Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)

BSD/x86 - reverse 6969 portbind Shellcode (129 bytes)
BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)

FreeBSD/x86 - portbind 4883 with auth Shellcode (222 bytes)
FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes)

FreeBSD/x86 - connect (Port 31337) Shellcode (102 bytes)
FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
Linux/x86 - execve Null Free Shellcode (Generator)
Linux/x86 - Portbind Payload Shellcode (Generator)
Windows XP SP1 - Portbind Payload Shellcode (Generator)
Linux/x86 - execve Null-Free Shellcode (Generator)
Linux/x86 - Portbind Shellcode (Generator)
Windows XP SP1 - Portbind Shellcode (Generator)

Linux/x86 - cmd Null Free Shellcode (Generator)
Linux/x86 - cmd Null-Free Shellcode (Generator)

Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Connectback Port 21 Shellcode

Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind Shellcode (276 bytes)
Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes)

Linux/SPARC - portbind port 8975 Shellcode (284 bytes)
Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes)

Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes)
Linux/x86 - bindport 8000 & execve iptables -F Shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access Shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux Shellcode (179 bytes)
Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes)
Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture Shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)

Linux/x86 - Connect Back Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - setuid/portbind (Port 31337) Shellcode (96 bytes)
Linux/x86 - portbind (2707) Shellcode (84 bytes)
Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes)
Linux/x86 - Portbind 2707 Shellcode (84 bytes)

Linux/x86 - SET_PORT() portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) Shellcode (86 bytes)
Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes)
Linux/x86 - Portbind Port 64713 Shellcode (86 bytes)
Linux/x86 - portbind port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add user 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - portbind port 5074 Shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add user 't00r' Shellcode (82 bytes)
Linux/x86 - Portbind Port 5074 Shellcode (92 bytes)
Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add User 't00r' Shellcode (82 bytes)

Linux/x86-64 - bindshell port 4444 Shellcode (132 bytes)
Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes)

NetBSD/x86 - callback Shellcode (port 6666) (83 bytes)
NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes)

OpenBSD/x86 - portbind port 6969 Shellcode (148 bytes)
OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes)

Solaris/SPARC - portbind (port 6666) Shellcode (240 bytes)
Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes)

Solaris/SPARC - portbind port 6789 Shellcode (228 bytes)
Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes)
Solaris/SPARC - portbinding Shellcode (240 bytes)
Solaris/x86 - portbind/TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free Shellcode (39 bytes)
Solaris/SPARC - Portbind Shellcode (240 bytes)
Solaris/x86 - Portbind TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes)

Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 Shellcode
Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode

Win32 - telnetbind by Winexec 23 port Shellcode (111 bytes)
Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes)

Win32 XP SP2 FR - Sellcode cmd.exe Shellcode (32 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)

Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)

Win32 - download and execute Shellcode (124 bytes)
Win32 - Download & Execute Shellcode (124 bytes)

Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows XP - download and exec source Shellcode
Windows XP SP1 - Portshell on port 58821 Shellcode (116 bytes)
Windows XP - Download & Exec Shellcode
Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes)

Win64 - (URLDownloadToFileA) download and execute Shellcode (218+ bytes)
Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes)
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 Shellcode
FreeBSD/x86 - portbind (Port 1337) Shellcode (167 bytes)
Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode
FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes)
Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)
Windows XP Professional SP2 (English) - Message Box Null-Free Shellcode (16 bytes)
Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)

Win32 XP SP2 FR - calc Shellcode (19 bytes)
Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Win32 XP SP3 English - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe Shellcode (26 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Windows XP Home Edition SP2 English - calc.exe Shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe Shellcode (37 bytes)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)

Windows XP Professional SP2 ITA - calc.exe Shellcode (36 bytes)
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)

Windows XP SP2 FR - Download and Exec Shellcode
Windows XP SP2 (FR) - Download & Exec Shellcode

Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Windows 7 Professional SP1 x64 (FR) - (Beep) Shellcode (39 bytes)

Linux/x86 - netcat connect back port 8080 Shellcode (76 bytes)
Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ Shellcode (390 bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes)
Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)

Linux/x86 - bind shell port 64533 Shellcode (97 bytes)
Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes)
Linux - 125 bind port to 6778 XOR encoded polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic Shellcode (91 bytes)
Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes)
Linux/x86 - netcat bindshell port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)
Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)

BSD/x86 - bindshell on port 2525 Shellcode (167 bytes)
BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes)

Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Win32/XP Pro SP3 (EN) x86 - Add new local administrator _secuid0_ Shellcode (113 bytes)
Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)
ARM - Bindshell port 0x1337 Shellcode
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
ARM - Bindshell Port 0x1337 Shellcode

OSX/Intel (x86-64) - setuid shell  Shellcode (51 bytes)
OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)

Win32 - speaking Shellcode
Win32 - Speaking 'You got pwned!' Shellcode

BSD/x86 - 31337 portbind + fork Shellcode (111 bytes)
BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes)

Linux/x86 - netcat bindshell port 6666 Shellcode (69 bytes)
Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes)

Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)

Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)

Linux/MIPS - connect back Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)

Windows XP Pro SP3 - Full ROP calc Shellcode (428 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)

Windows RT ARM - Bind Shell (Port 4444) Shellcode
Windows RT ARM - Bind Shell Port 4444 Shellcode

Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)

Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes)

Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)

Windows XP x86-64 - Download & execute Shellcode (Generator)
Windows XP x86-64 - Download & Execute Shellcode (Generator)

Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)
Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes)

Win32/XP SP3 - Create (_file.txt_) Shellcode (83 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)

Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)

OSX/x86-64 - /bin/sh Null Free Shellcode (34 bytes)
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)

OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes)
OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes)

Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)

Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes)
Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes)

Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)
Windows XP < 10 - WinExec Null-Free Shellcode (Python) (Generator)

Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes)

Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes)

Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)
Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes)

Linux/x86-64 - bindshell (Port 5600) Shellcode (81 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes)

Linux/x86-64 - bindshell (Port 5600) Shellcode (86 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes)

Linux/x86 - Bind TCP Port 1472 (IPv6) Shellcode (1250 bytes)
Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes)

Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)
Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes)

Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes)

Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)
Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes)
Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes)
Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)
Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes)
Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes)

Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes)
LogRhythm Network Monitor - Authentication Bypass / Command Injection
I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
 2017-05-10 05:01:16 +00:00
Offensive Security
72f98fab1c DB: 2017-04-28 
5 new exploits

Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption

Microsoft Office Word - Malicious Hta Execution (Metasploit)
Microsoft Office Word - '.RTF' Malicious HTA Execution (Metasploit)

Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)
TYPO3 News Module - SQL Injection
Simple File Uploader - Arbitrary File Download
Easy File Uploader - Arbitrary File Upload
 2017-04-28 05:01:19 +00:00
Offensive Security
570f8aec26 DB: 2017-03-25 
6 new exploits

wifirxpower - Local Buffer Overflow
Miele Professional PG 8528 - Directory Traversal
NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow (Metasploit)
Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit)
Gr8 Tutorial Script - SQL Injection
Gr8 Gallery Script - SQL Injection
 2017-03-25 05:01:17 +00:00
Offensive Security
dab1517032 DB: 2016-11-22 
13 new exploits

Borland Interbase 2007 - ibserver.exe Buffer Overflow (PoC)
Borland Interbase 2007 - 'ibserver.exe' Buffer Overflow (PoC)

Linux Kernel (Ubuntu / RedHat) - 'keyctl' Null Pointer Dereference
Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference
Microsoft Edge Scripting Engine - Memory Corruption (MS16-129)
Microsoft Edge - 'CText­Extractor::Get­Block­Text' Out-of-Bounds Read (MS16-104)
Microsoft Internet Explorer 8 jscript - 'Reg­Exp­Base::FBad­Header' Use-After-Free (MS15-018)
NTP 4.2.8p8 - Denial of Service

Tumbleweed SecureTransport FileTransfer - ActiveX Buffer Overflow
Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow

Borland Interbase 2007 - PWD_db_aliased Buffer Overflow (Metasploit)
Borland Interbase 2007 - 'PWD_db_aliased' Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 sp2 - 'jrd8_create_database' Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit)

Borland Interbase - isc_create_database() Buffer Overflow (Metasploit)
Borland Interbase - 'isc_create_database()' Buffer Overflow (Metasploit)

Borland Interbase - isc_attach_database() Buffer Overflow (Metasploit)
Borland Interbase - 'isc_attach_database()' Buffer Overflow (Metasploit)

Borland Interbase - SVC_attach() Buffer Overflow (Metasploit)
Borland Interbase - 'SVC_attach()' Buffer Overflow (Metasploit)

Borland Interbase - Create-Request Buffer Overflow (Metasploit)
Borland Interbase - 'Create-Request' Buffer Overflow (Metasploit)
Borland Interbase - PWD_db_aliased() Buffer Overflow (Metasploit)
Borland Interbase - open_marker_file() Buffer Overflow (Metasploit)
Borland Interbase - 'PWD_db_aliased()' Buffer Overflow (Metasploit)
Borland Interbase - 'open_marker_file()' Buffer Overflow (Metasploit)
Borland Interbase - jrd8_create_database() Buffer Overflow (Metasploit)
Borland Interbase - INET_connect() Buffer Overflow (Metasploit)
Borland Interbase - 'jrd8_create_database()' Buffer Overflow (Metasploit)
Borland Interbase - 'INET_connect()' Buffer Overflow (Metasploit)

Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit)

phpunity.postcard - (gallery_path) Remote File Inclusion
phpunity.postcard - 'gallery_path' Parameter Remote File Inclusion

CcMail 1.0.1 - (update.php functions_dir) Remote File Inclusion
CcMail 1.0.1 - 'functions_dir' Parameter Remote File Inclusion

1024 CMS 0.7 - (download.php item) Remote File Disclosure
1024 CMS 0.7 - 'download.php' Remote File Disclosure

cpCommerce 1.1.0 - (category.php id_category) SQL Injection
CPCommerce 1.1.0 - 'id_category' Parameter SQL Injection

1024 CMS 1.3.1 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
1024 CMS 1.3.1 - Local File Inclusion / SQL Injection
Mole 2.1.0 - (viewsource.php) Remote File Disclosure
ChartDirector 4.1 - (viewsource.php) File Disclosure
724CMS 4.01 Enterprise - (index.php ID) SQL Injection
My Gaming Ladder 7.5 - (ladderid) SQL Injection
Mole 2.1.0 - 'viewsource.php' Remote File Disclosure
ChartDirector 4.1 - 'viewsource.php' File Disclosure
724CMS 4.01 Enterprise - 'index.php' SQL Injection
My Gaming Ladder 7.5 - 'ladderid' Parameter SQL Injection
exbb 0.22 - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities
Pligg CMS 9.9.0 - (editlink.php id) SQL Injection
ExBB 0.22 - Local / Remote File Inclusion
Pligg CMS 9.9.0 - 'editlink.php' SQL Injection

Prediction Football 1.x - (matchid) SQL Injection
Prediction Football 1.x - 'matchid' Parameter SQL Injection

Free Photo Gallery Site Script - (path) File Disclosure
Free Photo Gallery Site Script - 'path' Parameter File Disclosure
LiveCart 1.1.1 - (category id) Blind SQL Injection
Ksemail - 'index.php language' Local File Inclusion
LiveCart 1.1.1 - 'id' Parameter Blind SQL Injection
Ksemail - Local File Inclusion
RX Maxsoft - 'popup_img.php fotoID' SQL Injection
PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection
RX Maxsoft - 'fotoID' Parameter SQL Injection
PHPKB Knowledge Base Software 1.5 - 'ID' Parameter SQL Injection
Pollbooth 2.0 - (pollID) SQL Injection
cpcommerce 1.1.0 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
Pollbooth 2.0 - 'pollID' Parameter SQL Injection
CPCommerce 1.1.0 - Cross-Site Scripting / Local File Inclusion

SmallBiz eShop - (content_id) SQL Injection
SmallBiz eShop - 'content_id' Parameter SQL Injection

lightneasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities

PostcardMentor - 'step1.asp cat_fldAuto' SQL Injection
PostcardMentor - 'cat_fldAuto' Parameter SQL Injection

Pligg CMS 9.9.0 - (story.php id) SQL Injection
Pligg CMS 9.9.0 - 'story.php' SQL Injection

LokiCMS 0.3.4 - writeconfig() Remote Command Execution
LokiCMS 0.3.4 - 'writeconfig()' Remote Command Execution

cpCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass
CPCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass

cpCommerce 1.2.8 - (id_document) Blind SQL Injection
CPCommerce 1.2.8 - 'id_document' Parameter Blind SQL Injection

cpCommerce 1.2.x - GLOBALS[prefix] Arbitrary File Inclusion
CPCommerce 1.2.x - 'GLOBALS[prefix]' Arbitrary File Inclusion

ChartDirector 5.0.1 - (cacheId) Arbitrary File Disclosure
ChartDirector 5.0.1 - 'cacheId' Parameter Arbitrary File Disclosure

Pligg CMS 1.0.4 - (story.php?id) SQL Injection
Pligg CMS 1.0.4 - 'story.php' SQL Injection

724CMS 4.59 Enterprise - SQL Injection
724CMS Enterprise 4.59 - SQL Injection

lightneasy 3.2.2 - Multiple Vulnerabilities
LightNEasy 3.2.2 - Multiple Vulnerabilities

My Postcards 6.0 - MagicCard.cgi Arbitrary File Disclosure
My Postcards 6.0 - 'MagicCard.cgi' Arbitrary File Disclosure

Mambo Open Source 4.0.14 - PollBooth.php Multiple SQL Injection
Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injection

PhotoKorn 1.53/1.54 - postcard.php id Parameter SQL Injection
PhotoKorn 1.53/1.54 - 'id' Parameter SQL Injection

CPCommerce 1.1 - Manufacturer.php SQL Injection
CPCommerce 1.1 - 'manufacturer.php' SQL Injection
LiveCart 1.0.1 - user/remindPassword return Parameter Cross-Site Scripting
LiveCart 1.0.1 - category q Parameter Cross-Site Scripting
LiveCart 1.0.1 - order return Parameter Cross-Site Scripting
LiveCart 1.0.1 - user/remindComplete email Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'q' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'email' Parameter Cross-Site Scripting

Pligg CMS 1.x - module.php Multiple Parameter Cross-Site Scripting
Pligg CMS 1.x - 'module.php' Multiple Parameter Cross-Site Scripting

Pligg CMS 2.0.2 - (load_data_for_search.php) SQL Injection
Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection

CMS Made Simple 2.1.5 - Cross-Site Scripting
Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal
WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery
Mezzanine 4.2.0 - Cross-Site Scripting
LEPTON 2.2.2 - SQL Injection
LEPTON 2.2.2 - Remote Code Execution
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
FUDforum 3.0.6 - Local File Inclusion
Wordpress Plugin Olimometer 2.56 - SQL Injection
 2016-11-22 05:01:18 +00:00
Offensive Security
5e2fc10125 DB: 2016-09-03 2016-09-03 13:13:25 +00:00
Offensive Security
31a21bb68d DB: 2016-09-03 
14 new exploits

Too many to list!
 2016-09-03 05:08:42 +00:00
Offensive Security
70d97f91c1 DB: 2016-07-28 
2 new exploits

Multiple AntiVirus (zip file) Detection Bypass Exploit
Multiple AntiVirus - .zip Detection Bypass Exploit

RealPlayer 10 - (.smil File) Local Buffer Overflow Exploit
RealPlayer 10 - (.smil) Local Buffer Overflow Exploit

Veritas Backup Exec - Remote File Access Exploit (Windows)
Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit)
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow
ZENworks 6.5 Desktop/Server Management - Remote Stack Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit (Metasploit)
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit)

WebAdmin <= 2.0.4 - USER Buffer Overflow Exploit
WebAdmin <= 2.0.4 - USER Buffer Overflow Exploit (Metasploit)

Opera <= 8.02 - Remote Denial of Service Exploit
Opera <= 8.02 - Remote Denial of Service Exploit (1)
MailEnable 1.54 Pro - Universal IMAPD W3C Logging BoF Exploit
Google Search Appliance - proxystylesheet XSLT Java Code Execution
MailEnable 1.54 Pro - Universal IMAPD W3C Logging BoF Exploit (Metasploit)
Google Search Appliance - proxystylesheet XSLT Java Code Execution (Metasploit)
Oracle 9.2.0.1 - Universal XDB HTTP Pass Overflow Exploit
Lyris ListManager - Read Message Attachment SQL Injection Exploit
Oracle 9.2.0.1 - Universal XDB HTTP Pass Overflow Exploit (Metasploit)
Lyris ListManager - Read Message Attachment SQL Injection Exploit (Metasploit)

Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (Linux)
Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (Linux) (Metasploit)

Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (OSX)
Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (OSX) (Metasploit)

Mac OS X Safari Browser - (Safe File) Remote Code Execution Exploit
Mac OS X Safari Browser - (Safe File) Remote Code Execution Exploit (Metasploit)
Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote Exploit
Kerio Personal Firewall <= 2.1.4 - Remote Authentication Packet Overflow
Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote Exploit (Metasploit)
Kerio Personal Firewall <= 2.1.4 - Remote Authentication Packet Overflow (Metasploit)

Microsoft Visual Studio 6.0 sp6 - (Malformed .dbp File) Buffer Overflow Exploit
Microsoft Visual Studio 6.0 sp6 - (.dbp) Buffer Overflow Exploit
Novell Messenger Server 2.0 - (Accept-Language) Remote Overflow Exploit
Symantec Sygate Management Server - (login) SQL Injection Exploit
Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow Exploit
Novell Messenger Server 2.0 - (Accept-Language) Remote Overflow Exploit (Metasploit)
Symantec Sygate Management Server - (login) SQL Injection Exploit (Metasploit)
Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow Exploit (Metasploit)

Microsoft Windows RRAS - Remote Stack Overflow Exploit (MS06-025)
Microsoft Windows RRAS - Remote Stack Overflow Exploit (MS06-025) (Metasploit)

Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025)
Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025) (Metasploit)
eIQnetworks License Manager Remote Buffer Overflow Exploit (1262)
eIQnetworks License Manager Remote Buffer Overflow Exploit (494)
eIQnetworks License Manager - Remote Buffer Overflow Exploit (Metasploit)

eIQnetworks License Manager - Remote Buffer Overflow Exploit (multi) (2)
eIQnetworks License Manager - Remote Buffer Overflow Exploit (Metasploit) (2)

Microsoft Windows - NetpIsRemote() Remote Overflow Exploit (MS06-040)
Microsoft Windows - NetpIsRemote() Remote Overflow Exploit (MS06-040) (Metasploit)

Microsoft Internet Explorer - (MDAC) Remote Code Execution Exploit (MS06-014) (2)
Microsoft Internet Explorer - (MDAC) Remote Code Execution Exploit (MS06-014) (Metasploit) (2)

IBM eGatherer <= 3.20.0284.0 - (ActiveX) Remote Code Execution Exploit
IBM eGatherer <= 3.20.0284.0 - (ActiveX) Remote Code Execution Exploit (Metasploit)

Microsoft Windows 2003 - NetpIsRemote() Remote Overflow Exploit (MS06-040)
Microsoft Windows 2003 - NetpIsRemote() Remote Overflow Exploit (MS06-040) (Metasploit)

Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow Exploit
Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow Exploit (Metasploit)

McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit
McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit (Metasploit)

PrivateWire Gateway 3.7 - Remote Buffer Overflow Exploit (Win32)
PrivateWire Gateway 3.7 - Remote Buffer Overflow Exploit (Win32) (Metasploit)

Apple Airport - 802.11 Probe Response Kernel Memory Corruption Proof of Concept
Apple Airport - 802.11 Probe Response Kernel Memory Corruption Proof of Concept (Metasploit)

VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (Metasploit)
VUPlayer 2.44 - (.m3u UNC Name) Buffer Overflow Exploit (Metasploit)

VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit
VUPlayer 2.44 - (.m3u UNC Name) Buffer Overflow Exploit

Windows Media Player 9/10 - (MID File) Denial of Service Exploit
Windows Media Player 9/10 - (.MID) Denial of Service Exploit

NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow Exploit
NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow Exploit (Metasploit)

Oreon <= 1.2.3 RC4 - (lang/index.php file) Remote Inclusion
Oreon <= 1.2.3 RC4 - (lang/index.php) Remote Inclusion

Magic CMS 4.2.747 - (mysave.php file) Remote File Include
Magic CMS 4.2.747 - (mysave.php) Remote File Include

WebLog (index.php file) Remote File Disclosure
WebLog (index.php) Remote File Disclosure

Pathos CMS 0.92-2 - (warn.php file) Remote File Inclusion
Pathos CMS 0.92-2 - (warn.php) Remote File Inclusion

Zomplog 3.8 - (force_download.php file) Remote File Disclosure
Zomplog 3.8 - (force_download.php) Remote File Disclosure

Winamp <= 5.3 - (WMV File) Remote Denial of Service Exploit
Winamp <= 5.3 - (.WMV) Remote Denial of Service Exploit

Opera 9.2 - (torrent File) Remote Denial of Service Exploit
Opera 9.2 - (.torrent) Remote Denial of Service Exploit

JulmaCMS 1.4 - (file.php file) Remote File Disclosure
JulmaCMS 1.4 - (file.php) Remote File Disclosure

PStruh-CZ 1.3/1.5 - (download.asp File) File Disclosure
PStruh-CZ 1.3/1.5 - (download.asp) File Disclosure
Virtual DJ 5.0 - (m3u File) Local Buffer OverFlow Exploit
OTSTurntables 1.00 - (m3u File) Local Buffer Overflow Exploit
Virtual DJ 5.0 - (.m3u) Local Buffer OverFlow Exploit
OTSTurntables 1.00 - (.m3u) Local Buffer Overflow Exploit

AtomixMP3 2.3 - (pls File) Local Buffer OverFlow Exploit
AtomixMP3 2.3 - (.pls) Local Buffer OverFlow Exploit

helplink 0.1.0 - (show.php file) Remote File Inclusion
helplink 0.1.0 - (show.php) Remote File Inclusion

jetAudio 7.x - (m3u File) Local SEH Overwrite Exploit
jetAudio 7.x - (m3u) Local SEH Overwrite Exploit

FireConfig 0.5 - (dl.php file) Remote File Disclosure
FireConfig 0.5 - (dl.php) Remote File Disclosure

Sony CONNECT Player 4.x - (m3u File) Local Stack Overflow Exploit
Sony CONNECT Player 4.x - (.m3u) Local Stack Overflow Exploit

phpCMS 1.2.2 - (parser.php file) Remote File Disclosure
phpCMS 1.2.2 - (parser.php) Remote File Disclosure

ChartDirector 4.1 - (viewsource.php file) File Disclosure
ChartDirector 4.1 - (viewsource.php) File Disclosure

IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (Perl)
IntelliTamper 2.07 - (.map) Local Arbitrary Code Execution Exploit (Perl)

Acoustica Mixcraft <= 4.2 Build 98 - (mx4 file) Local BoF Exploit
Acoustica Mixcraft <= 4.2 Build 98 - (mx4) Local BoF Exploit

Acoustica MP3 CD Burner 4.51 Build 147 - (asx file) Local BoF Exploit
Acoustica MP3 CD Burner 4.51 Build 147 - (.asx) Local BoF Exploit

Acoustica Beatcraft 1.02 Build 19 - (bcproj file) Local BoF Exploit
Acoustica Beatcraft 1.02 Build 19 - (.bcproj) Local BoF Exploit

Microsoft Windows Explorer - (.zip File) Denial of Service Exploit
Microsoft Windows Explorer - (.zip) Denial of Service Exploit

Kusaba <= 1.0.4 - Remote Code Execution Exploit
Kusaba <= 1.0.4 - Remote Code Execution Exploit (1)

Cain & Abel 4.9.23 - (rdp file) Buffer Overflow PoC
Cain & Abel 4.9.23 - (.rdp) Buffer Overflow PoC

Electronics Workbench (EWB File) Local Stack Overflow PoC
Electronics Workbench (.EWB) Local Stack Overflow PoC

Cain & Abel 4.9.23 - (rdp file) Buffer Overflow Exploit
Cain & Abel 4.9.23 - (.rdp) Buffer Overflow Exploit

autositephp 2.0.3 - (LFI/CSRF/edit file) Multiple Vulnerabilities
autositephp 2.0.3 - (LFI/CSRF/Edit file) Multiple Vulnerabilities

CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit
CoolPlayer 2.19 - (.Skin) Local Buffer Overflow Exploit

CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (Python)
CoolPlayer 2.19 - (.Skin) Local Buffer Overflow Exploit (Python)

SAWStudio 3.9i (prf File) Local Buffer Overflow PoC
SAWStudio 3.9i - (.prf) Local Buffer Overflow PoC

IntelliTamper 2.07/2.08 - (MAP File) Local SEH Overwrite Exploit
IntelliTamper 2.07/2.08 - (.MAP) Local SEH Overwrite Exploit

Hex Workshop 5.1.4 - (Color Mapping File) Local Buffer Overflow PoC
Hex Workshop 5.1.4 - Color Mapping File Local Buffer Overflow PoC

Destiny Media Player 1.61 - (lst File) Local Buffer Overflow PoC
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow PoC
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (2)
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (3)
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (2)
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (3)
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (4)
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (5)
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (4)
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (5)

VUPlayer <= 2.49 - (.PLS) Universal Buffer Overflow Exploit
VUPlayer 2.49 - (.pls) Universal Buffer Overflow Exploit

ExcelOCX ActiveX 3.2 - (Download File) Insecure Method Exploit
ExcelOCX ActiveX 3.2 - Download File Insecure Method Exploit
Zinf Audio Player 2.2.1 - (PLS File) Stack Overflow PoC
Zinf Audio Player 2.2.1 - (PLS File) Local Buffer Overflow Exploit (univ)
Zinf Audio Player 2.2.1 - (M3U FILE) Local Heap Overflow PoC
Zinf Audio Player 2.2.1 - (gqmpeg File) Buffer Overflow PoC
Zinf Audio Player 2.2.1 - (.pls) Stack Overflow PoC
Zinf Audio Player 2.2.1 - (.pls) Local Buffer Overflow Exploit (univ)
Zinf Audio Player 2.2.1 - (.M3U) Local Heap Overflow PoC
Zinf Audio Player 2.2.1 - (.gqmpeg) Buffer Overflow PoC

Thomson mp3PRO Player/Encoder (M3U File) Crash PoC
Thomson mp3PRO Player/Encoder - (.M3U) Crash PoC

Spider Player 2.3.9.5 - (asx File) off by one Crash Exploit
Spider Player 2.3.9.5 - (.asx) off by one Crash Exploit

Elecard AVC HD PLAYER (m3u/xpl file) Local Stack Overflow PoC
Elecard AVC HD PLAYER - (.m3u/.xpl) Local Stack Overflow PoC

Nokia N95-8 - (.JPG File) Remote Crash PoC
Nokia N95-8 - (.JPG) Remote Crash PoC

Media Commands (m3u File) Local SEH Overwrite Exploit
Media Commands (.m3u) Local SEH Overwrite Exploit

Media Commands (m3u File) Universal SEH Overwrite Exploit
Media Commands (.m3u) Universal SEH Overwrite Exploit

MediaCoder 0.6.2.4275 - (m3u File) Universal Stack Overflow Exploit
MediaCoder 0.6.2.4275 - (.m3u) Universal Stack Overflow Exploit

VUPlayer <= 2.49 - (.cue) Universal Buffer Overflow Exploit
VUPlayer 2.49 - (.cue) Universal Buffer Overflow Exploit

Gretech GOM Encoder 1.0.0.11 - (Subtitle File) Buffer Overflow PoC
Gretech GOM Encoder 1.0.0.11 - (.Subtitle) Buffer Overflow PoC
Abee Chm Maker 1.9.5 - (CMP File) Stack Overflow Exploit
PowerCHM 5.7 - (hhp File) Stack Overflow poC
Abee Chm Maker 1.9.5 - (.CMP) Stack Overflow Exploit
PowerCHM 5.7 - (.hhp) Stack Overflow poC

Apollo 37zz (M3u File) Local Heap Overflow PoC
Apollo 37zz - (.m3u) Local Heap Overflow PoC

mpegable Player 2.12 - (YUV File) Local Stack Overflow PoC
mpegable Player 2.12 - (.YUV) Local Stack Overflow PoC

Rama CMS <= 0.9.8 - (download.php file) File Disclosure
Rama CMS <= 0.9.8 - (download.php) File Disclosure

compface <= 1.5.2 - (XBM File) Local Buffer Overflow PoC
compface <= 1.5.2 - (.XBM) Local Buffer Overflow PoC

MP3-Nator 2.0 - (plf File) Universal Buffer Overflow Exploit (SEH)
MP3-Nator 2.0 - (.plf) Universal Buffer Overflow Exploit (SEH)

PatPlayer 3.9 - (M3U File) Local Heap Overflow PoC
PatPlayer 3.9 - (.M3U) Local Heap Overflow PoC

QuickDev 4 - (download.php file) File Disclosure
QuickDev 4 - (download.php) File Disclosure

FoxPlayer 1.1.0 - (m3u File) Local Buffer Overflow PoC
FoxPlayer 1.1.0 - (.m3u) Local Buffer Overflow PoC

Microsoft Windows 2003 - (EOT File) BSOD Crash Exploit
Microsoft Windows 2003 - (.EOT) BSOD Crash Exploit

VUPlayer <= 2.49 - (.m3u) Universal Buffer Overflow Exploit
VUPlayer 2.49 - (.m3u) Universal Buffer Overflow Exploit

Audio Lib Player (m3u File) Buffer Overflow Exploit (SEH)
Audio Lib Player (.m3u) Buffer Overflow Exploit (SEH)

MP3 Collector 2.3 - (m3u File) Local Crash PoC
MP3 Collector 2.3 - (.m3u) Local Crash PoC

BigAnt Server 2.50 SP1 - (ZIP File) Local Buffer Overflow PoC
BigAnt Server 2.50 SP1 - (.ZIP) Local Buffer Overflow PoC

BigAnt Server <= 2.50 SP6 - Local (ZIP File) Buffer Overflow PoC (2)
BigAnt Server <= 2.50 SP6 - (.ZIP) Local Buffer Overflow PoC (2)

XM Easy Personal FTP Server <= 5.8.0 DoS
XM Easy Personal FTP Server <= 5.8.0 DoS (Metasploit)

Symantec ConsoleUtilities ActiveX Buffer Overflow
Symantec ConsoleUtilities ActiveX Buffer Overflow (Metasploit)

Nagios3 statuswml.cgi Command Injection
Nagios3 statuswml.cgi Command Injection (Metasploit)

httpdx 1.4 - h_handlepeer BoF
httpdx 1.4 - h_handlepeer BoF (Metasploit)

Mambo 4.6.4 - Cache Lite Output Remote File Inclusion
Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit)
BASE <= 1.2.4 - base_qry_common.php Remote File Inclusion
AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection
Cacti 0.8.6-d graph_view.php Command Injection
AWStats 6.2-6.1 - configdir Command Injection
ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution
SpamAssassin spamd <= 3.1.3 - Command Injection
DistCC Daemon - Command Execution
ContentKeeper Web Appliance < 125.10 Command Execution
Solaris in.telnetd TTYPROMPT - Buffer Overflow
Solaris 10 / 11 Telnet - Remote Authentication Bypass
Solaris sadmind adm_build_path - Buffer Overflow
Solaris <= 8.0 - LPD Command Execution
BASE <= 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit)
AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit)
Cacti 0.8.6-d graph_view.php Command Injection (Metasploit)
AWStats 6.2-6.1 - configdir Command Injection (Metasploit)
ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution (Metasploit)
SpamAssassin spamd <= 3.1.3 - Command Injection (Metasploit)
DistCC Daemon - Command Execution (Metasploit)
ContentKeeper Web Appliance < 125.10 Command Execution (Metasploit)
Solaris in.telnetd TTYPROMPT - Buffer Overflow (Metasploit)
Solaris 10 / 11 Telnet - Remote Authentication Bypass (Metasploit)
Solaris sadmind adm_build_path - Buffer Overflow (Metasploit)
Solaris <= 8.0 - LPD Command Execution (Metasploit)
Solaris 8 dtspcd - Heap Overflow
Samba 2.2.0 < 2.2.8 - trans2open Overflow (OS X)
Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X)
Solaris 8 dtspcd - Heap Overflow (Metasploit)
Samba 2.2.0 < 2.2.8 - trans2open Overflow (OS X) (Metasploit)
Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X) (Metasploit)
mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X)
WebSTAR FTP Server <= 5.3.2 - USER Overflow (OS X)
Mail.App 10.5.0 - Image Attachment Command Execution (OS X)
Arkeia Backup Client <= 5.3.3 - Type 77 Overflow (OS X)
AppleFileServer 10.3.3 - LoginEXT PathName Overflow (OS X)
Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow
mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X) (Metasploit)
WebSTAR FTP Server <= 5.3.2 - USER Overflow (OS X) (Metasploit)
Mail.App 10.5.0 - Image Attachment Command Execution (OS X) (Metasploit)
Arkeia Backup Client <= 5.3.3 - Type 77 Overflow (OS X) (Metasploit)
AppleFileServer 10.3.3 - LoginEXT PathName Overflow (OS X) (Metasploit)
Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow (Metasploit)
Wyse Rapport Hagent Fake Hserver - Command Execution
Subversion 1.0.2 - Date Overflow
Samba 2.2.x - nttrans Overflow
RealServer 7-9 Describe Buffer Overflow
PHP < 4.5.0 - unserialize Overflow
ntpd 4.0.99j-k readvar - Buffer Overflow
Veritas NetBackup - Remote Command Execution
HP OpenView OmniBack II A.03.50 - Command Executino
Apple Quicktime for Java 7 - Memory Access
Opera 9.50 / 9.61 historysearch - Command Execution
Opera <= 9.10 Configuration Overwrite
Mozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution
Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution
Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit
Firefox 3.5 - escape Memory Corruption Exploit
Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow
Squid 2.5.x / 3.x - NTLM Buffer Overflow
Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow
MySQL <= 6.0 yaSSL <= 1.7.5 - Hello Message Buffer Overflow
Borland InterBase 2007 - PWD_db_aliased Buffer Overflow
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit)
Subversion 1.0.2 - Date Overflow (Metasploit)
Samba 2.2.x - nttrans Overflow (Metasploit)
RealServer 7-9 Describe Buffer Overflow (Metasploit)
PHP < 4.5.0 - unserialize Overflow (Metasploit)
ntpd 4.0.99j-k readvar - Buffer Overflow (Metasploit)
Veritas NetBackup - Remote Command Execution (Metasploit)
HP OpenView OmniBack II A.03.50 - Command Execution (Metasploit)
Apple Quicktime for Java 7 - Memory Access (Metasploit)
Opera 9.50 / 9.61 historysearch - Command Execution (Metasploit)
Opera <= 9.10 Configuration Overwrite (Metasploit)
Mozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution (Metasploit)
Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution (Metasploit)
Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit (Metasploit)
Firefox 3.5 - escape Memory Corruption Exploit (Metasploit)
Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow (Metasploit)
Squid 2.5.x / 3.x - NTLM Buffer Overflow (Metasploit)
Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit)
MySQL <= 6.0 yaSSL <= 1.7.5 - Hello Message Buffer Overflow (Metasploit)
Borland InterBase 2007 - PWD_db_aliased Buffer Overflow (Metasploit)

HP Release Control Authenticated XXE
HP Release Control Authenticated XXE (Metasploit)
Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow
Borland InterBase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow
Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow
Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow (Metasploit)
Borland InterBase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow (Metasploit)
Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow
Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow
University of Washington - imap LSUB Buffer Overflow
Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit
PeerCast <= 0.1216
Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow
Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit)
Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow (Metasploit)
University of Washington - imap LSUB Buffer Overflow (Metasploit)
Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit (Metasploit)
PeerCast <= 0.1216 (Metasploit)
Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow (Metasploit)
Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 - masterCGI Command Injection
Unreal Tournament 2004 - 'Secure' Overflow
Irix LPD tagprinter - Command Execution
HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution
Xtacacsd <= 4.1.2 - report Buffer Overflow
System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based)
Mercantec SoftCart 4.00b - CGI Overflow
Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 - masterCGI Command Injection (Metasploit)
Unreal Tournament 2004 - 'Secure' Overflow (Metasploit)
Irix LPD tagprinter - Command Execution (Metasploit)
HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution (Metasploit)
Xtacacsd <= 4.1.2 - report Buffer Overflow (Metasploit)
System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based) (Metasploit)
Mercantec SoftCart 4.00b - CGI Overflow (Metasploit)

Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution
Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution (Metasploit)
M3U To ASX-WPL 1.1 - (m3u Playlist file) Buffer Overflow Exploit
HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit
Audacity 1.2.6 - (gro File) Buffer Overflow Exploit
M3U To ASX-WPL 1.1 - (.m3u) Buffer Overflow Exploit
HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit
Audacity 1.2.6 - (.gro) Buffer Overflow Exploit

HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (Metasploit)
HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (Metasploit)

Millenium MP3 Studio 2.0 - (PLS File) Universal Stack Overflow (Metasploit)
Millenium MP3 Studio 2.0 - (.pls) Universal Stack Overflow (Metasploit)

Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (1)
Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (Metasploit) (1)

Audiotran 1.4.1 - (PLS File) Stack Overflow (Metasploit)
Audiotran 1.4.1 - (.pls) Stack Overflow (Metasploit)

OpenOffice - (.slk File) Parsing Null Pointer
OpenOffice - (.slk) Parsing Null Pointer

MediaCoder - (.lst file) Local Buffer Overflow Exploit
MediaCoder - (.lst) Local Buffer Overflow Exploit

VUPlayer <= 2.49 - (.m3u) Universal Buffer Overflow Exploit (DEP bypass)
VUPlayer 2.49 - (.m3u) Universal Buffer Overflow Exploit (DEP bypass)

ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS DEP and ASLR Bypass)
ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS DEP and ASLR Bypass) (Metasploit)

Mediacoder 0.7.3.4682 - (.m3u File) Universal Buffer Overflow Exploit
Mediacoder 0.7.3.4682 - (.m3u) Universal Buffer Overflow Exploit

Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass
Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit)

Novell iPrint Client ActiveX Control 'debug' Buffer Overflow Exploit
Novell iPrint Client ActiveX Control 'debug' Buffer Overflow Exploit (Metasploit)

VUPlayer - M3U Buffer Overflow
VUPlayer - (.m3u) Buffer Overflow (Metasploit)

Audiotran 1.4.1 - (PLS File) Stack Buffer Overflow
Audiotran 1.4.1 - (.pls) Stack Buffer Overflow

HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (1)
HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (1)

Millenium MP3 Studio 2.0 - (PLS File) Stack Buffer Overflow
Millenium MP3 Studio 2.0 - (.pls) Stack Buffer Overflow

VariCAD 2010-2.05 EN (DWB File) Stack Buffer Overflow
VariCAD 2010-2.05 EN - (.DWB) Stack Buffer Overflow

HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (2)
HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (2)

ProShow Gold 4.0.2549 - (PSH File) Stack Buffer Overflow
ProShow Gold 4.0.2549 - (.PSH) Stack Buffer Overflow

VUPlayer - CUE Buffer Overflow
VUPlayer - (.cue) Buffer Overflow (Metasploit)

AstonSoft DeepBurner (DBR File) Path Buffer Overflow
AstonSoft DeepBurner - (.DBR) Path Buffer Overflow

HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (3)
HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (3)

Zinf Audio Player 2.2.1 - (PLS File) Stack Buffer Overflow
Zinf Audio Player 2.2.1 - (.pls) Stack Buffer Overflow

MikeyZip 1.1 - (.zip File) Buffer Overflow
MikeyZip 1.1 - (.zip) Buffer Overflow

Windows - DNS Reverse Download and Exec Shellcode
Windows - DNS Reverse Download and Exec Shellcode (Metasploit)

Magix Musik Maker 16 - (.mmm) Stack Buffer Overflow (without egg-hunter)
Magix Musik Maker 16 - (.mmm) Stack Buffer Overflow (without egg-hunter) (Metasploit)

Black Ice Cover Page SDK insecure method DownloadImageFileURL() Exploit
Black Ice Cover Page SDK insecure method DownloadImageFileURL() Exploit (Metasploit)

If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (2)
If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit  (Metasploit) (2)

Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS (MS09-053)
Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS (MS09-053) (Metasploit)

MicroP 0.1.1.1600 - (MPPL File) Stack Buffer Overflow
MicroP 0.1.1.1600 - (.MPPL) Stack Buffer Overflow

Firefox 3.6.16 - OBJECT mChannel Remote Code Execution Exploit (DEP Bypass)
Firefox 3.6.16 - OBJECT mChannel Remote Code Execution Exploit (DEP Bypass) (Metasploit)
HP JetDirect PJL Interface Universal Path Traversal
HP JetDirect PJL Query Execution
HP JetDirect PJL Interface Universal Path Traversal (Metasploit)
HP JetDirect PJL Query Execution (Metasploit)

Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution
Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution (Metasploit)

LifeSize Room - Command Injection
LifeSize Room - Command Injection (Metasploit)

Opera 10/11 - (bad nesting with frameset tag) Memory Corruption
Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit)

Opera Browser 10/11/12 - (SVG layout) Memory Corruption (0Day)
Opera Browser 10/11/12 - (SVG layout) Memory Corruption (0Day) (Metasploit)

Cytel Studio 9.0 - (CY3 File) Stack Buffer Overflow
Cytel Studio 9.0 - (.CY3) Stack Buffer Overflow

NJStar Communicator 3.00 MiniSMTP Server Remote Exploit
NJStar Communicator 3.00 MiniSMTP Server Remote Exploit (Metasploit)

KnFTP 1.0 - Buffer Overflow Exploit (DEP Bypass)
KnFTP 1.0 - Buffer Overflow Exploit (DEP Bypass) (Metasploit)

AbsoluteFTP 1.9.6 < 2.2.10 - Remote Buffer Overflow (LIST)
AbsoluteFTP 1.9.6 < 2.2.10 - Remote Buffer Overflow (LIST) (Metasploit)

QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS (Metasploit)

Free MP3 CD Ripper 1.1 - (WAV File) Stack Buffer Overflow
Free MP3 CD Ripper 1.1 - (.WAV) Stack Buffer Overflow

CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit (.m3u)
CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit (.m3u) (Metasploit)
AVID Media Composer Phonetic Indexer Remote Stack BoF
Final Draft 8 - Multiple Stack Buffer Overflows
AVID Media Composer Phonetic Indexer Remote Stack BoF (Metasploit)
Final Draft 8 - Multiple Stack Buffer Overflows (Metasploit)

StoryBoard Quick 6 - Stack Buffer Overflow
StoryBoard Quick 6 - Stack Buffer Overflow (Metasploit)

phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection
phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection (Metasploit)

vBSEO <= 3.6.0 - 'proc_deutf()' Remote PHP Code Injection Exploit
vBSEO <= 3.6.0 - 'proc_deutf()' Remote PHP Code Injection Exploit (Metasploit)

The Uploader 2.0.4 - (Eng/Ita) Remote File Upload Remote Code Execution
The Uploader 2.0.4 - (Eng/Ita) Remote File Upload Remote Code Execution (Metasploit)

Liferay XSL - Command Execution
Liferay XSL - Command Execution (Metasploit)

CPE17 Autorun Killer <= 1.7.1 - Stack Buffer Overflow Exploit
CPE17 Autorun Killer <= 1.7.1 - Stack Buffer Overflow Exploit (Metasploit)

Wyse - Machine Remote Power off (DOS) without any privilege
Wyse - Machine Remote Power off (DOS) without any privilege (Metasploit)

TFM MMPlayer (m3u/ppl File) Buffer Overflow
TFM MMPlayer (.m3u/.ppl) Buffer Overflow

Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow
Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow (Metasploit)

WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal
WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal (Metasploit)

ALLMediaServer 0.8 SEH Overflow Exploit
ALLMediaServer 0.8 - SEH Overflow Exploit
Siemens Simatic S7-300/400 CPU START/STOP Module
Siemens Simatic S7-300 PLC Remote Memory Viewer
Siemens Simatic S7-1200 CPU START/STOP Module
Siemens Simatic S7-300/400 CPU START/STOP Module (Metasploit)
Siemens Simatic S7-300 PLC Remote Memory Viewer (Metasploit)
Siemens Simatic S7-1200 CPU START/STOP Module (Metasploit)

Sysax Multi Server 5.64 - Create Folder Buffer Overflow
Sysax Multi Server 5.64 - Create Folder Buffer Overflow (Metasploit)

Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit
Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit (Metasploit)

Jira Scriptrunner 2.0.7 - CSRF/RCE Exploit
Jira Scriptrunner 2.0.7 - CSRF/RCE Exploit (Metasploit)

NetWin SurgeFTP Authenticated Admin Command Injection
NetWin SurgeFTP Authenticated Admin Command Injection (Metasploit)

ActFax 5.01 - RAW Server Exploit
ActFax 5.01 - RAW Server Exploit (Metasploit)

Polycom HDX Telnet Authorization Bypass
Polycom HDX Telnet Authorization Bypass (Metasploit)

Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009)
Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009) (Metasploit)

Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution
Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit)

Mikrotik Syslog Server for Windows 1.15 - Denial of Service
Mikrotik Syslog Server for Windows 1.15 - Denial of Service (Metasploit)

SAP ConfigServlet OS Command Execution
SAP ConfigServlet OS Command Execution (Metasploit)

SAP ConfigServlet Remote Unauthenticated Payload Execution
SAP ConfigServlet Remote Unauthenticated Payload Execution (Metasploit)

Microsoft Internet Explorer textNode Use-After-Free
Microsoft Internet Explorer textNode Use-After-Free (Metasploit)

Java Web Start Double Quote Injection Remote Code Execution
Java Web Start Double Quote Injection Remote Code Execution (Metasploit)

OpenEMR 4.1.1 Patch 14 - SQLi Privilege Escalation Remote Code Execution
OpenEMR 4.1.1 Patch 14 - SQLi Privilege Escalation Remote Code Execution (Metasploit)

Zabbix 2.0.8 - SQL Injection / Remote Code Execution
Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit)

SikaBoom - Remote Buffer Overflow
SikaBoom - Remote Buffer Overflow (Metasploit)

Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass
Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass (Metasploit)

VUPlayer 2.49 - (.M3U) Universal Buffer Overflow (DEP Bypass)
VUPlayer 2.49 - (.m3u) Universal Buffer Overflow (DEP Bypass)

Netgear WNR1000v3 - Password Recovery Credential Disclosure
Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)

Easy CD-DA Recorder - (PLS File) Buffer Overflow
Easy CD-DA Recorder - (.pls) Buffer Overflow

Fitnesse Wiki - Remote Command Execution
Fitnesse Wiki - Remote Command Execution (Metasploit)

EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read
EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read (Metasploit)

AlienVault 4.5.0 - Authenticated SQL Injection
AlienVault 4.5.0 - Authenticated SQL Injection (Metasploit)

Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE
Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE (Metasploit)

F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation
F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation (Metasploit)

AlienVault OSSIM 4.6.1 - Authenticated SQL Injection
AlienVault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit)

Raritan PowerIQ 4.1.0 - SQL Injection
Raritan PowerIQ 4.1.0 - SQL Injection (Metasploit)

Mthree Development MP3 to WAV Decoder - (.mp3 File) Remote Buffer Overflow
Mthree Development MP3 to WAV Decoder - (.mp3) Remote Buffer Overflow

ManageEngine Password Manager MetadataServlet.dat SQL Injection
ManageEngine Password Manager MetadataServlet.dat SQL Injection (Metasploit)

Ammyy Admin 3.5 - RCE
Ammyy Admin 3.5 - RCE (Metasploit)

Microsoft Exchange IIS HTTP Internal IP Address Disclosure
Microsoft Exchange IIS HTTP Internal IP Address Disclosure (Metasploit)

ManageEngine OpManager / Social IT Arbitrary File Upload
ManageEngine OpManager / Social IT Arbitrary File Upload (Metasploit)

DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload
DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload (Metasploit)
Device42 WAN Emulator 2.3 - Traceroute Command Injection
Device42 WAN Emulator 2.3 - Ping Command Injection
Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit)
Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)

Microsoft Windows Media Player 11.0.5721.5145 - (.avi File) Buffer Overflow
Microsoft Windows Media Player 11.0.5721.5145 - (.avi) Buffer Overflow

Varnish Cache CLI Interface - Remote Code Execution
Varnish Cache CLI Interface - Remote Code Execution (Metasploit)

Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE
Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE (Metasploit)

OpenMyZip 0.1 - (.zip File) Buffer Overflow
OpenMyZip 0.1 - (.zip) Buffer Overflow

Persistent Systems Client Automation - Command Injection RCE
Persistent Systems Client Automation - Command Injection RCE (Metasploit)

Metasploit Project < 4.11.1 - Initial User Creation CSRF
Metasploit Project < 4.11.1 - Initial User Creation CSRF (Metasploit)

Exim GHOST (glibc gethostbyname) Buffer Overflow
Exim GHOST (glibc gethostbyname) Buffer Overflow (Metasploit)
QNAP - Admin Shell via Bash Environment Variable Code Injection
QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection
QNAP - Admin Shell via Bash Environment Variable Code Injection (Metasploit)
QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit)

WordPress Business Intelligence Plugin - SQL injection
WordPress Business Intelligence Plugin - SQL injection (Metasploit)

Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit
Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit (Metasploit)

PDF Shaper 3.5 - Buffer Overflow
PDF Shaper 3.5 - Buffer Overflow (Metasploit)

Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection
Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit)

Centreon <= 2.5.3 - Remote Command Execution
Centreon 2.5.3 - Remote Command Execution

Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure
Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure (Metasploit)

Meteocontrol WEB’log - Admin Password Disclosure
Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)

VUPlayer 2.49 - .m3u Buffer Overflow Exploit (Win 7 DEP Bypass)
VUPlayer 2.49 - (.m3u) Buffer Overflow Exploit (Win 7 DEP Bypass)
VMWare - Setuid vmware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010)
Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)
 2016-07-28 05:03:16 +00:00
Offensive Security
ec03ab428f DB: 2016-07-21 
10 new exploits

Microsoft Internet Explorer <= XP SP2 - HTML Help Control Local Zone Bypass
Microsoft Internet Explorer XP SP2 - HTML Help Control Local Zone Bypass

Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit
Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit

Simplog <= 0.9.3 - (tid) Remote SQL Injection Exploit
Simplog 0.9.3 - (tid) SQL Injection
Skulltag <= 0.96f - (Version String) Remote Format String PoC
OpenTTD <= 0.4.7 - Multiple Vulnerabilities/Denial of Service Exploit
Skulltag 0.96f - (Version String) Remote Format String PoC
OpenTTD 0.4.7 - Multiple Vulnerabilities

Apple Mac OS X Safari <= 2.0.3 (417.9.2) - Multiple Vulnerabilities (PoC)
Apple Mac OS X Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities

Apple Mac OS X Safari <= 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC
Apple Mac OS X Safari 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC
Aardvark Topsites PHP <= 4.2.2 - (path) Remote File Inclusion
phpMyAgenda <= 3.0 Final (rootagenda) Remote Include
Aardvark Topsites PHP <= 4.2.2 - (lostpw.php) Remote Include Exploit
Aardvark Topsites PHP 4.2.2 - (path) Remote File Inclusion
phpMyAgenda 3.0 Final - (rootagenda) Remote Include
Aardvark Topsites PHP 4.2.2 - (lostpw.php) Remote File Inclusion

X7 Chat <= 2.0 - (help_file) Remote Commands Execution Exploit
X7 Chat 2.0 - (help_file) Remote Command Execution

Auction <= 1.3m (phpbb_root_path) Remote File Include Exploit
Auction 1.3m - (phpbb_root_path) Remote File Inclusion
acFTP FTP Server <= 1.4 - (USER) Remote Buffer Overflow PoC
Quake 3 Engine 1.32b R_RemapShader() Remote Client BoF Exploit
acFTP FTP Server 1.4 - (USER) Remote Buffer Overflow PoC
Quake 3 Engine 1.32b - R_RemapShader() Remote Client BoF Exploit

AWStats <= 6.5 - (migrate) Remote Shell Command Injection Exploit
AWStats 6.5 - (migrate) Remote Shell Command Injection

acFTP FTP Server <= 1.4 - (USER) Remote Denial of Service Exploit
acFTP FTP Server 1.4 - (USER) Remote Denial of Service
PHP-Fusion <= 6.00.306 - Multiple Vulnerabilities
Jetbox CMS <= 2.1 - (relative_script_path) Remote File Inclusion Exploit
ACal <= 2.2.6 - (day.php) Remote File Inclusion
EQdkp <= 1.3.0 - (dbal.php) Remote File Inclusion
PHP-Fusion 6.00.306 - Multiple Vulnerabilities
Jetbox CMS 2.1 - (relative_script_path) Remote File Inclusion
ACal 2.2.6 - (day.php) Remote File Inclusion
EQdkp 1.3.0 - (dbal.php) Remote File Inclusion

Microsoft Internet Explorer <= 6.0.2900 SP2 - (CSS Attribute) Denial of Service
Microsoft Internet Explorer 6.0.2900 SP2 - (CSS Attribute) Denial of Service

Unclassified NewsBoard <= 1.6.1 patch 1 - Arbitrary Local Inclusion Exploit
Unclassified NewsBoard 1.6.1 patch 1 - Local File Inclusion
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (1)
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (2)
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (3)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (1)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (2)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (3)

Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (4)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (4)

Linux Kernel <= 2.6.17.4 - (proc) Local Root Exploit
Linux Kernel <= 2.6.17.4 - 'proc' Local Root Exploit

Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Exploit
Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit

\o - Local File Inclusion (1st)
Keller Web Admin CMS 0.94 Pro - Local File Inclusion (1)

PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
PulseAudio setuid (Ubuntu 9.04 / Slackware 12.2.0) - Local Privilege Escalation

Linux Kernel < 2.6.36-rc6 (Redhat/Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept
Linux Kernel < 2.6.36-rc6 (Redhat / Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept

Linux Kernel <= 2.2.18 (RH 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1)
Linux Kernel <= 2.2.18 (RH 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1)
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)
Django CMS 3.3.0 - (Editor Snippet) Persistent XSS
Drupal RESTWS Module 7.x - Remote PHP Code Execution (Metasploit)
Linux/x86 - execve /bin/sh Shellcode (19 bytes)
Wowza Streaming Engine 4.5.0 - Local Privilege Escalation
Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation
Wowza Streaming Engine 4.5.0 - Add Advanced Admin CSRF
Wowza Streaming Engine 4.5.0 - Multiple XSS
OpenSSHD <= 7.2p2 - Username Enumeration
WordPress Video Player Plugin 1.5.16 - SQL Injection
 2016-07-21 05:06:28 +00:00
Offensive Security
8fea20e59f DB: 2016-05-17 
12 new exploits

Microsoft Windows WebDAV - (ntdll.dll) Remote Exploit
Microsoft Windows WebDAV - Remote PoC Exploit
Microsoft Windows IIS WebDAV - 'ntdll.dll' Remote Exploit
Microsoft Windows IIS 5.0 WebDAV - Remote PoC Exploit

Microsoft Windows WebDav II - Remote Root Exploit (2)
Microsoft Windows WebDAV - Remote Root Exploit (2)

Microsoft Windows WebDav III - Remote Root Exploit (xwdav)
Microsoft Windows WebDAV IIS 5.0 - Remote Root Exploit (3) (xwdav)

Dream FTP 1.2 - Remote Format String Exploit
BolinTech Dream FTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String Exploit

Apache Tomcat (webdav) - Remote File Disclosure Exploit
Apache Tomcat (WebDAV) - Remote File Disclosure Exploit

Apache Tomcat (webdav) - Remote File Disclosure Exploit (ssl support)
Apache Tomcat (WebDAV) - Remote File Disclosure Exploit (SSL)

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch)
Microsoft IIS 6.0 WebDAV - Remote Authentication Bypass Exploit (Patch)

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (PHP)
Microsoft IIS 6.0 WebDAV - Remote Authentication Bypass Exploit (PHP)

Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC
Windows 7 IIS 7.5 - FTPSVC UNAUTH'D Remote DoS PoC

Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
Microsoft Windows IIS 5.0 WebDAV - ntdll.dll Path Overflow

Liferay 6.0.x Webdav File Reading Vulnerability
Liferay 6.0.x WebDAV - File Reading Vulnerability

Microsoft iis 6.0 and 7.5 - Multiple Vulnerabilities
Microsoft IIS 6.0 and 7.5 (+ PHP) - Multiple Vulnerabilities
Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1)
Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2)
Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3)
Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4)
Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow Vulnerability (1)
Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow Vulnerability (2)
Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow Vulnerability (3)
Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow Vulnerability (4)

BolinTech Dream FTP Server 1.0 User Name Format String Vulnerability (2)

Sun Solaris 8/9 - Unspecified Passwd Local Root Compromise Vulnerability

Invision Power Board 2.1.x IPSClass.PHP SQL Injection Vulnerability (1)

Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
Apache HTTP Server (<= 1.3.35 / <= 2.0.58 / <= 2.2.2) - Arbitrary HTTP Request Headers Security Weakness

Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
Apache HTTP Server <= 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting Weakness

MediaWiki 1.22.1 PdfHandler - Remote Code Execution Exploit

Apache Struts 2.x XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
Apache Struts 2.0.0 <= 2.2.1.1 -  XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability

EasyCafe Server <= 2.2.14 Remote File Read
EasyCafe Server <= 2.2.14 - Remote File Read
x86_64 Linux bind TCP port shellcode
TCP Bindshell with Password Prompt - 162 bytes
x86_64 Linux bind TCP port shellcode
TCP Bindshell with Password Prompt - 162 bytes

Microsoft Windows 7-10 & Server 2008-2012 - Local Privilege Escalation (x32/x64) (MS16-032) (C#)
CakePHP Framework 3.2.4 - IP Spoofing
Multiples Nexon Games - Unquoted Path Privilege Escalation
eXtplorer 2.1.9 - Archive Path Traversal
Web interface for DNSmasq / Mikrotik - SQL Injection
Microsoft Excel 2010 - Crash PoC
Hex : Shard of Fate 1.0.1.026 - Unquoted Path Privilege Escalation
Web2py 2.14.5 - Multiple Vulnerabilities
 2016-05-17 05:03:19 +00:00
Offensive Security
86d0c5fe16 DB: 2016-01-09 
10 new exploits
 2016-01-09 05:02:44 +00:00
Offensive Security
95a1b072fe DB: 2015-11-18 
7 new exploits
 2015-11-18 05:02:21 +00:00
Offensive Security
0f12501e2c DB: 2015-10-08 
6 new exploits
 2015-10-08 05:02:23 +00:00
Offensive Security
30734a6700 DB: 2015-08-19 
16 new exploits
 2015-08-19 05:01:48 +00:00