Offensive Security
2170122160
DB: 2017-06-14
...
7 new exploits
MyServer 0.7.1 - (POST) Denial of Service
MyServer 0.7.1 - 'POST' Denial of Service
Foxmail 2.0 - (MAIL FROM:) Denial of Service
Foxmail 2.0 - 'MAIL FROM:' Denial of Service
Nokia Symbian 60 - (BlueTooth Nickname) Remote Restart (2)
Nokia Symbian 60 - 'BlueTooth Nickname' Remote Restart (2)
Ethereal 0.10.10 / tcpdump 3.9.1 - (rsvp_print) Infinite Loop Denial of Service
Tcpdump 3.8.x - (ldp_print) Infinite Loop Denial of Service
Tcpdump 3.8.x - (rt_routing_info) Infinite Loop Denial of Service
Tcpdump 3.8.x/3.9.1 - (isis_print) Infinite Loop Denial of Service
Ethereal 0.10.10 / tcpdump 3.9.1 - 'rsvp_print' Infinite Loop Denial of Service
Tcpdump 3.8.x - 'ldp_print' Infinite Loop Denial of Service
Tcpdump 3.8.x - 'rt_routing_info' Infinite Loop Denial of Service
Tcpdump 3.8.x/3.9.1 - 'isis_print' Infinite Loop Denial of Service
Ethereal 0.10.10 - (dissect_ipc_state) Remote Denial of Service
Ethereal 0.10.10 - 'dissect_ipc_state' Remote Denial of Service
phpBB 2.0.15 - Register Multiple Users Denial of Service (Perl)
phpBB 2.0.15 - Register Multiple Users Denial of Service (C)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)
Stream / Raped (Windows) - Denial of Service Attack
Stream / Raped (Windows) - Denial of Service
Ipswitch WS_FTP Server 5.03 - (RNFR) Buffer Overflow
Mercury/32 Mail Server 4.01a - (check) Buffer Overflow
Golden FTP Server Pro 2.52 - (USER) Remote Buffer Overflow
Ipswitch WS_FTP Server 5.03 - 'RNFR' Buffer Overflow
Mercury/32 Mail Server 4.01a - 'check' Buffer Overflow
Golden FTP Server Pro 2.52 - 'USER' Remote Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (SMTP) Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (FTP) Buffer Overflow
GTChat 0.95 Alpha - (adduser) Remote Denial of Service
Inframail Advantage Server Edition 6.0 < 6.37 - 'SMTP' Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - 'FTP' Buffer Overflow
GTChat 0.95 Alpha - 'adduser' Remote Denial of Service
P2P Pro 1.0 - (command) Denial of Service
P2P Pro 1.0 - 'command' Denial of Service
Mozilla Products - (Host:) Buffer Overflow Denial of Service String
Mozilla Products - 'Host:' Buffer Overflow Denial of Service String
Fastream NETFile Web Server 7.1.2 - (HEAD) Denial of Service
Fastream NETFile Web Server 7.1.2 - 'HEAD' Denial of Service
RBExplorer 1.0 - (Hijacking Command) Denial of Service
RBExplorer 1.0 - Hijacking Command Denial of Service
Freeciv 2.0.7 - (Jumbo Malloc) Denial of Service Crash
Freeciv 2.0.7 - (Jumbo Malloc) Crash (Denial of Service)
XChat 2.6.7 - (Windows) Remote Denial of Service (PHP)
XChat 2.6.7 - (Windows) Remote Denial of Service (Perl)
XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)
XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)
Nokia Symbian 60 3rd Edition - Browser Denial of Service Crash
Nokia Symbian 60 3rd Edition - Browser Crash (Denial of Service)
Macromedia Flash 9 - (IE Plugin) Remote Denial of Service Crash
Macromedia Flash 9 - (IE Plugin) Remote Crash (Denial of Service)
AIDeX Mini-WebServer 1.1 - Remote Denial of Service Crash
AIDeX Mini-WebServer 1.1 - Remote Crash (Denial of Service)
Microsoft Windows - NtRaiseHardError 'Csrss.exe/winsrv.dll' Double-Free
Microsoft Windows - 'Csrss.exe/winsrv.dll' NtRaiseHardError Double-Free
Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Denial of Service Hang / Crash
Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Hang / Crash (Denial of Service)
Half-Life CSTRIKE Server 1.6 - Denial of Service (no-steam)
Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service
AyeView 2.20 - (malformed gif image) Local Crash
AyeView 2.20 - Malformed .GIF Image Local Crash
Microsoft Windows - '.chm' Denial of Service (HTML compiled)
Microsoft Windows - '.chm' Denial of Service (HTML Compiled)
Winamp 5.541 - '.mp3'/'.aiff' Multiple Denial of Services
Winamp 5.541 - '.mp3'/'.aiff' File Multiple Denial of Service Vulnerabilities
Multiple HTTP Server - Low Bandwidth Denial of Service (slowloris.pl)
Multiple HTTP Server - 'slowloris.pl' Low Bandwidth Denial of Service
Google Picasa 3.5 - Local Denial of Service Buffer Overflow
Google Picasa 3.5 - Local Buffer Overflow (Denial of Service)
3Com OfficeConnect Routers - (Content-Type) Denial of Service
3Com OfficeConnect Routers - 'Content-Type' Denial of Service
VSO Medoa Player 1.0.2.2 - Local Denial of Services (PoC)
VSO Medoa Player 1.0.2.2 - Local Denial of Service (PoC)
QtWeb 3.0 - Remote Denial of Service/Crash
QtWeb 3.0 - Remote Crash (Denial of Service)
NovaPlayer 1.0 - '.mp3' Local Denial of Service (2)
NovaPlayer 1.0 - '.mp3' File Local Denial of Service (2)
Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' Denial of Service/Crash
Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' File Crash (Denial of Service)
eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash SEH (PoC)
eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash (SEH) (PoC)
Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Denial of Service (Crash)
Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Crash (Denial of Service)
Optimal Archive 1.38 - '.zip' SEH (PoC)
Optimal Archive 1.38 - '.zip' File (SEH) (PoC)
MovieLibrary 1.4.401 - Local Denial of Service (.dmv)
Book Library 1.4.162 - Local Denial of Service (.bkd)
MovieLibrary 1.4.401 - '.dmv' Local Denial of Service
Book Library 1.4.162 - '.bkd' Local Denial of Service
Huawei EchoLife HG520c - Denial of Service / Modem Reset
Huawei EchoLife HG520c - Modem Reset (Denial of Service)
CommView 6.1 (Build 636) - Local Denial of Service (Blue Screen of Death)
CommView 6.1 (Build 636) - Local Blue Screen of Death (Denial of Service)
QtWeb 3.3 - Remote Denial of Service/Crash
QtWeb 3.3 - Remote Crash (Denial of Service)
Subtitle Translation Wizard 3.0.0 - SEH (PoC)
Subtitle Translation Wizard 3.0.0 - (SEH) (PoC)
Opera - Denial of Service by canvas Element
Opera - Canvas Element (Denial of Service)
Microsoft IIS 6.0 - ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065)
Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065)
HP Data Protector Manager 6.11 - Remote Denial of Service in RDS Service
HP Data Protector Manager 6.11 - RDS Service Remote Denial of Service
FreeBSD 8.0 - Local Denial of Service (Forced Reboot)
FreeBSD 8.0 - Local Forced Reboot (Denial of Service)
Hanso Player 1.4.0.0 - Buffer Overflow Denial of Service Skinfile
Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service)
CiscoKits 1.0 - TFTP Server Denial of Service (Write command)
CiscoKits 1.0 - TFTP Server 'Write Command' Denial of Service
Apache - Remote Denial of Service (Memory Exhaustion)
Apache - Remote Memory Exhaustion (Denial of Service)
TOWeb 3.0 - Local Format String Denial of Service (TOWeb.MO file Corruption)
TOWeb 3.0 - Local Format String Denial of Service 'TOWeb.MO' File Corruption
BlueZone Desktop Multiple - Malformed files Local Denial of Service Vulnerabilities
BlueZone Desktop Multiple - Malformed Files Local Denial of Service Vulnerabilities
NJStar Communicator MiniSmtp - Buffer Overflow [ASLR Bypass]
NJStar Communicator MiniSmtp - Buffer Overflow (ASLR Bypass)
Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit)
Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit)
Qutecom SoftPhone 2.2.1 - Heap Overflow Denial of Service/Crash (PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Network Associates Gauntlet Firewall 5.0 - Denial of Service Attack
Network Associates Gauntlet Firewall 5.0 - Denial of Service
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (1)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (2)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (1)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (2)
Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service Attack
Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service
Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service Attack
Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service
(Linux Kernel) ReiserFS 3.5.28 - Denial of Service (Possible Code Execution)
(Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service
Winlog Lite SCADA HMI system - SEH 0verwrite
Winlog Lite SCADA HMI system - (SEH) Overwrite
FL Studio 10 Producer Edition - SEH Based Buffer Overflow (PoC)
FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC)
OptiSoft Blubster 2.5 - Remote Denial of Service Attack
OptiSoft Blubster 2.5 - Remote Denial of Service
ChatZilla 0.8.23 - Remote Denial of Service Attack
ChatZilla 0.8.23 - Remote Denial of Service
ACDSee 9.0 Photo Manager - Multiple BMP Denial of Service Vulnerabilities
ACDSee 9.0 Photo Manager - Multiple '.BMP' Denial of Service Vulnerabilities
Motorola SBG6580 Cable Modem & Wireless Router - Denial of Service Reboot
Motorola SBG6580 Cable Modem & Wireless Router - Reboot (Denial of Service)
Unreal Tournament 3 - Denial of Service / Memory Corruption
Unreal Tournament 3 - Memory Corruption (Denial of Service)
Gold MP4 Player 3.3 - Universal SEH Exploit (Metasploit)
Gold MP4 Player 3.3 - Universal Exploit (SEH) (Metasploit)
Jzip - SEH Unicode Buffer Overflow (Denial of Service)
Jzip - Buffer Overflow (SEH Unicode) (Denial of Service)
Symantec Endpoint Protection Manager 12.1.x - SEH Overflow (PoC)
Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC)
Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Issue
Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities
NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary memory read
NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary Memory Read
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow/Denial of Service EIP Overwrite
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite
JourneyMap 5.0.0RC2 Ultimate Edition - Denial of Service (Resource Consumption)
JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption (Denial of Service)
Mediacoder 0.8.33 build 5680 - Buffer Overflow (SEH) Denial of Service (.lst)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service
i.FTP 2.21 - SEH Overflow Crash (PoC)
i.FTP 2.21 - (SEH) Overflow Crash (PoC)
Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' Denial of service (Crush Application)
Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service)
Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash (PoC)
Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC)
Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service/Elevation of Privilege (MS15-111)
Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service / Privilege Escalation (MS15-111)
Sam Spade 1.14 - S-Lang Command Field SEH Overflow
Sam Spade 1.14 - S-Lang Command Field Overflow (SEH)
SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field SEH Overflow
SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field Overflow (SEH)
Network Scanner 4.0.0.0 - SEH Crash (PoC)
Network Scanner 4.0.0.0 - (SEH)Crash (PoC)
Zortam Mp3 Media Studio 20.15 - SEH Overflow Denial of Service
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service
i.FTP 2.21 - Host Address / URL Field SEH Exploit
i.FTP 2.21 - Host Address / URL Field (SEH)
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking
Microsoft Windows Server 2000 - Utility Manager Privilege Elevation Exploit (MS04-019)
Microsoft Windows Server 2000 - Utility Manager Privilege Escalation (MS04-019)
Microsoft Windows - 'keybd_event' Local Privilege Elevation Exploit
Microsoft Windows - 'keybd_event' Local Privilege Escalation
Microsoft Vista - (NtRaiseHardError) Privilege Escalation
Microsoft Vista - 'NtRaiseHardError' Privilege Escalation
Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation
Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Escalation
eTrust AntiVirus Agent r8 - Local Privilege Elevation Exploit
eTrust AntiVirus Agent r8 - Local Privilege Escalation
WinPcap 4.0 - 'NPF.SYS' Privilege Elevation (PoC)
WinPcap 4.0 - 'NPF.SYS' Privilege Escalation (PoC)
IntelliTamper (2.07/2.08) - Language Catalog SEH Overflow
IntelliTamper (2.07/2.08) - Language Catalog Overflow (SEH)
WINMOD 1.4 - '.lst' Local Stack Overflow XP SP3 (RET + SEH) (3)
WINMOD 1.4 - '.lst' File Local Stack Overflow XP SP3 (RET + SEH) (3)
CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH)
DJ Studio Pro 5.1.6.5.2 - SEH Exploit
DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit
Winamp 5.572 - SEH Exploit
Winamp 5.572 - (SEH) Exploit
Orbital Viewer 1.04 - '.orb' Local Universal SEH Overflow
Orbital Viewer 1.04 - '.orb' File Local Universal Overflow (SEH)
ZipScan 2.2c - SEH Exploit
ZipScan 2.2c - (SEH) Exploit
ZipCentral - '.zip' SEH Exploit
eZip Wizard 3.0 - '.zip' SEH Exploit
ZipCentral - '.zip' File (SEH)
eZip Wizard 3.0 - '.zip' File (SEH)
PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass)
PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow (NX + ASLR Bypass)
Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit)
Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit)
ZipWrangler 1.20 - '.zip' SEH Exploit
ZipWrangler 1.20 - '.zip' File (SEH)
Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' SEH Exploit
Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' File (SEH)
Mediacoder 0.7.3.4672 - SEH Exploit
Mediacoder 0.7.3.4672 - (SEH) Exploit
VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (1)
VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (1)
Castripper 2.50.70 - '.pls' Stack Buffer Overflow DEP Bypass
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass
BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass)
Winamp 5.572 - Local Buffer Overflow (EIP & SEH DEP Bypass)
BlazeDVD 5.1 - '.plf' File Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass)
Winamp 5.572 - Local Buffer Overflow (EIP + SEH DEP Bypass)
BlazeDVD 6.0 - '.plf' SEH Universal Buffer Overflow
BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow
RM Downloader 3.1.3 - Local SEH Exploit (Windows 7 ASLR + DEP Bypass)
RM Downloader 3.1.3 (Windows 7) - Local ASLR + DEP Bypass (SEH)
ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS ASLR + DEP Bypass) (Metasploit)
ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit)
A-PDF WAV to MP3 1.0.0 - Universal Local SEH Exploit
A-PDF WAV to MP3 1.0.0 - Universal Local (SEH)
Acoustica MP3 Audio Mixer 2.471 - Extended M3U directives SEH Exploit
Acoustica MP3 Audio Mixer 2.471 - Extended .M3U Directives (SEH)
MP3 Workstation 9.2.1.1.2 - SEH Exploit
MP3 Workstation 9.2.1.1.2 - (SEH) Exploit
DJ Studio Pro 8.1.3.2.1 - SEH Exploit
A-PDF All to MP3 Converter 1.1.0 - Universal Local SEH Exploit
DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit
A-PDF All to MP3 Converter 1.1.0 - Universal Local (SEH)
MP3 Workstation 9.2.1.1.2 - SEH Exploit (Metasploit)
MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit)
iworkstation 9.3.2.1.4 - SEH Exploit
iworkstation 9.3.2.1.4 - (SEH) Exploit
Quick Player 1.3 - Unicode SEH Exploit
AudioTran 1.4.2.4 - SafeSEH + SEHOP Exploit
Quick Player 1.3 - Unicode (SEH)
AudioTran 1.4.2.4 - (SafeSEH + SEHOP) Exploit
Microsoft Windows Vista/7 - Elevation of Privileges (UAC Bypass)
Microsoft Windows Vista/7 - Privilege Escalation (UAC Bypass)
Nokia MultiMedia Player 1.0 - SEH Unicode Exploit
Nokia MultiMedia Player 1.0 - (SEH Unicode)
WM Downloader 3.1.2.2 2010.04.15 - '.m3u' Buffer Overflow (DEP Bypass)
WM Downloader 3.1.2.2 2010.04.15 - '.m3u' File Buffer Overflow (DEP Bypass)
Adobe PDF - Escape EXE Social Engineering (No JavaScript)(Metasploit)
Adobe PDF - Escape EXE Social Engineering (No JavaScript) (Metasploit)
POP Peeper 3.7 - SEH Exploit
POP Peeper 3.7 - (SEH) Exploit
MPlayer Lite r33064 - '.m3u' SEH Overflow
MPlayer Lite r33064 - '.m3u' Overflow (SEH)
Wireshark 1.4.1 < 1.4.4 - SEH Overflow
Wireshark 1.4.1 < 1.4.4 - Overflow (SEH)
Subtitle Processor 7.7.1 - SEH Unicode Buffer Overflow
Subtitle Processor 7.7.1 - Buffer Overflow (SEH Unicode)
Subtitle Processor 7.7.1 - '.m3u' SEH Unicode Buffer Overflow (Metasploit)
Subtitle Processor 7.7.1 - '.m3u' File Buffer Overflow (SEH Unicode) (Metasploit)
The KMPlayer 3.0.0.1440 - '.mp3' Buffer Overflow (Windows XP SP3 DEP Bypass)
The KMPlayer 3.0.0.1440 - '.mp3' File Buffer Overflow (Windows XP SP3 DEP Bypass)
MPlayer Lite r33064 - m3u Buffer Overflow (DEP Bypass)
MPlayer Lite r33064 - '.m3u' Buffer Overflow (DEP Bypass)
DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass Exploit
DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass
MY MP3 Player 3.0 - '.m3u' Exploit DEP Bypass
MY MP3 Player 3.0 - '.m3u' DEP Bypass
TORCS 1.3.2 - xml Buffer Overflow /SAFESEH evasion
TORCS 1.3.2 - '.xml' File Buffer Overflow /SafeSEH Evasion
DJ Studio Pro 5.1.6.5.2 - SEH Exploit (Metasploit)
DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit)
BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass
BlazeVideo HDTV Player 6.6 Professional - (SEH + ASLR + DEP Bypass)
Corel Linux OS 1.0 - Denial of Serviceemu Distribution Configuration
Corel Linux OS 1.0 - Dosemu Distribution Configuration
MyMp3 Player Stack - '.m3u' DEP Bypass
MyMp3 Player Stack - '.m3u' File DEP Bypass
CoolPlayer+ Portable 2.19.2 - Buffer Overflow ASLR Bypass (Large Shellcode)
CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (Large Shellcode)
Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Elevation
Microsoft IIS 5.0 - In-Process Table Privilege Elevation
Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation
Microsoft IIS 5.0 - In-Process Table Privilege Escalation
Taylor UUCP 1.0.6 - Argument Handling Privilege Elevation
Taylor UUCP 1.0.6 - Argument Handling Privilege Escalation
Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation
Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Escalation
Huawei Technologies Internet Mobile - Unicode SEH Exploit
Huawei Technologies Internet Mobile - Unicode (SEH)
MySQL (Linux) - Database Privilege Elevation Exploit
MySQL (Linux) - Database Privilege Escalation
Man Utility 2.3.19 - Local Compression Program Privilege Elevation
Man Utility 2.3.19 - Local Compression Program Privilege Escalation
BlazeDVD 6.1 - PLF Exploit DEP/ASLR Bypass (Metasploit)
BlazeDVD 6.1 - PLF Exploit (DEP + ASLR Bypass) (Metasploit)
BOINC Manager (Seti@home) 7.0.64 - Field SEH based Buffer Overflow
BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH)
Static HTTP Server 1.0 - SEH Overflow
Static HTTP Server 1.0 - (SEH) Overflow
ALLPlayer 5.6.2 - '.m3u' Local Buffer Overflow (SEH/Unicode)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH)
VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (2)
VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (2)
Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) ASLR + DEP Bypass
Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass)
OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege
OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation
Nidesoft MP3 Converter 2.6.18 - SEH Local Buffer Overflow
Nidesoft MP3 Converter 2.6.18 - Local Buffer Overflow (SEH)
Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege
Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Elevation of Privilege
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation
Quick Search 1.1.0.189 - 'search textbox' Unicode SEH Egghunter Buffer Overflow
Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow
Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass)
Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter)
Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH) (Windows 7 DEP Bypass)
Microsoft HTML Help Compiler 4.74.8702.0 - SEH Based Overflow
Microsoft HTML Help Compiler 4.74.8702.0 - Overflow (SEH)
MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' SEH Based Buffer Overflow (ASLR & SAFESEH Bypass)
MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)
Mozilla - Maintenance Service Log File Overwrite Elevation of Privilege
Mozilla - Maintenance Service Log File Overwrite Privilege Escalation
Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow
Logitech Webcam Software 1.1 - 'eReg.exe' Buffer Overflow (SEH Unicode)
Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow
Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH)
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP_ Denial of Service 7/8.1/10)
KiTTY Portable 0.65.0.2p - Local kitty.ini Overflow (Wow64 Egghunter Windows 7)
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP / Denial of Service 7/8.1/10)
KiTTY Portable 0.65.0.2p (Windows 7) - Local kitty.ini Overflow (Wow64 Egghunter)
Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Elevation Exploit
Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Escalation
Internet Download Manager 6.25 Build 14 - 'Find file' Unicode SEH Exploit
Internet Download Manager 6.25 Build 14 - 'Find file' Unicode (SEH)
Cogent Datahub 7.3.9 Gamma Script - Elevation of Privilege
Cogent Datahub 7.3.9 Gamma Script - Privilege Escalation
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal ASLR + DEP Bypass)
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File Exploit (Universal ASLR + DEP Bypass)
Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (Metasploit)
Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH) (Metasploit)
Mediacoder 0.8.43.5852 - '.m3u' SEH Exploit
CoolPlayer+ Portable 2.19.6 - '.m3u' Stack Overflow (Egghunter + ASLR Bypass)
Mediacoder 0.8.43.5852 - '.m3u' (SEH)
CoolPlayer+ Portable 2.19.6 - '.m3u' File Stack Overflow (Egghunter + ASLR Bypass)
VUPlayer 2.49 - '.pls' Stack Buffer Overflow (DEP Bypass)
VUPlayer 2.49 - '.pls' File Stack Buffer Overflow (DEP Bypass)
Netgear Genie 2.4.32 - Unquoted Service Path Elevation of Privilege
Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation
Network Scanner 4.0.0 - SEH Local Buffer Overflow
Network Scanner 4.0.0 - Local Buffer Overflow (SEH)
Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow
Microsoft Windows - '.ani' GDI Remote Elevation of Privilege Exploit (MS07-017)
Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017)
Move Networks Quantum Streaming Player - SEH Overflow
Move Networks Quantum Streaming Player - Overflow (SEH)
Quick TFTP Server Pro 2.1 - Remote SEH Overflow
Quick TFTP Server Pro 2.1 - Remote Overflow (SEH)
Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit
Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation
FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow
FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH Stack Overflow
PowerTCP FTP module - Multiple Technique Exploit (SEH/HeapSpray)
PowerTCP FTP module - Multiple Technique Exploit (SEH HeapSpray)
BigAnt Server 2.52 - SEH Exploit
BigAnt Server 2.52 - (SEH) Exploit
File Sharing Wizard 1.5.0 - SEH Exploit
File Sharing Wizard 1.5.0 - (SEH) Exploit
Kolibri 2.0 - Buffer Overflow RET + SEH Exploit (HEAD)
Kolibri 2.0 - (HEAD) Buffer Overflow RET + (SEH)
Easy File Sharing HTTP Server 7.2 - SEH Overflow (Metasploit)
Easy File Sharing HTTP Server 7.2 - Overflow (SEH) (Metasploit)
WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter)
WorldMail IMAPd 3.0 - Overflow (SEH) (Egg Hunter)
Sysax Multi Server 5.53 - SFTP Authenticated SEH Exploit
Sysax Multi Server 5.53 - SFTP Authenticated (SEH)
Simple Web Server 2.2-rc2 - ASLR Bypass Exploit
Simple Web Server 2.2-rc2 - ASLR Bypass
Microsoft SQL 2000/7.0 - Agent Jobs Privilege Elevation
Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation
BigAnt Server 2.52 SP5 - SEH Stack Overflow ROP-based Exploit (ASLR + DEP Bypass)
BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass)
Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution
Intrasrv Simple Web Server 1.0 - Remote Code Execution (SEH)
Apache suEXEC - Privilege Elevation / Information Disclosure
Apache suEXEC - Information Disclosure / Privilege Escalation
Easy Internet Sharing Proxy Server 2.2 - SEH Overflow (Metasploit)
Easy Internet Sharing Proxy Server 2.2 - Overflow (SEH) (Metasploit)
Kolibri Web Server 2.0 - GET Request SEH Exploit
Kolibri Web Server 2.0 - GET Request (SEH)
Microsoft Windows Kerberos - Elevation of Privilege (MS14-068)
Microsoft Windows Kerberos - Privilege Escalation (MS14-068)
X360 VideoPlayer ActiveX Control 2.6 - (ASLR + DEP Bypass)
X360 VideoPlayer ActiveX Control 2.6 - ASLR + DEP Bypass
i.FTP 2.21 - Time Field SEH Exploit
i.FTP 2.21 - Time Field (SEH)
Konica Minolta FTP Utility 1.00 - Authenticated CWD Command SEH Overflow (Metasploit)
Konica Minolta FTP Utility 1.00 - Authenticated CWD Command Overflow (SEH) (Metasploit)
Easy File Sharing Web Server 7.2 - Remote SEH Based Overflow
Easy File Sharing Web Server 7.2 - Remote Overflow (SEH)
Konica Minolta FTP Utility 1.00 - CWD Command SEH Overflow
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)
Sysax Multi Server 6.50 - HTTP File Share SEH Overflow Remote Code Execution
Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH)
TFTP Server 1.4 - WRQ Buffer Overflow (Egghunter)
TFTP Server 1.4 - 'WRQ' Buffer Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - SEH Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow
Win32 - SEH omelet Shellcode
Win32 - SEH Omelet Shellcode
dotWidget CMS 1.0.6 - (file_path) Remote File Inclusion
DreamAccount 3.1 - (da_path) Remote File Inclusion
dotWidget CMS 1.0.6 - 'file_path' Remote File Inclusion
DreamAccount 3.1 - 'da_path' Remote File Inclusion
AWF CMS 1.11 - (spaw_root) Remote File Inclusion
AWF CMS 1.11 - 'spaw_root' Remote File Inclusion
Download-Engine 1.4.2 - (spaw) Remote File Inclusion
Download-Engine 1.4.2 - 'spaw' Remote File Inclusion
Newsscript 1.0 - Administrative Privilege Elevation
Newsscript 1.0 - Administrative Privilege Escalation
UBBCentral UBB.Threads 3.4/3.5 - Denial of Serviceearch.php SQL Injection
UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL Injection
Cerberus Helpdesk 2.649 - cer_KnowledgebaseHandler.class.php _load_article_details Function SQL Injection
Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection
cPanel 10.9 - Denial of Serviceetmytheme theme Parameter Cross-Site Scripting
cPanel 10.9 - dosetmytheme 'theme' Parameter Cross-Site Scripting
WordPress < 2.1.2 - PHP_Self Cross-Site Scripting
WordPress < 2.1.2 - PHP_Self Cross-Site Scripting
WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection
Real Estate Classifieds Script - SQL Injection
2017-06-14 05:01:26 +00:00
Offensive Security
117f75fdfc
DB: 2017-06-13
...
5 new exploits
GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference
DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow
Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow
Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution
Easy File Sharing Web Server 7.2 - Authentication Bypass
2017-06-13 05:01:23 +00:00
Offensive Security
dea52f68f5
DB: 2017-06-12
...
8 new exploits
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC)
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
VMware vSphere Data Protection 5.x/6.x - Java Deserialization
EFS Easy Chat Server 3.1 - Buffer Overflow (SEH)
IPFire 2.19 - Remote Code Execution
eCom Cart 1.3 - SQL Injection
EFS Easy Chat Server 3.1 - Password Disclosure
EFS Easy Chat Server 3.1 - Password Reset
PaulShop - SQL Injection
2017-06-12 05:01:24 +00:00
Offensive Security
bed1811f1d
DB: 2017-06-09
...
4 new exploits
Linux Kernel - 'ping' Local Denial of Service
VMware Workstation 12 Pro - Denial of Service
Net Monitor for Employees Pro < 5.3.4 - Unquoted Service Path Privilege Escalation
Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
2017-06-09 05:01:17 +00:00
Offensive Security
0ef7d9b9ec
DB: 2017-06-07
...
8 new exploits
Wireshark 2.2.6 - IPv6 Dissector Denial of Service
Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service
Apple Safari 10.1 - Spread Operator Integer Overflow Remote Code Execution
Home Web Server 1.9.1 build 164 - Remote Code Execution
Linux/x86-64 - /bin/sh Shellcode (31 bytes)
Kronos Telestaff < 2.92EU29 - SQL Injection
WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting
Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure
2017-06-07 05:01:18 +00:00
Offensive Security
cd6e21e600
DB: 2017-06-06
...
11 new exploits
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
DNSTracer 1.8.1 - Buffer Overflow
Parallels Desktop - Virtual Machine Escape
Subsonic 6.1.1 - XML External Entity Injection
BIND 9.10.5 - Unquoted Service Path Privilege Escalation
Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
Subsonic 6.1.1 - Cross-Site Request Forgery
Subsonic 6.1.1 - Server-Side Request Forgery
Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
2017-06-06 05:01:15 +00:00
Offensive Security
42e94b4366
DB: 2017-06-05
...
26 new exploits
Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine
Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files
Microsoft MsMpEng - Use-After-Free via Saved Callers
WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit - 'Element::setAttributeNodeNS' Use-After-Free
reiserfstune 3.6.25 - Local Buffer Overflow
TiEmu 2.08 - Local Buffer Overflow
Octopus Deploy - Authenticated Code Execution (Metasploit)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities
Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes)
uc-http Daemon - Local File Inclusion / Directory Traversal
Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
Piwigo Plugin Facetag 0.0.3 - SQL Injection
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - SQL Injection
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
2017-06-05 05:01:15 +00:00
Offensive Security
b1d5f96f79
DB: 2017-05-27
...
6 new exploits
Sandboxie 5.18 - Local Denial of Service
JAD java Decompiler 1.5.8e - Local Buffer Overflow
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands
Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write
D-Link DCS Series Cameras - Insecure Crossdomain
QWR-1104 Wireless-N Router - Cross-Site Scripting
2017-05-27 05:01:15 +00:00
Offensive Security
07c41df34d
DB: 2017-05-25
...
2 new exploits
Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE (PoC) (MS12-034)
Microsoft Windows XP - Keyboard Layouts Pool Corruption (PoC) (MS12-034)
Microsoft Internet Explorer 6 - HtmlDlgSafeHelper Remote Denial of Service
Microsoft Internet Explorer 6 - 'HtmlDlgSafeHelper' Remote Denial of Service
Dup Scout Enterprise 9.7.18 - '.xml' Local Buffer Overflow
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
2017-05-25 05:01:17 +00:00
Offensive Security
2907a841a7
DB: 2017-05-24
...
9 new exploits
Apple iOS/macOS - Memory Corruption Due to Bad Bounds Checking in NSCharacterSet Coding for NSKeyedUnarchiver
Apple iOS/macOS - NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in [NSBuiltinCharacterSet initWithCoder:]
Apple iOS/macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in 'TIKeyboardLayout initWithCoder:'
Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin'
Apple iOS/macOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization
Apple iOS/macOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Option Handling
Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization
KDE 4/5 - 'KAuth' Privilege Escalation
VX Search Enterprise 9.5.12 - GET Buffer Overflow (Metasploit)
2017-05-24 05:01:19 +00:00
Offensive Security
6351914249
DB: 2017-05-22
...
5 new exploits
Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC)
Secure Auditor 3.0 - Directory Traversal
KMCIS CaseAware - Cross-Site Scripting
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
PlaySMs 1.4 - 'import.php' Remote Code Execution
2017-05-22 05:01:18 +00:00
Offensive Security
94f7a8c8f5
DB: 2017-05-18
...
15 new exploits
Apple iOS < 10.3.2 - Notifications API Denial of Service
Adobe Flash - AVC Deblocking Out-of-Bounds Read
Adobe Flash - Margin Handling Heap Corruption
Adobe Flash - Out-of-Bounds Read in Getting TextField Width
Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Mozilla Firefox 50 - 55 - Stack Overflow Denial of Service
Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation
Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit)
Serviio Media Server - checkStreamUrl Command Execution (Metasploit)
WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit)
Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution
Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes)
INFOR EAM 11.0 Build 201410 - 'filtervalue' SQL Injection
INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields
2017-05-18 05:01:18 +00:00
Offensive Security
cf40ee3ab5
DB: 2017-05-17
...
3 new exploits
LabF nfsAxe 3.7 FTP Client - Buffer Overflow (SEH)
Sophos Web Appliance 4.3.1.1 - Session Fixation
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities
2017-05-17 05:01:16 +00:00
Offensive Security
7eac4c3a2c
DB: 2017-05-16
...
10 new exploits
Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH)
Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)
Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token
Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure
Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys
Quest Privilege Manager - pmmasterd Buffer Overflow (Metasploit)
PlaySms 1.4 - Remote Code Execution
Mailcow 0.14 - Cross-Site Request Forgery
Admidio 3.2.8 - Cross-Site Request Forgery
2017-05-16 05:01:17 +00:00
Offensive Security
b6bbf710eb
DB: 2017-05-12
...
5 new exploits
OpenVPN 2.4.0 - Unauthenticated Denial of Service
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Privilege Escalation (3)
Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation
Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)
Microsoft Windows - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)
Microsoft IIS WebDav - ScStoragePathFromUrl Overflow (Metasploit)
2017-05-12 05:01:18 +00:00
Offensive Security
5aee851cfb
DB: 2017-05-11
...
5 new exploits
PocketPC Mms Composer - (WAPPush) Denial of Service
PocketPC Mms Composer - 'WAPPush' Denial of Service
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs)
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoC)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoC)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service) (PoC)
Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion
Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035)
Microsoft Internet Explorer 8/9/10 - 'CInput' Use-After-Free Crash (PoC) (MS14-035)
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1)
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Privilege Escalation (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
HT Editor 2.0.20 - Buffer Overflow (ROP PoC)
HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC)
Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation
Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Privilege Escalation
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2)
Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1)
Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow (Metasploit)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit)
Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing
Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing
Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities
Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3)
Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)
Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion
visual tools dvr 3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities
Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities
Microsoft Internet Explorer 8 / 9 - Steal Any Cookie
Microsoft Internet Explorer 8/9 - Steal Any Cookie
PHPOpenChat 2.3.4/3.0.1 - ENGLISH_poc.php Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion
COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change
COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change
Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities
C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S_ DVR - Credentials Disclosure / Authentication Bypass
C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass
AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities
AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass
BanManager WebUI 1.5.8 - PHP Code Injection
Gongwalker API Manager 1.1 - Cross-Site Request Forgery
2017-05-11 05:01:18 +00:00
Offensive Security
4e3947178d
DB: 2017-05-10
...
10 new exploits
LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls
LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers
LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflows
wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One
Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution
Crypttech CryptoLog - Remote Code Execution (Metasploit)
BSD/x86 - portbind port 31337 Shellcode (83 bytes)
BSD/x86 - portbind port random Shellcode (143 bytes)
BSD/x86 - Portbind Port 31337 Shellcode (83 bytes)
BSD/x86 - Portbind Random Port Shellcode (143 bytes)
BSD/x86 - execve /bin/sh Crypt /bin/sh Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)
BSD/x86 - reverse 6969 portbind Shellcode (129 bytes)
BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)
FreeBSD/x86 - portbind 4883 with auth Shellcode (222 bytes)
FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes)
FreeBSD/x86 - connect (Port 31337) Shellcode (102 bytes)
FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
Linux/x86 - execve Null Free Shellcode (Generator)
Linux/x86 - Portbind Payload Shellcode (Generator)
Windows XP SP1 - Portbind Payload Shellcode (Generator)
Linux/x86 - execve Null-Free Shellcode (Generator)
Linux/x86 - Portbind Shellcode (Generator)
Windows XP SP1 - Portbind Shellcode (Generator)
Linux/x86 - cmd Null Free Shellcode (Generator)
Linux/x86 - cmd Null-Free Shellcode (Generator)
Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Connectback Port 21 Shellcode
Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind Shellcode (276 bytes)
Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes)
Linux/SPARC - portbind port 8975 Shellcode (284 bytes)
Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes)
Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes)
Linux/x86 - bindport 8000 & execve iptables -F Shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access Shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux Shellcode (179 bytes)
Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes)
Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture Shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Connect Back Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - setuid/portbind (Port 31337) Shellcode (96 bytes)
Linux/x86 - portbind (2707) Shellcode (84 bytes)
Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes)
Linux/x86 - Portbind 2707 Shellcode (84 bytes)
Linux/x86 - SET_PORT() portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) Shellcode (86 bytes)
Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes)
Linux/x86 - Portbind Port 64713 Shellcode (86 bytes)
Linux/x86 - portbind port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add user 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - portbind port 5074 Shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add user 't00r' Shellcode (82 bytes)
Linux/x86 - Portbind Port 5074 Shellcode (92 bytes)
Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add User 't00r' Shellcode (82 bytes)
Linux/x86-64 - bindshell port 4444 Shellcode (132 bytes)
Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes)
NetBSD/x86 - callback Shellcode (port 6666) (83 bytes)
NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes)
OpenBSD/x86 - portbind port 6969 Shellcode (148 bytes)
OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes)
Solaris/SPARC - portbind (port 6666) Shellcode (240 bytes)
Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes)
Solaris/SPARC - portbind port 6789 Shellcode (228 bytes)
Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes)
Solaris/SPARC - portbinding Shellcode (240 bytes)
Solaris/x86 - portbind/TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free Shellcode (39 bytes)
Solaris/SPARC - Portbind Shellcode (240 bytes)
Solaris/x86 - Portbind TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes)
Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 Shellcode
Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode
Win32 - telnetbind by Winexec 23 port Shellcode (111 bytes)
Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe Shellcode (32 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - download and execute Shellcode (124 bytes)
Win32 - Download & Execute Shellcode (124 bytes)
Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows XP - download and exec source Shellcode
Windows XP SP1 - Portshell on port 58821 Shellcode (116 bytes)
Windows XP - Download & Exec Shellcode
Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes)
Win64 - (URLDownloadToFileA) download and execute Shellcode (218+ bytes)
Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes)
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 Shellcode
FreeBSD/x86 - portbind (Port 1337) Shellcode (167 bytes)
Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode
FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes)
Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)
Windows XP Professional SP2 (English) - Message Box Null-Free Shellcode (16 bytes)
Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)
Win32 XP SP2 FR - calc Shellcode (19 bytes)
Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Win32 XP SP3 English - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe Shellcode (26 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Windows XP Home Edition SP2 English - calc.exe Shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe Shellcode (37 bytes)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)
Windows XP Professional SP2 ITA - calc.exe Shellcode (36 bytes)
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Windows XP SP2 (FR) - Download & Exec Shellcode
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Windows 7 Professional SP1 x64 (FR) - (Beep) Shellcode (39 bytes)
Linux/x86 - netcat connect back port 8080 Shellcode (76 bytes)
Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ Shellcode (390 bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes)
Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86 - bind shell port 64533 Shellcode (97 bytes)
Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes)
Linux - 125 bind port to 6778 XOR encoded polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic Shellcode (91 bytes)
Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes)
Linux/x86 - netcat bindshell port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)
Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
BSD/x86 - bindshell on port 2525 Shellcode (167 bytes)
BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes)
Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Win32/XP Pro SP3 (EN) x86 - Add new local administrator _secuid0_ Shellcode (113 bytes)
Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)
ARM - Bindshell port 0x1337 Shellcode
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
ARM - Bindshell Port 0x1337 Shellcode
OSX/Intel (x86-64) - setuid shell Shellcode (51 bytes)
OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)
Win32 - speaking Shellcode
Win32 - Speaking 'You got pwned!' Shellcode
BSD/x86 - 31337 portbind + fork Shellcode (111 bytes)
BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes)
Linux/x86 - netcat bindshell port 6666 Shellcode (69 bytes)
Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes)
Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)
Linux/MIPS - connect back Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)
Windows XP Pro SP3 - Full ROP calc Shellcode (428 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)
Windows RT ARM - Bind Shell (Port 4444) Shellcode
Windows RT ARM - Bind Shell Port 4444 Shellcode
Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows XP x86-64 - Download & execute Shellcode (Generator)
Windows XP x86-64 - Download & Execute Shellcode (Generator)
Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)
Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes)
Win32/XP SP3 - Create (_file.txt_) Shellcode (83 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)
OSX/x86-64 - /bin/sh Null Free Shellcode (34 bytes)
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)
OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes)
OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes)
Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)
Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes)
Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes)
Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)
Windows XP < 10 - WinExec Null-Free Shellcode (Python) (Generator)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes)
Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes)
Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)
Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes)
Linux/x86-64 - bindshell (Port 5600) Shellcode (81 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes)
Linux/x86-64 - bindshell (Port 5600) Shellcode (86 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes)
Linux/x86 - Bind TCP Port 1472 (IPv6) Shellcode (1250 bytes)
Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes)
Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)
Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes)
Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes)
Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)
Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes)
Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes)
Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)
Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes)
Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes)
Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes)
LogRhythm Network Monitor - Authentication Bypass / Command Injection
I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
2017-05-10 05:01:16 +00:00
Offensive Security
6f37b94a66
DB: 2017-05-09
...
5 new exploits
RPCBind / libtirpc - Denial of Service
Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH)
Xen 64bit PV Guest - pagetable use-after-type-change Breakout
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
2017-05-09 04:46:38 +00:00
Offensive Security
b473ba51f3
DB: 2017-05-04
...
5 new exploits
Internet Explorer 11 - CMarkup::DestroySplayTree Use-After-Free
Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
2017-05-04 05:01:18 +00:00
Offensive Security
e4147fb21e
DB: 2017-05-01
...
5 new exploits
Panda Free Antivirus - 'PSKMAD.sys' Denial of Service
IrfanView 4.44 - Denial of Service
Emby MediaServer 3.2.5 - SQL Injection
Emby MediaServer 3.2.5 - Password Reset
Emby MediaServer 3.2.5 - Directory Traversal
2017-05-01 05:01:18 +00:00
Offensive Security
72f98fab1c
DB: 2017-04-28
...
5 new exploits
Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption
Microsoft Office Word - Malicious Hta Execution (Metasploit)
Microsoft Office Word - '.RTF' Malicious HTA Execution (Metasploit)
Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)
TYPO3 News Module - SQL Injection
Simple File Uploader - Arbitrary File Download
Easy File Uploader - Arbitrary File Upload
2017-04-28 05:01:19 +00:00
Offensive Security
9e9bf495c2
DB: 2017-04-26
...
26 new exploits
PHP 5.4.0RC6 (x64t) - Denial of Service
PHP 5.4.0RC6 (x64) - Denial of Service
Evostream Media Server 1.7.1 (x64) - Denial of Service
PrivateTunnel Client 2.8 - Local Buffer Overflow (SEH)
VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Dmitry 1.3a - Local Buffer Overflow
Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Apple Safari - Array concat Memory Corruption
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free
VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation
Dell Customer Connect 1.3.28.0 - Privilege Escalation
LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation
Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit
Nginx 1.4.0 (Generic Linux x64) - Remote Exploit
Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution
Microsoft Office Word - Malicious Hta Execution (Metasploit)
WePresent WiPG-1000 - Command Injection (Metasploit)
OSX/Intel - setuid shell x86_64 Shellcode (51 bytes)
OSX/Intel (x86-64) - setuid shell Shellcode (51 bytes)
OSX/Intel (x86_64) - reverse_tcp shell Shellcode (131 bytes)
OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes)
Linux x86 / x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 / x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 / x86_64 - Read /etc/passwd Shellcode (156 bytes)
Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)
Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86-64 - Egghunter Shellcode (38 bytes)
Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery
WordPress Plugin KittyCatfish 2.2 - SQL Injection
WordPress Plugin Car Rental System 2.5 - SQL Injection
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection
WordPress Plugin Wow Forms 2.1 - SQL Injection
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE
Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection
October CMS 1.0.412 - Multiple Vulnerabilities
2017-04-26 05:01:18 +00:00
Offensive Security
dadce54852
DB: 2017-04-25
...
1 new exploits
Microsoft Windows - 'afd.sys' (PoC) (MS11-046)
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)
Easy MOV Converter 1.4.24 - Local Buffer Overflow (SEH)
2017-04-25 05:01:19 +00:00
Offensive Security
5386bd7110
DB: 2017-04-21
...
10 new exploits
Femitter FTP Server 1.03 - (RETR) Remote Denial of Service (PoC)
Femitter FTP Server 1.03 - 'RETR' Remote Denial of Service (PoC)
VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Microsoft Windows 10 10586 - IEETWCollector Arbitrary Directory/File Deletion Privilege Escalation
Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation
VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation
3proxy 0.5.3g (Linux) - proxy.c logurl() Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - proxy.c logurl() Remote Buffer Overflow
3proxy 0.5.3g - proxy.c logurl() Remote Overflow (exec-shield)
3proxy 0.5.3g (Linux) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g - (exec-shield) 'proxy.c' 'logurl()' Remote Overflow
3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)
Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripting
2017-04-21 05:01:18 +00:00
Offensive Security
e4eda3f58a
DB: 2017-04-20
2017-04-20 05:01:17 +00:00
Offensive Security
3c86b861c2
DB: 2017-04-19
...
4 new exploits
Microsoft Windows - Uncredentialed SMB RCE (MS17-010) (Metasploit)
Microsoft Windows - Unauthenticated SMB Remote Code Execution (MS17-010) (Metasploit)
pinfo 0.6.9 - Local Buffer Overflow
Tenable Appliance < 4.5 - Unauthenticated Remote Root Code Execution
Microsoft Word - .RTF Remote Code Execution
Huawei HG532n - Command Injection (Metasploit)
2017-04-19 05:01:17 +00:00
Offensive Security
cc2ec16c5d
DB: 2017-04-18
...
3 new exploits
WinSCP 5.9.4 - 'LIST' Denial of Service (Metasploit)
Microsoft Windows - Uncredentialed SMB RCE (MS17-010) (Metasploit)
Openexpert 0.5.17 - SQL Injection
Openexpert 0.5.17 - 'area_id' Parameter SQL Injection
Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset
2017-04-18 05:01:21 +00:00
Offensive Security
18df65f3e4
DB: 2017-04-17
...
1 new exploits
Microsoft IIS - Malformed HTTP Request Denial of Service (cpp)
Microsoft IIS - Malformed HTTP Request Denial of Service
VirusChaser 8.0 - Buffer Overflow (SEH)
2017-04-17 05:01:16 +00:00
Offensive Security
aabd4b35b3
DB: 2017-04-14
...
12 new exploits
Microsoft Windows Kernel win32k.sys - Multiple Bugs in the NtGdiGetDIBitsInternal System Call
Microsoft Windows Kernel - 'win32kfull!SfnINLPUAHDRAWMENUITEM' Stack Memory Disclosure
PonyOS 3.0 - tty ioctl() Local Kernel Exploit
PonyOS 3.0 - TTY 'ioctl()' Local Kernel Exploit
Solaris 7 - 11 (x86 & SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation
Solaris 7 < 11 (x86 / SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation
GNS3 Mac OS-X 1.5.2 - 'ubridge' Privilege Escalation
PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Local Kernel Exploit
Adobe Creative Cloud Desktop Application <= 4.0.0.185 - Privilege Escalation
Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)
Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage Exploit
Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
Linux/x86-64 - execve(_/bin/sh_) Shellcode (31 bytes)
Coppermine Gallery < 1.5.44 - Directory Traversal Weaknesses
SedSystems D3 Decimator - Multiple Vulnerabilities
agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery
agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)
2017-04-14 05:01:15 +00:00
Offensive Security
341f44bf34
DB: 2017-04-11
...
4 new exploits
Moxa MXview 2.8 - Denial of Service
Moxa MXview 2.8 - Private Key Disclosure
Moxa MX AOPC-Server 1.5 - XML External Entity Injection
Jobscript4Web 4.5 - Authentication Bypass
2017-04-11 05:01:16 +00:00
Offensive Security
7018b7742d
DB: 2017-04-07
...
7 new exploits
Microsoft Windows - Explorer (.WMF) CreateBrushIndirect Denial of Service
Microsoft Windows Explorer - '.WMF' CreateBrushIndirect Denial of Service
Microsoft Windows - Explorer (.AVI) Unspecified Denial of Service
Microsoft Windows Explorer - '.AVI' Unspecified Denial of Service
Microsoft Windows - Explorer Unspecified .ANI File Denial of Service
Microsoft Windows Explorer - Unspecified '.ANI' File Denial of Service
Microsoft Windows - explorer.exe Gif Image Denial of Service
Microsoft Windows Explorer - '.GIF' Image Denial of Service
Microsoft Windows Media Player - AIFF Divide By Zero Exception Denial of Service (PoC)
Microsoft Windows Media Player - '.AIFF' Divide By Zero Exception Denial of Service (PoC)
Microsoft Windows - Explorer Unspecified .doc File Denial of Service
Microsoft Windows Explorer - Unspecified '.doc' File Denial of Service
Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit
Microsoft Windows - GDI+ '.ICO' Remote Division By Zero Exploit
DesignWorks Professional 4.3.1 - Local .CCT File Stack Buffer Overflow (PoC)
DesignWorks Professional 4.3.1 - Local '.CCT' File Stack Buffer Overflow (PoC)
IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Based Overflow
IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow
Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service
Microsoft Windows NT 4.0/2000 - TCP/IP Printing Service Denial of Service
Microsoft Windows NT 4.0 / 2000 - LPC Zone Memory Depletion Denial of Service
Microsoft Windows NT 4.0/2000 - LPC Zone Memory Depletion Denial of Service
Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service
Microsoft Windows NT/2000 - Terminal Server Service RDP Denial of Service
Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1)
Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2)
Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (1)
Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (2)
Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (1)
Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (2)
Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (3)
Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (4)
Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (1)
Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (2)
Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (3)
Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (4)
Microsoft Windows XP/95/98/2000/NT 4 - 'Riched20.dll' Attribute Buffer Overflow
Microsoft Windows XP/95/98/2000/NT 4.0 - 'Riched20.dll' Attribute Buffer Overflow
Microsoft Windows XP/2000/NT 4 - Shell Long Share Name Buffer Overrun
Microsoft Windows XP/2000/NT 4.0 - Shell Long Share Name Buffer Overrun
Microsoft Windows Explorer - 'explorer.exe' .WMV File Handling Denial of Service
Microsoft Windows Explorer - 'explorer.exe' '.WMV' File Handling Denial of Service
Apple Mac OSX 10.4.x - iMovie HD .imovieproj Filename Format String
Apple Mac OSX 10.4.x - Help Viewer .help Filename Format String
Apple Mac OSX 10.4.x - iMovie HD '.imovieproj' Filename Format String
Apple Mac OSX 10.4.x - Help Viewer '.help' Filename Format String
Microsoft Windows XP/2003 - Explorer .WMF File Handling Denial of Service
Microsoft Windows XP/2003 - Explorer '.WMF' File Handling Denial of Service
Microsoft Windows Cursor - Object Potential Memory Leak (MS15-115)
Microsoft Windows - Cursor Object Potential Memory Leak (MS15-115)
Microsoft Windows Kernel win32k!OffsetChildren - Null Pointer Dereference
Microsoft Windows Kernel - win32k!OffsetChildren Null Pointer Dereference
Palo Alto Networks PanOS appweb3 - Stack Buffer Overflow
Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow
Cesanta Mongoose OS - Use-After-Free
CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC)
GLIBC (via /bin/su) - Privilege Escalation
GLIBC - '/bin/su' Privilege Escalation
cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation
cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation
Microsoft Windows - NtRaiseHardError Csrss.exe Memory Disclosure
Microsoft Windows - NtRaiseHardError 'Csrss.exe' Memory Disclosure
Microsoft Windows Contacts - 'wab32res.dll' DLL Hijacking
Microsoft Windows - Contacts 'wab32res.dll' DLL Hijacking
Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (MS10-028) (Metasploit)
Microsoft Visio - 'VISIODWG.dll' '.DXF' File Handling (MS10-028) (Metasploit)
Microsoft Windows - Task Scheduler .XML Privilege Escalation (MS10-092) (Metasploit)
Microsoft Windows - Task Scheduler '.XML' Privilege Escalation (MS10-092) (Metasploit)
Microsoft Windows NT 4/2000 - DLL Search Path
Microsoft Windows NT 4.0/2000 - DLL Search Path
Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier - Multiple Vulnerabilities
Microsoft Windows NT 4.0/2000 Predictable LPC Message Identifier - Multiple Vulnerabilities
Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request (MS00-003)
Microsoft Windows NT 4.0/2000 - Spoofed LPC Request (MS00-003)
Microsoft Windows NT 3/4 - CSRSS Memory Access Violation
Microsoft Windows NT 3/4.0 - CSRSS Memory Access Violation
Microsoft Windows NT 4/2000 - NTFS File Hiding
Microsoft Windows NT 4.0/2000 - NTFS File Hiding
Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation
Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8)
Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (1)
Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (2)
Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (3)
Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (4)
Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (5)
Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (6)
Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (7)
Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (8)
Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1)
Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2)
Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (1)
Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (2)
Microsoft Windows Server 2000 - Help Facility .CNT File :Link Buffer Overflow
Microsoft Windows Server 2000 - Help Facility '.CNT' File :Link Buffer Overflow
Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows NT 4.0/2000 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
Microsoft Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation
Microsoft Windows 10 (Build 10130) - User Mode Font Driver Thread Permissions Privilege Escalation
Palo Alto Networks PanOS root_reboot - Privilege Escalation
Palo Alto Networks PanOS - root_reboot Privilege Escalation
Oracle 9i / 10g - File System Access via utl_file Exploit
Oracle 9i / 10g - 'utl_file' File System Access Exploit
KDE 4.4.1 - Ksysguard Remote Code Execution via Cross Application Scripting
KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting)
QuickPHP Web Server Arbitrary - 'src .php' File Download
QuickPHP Web Server - Arbitrary '.php' File Download
Microsoft Windows Common Control Library (Comctl32) - Heap Overflow (MS10-081)
Microsoft Windows - Common Control Library (Comctl32) Heap Overflow (MS10-081)
Microsoft Internet Explorer 4 (Windows 95/NT 4) - Setupctl ActiveX Control Buffer Overflow
Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow
Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4) - XML HTTP Redirect
Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4.0) - XML HTTP Redirect
Microsoft Windows NT 4/2000 - NetBIOS Name Conflict
Microsoft Windows NT 4.0/2000 - NetBIOS Name Conflict
X-Chat 1.2/1.3/1.4/1.5 - Command Execution Via URLs
X-Chat 1.2/1.3/1.4/1.5 - Command Execution via URLs
Microsoft Windows 95/98/2000/NT4 - WinHlp Item Buffer Overflow
Microsoft Windows 95/98/2000/NT 4.0 - WinHlp Item Buffer Overflow
Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow
Microsoft Windows XP/2000/NT 4.0 - Help Facility ActiveX Control Buffer Overflow
Microsoft Windows XP/2000/NT 4 - Locator Service Buffer Overflow
Microsoft Windows XP/2000/NT 4.0 - Locator Service Buffer Overflow
AIX 3.x/4.x / Windows 95/98/2000/NT 4 / SunOS 5 gethostbyname() - Buffer Overflow
AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 gethostbyname() - Buffer Overflow
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (1)
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (2)
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (3)
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (4)
Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (1)
Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (2)
Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (3)
Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (4)
Microsoft Windows XP/2000/NT 4 - HTML Converter HR Align Buffer Overflow
Microsoft Windows XP/2000/NT 4.0 - HTML Converter HR Align Buffer Overflow
Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow
Microsoft Windows NT 4.0/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow
Cerulean Studios Trillian 3.0 - Remote .png Image File Parsing Buffer Overflow
Cerulean Studios Trillian 3.0 - Remote '.png' Image File Parsing Buffer Overflow
Zoom Player 3.30/5/6 - Crafted .ZPL File Error Message Arbitrary Code Execution
Zoom Player 3.30/5/6 - Crafted '.ZPL' File Error Message Arbitrary Code Execution
SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload
Windows 10 x64 - Egghunter Shellcode (45 bytes)
eFiction 2.0 - 'Fake .gif' Arbitrary File Upload
eFiction 2.0 - Fake '.GIF' Arbitrary File Upload
cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation (PHP)
cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP)
Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
Apple WebKit 10.0.2(12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion
Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
Apple WebKit 10.0.2 (12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion
SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure via XEE
SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
The Uploader 2.0.4 - (English/Italian) Arbitrary File Upload / Remote Code Execution (Metasploit)
The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit)
elFinder 2 - Remote Command Execution (Via File Creation)
elFinder 2 - Remote Command Execution (via File Creation)
Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File
Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize / Arbitrary Write File
AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector
AXIS Multiple Products - 'devtools ' Authenticated Remote Command Execution
GeoMoose < 2.9.2 - Directory Traversal
Moodle 2.x/3.x - SQL Injection
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
2017-04-07 05:01:20 +00:00
Offensive Security
0320cba051
DB: 2017-04-02
...
6 new exploits
Microsoft Internet Explorer 11 - Crash PoC (1)
Microsoft Internet Explorer 11 - Crash (PoC) (1)
Microsoft Windows SQL Server - Denial of Service Remote Exploit (MS03-031)
Microsoft Windows SQL Server - Remote Denial of Service (MS03-031)
Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow PoC (MS03-046)
Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (PoC) (MS03-046)
Microsoft Windows - MSDTC Service Remote Memory Modification PoC (MS05-051)
Microsoft Windows - MSDTC Service Remote Memory Modification (PoC) (MS05-051)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (1)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1)
Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (1)
Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (1)
Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (3)
Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (3)
Microsoft Windows - '.png' File IHDR Block Denial of Service PoC (2)
Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (2)
Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC (Metasploit)
Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)
Microsoft Windows - DNS Resolution Remote Denial of Service PoC (MS06-041)
Microsoft Windows - DNS Resolution Remote Denial of Service (PoC) (MS06-041)
Microsoft Excel - Malformed Palette Record Denial of Service PoC (MS07-002)
Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002)
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow PoCs
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs)
Visual Basic - 'vbe6.dll' Local Stack Overflow PoC / Denial of Service
Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service
freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC)
Microsoft Internet Explorer GDI+ - PoC (MS08-052)
Microsoft Internet Explorer GDI+ - (PoC) (MS08-052)
Microsoft Windows - GDI+ PoC (MS08-052) (2)
Microsoft Windows - GDI+ (PoC) (MS08-052) (2)
Microsoft Windows - InternalOpenColorProfile Heap Overflow PoC (MS08-046)
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption PoC/Denial of Service
Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service
Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray)
Apple Safari - 'ARGUMENTS' Array Integer Overflow (PoC) (New Heap Spray)
Adobe Acrobat Reader - JBIG2 Local Buffer Overflow PoC (2)
Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC) (2)
eZip Wizard 3.0 - Local Stack Buffer Overflow PoC (SEH)
eZip Wizard 3.0 - Local Stack Buffer Overflow (PoC) (SEH)
Chasys Media Player 1.1 - '.pls' Local Buffer Overflow PoC (SEH)
Chasys Media Player 1.1 - '.pls' Local Buffer Overflow (PoC) (SEH)
Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (1)
Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (1)
Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (2)
Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (2)
Microsoft Internet Explorer - EMBED Memory Corruption PoC (MS09-014)
Microsoft Internet Explorer - EMBED Memory Corruption (PoC) (MS09-014)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow PoCs
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs)
AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow PoC (SEH)
AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow (PoC) (SEH)
MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC
MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs)
JetAudio 7.5.3 COWON Media Center - '.wav' Crash
Streaming Audio Player 0.9 - (skin) Local Stack Overflow PoC (SEH)
Soritong MP3 Player 1.0 - (SKIN) Local Stack Overflow PoC (SEH)
Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (PoC) (SEH)
Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH)
Tuniac 090517c - '.m3u' Local File Crash (PoC)
HTML Email Creator & Sender 2.3 - Local Buffer Overflow PoC (SEH)
HTML Email Creator & Sender 2.3 - Local Buffer Overflow (PoC) (SEH)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (1)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (2)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (1)
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (2)
BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow PoC (2)
BigAnt Server 2.50 SP6 - '.zip' Local Buffer Overflow (PoC) (2)
Eureka Email Client 2.2q - PoC Buffer Overflow
Eureka Email Client 2.2q - Buffer Overflow (PoC)
Microsoft Windows 7 / Server 2008 R2 - Remote Kernel Crash
Microsoft Windows 7 / 2008 R2 - Remote Kernel Crash
Picpuz 2.1.1 - Buffer Overflow Denial of Service/PoC
Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC)
Total MultiMedia Features - Denial of Service PoC for Sony Ericsson Phones
Total MultiMedia Features - Sony Ericsson Phones Denial of Service (PoC)
Mozilla Firefox 3.6 - (XML parser) Memory Corruption PoC/Denial of Service
Mozilla Firefox 3.6 - (XML parser) Memory Corruption (PoC) / Denial of Service
iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service/PoC
iPhone FTP Server (WiFi FTP) by SavySoda - Denial of Service (PoC)
RCA DCM425 Cable Modem - micro_httpd Denial of Service/PoC
RCA DCM425 Cable Modem - 'micro_httpd' Denial of Service (PoC)
Free MP3 CD Ripper 2.6 - '.wav' PoC
Free MP3 CD Ripper 2.6 - '.wav' (PoC)
Anyzip 1.1 - '.zip' PoC (SEH)
Anyzip 1.1 - '.zip' (PoC) (SEH)
Microsoft Windows - SMB Client-Side Bug PoC (MS10-006)
Microsoft Windows - SMB Client-Side Bug (PoC) (MS10-006)
Webby WebServer - PoC SEH control
Webby WebServer - SEH Control (PoC)
FreeBSD 8.0 ftpd - off-by one PoC (FreeBSD-SA-10:05)
FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off- By One (PoC)
Microsoft Windows Vista/Server 2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
AoAAudioExtractor 2.0.0.0 - ActiveX PoC (SEH)
AoAAudioExtractor 2.0.0.0 - ActiveX (PoC) (SEH)
Mozilla Firefox - Memory Corruption PoC (Simplified)
Mozilla Firefox - (Simplified) Memory Corruption (PoC)
Microsoft Windows - Win32k Pointer Dereferencement PoC (MS10-098)
Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098)
Elecard MPEG Player 5.7 - Local Buffer Overflow PoC (SEH)
Elecard MPEG Player 5.7 - Local Buffer Overflow (PoC) (SEH)
Microsoft Windows XP - WmiTraceMessageVa Integer Truncation PoC (MS11-011)
Microsoft Windows XP - WmiTraceMessageVa Integer Truncation (PoC) (MS11-011)
Real player 14.0.2.633 - Buffer Overflow / Denial of ServiceExploit
Real player 14.0.2.633 - Buffer Overflow / Denial of Service
IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - '.ICO' With Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - '.ICO' Without Transparent Colour Denial of Service / Remote Denial of Service
Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel Denial of Service
Microsoft Windows Vista/2008 - 'nsiproxy.sys' Local Kernel Denial of Service
D-Link DSL-2650U - Denial of Service/PoC
D-Link DSL-2650U - Denial of Service (PoC)
Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun PoC (MS11-077)
Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun (PoC) (MS11-077)
Opera 11.52 - PoC Denial of Service
Opera 11.52 - Denial of Service (PoC)
Microsoft Win32k - Null Pointer De-reference PoC (MS11-077)
Microsoft Win32k - Null Pointer De-reference (PoC) (MS11-077)
Microsoft Windows - 'afd.sys' PoC (MS11-046)
Microsoft Windows - 'afd.sys' (PoC) (MS11-046)
Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (MS12-034)
Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE (PoC) (MS12-034)
Wyse - Machine Remote Power off (DOS) without any Privilege (Metasploit)
Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit)
Microsoft Windows Server 2000/NT 4.0 - TCP/IP Printing Service Denial of Service
Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service
Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Crash PoC (Null Pointer Dereference)
Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (PoC)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4)
FreeBSD 2.x / HP-UX 9/10/11 / kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4)
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5)
Microsoft Windows Server 2000/NT - Terminal Server Service RDP Denial of Service
Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service
Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (1)
Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (2)
Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1)
Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2)
Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft PoCket Internet Explorer 3.0 - Denial of Service
Microsoft Pocket Internet Explorer 3.0 - Denial of Service
Microsoft Windows - HWND_BROADCAST PoC (MS13-005)
Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005)
Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash PoC
Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash (PoC)
Apple Safari 3 for Windows - Document.Location Denial of Service
Apple Safari 3 for Windows - 'Document.Location' Denial of Service
PotPlayer 1.5.42509 Beta - Denial of Service (Integer Division by Zero Exploit)
PotPlayer 1.5.42509 Beta - Integer Division by Zero Denial of Service
Apple Safari 3.0.x - for Windows Document.Location.Hash Buffer Overflow
Apple Safari 3.0.x for Windows - 'Document.Location.Hash' Buffer Overflow
Android Web Browser - GIF File Heap Based Buffer Overflow
Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow
Android Web Browser - BMP File Integer Overflow
Google Android Web Browser - '.BMP' File Integer Overflow
Gold MP4 Player 3.3 - Buffer Overflow PoC (SEH)
Gold MP4 Player 3.3 - Buffer Overflow (PoC) (SEH)
Microsoft Windows Server 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service
Microsoft Windows Vista/2003 - 'UnhookWindowsHookEx' Local Denial of Service
Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035)
Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035)
Microsoft Internet Explorer - Memory Corruption PoC (MS14-029)
Microsoft Internet Explorer - Memory Corruption (PoC) (MS14-029)
UniPDF 1.1 - Crash (PoC) (SEH)
Brasero CD/DVD Burner 3.4.1 - '.m3u' Buffer Overflow Crash (PoC)
Microsoft Windows - 'HTTP.sys' PoC (MS15-034)
Microsoft Windows - 'HTTP.sys' (PoC) (MS15-034)
UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC)
Microsoft Internet Explorer 11 - Crash PoC (2)
Microsoft Internet Explorer 11 - Crash (PoC) (2)
Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow
Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow
QNX RTOS 6.3.0 - Insecure rc.local Permissions Plus System Crash
QNX RTOS 6.3.0 - Insecure 'rc.local' Permissions System Crash / Privilege Escalation
Microsoft Windows - NtClose DeadLock PoC (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030)
Microsoft Windows - NtClose DeadLock (PoC) (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Privilege Escalation (PoC) (MS06-030)
PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - zip:// URL Wrapper Buffer Overflow
PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - 'zip://' URL Wrapper Buffer Overflow
Apache Tomcat (Windows) - runtime.getRuntime().exec() Privilege Escalation
Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Privilege Escalation
Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow PoC (SEH)
Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow (PoC) (SEH)
Streaming Audio Player 0.9 - (skin) Local Stack Overflow (SEH)
Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (SEH)
Tuniac 090517c - '.m3u' Local File Crash (PoC)
Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (1)
Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit)
Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (1)
Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit)
Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3)
Microsoft HTML Help Workshop 4.74 - '.hhp' Index Buffer Overflow (Metasploit) (3)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (2)
Microsoft HTML Help Workshop 4.74 - '.hhp' Cotent Buffer Overflow (Metasploit) (2)
Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) (2)
Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (2)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4)
Microsoft HTML Help Workshop 4.74 - '.hhp' compiled Buffer Overflow (Metasploit) (4)
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (without egg-hunter) (Metasploit)
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without Egg-Hunter) (Metasploit)
PHP 5.3.6 - Buffer Overflow PoC (ROP)
PHP 5.3.6 - Buffer Overflow (ROP) (PoC)
Microsoft Windows Server 2000/NT 4 - DLL Search Path
Microsoft Windows NT 4/2000 - DLL Search Path
Microsoft Windows Server 2000/NT 4 - NTFS File Hiding
Microsoft Windows NT 4/2000 - NTFS File Hiding
Microsoft Windows Server 2000/NT 4.0 - Process Handle Local Privilege Elevation
Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (1)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (2)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (3)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (4)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (5)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (6)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (7)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (8)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7)
Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8)
Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (1)
Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (2)
Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1)
Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2)
Microsoft Windows Server 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows Server 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation
PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_parameters' Argument Arbitrary File Creation
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Microsoft Windows Server 2003/2008/XP/Vista - WMI Service Isolation Privilege Escalation
Microsoft Windows XP/Vista/2003/2008 - WMI Service Isolation Privilege Escalation
Adobe Reader for Android - addJavascriptInterface Exploit (Metasploit)
Adobe Reader for Android - 'addJavascriptInterface' Exploit (Metasploit)
UniPDF 1.1 - Crash PoC (SEH overwritten)
Brasero CD/DVD Burner 3.4.1 - 'm3u' Buffer Overflow Crash (PoC)
UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC)
Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass PoC (MS15-052)
Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052)
Android - get_user/put_user Exploit (Metasploit)
Google Android - get_user/put_user Exploit (Metasploit)
Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell)
Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell)
Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#)
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#)
Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (2)
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)
MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit)
ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (1)
Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit)
Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (1)
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit)
Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit)
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2)
Ultr@VNC 1.0.1 - client Log::ReallyPrint Buffer Overflow
Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow
Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow (Metasploit)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (1)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (1)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit)
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2)
Microsoft Internet Explorer 7 - Arbitrary File Rewrite PoC (MS07-027)
Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (1)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit)
ImageStation - 'SonyISUpload.cab 1.0.0.38' ActiveX Buffer Overflow
ImageStation - 'SonyISUpload.cab' 1.0.0.38 ActiveX Buffer Overflow
IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow
Microsoft XML Core Services DTD - Cross-Domain Scripting PoC (MS08-069)
Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069)
Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption PoC (MS09-002)
Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002)
Apple Mac OSX - Java applet Remote Deserialization Remote PoC (2)
Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2)
Microsoft Windows live messenger plus! fileserver 1.0 - Directory Traversal
Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal
JetAudio 7.5.3 COWON Media Center - '.wav' Crash
DistCC Daemon - Command Execution (Metasploit) (1)
DistCC Daemon - Command Execution (Metasploit)
Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit)
mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit)
Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit)
mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit)
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (1)
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit)
Veritas NetBackup - Remote Command Execution (Metasploit) (1)
Veritas NetBackup - Remote Command Execution (Metasploit)
Pegasus Mail Client 4.51 - PoC Buffer Overflow
Pegasus Mail Client 4.51 - Buffer Overflow (PoC)
Irix LPD tagprinter - Command Execution (Metasploit) (1)
Irix LPD tagprinter - Command Execution (Metasploit)
Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (1)
Xtacacsd 4.1.2 - 'report()' Buffer Overflow (Metasploit)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (1)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)
Tandberg E & EX & C Series Endpoints - Default Credentials for Root Account
Tandberg E & EX & C Series Endpoints - Default Root Account Credentials
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (2)
Veritas NetBackup - Remote Command Execution (Metasploit) (2)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (2)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (2)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (1)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (2)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (1)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (2)
httpdx - tolog() Function Format String (Metasploit) (1)
httpdx - 'tolog()' Function Format String (Metasploit) (1)
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1)
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit)
httpdx - tolog() Function Format String (Metasploit) (2)
httpdx - 'tolog()' Function Format String (Metasploit) (2)
Irix LPD tagprinter - Command Execution (Metasploit) (2)
Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (2)
DistCC Daemon - Command Execution (Metasploit) (2)
HP Data Protector Client 6.11 - EXEC_SETUP Remote Code Execution PoC (ZDI-11-056)
HP Data Protector Client 6.11 - EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC)
HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC)
Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (1)
Mozilla Firefox 3.6.16 (Windows) - mChannel Use-After-Free (Metasploit) (1)
Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit)
Opera 10/11 - Bad Nesting with Frameset Tag Memory Corruption (Metasploit)
Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (2)
Mozilla Firefox 3.6.16 (OSX) - mChannel Use-After-Free (Metasploit) (2)
HP SiteScope - Remote Code Execution (Metasploit) (1)
HP SiteScope (Linux/Windows) - Remote Code Execution (Metasploit)
Microsoft Windows Server 2000/NT 4/XP - Help Facility ActiveX Control Buffer Overflow
Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow
Microsoft Windows Server 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow
Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow
thttpd 2.2x - defang Remote Buffer Overflow
thttpd 2.2x - 'defang' Remote Buffer Overflow
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (2)
Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit)
Dovecot with Exim - sender_address Parameter Remote Command Execution
Dovecot with Exim - 'sender_address' Parameter Remote Command Execution
HP SiteScope - Remote Code Execution (Metasploit) (2)
HP SiteScope (Windows) - Remote Code Execution (Metasploit)
Western Digital Arkeia - Remote Code Execution (Metasploit) (1)
Western Digital Arkeia < 10.0.10 - Remote Code Execution (Metasploit)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (2)
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit) (1)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
Western Digital Arkeia - Remote Code Execution (Metasploit) (2)
Western Digital Arkeia < 11.0.12 - Remote Code Execution (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1)
E-Uploader Pro 1.0 - Image Upload with Code Execution
E-Uploader Pro 1.0 - Image Upload / Code Execution
ASPapp Knowledge Base - 'CatId' Parameter SQL Injection
ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (1)
ASPapp KnowledgeBase - 'catid' Parameter SQL Injection
ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (2)
ea-gBook 0.1 - Remote Command Execution with Remote File Inclusion (c99)
ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion (c99)
Flatchat 3.0 - 'pmscript.php with' Local File Inclusion
Flatchat 3.0 - 'pmscript.php' Local File Inclusion
Joomla! Component huruhelpdesk - SQL Injection
Joomla! Component Huru Helpdesk - SQL Injection (1)
PGAUTOPro - SQL Injection / Cross-Site Scripting
PGAUTOPro - SQL Injection / Cross-Site Scripting (1)
Joomla! Component Huru Helpdesk - SQL Injection
Joomla! Component Huru Helpdesk - SQL Injection (2)
SoftwareDEP Classified Script 2.5 - SQL Injection
SoftwareDEP Classified Script 2.5 - SQL Injection (1)
WordPress Plugin pay with tweet 1.1 - Multiple Vulnerabilities
WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities
Software DEP Classified Script 2.5 - SQL Injection
SoftwareDEP Classified Script 2.5 - SQL Injection (2)
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (1)
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (2)
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1)
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2)
OnlineArts DailyDose 1.1 - Denial of Servicee.pl Remote Command Execution
OnlineArts DailyDose 1.1 - 'dose.pl' Remote Command Execution
PHPOpenChat 2.3.4/3.0.1 - PoC_loginform.php phpbb_root_path Parameter Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - PoC.php Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php' phpbb_root_path Parameter Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion
ActiveNews Manager - 'articleId' Parameter SQL Injection
ActiveNews Manager - 'articleId' Parameter SQL Injection (1)
Active News Manager - 'articleId' Parameter SQL Injection
ActiveNews Manager - 'articleId' Parameter SQL Injection (2)
Sagem Fast 3304-V2 - Authentication Bypass
Sagem Fast 3304-V2 - Authentication Bypass (1)
PG Auto Pro - SQL Injection / Cross-Site Scripting
PGAUTOPro - SQL Injection / Cross-Site Scripting (2)
Sagem FAST3304-V2 - Authentication Bypass
Sagem FAST3304-V2 - Authentication Bypass (2)
Trend Micro - Multiple HTTP Problems with CoreServiceShell.exe
Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues
phpATM 1.32 - Arbitrary File Upload / Remote Command Execution (Windows Servers)
phpATM 1.32 (Windows) - Arbitrary File Upload / Remote Command Execution
Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)
2017-04-02 05:01:18 +00:00
Offensive Security
6d17bc529d
DB: 2017-03-31
...
4 new exploits
dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow (PoC)
dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow (PoC)
Spider Solitaire - Denial of Service (PoC)
Spider Solitaire - Denial of Service (PoC)
Baby FTP Server 1.24 - Denial of Service
Baby FTP Server 1.24 - Denial of Service (1)
Baby FTP server 1.24 - Denial of Service
Baby FTP server 1.24 - Denial of Service (2)
Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation
Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation
Evostream Media Server 1.7.1 (x64) - Denial of Service
Evostream Media Server 1.7.1 (x64) - Denial of Service
Cerberus FTP Server 8.0.10.1 - Denial of Service
Cerberus FTP Server 8.0.10.1 - Denial of Service
Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
Solaris 10 sysinfo() - Local Kernel Memory Disclosure
Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1)
Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure
Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC)
Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC)
Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation
Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (1)
Forticlient 5.2.3 Windows 10 x64 (Pre Anniversary) - Privilege Escalation
Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Privilege Escalation
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation
Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation
Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation
Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (2)
Yahoo! Music Jukebox 2.2 - AddImage() ActiveX Remote Buffer Overflow (1)
Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (1)
dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow
dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow
Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (1)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2)
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1)
Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2)
Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2)
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2)
D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (2)
D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit)
D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (1)
D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit)
Azure Data Expert Ultimate 2.2.16 - Buffer Overflow
Azure Data Expert Ultimate 2.2.16 - Buffer Overflow
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1)
Article Script 1.6.3 - 'rss.php' SQL Injection (1)
Article Script 1.6.3 - 'rss.php' SQL Injection
DBHcms 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - 'code' Remote File Inclusion
LaserNet CMS 1.5 - SQL Injection (2)
LaserNet CMS 1.5 - SQL Injection
Clever Copy 3.0 - 'postview.php' SQL Injection (1)
Clever Copy 3.0 - 'postview.php' SQL Injection
phpAuction - 'profile.php' SQL Injection
phpAuction - 'profile.php' SQL Injection (1)
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (1)
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (2)
Matterdaddy Market 1.1 - Multiple SQL Injections (1)
Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections
PHPWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection (1)
PHPWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection (2)
Zeeways Shaadi Clone 2.0 - Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass (1)
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1)
DBHcms 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - 'dbhcms_core_dir' Remote File Inclusion
E-book Store - Multiple Vulnerabilities (1)
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)
E-book Store - Multiple Vulnerabilities (2)
E-book Store - Multiple Vulnerabilities
Classifieds Script - SQL Injection
Classifieds Script - 'rate' SQL Injection
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (2)
DBHcms 1.1.4 - SQL Injection
DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection
LaserNet CMS 1.5 - SQL Injection (1)
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (2)
Article Script 1.6.3 - 'rss.php' SQL Injection (2)
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (1)
Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (1)
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (2)
Fonality trixbox 2.4.2 - Cross-Site Scripting
Fonality trixbox 2.4.2 - Cross-Site Scripting (1)
Fonality trixbox 2.4.2 - Cross-Site Scripting (2)
Clever Copy 3.0 - 'postview.php' SQL Injection (2)
phpAuction - 'profile.php' SQL Injection
phpAuction - 'profile.php' SQL Injection (2)
Zeeways Shaadi Clone 2.0 - Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass (2)
DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2)
Matterdaddy Market 1.1 - Multiple SQL Injections (2)
Matterdaddy Market 1.1 - 'cat_name' Multiple SQL Injections
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)
Huawei Flybox B660 - Cross-Site Request Forgery
Huawei Flybox B660 - Cross-Site Request Forgery (1)
Huawei Flybox B660 - Cross-Site Request Forgery
Huawei Flybox B660 - Cross-Site Request Forgery (2)
Classifieds Script - SQL Injection
Classifieds Script - 'term' SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)
2017-03-31 05:01:16 +00:00
Offensive Security
8e03027ae5
DB: 2017-03-30
...
18 new exploits
FUSE fusermount Tool - Race Condition
Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure
Apache 2.2 - Scoreboard Invalid Free On Shutdown
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
FUSE fusermount Tool - Race Condition
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation
AUFS (Ubuntu 15.10) - 'allow_userns' Fuse/Xattr User Namespaces Privilege Escalation
Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation
Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation
NTP - Privilege Escalation
Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation
Disk Sorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow
DiskBoss Enterprise 7.8.16 - 'Import Command' Buffer Overflow
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow
Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH)
Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Just Dial Clone Script - 'fid' SQL Injection
Just Dial Clone Script - 'fid' Parameter SQL Injection
Just Dial Clone Script - 'srch' SQL Injection
Just Dial Clone Script - 'srch' Parameter SQL Injection
Opensource Classified Ads Script - 'keyword' Parameter SQL Injection
EyesOfNetwork (EON) 5.1 - SQL Injection
2017-03-30 05:01:15 +00:00
Offensive Security
8f7e041fcc
DB: 2017-03-29
...
6 new exploits
MikroTik RouterBoard 6.38.5 - Denial of Service
VX Search Enterprise 9.5.12 - 'Verify Email' Buffer Overflow
Microsoft Outlook - HTML Email Denial of Service
Intermec PM43 Industrial Printer - Privilege Escalation
DzSoft PHP Editor 4.2.7 - File Enumeration
Linux/x86-64 - execve(_/bin/sh_) Shellcode (21 Bytes)
2017-03-29 05:01:19 +00:00
Offensive Security
1f8c35c0c0
DB: 2017-03-28
...
25 new exploits
Samba < 3.6.2 (x86) - Denial of Serviec (PoC)
Samba < 3.6.2 (x86) - Denial of Service (PoC)
Microsoft Visual Studio 2015 update 3 - Denial of Service
Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow
Apple Safari - 'DateTimeFormat.format' Type Confusion
Apple Safari - Builtin JavaScript Allows Function.caller to be Used in Strict Mode
Apple Safari - Out-of-Bounds Read when Calling Bound Function
QNAP QTS < 4.2.4 - Domain Privilege Escalation
Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
Github Enterprise - Default Session Secret And Deserialization (Metasploit)
B2B Alibaba Clone Script - SQL Injection
B2B Alibaba Clone Script - 'IndustryID' Parameter SQL Injection
Just Another Video Script 1.4.3 - SQL Injection
Adult Tube Video Script - SQL Injection
Alibaba Clone Script - SQL Injection
B2B Marketplace Script 2.0 - SQL Injection
Php Real Estate Property Script - SQL Injection
Courier Tracking Software 6.0 - SQL Injection
Parcel Delivery Booking Script 1.0 - SQL Injection
Delux Same Day Delivery Script 1.0 - SQL Injection
Hotel Booking Script 1.0 - SQL Injection
Tour Package Booking 1.0 - SQL Injection
Professional Bus Booking Script - 'hid_Busid' Parameter SQL Injection
CouponPHP CMS 3.1 - 'code' Parameter SQL Injection
EyesOfNetwork (EON) 5.0 - Remote Code Execution
EyesOfNetwork (EON) 5.0 - SQL Injection
Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution (Metasploit)
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
2017-03-28 05:01:16 +00:00
Offensive Security
f3bbe1df4c
DB: 2017-03-26
...
2 new exploits
Forticlient 5.2.3 Windows 10 x64 (Pre Anniversary) - Privilege Escalation
Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation
2017-03-26 05:01:16 +00:00
Offensive Security
3ad96f313d
DB: 2017-03-24
...
39 new exploits
Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection (Metasploit)
Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)
Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit)
Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) (Metasploit)
EMC Replication Manager < 5.3 - Command Execution (Metasploit)
MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)
Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070) (Metasploit)
CA Arcserve D2D - GWT RPC Credential Information Disclosure (Metasploit)
Lenovo System Update - Privilege Escalation (Metasploit)
Firebird - Relational Database CNCT Group Number Buffer Overflow (Metasploit)
HP Intelligent Management Center < 5.0 E0102 - UAM Buffer Overflow (Metasploit)
VMware Host Guest Client Redirector - DLL Side Loading (Metasploit)
CADA 3S CoDeSys Gateway Server - Directory Traversal (Metasploit)
MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit)
SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit)
Ceragon FibeAir IP-10 - SSH Private Key Exposure (Metasploit)
ExaGrid - Known SSH Key and Default Password (Metasploit)
GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)
Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit)
SSH - User Code Execution (Metasploit)
Redmine SCM Repository - Arbitrary Command Execution (Metasploit)
Linux/x86 - Bind Shell Shellcode (42 bytes)
Linux/x86 - Bind Shell Shellcode (44 bytes)
Joomla! Component Modern Booking 1.0 - 'coupon' Parameter SQL Injection
Flippa Clone - SQL Injection
Centreon < 2.5.1 / Centreon Enterprise Server < 2.2 - SQL Injection / Command Injection (Metasploit)
D-Link/TRENDnet - NCC Service Command Injection (Metasploit)
Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)
MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'license.php' Remote Command Execution (Metasploit)
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'welcome' Remote Command Execution (Metasploit)
PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit)
SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)
WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - Unauthenticated File Upload (Metasploit)
SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)
WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)
Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)
2017-03-24 05:01:16 +00:00
Offensive Security
8b5b662af9
DB: 2017-03-23
...
8 new exploits
SpyCamLizard 1.230 - Denial of Service
APNGDis 2.8 - 'chunk size descriptor' Heap Buffer Overflow
APNGDis 2.8 - 'image width / height chunk' Heap Buffer Overflow
APNGDis 2.8 - 'filename' Stack Buffer Overflow
Disk Sorter Enterprise 9.5.12 - 'GET' Buffer Overflow (SEH)
SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit)
GLink Word Link Script 1.2.3 - SQL Injection
Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities
2017-03-23 05:01:16 +00:00
Offensive Security
07432556e0
DB: 2017-03-21
...
26 new exploits
FTPShell Client 6.53 - Local Buffer Overflow
FTPShell Client 6.53 - 'Session name' Local Buffer Overflow
FTPShell Server 6.56 - 'ChangePassword' Buffer Overflow
ExtraPuTTY 0.29-RC2 - Denial of Service
Google Nest Cam 5.2.1
- Buffer Overflow Conditions Over Bluetooth LE
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)
Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Buffer Overflow in 'USP10!FillAlternatesList' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011)
Microsoft GDI+ - 'gdiplus!GetRECTSForPlayback' Out-of-Bounds Read (MS17-013)
Microsoft Color Management Module 'icm32.dll' - 'icm32!Fill_ushort_ELUTs_from_lut16Tag' Out-of-Bounds Read (MS17-013)
Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)
Microsoft Color Management Module 'icm32.dll' - 'icm32!LHCalc3toX_Di16_Do16_Lut8_G32' Out-of-Bounds Read (MS17-013)
Mozilla Firefox - 'table' Use-After-Free
Microsoft Internet Explorer - 'textarea.defaultValue' Memory Disclosure (MS17-006)
HttpServer 1.0 - Directory Traversal
Cobbler 2.8.0 - Authenticated Remote Code Execution
Joomla! Component JooCart 2.x - 'product_id' Parameter SQL Injection
Joomla! Component jCart for OpenCart 2.0 - 'product_id' Parameter SQL Injection
phplist 3.2.6 - SQL Injection
D-Link DGS-1510 - Multiple Vulnerabilities
2017-03-21 05:01:17 +00:00
Offensive Security
4da96605a4
DB: 2017-03-18
...
8 new exploits
Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow
FTPShell Client 6.53 - Local Buffer Overflow
Linux/x86 - Encoded exceve(_/bin/sh_) Shellcode (44 Bytes)
Linux/x86 - Bind Shell Shellcode (51 bytes)
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
AXIS Communications - Cross-Site Scripting / Content Injection
AXIS Multiple Products - Cross-Site Request Forgery
Departmental Store Management System 1.2 - SQL Injection
2017-03-18 05:01:24 +00:00
Offensive Security
c51cc48e0e
DB: 2017-03-17
...
2 new exploits
Microsoft Edge 38.14393.0.0 - JavaScript Engine Use-After-Free
Windows DVD Maker 6.1.7 - XML External Entity Injection
2017-03-17 05:01:19 +00:00
Offensive Security
66117c63f5
DB: 2017-03-16
...
16 new exploits
Adobe Flash - Metadata Parsing Out-of-Bounds Read
Adobe Flash - MovieClip Attach init Object Use-After-Free
Adobe Flash - ATF Thumbnailing Heap Overflow
Adobe Flash - ATF Planar Decompression Heap Overflow
Adobe Flash - AVC Header Slicing Heap Overflow
Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow
USBPcap - Privilege Escalation
USBPcap 1.1.0.0 (WireShark 2.2.5) - Privilege Escalation
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation
Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)
Cisco Firepower Management Console 6.0 - Post Authentication UserAdd
Cisco Firepower Management Console 6.0 - Post Authentication UserAdd (Metasploit)
IBM WebSphere - RCE Java Deserialization (Metasploit)
Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit)
Joomla! Component Vik Appointments 1.5 - SQL Injection
Joomla! Component Vik Rent Items 1.3 - SQL Injection
Joomla! Component Vik Rent Car 1.11 - SQL Injection
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution
Steam Profile Integration 2.0.11 - SQL injection
Sitecore CMS 8.1 Update-3 - Cross-Site Scripting
2017-03-16 05:01:20 +00:00
Offensive Security
8359f0a6a2
DB: 2017-03-14
...
5 new exploits
Cerberus FTP Server 8.0.10.1 - Denial of Service
VirtualBox - Cooperating VMs can Escape from Shared Folder
Netgear R7000 and R6400 - cgi-bin Command Injection (Metasploit)
Car Workshop System - SQL Injection
Fiyo CMS 2.0.6.1 - Privilege Escalation
2017-03-14 05:01:18 +00:00
Offensive Security
d36dc6b95d
DB: 2017-03-12
...
14 new exploits
MobaXterm Personal Edition 9.4 - Directory Traversal
Windows x86 - Hide Console Window Shellcode (182 bytes)
e107 <= 2.1.4 - 'keyword' Blind SQL Injection
Domain Marketplace Script - SQL Injection
Global In - SQL Injection
Global In - Arbitrary File Upload
Vanelo - SQL Injection
Mirage - SQL Injection
Pet Listing Script 3.0 - SQL Injection
Property Listing Script 3.1 - SQL Injection
Travel Tours Script 2.0 - SQL Injection
Yacht Listing Script 2.0 - SQL Injection
Yellow Pages Script 3.2 - 'category_id' Parameter SQL Injection
PHP Forum Script 3.0 - SQL Injection
2017-03-12 05:01:18 +00:00
Offensive Security
06a7933be4
DB: 2017-03-09
...
8 new exploits
USBPcap - Privilege Escalation
Linux - Reverse Shell Shellcode (66 bytes)
Linux - Reverse Shell Shellcode (65 bytes)
Themeforest Clone Script - SQL Injection
Graphicriver Clone Script - SQL Injection
Codecanyon Clone Script - SQL Injection
Audiojungle Clone Script - SQL Injection
Videohive Clone Script - SQL Injection
Envato Clone Script - SQL Injection
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
2017-03-09 05:01:19 +00:00
Offensive Security
6883068111
DB: 2017-03-08
...
5 new exploits
Evostream Media Server 1.7.1 (x64) - Denial of Service
Azure Data Expert Ultimate 2.2.16 - Buffer Overflow
Mini CMS 1.1 - 'name' Parameter SQL Injection
Daily Deals Script 1.0 - 'id' Parameter SQL Injection
Bull/IBM AIX Clusterwatch/Watchware - Multiple Vulnerabilities
2017-03-08 05:01:19 +00:00
Offensive Security
9aef664a7e
DB: 2017-03-07
...
31 new exploits
iSQL 1.0 - isql_main.c Buffer Overflow (PoC)
iSQL 1.0 - 'isql_main.c' Buffer Overflow (PoC)
Memcached 1.4.33 - 'Crash' PoC
Memcached 1.4.33 - 'Add' PoC
Memcached 1.4.33 - 'sasl' PoC
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC)
Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)
Microsoft Windows gdi32.dll - EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure
Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure
Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check
Microsoft Office PowerPoint 2010 - GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)
Conext ComBox 865-1058 - Denial of Service
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition PoC (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition PoC (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access)
CyberGhost 6.0.4.2205 - Privilege Escalation
FTPShell Client 6.53 - Buffer Overflow
Linux/x86-64 - /bin/sh Shellcode
Linux/x86-64 - /bin/sh Shellcode (34 bytes)
Linux/x86-64 - Reverse Shell Shellcode
Linux/x86-64 - Reverse Shell Shellcode (134 bytes)
Linux/x86-64 - XOR Encode execve Shellcode
Linux/x86-64 - XOR Encode execve Shellcode (84 bytes)
Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86_64 - Random Listener Shellcode (54 bytes)
Linux/x86-64 - Random Listener Shellcode (54 bytes)
Wordpress < 4.7.1 - Username Enumeration
WordPress < 4.7.1 - Username Enumeration
Advanced Bus Booking Script 2.04 - SQL Injection
Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' Parameter SQL Injection
Single Theater Booking Script - 'newsid' Parameter SQL Injection
Responsive Events & Movie Ticket Booking Script - SQL Injection
Online Cinema and Event Booking Script 2.01 - 'newsid' Parameter SQL Injection
Redbus Clone Script 3.05 - 'hid_Busid' Parameter SQL Injection
Groupon Clone Script 3.01 - 'catid' Parameter SQL Injection
Naukri Clone Script 3.02 - 'type' Parameter SQL Injection
Yellow Pages Clone Script 1.3.4 - SQL Injection
Advanced Matrimonial Script 2.0.3 - SQL Injection
Advanced Real Estate Script 4.0.6 - SQL Injection
PHP Classifieds Rental Script 3.6.0 - 'scatid' Parameter SQL Injection
Entrepreneur B2B Script 2.0.4 - 'id' Parameter SQL Injection
PHP Matrimonial Script 3.0 - SQL Injection
MLM Binary Plan Script 2.0.5 - SQL Injection
MLM Forced Matrix 2.0.7 - SQL Injection
MLM Forex Market Plan Script 2.0.1 - SQL Injection
MLM Membership Plan Script 2.0.5 - SQL Injection
Multireligion Responsive Matrimonial Script 4.7.1 - SQL Injection
Network Community Script 3.0.2 - SQL Injection
PHP B2B Script 3.05 - SQL Injection
Responsive Matrimonial Script 4.0.1 - SQL Injection
Schools Alert Management Script 2.01 - 'list_id' Parameter SQL Injection
Select Your College Script 2.01 - SQL Injection
Social Network Script 3.01 - 'id' Parameter SQL Injection
Website Broker Script 3.02 - 'view' Parameter SQL Injection
WordPress Multiple Plugins - Arbitrary File Upload
Deluge Web UI 1.3.13 - Cross-Site Request Forgery
2017-03-07 05:01:20 +00:00
Offensive Security
846ce42eca
DB: 2017-03-02
...
14 new exploits
SysGauge 1.5.18 - Buffer Overflow
WePresent WiPG-1500 - Backdoor Account
Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes)
DLink DSL-2730U Wireless N 150 - Cross-Site Request Forgery
Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery
SchoolDir - SQL Injection
Rage Faces Script 1.3 - SQL Injection
Meme Maker Script 2.1 - 'user' Parameter SQL Injection
2017-03-02 05:01:19 +00:00
Offensive Security
7fa7a111c4
DB: 2017-03-01
...
5 new exploits
BlueIris 4.5.1.4 - Denial of Service
Synchronet BBS 3.16c - Denial of Service
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Privilege Escalation
Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery
2017-03-01 05:01:18 +00:00
Offensive Security