Offensive Security
ef4c288da7
DB: 2017-09-19
...
16 new exploits
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1)
Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (1)
Cam2pc 4.6.2 - BMP Image Processing Integer Overflow
Cam2pc 4.6.2 - '.BMP' Image Processing Integer Overflow
Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering Unspecified Buffer Overflow
Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering CMP Fencepost Denial of Service
Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Unspecified Buffer Overflow
Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering CMP Fencepost Denial of Service
Apple QuickTime 6.4/6.5/7.0.x - PictureViewer JPEG/PICT File Buffer Overflow
Apple QuickTime 6.4/6.5/7.0.x - PictureViewer '.JPEG'/.PICT' File Buffer Overflow
Tony Cook Imager 0.4x - JPEG and TGA Images Denial of Service
Tony Cook Imager 0.4x - '.JPEG' / '.TGA' Images Denial of Service
Microsoft Windows Kernel - 'win32k!NtQueryCompositionSurfaceBinding' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetFontResourceInfoInternalW' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure
Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure
Adobe Reader X 10.1.4.38 - BMP/RLE Heap Corruption
Adobe Reader X 10.1.4.38 - '.BMP'/'.RLE' Heap Corruption
XV 3.x - BMP Parsing Local Buffer Overflow
XV 3.x - '.BMP' Parsing Local Buffer Overflow
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2)
GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized JPEG Image Access
GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized '.JPEG' Image Access
Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload (Metasploit)
Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit)
XOOPS 2.3.2 - (mydirname) Remote PHP Code Execution
XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution
Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)
UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass
iBall ADSL2+ Home Router - Authentication Bypass
Apache - HTTP OPTIONS Memory Leak
2017-09-19 05:01:33 +00:00
Offensive Security
bc6f82924c
DB: 2017-09-18
...
3 new exploits
Netdecision 5.8.2 - Local Privilege Escalation
PTCEvolution 5.50 - SQL Injection
Contact Manager 1.0 - 'femail' Parameter SQL Injection
2017-09-18 05:01:20 +00:00
Offensive Security
6e81f8d635
DB: 2017-09-15
...
13 new exploits
MPlayer - '.SAMI' Subtitle File Buffer Overflow (DEP Bypass) (Metasploit)
Trend Micro Control Manager - ImportFile Directory Traversal RCE (Metasploit)
Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution (Metasploit)
EMC AlphaStor Library Manager < 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit)
EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit)
Lockstep Backup for Workgroups 4.0.3 - Buffer Overflow (Metasploit)
Disk Pulse Server 2.2.34 - GetServerInfo Buffer Overflow (Metasploit)
haneWIN DNS Server 1.5.3 - Buffer Overflow (Metasploit)
KingScada AlarmServer 3.1.2.13 - Stack Buffer Overflow (Metasploit)
Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit)
Enterprise Edition Payment Processor Script 3.7 - SQL Injection
Adserver Script 5.6 - SQL Injection
PTC KSV1 Script 1.7 - 'type' Parameter SQL Injection
Theater Management Script - SQL Injection
Justdial Clone Script - 'fid' Parameter SQL Injection
2017-09-15 05:01:22 +00:00
Offensive Security
183eb53e48
DB: 2017-09-14
...
44 new exploits
Mako Web Server 2.5 - Multiple Vulnerabilities
ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit)
Trend Micro Control Manager - ImportFile Directory Traversal RCE (Metasploit)
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)
Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit)
Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit)
Motorola Netopia Netoctopus SDCS - Stack Buffer Overflow (Metasploit)
Alienvault Open Source SIEM (OSSIM) < 4.7.0 - 'get_license' Remote Command Execution (Metasploit)
Infinite Automation Mango Automation - Command Injection (Metasploit)
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit)
EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution (Metasploit)
EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit)
Dameware Mini Remote Control 4.0 - Username Stack Buffer Overflow (Metasploit)
Cloudview NMS < 2.00b - Arbitrary File Upload (Metasploit)
Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution (Metasploit)
Alienvault OSSIM av-centerd 4.7.0 - 'get_log_line' Command Injection (Metasploit)
Microsoft Windows .NET Framework - Remote Code Execution
ICLowBidAuction 3.3 - SQL Injection
ICMLM 2.1 - 'key' Parameter SQL Injection
ICHotelReservation 3.3 - 'key' Parameter SQL Injection
ICAuction 2.2 - 'id' Parameter SQL Injection
ICDoctor Appointment 1.3 - 'key' Parameter SQL Injection
ICRestaurant software 1.4 - 'key' Parameter SQL Injection
ICDutchAuction 1.2 - SQL Injection
ICAutosales 2.2 - SQL Injection
ICTraveling 2.2 - Authentication Bypass
ICStudents 1.2 - 'key' Parameter SQL Injection
ICClassifieds 1.1 - SQL Injection
ICSurvey 1.1 - SQL Injection
ICJewelry 1.1 - 'key' Parameter SQL Injection
IC-T-Shirt 1.2 - 'key' Parameter SQL Injection
ICProductConfigurator 1.1 - 'key' Parameter SQL Injection
ICGrocery 1.1 - 'key' Parameter SQL Injection
ICCallLimousine 1.1 - 'key' Parameter SQL Injection
ICProjectBidding 1.1 - SQL Injection
ICDental Clinic 1.2 - 'key' Parameter SQL Injection
ICEstate 1.1 - 'id' Parameter SQL Injection
ICHelpDesk 1.1 - 'pk' Parameter SQL Injection
ICSiteBuilder 1.1 - SQL Injection
ICAffiliateTracking 1.1 - Authentication Bypass
Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit)
Carlo Gavazzi Powersoft 2.1.1.1 - Directory Traversal File Disclosure (Metasploit)
Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)
Carel PlantVisor 2.4.4 - Directory Traversal
2017-09-14 05:01:22 +00:00
Offensive Security
590c03106b
DB: 2017-09-13
...
15 new exploits
tcprewrite - Heap-Based Buffer Overflow
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization
Docker Daemon - Unprotected TCP Socket
Jungo DriverWizard WinDriver <= 12.4.0 - Kernel Pool Overflow
Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
osTicket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
PHP Dashboards NEW 4.4 - Arbitrary File Read
PHP Dashboards NEW 4.4 - SQL Injection
JobStar Monster Clone Script 1.0 - SQL Injection
iTech Book Store Script 2.02 - SQL Injection
iTech StockPhoto Script 2.02 - SQL Injection
EduStar Udemy Clone Script 1.0 - SQL Injection
AirStar Airbnb Clone Script 1.0 - SQL Injection
osTicket 1.10 - SQL Injection
FoodStar 1.0 - SQL Injection
Gr8 Multiple Search Engine Script 1.0 - SQL Injection
inClick Cloud Server 5.0 - SQL Injection
2017-09-13 05:01:22 +00:00
Offensive Security
67b3da92e4
DB: 2017-09-08
...
4 new exploits
Tor - Linux Sandbox Breakout via X11
Tor (Linux) - X11 Linux Sandbox Breakout
Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution
Gh0st Client - Buffer Overflow (Metasploit)
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Root Remote Code Execution
Ultimate HR System <= 1.2 - Directory Traversal / Cross-Site Scripting
Online Invoice System 3.0 - SQL Injection
2017-09-08 05:01:20 +00:00
Offensive Security
a1eeba1263
DB: 2017-09-07
...
9 new exploits
Sambar FTP Server 6.4 - (SIZE) Remote Denial of Service
Sambar FTP Server 6.4 - 'SIZE' Remote Denial of Service
Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)
Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)
2WIRE DSL Router (xslt) - Denial of Service
2WIRE DSL Router - 'xslt' Denial of Service
ooVoo 1.7.1.35 - (URL Protocol) Remote Unicode Buffer Overflow (PoC)
ooVoo 1.7.1.35 - 'URL Protocol' Remote Unicode Buffer Overflow (PoC)
Optimal Archive 1.38 - '.zip' File (SEH) (PoC)
Optimal Archive 1.38 - '.zip' File Exploit (SEH) (PoC)
Subtitle Translation Wizard 3.0.0 - (SEH) (PoC)
Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC)
Virtual DJ Trial 6.1.2 - Buffer Overflow (SEH) Crash (PoC)
Virtual DJ Trial 6.1.2 - Buffer Overflow Crash (SEH) (PoC)
VideoLAN VLC Media Player 1.1.9 - XSPF Local File Integer Overflow in XSPF Playlist parser
VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow
Winlog Lite SCADA HMI system - (SEH) Overwrite
Winlog Lite SCADA HMI system - Overwrite (SEH)
FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC)
FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC)
Sony PC Companion 2.1 - (DownloadURLToFile()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Load()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (CheckCompatibility()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow
Sambar Server 6.0 - results.stm Post Request Buffer Overflow
Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow
Samba nttrans Reply - Integer Overflow
Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) Denial of Service
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service)
i.FTP 2.21 - (SEH) Overflow Crash (PoC)
i.FTP 2.21 - Overflow Crash (SEH) (PoC)
Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC)
Sam Spade 1.14 - Scan From IP Address Field Overflow Crash (SEH) (PoC)
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite (SEH) Buffer Overflow
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH)
Network Scanner 4.0.0.0 - (SEH)Crash (PoC)
Network Scanner 4.0.0.0 - Crash (SEH) (PoC)
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service)
Symantec AntiVirus - Remote Stack Buffer Overflow in dec2lha Library
Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow
WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales
WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow
Firebird 1.0.2 FreeBSD 4.7-RELEASE - Privilege Escalation
Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Privilege Escalation
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH)
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode)
Quick Player 1.2 - Unicode Buffer Overflow
DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit
Quick Player 1.2 - Unicode Buffer Overflow (1)
DJ Studio Pro 5.1.6.5.2 - Exploit (SEH)
Quick Player 1.2 - Unicode Buffer Overflow (Bindshell)
Quick Player 1.2 - Unicode Buffer Overflow (2)
Winamp 5.572 - (SEH) Exploit
Winamp 5.572 - Exploit (SEH)
ZipScan 2.2c - (SEH) Exploit
ZipScan 2.2c - Exploit (SEH)
Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit)
Winamp 5.572 - 'whatsnew.txt' Exploit (SEH) (Metasploit)
Mediacoder 0.7.3.4672 - (SEH) Exploit
Mediacoder 0.7.3.4672 - Exploit (SEH)
SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow (PoC)
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC)
MoreAmp - '.maf' Local Stack Buffer Overflow (SEH) (calc)
BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow
MoreAmp - '.maf' Local Stack Buffer Overflow (SEH)
BlazeDVD 6.0 - '.plf' File Universal Buffer Overflow (SEH)
ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit)
ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass (SEH) (Metasploit)
MP3 Workstation 9.2.1.1.2 - (SEH) Exploit
MP3 Workstation 9.2.1.1.2 - Exploit (SEH)
DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit
DJ Studio Pro 8.1.3.2.1 - Exploit (SEH)
MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit)
MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit)
iworkstation 9.3.2.1.4 - (SEH) Exploit
iworkstation 9.3.2.1.4 - Exploit (SEH)
Winamp 5.6 - Arbitrary Code Execution in MIDI Parser
Winamp 5.6 - 'MIDI Parser' Arbitrary Code Execution
BS.Player 2.57 - Buffer Overflow (Unicode SEH)
BS.Player 2.57 - Buffer Overflow (SEH Unicode)
Nokia MultiMedia Player 1.0 - (SEH Unicode)
Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode)
POP Peeper 3.7 - (SEH) Exploit
POP Peeper 3.7 - Exploit (SEH)
Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (Unicode SEH)
Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (SEH Unicode)
BS.Player 2.57 - Buffer Overflow (Unicode SEH) (Metasploit)
BS.Player 2.57 - Buffer Overflow (SEH Unicode) (Metasploit)
DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit)
DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit)
Samba 2.0.7 SWAT - Logfile Permissions
Samba 2.0.7 - SWAT Logfile Permissions
Static HTTP Server 1.0 - (SEH) Overflow
Static HTTP Server 1.0 - Overflow (SEH)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (SEH Unicode)
Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH) 'UNICODE'
Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH Unicode)
GOM Player 2.2.53.5169 - Buffer Overflow (SEH) (.reg)
GOM Player 2.2.53.5169 - '.reg' Buffer Overflow (SEH)
Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter)
Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)
Total Commander 8.52 - Overwrite (SEH) Buffer Overflow
Total Commander 8.52 - Overwrite Buffer Overflow (SEH)
TECO SG2 LAD Client 3.51 - '.gen' Overwrite (SEH) Buffer Overflow
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite (SEH) Buffer Overflow
TECO SG2 LAD Client 3.51 - '.gen' Overwrite Buffer Overflow (SEH)
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite Buffer Overflow (SEH)
Jungo DriverWizard WinDriver - Kernel Pool Overflow
Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation
Tor - Linux Sandbox Breakout via X11
Samba < 2.2.8 (Linux/BSD) - Remote Code Execution
Samba 3.0.4 SWAT - Authorisation Buffer Overflow
Samba 3.0.4 - SWAT Authorisation Buffer Overflow
BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) Universal
BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH)
Samba 2.2.x - nttrans Overflow (Metasploit)
Samba 2.2.x - 'nttrans' Overflow (Metasploit)
BigAnt Server 2.52 - (SEH) Exploit
BigAnt Server 2.52 - Exploit (SEH)
File Sharing Wizard 1.5.0 - (SEH) Exploit
File Sharing Wizard 1.5.0 - Exploit (SEH)
Samba - 'Username' map script' Command Execution (Metasploit)
Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)
Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
Samba 2.2.8 (BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
Samba 2.0.7 SWAT - Logging Failure
Samba 2.0.7 - SWAT Logging Failure
Sambar Server 4.4/5.0 - pagecount File Overwrite
Sambar Server 4.4/5.0 - 'pagecount' File Overwrite
Sambar Server 5.x - results.stm Cross-Site Scripting
Sambar Server 5.x - 'results.stm' Cross-Site Scripting
Samba SMB 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow
Samba 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow
BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass)
BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based Exploit (SEH) (ASLR + DEP Bypass)
Sambar 5.x - Open Proxy / Authentication Bypass
Sambar Server 5.x - Open Proxy / Authentication Bypass
Sambar Server 6.1 Beta 2 - show.asp show Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - showperf.asp title Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - showini.asp Arbitrary File Access
Sambar Server 6.1 Beta 2 - 'show.asp' show Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - 'showperf.asp' title Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - 'showini.asp' Arbitrary File Access
Sambar Server 5.x/6.0/6.1 - results.stm indexname Cross-Site Scripting
Sambar Server 5.x/6.0/6.1 - 'results.stm' indexname Cross-Site Scripting
Ruby 1.9.1 - WEBrick Terminal Escape Sequence in Logs Command Injection
Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection
Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection
Varnish 2.0.6 - 'Terminal Escape Sequence in Logs' Command Injection
Yaws 1.55 - Terminal Escape Sequence in Logs Command Injection
Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection
Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection
Orion Application Server 2.0.7 - 'Terminal Escape Sequence in Logs' Command Injection
Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH)
Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH)
Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures
WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures
PHP-Nuke 8.0 - Cross-Site Scripting / HTML Code Injection in News Module
PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection
PHP-decoda - Cross-Site Scripting In Video Tag
PHP-decoda - 'Video Tag' Cross-Site Scripting
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API
vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting
vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection
Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)
WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear'
WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation
FineCMS 1.0 - Multiple Vulnerabilities
FineCMS 1.0 - Multiple Vulnerabilities
A2billing 2.x - SQL Injection
Cory Support - 'pr' Parameter SQL Injection
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection
2017-09-07 05:01:26 +00:00
Offensive Security
69443c8521
DB: 2017-09-06
...
5 new exploits
Samba 2.2.8 - Remote Code Execution
Samba < 2.2.8 (Linux/BSD) - Remote Code Execution
Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution
A2billing 2.x - Backup File Download / Remote Code Execution
iGreeting Cards 1.0 - SQL Injection
WordPress Plugin Participants Database < 1.7.5.10 - Cross-Site Scripting
The Car Project 1.0 - SQL Injection
2017-09-06 05:01:20 +00:00
Offensive Security
427165968d
DB: 2017-09-05
...
9 new exploits
IBM Notes 8.5.x/9.0.x - Denial of Service (2)
Lotus Notes Diagnostic Tool 8.5/9.0 - Privilege Escalation
RubyGems < 2.6.13 - Arbitrary File Overwrite
Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow
Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' Parameter SQL Injection
Joomla! Component CheckList 1.1.0 - SQL Injection
Wireless Repeater BE126 - Remote Code Execution
CodeMeter 6.50 - Cross-Site Scripting
Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery
2017-09-05 05:01:31 +00:00
Offensive Security
572d7c5002
DB: 2017-09-04
...
2 new exploits
IBM Notes 8.5.x/9.0.x - Denial of Service
FineCMS 1.0 - Multiple Vulnerabilities
2017-09-04 05:01:22 +00:00
Offensive Security
13819fd065
DB: 2017-08-30
...
10 new exploits
ProFTPd 1.2.0 (rc2) - memory leakage example Exploit
ProFTPd 1.2.0pre10 - Remote Denial of Service
ProFTPd 1.2.0 rc2 - Memory Leakage Exploit
ProFTPd 1.2.0 pre10 - Remote Denial of Service
ProFTPd 1.3.0a - (mod_ctrls support) Local Buffer Overflow (PoC)
ProFTPd 1.3.0a - 'mod_ctrls support' Local Buffer Overflow (PoC)
ProFTPd mod_sftp - Integer Overflow Denial of Service (PoC)
ProFTPd - 'mod_sftp' Integer Overflow Denial of Service (PoC)
ProFTPd 1.2 - SIZE Remote Denial of Service
ProFTPd 1.2 - 'SIZE' Remote Denial of Service
ProFTPd 1.2.x - STAT Command Denial of Service
ProFTPd 1.2.x - 'STAT' Denial of Service
ProFTPd - (ftpdctl) Local pr_ctrls_connect
ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit
ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (1)
ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (2)
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (1)
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (2)
ProFTPd 1.3.0/1.3.0a - (mod_ctrls) Local Overflow (exec-shield)
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' Local Overflow (exec-shield)
ProFTPd 1.3.0 - mod_ctrls Local Stack Overflow (OpenSUSE)
ProFTPd 1.3.0 (OpenSUSE) - 'mod_ctrls' Local Stack Overflow
Easy Vedio to PSP Converter 1.6.20 - Buffer Overflow (SEH)
ProFTPd 1.2.9RC1 - 'mod_sql' SQL Injection
ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection
ProFTPd 1.3.0 - (sreplace) Remote Stack Overflow (Metasploit)
ProFTPd 1.3.0 - 'sreplace' Remote Stack Overflow (Metasploit)
ProFTPd 1.x (module mod_tls) - Remote Buffer Overflow
ProFTPd 1.x - 'mod_tls module' Remote Buffer Overflow
ProFTPd 1.3.2rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow (Metasploit)
ProFTPd 1.2 < 1.3.0 (Linux) - sreplace Buffer Overflow (Metasploit)
ProFTPd 1.3.2 rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow (Metasploit)
ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Buffer Overflow (Metasploit)
ProFTPd 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit)
ProFTPd 1.3.2 rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit)
FreeBSD ftpd and ProFTPd on FreeBSD - Remote Command Execution
ftpd / ProFTPd (FreeBSD) - Remote Command Execution
ProFTPd 1.2 pre6 - snprintf Exploit
ProFTPd 1.2 pre6 - 'snprintf' Remote Root Exploit
D-Link DIR-645 / DIR-815 - diagnostic.php Command Execution (Metasploit)
D-Link DIR-645 / DIR-815 - 'diagnostic.php' Command Execution (Metasploit)
D-Link DIR615h - OS Command Injection (Metasploit)
D-Link DIR-615H - OS Command Injection (Metasploit)
ProFTPd 1.3.5 - (mod_copy) Remote Command Execution
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution
ProFTPd 1.3.5 - 'Mod_Copy' Command Execution (Metasploit)
ProFTPd 1.3.5 - 'mod_copy' Command Execution (Metasploit)
QNAP Transcode Server - Command Execution (Metasploit)
D-Link DIR-600 / DIR-300 (rev B) - Multiple Vulnerabilities
D-Link DIR-600 / DIR-300 (Rev B) - Multiple Vulnerabilities
D-Link DIR-615 rev H - Multiple Vulnerabilities
D-Link DIR-615 Rev H - Multiple Vulnerabilities
D-Link DIR-615 Hardware rev D3 / DIR-300 Hardware rev A - Multiple Vulnerabilities
D-Link DIR-615 Rev D3 / DIR-300 Rev A - Multiple Vulnerabilities
D-Link DIR-615 Hardware vE4 Firmware 5.10 - Cross-Site Request Forgery
D-Link DIR-615 vE4 Firmware 5.10 - Cross-Site Request Forgery
D-Link DIR-600L Hardware Version AX Firmware 1.00 - Cross-Site Request Forgery
D-Link DIR-600L AX 1.00 - Cross-Site Request Forgery
NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting
NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)
D-Link DIR-600 - Authentication Bypass
Car or Cab Booking Script - Authentication Bypass
PHP Appointment Booking Script - Authentication Bypass
User Login and Management - Multiple Vulnerabilities
PHP Video Battle Script 1.0 - SQL Injection
Brickcom IP Camera - Credentials Disclosure
2017-08-30 05:01:38 +00:00
Offensive Security
711d6a6a43
DB: 2017-08-29
...
21 new exploits
Easy DVD Creator 2.5.11 - Buffer Overflow (SEH)
Easy WMV/ASF/ASX to DVD Burner 2.3.11 - Buffer Overflow (SEH)
Easy RM RMVB to DVD Burner 1.8.11 - Buffer Overflow (SEH)
Dup Scout Enterprise 9.9.14 - Buffer Overflow (SEH)
Disk Savvy Enterprise 9.9.14 - Buffer Overflow (SEH)
Sync Breeze Enterprise 9.9.16 - Buffer Overflow (SEH)
Disk Pulse Enterprise 9.9.16 - Buffer Overflow (SEH)
Joomla! Component MasterForms 1.0.3 - SQL Injection
Joomla! Component Photo Contest 1.0.2 - SQL Injection
Wireless Repeater BE126 - Local File Inclusion
Joomla! Component OSDownloads 1.7.4 - SQL Injection
AutoCar 1.1 - 'category' Parameter SQL Injection
Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection
Matrimonial Script 2.7 - Authentication Bypass
Smart Chat 1.0.0 - SQL Injection
FTP Made Easy PRO 1.2 - SQL Injection
WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download
Easy Web Search 4.0 - SQL Injection
PHP Search Engine 1.0 - SQL Injection
Flash Poker 2.0 - 'game' Parameter SQL Injection
Login-Reg Members Management PHP 1.0 - Arbitrary File Upload
Schools Alert Management Script - Authentication Bypass
2017-08-29 05:01:21 +00:00
Offensive Security
c388cc7a95
DB: 2017-08-26
...
7 new exploits
MP3 WAV to CD Burner 1.4.24 - Buffer Overflow (SEH)
My Video Converter 1.5.24 - Buffer Overflow (SEH)
Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Buffer Overflow (SEH)
Easy AVI DivX Converter 1.2.24 - Buffer Overflow (SEH)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1)
Joomla! Component Bargain Product VM3 1.0 - 'product_id' Parameter SQL Injection
Joomla! Component Price Alert 3.0.2 - 'product_id' Parameter SQL Injection
Joomla! Component MasterForms 1.0.3 - SQL Injection
2017-08-26 05:01:24 +00:00
Offensive Security
d4775ec75b
DB: 2017-08-25
2017-08-25 05:01:28 +00:00
Offensive Security
dd6e8a4e4c
DB: 2017-08-24
...
13 new exploits
libgig 4.0.0 - LinuxSampler Multiple Vulnerabilities
Microsoft Internet Explorer - wshom.ocx (Run) ActiveX Remote Code Execution (Add Admin)
Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin)
Automated Logic WebCTRL 6.5 - Local Privilege Escalation
Microsoft Internet Explorer - (createTextRang) Download Shellcode Exploit (1)
Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (1)
Microsoft Internet Explorer - wshom.ocx ActiveX Control Remote Code Execution
Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution
Easy File Management Web Server 5.3 - UserID Remote Buffer Overflow (ROP)
Easy File Management Web Server 5.3 - 'UserID' Remote Buffer Overflow (ROP)
Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow
Easy File Management Web Server 5.6 - 'USERID' Remote Buffer Overflow
BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes)
BSD/x86 - Bind TCP Shell (Random TCP Port) Shellcode (143 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)
Linux/x86 - Bind TCP Shellcode (Generator)
Linux/x86 - Bind TCP Shell Shellcode (Generator)
Linux/x86 - Command Null-Free Shellcode (Generator)
Linux/x86 - Command Generator Null-Free Shellcode (Generator)
Cisco IOS/PowerPC - Bind Password (1rmp455) Shellcode (116 bytes)
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve Shellcode (60 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes)
Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes)
Linux/x86 - Forks a HTTP Server on 8800/TCP Shellcode (166 bytes)
Linux/x86 - Listens on 5555/TCP + Jumps to it Shellcode (83 bytes)
Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)
Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes)
Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)
Linux/x86 - File Reader Shellcode (65+ bytes)
Linux/x86 - Read /etc/passwd Shellcode (65+ bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access Shellcode (86 bytes)
Linux/x86 - Ho' Detector - Promiscuous mode detector Shellcode (56 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)
Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)
Linux/x86 - system-beep Shellcode (45 bytes)
Linux/x86 - System Beep Shellcode (45 bytes)
Linux/x86 - rm -rf / Attempts To Block The Process From Being Stopped Shellcode (132 bytes)
Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes)
Linux/x86 - raw-socket ICMP/checksum shell Shellcode (235 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - kill all processes Shellcode (11 bytes)
Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - Kill All Processes Shellcode (11 bytes)
Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A ) + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - re-use of /bin/sh string in .rodata Shellcode (16 bytes)
Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh) + .ZIP Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + .RTF Header Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + .RIFF Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + .BMP Bitmap Header Shellcode (27 bytes)
Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes)
Linux/x86 - SWAP store from /tmp/sws Shellcode (99 bytes)
Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)
Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads + JMP Shellcode (68+ bytes)
Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes)
Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin ) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)
Linux/x86 - TCP Proxy (192.168.1.16:1280) All Connect() Null-Free Shellcode (236 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() Shellcode (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) Shellcode (45 bytes)
Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes)
Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes)
Linux/x86 - normal exit with random (so to speak) return value Shellcode (5 bytes)
Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)
Linux/x86 - Socket-proxy Shellcode (372 bytes)
Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)
Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (187+ bytes)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes)
Linux/x86 - Radically Self-Modifying Shellcode (70 bytes)
Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes)
Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)
Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less Shellcode (45 bytes)
Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)
Linux/x86 - kill snort Shellcode (151 bytes)
Linux/x86 - Kill Snort Shellcode (151 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - eject /dev/cdrom Shellcode (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 Shellcode (132 bytes)
Linux/x86 - ipchains -F Shellcode (49 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes)
Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)
Linux/x86 - execve /bin/sh (tolower() Evasion) Shellcode (41 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh (toupper() Evasion) Shellcode (55 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)
NetBSD/x86 - kill all processes Shellcode (23 bytes)
NetBSD/x86 - Callback 6666/TCP Shellcode (83 bytes)
NetBSD/x86 - Kill All Processes Shellcode (23 bytes)
NetBSD/x86 - Reverse TCP Shell (6666/TCP) Shellcode (83 bytes)
OSX/PPC - Add inetd backdoor Shellcode (222 bytes)
OSX/PPC - reboot Shellcode (28 bytes)
OSX/PPC - Add inetd (/etc/inetd.conf) Backdoor (Bind 6969/TCP Shell) Shellcode (222 bytes)
OSX/PPC - Reboot Shellcode (28 bytes)
OSX/PPC - create /tmp/suid Shellcode (122 bytes)
OSX/PPC - simple write() Shellcode (75 bytes)
OSX/PPC - Create /tmp/suid Shellcode (122 bytes)
OSX/PPC - Simple write() Shellcode (75 bytes)
Solaris/SPARC - Download File + Execute Shellcode (278 bytes)
Solaris/SPARC - Download File (http://evil-dl/ ) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes)
Solaris/SPARC - Bind TCP /bin/sh Shell (6789/TCP) Shellcode (228 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Solaris/x86 - Bind TCP Shell Shellcode (Generator)
Solaris/x86 - execve /bin/sh toupper evasion Shellcode (84 bytes)
Solaris/x86 - Add services and execve inetd Shellcode (201 bytes)
Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes)
Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Linux/x86 - kill all processes Shellcode (9 bytes)
Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe ) + Execute Shellcode (218+ bytes)
Linux/x86 - Kill All Processes Shellcode (9 bytes)
Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Linux/x86 - eject /dev/cdrom Shellcode (42 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Linux/x86 - Disabled modsecurity Shellcode (64 bytes)
Linux/x86 - Disable modsecurity Shellcode (64 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Solaris/x86 - Download File Shellcode (79 bytes)
Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes)
Solaris/x86 - Download File (http://shell-storm.org/exemple-solaris ) Shellcode (79 bytes)
Linux/x86 - Disable ASLR Security Shellcode (106 bytes)
Linux/x86 - kill all running process Shellcode (11 bytes)
Linux/x86 - Kill All Running Process Shellcode (11 bytes)
Solaris/x86 - SystemV killall command Shellcode (39 bytes)
Solaris/x86 - SystemV killall Command Shellcode (39 bytes)
Windows x86 - Checksum Routine Shellcode (18 bytes)
Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes)
ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader (0x1337/TCP) Shellcode
ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/UDP) Shellcode
ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
OSX - Universal ROP Shellcode
Linux/MIPS - execve Shellcode (52 bytes)
OSX - Universal ROP + Reverse TCP Shell Shellcode
Linux/MIPS - execve /bin/sh Shellcode (52 bytes)
Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes)
Windows - URLDownloadToFile + WinExec + ExitProcess Shellcode
Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt ) + WinExec + ExitProcess Shellcode
Linux/x86 - Socket Re-use Shellcode (50 bytes)
Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)
Linux/x86-64 - Position independent + execve(_/bin/sh\0__NULL_NULL); Alphanumeric Shellcode (87 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes)
Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile Shellcode (118 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x86 - execve _/bin/sh_ Shellcode (35 bytes)
Linux/x86 - execve /bin/sh Shellcode (35 bytes)
Linux/x86 - Execve /bin/sh Via Push Shellcode (21 bytes)
Linux/x86-64 - Execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - execve /bin/sh Via Push Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - execve _/bin/sh_ Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (26 bytes)
Linux/x86 - /etc/passwd Reader Shellcode (58 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 bytes)
Linux/x86 - execve _/bin/sh_ Shellcode (24 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes)
Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes)
Linux x86/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (251 bytes)
Linux/x86-64 - Execve-Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Bind Shell Shellcode (Generator)
Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes)
Linux/x86-64 - Bind TCP Shell Shellcode (Generator)
Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes)
Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes)
Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes)
Linux/x86-64 - Information Stealer Shellcode (399 bytes)
Linux/x86-64 - Download File (http://192.168.30.129/pri.sh ) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444) Shellcode (75 bytes)
Windows x64 - Download File + Execute Shellcode (358 bytes)
Windows x64 - Download File (http://192.168.10.129/pl.exe ) + Execute (C:\Users\Public\p.exe) Shellcode (358 bytes)
Linux/x86-64 - Random Listener Shellcode (54 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes)
Linux/x86-64 - Setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86-64 - setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes)
Linux/x86 - File Reader Shellcode (54 Bytes)
Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 Bytes)
Matrimonial Script - SQL Injection
Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution
Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write
iTech B2B Script 4.42 - SQL Injection
iTech Business Networking Script 8.26 - SQL Injection
iTech Caregiver Script 2.71 - SQL Injection
iTech Classifieds Script 7.41 - SQL Injection
iTech Image Sharing Script 4.13 - SQL Injection
iTech Freelancer Script 5.27 - SQL Injection
iTech Travel Script 9.49 - SQL Injection
iTech Multi Vendor Script 6.63 - SQL Injection
2017-08-24 05:01:22 +00:00
Offensive Security
c7b4bfd8e6
DB: 2017-08-23
...
23 new exploits
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow
Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow
VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow
Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit)
IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit)
BSD - Passive Connection Shellcode (124 bytes)
BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)
BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes)
BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes)
BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes)
BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes)
BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes)
BSD/x86 - Bind Random Port Shellcode (143 bytes)
BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes)
BSD/x86 - execve /bin/sh Shellcode (27 bytes)
BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes)
BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)
BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes)
BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes)
BSD/x86 - cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes)
BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes)
BSD/x86 - execve /bin/cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes)
FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes)
BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes)
FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes)
FreeBSD/x86 - kill all processes Shellcode (12 bytes)
FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes)
FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes)
FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes)
FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes)
FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes)
FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes)
FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)
FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes)
Linux/x86 - Bind Shellcode (Generator)
Windows XP SP1 - Bind Shellcode (Generator)
(Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode
Linux/x86 - cmd Null-Free Shellcode (Generator)
(Generator) - Alphanumeric Shellcode (Encoder/Decoder)
Linux/x86 - Bind TCP Shellcode (Generator)
Windows XP SP1 - Bind TCP Shell Shellcode (Generator)
Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator)
Linux/x86 - Command Null-Free Shellcode (Generator)
Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Win32 - Multi-Format Encoding Tool Shellcode (Generator)
iOS - Version-independent Shellcode
Cisco IOS - Connectback 21/TCP Shellcode
Windows x86 - Multi-Format Encoding Tool Shellcode (Generator)
iOS Version-independent - Null-Free Shellcode
Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode
Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes)
Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes)
Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes)
Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes)
Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes)
Linux/x86 - killall5 polymorphic Shellcode (61 bytes)
Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes)
Linux/x86 - reboot() polymorphic Shellcode (57 bytes)
Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes)
Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes)
Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)
Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes)
Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)
Linux/x86 - Shellcode Obfuscator (Generator)
Linux/x86 - Shellcode Obfuscator Null-Free (Generator)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)
Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes)
Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)
Linux/x86 - /sbin/iptables -F Shellcode (40 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes)
Linux/x86 - executes command after setreuid Shellcode (49+ bytes)
Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + executes command (49+ bytes)
Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes)
Linux/x86 - Bind 2707/TCP Shellcode (84 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)
Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes)
Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)
Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)
Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes)
Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes)
Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind 64713/TCP Shellcode (86 bytes)
Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - TCP Proxy Shellcode (236 bytes)
Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes)
Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes)
Linux/x86 - snoop /dev/dsp Shellcode (172 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes)
Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - chroot + standart Shellcode (66 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - setreuid/execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Shellcode (64 bytes)
Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes)
Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)
Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes)
Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - iptables -F Shellcode (45 bytes)
Linux/x86 - iptables -F Shellcode (58 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - connect Shellcode (120 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind 5074/TCP Shellcode (92 bytes)
Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes)
Linux/x86 - Add User (t00r) Shellcode (82 bytes)
Linux/x86 - Add User Shellcode (104 bytes)
Linux/x86 - break chroot Shellcode (34 bytes)
Linux/x86 - break chroot Shellcode (46 bytes)
Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes)
Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)
Linux/x86 - Add Root User Shellcode (104 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - chroot()/execve() code Shellcode (80 bytes)
Linux/x86 - Add User (z) Shellcode (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes)
Linux/x86 - Add Root User (z) Shellcode (70 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)
OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)
Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)
OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes)
OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes)
OSX/PPC - sync()_ reboot() Shellcode (32 bytes)
OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes)
OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes)
OSX/PPC - sync() + reboot() Shellcode (32 bytes)
OSX/PPC - Add user _r00t_ Shellcode (219 bytes)
OSX/PPC - Add Root User (r00t) Shellcode (219 bytes)
Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes)
Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid/execve Shellcode (56 bytes)
Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes)
Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes)
Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve Shellcode (56 bytes)
Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes)
Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode
Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes)
Win32 - SEH Omelet Shellcode
Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes)
Win32 - PEB!NtGlobalFlags Shellcode (14 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)
Win32/XP SP2 - cmd.exe Shellcode (57 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Win32 - ConnectBack + Download A File + Save + Execute Shellcode
Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes)
Win32 - Download File + Execute Shellcode (192 bytes)
Win32 - Download File + Execute Shellcode (124 bytes)
Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box Shellcode (110 bytes)
Win32 - WinExec() Command Parameter Shellcode (104+ bytes)
Win32 - Download File + Execute Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - SEH Omelet Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode
Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes)
Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes)
Windows x86 - Download File + Execute Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)
Windows XP - Download File + Execute Shellcode
Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes)
Windows XP - Download File + Execute Null-Free Shellcode
Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)
Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes)
Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Win32 XP SP3 - ShellExecuteA Shellcode
Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode
FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes)
Win32/XP SP2 - calc.exe Shellcode (45 bytes)
Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode
FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes)
Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes)
Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)
Linux/x86 - break chroot Shellcode (79 bytes)
Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes)
Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)
Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - disabled modsecurity Shellcode (64 bytes)
Win32 - JITed Stage-0 Shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Linux/x86 - Disabled modsecurity Shellcode (64 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes)
Win32 - MessageBox Shellcode (Metasploit)
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode
Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes)
Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode
Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes)
Linux - write() + exit(0) Shellcode (Genearator With Customizable Text)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)
Linux - write() + exit(0) Shellcode (Generator)
Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)
Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes)
Windows XP SP2 (FR) - Download File + Execute Shellcode
Windows XP SP2 (French) - Download File + Execute Shellcode
Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes)
Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes)
Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes)
Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes)
Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes)
Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes)
Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes)
Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)
Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes)
Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind Shell 64533 Shellcode (97 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)
Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode
Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes)
Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode
Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Win32 - Write-to-file Shellcode (278 bytes)
Windows x86 - Write-to-file Null-Free Shellcode (278 bytes)
Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 English - MessageBoxA Shellcode (87 bytes)
BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes)
Win32 - Checksum Routine Shellcode (18 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)
Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes)
BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes)
Windows x86 - Checksum Routine Shellcode (18 bytes)
Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader Port 0x1337 Shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode
ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader (0x1337/TCP) Shellcode
ARM - ifconfig eth0 192.168.0.2 up Shellcode
ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes)
Win32 - Speaking 'You got pwned!' Shellcode
FreeBSD/x86 - connect back Shellcode (81 bytes)
BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes)
Win32 - eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)
Linux/x86 - ASLR deactivation Shellcode (83 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)
Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator)
BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes)
Windows x86 - eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)
Linux/x86 - Disable ASLR Security Shellcode (83 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)
Linux/x86 - Egghunter Shellcode (29 bytes)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes)
Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator)
Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes)
Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes)
Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes)
Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes)
Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes)
Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)
Windows x64 - Bind TCP Shell Shellcode (508 bytes)
Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes)
Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)
Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes)
Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes)
Windows RT ARM - Bind Shell 4444/TCP Shellcode
Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode
Windows - Messagebox Shellcode (113 bytes)
Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)
Windows - Messagebox Null-FreeShellcode (113 bytes)
Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)
Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)
Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes)
Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes)
Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes)
Linux/x86 - Disable ASLR Shellcode (84 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)
Linux/x86 - Disable ASLR Security Shellcode (84 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)
Win32/XP SP3 - Restart computer Shellcode (57 bytes)
Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes)
Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)
Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes)
Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)
Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)
Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes)
Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes)
Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes)
Linux/x86 - exec('/bin/dash') Shellcode (45 bytes)
Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)
Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)
Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes)
Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode
Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)
Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)
Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes)
OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes)
Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes)
Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator)
Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator)
OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes)
Linux/x86-64 - /bin/sh Shellcode (34 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)
OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)
Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes)
Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python)
Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes)
Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)
Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes)
Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes)
Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)
Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes)
Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes)
Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)
Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)
Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)
Win32 .Net Framework - Execute Native x86 Shellcode
Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator)
Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes)
Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)
Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes)
Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shellcode (64 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes)
Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes)
Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)
Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)
Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)
Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes)
Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes)
Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Windows x64 - WinExec() Shellcode (93 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)
Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes)
Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes)
Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Windows x86 - Executable Directory Search Shellcode (130 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)
Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Linux/x86 - Bind Shell Shellcode (44 bytes)
Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes)
Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes)
Linux/x86 - Disable ASLR Security Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)
Linux/x86-64 - /bin/sh Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes)
Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)
Linux x86 - /bin/sh Shellcode (24 bytes)
Linux x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86_64 - kill All Processes Shellcode (19 bytes)
Linux/x86_64 - Kill All Processes Shellcode (19 bytes)
Php Cloud mining Script - Authentication Bypass
(Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass
2017-08-23 05:01:29 +00:00
Offensive Security
e4f4ca48ad
DB: 2017-08-22
...
16 new exploits
Easy DVD Creater 2.5.11 - Buffer Overflow (SEH)
FreeBSD/x86 - Bind 4883/TCP with Auth Shellcode (222 bytes)
FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes)
Cisco IOS - Bind Password Shellcode (116 bytes)
Cisco IOS - New TTY_ Privilege level to 15_ No password Shellcode
Cisco IOS/PowerPC - Bind Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode
Linux/x86-64 - Connect Back Semi-Stealth Shellcode (88+ bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator)
Linux/SPARC - connect back (192.168.100.1:2313) Shellcode (216 bytes)
Linux/SPARC - Reverse TCP Shell (192.168.100.1:2313/TCP) Shellcode (216 bytes)
Linux/x86 - Connectback 54321/UDP Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Connect back (140.115.53.35:9999) + Download a file (cb) + Execute Shellcode (149 bytes)
Linux/x86 - ConnectBack (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - Writes A PHP connectback shell (/var/www/cb.php) To The Filesystem Shellcode (508 bytes)
Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)
Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes)
Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)
Linux/x86 - Connectback (127.0.0.1:80) (XOR Encoded) Shellcode (371 bytes)
Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes)
Linux/x86 - Bind Password 64713/TCP Shellcode (166 bytes)
Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Connectback 127.0.0.1:31337/TCP Shellcode (74 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes)
Linux/x86 - Connectback Shellcode (90 bytes)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Solaris/SPARC - connect-back (with XNOR encoded session) Shellcode (600 bytes)
Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator)
Solaris/SPARC - connect-back Shellcode (204 bytes)
Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Win32 - Connectback + receive + save + execute Shellcode
Win32 - ConnectBack + Download A File + Save + Execute Shellcode
Windows XP/2000/2003 - Overflow Connect Back Shellcode (275 bytes)
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)
Linux/x86 - Netcat Connectback 8080/TCP Shellcode (76 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/ARM - Add root user 'shell-storm' with password 'toor' Shellcode (151 bytes)
Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes)
Linux/x86 - ConnectBack with SSL connection Shellcode (422 bytes)
Linux/SuperH (sh4) - Add root user 'shell-storm' with password 'toor' Shellcode (143 bytes)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes)
Linux/MIPS - Add user(UID 0) 'rOOt' with password 'pwn3d' Shellcode (164 bytes)
Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes)
Linux/x86-64 - Connect Back Shellcode (139 bytes)
Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86-64 - Bind TCP Password Shell (4444/TCP) Shellcode (81/96 bytes with password)
Linux/x86-64 - Reverse TCP Connect Shellcode (77-85/90-98 bytes with Password)
Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes)
Linux/x86-64 - Bind 31173/TCP Password Shellcode (92 bytes)
Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Bind 4444/TCP Password Shellcode (162 bytes)
Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (1) (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes)
Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)
Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes)
Linux/x86-64 - Bind Shell / Syscall Persistent / Multi-terminal / Password / Daemon Shellcode (83/148/177 bytes)
Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Windows x64 - Bind Password (h271508F) 2493/TCP Shellcode (825 bytes)
Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes)
Linux/x86_64 - kill All Processes Shellcode (19 bytes)
Linux/x86_64 - Fork Bomb Shellcode (11 bytes)
Apache2Triad 1.5.4 - Multiple Vulnerabilities
Joomla! Component Flip Wall 8.0 - 'wallid' Parameter SQL Injection
Joomla! Component Sponsor Wall 8.0 - SQL Injection
PHP Classifieds Script 5.6.2 - SQL Injection
Affiliate Niche Script 3.4.0 - SQL Injection
PHP Coupon Script 6.0 - 'cid' Parameter SQL Injection
iTech Social Networking Script 3.08 - SQL Injection
Joomla! Component FocalPoint 1.2.3 - SQL Injection
Php Cloud mining Script - Authentication Bypass
Joomla! Component Ajax Quiz 1.8 - SQL Injection
PHP-Lance 1.52 - 'subcat' Parameter SQL Injection
PHP Jokesite 2.0 - 'joke_id' Parameter SQL Injection
PHPMyWind 5.3 - Cross-Site Scripting
2017-08-22 05:01:20 +00:00
Offensive Security
ab70fd48b8
DB: 2017-08-19
...
27 new exploits
Microsoft Edge Chakra - Uninitialized Arguments
Microsoft Edge Chakra - Uninitialized Arguments (1)
MyDoomScanner 1.00 - Local Buffer Overflow (PoC)
DSScan 1.0 - Local Buffer Overflow (PoC)
MessengerScan 1.05 - Local Buffer Overflow (PoC)
NoviFlow NoviWare <= NW400.2.6 - Multiple Vulnerabilities
Dive Assistant Template Builder 8.0 - XML External Entity Injection
Kolibri WebServer 2.0 - Buffer Overflow with EMET 5.0 and EMET 4.1 Partial Bypass
Kolibri WebServer 2.0 - Buffer Overflow (EMET 5.0 / EMET 4.1 Partial Bypass)
SpyCamLizard 1.230 - Buffer Overflow
Mozilla Firefox < 45.0 - 'nsHtml5TreeBuilder' Use-After-Free (EMET 5.52 Bypass)
BSD/x86 - setuid/portbind 31337/TCP Shellcode (94 bytes)
BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes)
BSD/x86 - Bind 31337/TCP Shellcode (83 bytes)
BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes)
BSD/x86 - break chroot Shellcode (45 bytes)
BSD/x86 - Break chroot Shellcode (45 bytes)
BSD/x86 - connect torootteam.host.sk:2222 Shellcode (93 bytes)
BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes)
BSD/x86 - Reverse Portbind 6969/TCP Shellcode (129 bytes)
BSD/x86 - Reverse Shell 6969/TCP Shellcode (129 bytes)
FreeBSD/x86 - Reverse Portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)
FreeBSD/x86 - Reverse Shell 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)
(Generator) - HTTP/1.x Requests Shellcode (18+ bytes / 26+ bytes)
(Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes)
Cisco IOS - Connectback Port 21 Shellcode
Cisco IOS - Connectback 21/TCP Shellcode
Linux/x86 - Reverse Telnet Shellcode (134 bytes)
Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes)
Windows 9x/NT/2000/XP - Reverse Generic without Loader Shellcode (249 bytes)
Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes)
ARM - Bind Shell Port 0x1337 Shellcode
ARM - Bind Connect 68/UDP Shellcode
ARM - Bind Shell 0x1337/TCP Shellcode
ARM - Bind Connect 68/UDP (Reverse Shell 192.168.0.1:67/UDP) Shellcode
OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes)
OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - DNS Reverse Download and Exec Shellcode (Metasploit)
Windows - Reverse Download and Execute via DNS (IPv6) Shellcode (Metasploit)
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/x86 - Reverse TCP (192.168.1.10:31337) Shellcode (92 bytes)
Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes)
Windows x86 - Reverse Persistent TCP Shellcode (494 Bytes)
Windows x86 - Reverse TCP Persistent Shell (192.168.232.129:4444/TCP) Shellcode (494 Bytes)
Linux/x86-64 - Reverse TCP Password Prompt Shellcode (151 bytes)
Linux/x86-64 - Reverse TCP Password Prompt Shell (127.0.0.1:4444) Shellcode (151 bytes)
Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86/x86-64 - Reverse TCP Shell (192.168.1.29:4444/TCP) Shellcode (195 bytes)
Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (1) (122 bytes)
Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (2) (135 bytes)
Linux/x86-64 - Reverse TCP Password Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (1) (122 bytes)
Linux/x86-64 - Reverse TCP Password Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (2) (135 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes)
Linux/x86 - Reverse TCP (IPv6) Shellcode (159 bytes)
Linux/x86-64 - Bind 1472/TCP Shellcode (IPv6) (199 bytes)
Linux/x86-64 - Reverse TCP Shellcode (IPv6) (203 bytes)
Linux/x86-64 - Bind 1472/TCP (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Linux/x86 - Bind Shell Configurable Port Shellcode (87 bytes)
Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes)
Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)
Linux/x86 - Reverse TCP Shellcode (75 bytes)
Linux/x86 - Reverse TCP Shell Shellcode (75 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83_ 148_ 177 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83/148/177 bytes)
Linux/x86-64 - Subtle Probing Reverse Shell / Timer_ Burst / Password / Multi-Terminal Shellcode (84_ 122_ 172 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357) / Subtle Probing / Timer / Burst / Password / Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x86 - Bind Netcat with Port Shellcode (44/52 bytes)
Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes)
Linux/x86 - Reverse ZSH 127.255.255.254:9090/TCP Shellcode (80 bytes)
Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Windows x86 - Reverse UDP Keylogger Shellcode (493 bytes)
Windows x64 - Reverse Shell TCP Shellcode (694 bytes)
Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) Shellcode (694 bytes)
Linux/x86-64 - Reverse TCP Shellcode (65 bytes)
Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes)
Linux/x86-64 - Reverse TCP Shell Shellcode (84 bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes)
Linux/x86-64 - Reverse Netcat Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x86 - Reverse TCP Shellcode (67 bytes)
Linux/x86 - Reverse TCP Shell Shellcode (67 bytes)
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) Shellcode (IPv6) (113 bytes)
Linux/x86_64 - execve(_/bin/sh_) Shellcode (24 bytes)
Linux/x86 - Reverse UDP Shellcode (668 bytes)
Linux/x86 - Bind Shell Shellcode (75 bytes)
Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes)
Linux/x86-64 - execve(_/bin/sh_) Shellcode (24 bytes)
Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)
SOA School Management - SQL Injection
SOA School Management - 'view' Parameter SQL Injection
Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection
Food Ordering Script 1.0 - SQL Injection
LiveCRM 1.0 - SQL Injection
LiveSupport 1.0 - SQL Injection
LiveInvoices 1.0 - SQL Injection
LiveSales 1.0 - SQL Injection
LiveProjects 1.0 - SQL Injection
Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution
Joomla! Component Appointment 1.1 - SQL Injection
Joomla! Component Twitch Tv 1.1 - SQL Injection
Joomla! Component KissGallery 1.0.0 - SQL Injection
Matrimony Script 2.7 - SQL Injection
eCardMAX 10.5 - SQL Injection
SOA School Management 3.0 - SQL Injection
Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection
Joomla! Component Calendar Planner 1.0.1 - SQL Injection
Joomla! Component SP Movie Database 1.3 - SQL Injection
DeWorkshop 1.0 - Arbitrary File Upload
QuantaStor Software Defined Storage < 4.3.1 - Multiple Vulnerabilities
2017-08-19 05:01:24 +00:00
Offensive Security
1a85ec2c87
DB: 2017-08-18
...
21 new exploits
Microsoft Office Products - Array Index Bounds Error (Unpatched) (PoC)
Microsoft Office Products - Array Index Bounds Error (PoC)
JAD java Decompiler 1.5.8g - (argument) Local Crash
JAD java Decompiler 1.5.8g - 'argument' Local Crash
Microsoft Edge Chakra - 'PreVisitCatch' Missing Call
Microsoft Edge Chakra - 'chakra!Js::GlobalObject' Integer overflow
Microsoft Edge Chakra - Buffer Overflow
Microsoft Edge Chakra - NULL Pointer Dereference
Microsoft Edge Chakra - Heap Buffer Overflow
Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrectly Re-parses
Microsoft Edge Chakra - Incorrect Usage of 'PushPopFrameHelper' in 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule'
Microsoft Edge Chakra - Incorrect Usage of 'TryUndeleteProperty'
Microsoft Edge Chakra - 'EmitAssignment' uses the 'this' Register Without Initializing
Microsoft Edge Chakra - Incorrect JIT Optimization with TypedArray Setter #2
Microsoft Edge Chakra - 'JavascriptArray::ConcatArgs' Type Confusion
Microsoft Edge Chakra - 'JavascriptFunction::EntryCall' Fails to Handle 'CallInfo' Properly
Microsoft Edge Chakra - Uninitialized Arguments
Microsoft Edge Chakra - Uninitialized Arguments (2)
Microsoft Edge Chakra - 'EmitNew' Integer Overflow
Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3
Adobe Flash - Invoke Accesses Trait Out-of-Bounds
Microsoft Edge - Out-of-Bounds Access when Fetching Source
Audiotran 1.4.1 - Direct RET Buffer Overflow
Audiotran 1.4.1 - Buffer Overflow (Direct RET)
GSM SIM Utility 5.15 - Local Exploit Direct Ret ver
GSM SIM Utility 5.15 - Local Exploit (Direct RET)
DVD X Player 5.5.0 Pro / Standard - Universal Exploit (ASLR + DEP Bypass)
DVD X Player 5.5.0 Professional / Standard - '.plf' File Universal Exploit (ASLR + DEP Bypass)
CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution
CVS Kit CVS Server 1.10.8 - 'Checkin.prog' Binary Execution
BlazeVideo HDTV Player 6.6 Professional - Direct Retn Exploit
Aviosoft Digital TV Player Professional 1.x - Direct Retn Exploit
BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct Retn)
Aviosoft Digital TV Player Professional 1.x - '.PLF' Exploit (Direct Retn)
BlazeDVD 6.1 - PLF Exploit (DEP + ASLR Bypass) (Metasploit)
BlazeDVD 6.1 - '.PLF' File Exploit (DEP + ASLR Bypass) (Metasploit)
AudioCoder 0.8.22 - '.m3u' Direct Retn Buffer Overflow
AudioCoder 0.8.22 - '.m3u' Buffer Overflow (Direct Retn)
AudioCoder 0.8.22 - '.lst' Direct Retn Buffer Overflow
AudioCoder 0.8.22 - '.lst' Buffer Overflow (Direct Retn)
BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct Ret)
BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct RET)
BlazeDVD Pro 7.0 - '.plf' Buffer Overflow (SEH)
BlazeDVD Pro Player 7.0 - '.plf' Buffer Overflow (SEH)
BlazeDVD Pro 7.0 - '.plf' Stack Based Buffer Overflow (Direct RET)
BlazeDVD Pro Player 7.0 - '.plf' Stack Based Buffer Overflow (Direct RET)
Apple Mac OSX Install.Framework - SUID root Runner Binary Privilege Escalation
Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation
Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation
Xamarin Studio for Mac 6.2.1 (build 3) / 6.3 (build 863) - Privilege Escalation
RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass (Patched EXE)
RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass
Symphony 1.7.01 - (non-patched) Remote Code Execution
Symphony 1.7.01 (non-patched) - Remote Code Execution
Binary Board System 0.2.5 - reply.pl Multiple Parameter Cross-Site Scripting
Binary Board System 0.2.5 - stats.pl Multiple Parameter Cross-Site Scripting
Binary Board System 0.2.5 - toc.pl board Parameter Cross-Site Scripting
Binary Board System 0.2.5 - 'reply.pl' Multiple Parameter Cross-Site Scripting
Binary Board System 0.2.5 - 'stats.pl' Multiple Parameter Cross-Site Scripting
Binary Board System 0.2.5 - 'toc.pl' 'board' Parameter Cross-Site Scripting
Orchard 1.3.9 - 'ReturnUrl' Parameter URI redirection
Orchard 1.3.9 - 'ReturnUrl' Parameter URI Redirection
WebsitePanel - 'ReturnUrl' Parameter URI redirection
WebsitePanel - 'ReturnUrl' Parameter URI Redirection
Online Quiz Project 1.0 - SQL Injection
Photogallery Project 1.0 - SQL Injection
Doctor Patient Project 1.0 - SQL Injection
2017-08-18 05:01:20 +00:00
Offensive Security
d873f7500d
DB: 2017-08-17
...
1 new exploits
Microsoft Edge 38.14393.1066.0 - 'CInputDateTimeScrollerElement::_SelectValueInternal' Out-of-Bounds Read
2017-08-17 05:01:22 +00:00
Offensive Security
c76dbe0def
DB: 2017-08-16
...
4 new exploits
Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion
Microsoft Edge / Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion
Microsoft Internet Explorer - 'textarea.defaultValue' Memory Disclosure (MS17-006)
Microsoft Internet Explorer 11 - 'textarea.defaultValue' Memory Disclosure (MS17-006)
ALLPlayer 7.4 - Buffer Overflow (SEH Unicode)
Internet Download Manager 6.28 Build 17 - Buffer Overflow (SEH Unicode)
Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross Site Scripting
Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting
AdvanDate iCupid Dating Software 12.2 - SQL Injection
ClipBucket 2.8.3 - Multiple Vulnerabilities
2017-08-16 05:01:20 +00:00
Offensive Security
bc1dac1620
DB: 2017-08-15
...
3 new exploits
GetRight 5.2a - Skin File (.grs) Buffer Overflow
GetRight 5.2a - '.grs' Skin File Buffer Overflow
Tomabo MP4 Converter 3.19.15 - Denial of Service
Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation
Winamp 5.04 - Skin File (.wsz) Remote Code Execution
Winamp 5.04 - '.wsz' Skin File Remote Code Execution
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled)
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit
Concrete5 < 5.4.2.1 - Multiple Vulnerabilities
Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities
Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
Concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting
Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting
Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion
Concrete5 CMS 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion
Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross Site Scripting
Concrete5 8.1.0 - 'Host' Header Injection
Concrete5 CMS 8.1.0 - 'Host' Header Injection
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery
Red-Gate SQL Monitor < 3.10/4.2 - Authentication Bypass
Red-Gate SQL Monitor < 3.10 / 4.2 - Authentication Bypass
2017-08-15 05:01:22 +00:00
Offensive Security
e0d5ee5024
DB: 2017-08-11
...
11 new exploits
Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure
WordPress Plugin WatuPRO 5.5.1 - SQL Injection
DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery
WebFile Explorer 1.0 - Arbitrary File Download
ImageBay 1.0 - SQL Injection
GIF Collection 2.0 - SQL Injection
Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting
Red-Gate SQL Monitor < 3.10/4.2 - Authentication Bypass
2017-08-11 05:01:19 +00:00
Offensive Security
3f58d5334c
DB: 2017-08-09
...
4 new exploits
WildMIDI 0.4.2 - Multiple Vulnerabilities
Comodo Backup 4.4.0.0 - Null Pointer Dereference EOP
Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation
Microsoft Windows - LNK Shortcut File Code Execution
Microsoft Windows - '.LNK' Shortcut File Code Execution
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Oracle E-Business Suite 12.x - Server-Side Request Forgery
Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit)
Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload
Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit)
Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload
Technicolor TC7337 - SSID Persistent Cross-Site Scripting
Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting
Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution
2017-08-09 05:01:29 +00:00
Offensive Security
2aa9bb9ea2
DB: 2017-08-07
...
2 new exploits
Microsoft Windows - LNK Shortcut File Code Execution
Linux x86 - /bin/sh Shellcode (24 bytes)
2017-08-07 05:01:28 +00:00
Offensive Security
16dd4b9d6d
DB: 2017-08-04
...
7 new exploits
DNSTracer 1.8.1 - Buffer Overflow
DNSTracer 1.8.1 - Buffer Overflow (PoC)
DNSTracer 1.9 - Buffer Overflow
VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation
VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation
Premium Servers List Tracker 1.0 - SQL Injection
EDUMOD Pro 1.3 - SQL Injection
Muviko 1.0 - 'q' Parameter SQL Injection
Technicolor TC7337 - SSID Persistent Cross-Site Scripting
2017-08-04 05:01:28 +00:00
Offensive Security
a600aa05cd
DB: 2017-08-03
...
9 new exploits
Solarwinds Kiwi Syslog 9.6.1.6 - Denial of Service
MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH)
Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit)
Entrepreneur B2B Script - 'pid' Parameter SQL Injection
Joomla! Component SIMGenealogy 2.1.5 - SQL Injection
Joomla! Component PHP-Bridge 1.2.3 - SQL Injection
Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection
Joomla! Component Event Registration Pro Calendar 4.1.3 - SQL Injection
Joomla! Component Ultimate Property Listing 1.0.2 - SQL Injection
2017-08-03 05:01:30 +00:00
Offensive Security
c116e6f563
DB: 2017-08-01
...
7 new exploits
DivFix++ 0.34 - Denial of Service
Vorbis Tools oggenc 1.4.0 - '.wav' Denial of Service
Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities
libvorbis 1.3.5 - Multiple Vulnerabilities
libao 1.2.0 - Denial of Service
Jenkins < 1.650 - Java Deserialization
DiskBoss Enterprise 8.2.14 - Buffer Overflow
2017-08-01 05:01:29 +00:00
Offensive Security
82b7d150c6
DB: 2017-07-28
...
3 new exploits
MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH)
AudioCoder 0.8.46 - Local Buffer Overflow (SEH)
Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)
2017-07-28 05:01:21 +00:00
Offensive Security
9d1eca86b2
DB: 2017-07-27
...
4 new exploits
Microsoft Windows - LNK Shortcut File Code Execution (Metasploit)
Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)
Friends in War Make or Break 1.7 - Authentication Bypass
Friends in War Make or Break 1.7 - SQL Injection
2017-07-27 05:01:22 +00:00
Offensive Security
2351348891
DB: 2017-07-26
...
6 new exploits
WebKit JSC - 'DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry)' Incorrect Scope Register Handling
WebKit JSC - 'arrayProtoFuncSplice' Uninitialized Memory Reference
WebKit JSC - 'JSArray::appendMemcpy' Uninitialized Memory Copy
WebKit JSC - 'ArgumentsEliminationPhase::transform' Incorrect LoadVarargs Handling
WebKit JSC - 'ObjectPatternNode::appendEntry' Stack Use-After-Free
WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting
2017-07-26 05:01:21 +00:00
Offensive Security
e27b6b8408
DB: 2017-07-25
...
17 new exploits
Linux Kernel 2.6.32-642 /3.16.0-4 - 'inode' Integer Overflow
Linux Kernel 2.6.32-642/3.16.0-4 - 'inode' Integer Overflow
WebKit - 'WebCore::AccessibilityNodeObject::textUnderElement' Use-After-Free
WebKit - 'WebCore::AccessibilityRenderObject::handleAriaExpandedChanged' Use-After-Free
WebKit - 'WebCore::Node::nextSibling' Use-After-Free
WebKit - 'WebCore::RenderSearchField::addSearchResult' Heap Buffer Overflow
WebKit - 'WebCore::InputType::element' Use-After-Free
WebKit - 'WebCore::RenderObject' with Accessibility Enabled Use-After-Free
WebKit - 'WebCore::Node::getFlag' Use-After-Free
WebKit - 'WebCore::getCachedWrapper' Use-After-Free
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - ScsiAccess Privilege Escalation
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Privilege Escalation
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (SUID)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (SUID Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition Privilege Escalation (/etc/passwd)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (/etc/passwd)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)
MAWK 1.3.3-17 - Local Buffer Overflow
Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)
Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)
IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit)
VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit)
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit)
PaulShop - SQL Injection / Cross-Site Scripting
REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution
REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure
2017-07-25 05:01:20 +00:00
Offensive Security
9640473c86
DB: 2017-07-20
...
23 new exploits
Linux Kernel 3.0.5 - 'test_root()' Function Local Denial of Service
Linux Kernel 3.0.5 - 'test_root()' Local Denial of Service
SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit)
SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force)
Kaspersky 17.0.0 - Local CA root Incorrectly Protected
Kaspersky 17.0.0 - Local CA Root Incorrectly Protected
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow (DEP Bypass)
WICD - Local Privilege Esclation Exploit
WICD 1.7.1 - Local Privilege Escalation
Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions
Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions
Oracle Solaris 11.1/11.3 (RSH) - Local Privilege Escalation 'Stack Clash' Exploit
OpenBSD - 'at' Local Privilege Escalation 'Stack Clash' Exploit
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation
OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation
Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation
Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation
HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution
Trend Micro Interscan VirusWall localweb - Directory Traversal
Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)
Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting
Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)
XAMPP 1.6.x - 'showcode.php' Local File Inclusion
Yealink VoIP Phone SIP-T38G - Local File Inclusion
InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)
DreamBox DM800 - 'file' Parameter Local File Disclosure
Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting
TP-Link TL-WR841N Router - Local File Inclusion
Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities
Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure
Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes)
Vivvo Article Manager 3.4 - (root) Local File Inclusion
Vivvo Article Manager 3.4 - 'root' Local File Inclusion
60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion
60cycleCMS 2.5.2 - 'DOCUMENT_ROOT' Multiple Local File Inclusion
HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution
Trend Micro Interscan VirusWall localweb - Directory Traversal
Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)
Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting
Campsite 2.6.1 - 'LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion
Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)
XAMPP 1.6.x - 'showcode.php' Local File Inclusion
Yealink VoIP Phone SIP-T38G - Local File Inclusion
InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)
DreamBox DM800 - 'file' Parameter Local File Disclosure
Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting
TP-Link TL-WR841N Router - Local File Inclusion
Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities
Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure
Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit)
Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)
Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection
Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)
Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)
Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)
Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection
2017-07-20 05:01:21 +00:00
Offensive Security
21f7dd8438
DB: 2017-07-19
...
11 new exploits
Microsoft Internet Explorer 11.0.9600.18617 - 'CMarkup::DestroySplayTree' Memory Corruption
Microsoft Internet Explorer 11.1066.14393.0 - VBScript Arithmetic Functions Type Confusion
Microsoft Windows Kernel - 'IOCTL 0x120007 (NsiGetParameter)' nsiproxy/netio Pool Memory Disclosure
Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation
Belkin NetCam F7D7601 - Multiple Vulnerabilities
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
Sophos Web Appliance 4.3.1.1 - Session Fixation
Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit)
Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit)
PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting
2017-07-19 05:01:23 +00:00
Offensive Security
be3b49b643
DB: 2017-07-17
...
2 new exploits
FTPGetter 5.89.0.85 - Buffer Overflow (SEH)
Orangescrum 1.6.1 - Multiple Vulnerabilities
2017-07-17 05:01:20 +00:00
Offensive Security
635e0e935f
DB: 2017-07-15
...
4 new exploits
Counter Strike: Condition Zero - '.BSP' Map File Code Execution
Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution
Apache Struts 2.3.x Showcase - Remote Code Execution (PoC)
WDTV Live SMP 2.03.20 - Remote Password Reset
2017-07-15 05:01:21 +00:00
Offensive Security
2f83b6c1be
DB: 2017-07-14
...
6 new exploits
Novell Groupwise 6.5.3 Client - Local Integer Overflow
Novell Groupwise Client 6.5.3 - Local Integer Overflow
SLMail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities
SLmail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities
Novell Client 4.91 SP4 - Privilege Escalation
Novell Client 4.91 SP4 - Local Privilege Escalation
Novell Client 4.91 SP4 - nwfs.sys Privilege Escalation (Metasploit)
Novell Client 4.91 SP4 - 'nwfs.sys' Privilege Escalation (Metasploit)
Novell Client 2 SP3 - Privilege Escalation
Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
Linux Kernel 4.8.0 (Ubuntu) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1)
Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1)
Novell iPrint Client Browser Plugin - call-back-url Stack Overflow
Novell iPrint Client Browser Plugin - 'call-back-url' Stack Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit)
Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3)
Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2)
Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3)
Skype for Business 2016 - Cross-Site Scripting
DataTaker DT80 dEX 1.50.012 - Information Disclosure
Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass
Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery
Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation
Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download
2017-07-14 05:01:24 +00:00
Offensive Security
ed107bc711
DB: 2017-07-12
...
9 new exploits
Apache 2.0.52 - HTTP GET request Denial of Service
Apache 2.0.52 - GET Request Denial of Service
Microsoft IIS - Malformed HTTP Request Denial of Service (1)
Microsoft IIS - Malformed HTTP Request Denial of Service (2)
Microsoft IIS - HTTP Request Denial of Service (1)
Microsoft IIS - HTTP Request Denial of Service (2)
Microsoft IIS - Malformed HTTP Request Denial of Service
Microsoft IIS - HTTP Request Denial of Service
Adobe Acrobat Reader 8.1.2 - Malformed '.PDF' Remote Denial of Service (PoC)
Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC)
Allegro RomPager 2.10 - Malformed URL Request Denial of Service
Allegro RomPager 2.10 - URL Request Denial of Service
AVM KEN! 1.3.10/1.4.30 - Malformed Request Remote Denial of Service
AVM KEN! 1.3.10/1.4.30 - Remote Denial of Service
Netwin SurgeFTP 1.0b - Malformed Request Denial of Service
Netwin SurgeFTP 1.0b - Denial of Service
iCal 3.7 - Malformed HTTP Request Denial of Service
iCal 3.7 - HTTP Request Denial of Service
3ware Disk Managment 1.10 - Malformed HTTP Request Denial of Service
3ware Disk Managment 1.10 - HTTP Request Denial of Service
Pi3Web 2.0.1 - Malformed GET Request Denial of Service
Pi3Web 2.0.1 - GET Request Denial of Service
Loom Software SurfNow 1.x/2.x - Remote HTTP GET Request Denial of Service
Loom Software SurfNow 1.x/2.x - Remote GET Request Denial of Service
Linksys PSUS4 PrintServer - Malformed HTTP POST Request Denial of Service
Linksys PSUS4 PrintServer - POST Request Denial of Service
Multiple IEA Software Products - HTTP POST Request Denial of Service
Multiple IEA Software Products - POST Request Denial of Service
Linksys WRH54G 1.1.3 Wireless-G Router - Malformed HTTP Request Denial of Service
Linksys WRH54G 1.1.3 Wireless-G Router - HTTP Request Denial of Service
Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial of Service
Geo++ GNCASTER 1.4.0.7 - GET Request Denial of Service
D-Link WBR-2310 1.0.4 - HTTP GET Request Remote Buffer Overflow
D-Link WBR-2310 1.0.4 - GET Request Remote Buffer Overflow
Pelco VideoXpert 1.12.105 - Privilege Escalation
Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Malformed Request Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Malformed Request Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Information Disclosuree
PlanetDNS PlanetWeb 1.14 - Malformed Request Remote Buffer Overflow
PlanetDNS PlanetWeb 1.14 - Remote Buffer Overflow
AN HTTPD 1.38/1.39/1.40/1.41 - Malformed SOCKS4 Request Buffer Overflow
AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow
Omnicron OmniHTTPd 2.x/3.0 - Get Request Buffer Overflow
Omnicron OmniHTTPd 2.x/3.0 - GET Request Buffer Overflow
JBoss 3.x/4.0.2 - Malformed HTTP Request Remote Information Disclosure
JBoss 3.x/4.0.2 - HTTP Request Remote Information Disclosure
Easy File Sharing Web Server 7.2 - GET HTTP Request Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - HEAD HTTP Request Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET Request Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - HEAD Request Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH)
Microsoft Windows Windows 8/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (DEP Bypass)
NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection
Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (DEP Bypass)
Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
(Generator) - HTTP/1.x requests Shellcode (18+ bytes / 26+ bytes)
(Generator) - HTTP/1.x Requests Shellcode (18+ bytes / 26+ bytes)
Linux/x86-64 - flush iptables rules Shellcode (84 bytes)
Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes)
Linux/x86 - Self-modifying for IDS evasion Shellcode (64 bytes)
Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes)
Linux/x86 - Bind 8000/TCP + Add User with Root Access Shellcode (225+ bytes)
Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes)
Linux/x86 - File unlinker Shellcode (18+ bytes)
Linux/x86 - Perl script execution Shellcode (99+ bytes)
Linux/x86 - file reader Shellcode (65+ bytes)
Linux/x86 - File Unlinker Shellcode (18+ bytes)
Linux/x86 - Perl Script Execution Shellcode (99+ bytes)
Linux/x86 - File Reader Shellcode (65+ bytes)
Linux/x86 - Add Root User 'r00t' Without Password To /etc/passwd Shellcode (69 bytes)
Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes)
Linux/x86 - execve /bin/sh anti-ids Shellcode (40 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)
Linux/x86 - Add User 'xtz' without Password to /etc/passwd Shellcode (59 bytes)
Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) Shellcode (39 bytes)
Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)
Linux/x86 - Radically Self Modifying Code Shellcode (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code Shellcode (76 bytes)
Linux/x86 - Radically Self-Modifying Shellcode (70 bytes)
Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes)
Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT Shellcode (75 bytes)
Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)
Linux/x86 - Add User 't00r' Shellcode (82 bytes)
Linux/x86 - Add User (t00r) Shellcode (82 bytes)
Linux/x86 - execve /bin/sh encrypted Shellcode (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted Shellcode (55 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes)
Linux/x86 - Add User 'z' Shellcode (70 bytes)
Linux/x86 - Add User (z) Shellcode (70 bytes)
Linux/x86 - hard / unclean reboot Shellcode (29 bytes)
Linux/x86 - hard / unclean reboot Shellcode (33 bytes)
Linux/x86 - Hard / Unclean Reboot Shellcode (29 bytes)
Linux/x86 - Hard / Unclean Reboot Shellcode (33 bytes)
Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes)
Linux - Drop SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes)
Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes)
Linux - Find all writeable folder in filesystem polymorphic Shellcode (91 bytes)
Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes)
Linux/x86 - setuid(0) + setgid(0) + add user 'iph' Without Password to /etc/passwd Polymorphic Shellcode
Linux/x86 - Search For php/html Writable Files and Add Your Code Shellcode (380+ bytes)
Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - Search For PHP/HTML Writable Files and Add Your Code Shellcode (380+ bytes)
Linux/x86 - Remote Port Forwarding Shellcode (87 bytes)
Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)
Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes)
Linux/x86 - Reverse TCP (192.168.1.10:31337) Shellcode (92 bytes)
Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) Shellcode (77 bytes)
Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes)
Linux/x86 - Add Map google.com to 127.1.1.1 Obfuscated Shellcode (98 bytes)
Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes)
Linux/x86 - /bin/sh ROT7 Encoded Shellcode
Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode
Linux/x86 - /bin/sh ROL/ROR Encoded Shellcode
Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode
Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes)
Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes)
Linux/x86-64 - Bind NetCat Shellcode (64 bytes)
Linux/x86-64 - Bind Netcat Shellcode (64 bytes)
Linux/x86 - Reverse zsh 9090/TCP Shellcode (80 bytes)
Linux/x86 - Reverse ZSH 127.255.255.254:9090/TCP Shellcode (80 bytes)
Linux - Multi/Dual mode execve(_/bin/sh__ NULL_ 0) Shellcode (37 bytes)
Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes)
Linux - execve(_/bin/sh__ NULL_ 0) Multi/Dual Mode Shellcode (37 bytes)
Linux - Reverse Shell Multi/Dual Mode Shellcode (Genearator) (129 bytes)
Linux - Dual/Multi mode Bind Shell Shellcode (156 bytes)
Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes)
Linux/x86-64 - Reverse NetCat Shellcode (72 bytes)
Linux/x86-64 - Reverse NetCat Polymorphic Shellcode (106 bytes)
Linux/x86-64 - Reverse Netcat Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat Polymorphic Shellcode (106 bytes)
Simple Machines Forum (SMF) 1.1.6 - HTTP POST Request Filter Security Bypass
Simple Machines Forum (SMF) 1.1.6 - POST Request Filter Security Bypass
NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)
Pelco Sarix/Spectra Cameras - Remote Code Execution
Pelco VideoXpert 1.12.105 - Directory Traversal
Pelco VideoXpert 1.12.105 - Information Disclosure
NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection
2017-07-12 05:01:24 +00:00
Offensive Security
4407c920f7
DB: 2017-07-11
...
2 new exploits
NfSen < 1.3.7 / AlienVault OSSIM < 5.3.6 - Privilege Escalation
Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow
Microsoft Internet Explorer - jscript9 JavaScriptStackWalker Memory Corruption (MS15-056)
Microsoft Internet Explorer 9 - 'jscript9' JavaScriptStackWalker Memory Corruption (MS15-056)
NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection
2017-07-11 05:01:26 +00:00
Offensive Security
c78e91e6e8
DB: 2017-07-10
...
1 new exploits
Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (DEP Bypass)
2017-07-10 05:01:20 +00:00
Offensive Security
22bf5da098
DB: 2017-07-08
...
2 new exploits
Firefox 54.0.1 - Denial of Service
Lepide Auditor Suite - 'createdb()' Web Console Database Injection Remote Code Execution
Lepide Auditor Suite - 'createdb()' Web Console Database Injection / Remote Code Execution
Yaws 1.91 - Remote File Disclosure
Price Comparison Script 2017.1.8 - SQL Injection
Clickbank Affiliate Marketplace Script 2017 - SQL Injection
2017-07-08 05:01:21 +00:00
Offensive Security
83c4965a4e
DB: 2017-06-30
...
2 new exploits
LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow
LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow
NetBSD - Stack Clash Proof of Concept
FreeBSD - 'FGPU' Stack Clash Proof of Concept
FreeBSD - 'FGPE' Stack Clash Proof of Concept
FreeBSD - 'setrlimit' Stack Clash Proof of Concept
NetBSD - 'Stack Clash' (PoC)
FreeBSD - 'FGPU' Stack Clash (PoC)
FreeBSD - 'FGPE' Stack Clash (PoC)
FreeBSD - 'setrlimit' Stack Clash (PoC)
Oracle Solaris 11.1 / 11.3 RSH - Local Root Stack Clash Exploit
OpenBSD - 'at' Local Root Stack Clash Exploit
Linux - 'offset2lib' Stack Clash Exploit
Linux - 'ldso_hwcap' Local Root Stack Clash Exploit
Linux - 'ldso_hwcap_64' Local Root Stack Clash Exploit
Linux - 'ldso_dynamic' Local Root Stack Clash Exploit
Oracle Solaris 11.1/11.3 (RSH) - Local Privilege Escalation 'Stack Clash' Exploit
OpenBSD - 'at' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel - 'offset2lib' 'Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' Local Privilege Escalation 'Stack Clash' Exploit
Easy File Sharing Web Server 7.2 - GET HTTP Request (PassWD) Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (SEH)
Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit)
ActiveMQ < 5.14.0 - web shell upload (Metasploit)
2017-06-30 05:01:20 +00:00
Offensive Security
fa3bfa77fc
DB: 2017-06-29
...
14 new exploits
NetBSD - Stack Clash Proof of Concept
FreeBSD - 'FGPU' Stack Clash Proof of Concept
FreeBSD - 'FGPE' Stack Clash Proof of Concept
FreeBSD - 'setrlimit' Stack Clash Proof of Concept
Flat Assembler 1.7.21 - Buffer Overflow
Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)
Oracle Solaris 11.1 / 11.3 RSH - Local Root Stack Clash Exploit
OpenBSD - 'at' Local Root Stack Clash Exploit
Linux - 'offset2lib' Stack Clash Exploit
Linux - 'ldso_hwcap' Local Root Stack Clash Exploit
Linux - 'ldso_hwcap_64' Local Root Stack Clash Exploit
Linux - 'ldso_dynamic' Local Root Stack Clash Exploit
Easy File Sharing Web Server 7.2 - Unrestricted File Upload
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
2017-06-29 05:01:19 +00:00
Offensive Security
28b54c9669
DB: 2017-06-28
...
4 new exploits
OpenSSL ASN.1 < 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs
OpenSSL ASN.1 < 0.9.6j/0.9.7b - Brute Forcer for Parsing Bugs
Solaris 2.7 / 2.8 Catman - Local Insecure tmp Symlink Exploit
Solaris 2.7/2.8 Catman - Local Insecure tmp Symlink Exploit
RedHat 6.1 / 6.2 - TTY Flood Users Exploit
RedHat 6.1/6.2 - TTY Flood Users Exploit
Linux Kernel 2.4.x / 2.6.x - Assembler Inline Function Local Denial of Service
Linux Kernel 2.4.x/2.6.x - Assembler Inline Function Local Denial of Service
Linux Kernel 2.4.28 / 2.6.9 - 'scm_send Local' Denial of Service
Linux Kernel 2.6.9 / 2.4.22-28 - 'igmp.c' Local Denial of Service
Linux Kernel 2.4.28/2.6.9 - 'scm_send Local' Denial of Service
Linux Kernel 2.4.22-28/2.6.9 - 'igmp.c' Local Denial of Service
Linux Kernel 2.4.28 / 2.6.9 - vc_resize int Local Overflow
Linux Kernel 2.4.28 / 2.6.9 - Memory Leak Local Denial of Service
Linux Kernel 2.4.28 / 2.6.9 - 'ip_options_get' Local Overflow
Linux Kernel 2.4.28/2.6.9 - vc_resize int Local Overflow
Linux Kernel 2.4.28/2.6.9 - Memory Leak Local Denial of Service
Linux Kernel 2.4.28/2.6.9 - 'ip_options_get' Local Overflow
Apple Mac OSX 10.3.7 - Input Validation Flaw parse_machfile() Denial of Service
Apple Mac OSX 10.3.7 - Input Validation Flaw 'parse_machfile()' Denial of Service
Xaraya 1.0.0 RC4 - create() Denial of Service
Xaraya 1.0.0 RC4 - 'create()' Denial of Service
BitchX 1.1-final - do_hook() Remote Denial of Service
BitchX 1.1-final - 'do_hook()' Remote Denial of Service
Quake 3 Engine Client - CG_ServerCommand() Remote Overflow
Quake 3 Engine Client - 'CG_ServerCommand()' Remote Overflow
Apache (mod_rewrite) < 1.3.37 / 2.0.59 / 2.2.3 - Remote Overflow (PoC)
Apache (mod_rewrite) < 1.3.37/2.0.59/2.2.3 - Remote Overflow (PoC)
FreeBSD 5.4 / 6.0 - (ptrace PT_LWPINFO) Local Denial of Service
FreeBSD 5.4/6.0 - (ptrace PT_LWPINFO) Local Denial of Service
Asterisk 1.0.12 / 1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)
Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)
PHP 4.4.4/5.1.6 - htmlentities() Local Buffer Overflow (PoC)
PHP 4.4.4/5.1.6 - 'htmlentities()' Local Buffer Overflow (PoC)
Microsoft Windows - NetrWkstaUserEnum() Remote Denial of Service
Microsoft Windows - 'NetrWkstaUserEnum()' Remote Denial of Service
Apple Mac OSX 10.4.8 - AppleTalk ATPsndrsp() Heap Buffer Overflow (PoC)
Apple Mac OSX 10.4.8 - AppleTalk 'ATPsndrsp()' Heap Buffer Overflow (PoC)
Apple Mac OSX 10.4.x Kernel - shared_region_map_file_np() Memory Corruption
Apple Mac OSX 10.4.x Kernel - 'shared_region_map_file_np()' Memory Corruption
PHP 4.4.4 - Unserialize() ZVAL Reference Counter Overflow (PoC)
Netrek 2.12.0 - pmessage2() Remote Limited Format String
PHP 5 - wddx_deserialize() String Append Crash
Asterisk 1.2.15 / 1.4.0 - Unauthenticated Remote Denial of Service
PHP 4.4.4 - 'Unserialize()' ZVAL Reference Counter Overflow (PoC)
Netrek 2.12.0 - 'pmessage2()' Remote Limited Format String
PHP 5 - 'wddx_deserialize()' String Append Crash
Asterisk 1.2.15/1.4.0 - Unauthenticated Remote Denial of Service
Asterisk 1.2.16 / 1.4.1 - SIP INVITE Remote Denial of Service
PHP 4.4.5 / 4.4.6 - session_decode() Double-Free (PoC)
Asterisk 1.2.16/1.4.1 - SIP INVITE Remote Denial of Service
PHP 4.4.5/4.4.6 - 'session_decode()' Double-Free (PoC)
Opera 9.10 - alert() Remote Denial of Service
Opera 9.10 - 'alert()' Remote Denial of Service
PHP 5.2.3 - bz2 com_print_typeinfo() Denial of Service
PHP 5.2.3 - glob() Denial of Service
Asterisk < 1.2.22 / 1.4.8 / 2.2.1 - chan_skinny Remote Denial of Service
PHP 5.2.3 - 'bz2 com_print_typeinfo()' Denial of Service
PHP 5.2.3 - 'glob()' Denial of Service
Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service
Asterisk < 1.2.22 / 1.4.8 IAX2 channel driver - Remote Crash
Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash
HP ActiveX - 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)
HP - ActiveX 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)
EDraw Office Viewer Component 5.3 - FtpDownloadFile() Remote Buffer Overflow
EDraw Office Viewer Component 5.3 - 'FtpDownloadFile()' Remote Buffer Overflow
eXtremail 2.1.1 - memmove() Remote Denial of Service
eXtremail 2.1.1 - 'memmove()' Remote Denial of Service
Adobe Shockwave - ShockwaveVersion() Stack Overflow (PoC)
Adobe Shockwave - 'ShockwaveVersion()' Stack Overflow (PoC)
Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC)
Apple Mac OSX 10.4.x Kernel - 'i386_set_ldt()' Integer Overflow (PoC)
OpenSSL < 0.9.7l / 0.9.8d - SSLv2 Client Crash
SkyFex Client 1.0 - ActiveX Start() Method Remote Stack Overflow
DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service (PoC)
OpenSSL < 0.9.7l/0.9.8d - SSLv2 Client Crash
SkyFex Client 1.0 - ActiveX 'Start()' Method Remote Stack Overflow
DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC)
KingSoft - 'UpdateOcx2.dll' SetUninstallName() Heap Overflow (PoC)
KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC)
Adobe Acrobat Reader 8.1.2 - Malformed PDF Remote Denial of Service (PoC)
Adobe Acrobat Reader 8.1.2 - Malformed '.PDF' Remote Denial of Service (PoC)
Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - '.forward' Local Denial of Service
Postfix < 2.4.9/2.5.5/2.6-20080902 - '.forward' Local Denial of Service
fhttpd 0.4.2 un64() - Remote Denial of Service
fhttpd 0.4.2 - 'un64()' Remote Denial of Service
VBA32 Personal AntiVirus 3.12.8.x - (malformed archive) Denial of Service
VBA32 Personal AntiVirus 3.12.8.x - Malformed Archive Denial of Service
AyeView 2.20 - Malformed .GIF Image Local Crash
AyeView 2.20 - Malformed '.GIF' Image Local Crash
Solaris 9 PortBind - XDR-DECODE taddr2uaddr() Remote Denial of Service
Solaris 9 PortBind - XDR-DECODE 'taddr2uaddr()' Remote Denial of Service
Linux Kernel < 2.4.36.9 / 2.6.27.5 - Unix Sockets Local Kernel Panic Exploit
Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit
DesignWorks Professional 4.3.1 - Local '.CCT' File Stack Buffer Overflow (PoC)
DesignWorks Professional 4.3.1 - '.CCT' File Local Stack Buffer Overflow (PoC)
Vinagre < 2.24.2 - show_error() Remote Format String (PoC)
Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC)
Linux Kernel 2.6.27.7-generic / 2.6.18 / 2.6.24-1 - Local Denial of Service
Linux Kernel 2.6.27.7-generic/2.6.18/2.6.24-1 - Local Denial of Service
MW6 Barcode ActiveX - 'Barcode.dll' Remote Heap Overflow (PoC)
MW6 Barcode - ActiveX 'Barcode.dll' Remote Heap Overflow (PoC)
Multiple Vendors libc:fts_*() - Local Denial of Service
Multiple Vendors - 'libc:fts_*()' Local Denial of Service
Icewarp Merak Mail Server 9.4.1 - Base64FileEncode() Buffer Overflow (PoC)
Icewarp Merak Mail Server 9.4.1 - 'Base64FileEncode()' Buffer Overflow (PoC)
OpenSSL 0.9.8k / 1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
Soulseek 157 NS x / 156.x - Remote Distributed Search Code Execution
Soulseek 157 NS x/156.x - Remote Distributed Search Code Execution
Notepad++ 5.4.5 - Local .C/CPP Stack Buffer Overflow (PoC)
Notepad++ 5.4.5 - '.C' / '.CPP' Local Stack Buffer Overflow (PoC)
Drupal 6.16 / 5.21 - Denial of Service
Drupal 5.21/6.16 - Denial of Service
SopCast SopCore Control ActiveX - Remote Execution (PoC)
UUSee ReliPlayer ActiveX - Remote Execution (PoC)
SopCast SopCore Control - ActiveX Remote Execution (PoC)
UUSee ReliPlayer - ActiveX Remote Execution (PoC)
Aqua Real 1.0 / 2.0 - Local Crash (PoC)
Aqua Real 1.0/2.0 - Local Crash (PoC)
iPhone - WebCore::CSSSelector() Remote Crash
iPhone - 'WebCore::CSSSelector()' Remote Crash
avtech software 'avc781viewer.dll' ActiveX - Multiple Vulnerabilities
Avtech Software - ActiveX 'avc781viewer.dll' Multiple Vulnerabilities
Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion
Apple Safari 4.0.3/4.0.4 - Stack Exhaustion
Multiple browsers - history.go() Denial of Service
Multiple browsers - window.print() Denial of Service
Multiple browsers - 'history.go()' Denial of Service
Multiple browsers - 'window.print()' Denial of Service
FreeBSD Kernel - mountnfs() Exploit
FreeBSD Kernel - 'mountnfs()' Exploit
Microsoft Internet Explorer 6 / 7 - Remote Denial of Service
Microsoft Internet Explorer 6/7 - Remote Denial of Service
PHP 5.3.3 - ibase_gen_id() Off-by-One Overflow
PHP 5.3.3 - 'ibase_gen_id()' Off-by-One Overflow
Microsoft DRM Technology 'msnetobj.dll' ActiveX - Multiple Vulnerabilities
RarCrack 0.2 - 'Filename' init() .bss (PoC)
Microsoft DRM Technology - 'msnetobj.dll' ActiveX Multiple Vulnerabilities
RarCrack 0.2 - 'Filename' 'init()' '.bss' (PoC)
Mozilla Firefox 3.5.10 / 3.6.6 - WMP Memory Corruption Using Popups
Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups
Microsoft Windows Mobile 6.1 / 6.5 - Double-Free Denial of Service
Microsoft Windows Mobile 6.1/6.5 - Double-Free Denial of Service
LeadTools 11.5.0.9 (ltdlg11n.ocx) - GetColorRes() Access Violation Denial of Service
LeadTools 11.5.0.9 (lttmb11n.ocx) - BrowseDir() Access Violation Denial of Service
LeadTools 11.5.0.9 - 'ltdlg11n.ocx' GetColorRes() Access Violation Denial of Service
LeadTools 11.5.0.9 - 'lttmb11n.ocx' BrowseDir() Access Violation Denial of Service
VideoLAN VLC Media Player 1.1 - Subtitle StripTags() Function Memory Corruption
VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Function Memory Corruption
PHP 5.3.5 - grapheme_extract() Null Pointer Dereference
PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference
Novell ZenWorks 10 / 11 - TFTPD Remote Code Execution
Novell ZenWorks 10/11 - TFTPD Remote Code Execution
PHP 5.3.6 - shmop_read() Integer Overflow Denial of Service
PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service
PHP 5.3.10 - spl_autoload_register() Local Denial of Service
PHP 5.3.10 - spl_autoload_call() Local Denial of Service
PHP 5.3.10 - 'spl_autoload_register()' Local Denial of Service
PHP 5.3.10 - 'spl_autoload_call()' Local Denial of Service
PHP 5.3.10 - spl_autoload() Local Denial of Service
PHP 5.3.10 - 'spl_autoload()' Local Denial of Service
Apple iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC)
Apple iOS 5.1.1 Safari Browser - 'JS match()' / 'search()' Crash (PoC)
Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process
Linux Kernel 2.0/2.1 - Send a SIGIO Signal To Any Process
Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.2 / 2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options
Linux Kernel 2.0 / 2.1 / 2.2 - autofs Exploit
Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1) - IP Options
Linux Kernel 2.0/2.1/2.2 - autofs Exploit
HP HP-UX 10.20 / IBM AIX 4.1.5 - connect() Denial of Service
HP HP-UX 10.20 / IBM AIX 4.1.5 - 'connect()' Denial of Service
Linux Kernel 2.0 / 2.0.33 - i_count Overflow (PoC)
Linux Kernel 2.0/2.0.33 - i_count Overflow (PoC)
FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - setsockopt() Denial of Service
FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - 'setsockopt()' Denial of Service
Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
PHP 6.0 - openssl_verify() Local Buffer Overflow (PoC)
PHP 6.0 - 'openssl_verify()' Local Buffer Overflow (PoC)
Linux Kernel 2.1.89 / 2.2.x - Zero-Length Fragment
Linux Kernel 2.1.89/2.2.x - Zero-Length Fragment
Wireshark 1.8.2 / 1.6.0 - Buffer Overflow (PoC)
Wireshark 1.6.0/1.8.2 - Buffer Overflow (PoC)
MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2 / 5.2.1 - File Scanner Malicious Archive Denial of Service
MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service
Linux Kernel 2.2 / 2.4 - Deep Symbolic Link Denial of Service
Linux Kernel 2.2/2.4 - Deep Symbolic Link Denial of Service
Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion
Zlib 1.1.4 - Compression Library gzprintf() Buffer Overrun (1)
Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (1)
PHP 4.3 - socket_iovec_alloc() Integer Overflow
PHP 4.3 - 'socket_iovec_alloc()' Integer Overflow
PHP 4.x - socket_recv() Signed Integer Memory Corruption
PHP 4.x - socket_recvfrom() Signed Integer Memory Corruption
PHP 4.x - 'socket_recv()' Signed Integer Memory Corruption
PHP 4.x - 'socket_recvfrom()' Signed Integer Memory Corruption
Linux Kernel 2.4 / 2.6 - Sigqueue Blocking Denial of Service
Linux Kernel 2.4/2.6 - Sigqueue Blocking Denial of Service
Colloquy 1.3.5 / 1.3.6 - Denial of Service
Colloquy 1.3.5/1.3.6 - Denial of Service
FreeBSD 4.10/5.x - execve() Unaligned Memory Access Denial of Service
FreeBSD 4.10/5.x - 'execve()' Unaligned Memory Access Denial of Service
PHP 3/4/5 - Multiple Local / Remote Vulnerabilities (1)
PHP 3/4/5 - Local/Remote Multiple Vulnerabilities (1)
Linux Kernel 2.4.x / 2.6.x - Local Denial of Service / Memory Disclosure Vulnerabilities
Linux Kernel 2.4.x/2.6.x - Local Denial of Service / Memory Disclosure Vulnerabilities
PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (2)
PHP 3/4/5 - Local/Remote Multiple Vulnerabilities (2)
Linux Kernel 2.6.32-642 / 3.16.0-4 - 'inode' Integer Overflow
Linux Kernel 2.6.32-642 /3.16.0-4 - 'inode' Integer Overflow
Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities
Linux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities
Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC)
Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index (PoC)
Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow
Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow
SIEMENS Solid Edge ST4/ST5 SEListCtrlX ActiveX - SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution
SIEMENS Solid Edge ST4/ST5 SEListCtrlX - ActiveX SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution
Apache CXF < 2.5.10 / 2.6.7 / 2.7.4 - Denial of Service
Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service
Firebird 1.5 - Local Inet_Server Buffer Overflow
Firebird 1.5 - Inet_Server Local Buffer Overflow
Apple Mac OSX 10.x - '.zip' Parsing BOMStackPop() Function Overflow
Apple Mac OSX 10.x - '.zip' Parsing 'BOMStackPop()' Function Overflow
FreeBSD 5.x I386_Set_LDT() - Multiple Local Denial of Service Vulnerabilities
FreeBSD 5.x - 'I386_Set_LDT()' Multiple Local Denial of Service Vulnerabilities
FortKnox Personal Firewall 9.0.305.0 / 10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption
FortKnox Personal Firewall 9.0.305.0/10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption
PulseAudio 0.9.5 - Assert() Remote Denial of Service
PulseAudio 0.9.5 - 'Assert()' Remote Denial of Service
VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read
VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read
PHP openssl_x509_parse() - Memory Corruption
PHP - 'openssl_x509_parse()' Memory Corruption
MW6 Technologies Aztec ActiveX - (Data parameter) Buffer Overflow
MW6 Technologies Datamatrix ActiveX - (Data Parameter) - Buffer Overflow
MW6 Technologies MaxiCode ActiveX - (Data parameter) Buffer Overflow
MW6 Technologies Aztec - ActiveX 'Data Pparameter Buffer Overflow
MW6 Technologies Datamatrix - ActiveX 'Data' Parameter Buffer Overflow
MW6 Technologies MaxiCode - ActiveX 'Data' Parameter Buffer Overflow
MySQL 6.0.9 - GeomFromWKB() Function First Argument Geometry Value Handling Denial of Service
MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
phpMyAdmin 4.0.x / 4.1.x / 4.2.x - Denial of Service
phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service
UltraPlayer 2.112 Malformed - '.avi' File Denial of Service
UltraPlayer 2.112 - Malformed '.avi' File Denial of Service
Linux Kernel 3.13 / 3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service
Linux Kernel 3.13/3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service
Advantech Webaccess 8.0 / 3.4.3 ActiveX - Multiple Vulnerabilities
PHP 5.4/5.5/5.6 - SplDoublyLinkedList Unserialize() Use-After-Free
PHP GMP unserialize() - Use-After-Free
PHP 5.4/5.5/5.6 - SplObjectStorage Unserialize() Use-After-Free
Advantech Webaccess 8.0 / 3.4.3 - ActiveX Multiple Vulnerabilities
PHP 5.4/5.5/5.6 - SplDoublyLinkedList 'Unserialize()' Use-After-Free
PHP GMP - 'unserialize()' Use-After-Free
PHP 5.4/5.5/5.6 - SplObjectStorage 'Unserialize()' Use-After-Free
PHP 5.4/5.5/5.6 - Unserialize() Use-After-Free Vulnerabilities
PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free Vulnerabilities
Python 2.7 strop.replace() Method - Integer Overflow
Python 3.3 < 3.5 product_setstate() Function - Out-of-Bounds Read
Python 2.7 - 'strop.replace()' Method Integer Overflow
Python 3.3 < 3.5 - 'product_setstate()' Function Out-of-Bounds Read
Linux Kernel 3.x / 4.x - prima WLAN Driver Heap Overflow
Linux Kernel 3.x/4.x - prima WLAN Driver Heap Overflow
NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow
NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow
Linux Kernel 3.10 / 3.18 / 4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption
Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption
ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
ImageMagick 6.9.3-9/7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
Linux ARM/ARM64 - perf_event_open() Arbitrary Memory Read
Linux ARM/ARM64 - 'perf_event_open()' Arbitrary Memory Read
PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write
PHP 5.5.37/5.6.23/7.0.8 - 'bzread()' Out-of-Bounds Write
Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - PacketBB Dissector Denial of Service
Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - WSP Dissector Denial of Service
Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - RLC Dissector Denial of Service
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4- PacketBB Dissector Denial of Service
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - WSP Dissector Denial of Service
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - RLC Dissector Denial of Service
PHP 5.0.0 - hw_docbyanchor() Local Denial of Service
PHP 5.0.0 - 'hw_docbyanchor()' Local Denial of Service
Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference
Linux Kernel 3.10.0-327/4.8.0-22 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow
Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation
IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow
Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API
Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation
man-db 2.4.1 - open_cat_stream() Local uid=man Exploit
man-db 2.4.1 - 'open_cat_stream()' Local uid=man Exploit
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2)
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1)
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (PoC)
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Privilege Escalation
Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC)
Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Privilege Escalation
xsplumber - strcpy() Buffer Overflow
xsplumber - 'strcpy()' Buffer Overflow
BSDi 3.0 / 4.0 - rcvtty[mh] Local Exploit
BSDi 3.0/4.0 - rcvtty[mh] Local Exploit
Solaris 2.5 / 2.5.1 - getgrnam() Local Overflow
Solaris 2.5/2.5.1 - 'getgrnam()' Local Overflow
Solaris 7 / 8-beta - arp Local Overflow
Solaris 7/8-beta - ARP Local Overflow
Solaris 2.6 / 2.7 - '/usr/bin/write' Local Overflow
Solaris 2.6/2.7 - '/usr/bin/write' Local Overflow
LibXt - XtAppInitialize() Overflow *xterm Exploit
LibXt - 'XtAppInitialize()' Overflow *xterm Exploit
SGI IRIX - '/bin/login Local' Buffer Overflow
SGI IRIX - '/bin/login' Local Buffer Overflow
LibPNG 1.2.5 - png_jmpbuf() Local Buffer Overflow
LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow
CDRecord's ReadCD - '$RSH' exec() SUID Shell Creation
CDRecord's ReadCD - '$RSH' 'exec()' SUID Shell Creation
Linux Kernel 2.4.27 / 2.6.8 - 'binfmt_elf' Executable File Read Exploit
Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read Exploit
Linux Kernel 2.6.x < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation
Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation
Setuid perl - PerlIO_Debug() Overflow
Setuid perl - 'PerlIO_Debug()' Overflow
Linux Kernel 2.4.x / 2.6.x - 'uselib()' Privilege Escalation (3)
Linux Kernel 2.4.x/2.6.x - 'uselib()' Privilege Escalation (3)
Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2)
Linux Kernel 2.4.x/2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2)
ePSXe 1.6.0 - nogui() Local Exploit
ePSXe 1.6.0 - 'nogui()' Local Exploit
Solaris 9 / 10 - ld.so Privilege Escalation (1)
Solaris 9 / 10 - ld.so Privilege Escalation (2)
Solaris 9/10 - 'ld.so' Privilege Escalation (1)
Solaris 9/10 - 'ld.so' Privilege Escalation (2)
Python 2.4.2 - realpath() Local Stack Overflow
Python 2.4.2 - 'realpath()' Local Stack Overflow
Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1)
Solaris 10 - 'sysinfo()' Local Kernel Memory Disclosure (1)
Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 - Multiple Buffer Overflow
Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflow
PHP 4.4.3 / 5.1.4 - (objIndex) Local Buffer Overflow (PoC)
PHP 4.4.3 / 5.1.4 - (sscanf) Local Buffer Overflow
PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC)
PHP 4.4.3/5.1.4 - 'sscanf' Local Buffer Overflow
Solaris 8 / 9 - '/usr/ucb/ps' Local Information Leak Exploit
Solaris 8/9 - '/usr/ucb/ps' Local Information Leak Exploit
OpenBSD 3.x < 4.0 - vga_ioctl() Privilege Escalation
OpenBSD 3.x < 4.0 - 'vga_ioctl()' Privilege Escalation
PHP < 4.4.5 / 5.2.1 - PHP_binary Session Deserialization Information Leak
PHP < 4.4.5 / 5.2.1 - WDDX Session Deserialization Information Leak
PHP 4.4.6 - mssql_[p]connect() Local Buffer Overflow
PHP 5.2.1 - substr_compare() Information Leak Exploit
PHP < 4.4.5 / 5.2.1 - (shmop functions) Local Code Execution
PHP < 4.4.5 / 5.2.1 - (shmop) SSL RSA Private-Key Disclosure
PHP < 4.4.5/5.2.1 - PHP_binary Session Deserialization Information Leak
PHP < 4.4.5/5.2.1 - WDDX Session Deserialization Information Leak
PHP 4.4.6 - 'mssql_[p]connect()' Local Buffer Overflow
PHP 5.2.1 - 'substr_compare()' Information Leak Exploit
PHP < 4.4.5/5.2.1 - 'shmop' Functions Local Code Execution
PHP < 4.4.5/5.2.1 - 'shmop' SSL RSA Private-Key Disclosure
PHP 4.4.6 - crack_opendict() Local Buffer Overflow (PoC)
PHP 4.4.6 - snmpget() object id Local Buffer Overflow (PoC)
PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC)
PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC)
PHP 4.4.6 - cpdf_open() Local Source Code Disclosure (PoC)
PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC)
PHP 5.2.1 - session_regenerate_id() Double-Free Exploit
PHP 5.2.1 - 'session_regenerate_id()' Double-Free Exploit
PHP 4.4.6 - ibase_connect() Local Buffer Overflow
PHP 4.4.6 / 5.2.1 - array_user_key_compare() ZVAL dtor Local Exploit
PHP 5.2.0 (OSX) - header() Space Trimming Buffer Underflow Exploit
PHP 4.4.6 / 5.2.1 - ext/gd Already Freed Resources Usage Exploit
PHP 5.2.1 - hash_update_file() Freed Resource Usage Exploit
PHP 5.2.1 - Unserialize() Local Information Leak Exploit
PHP < 4.4.5 / 5.2.1 - _SESSION unset() Local Exploit
PHP < 4.4.5 / 5.2.1 - _SESSION Deserialization Overwrite
PHP 4.4.6 - 'ibase_connect()' Local Buffer Overflow
PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Exploit
PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow Exploit
PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage Exploit
PHP 5.2.1 - 'hash_update_file()' Freed Resource Usage Exploit
PHP 5.2.1 - 'Unserialize()' Local Information Leak Exploit
PHP < 4.4.5/5.2.1 - '_SESSION' 'unset()' Local Exploit
PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite
PHP 5.2.3 - snmpget() object id Local Buffer Overflow
PHP 5.2.3 - 'snmpget()' Object id Local Buffer Overflow
IBM AIX 5.3 SP6 - FTP gets() Privilege Escalation
IBM AIX 5.3 SP6 - FTP 'gets()' Privilege Escalation
PHP 5.2.3 - snmpget() object id Local Buffer Overflow (EDI)
PHP 5.2.3 - 'snmpget()' object id Local Buffer Overflow (EDI)
PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit
PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit
PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit
PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit
Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation
Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation
Numark Cue 5.0 rev 2 - Local '.m3u' File Stack Buffer Overflow
Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow
Adobe Reader - util.printf() JavaScript Function Stack Overflow (1)
Adobe Reader - util.printf() JavaScript Function Stack Overflow (2)
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1)
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2)
Microsoft SQL Server - sp_replwritetovarbin() Heap Overflow
Microsoft SQL Server - 'sp_replwritetovarbin()' Heap Overflow
PHP 5.2.8 gd library - imageRotate() Information Leak
PHP 5.2.8 gd library - 'imageRotate()' Information Leak
Adobe Acrobat Reader 8.1.2 < 9.0 - getIcon() Memory Corruption
Adobe Acrobat Reader 8.1.2 < 9.0 - 'getIcon()' Memory Corruption
PHP - mb_ereg(i)_replace() Evaluate Replacement String
PHP - 'mb_ereg(i)_replace()' Evaluate Replacement String
Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation
Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation
Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5)
Linux Kernel 2.4/2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5)
FreeBSD 6.1 - kqueue() Null Pointer Dereference Privilege Escalation
Multiple BSD Operating Systems - setusercontext() Vulnerabilities
Avast! 4.8.1335 Professional - Local Kernel Buffer Overflow
FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation
Multiple BSD Operating Systems - 'setusercontext()' Vulnerabilities
Avast! 4.8.1335 Professional - Kernel Local Buffer Overflow
Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Privilege Escalation
Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Privilege Escalation
OtsTurntables 1.00.027 - '.m3u' / '.ofl' Local Universal Buffer Overflow (SEH)
OtsTurntables 1.00.027 - '.m3u' / '.ofl' Universal Local Buffer Overflow (SEH)
Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Privilege Escalation (2)
Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Privilege Escalation (2)
Millenium MP3 Studio - (pls/mpf/m3u) Local Universal Buffer Overflows (SEH)
Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflows (SEH)
Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Privilege Escalation (3)
Linux Kernel 2.4/2.6 - 'sock_sendpage()' Privilege Escalation (3)
PlayMeNow 7.3 / 7.4 - Malformed '.M3U' Playlist File Buffer
PlayMeNow 7.3/7.4 - Malformed '.M3U' Playlist File Buffer
Mini-stream Ripper 3.0.1.1 - '.pls' Local Universal Buffer Overflow
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Local Buffer Overflow
PlayMeNow 7.3 / 7.4 - Buffer Overflow (Metasploit)
PlayMeNow 7.3/7.4 - Buffer Overflow (Metasploit)
HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow
HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow
(Tod Miller's) Sudo/SudoEdit 1.6.9p21 / 1.7.2p4 - Privilege Escalation
(Tod Miller's) Sudo/SudoEdit 1.6.9p21/1.7.2p4 - Privilege Escalation
PHP 6.0 Dev - str_transliterate() Buffer Overflow
PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow
Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - OpenSession() Buffer Overflow
Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - 'OpenSession()' Buffer Overflow
IP2location.dll 1.0.0.1 - Function Initialize() Buffer Overflow
IP2location.dll 1.0.0.1 - Function 'Initialize()' Buffer Overflow
FreeBSD Kernel - nfs_mount() Exploit
FreeBSD Kernel - 'nfs_mount()' Exploit
MUSE 4.9.0.006 - '.pls' Local Universal Buffer Overflow (SEH)
Triologic Media Player 8 - '.m3u' Local Universal Unicode Buffer Overflow (SEH)
MUSE 4.9.0.006 - '.pls' Universal Local Buffer Overflow (SEH)
Triologic Media Player 8 - '.m3u' Universal Unicode Local Buffer Overflow (SEH)
FreeBSD - mbufs() sendfile Cache Poisoning Privilege Escalation
FreeBSD - 'mbufs()' sendfile Cache Poisoning Privilege Escalation
Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - CAN BCM Privilege Escalation
Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Privilege Escalation
AOL 9.5 - Phobos.Playlist Import() Stack Based Buffer Overflow (Metasploit)
AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit)
Adobe - Collab.collectEmailInfo() Buffer Overflow (Metasploit)
Adobe - 'Collab.collectEmailInfo()' Buffer Overflow (Metasploit)
NetOp Remote Control 8.0 / 9.1 / 9.2 / 9.5 - Buffer Overflow
NetOp Remote Control 8.0/9.1/9.2/9.5 - Buffer Overflow
PHP 5.3.5 - socket_connect() Buffer Overflow
PHP 5.3.5 - 'socket_connect()' Buffer Overflow
Linux Kernel 2.6.28 / 3.0 (DEC Alpha Linux) - Privilege Escalation
Linux Kernel 2.6.28/3.0 (DEC Alpha Linux) - Privilege Escalation
mount.cifs - chdir() Arbitrary Root File Identification
mount.cifs - 'chdir()' Arbitrary Root File Identification
Slackware Linux 3.1 / 3.2 - color_xterm Buffer Overflow (1)
Slackware Linux 3.1 / 3.2 - color_xterm Buffer Overflow (2)
Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (1)
Slackware Linux 3.1/3.2 - color_xterm Buffer Overflow (2)
Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - vsyslog() Buffer Overflow
Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Buffer Overflow
Xi Graphics Accelerated X 4.0.x / 5.0 - Buffer Overflow
Xi Graphics Accelerated X 4.0.x/5.0 - Buffer Overflow
RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap tgetent() Buffer Overflow (2)
RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (2)
QSSL QNX 4.25 A - crypt() Exploit
QSSL QNX 4.25 A - 'crypt()' Exploit
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (2)
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 - libX11 _XAsyncReply() Stack Corruption
X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 - libX11 '_XAsyncReply()' Stack Corruption
Linux Kernel 2.2.x - sysctl() Memory Reading (PoC)
Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 6.2/7.0 / 2.2.14/2.2.18/2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 6.2/7.0 / 2.2.14/2.2.18/2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
Linux Kernel 2.2 / 2.4 - procfs Stream redirection to Process Memory Privilege Escalation
Linux Kernel 2.2/2.4 - procfs Stream redirection to Process Memory Privilege Escalation
Linux Kernel 2.2 / 2.4 - Ptrace/Setuid Exec Privilege Escalation
Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Privilege Escalation
Linux Kernel 2.2.x / 2.3 / 2.4.x - d_path() Path Truncation (PoC)
Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC)
Python 1.5.2 Pickle - Unsafe eval() Code Execution
Python 1.5.2 Pickle - Unsafe 'eval()' Code Execution
Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (1)
Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (2)
Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (3)
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (1)
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (2)
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3)
ESCPUtil 1.15.2 2 - Local Printer Name Buffer Overflow
ESCPUtil 1.15.2 2 - Printer Name Local Buffer Overflow
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (1)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (2)
Linux Kernel 2.2.x/2.4.x - Privileged Process Hijacking Privilege Escalation (1)
Linux Kernel 2.2.x/2.4.x - Privileged Process Hijacking Privilege Escalation (2)
Linux Kernel 2.2.x / 2.4.x - I/O System Call File Existence
Linux Kernel 2.2.x/2.4.x - I/O System Call File Existence
Zblast 1.2 - Local 'Username' Buffer Overrun
Zblast 1.2 - 'Username' Local Buffer Overrun
Linux PAM 0.77 - Pam_Wheel Module getlogin() 'Username' Spoofing Privilege Escalation
Linux PAM 0.77 - Pam_Wheel Module 'getlogin()' 'Username' Spoofing Privilege Escalation
Linux Kernel 2.2.x / 2.4.x - '/proc' Filesystem Potential Information Disclosure
Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Potential Information Disclosure
Tripbit Secure Code Analizer 1.0 - Local fgets() Buffer Overrun
Elm 2.3/2.4 - Local TERM Environment Variable Buffer Overrun
Tripbit Secure Code Analizer 1.0 - 'fgets()' Local Buffer Overrun
Elm 2.3/2.4 - TERM Environment Variable Local Buffer Overrun
GNU AN - Local Command Line Option Buffer Overflow
GNU AN - Command Line Option Local Buffer Overflow
OpenBSD 3.3 - Semget() Integer Overflow (1)
OpenBSD 3.3 - Semget() Integer Overflow (2)
OpenBSD 3.3 - 'Semget()' Integer Overflow (1)
OpenBSD 3.3 - 'Semget()' Integer Overflow (2)
Sendmail 8.12.9 - Prescan() Variant Remote Buffer Overrun
Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun
Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (1)
Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (2)
Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (3)
Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (1)
Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (2)
Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (3)
Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read
Linux Kernel 2.5.x/2.6.x - CPUFreq Proc Handler Integer Handling Memory Read
HP-UX 7-11 - Local X Font Server Buffer Overflow
HP-UX 7-11 - X Font Server Local Buffer Overflow
Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)
Linux Kernel 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)
Photodex ProShow Gold/Producer 5.0.3310 / 6.0.3410 - ScsiAccess Privilege Escalation
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - ScsiAccess Privilege Escalation
Newsgrab 0.5.0pre4 - Multiple Local And Remote Vulnerabilities
Newsgrab 0.5.0pre4 - Local/Remote Multiple Vulnerabilities
Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1)
Linux Kernel 2.4.30 / 2.6.11.5 - BlueTooth 'bluez_sock_create' Privilege Escalation
Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1)
Linux Kernel 2.4.30/2.6.11.5 - BlueTooth 'bluez_sock_create' Privilege Escalation
Ophcrack 3.5.0 - Local Code Execution Buffer Overflow
Ophcrack 3.5.0 - Code Execution Local Buffer Overflow
PHP 4.x/5.0/5.1 - mb_send_mail() Function Parameter Restriction Bypass
PHP 4.x/5.0/5.1 - 'mb_send_mail()' Function Parameter Restriction Bypass
Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
IBM AIX 6.1 / 7.1 - Privilege Escalation
IBM AIX 6.1/7.1 - Privilege Escalation
Nodejs - js-yaml load() Code Exec (Metasploit)
Nodejs - 'js-yaml load()' Code Exec (Metasploit)
PHP 5.2.1 - Session.Save_Path() TMPDIR open_basedir Restriction Bypass
PHP 5.2.1 - 'Session.Save_Path()' TMPDIR open_basedir Restriction Bypass
ELinks Relative 0.10.6 / 011.1 - Path Arbitrary Code Execution
ELinks Relative 0.10.6/011.1 - Path Arbitrary Code Execution
suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit
suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass Exploit
Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3)
Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3)
Microsoft Office 2007 / 2010 - OLE Arbitrary Command Execution
Microsoft Office 2007/2010 - OLE Arbitrary Command Execution
MySQL / MariaDB / PerconaDB 5.5.51 / 5.6.32 / 5.7.14 - Code Execution / Privilege Escalation
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit)
ImageMagick 6.9.3-9/7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit)
Proxifier for Mac 2.17 / 2.18 - Privesc Escalation
Proxifier for Mac 2.17/2.18 - Privesc Escalation
Sendmail 8.12.8 - Prescan() BSD Remote Command Execution
Sendmail 8.12.8 (BSD) - 'Prescan()' Remote Command Execution
BFTPd - vsprintf() Format Strings Exploit
BFTPd - 'vsprintf()' Format Strings Exploit
OpenBSD ftpd 2.6 / 2.7 - Remote Exploit
OpenBSD ftpd 2.6/2.7 - Remote Exploit
Subversion 1.0.2 - svn_time_from_cstring() Remote Exploit
Rlpr 2.04 - msg() Remote Format String
Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Exploit
Rlpr 2.04 - 'msg()' Remote Format String
Courier-IMAP 3.0.2-r1 - auth_debug() Remote Format String
Courier-IMAP 3.0.2-r1 - 'auth_debug()' Remote Format String
PHP 4.3.7 - openlog() Buffer Overflow
PHP 4.3.7 - 'openlog()' Buffer Overflow
Apple iTunes - Playlist Local Parsing Buffer Overflow
Apple iTunes - Playlist Parsing Local Buffer Overflow
Newspost 2.1 - socket_getline() Remote Buffer Overflow (2)
Newspost 2.1 - 'socket_getline()' Remote Buffer Overflow (2)
CA Unicenter 3.1 - CAM log_security() Stack Overflow (Metasploit)
CA Unicenter 3.1 - CAM 'log_security()' Stack Overflow (Metasploit)
sobexsrv 1.0.0_pre3 Bluetooth - syslog() Remote Format String
sobexsrv 1.0.0_pre3 Bluetooth - 'syslog()' Remote Format String
Mozilla Firefox 1.04 - compareTo() Remote Code Execution
Mozilla Firefox 1.04 - 'compareTo()' Remote Code Execution
Mozilla Firefox 1.5 (Linux) - location.QueryInterface() Code Execution (Metasploit)
Mozilla Firefox 1.5 (OSX) - location.QueryInterface() Code Execution (Metasploit)
Mozilla Firefox 1.5 (Linux) - 'location.QueryInterface()' Code Execution (Metasploit)
Mozilla Firefox 1.5 (OSX) - 'location.QueryInterface()' Code Execution (Metasploit)
crossfire-server 1.9.0 - SetUp() Remote Buffer Overflow
crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow
MySQL 4.1.18 / 5.0.20 - Local+Remote Information Leakage Exploit
Quake 3 Engine 1.32b - R_RemapShader() Remote Client Buffer Overflow
MySQL 4.1.18/5.0.20 - Local/Remote Information Leakage Exploit
Quake 3 Engine 1.32b - 'R_RemapShader()' Remote Client Buffer Overflow
iShopCart - vGetPost() Remote Buffer Overflow (cgi)
iShopCart - 'vGetPost()' Remote Buffer Overflow (CGI)
Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - 'FTP' Remote Exploit
Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote Exploit
XMPlay 3.3.0.4 - (PLS) Local+Remote Buffer Overflow
Oracle 9i / 10g - (read/write/execute) Exploitation Suite
XMPlay 3.3.0.4 - '.PLS' Local/Remote Buffer Overflow
Oracle 9i/10g - (read/write/execute) Exploitation Suite
Oracle 9i / 10g (extproc) - Local / Remote Command Execution
Oracle 9i / 10g - 'utl_file' FileSystem Access Exploit
Oracle 9i/10g - 'extproc' Local/Remote Command Execution
Oracle 9i/10g - 'utl_file' FileSystem Access Exploit
Portable OpenSSH 3.6.1p-PAM / 4.1-SuSE - Timing Attack Exploit
Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack Exploit
PHP 4.4.3 < 4.4.6 - PHPinfo() Cross-Site Scripting
PHP 4.4.3 < 4.4.6 - 'PHPinfo()' Cross-Site Scripting
XAMPP for Windows 1.6.0a - mssql_connect() Remote Buffer Overflow
XAMPP for Windows 1.6.0a - 'mssql_connect()' Remote Buffer Overflow
IPIX Image Well ActiveX - 'iPIX-ImageWell-ipix.dll' Buffer Overflow
IPIX Image Well - ActiveX 'iPIX-ImageWell-ipix.dll' Buffer Overflow
Zenturi ProgramChecker ActiveX - 'sasatl.dll' Remote Buffer Overflow
Zenturi ProgramChecker - ActiveX 'sasatl.dll' Remote Buffer Overflow
Zenturi ProgramChecker - ActiveX NavigateUrl() Insecure Method Exploit
Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method Exploit
NCTAudioStudio2 - ActiveX DLL 2.6.1.148 CreateFile() Insecure Method
NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()/ Insecure Method
HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - SaveToFile() Exploit
HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' Exploit
NeoTracePro 3.25 - ActiveX TraceTarget() Remote Buffer Overflow
NeoTracePro 3.25 - ActiveX 'TraceTarget()' Remote Buffer Overflow
Versalsoft HTTP File Uploader - AddFile() Remote Buffer Overflow
Versalsoft HTTP File Uploader - 'AddFile()' Remote Buffer Overflow
Data Dynamics ActiveReport ActiveX - 'actrpt2.dll 2.5' Insecure Method
Data Dynamics ActiveReport - ActiveX 'actrpt2.dll 2.5' Insecure Method
Yahoo! Widget < 4.0.5 - GetComponentVersion() Remote Overflow
CHILKAT ASP String - 'CkString.dll 1.1' SaveToFile() Insecure Method
Yahoo! Widget < 4.0.5 - 'GetComponentVersion()' Remote Overflow
CHILKAT ASP String - 'CkString.dll 1.1' 'SaveToFile()' Insecure Method
NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - SetText() Remote Exploit
NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - SaveXMLFile() Insecure Method
NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - DeleteXMLFile() Insecure Method
NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote Exploit
NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - 'SaveXMLFile()' Insecure Method
NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - 'DeleteXMLFile()' Insecure Method
Microsoft MSN Messenger 7.x (8.0?) - Video Remote Heap Overflow
Microsoft MSN Messenger 7.x/8.0? - Video Remote Heap Overflow
GlobalLink 2.7.0.8 - 'glItemCom.dll' SetInfo() Heap Overflow
GlobalLink 2.7.0.8 - 'glItemCom.dll' 'SetInfo()' Heap Overflow
GlobalLink 2.7.0.8 - 'glitemflat.dll' SetClientInfo() Heap Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0' SaveToFile() Insecure Method
GlobalLink 2.7.0.8 - 'glitemflat.dll' 'SetClientInfo()' Heap Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0' 'SaveToFile()' Insecure Method
jetAudio 7.x - ActiveX DownloadFromMusicStore() Code Execution
jetAudio 7.x - ActiveX 'DownloadFromMusicStore()' Code Execution
Persits Software XUpload Control - AddFolder() Buffer Overflow
Persits Software XUpload Control - 'AddFolder()' Buffer Overflow
idautomation bar code ActiveX - Multiple Vulnerabilities
idautomation bar code - ActiveX Multiple Vulnerabilities
C6 Messenger ActiveX - Remote Download and Execute Exploit
C6 Messenger - ActiveX Remote Download and Execute Exploit
NuMedia Soft Nms DVD Burning SDK ActiveX - 'NMSDVDX.dll' Exploit
NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Exploit
GdPicture Pro ActiveX - 'gdpicture4s.ocx' File Overwrite / Exec Exploit
GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec Exploit
MW6 Aztec ActiveX - 'Aztec.dll' Remote Insecure Method Exploit
MW6 Barcode ActiveX - 'Barcode.dll' Insecure Method Exploit
MW6 Aztec - ActiveX 'Aztec.dll' Remote Insecure Method Exploit
MW6 Barcode - ActiveX 'Barcode.dll' Insecure Method Exploit
GE Fanuc Real Time Information Portal 2.6 - writeFile() API Exploit (Metasploit)
GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API Exploit (Metasploit)
EasyMail ActiveX - 'emmailstore.dll 6.5.0.3' Buffer Overflow
EasyMail - ActiveX 'emmailstore.dll 6.5.0.3' Buffer Overflow
Megacubo 5.0.7 - (mega://) Remote eval() Injection
Megacubo 5.0.7 - 'mega://' Remote 'eval()' Injection
Word Viewer OCX 3.2 ActiveX - (Save) Remote File Overwrite
Word Viewer OCX 3.2 - ActiveX 'Save' Remote File Overwrite
EDraw Office Viewer 5.4 - HttpDownloadFile() Insecure Method
EDraw Office Viewer 5.4 - 'HttpDownloadFile()' Insecure Method
Oracle Secure Backup 10g - exec_qr() Command Injection
Oracle Secure Backup 10g - 'exec_qr()' Command Injection
Linux Kernel 2.6.20 / 2.6.24 / 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit
Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit
Adobe Reader 8.1.4/9.1 - GetAnnots() Remote Code Execution
Adobe 8.1.4/9.1 - customDictionaryOpen() Code Execution
BaoFeng - ActiveX OnBeforeVideoDownload() Remote Buffer Overflow
Adobe Reader 8.1.4/9.1 - 'GetAnnots()' Remote Code Execution
Adobe 8.1.4/9.1 - 'customDictionaryOpen()' Code Execution
BaoFeng - ActiveX 'OnBeforeVideoDownload()' Remote Buffer Overflow
AOL IWinAmpActiveX Class ConvertFile() - Remote Buffer Overflow
AOL IWinAmpActiveX Class - 'ConvertFile()' Remote Buffer Overflow
Virtualmin < 3.703 - Multiple Local+Remote Vulnerabilities
Virtualmin < 3.703 - Local/Remote Multiple Vulnerabilities
Quiksoft EasyMail 6.0.3.0 - imap connect() ActiveX Buffer Overflow
Quiksoft EasyMail 6.0.3.0 - IMAP 'connect()' ActiveX Buffer Overflow
EnjoySAP 6.4 / 7.1 - File Overwrite
EnjoySAP 6.4/7.1 - File Overwrite
Blender 2.34 / 2.35a / 2.4 / 2.49b - '.blend' Command Injection
Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection
Solaris 10 / 11 Telnet - Remote Authentication Bypass (Metasploit)
Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit)
mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit)
mDNSResponder 10.4.0/10.4.8 (OSX) - UPnP Location Overflow (Metasploit)
Opera 9.50 / 9.61 historysearch - Command Execution (Metasploit)
Opera 9.50/9.61 historysearch - Command Execution (Metasploit)
Squid 2.5.x / 3.x - NTLM Buffer Overflow (Metasploit)
PoPToP < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit)
Squid 2.5.x/3.x - NTLM Buffer Overflow (Metasploit)
PoPToP < 1.1.3-b3/1.1.3-20030409 - Negative Read Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 sp2 - 'jrd8_create_database' Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit)
Borland Interbase 2007/2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit)
Borland Interbase 2007/2007 SP2 - 'jrd8_create_database' Buffer Overflow (Metasploit)
Borland Interbase 2007/2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit)
HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution (Metasploit)
HP-UX LPD 10.20/11.00/11.11 - Command Execution (Metasploit)
PHP 5.3 - preg_match() Full Path Disclosure
PHP 5.3 - 'preg_match()' Full Path Disclosure
Trend Micro Web-Deployment ActiveX - Remote Execution (PoC)
Trend Micro Web-Deployment - ActiveX Remote Execution (PoC)
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' 'OpenFile()' Remote Overflow
Bigant Messenger 2.52 - 'AntCore.dll' RegisterCom() Remote Heap Overflow
Bigant Messenger 2.52 - 'AntCore.dll' 'RegisterCom()' Remote Heap Overflow
Apple Safari 4.0.5 - parent.close() (memory Corruption) Code Execution
Apple Safari 4.0.5 - 'parent.close()' Memory Corruption Code Execution
Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass)
Apple Safari 4.0.5 - 'parent.close()' Memory Corruption (ASLR + DEP Bypass)
ComponentOne VSFlexGrid 7 / 8 - 'Archive()' method Remote Buffer Overflow
ComponentOne VSFlexGrid 7/8 - 'Archive()' method Remote Buffer Overflow
Apple Mac OSX EvoCam Web Server 3.6.6 / 3.6.7 - Buffer Overflow
Apple Mac OSX EvoCam Web Server 3.6.6/3.6.7 - Buffer Overflow
Nginx 0.7.65 / 0.8.39 (dev) - Source Disclosure / Download
Nginx 0.7.65/0.8.39 (dev) - Source Disclosure / Download
SigPlus Pro 3.74 - ActiveX LCDWriteString() Remote Buffer Overflow JIT Spray (ASLR + DEP Bypass)
SigPlus Pro 3.74 - ActiveX 'LCDWriteString()' Remote Buffer Overflow JIT Spray (ASLR + DEP Bypass)
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution)
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (2)
Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (2)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (Metasploit)
Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit)
Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Buffer Overflow (Metasploit)
Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow
Viscom Image Viewer CP Gold 6 - ActiveX 'TifMergeMultiFiles()' Buffer Overflow
Microsoft WMITools ActiveX - Remote Command Execution
Microsoft WMITools - ActiveX Remote Command Execution
Novell iPrint 5.52 - ActiveX GetDriverSettings() Remote Exploit (ZDI-10-256)
Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote Exploit
Apple QTJava - toQTPointer() Arbitrary Memory Access (Metasploit)
Apple QTJava - 'toQTPointer()' Arbitrary Memory Access (Metasploit)
Java - Statement.invoke() Trusted Method Chain Exploit (Metasploit)
Java - 'Statement.invoke()' Trusted Method Chain Exploit (Metasploit)
Mozilla Firefox 3.5 - escape() Return Value Memory Corruption (Metasploit)
Mozilla Firefox 3.5 - 'escape()' Return Value Memory Corruption (Metasploit)
Mozilla Suite/Firefox InstallVersion->compareTo() - Code Execution (Metasploit)
Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit)
Sun Solaris sadmind - adm_build_path() Buffer Overflow (Metasploit)
Sun Solaris sadmind - 'adm_build_path()' Buffer Overflow (Metasploit)
Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (MS07-029) (Metasploit)
Microsoft DNS RPC Service - 'extractQuotedChar()' Overflow 'SMB' (MS07-029) (Metasploit)
Firebird Relational Database - SVC_attach() Buffer Overflow (Metasploit)
Firebird Relational Database - 'SVC_attach()' Buffer Overflow (Metasploit)
Firebird Relational Database - isc_create_database() Buffer Overflow (Metasploit)
Firebird Relational Database - 'isc_create_database()' Buffer Overflow (Metasploit)
Firebird Relational Database - isc_attach_database() Buffer Overflow (Metasploit)
Firebird Relational Database - 'isc_attach_database()' Buffer Overflow (Metasploit)
Worldweaver DX Studio Player 3.0.29 - shell.execute() Command Execution (Metasploit)
Worldweaver DX Studio Player 3.0.29 - 'shell.execute()' Command Execution (Metasploit)
Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit)
Zenturi ProgramChecker - ActiveX Control Arbitrary File Download (Metasploit)
CA BrightStor ARCserve Backup - AddColumn() ActiveX Buffer Overflow (Metasploit)
Microsoft Internet Explorer - createTextRange() Code Execution (MS06-013) (Metasploit)
CA BrightStor ARCserve Backup - 'AddColumn()' ActiveX Buffer Overflow (Metasploit)
Microsoft Internet Explorer - 'createTextRange()' Code Execution (MS06-013) (Metasploit)
AOL Radio AmpX - ActiveX Control ConvertFile() Buffer Overflow (Metasploit)
AOL Radio AmpX - ActiveX Control 'ConvertFile()' Buffer Overflow (Metasploit)
NCTAudioFile2 2.x - ActiveX Control SetFormatLikeSample() Buffer Overflow (Metasploit)
NCTAudioFile2 2.x - ActiveX Control 'SetFormatLikeSample()' Buffer Overflow (Metasploit)
SasCam Webcam Server 2.6.5 - Get() method Buffer Overflow (Metasploit)
SasCam Webcam Server 2.6.5 - 'Get()' Method Buffer Overflow (Metasploit)
Microsoft DNS RPC Service - extractQuotedChar() TCP Overflow (MS07-029) (Metasploit)
Microsoft DNS RPC Service - 'extractQuotedChar()' TCP Overflow (MS07-029) (Metasploit)
httpdx - h_handlepeer() Function Buffer Overflow (Metasploit)
httpdx - 'h_handlepeer()' Function Buffer Overflow (Metasploit)
CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit)
CA CAM (Windows x86) - 'log_security()' Stack Buffer Overflow (Metasploit)
Trend Micro ServerProtect 5.58 - CreateBinding() Buffer Overflow (Metasploit)
Trend Micro ServerProtect 5.58 - 'CreateBinding()' Buffer Overflow (Metasploit)
XtreamerPRO Media-player 2.6.0 / 2.7.0 - Multiple Vulnerabilities
XtreamerPRO Media-player 2.6.0/2.7.0 - Multiple Vulnerabilities
Black Ice Cover Page SDK - insecure method DownloadImageFileURL() Exploit (Metasploit)
Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' Exploit (Metasploit)
CTEK SkyRouter 4200 / 4300 - Command Execution (Metasploit)
CTEK SkyRouter 4200/4300 - Command Execution (Metasploit)
Mozilla Firefox 4.0.1 - Array.reduceRight() Exploit
Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Exploit
LotusCMS 3.0 - eval() Remote Command Execution (Metasploit)
LotusCMS 3.0 - 'eval()' Remote Command Execution (Metasploit)
Apache Tomcat - Remote Exploit (PUT Request) and Account Scanner
Apache Tomcat - Account Scanner / 'PUT' Request Remote Exploit
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Remote Code Execution)
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject() Exploit
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Exploit
Mozilla Firefox 8/9 - AttributeChildRemoved() Use-After-Free (Metasploit)
Mozilla Firefox 8/9 - 'AttributeChildRemoved()' Use-After-Free (Metasploit)
RabidHamster R4 - Log Entry sprintf() Buffer Overflow (Metasploit)
RabidHamster R4 - Log Entry 'sprintf()' Buffer Overflow (Metasploit)
Samsung NET-i viewer - Multiple ActiveX BackupToAvi() Remote Overflow (Metasploit)
Samsung NET-i viewer - Multiple ActiveX 'BackupToAvi()' Remote Overflow (Metasploit)
Microsoft IIS 6.0 / 7.5 (+ PHP) - Multiple Vulnerabilities
Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities
Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing
Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing
ETL Delegate 5.9.x / 6.0.x - Buffer Overflow
ETL Delegate 5.9.x/6.0.x - Buffer Overflow
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (1)
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (3)
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (1)
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (3)
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Remote Command Execution)
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution
PHP IRC Bot pbot - eval() Remote Code Execution (Metasploit)
PHP IRC Bot pbot - 'eval()' Remote Code Execution (Metasploit)
Icecast 1.3.7/1.3.8 - print_client() Format String
Icecast 1.3.7/1.3.8 - 'print_client()' Format String
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - glob() Buffer Overflow
FreeBSD 4.2-stable ftpd - glob() Buffer Overflow Vulnerabilities
OpenBSD 2.x < 2.8 ftpd - glob() Buffer Overflow
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow
FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities
OpenBSD 2.x < 2.8 FTPd - 'glob()' Buffer Overflow
Apache Tomcat 3.2.3/3.2.4 - Source.jsp Malformed Request Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Malformed Request Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - RealPath.jsp Malformed Request Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Malformed Request Information Disclosure
Working Resources BadBlue 1.7.3 - cleanSearchString() Cross-Site Scripting
Working Resources BadBlue 1.7.3 - 'cleanSearchString()' Cross-Site Scripting
NTR - ActiveX Control StopModule() Remote Code Execution (Metasploit)
NTR - ActiveX Control 'StopModule()' Remote Code Execution (Metasploit)
NTR - ActiveX Control Check() Method Buffer Overflow (Metasploit)
HP Application Lifecycle Management - XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution (Metasploit)
NTR - ActiveX Control 'Check()' Method Buffer Overflow (Metasploit)
HP Application Lifecycle Management - 'XGO.ocx' ActiveX 'SetShapeNodeType()' Remote Code Execution (Metasploit)
ghttpd 1.4.x - Log() Function Buffer Overflow
ghttpd 1.4.x - 'Log()' Function Buffer Overflow
zkfingerd 0.9.1 - say() Format String
zkfingerd 0.9.1 - 'say()' Format String
Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 gethostbyname() - Buffer Overflow
AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Buffer Overflow
Zlib 1.1.4 - Compression Library gzprintf() Buffer Overrun (2)
Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (2)
BitchX 1.0 - Remote Send_CTCP() Memory Corruption
BitchX 1.0 - Remote 'Send_CTCP()' Memory Corruption
PoPToP PPTP 1.0/1.1.x - Negative read() Argument Remote Buffer Overflow
PoPToP PPTP 1.0/1.1.x - Negative 'read()' Argument Remote Buffer Overflow
Invision Power Board (IP.Board) 3.3.4 - Unserialize() PHP Code Execution (Metasploit)
Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution (Metasploit)
NetIQ Privileged User Manager 2.3.1 - ldapagnt_eval() Remote Perl Code Execution (Metasploit)
NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Remote Perl Code Execution (Metasploit)
Valve Software Half-Life Server 1.1.1.0 / 3.1.1.1c1 / 4.1.1.1a - Multiplayer Request Buffer Overflow
Valve Software Half-Life Server 1.1.1.0/3.1.1.1c1/4.1.1.1a - Multiplayer Request Buffer Overflow
WU-FTPD 2.6.2 / 2.6.0 / 2.6.1 - 'realpath()' Off-by-One Buffer Overflow
FreeBSD 4.8 - realpath() Off-by-One Buffer Overflow
WU-FTPD 2.6.0/2.6.1/2.6.2 - 'realpath()' Off-by-One Buffer Overflow
FreeBSD 4.8 - 'realpath()' Off-by-One Buffer Overflow
InduSoft Web Studio - ISSymbol.ocx InternationalSeparator() Heap Overflow (Metasploit)
InduSoft Web Studio - 'ISSymbol.ocx' 'InternationalSeparator()' Heap Overflow (Metasploit)
GNU Anubis 3.6.x/3.9.x - auth.c auth_ident() Function Overflow
GNU Anubis 3.6.x/3.9.x - 'auth.c' 'auth_ident()' Function Overflow
Rlpr 2.0 - msg() Function Multiple Vulnerabilities
Rlpr 2.0 - 'msg()' Function Multiple Vulnerabilities
PHP 4.x/5.0 - Strip_Tags() Function Bypass
PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass
Movable Type 4.2x / 4.3x - Web Upgrade Remote Code Execution (Metasploit)
Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit)
NullSoft Winamp 2-5 - '.wsz' Remote Code Execution
NullSoft Winamp 2.4 < 5.0.4 - '.wsz' Remote Code Execution
Portable UPnP SDK - unique_service_name() Remote Code Execution (Metasploit)
Portable UPnP SDK - 'unique_service_name()' Remote Code Execution (Metasploit)
Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit)
Novell ZENworks Configuration Management 10 SP3/11 SP2 - Remote Execution (Metasploit)
PHP 4/5 - addslashes() Null Byte Bypass
PHP 4/5 - 'addslashes()' Null Byte Bypass
Smail 3 - Multiple Remote and Local Vulnerabilities
Smail 3 - Multiple Remote/Local Vulnerabilities
SIEMENS Solid Edge ST4/ST5 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx Remote Code Execution
SIEMENS Solid Edge ST4/ST5 WebPartHelper - ActiveX RFMSsvs!JShellExecuteEx Remote Code Execution
Novell Zenworks Mobile Device Managment 2.6.1 / 2.7.0 - Local File Inclusion (Metasploit)
Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)
Java Applet - Driver Manager Privileged toString() Remote Code Execution (Metasploit)
Java Applet - Driver Manager Privileged 'toString()' Remote Code Execution (Metasploit)
Oracle Java - storeImageArray() Invalid Array Indexing
Oracle Java - 'storeImageArray()' Invalid Array Indexing
PHP 4.x - tempnam() Function open_basedir Restriction Bypass
PHP 4.x - 'tempnam()' Function open_basedir Restriction Bypass
Oracle Java - IntegerInterleavedRaster.verify() Signed Integer Overflow
Oracle Java - 'IntegerInterleavedRaster.verify()' Signed Integer Overflow
Java - storeImageArray() Invalid Array Indexing (Metasploit)
Java - 'storeImageArray()' Invalid Array Indexing (Metasploit)
Oracle Java - BytePackedRaster.verify() Signed Integer Overflow
Oracle Java - 'BytePackedRaster.verify()' Signed Integer Overflow
Oracle Java - ShortComponentRaster.verify() Memory Corruption
Oracle Java - 'ShortComponentRaster.verify()' Memory Corruption
Apache 1.3.35 / 2.0.58 / 2.2.2 - Arbitrary HTTP Request Headers Security
Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security
Python 2.5 - PyLocale_strxfrm Function Remote Information Leak
Python 2.5 - 'PyLocale_strxfrm' Function Remote Information Leak
PHP 4.4.4 - Zip_Entry_Read() Integer Overflow
PHP 5.1.6 - Chunk_Split() Function Integer Overflow
PHP 4.4.4 - 'Zip_Entry_Read()' Integer Overflow
PHP 5.1.6 - 'Chunk_Split()' Function Integer Overflow
PHP 5.1.6 - Imap_Mail_Compose() Function Buffer Overflow
PHP 5.1.6 - Msg_Receive() Memory Allocation Integer Overflow
PHP 5.1.6 - 'Imap_Mail_Compose()' Function Buffer Overflow
PHP 5.1.6 - 'Msg_Receive()' Memory Allocation Integer Overflow
Zimbra Collaboration Server 7.2.2 / 8.0.2 - Local File Inclusion (Metasploit)
Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)
Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow
Ghostscript 8.0.1/8.15 - 'zseticcspace()' Function Buffer Overflow
VideoCharge Studio 2.12.3.685 - GetHttpResponse() MITM Remote Code Execution
VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution
Python socket.recvfrom_into() - Remote Buffer Overflow
Python - 'socket.recvfrom_into()' Remote Buffer Overflow
Vim 'mch_expand_wildcards()' - Heap Based Buffer Overflow
Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow
Boat Browser 8.0 / 8.0.1 - Remote Code Execution
Boat Browser 8.0/8.0.1 - Remote Code Execution
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit)
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)
Pro Softnet IDrive Online Backup 3.4.0 - ActiveX SaveToFile() Arbitrary File Overwrite
Pro Softnet IDrive Online Backup 3.4.0 - ActiveX 'SaveToFile()' Arbitrary File Overwrite
RealVNC 4.1.0 / 4.1.1 - Authentication Bypass
RealVNC 4.1.0/4.1.1 - Authentication Bypass
PHP 5.5.33 / 7.0.4 - SNMP Format String
PHP 5.5.33/7.0.4 - SNMP Format String
Cisco ASA Software 8.x / 9.x - IKEv1 and IKEv2 Buffer Overflow
Cisco ASA Software 8.x/9.x - IKEv1 / IKEv2 Buffer Overflow
OpenSSHd 7.2p2 - Username Enumeration
OpenSSH 7.2p2 - Username Enumeration
Drupal Module Coder < 7.x-1.3 / 7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039)
Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039)
FreePBX 13 / 14 - Remote Command Execution / Privilege Escalation
FreePBX 13/14 - Remote Command Execution / Privilege Escalation
Subversion 1.6.6 / 1.6.12 - Code Execution
Subversion 1.6.6/1.6.12 - Code Execution
Ansible 2.1.4 / 2.2.1 - Command Execution
Ansible 2.1.4/2.2.1 - Command Execution
Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit)
Piwik 2.14.0/2.16.0/2.17.1/3.0.1 - Superuser Plugin Upload (Metasploit)
GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)
Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)
Ruby on Rails 4.0.x/4.1.x/4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
Easy File Sharing Web Server 7.2 - GET HTTP Request (PassWD) Buffer Overflow (SEH)
Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit)
Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)
UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit
vBulletin - LAST.php SQL Injection
UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit
vBulletin - 'LAST.php' SQL Injection
phpBB 1.0.0 / 2.0.10 - admin_cash.php Remote Exploit
PHP 4.3.9 + phpBB 2.x - Unserialize() Remote Exploit (Compiled)
phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Exploit
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled)
e107 - include() Remote Exploit
e107 - 'include()' Remote Exploit
CuteNews 1.4.0 - Shell Inject Remote Command Execution
CuteNews 1.4.0 - Shell Injection / Remote Command Execution
CuteNews 1.4.1 - Shell Inject Remote Command Execution
CuteNews 1.4.1 - Shell Injection / Remote Command Execution
WebWiz Products 1.0 / 3.06 - Login Bypass (SQL Injection)
WebWiz Products 1.0/3.06 - Login Bypass (SQL Injection)
NOCC Webmail 1.0 - (Local Inclusion) Remote Code Execution
NOCC Webmail 1.0 - Local File Inclusion / Remote Code Execution
4Images 1.7.1 - (Local Inclusion) Remote Code Execution
4Images 1.7.1 - Local File Inclusion / Remote Code Execution
Fast Click 1.1.3 / 2.3.8 - 'show.php' Remote File Inclusion
Fast Click 1.1.3/2.3.8 - 'show.php' Remote File Inclusion
UBB Threads 6.4.x < 6.5.2 - (thispath) Remote File Inclusion
UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File Inclusion
UBB Threads 5.x / 6.x - Multiple Remote File Inclusion
UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusion
XMB 1.9.6 Final - basename() Remote Command Execution
PHPay 2.02 - 'nu_mail.inc.php' Remote mail() Injection
XMB 1.9.6 Final - 'basename()' Remote Command Execution
PHPay 2.02 - 'nu_mail.inc.php' 'mail()' Remote Injection
Phaos 0.9.2 - basename() Remote Command Execution
Phaos 0.9.2 - 'basename()' Remote Command Execution
Newsscript 0.5 - Remote File Inclusion / Local File Inclusion
Newsscript 0.5 - Local/Remote File Inclusion
exV2 < 2.0.4.3 - extract() Remote Command Execution
exV2 < 2.0.4.3 - 'extract()' Remote Command Execution
KGB 1.87 - (Local Inclusion) Remote Code Execution
KGB 1.87 - Local File Inclusion / Remote Code Execution
UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution
UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution
Invision Gallery 2.0.7 - readfile() & SQL Injection
Invision Gallery 2.0.7 - 'readfile()' / SQL Injection
Flatnuke 2.5.8 - file() Privilege Escalation / Code Execution
Flatnuke 2.5.8 - 'file()' Privilege Escalation / Code Execution
Invision Gallery 2.0.7 (Linux) - readfile() / SQL Injection
Invision Gallery 2.0.7 (Linux) - 'readfile()' / SQL Injection
Imageview 5 - 'Cookie/index.php' Remote / Local File Inclusion
Imageview 5 - 'Cookie/index.php' Local/Remote File Inclusion
Woltlab Burning Board Lite 1.0.2 - decode_cookie() SQL Injection
Woltlab Burning Board Lite 1.0.2 - 'decode_cookie()' SQL Injection
PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit
PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Injection
Cacti 0.8.6i - cmd.php popen() Remote Injection
Cacti 0.8.6i - 'cmd.php' 'popen()' Remote Injection
P-News 1.16 / 1.17 - 'user.dat' Remote Password Disclosure
P-News 1.16/1.17 - 'user.dat' Remote Password Disclosure
Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (1)
Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (2)
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (1)
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (2)
Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (3)
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (3)
Jupiter CMS 1.1.5 - 'index.php' Remote / Local File Inclusion
Jupiter CMS 1.1.5 - 'index.php' Local/Remote File Inclusion
PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 exec() eExploit
PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()' Exploit
MySpeach 3.0.7 - Remote / Local File Inclusion
MySpeach 3.0.7 - Local/Remote File Inclusion
YAAP 1.5 - __autoload() Remote File Inclusion
YAAP 1.5 - '__autoload()' Remote File Inclusion
Quick.Cart 2.2 - Remote File Inclusion / Local File Inclusion Remote Code Execution
Quick.Cart 2.2 - Local/Remote File Inclusion / Remote Code Execution
Sendcard 3.4.1 - (Local File Inclusion) Remote Code Execution
Sendcard 3.4.1 - Local File Inclusion / Remote Code Execution
Entertainment CMS - (Local Inclusion) Remote Command Execution
Entertainment CMS - Local File Inclusion / Remote Command Execution
iziContents rc6 - Remote File Inclusion / Local File Inclusion
iziContents rc6 - Local/Remote File Inclusion
PHP Project Management 0.8.10 - Multiple Remote File Inclusion / Local File Inclusion Vulnerabilities
PHP Project Management 0.8.10 - Multiple Local/Remote File Inclusions
Rayzz Script 2.0 - Remote File Inclusion / Local File Inclusion
Rayzz Script 2.0 - Local/Remote File Inclusion
SerWeb 2.0.0 dev1 2007-02-20 - Multiple Remote File Inclusion / Local File Inclusion Vulnerabilities
SerWeb 2.0.0 dev1 2007-02-20 - Multiple Local/Remote File Inclusion Vulnerabilities
SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection
SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection
Agares phpAutoVideo 2.21 - Remote / Local File Inclusion
Agares phpAutoVideo 2.21 - Local/Remote File Inclusion
TeamCalPro 3.1.000 - Multiple Remote / Local File Inclusion
TeamCalPro 3.1.000 - Multiple Local/Remote File Inclusions
NetRisk 1.9.7 - Remote / Local File Inclusion
NetRisk 1.9.7 - Local/Remote File Inclusion
AJchat 0.10 - unset() bug SQL Injection
AJchat 0.10 - 'unset()' bug SQL Injection
jspwiki 2.4.104 / 2.5.139 - Multiple Vulnerabilities
jspwiki 2.4.104/2.5.139 - Multiple Vulnerabilities
LookStrike Lan Manager 0.9 - Remote / Local File Inclusion
LookStrike Lan Manager 0.9 - Local/Remote File Inclusion
ExBB 0.22 - Local / Remote File Inclusion
ExBB 0.22 - Local/Remote File Inclusion
HomePH Design 2.10 RC2 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
HomePH Design 2.10 RC2 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
ourvideo CMS 9.5 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
ourvideo CMS 9.5 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
Pivot 1.40.5 - Dreamwind load_template() Credentials Disclosure
Pivot 1.40.5 - Dreamwind 'load_template()' Credentials Disclosure
1024 CMS 1.4.4 - Multiple Remote / Local File Inclusion
1024 CMS 1.4.4 - Multiple Local/Remote File Inclusion
Yourownbux 3.1 / 3.2 Beta - SQL Injection
Yourownbux 3.1/3.2 Beta - SQL Injection
Ol BookMarks Manager 0.7.5 - Remote File Inclusion / Local File Inclusion / SQL Injection
Ol BookMarks Manager 0.7.5 - Local File Inclusion / Remote File Inclusion / SQL Injection
wotw 5.0 - Local / Remote File Inclusion
wotw 5.0 - Local/Remote File Inclusion
PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion
PHPmyGallery 1.0beta2 - Local/Remote File Inclusion
PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion
PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local/Remote File Inclusion
ASPSiteWare Automotive Dealer 1.0 / 2.0 - SQL Injection
ASPSiteWare RealtyListing 1.0 / 2.0 - SQL Injection
ASPSiteWare Automotive Dealer 1.0/2.0 - SQL Injection
ASPSiteWare RealtyListing 1.0/2.0 - SQL Injection
phpskelsite 1.4 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
phpskelsite 1.4 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
PlaySms 0.9.3 - Multiple Remote / Local File Inclusion
PlaySms 0.9.3 - Multiple Local/Remote File Inclusions
Simple Machines Forum (SMF) 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
Simple Machines Forum (SMF) 1.0.13/1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
phpList 2.10.x - (Remote Code Execution by environ Inclusion) Local File Inclusion
phpList 2.10.x - Remote Code Execution / Local File Inclusion
GNUBoard 4.31.04 (09.01.30) - Multiple Local+Remote Vulnerabilities
GNUBoard 4.31.04 (09.01.30) - Local/Remote Multiple Vulnerabilities
OpenHelpDesk 1.0.100 - eval() Code Execution (Metasploit)
OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit)
Wili-CMS 0.4.0 - Remote File Inclusion / Local File Inclusion / Authentication Bypass
Wili-CMS 0.4.0 - Local File Inclusion / Remote File Inclusion / Authentication Bypass
PHP Director 0.21 - (SQL into outfile) eval() Injection
PHP Director 0.21 - (SQL Into Outfile) 'eval()' Injection
UBB.Threads 5.5.1 - (message) SQL Injection
UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection
Geeklog 1.5.2 - SEC_authenticate() SQL Injection
Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection
WebPortal CMS 0.8b - Multiple Remote / Local File Inclusion
WebPortal CMS 0.8b - Multiple Local/Remote File Inclusions
PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Inject
Bitweaver 2.6 - saveFeed() Remote Code Execution
PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Injection
Bitweaver 2.6 - 'saveFeed()' Remote Code Execution
School Data Navigator - (page) Local / Remote File Inclusion
School Data Navigator - 'page' Local/Remote File Inclusion
phpCollegeExchange 0.1.5c - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
phpCollegeExchange 0.1.5c - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
ClearContent - 'image.php url' Remote File Inclusion / Local File Inclusion
ClearContent - 'image.php url' Local/Remote File Inclusion
e107 Plugin my_gallery 2.4.1 - readfile() Local File Disclosure
e107 Plugin my_gallery 2.4.1 - 'readfile()' Local File Disclosure
skadate dating - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
skadate dating - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
Ultrize TimeSheet 1.2.2 - readfile() Local File Disclosure
Ultrize TimeSheet 1.2.2 - 'readfile()' Local File Disclosure
aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass/File Disclosure) Multiple Remote Vulnerabilities
aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass / File Disclosure) Multiple Remote Vulnerabilities
Facil Helpdesk - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Remote Vulnerabilities
IsolSoft Support Center 2.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Vulnerabilities
Facil Helpdesk - (Local File Inclusion / Remote File Inclusion / Cross-Site Scripting) Multiples Remote Vulnerabilities
IsolSoft Support Center 2.5 - (Local File Inclusion / Remote File Inclusion / Cross-Site Scripting) Multiples Vulnerabilities
ZeroBoard 4.1 pl7 - now_connect() Remote Code Execution
ZeroBoard 4.1 pl7 - 'now_connect()' Remote Code Execution
DedeCMS 5.1 - SQL Injection
DeDeCMS 5.1 - SQL Injection
TwonkyMedia Server 4.4.17 / 5.0.65 - Cross-Site Scripting
TwonkyMedia Server 4.4.17/5.0.65 - Cross-Site Scripting
Xerver 4.31 / 4.32 - HTTP Response Splitting
Xerver 4.31/4.32 - HTTP Response Splitting
sugar crm 5.5.0.rc2 / 5.2.0j - Multiple Vulnerabilities
Sugar CRM 5.5.0.rc2/5.2.0j - Multiple Vulnerabilities
Quate CMS 0.3.5 - Remote File Inclusion / Local File Inclusion
Quate CMS 0.3.5 - Local/Remote File Inclusion
Invision Power Board 3.0.4 / 3.0.4 / 2.3.6 - Local File Inclusion / SQL Injection
UBB.Threads 7.5.4 2 - Multiple File Inclusion
Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection
UBBCentral UBB.Threads 7.5.4 2 - Multiple File Inclusion
NAS Uploader 1.0 / 1.5 - Arbitrary File Upload
NAS Uploader 1.0/1.5 - Arbitrary File Upload
Pandora FMS Monitoring Application 2.1.x / 3.x - SQL Injection
Pandora FMS Monitoring Application 2.1.x /3.x - SQL Injection
UBB Threads 6.0 - Remote File Inclusion
UBBCentral UBB.Threads 6.0 - Remote File Inclusion
fileNice PHP file browser - Remote File Inclusion / Local File Inclusion
fileNice PHP file browser - Local/Remote File Inclusion
Pay Per Minute Video Chat Script 2.0 / 2.1 - Multiple Vulnerabilities
Pay Per Minute Video Chat Script 2.0/2.1 - Multiple Vulnerabilities
ProfitCode Shopping Cart - Multiple Local File Inclusion / Remote File Inclusion Vulnerabilities
ProfitCode Shopping Cart - Multiple Local/Remote File Inclusion Vulnerabilities
Izumi 1.1.0 - (Remote File Inclusion / Local File Inclusion) Multiple Include
Izumi 1.1.0 - (Local File Inclusion / Remote File Inclusion) Multiple Include
TSOKA:CMS 1.1 / 1.9 / 2.0 - SQL Injection / Cross-Site Scripting
TSOKA:CMS 1.1/1.9/2.0 - SQL Injection / Cross-Site Scripting
Facil-CMS 0.1RC2 - Local / Remote File Inclusion
Facil-CMS 0.1RC2 - Local/Remote File Inclusion
jevoncms - Local File Inclusion / Remote File Inclusion
jevoncms - Local/Remote File Inclusion
Vieassociative Openmairie 1.01 Beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Vieassociative Openmairie 1.01 Beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Openurgence vaccin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Police Municipale Open Main Courante 1.01beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openurgence vaccin 1.03 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Police Municipale Open Main Courante 1.01beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Openscrutin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openscrutin 1.03 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Openreglement 1.04 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openreglement 1.04 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Openregistrecil 1.02 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openregistrecil 1.02 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Openplanning 1.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openfoncier 2.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Madirish Webmail 2.01 - 'baseDir' Remote File Inclusion / Local File Inclusion
Openplanning 1.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Openfoncier 2.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Madirish Webmail 2.01 - 'baseDir' Local/Remote File Inclusion
Opencourrier 2.03beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Opencourrier 2.03beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
AutoDealer 1.0 / 2.0 - MSSQL Injection
AutoDealer 1.0/2.0 - MSSQL Injection
Openannuaire Openmairie Annuaire 2.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion
Openannuaire Openmairie Annuaire 2.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions
Waibrasil - Remote File Inclusion / Local File Inclusion
Waibrasil - Local/Remote File Inclusion
Spaw Editor 1.0 / 2.0 - Arbitrary File Upload
Spaw Editor 1.0/2.0 - Arbitrary File Upload
PHP SETI@home Web monitor - (PHPsetimon) Remote File Inclusion / Local File Inclusion
PHP SETI@home Web monitor - 'PHPsetimon' Local/Remote File Inclusion
vBulletin(R) 3.8.6 - faq.php Information Disclosure
vBulletin 3.8.6 - 'faq.php' Information Disclosure
Open Realty 2.x / 3.x - Persistent Cross-Site Scripting
Open Realty 2.x/3.x - Persistent Cross-Site Scripting
vBulletin 3.8.4 / 3.8.5 - Registration Bypass
vBulletin 3.8.4/3.8.5 - Registration Bypass
vbShout 5.2.2 - Remote / Local File Inclusion
vbShout 5.2.2 - Local/Remote File Inclusion
Zoopeer 0.1 / 0.2 - 'FCKeditor' Arbitrary File Upload
Zoopeer 0.1/0.2 - 'FCKeditor' Arbitrary File Upload
xt:Commerce Shopsoftware 3 / 4 - 'FCKeditor' Arbitrary File Upload
xt:Commerce Shopsoftware 3/4 - 'FCKeditor' Arbitrary File Upload
CakePHP 1.3.5 / 1.2.8 - Unserialize()
CakePHP 1.3.5/1.2.8 - 'Unserialize()' Exploit
vBSEO 3.5.2 / 3.2.2 - Persistent Cross-Site Scripting via LinkBacks
vBSEO Sitemap 2.5 / 3.0 - Multiple Vulnerabilities
vBSEO 3.2.2/3.5.2 - Persistent Cross-Site Scripting via LinkBacks
vBSEO Sitemap 2.5/3.0 - Multiple Vulnerabilities
Geomi CMS 1.2 / 3.0 - SQL Injection
Geomi CMS 1.2/3.0 - SQL Injection
cChatBox for vBulletin 3.6.8 / 3.7.x - SQL Injection
cChatBox for vBulletin 3.6.8/3.7.x - SQL Injection
Redmine SCM Repository 0.9.x / 1.0.x - Arbitrary Command Execution (Metasploit)
Redmine SCM Repository 0.9.x/1.0.x - Arbitrary Command Execution (Metasploit)
vBulletin - misc.php Template Name Arbitrary Code Execution (Metasploit)
vBulletin - 'misc.php' Template Name Arbitrary Code Execution (Metasploit)
CakePHP 1.3.5 / 1.2.8 - Cache Corruption Exploit (Metasploit)
CakePHP 1.3.5/1.2.8 - Cache Corruption Exploit (Metasploit)
SmarterMail 7.3 / 7.4 - Multiple Vulnerabilities
SmarterMail 7.3/7.4 - Multiple Vulnerabilities
WordPress Plugin BackWPup - Remote Code Execution /Local Code Execution
WordPress Plugin BackWPup - Remote Code Execution / Local Code Execution
WebSVN 2.3.2 - Unproper Metacharacters Escaping exec() Remote Command Injection
WebSVN 2.3.2 - Unproper Metacharacters Escaping 'exec()' Remote Command Injection
LuxCal Web Calendar 2.4.2 / 2.5.0 - SQL Injection
LuxCal Web Calendar 2.4.2/2.5.0 - SQL Injection
Joomla! Component 'com_virtuemart' 1.5 / 1.1.7 - Blind Time-Based SQL Injection (Metasploit)
Joomla! Component 'com_virtuemart' 1.1.7/1.5 - Blind Time-Based SQL Injection (Metasploit)
WSN Classifieds 6.2.12 / 6.2.18 - Multiple Vulnerabilities
Family Connections CMS 2.5.0 / 2.7.1 - 'less.php' Remote Command Execution
WSN Classifieds 6.2.12/6.2.18 - Multiple Vulnerabilities
Family Connections CMS 2.5.0/2.7.1 - 'less.php' Remote Command Execution
Typo3 4.5 < 4.7 - Remote Code Execution (Remote File Inclusion / Local File Inclusion)
Typo3 4.5 < 4.7 - Remote Code Execution / Local File Inclusion / Remote File Inclusion
phpMyAdmin 3.3.x / 3.4.x - Local File Inclusion via XXE Injection (Metasploit)
phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XXE Injection (Metasploit)
Log1 CMS - writeInfo() PHP Code Injection (Metasploit)
Log1 CMS - 'writeInfo()' PHP Code Injection (Metasploit)
MiniCMS 1.0 / 2.0 - PHP Code Inject
MiniCMS 1.0/2.0 - PHP Code Injection
4Images 1.7.6-9 - Cross-Site Request Forgery / Inject PHP Code
4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection
FreePBX 2.10.0 / 2.9.0 - Multiple Vulnerabilities
FreePBX 2.9.0/2.10.0 - Multiple Vulnerabilities
FreePBX 2.10.0 / 2.9.0 - callmenum Remote Code Execution (Metasploit)
FreePBX 2.9.0/2.10.0 - 'callmenum' Remote Code Execution (Metasploit)
Woltlab Burning Board 2.2 / 2.3 - [WN]KT KickTipp 3.1 - SQL Injection
Woltlab Burning Board 2.2/2.3 [WN]KT KickTipp 3.1 - SQL Injection
SugarCRM CE 6.3.1 - Unserialize() PHP Code Execution (Metasploit)
webERP 4.08.1 - Local / Remote File Inclusion
SugarCRM CE 6.3.1 - 'Unserialize()' PHP Code Execution (Metasploit)
webERP 4.08.1 - Local/Remote File Inclusion
Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution (Metasploit)
Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution (Metasploit)
House Style 0.1.2 - readfile() Local File Disclosure
House Style 0.1.2 - 'readfile()' Local File Disclosure
OTRS Open Technology Real Services 3.1.8 / 3.1.9 - Cross-Site Scripting
OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
ServersCheck Monitoring Software 9.0.12 / 9.0.14 - Persistent Cross-Site Scripting
ServersCheck Monitoring Software 9.0.12/9.0.14 - Persistent Cross-Site Scripting
airVisionNVR 1.1.13 - readfile() Disclosure / SQL Injection
airVisionNVR 1.1.13 - 'readfile()' Disclosure / SQL Injection
Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabilities
Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities
IP.Gallery 4.2.x / 5.0.x - Persistent Cross-Site Scripting
IP.Gallery 4.2.x/5.0.x - Persistent Cross-Site Scripting
Alt-N MDaemon 13.0.3 / 12.5.6 - Email Body HTML/JS Injection
Alt-N MDaemon 12.5.6/13.0.3 - Email Body HTML/JS Injection
parachat 5.5 - Directory Traversal
Parachat 5.5 - Directory Traversal
DCP-Portal 3.7/4.x/5.x - calendar.php Multiple Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'calendar.php' Multiple Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - announcement.php cid Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - news.php cid Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - contents.php cid Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'announcement.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'news.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'contents.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - calendar.php HTTP Response Splitting
DCP-Portal 3.7/4.x/5.x - 'calendar.php' HTTP Response Splitting
UBBCentral UBB.Threads 6.2.3/6.5 - showflat.php Cat Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - calendar.php Cat Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' Cat Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - online.php Cat Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting
phpVms Virtual Airline Administration 2.1.934 / 2.1.935 - SQL Injection
phpVms Virtual Airline Administration 2.1.934/2.1.935 - SQL Injection
phpMyAdmin 3.5.8 / 4.0.0-RC2 - Multiple Vulnerabilities
phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities
UBBCentral UBB.Threads 6.0 - editpost.php SQL Injection
UBBCentral UBB.Threads 6.0 - 'editpost.php' SQL Injection
Wifi Photo Transfer 2.1 / 1.1 PRO - Multiple Vulnerabilities
Wifi Photo Transfer 2.1/1.1 PRO - Multiple Vulnerabilities
File Lite 3.3 / 3.5 PRO iOS - Multiple Vulnerabilities
File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities
IPB (Invision Power Board) 1.x? / 2.x / 3.x - Admin Account Takeover
IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover
UBBCentral 6.0 - UBB.threads Printthread.php SQL Injection
UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL Injection
Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x / 7.x) - Persistent Cross-Site Scripting
Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting
SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation
SPIP - CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation
YaPiG 0.9x - Remote File Inclusion / Local File Inclusion
YaPiG 0.9x - Local/Remote File Inclusion
UBBCentral UBB.Threads 5.5.1/6.x - download.php Number Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - calendar.php Multiple Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - modifypost.php Number Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - viewmessage.php message Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - addfav.php main Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - notifymod.php Number Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - grabnext.php posted Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection
Cuppa CMS - 'alertConfigField.php' Remote / Local File Inclusion
Cuppa CMS - 'alertConfigField.php' Local/Remote File Inclusion
Xibo 1.2.2 / 1.4.1 - 'index.php' p Parameter Directory Traversal
Xibo 1.2.2/1.4.1 - 'index.php' p Parameter Directory Traversal
UBB.Threads 6.3 - showflat.php SQL Injection
UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injection
Virtual Hosting Control System 2.2/2.4 - 'login.php' check_login() Function Authentication Bypass
Virtual Hosting Control System 2.2/2.4 - 'login.php' 'check_login()' Function Authentication Bypass
ATutor 1.5.x - admin/fix_content.php submit Parameter Cross-Site Scripting
ATutor 1.5.x - 'admin/fix_content.php' 'submit' Parameter Cross-Site Scripting
Mirapoint Web Mail - Expression() HTML Injection
Mirapoint Web Mail - 'Expression()' HTML Injection
Onpub CMS 1.4 / 1.5 - Multiple SQL Injections
Onpub CMS 1.4/1.5 - Multiple SQL Injections
ImpressPages CMS 3.6 - manage() Function Remote Code Execution
ImpressPages CMS 3.6 - 'manage()' Function Remote Code Execution
Coppermine Photo Gallery 1.4.10 - Multiple Remote File Inclusion / Local File Inclusion
Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusion
Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass (Metasploit)
Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass (Metasploit)
UBB.Threads 6.1.1 - UBBThreads.php SQL Injection
UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL Injection
WHMCompleteSolution (WHMCS) 4.x / 5.x - Multiple Web Vulnerabilities
WHMCompleteSolution (WHMCS) 4.x/5.x - Multiple Web Vulnerabilities
Jenkins 1.523 - Inject Persistent HTML Code
Jenkins 1.523 - Persistent HTML Code
CTERA 3.2.29.0 / 3.2.42.0 - Persistent Cross-Site Scripting
CTERA 3.2.29.0/3.2.42.0 - Persistent Cross-Site Scripting
UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection
UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection
Drupal < 6.16 / 5.22 - Multiple Vulnerabilities
Drupal < 5.22/6.16 - Multiple Vulnerabilities
AdvertisementManager 3.1 - 'req' Parameter Local File Inclusion / Remote File Inclusion
AdvertisementManager 3.1 - 'req' Parameter Local/Remote File Inclusion
Ultra Electronics 7.2.0.19 / 7.4.0.7 - Multiple Vulnerabilities
Ultra Electronics 7.2.0.19/7.4.0.7 - Multiple Vulnerabilities
net2ftp 0.98 (stable) - 'admin1.template.php' Local File Inclusion / Remote File Inclusion
net2ftp 0.98 (stable) - 'admin1.template.php' Local/Remote File Inclusion
MyBB 1.8.2 - unset_globals() Function Bypass / Remote Code Execution
MyBB 1.8.2 - 'unset_globals()' Function Bypass / Remote Code Execution
WordPress Plugin Spellchecker 3.1 - 'general.php' Local File Inclusion / Remote File Inclusion
WordPress Plugin Spellchecker 3.1 - 'general.php' Local/Remote File Inclusion
Pimcore 3.0 / 2.3.0 CMS - SQL Injection
phpList 3.0.6 / 3.0.10 - SQL Injection
Pimcore 2.3.0/3.0 CMS - SQL Injection
phpList 3.0.6/3.0.10 - SQL Injection
Guppy CMS 5.0.9 / 5.00.10 - Authentication Bypass/Change Email
Guppy CMS 5.0.9/5.00.10 - Authentication Bypass/Change Email
UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting
UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting
OSClass 2.3.3 - 'index.php' getParam() Function Multiple Parameter Cross-Site Scripting
OSClass 2.3.3 - 'index.php' 'getParam()' Function Multiple Parameter Cross-Site Scripting
OpenEMR 4.1 - 'Interface/fax/fax_dispatch.php' File Parameter exec() Call Arbitrary Shell Command Execution
OpenEMR 4.1 - 'Interface/fax/fax_dispatch.php' File Parameter 'exec()' Call Arbitrary Shell Command Execution
Fork CMS 3.x - backend/modules/error/actions/index.php parse() Function Multiple Parameter Error Display Cross-Site Scripting
Fork CMS 3.x - 'backend/modules/error/actions/index.php' 'parse()' Function Multiple Parameter Error Display Cross-Site Scripting
DedeCMS < 5.7-sp1 - Remote File Inclusion
DeDeCMS < 5.7-sp1 - Remote File Inclusion
WK UDID 1.0.1 iOS - Command Inject
WK UDID 1.0.1 iOS - Command Injection
MindTouch DekiWiki - Multiple Remote File Inclusion / Local File Inclusion
MindTouch DekiWiki - Multiple Local/Remote File Inclusions
PHP 5.5.9 - cgimode fpm writeprocmemfile Bypass disable function
PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function
Western Digital My Cloud 04.01.03-421 / 04.01.04-422 - Command Injection
Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection
Belkin Router N150 1.00.08 / 1.00.09 - Directory Traversal
Belkin Router N150 1.00.08/1.00.09 - Directory Traversal
b374k Web Shell 3.2.3 / 2.8 - Cross-Site Request Forgery / Command Injection
b374k Web Shell 3.2.3/2.8 - Cross-Site Request Forgery / Command Injection
CakePHP 2.2.8 / 2.3.7 - AssetDispatcher Class Local File Inclusion
CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion
AlegroCart 1.2.8 - Local File Inclusion / Remote File Inclusion
AlegroCart 1.2.8 - Local/Remote File Inclusion
HumHub 0.11.2 / 0.20.0-beta.2 - SQL Injection
HumHub 0.11.2/0.20.0-beta.2 - SQL Injection
xBoard 5.0 / 5.5 / 6.0 - 'view.php' Local File Inclusion
xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion
qEngine 4.1.6 / 6.0.0 - 'task.php' Local File Inclusion
qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion
Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 - Multiple Vulnerabilities
Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
dotDefender Firewall 5.00.12865 / 5.13-13282 - Cross-Site Request Forgery
dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery
Chamilo LMS IDOR - (messageId) Delete POST Inject
Chamilo LMS IDOR - 'messageId' Delete POST Injection
WordPress Plugin Site Import 1.0.1 - Local File Inclusion / Remote File Inclusion
WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion
WordPress Plugin Brandfolder 3.0 - Remote File Inclusion / Local File Inclusion
WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion
PQI Air Pen Express 6W51-0000R2 / 6W51-0000R2XXX - Multiple Vulnerabilities
PQI Air Pen Express 6W51-0000R2/6W51-0000R2XXX - Multiple Vulnerabilities
Novell ServiceDesk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities
Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities
Totemomail 4.x / 5.x - Persistent Cross-Site Scripting
Totemomail 4.x/5.x - Persistent Cross-Site Scripting
Tiki Wiki CMS Calendar 14.2 / 12.5 LTS / 9.11 LTS / 6.15 - Remote Code Execution
Tiki Wiki CMS Calendar 6.15/9.11 LTS/12.5 LTS/14.2 - Remote Code Execution
Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated Arbitrary File Upload
Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Unauthenticated Arbitrary File Upload
Untangle NGFW 12.1.0 Beta - execEvil() Command Injection
Untangle NGFW 12.1.0 Beta - 'execEvil()' Command Injection
GSX Analyzer 10.12 / 11 - 'main.swf' Hard-Coded Superadmin Credentials
GSX Analyzer 10.12/11 - 'main.swf' Hard-Coded Superadmin Credentials
Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
Trend Micro Deep Discovery 3.7 / 3.8 SP1 (3.81) / 3.8 SP2 (3.82) - hotfix_upload.cgi Filename Remote Code Execution
Trend Micro Deep Discovery 3.7/3.8 SP1 (3.81)/3.8 SP2 (3.82) - 'hotfix_upload.cgi' Filename Remote Code Execution
WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities
WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities
Zabbix 2.2.x / 3.0.x - SQL Injection
Zabbix 2.2.x/3.0.x - SQL Injection
Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal
Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection
Lepton CMS 2.2.0/2.2.1 - Directory Traversal
Lepton CMS 2.2.0/2.2.1 - PHP Code Injection
RSS News AutoPilot Script 1.0.1 / 3.1.0 - Admin Panel Authentication Bypass
RSS News AutoPilot Script 1.0.1/3.1.0 - Admin Panel Authentication Bypass
Oracle BI Publisher 11.1.1.6.0 / 11.1.1.7.0 / 11.1.1.9.0 / 12.2.1.0.0 - XML External Entity Injection
Oracle BI Publisher 11.1.1.6.0/11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 - XML External Entity Injection
SPIP 3.1.1 / 3.1.2 - File Enumeration / Path Traversal
SPIP 3.1.1/3.1.2 - File Enumeration / Path Traversal
WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery
WordPress Plugin Quiz And Survey Master 4.5.4/4.7.8 - Cross-Site Request Forgery
Zoneminder 1.29 / 1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery
Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery
RSS News AutoPilot Script 1.0.1 / 3.0.3 - Cross-Site Request Forgery
RSS News AutoPilot Script 1.0.1/3.0.3 - Cross-Site Request Forgery
Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'license.php' Remote Command Execution (Metasploit)
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'welcome' Remote Command Execution (Metasploit)
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)
Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution (Metasploit)
Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit)
Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution
Horde Groupware Webmail 3/4/5 - Multiple Remote Code Execution
Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities
Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities
I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
GLPI 0.90.4 - SQL Injection
WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection
2017-06-28 05:01:23 +00:00
Offensive Security
6ab9a26ee4
DB: 2017-06-27
...
10 new exploits
PHP Exif Extension - 'exif_read_data()' Function Remote Denial of Service
PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service
PHP phar extension 1.1.1 - Heap Overflow
PHP 'phar' Extension 1.1.1 - Heap Overflow
PHP 5.2.1 GD Extension - '.WBMP' File Integer Overflow Vulnerabilities
PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities
PHP 5.3.1 - 'session_save_path()' 'Safe_mode' Restriction-Bypass
PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot
PHP 5.3.2 xmlrpc Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.x - 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x - 'Zip' Extension 'stream_get_contents()' Function Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service
unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write
unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write
NTFS 3.1 - Master File Table Denial of Service
LAME 3.99.5 - 'II_step_one' Buffer Overflow
LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow
PHP COM extensions - (inconsistent Win32) Safe_mode Bypass Exploit
PHP 'COM' Extensions - (inconsistent Win32) 'safe_mode' Bypass Exploit
PHP 5.2.3 Tidy extension - Local Buffer Overflow
PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow
PHP 5.2.3 - Win32std ext. Safe_mode/disable_functions Protections Bypass
PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
PHP 5.x - (Win32service) Local Safe Mode Bypass Exploit
PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit
PHP FFI Extension 5.0.5 - Local Safe_mode Bypass
PHP Perl Extension - Safe_mode BypassExploit
PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit
PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit
PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass
PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit
PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass
PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
PHP 5.x - COM functions Safe_mode and disable_function Bypass
PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
PHP 5.2.6 - (error_log) Safe_mode Bypass
PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit
PHP - Safe_mode Bypass via proc_open() and custom Environment
PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment
PHP python extension safe_mode - Bypass Local
PHP 'python' Extension - 'safe_mode' Local Bypass Exploit
PHP 3 < 5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass
PHP 3 < 5 - Ini_Restore() 'Safe_mode' / 'open_basedir' Restriction Bypass
PHP 5.2 - Session.Save_Path() Safe_mode and open_basedir Restriction Bypass
PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass
PHP 5.2 - FOpen Safe_mode Restriction-Bypass
PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities
suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass
suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit
PHP 5.2.9 cURL - 'Safe_mode' and 'open_basedir' Restriction-Bypass
PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit
JAD Java Decompiler 1.5.8e - Buffer Overflow
Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass/RCI Exploit
Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit
Network Tool 0.2 PHP-Nuke Addon - MetaCharacter Filtering Command Execution
PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution
PHP 4.x/5.x - Html_Entity_Decode() Information Disclosure
PHP 4.x/5.x - 'Html_Entity_Decode()' Information Disclosure
PHP 4.x - copy() Function Safe Mode Bypass
PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit
PHP 5.2.5 - cURL 'safe mode' Security Bypass
PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit
PHP 5.x (5.3.x 5.3.2) - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution
Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution
Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)
Crypttech CryptoLog - Remote Code Execution (Metasploit)
Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)
Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit)
Linux/x86 - Bind Shell Shellcode (75 bytes)
JiRos Banner Experience 1.0 - (Create Authentication Bypass) Remote Exploit
JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit
XOOPS myAds Module - (lid) SQL Injection
XOOPS myAds Module - 'lid' SQL Injection
PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit
PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit
Kolang - proc_open PHP safe mode Bypass 4.3.10 - 5.3.0 Exploit
Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit
SmarterMail 7.x (7.2.3925) - Persistent Cross-Site Scripting
SmarterMail 7.x (7.2.3925) - LDAP Injection
SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting
SmarterMail < 7.2.3925 - LDAP Injection
MaticMarket 2.02 for PHP-Nuke - Local File Inclusion
PHP-Nuke MaticMarket 2.02 - Local File Inclusion
WordPress Plugin BuddyPress plugin 1.5.x < 1.5.5 - SQL Injection
WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection
Search Enhanced Module 1.1/2.0 for PHP-Nuke - HTML Injection
PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection
SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit
SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Exploit
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit
PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock)
PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock)
phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection
pragmaMx 1.12.1 - modules.php URI Cross-Site Scripting
pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting
Glossaire Module for XOOPS - '/modules/glossaire/glossaire-aff.php' SQL Injection
XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection
ATutor LMS - install_modules.php Cross-Site Request Forgery / Remote Code Execution
ATutor LMS - 'install_modules.php' Cross-Site Request Forgery / Remote Code Execution
vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
Eltek SmartPack - Backdoor Account
2017-06-27 05:01:26 +00:00
Offensive Security
66671632b5
DB: 2017-06-24
...
16 new exploits
Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption
Microsoft Windows - 'USP10!ttoGetTableData' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!SubstituteNtoM' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!CreateIndexTable' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!NextCharInLiga' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!otlSinglePosLookup::getCoverageTable' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!otlValueRecord::adjustPos' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'USP10!otlReverseChainingLookup::apply' Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - 'nt!NtQueryInformationResourceManager (information class 0)' Kernel Stack Memory Disclosure
Microsoft Windows - Kernel ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table
Microsoft Windows - 'nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation)' Kernel Stack Memory Disclosure
unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write
Microsoft Edge - 'CssParser::RecordProperty' Type Confusion
Adobe Flash - AVC Edge Processing Out-of-Bounds Read
Adobe Flash - Image Decoding Out-of-Bounds Read
Adobe Flash - ATF Parser Heap Corruption
Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
2017-06-24 05:01:27 +00:00
Offensive Security
86f822c557
DB: 2017-06-23
...
11 new exploits
Microsoft Windows - ASN.1 LSASS.exe Remote Exploit (MS04-007)
Microsoft Windows - ASN.1 'LSASS.exe' Remote Exploit (MS04-007)
Slackware Linux - /usr/bin/ppp-off Insecure /tmp Call Exploit
Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call Exploit
Microsoft Windows XP/2000 - TCP Connection Reset Remote Attack Tool
Microsoft Windows XP/2000 - TCP Connection Reset Remote Exploit
PostgreSQL 8.01 - Remote Reboot Denial of Service
PostgreSQL 8.01 - Remote Reboot (Denial of Service)
Cisco IP Phone 7940 - (Reboot) Denial of Service
Cisco IP Phone 7940 - Reboot (Denial of Service)
Cisco Aironet Wireless Access Points - Memory Exhaustion ARP Attack Denial of Service
Cisco Aironet Wireless Access Points - Memory Exhaustion ARP (Denial of Service)
Dropbear / OpenSSH Server - (MAX_UNAUTH_CLIENTS) Denial of Service
Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIENTS' Denial of Service
2WIRE Modems/Routers - CRLF Denial of Service
2WIRE Modems/Routers - 'CRLF' Denial of Service
FTP Explorer 1.0.1 Build 047 - (CPU Consumption) Remote Denial of Service
FTP Explorer 1.0.1 Build 047 - Remote CPU Consumption (Denial of Service)
Cisco Phone 7940/7960 - (SIP INVITE) Remote Denial of Service
Cisco Phone 7940/7960 - 'SIP INVITE' Remote Denial of Service
Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Hang / Crash (Denial of Service)
Mozilla Firefox 2.0.0.3 / Gran Paradiso 3.0a3 - Hang / Crash (Denial of Service)
Linksys SPA941 - (remote reboot) Remote Denial of Service
Linksys SPA941 - Remote Reboot (Denial of Service)
CA BrightStor Backup 11.5.2.0 - caloggderd.exe Denial of Service
CA BrightStor Backup 11.5.2.0 - Mediasvr.exe Denial of Service
CA BrightStor Backup 11.5.2.0 - 'caloggderd.exe' Denial of Service
CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Denial of Service
Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial of Service
Galaxy FTP Server 1.0 (Neostrada Livebox DSL Router) - Denial of Service
Mcafee EPO 4.0 - FrameworkService.exe Remote Denial of Service
Mcafee EPO 4.0 - 'FrameworkService.exe' Remote Denial of Service
Xerox Phaser 8400 - (reboot) Remote Denial of Service
Xerox Phaser 8400 - Remote Reboot (Denial of Service)
Microsoft Windows Mobile 6.0 - Device long name Remote Reboot Exploit
Microsoft Windows Mobile 6.0 - Device Long Name Remote Reboot (Denial of Service)
Linksys WAG54G v2 (Wireless ADSL Router) - httpd Denial of Service
Linksys WAG54G v2 Wireless ADSL Router - httpd Denial of Service
Netgear SSL312 Router - Denial of Service
NETGEAR SSL312 Router - Denial of Service
Netgear WGR614v9 Wireless Router - Denial of Service
NETGEAR WGR614v9 Wireless Router - Denial of Service
Gigaset SE461 WiMAX router - Remote Denial of Service
Gigaset SE461 WiMAX Router - Remote Denial of Service
Netgear DG632 Router - Remote Denial of Service
NETGEAR DG632 Router - Remote Denial of Service
Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC)
Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (Denial of Service) (PoC)
Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot Exploit
Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot (Denial of Service)
Siemens Gigaset SE361 WLAN - Remote Reboot Exploit
Siemens Gigaset SE361 WLAN - Remote Reboot (Denial of Service)
Apple Mac OSX 10.6 - HFS File System Attack (Denial of Service)
Apple Mac OSX 10.6 - HFS FileSystem Exploit (Denial of Service)
HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe' 'execvp_nc' Remote Code Execution
Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe Denial of Service (PoC)
Cyclope Internet Filtering Proxy 4.0 - 'CEPMServer.exe' Denial of Service (PoC)
AirTies-4450 - Unauthorized Remote Reboot
AirTies-4450 - Unauthorized Remote Reboot (Denial of Service)
Digital Ultrix 4.0/4.1 - /usr/bin/chroot Exploit
SunOS 4.1.1 - /usr/release/bin/makeinstall Exploit
SunOS 4.1.1 - /usr/release/bin/winstall Exploit
Digital Ultrix 4.0/4.1 - '/usr/bin/chroot' Exploit
SunOS 4.1.1 - '/usr/release/bin/makeinstall' Exploit
SunOS 4.1.1 - '/usr/release/bin/winstall' Exploit
Linux Kernel 2.2 - 'ldd core' Force Reboot
Linux Kernel 2.2 - 'ldd core' Force Reboot (Denial of Service)
Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - visiadmin.exe Denial of Service
Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - 'visiadmin.exe' Denial of Service
OReilly WebSite 1.x/2.0 - win-c-sample.exe Buffer Overflow
OReilly WebSite 1.x/2.0 - 'win-c-sample.exe' Buffer Overflow
Microsoft Internet Explorer 5.0.1/5.5 - 'mstask.exe' CPU Consumption
Microsoft Internet Explorer 5.0.1/5.5 - 'mstask.exe' CPU Consumption (Denial of Service)
ID Software Quake 3 - 'smurf attack' Denial of Service
ID Software Quake 3 - 'SMURF' Denial of Service
Melange Chat System 2.0.2 Beta 2 - /yell Remote Buffer Overflow
Melange Chat System 2.0.2 Beta 2 - '/yell' Remote Buffer Overflow
Microsoft Windows NT/2000 - cmd.exe CD Buffer Overflow
Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow
Gordano Messaging Suite 9.0 - WWW.exe Denial of Service
Gordano Messaging Suite 9.0 - 'WWW.exe' Denial of Service
TYPSoft FTP Server 1.1 - Remote CPU Consumption Denial of Service
TYPSoft FTP Server 1.1 - Remote CPU Consumption (Denial of Service)
Microsoft Windows XP - explorer.exe Remote Denial of Service
Microsoft Windows XP - 'explorer.exe' Remote Denial of Service
VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions
VMware Workstation - 'vprintproxy.exe' JPEG2000 Images Multiple Memory Corruptions
Gattaca Server 2003 - web.tmpl Language Variable CPU Consumption Denial of Service
Gattaca Server 2003 - 'web.tmpl' 'Language' Parameter CPU Consumption (Denial of Service)
VMware Workstation - vprintproxy.exe TrueType NAME Tables Heap Buffer Overflow
VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow
Microsoft Windows XP - explorer.exe .tiff Image Denial of Service
Microsoft Windows XP - 'explorer.exe' '.tiff' Image Denial of Service
Microsoft Windows XP - TSShutdn.exe Remote Denial of Service
Microsoft Windows XP - 'TSShutdn.exe' Remote Denial of Service
Orenosv HTTP/FTP Server 0.8.1 - CGISSI.exe Remote Buffer Overflow
Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow
PHPMailer 1.7 - Data() Function Remote Denial of Service
PHPMailer 1.7 - 'Data()' Function Remote Denial of Service
Sights 'N Sounds Streaming Media Server 2.0.3 - SWS.exe Buffer Overflow
Sights 'N Sounds Streaming Media Server 2.0.3 - 'SWS.exe' Buffer Overflow
DSocks 1.3 - Name Variable Buffer Overflow
DSocks 1.3 - 'Name' Parameter Buffer Overflow
Microsoft Class Package Export Tool 5.0.2752 - Clspack.exe Local Buffer Overflow
Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow
Android Zygote - Socket and Fork bomb Attack
Android Zygote - Socket and Fork Bomb (Denial of Service)
Nvidia NView 3.5 - Keystone.exe Local Denial of Service
Nvidia NView 3.5 - 'Keystone.exe' Local Denial of Service
Ipswitch WS_FTP 2007 Professional - WSFTPURL.exe Local Memory Corruption
Ipswitch WS_FTP 2007 Professional - 'WSFTPURL.exe' Local Memory Corruption
Larson Network Print Server 9.4.2 build 105 - (LstNPS) NPSpcSVR.exe License Command Remote Overflow
Larson Network Print Server 9.4.2 build 105 (LstNPS) - 'NPSpcSVR.exe' License Command Remote Overflow
Linksys WRH54G 1.1.3 - (Wireless-G Router) Malformed HTTP Request Denial of Service
Linksys WRH54G 1.1.3 Wireless-G Router - Malformed HTTP Request Denial of Service
Ability FTP Server 2.1.4 - afsmain.exe USER Command Remote Denial of Service
Ability FTP Server 2.1.4 - 'afsmain.exe' USER Command Remote Denial of Service
Adobe Flash - Setting Variable Use-After-Free
Adobe Flash - 'Setting' Variable Use-After-Free
Git 1.9.5 - ssh-agent.exe Buffer Overflow
Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow
Apple Mac OSX 10.11 - FTS Deep Structure of the File System Buffer Overflow
Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow
Adobe Flash TextField Variable - Use-After Free
Adobe Flash TextField.Variable Setter - Use-After-Free
Adobe Flash - 'TextField' Variable Use-After Free
Adobe Flash - TextField.Variable Setter Use-After-Free
Seowon Intech WiMAX SWC-9100 Router - /cgi-bin/reboot.cgi Unauthenticated Remote Reboot Denial of Service
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Unauthenticated Remote Reboot (Denial of Service)
Microsoft WinDbg - logviewer.exe Crash (PoC)
Microsoft WinDbg - 'logviewer.exe' Crash (PoC)
Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure
Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Stack Memory Disclosure
Microsoft Windows - 'win32k!NtGdiGetTextMetricsW' Kernel Stack Memory Disclosure
Microsoft Windows - 'win32k!NtGdiGetRealizationInfo' Kernel Stack Memory Disclosure
Microsoft Windows - 'win32k!ClientPrinterThunk' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationJobObject (BasicLimitInformation_ ExtendedLimitInformation)' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessVmCounters)' Kernel Stack Memory Disclosure
Microsoft Windows - 'win32k!NtGdiMakeFontDir' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 12)' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 28)' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationTransaction (information class 1)' Kernel Stack Memory Disclosure
UUCP Exploit - File Creation/Overwriting (symlinks) Exploit
UUCP Exploit - File Creation/Overwriting (Symlinks) Exploit
HP-UX 11.0 - /bin/cu Privilege Escalation
HP-UX 11.0 - '/bin/cu' Privilege Escalation
Solaris 2.6 / 2.7 - /usr/bin/write Local Overflow
Solaris 2.6 / 2.7 - '/usr/bin/write' Local Overflow
IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) - /usr/bin/lpstat Local Exploit
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - /usr/lib/print/netprint Local Exploit
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Exploit
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Exploit
Tru64 UNIX 4.0g - /usr/bin/at Privilege Escalation
Slackware 7.1 - /usr/bin/mail Local Exploit
Tru64 UNIX 4.0g - '/usr/bin/at' Privilege Escalation
Slackware 7.1 - '/usr/bin/mail' Local Exploit
Solaris 2.4 - /bin/fdformat Local Buffer Overflows
Solaris 2.5.1 lp and lpsched - Symlink Vulnerabilities
Solaris 2.4 - '/bin/fdformat' Local Buffer Overflow
Solaris 2.5.1 lp / lpsched - Symlink Vulnerabilities
AIX 4.2 - /usr/dt/bin/dtterm Local Buffer Overflow
AIX 4.2 - '/usr/dt/bin/dtterm' Local Buffer Overflow
SGI IRIX - /bin/login Local Buffer Overflow
IRIX 5.3 - /usr/sbin/iwsh Buffer Overflow Privilege Escalation
SGI IRIX - '/bin/login Local' Buffer Overflow
IRIX 5.3 - '/usr/sbin/iwsh' Buffer Overflow Privilege Escalation
Apple Mac OSX 10.3.7 - mRouter Privilege Escalation
Apple Mac OSX 10.3.7 - 'mRouter' Privilege Escalation
Sudo 1.6.8p9 - (SHELLOPTS/PS4 ENV variables) Privilege Escalation
Sudo 1.6.8p9 - SHELLOPTS/PS4 Environment Variables Privilege Escalation
Appfluent Database IDS < 2.1.0.103 - (Env Variable) Local Exploit
Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Exploit
HP-UX 11i - (LIBC TZ enviroment Variable) Privilege Escalation
HP-UX 11i - 'LIBC TZ' Enviroment Variable Privilege Escalation
Xcode OpenBase 10.0.0 (OSX) - (symlink) Privilege Escalation
Xcode OpenBase 10.0.0 (OSX) - Symlink Privilege Escalation
Adobe Photoshop CS2 - / CS3 Unspecified '.bmp' File Buffer Overflow
Adobe Photoshop CS2 / CS3 - Unspecified '.bmp' File Buffer Overflow
Debian - (symlink attack in login) Arbitrary File Ownership (PoC)
Debian - (Symlink In Login) Arbitrary File Ownership (PoC)
Cain & Abel 4.9.25 - (Cisco IOS-MD5) Local Buffer Overflow
Cain & Abel 4.9.25 - 'Cisco IOS-MD5' Local Buffer Overflow
xscreensaver 5.01 - Arbitrary File Disclosure Symlink Attack
xscreensaver 5.01 - Arbitrary File Disclosure Symlink Exploit
PHP 5.2.12/5.3.1 - symlink() open_basedir Bypass
PHP 5.2.12/5.3.1 - 'symlink()' open_basedir Bypass
HP OpenView Network Node Manager (OV NNM) 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH)
HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovwebsnmpsrv.exe' Buffer Overflow (SEH)
Microsoft Windows 7 - 'wab32res.dll' wab.exe DLL
Microsoft Windows 7 - 'wab32res.dll' 'wab.exe' DLL Hijacking
Oracle 10/11g - exp.exe Parameter file Local Buffer Overflow (PoC)
Oracle 10/11g - 'exp.exe' 'file' Parameter Local Buffer Overflow (PoC)
ISC BIND 4.9.7 -T1B - named SIGINT and SIGIOT symlink
ISC BIND 4.9.7 -T1B - named SIGINT and SIGIOT Symlink Exploit
Hancom Office 2007 - Reboot.ini Clear-Text Passwords
Hancom Office 2007 - 'Reboot.ini' Clear-Text Passwords
G. Wilford man 2.3.10 - Symlink
G. Wilford man 2.3.10 - Symlink Exploit
X11R6 3.3.3 - Symlink
X11R6 3.3.3 - Symlink Exploit
SGI IRIX 6.2 - /usr/lib/netaddpr Exploit
SGI IRIX 6.2 - '/usr/lib/netaddpr' Exploit
SCO Open Server 5.0.5 - 'userOsa' symlink
SCO Open Server 5.0.5 - 'userOsa' Symlink Exploit
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Spoolss.exe DLL Insertion
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Spoolss.exe' DLL Insertion
FreeBSD 3.3 gdc - Symlink
FreeBSD 3.3 gdc - Symlink Exploit
SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink
SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink Exploit
FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - /proc File Sytem
FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - '/proc' FileSystem Exploit
Debian 2.1 - apcd Symlink
Debian 2.1 - apcd Symlink Exploit
SCO Unixware 7.1/7.1.1 - ARCserver /tmp symlink
SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink Exploit
Sun Workshop 5.0 - Licensing Manager Symlink
Sun Workshop 5.0 - Licensing Manager Symlink Exploit
Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - /tmp Symlink
Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - '/tmp' Symlink Exploit
OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink
OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink Exploit
KDE 1.1 - /1.1.1/1.1.2/1.2 kdesud DISPLAY Environment Variable Overflow
KDE 1.1/1.1.1/1.1.2/1.2 - kdesud DISPLAY Environment Variable Overflow
HP-UX 10.20/11.0 man - /tmp Symlink Exploit
HP-UX 10.20/11.0 - man '/tmp' Symlink Exploit
HP-UX 10.20/11.0 crontab - /tmp File
HP-UX 10.20/11.0 - crontab '/tmp' File Exploit
Solaris 10 Patch 137097-01 - Symlink Attack Privilege Escalation
Solaris 10 Patch 137097-01 - Symlink Privilege Escalation
Tower Toppler 0.99.1 - Display Variable Local Buffer Overflow
Tower Toppler 0.99.1 - 'Display' Parameter Local Buffer Overflow
Microsoft Windows Server 2000 - RegEdit.exe Registry Key Value Buffer Overflow
Microsoft Windows Server 2000 - 'RegEdit.exe' Registry Key Value Buffer Overflow
RedHat 9.0 / Slackware 8.1 - /bin/mail Carbon Copy Field Buffer Overrun
RedHat 9.0 / Slackware 8.1 - '/bin/mail' Carbon Copy Field Buffer Overrun
Linux Kernel 2.2.x / 2.4.x - /proc Filesystem Potential Information Disclosure
Linux Kernel 2.2.x / 2.4.x - '/proc' Filesystem Potential Information Disclosure
Microsoft Windows XP/2000 - RunDLL32.exe Buffer Overflow
Microsoft Windows XP/2000 - 'RunDLL32.exe' Buffer Overflow
Tower Toppler 0.96 - HOME Environment Variable Local Buffer Overflow
Tower Toppler 0.96 - 'HOME Environment' Parameter Local Buffer Overflow
Top 1.x/2.0 - Home Environment Variable Local Buffer Overflow
Top 1.x/2.0 - 'Home Environment' Parameter Local Buffer Overflow
XBlast 2.6.1 - HOME Environment Variable Buffer Overflow
XBlast 2.6.1 - 'HOME Environment' Variable Buffer Overflow
XPCD 2.0.8 - Home Environment Variable Local Buffer Overflow
XPCD 2.0.8 - 'Home Environment' Variable Local Buffer Overflow
XSOK 1.0 2 - LANG Environment Variable Local Buffer Overrun
XSOK 1.0 2 - 'LANG Environment' Variable Local Buffer Overrun
Linux Kernel 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure
Linux Kernel 2.6.32-5 (Debian 6.0.5) - '/dev/ptmx' Key Stroke Timing Local Disclosure
ELinks Relative 0.10.6 - /011.1 Path Arbitrary Code Execution
ELinks Relative 0.10.6 / 011.1 - Path Arbitrary Code Execution
Oracle - HtmlConverter.exe Buffer Overflow
Oracle - 'HtmlConverter.exe' Buffer Overflow
Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation
Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
Linux pam_lib_smb < 1.1.6 - /bin/login Remote Exploit
Linux pam_lib_smb < 1.1.6 - '/bin/login' Remote Exploit
Microsoft Windows - DHCP Client Broadcast Attack Exploit (MS06-036)
Microsoft Windows - DHCP Client Broadcast Exploit (MS06-036)
Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - (FTP) Remote Exploit
Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - 'FTP' Remote Exploit
Oracle 9i / 10g - 'utl_file' File System Access Exploit
Oracle 9i / 10g - 'utl_file' FileSystem Access Exploit
HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow
HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'ovalarmsrv.exe' Remote Overflow
Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb)
Cisco IOS 12.3(18) - FTP Server Remote Exploit (Attached to GDB)
Sagem F@ST (Routers) - (dhcp hostname attack) Cross-Site Request Forgery
Sagem F@ST Routers - DHCP Hostname Cross-Site Request Forgery
Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Attack (PoC)
Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC)
Microsoft Windows - SmbRelay3 NTLM Replay Attack Tool/Exploit (MS08-068)
Microsoft Windows - SmbRelay3 NTLM Replay Exploit (MS08-068)
Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting Attack
Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting
Apple Safari 3.2.x - (XXE attack) Local File Theft
Apple Safari 3.2.x - (XXE) Local File Theft
Netgear DG632 Router - Authentication Bypass
NETGEAR DG632 Router - Authentication Bypass
BRS Webweaver 1.33 - /Scripts Access Restriction Bypass
BRS Webweaver 1.33 - '/Scripts' Access Restriction Bypass
Ada Image Server 0.6.7 - imgsrv.exe Buffer Overflow
Ada Image Server 0.6.7 - 'imgsrv.exe' Buffer Overflow
HP OpenView Network Node Manager (OV NNM) 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow
HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Unauthenticated Remote Buffer Overflow
HMS HICP Protocol + Intellicom - NetBiterConfig.exe Remote Buffer Overflow
Cisco ASA 8.x - VPN SSL module Clientless URL-list control Bypass
HMS HICP Protocol + Intellicom - 'NetBiterConfig.exe' Remote Buffer Overflow
Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass
HP OpenView Network Node Manager (OV NNM) - OvWebHelp.exe CGI Topic Overflow
HP OpenView Network Node Manager (OV NNM) - 'OvWebHelp.exe' CGI Topic Overflow
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid MaxAge Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid ICount Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid Hostname Remote Code Execution
minerCPP 0.4b - Remote Buffer Overflow / Format String Attack Exploit
minerCPP 0.4b - Remote Buffer Overflow / Format String
Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution
COMTREND ADSL Router CT-5367 C01_R12 - Remote Code Execution
HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (1)
HP - 'OmniInet.exe' MSG_PROTOCOL Buffer Overflow (Metasploit) (1)
HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (2)
HP - 'OmniInet.exe' MSG_PROTOCOL Buffer Overflow (Metasploit) (2)
Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (MS10-023) (Metasploit)
Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023) (Metasploit)
IBM Lotus Domino Sametime - STMux.exe Stack Buffer Overflow (Metasploit)
IBM Lotus Domino Sametime - 'STMux.exe' Stack Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Unauthenticated Stack Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - Snmp.exe CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'Snmp.exe' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - OvWebHelp.exe CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'OvWebHelp.exe' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - Toolbar.exe CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovalarm.exe' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - OpenView5.exe CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'OpenView5.exe' CGI Buffer Overflow (Metasploit)
IBM TPM for OS Deployment 5.1.0.x - rembo.exe Buffer Overflow (Metasploit)
IBM TPM for OS Deployment 5.1.0.x - 'rembo.exe' Buffer Overflow (Metasploit)
Trend Micro ServerProtect 5.58 - EarthAgent.exe Buffer Overflow (Metasploit)
Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI webappmon.exe execvp Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'OvJavaLocale' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'execvp' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - snmpviewer.exe Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - ovwebsnmpsrv.exe ovutil Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe' 'schdParams' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'ICount' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'main' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' (MaxAge) CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' Unrecognized Option Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'ovutil' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'Hostname' CGI Buffer Overflow (Metasploit)
7-Technologies IGSS 9.00.00 b11063 - IGSSdataServer.exe Stack Overflow (Metasploit)
7-Technologies IGSS 9.00.00 b11063 - 'IGSSdataServer.exe' Stack Overflow (Metasploit)
Citrix Provisioning Services 5.6 - streamprocess.exe Buffer Overflow (Metasploit)
Citrix Provisioning Services 5.6 - 'streamprocess.exe' Buffer Overflow (Metasploit)
FactoryLink - vrn.exe Opcode 9 Buffer Overflow (Metasploit)
FactoryLink - 'vrn.exe' Opcode 9 Buffer Overflow (Metasploit)
HP - OmniInet.exe Opcode 27 Buffer Overflow (Metasploit)
HP - 'OmniInet.exe' Opcode 27 Buffer Overflow (Metasploit)
Symantec Backup Exec 12.5 - MiTM Attack
Symantec Backup Exec 12.5 - Man In The Middle Exploit
HP OpenView Network Node Manager - Toolbar.exe CGI Cookie Handling Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Cookie Handling Buffer Overflow (Metasploit)
Sunway Force Control SCADA 6.1 SP3 - httpsrv.exe Exploit
Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Exploit
Procyon Core Server HMI 1.13 - Coreservice.exe Stack Buffer Overflow (Metasploit)
Procyon Core Server HMI 1.13 - 'Coreservice.exe' Stack Buffer Overflow (Metasploit)
HP Diagnostics Server - magentservice.exe Overflow (Metasploit)
HP Diagnostics Server - 'magentservice.exe' Overflow (Metasploit)
Sunway ForceControl - SNMP NetDBServer.exe Opcode 0x57 (Metasploit)
Sunway ForceControl - SNMP 'NetDBServer.exe' Opcode 0x57 (Metasploit)
Trend Micro Control Manger 5.5 - CmdProcessor.exe Stack Buffer Overflow (Metasploit)
Trend Micro Control Manger 5.5 - 'CmdProcessor.exe' Stack Buffer Overflow (Metasploit)
Antelope Software W4-Server 2.6 a/Win32 - Cgitest.exe Buffer Overflow
Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Buffer Overflow
Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities
Netscape Enterprise Server / Novell Groupwise 5.2/5.5 - 'GWWEB.EXE' Multiple Vulnerabilities
FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - htimage.exe File Existence Disclosure
FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - 'htimage.exe' File Existence Disclosure
NAI Net Tools PKI Server 1.0 - strong.exe Buffer Overflow
NAI Net Tools PKI Server 1.0 - 'strong.exe' Buffer Overflow
Mandrake 6.1/7.0/7.1 - /perl http Directory Disclosure
Mandrake 6.1/7.0/7.1 - '/perl' HTTP Directory Disclosure
Microsoft IIS 3.0 - newdsn.exe File Creation
Microsoft IIS 3.0 - 'newdsn.exe' File Creation
Greg Matthews - Classifieds.cgi 1.0 Hidden Variable
Greg Matthews - 'Classifieds.cgi' 1.0 Hidden Variable
WebCom datakommunikation Guestbook 0.1 - wguest.exe Arbitrary File Access
WebCom datakommunikation Guestbook 0.1 - rguest.exe Arbitrary File Access
WebCom datakommunikation Guestbook 0.1 - 'wguest.exe' Arbitrary File Access
WebCom datakommunikation Guestbook 0.1 - 'rguest.exe' Arbitrary File Access
MetaProducts Offline Explorer 1.x - File System Disclosure
MetaProducts Offline Explorer 1.x - FileSystem Disclosure
Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Attack Detection Evasion
Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Detection Evasion
Webmin 1.580 - /file/show.cgi Remote Command Execution (Metasploit)
Webmin 1.580 - '/file/show.cgi' Remote Command Execution (Metasploit)
HP Operations Agent Opcode - coda.exe 0x8c Buffer Overflow (Metasploit)
HP Operations Agent - Opcode coda.exe 0x34 Buffer Overflow (Metasploit)
HP Operations Agent - Opcode 'coda.exe' 0x8c Buffer Overflow (Metasploit)
HP Operations Agent - Opcode 'coda.exe' 0x34 Buffer Overflow (Metasploit)
Netgear FM114P ProSafe Wireless Router - UPnP Information Disclosure
NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure
Netgear FM114P ProSafe Wireless Router - Rule Bypass
NETGEAR FM114P ProSafe Wireless Router - Rule Bypass
M-TECH P-Synch 6.2.5 - nph-psf.exe css Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - nph-psa.exe css Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Cross-Site Scripting
Microsoft Internet Explorer 6 -' %USERPROFILE%' File Execution
Microsoft Internet Explorer 6 - '%USERPROFILE%' File Execution
EZMeeting 3.x - EZNet.exe Long HTTP Request Remote Buffer Overflow
EZMeeting 3.x - 'EZNet.exe' Long HTTP Request Remote Buffer Overflow
Enterasys NetSight - nssyslogd.exe Buffer Overflow (Metasploit)
IBM Cognos - tm1admsd.exe Overflow (Metasploit)
Enterasys NetSight - 'nssyslogd.exe' Buffer Overflow (Metasploit)
IBM Cognos - 'tm1admsd.exe' Overflow (Metasploit)
Webcam Corp Webcam Watchdog 4.0.1 - sresult.exe Cross-Site Scripting
Webcam Corp Webcam Watchdog 4.0.1 - 'sresult.exe' Cross-Site Scripting
Microsoft Windows XP/2000/2003 -'winhlp32' Phrase Integer Overflow
Microsoft Windows XP/2000/2003 - 'winhlp32' Phrase Integer Overflow
Oracle 8.x/9.x/10.x - Database Multiple SQL Injection
Oracle 8.x/9.x/10.x Database - Multiple SQL Injections
SAP Business Connector 4.6/4.7 - chopSAPLog.dsp fullName Variable Arbitrary File Disclosure
SAP Business Connector 4.6/4.7 - deleteSingle fullName Variable Arbitrary File Deletion
SAP Business Connector 4.6/4.7 - adapter-index.dsp url Variable Arbitrary Site Redirect
SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp' 'fullName' Parameter Arbitrary File Disclosure
SAP Business Connector 4.6/4.7 - 'deleteSingle' 'fullName' Parameter Arbitrary File Deletion
SAP Business Connector 4.6/4.7 - 'adapter-index.dsp' 'url' Parameter Arbitrary Site Redirect
Microsoft PowerPoint 2003 - powerpnt.exe Unspecified Issue
Microsoft PowerPoint 2003 - 'powerpnt.exe' Unspecified Issue
Cruiseworks 1.09 - Cws.exe Doc Directory Traversal
Cruiseworks 1.09 - Cws.exe Doc Buffer Overflow
Cruiseworks 1.09 - 'Cws.exe' Doc Directory Traversal
Cruiseworks 1.09 - 'Cws.exe' Doc Buffer Overflow
aBitWhizzy - whizzypic.php d Variable Traversal Arbitrary Directory Listing
aBitWhizzy - 'whizzypic.php' 'd' ParameterTraversal Arbitrary Directory Listing
LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow
LANDesk Management Suite 8.7 Alert Service - 'AOLSRVR.exe' Buffer Overflow
Trend Micro ServerProtect 5.58 - SpntSvc.exe Remote Stack Based Buffer Overflow
Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow
ABB MicroSCADA - wserver.exe Remote Code Execution (Metasploit)
ABB MicroSCADA - 'wserver.exe' Remote Code Execution (Metasploit)
SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities
SAP DB 7.x Web Server - 'WAHTTP.exe' Multiple Buffer Overflow Vulnerabilities
Cisco User-Changeable Password (UCP) 3.3.4.12.5 - CSUserCGI.exe Help Facility Cross-Site Scripting
Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSUserCGI.exe' Help Facility Cross-Site Scripting
HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access
HP OpenView Network Node Manager (OV NNM) 7.x - 'OpenView5.exe' Action Parameter Traversal Arbitrary File Access
F5 FirePass 6.0.2.3 - /vdesk/admincon/webyfiers.php css_exceptions Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - /vdesk/admincon/index.php sql_matchscope Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php' 'css_exceptions' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php' 'sql_matchscope' Parameter Cross-Site Scripting
GE Proficy CIMPLICITY - gefebt.exe Remote Code Execution (Metasploit)
GE Proficy CIMPLICITY - 'gefebt.exe' Remote Code Execution (Metasploit)
SolidWorks Workgroup PDM 2014 - pdmwService.exe Arbitrary File Write (Metasploit)
SolidWorks Workgroup PDM 2014 - 'pdmwService.exe' Arbitrary File Write (Metasploit)
Yokogawa CENTUM CS 3000 - BKHOdeq.exe Buffer Overflow (Metasploit)
Yokogawa CENTUM CS 3000 - BKBCopyD.exe Buffer Overflow (Metasploit)
Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Buffer Overflow (Metasploit)
Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Buffer Overflow (Metasploit)
Apache Geronimo 2.1.x - /console/portal/Server/Monitoring Multiple Parameter Cross-Site Scripting
Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Parameter Cross-Site Scripting
Comtrend CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting
COMTREND CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - /diagnose Multiple Parameter Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - /configuration Multiple Parameter Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - /scripter.php Multiple Parameter Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - '/diagnose' Multiple Parameter Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - '/configuration' Multiple Parameter Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - '/scripter.php' Multiple Parameter Cross-Site Scripting
Yokogawa CS3000 - BKESimmgr.exe Buffer Overflow (Metasploit)
Yokogawa CS3000 - 'BKESimmgr.exe' Buffer Overflow (Metasploit)
Yokogawa CS3000 - BKFSim_vhfd.exe Buffer Overflow (Metasploit)
Yokogawa CS3000 - 'BKFSim_vhfd.exe' Buffer Overflow (Metasploit)
U.S.Robotics USR5463 0.06 - Firmware setup_ddns.exe HTML Injection
U.S.Robotics USR5463 0.06 Firmware - 'setup_ddns.exe' HTML Injection
WhatsApp 2.11.476 - Remote Reboot/Crash App Android
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu.maf jdeowpBackButtonProtect Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu_Menu.mafService e1.namespace Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu_OCL.mafService e1.namespace Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/MafletClose.mafService RENDER_MAFLET Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget Parameter Cross-Site Scripting
WhatsApp 2.11.476 (Android) - Remote Reboot/Crash App (Denial of Service)
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf' 'jdeowpBackButtonProtect' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService' 'e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService' 'e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService' 'RENDER_MAFLET' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService' 'jdemafjasLinkTarget' Parameter Cross-Site Scripting
Linksys WRT54GL (Wireless Router) - Cross-Site Request Forgery
Linksys WRT54GL Wireless Router - Cross-Site Request Forgery
Cisco Linksys E4200 - /apply.cgi Multiple Parameter Cross-Site Scripting
Cisco Linksys E4200 - '/apply.cgi' Multiple Parameter Cross-Site Scripting
Seowon Intech WiMAX SWC-9100 Router - /cgi-bin/diagnostic.cgi ping_ipaddr Parameter Remote Code Execution
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi' 'ping_ipaddr' Parameter Remote Code Execution
Netgear D6300B - /diag.cgi IPAddr4 Parameter Remote Command Execution
Netgear D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution
Comtrend CT-5361T Router - Password.cgi Cross-Site Request Forgery (Admin Password Manipulation)
COMTREND CT-5361T Router - 'Password.cgi' Cross-Site Request Forgery (Admin Password Manipulation)
Alfresco - /proxy endpoint Parameter Server-Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server-Side Request Forgery
Alfresco - '/proxy' 'endpoint' Parameter Server-Side Request Forgery
Alfresco - '/cmisbrowser' 'url' Parameter Server-Side Request Forgery
PhpTagCool 1.0.3 - SQL Injection Attacks Exploit
PhpTagCool 1.0.3 - SQL Injection
phpBB 2.0.18 - Remote Brute Force/Dictionary Attack Tool (2)
phpBB 2.0.18 - Remote Brute Force/Dictionary (2)
Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Attack Vectors
Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting
Yrch 1.0 - 'plug.inc.php path Variable' Remote File Inclusion
Yrch 1.0 - 'plug.inc.php' 'path' Parameter Remote File Inclusion
Vizayn Haber - 'haberdetay.asp id Variable' SQL Injection
Vizayn Haber - 'haberdetay.asp' 'id' Parameter SQL Injection
iG Calendar 1.0 - 'user.php id Variable' SQL Injection
iG Calendar 1.0 - 'user.php' 'id' Parameter SQL Injection
MGB 0.5.4.5 - 'email.php id Variable' SQL Injection
MGB 0.5.4.5 - 'email.php' 'id' Parameter SQL Injection
Alstrasoft e-Friends 4.98 - (seid) Multiple SQL Injection
Alstrasoft e-Friends 4.98 - 'seid' Multiple SQL Injections
MyPHP Forum 3.0 - (Final) Multiple SQL Injection
MyPHP Forum 3.0 (Final) - Multiple SQL Injections
File Store PRO 3.2 - Multiple Blind SQL Injection
File Store PRO 3.2 - Multiple Blind SQL Injections
AssetMan 2.5-b - SQL Injection using Session Fixation Attack
AssetMan 2.5-b - SQL Injection using Session Fixation
Kasra CMS - 'index.php' Multiple SQL Injection
Kasra CMS - 'index.php' Multiple SQL Injections
NEWSolved 1.1.6 - 'login grabber' Multiple SQL Injection
NEWSolved 1.1.6 - 'login grabber' Multiple SQL Injections
T-HTB Manager 0.5 - Multiple Blind SQL Injection
T-HTB Manager 0.5 - Multiple Blind SQL Injections
Joomla! Component com_oziogallery2 - / IMAGIN Arbitrary file write
Joomla! Component com_oziogallery2 / IMAGIN - Arbitrary File Write
Open Bulletin Board - Multiple Blind SQL Injection
Open Bulletin Board - Multiple Blind SQL Injections
AJ Matrix 3.1 - 'id' Multiple SQL Injection
AJ Matrix 3.1 - 'id' Multiple SQL Injections
Zylone IT - Multiple Blind SQL Injection
Zylone IT - Multiple Blind SQL Injections
WhiteBoard 0.1.30 - Multiple Blind SQL Injection
WhiteBoard 0.1.30 - Multiple Blind SQL Injections
AV Arcade 3 - Cookie SQL Injection Authentication Bypass
AV Arcade 3 - Cookie SQL Injection / Authentication Bypass
Joomla! Component Teams - Multiple Blind SQL Injection
Joomla! Component Teams - Multiple Blind SQL Injections
AneCMS - /registre/next SQL Injection
AneCMS - '/registre/next' SQL Injection
Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection
Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injections
Joomla! Component Clantools 1.2.3 - Multiple Blind SQL Injection
Joomla! Component Clantools 1.2.3 - Multiple Blind SQL Injections
ColdOfficeView 2.04 - Multiple Blind SQL Injection
ColdOfficeView 2.04 - Multiple Blind SQL Injections
Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injection
Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injections
Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injection
Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injections
Projekt Shop - 'details.php' Multiple SQL Injection
Projekt Shop - 'details.php' Multiple SQL Injections
PixelPost 1.7.3 - Multiple POST Variables SQL Injection
PixelPost 1.7.3 - Multiple POST Parameter SQL Injections
Webcat - Multiple Blind SQL Injection
Webcat - Multiple Blind SQL Injections
LiteRadius 3.2 - Multiple Blind SQL Injection
LiteRadius 3.2 - Multiple Blind SQL Injections
PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injection
PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injections
Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit
COMTREND CT-5624 Router - Root/Support Password Disclosure/Change Exploit
Sagem F@ST 2604 (ADSL Router) - Cross-Site Request Forgery
Sagem F@ST 2604 ADSL Router - Cross-Site Request Forgery
Rivettracker 1.03 - Multiple SQL Injection
Rivettracker 1.03 - Multiple SQL Injections
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injection
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injections
PHP Ticket System Beta 1 - 'index.php p Parameter' SQL Injection
PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection
X-Cart Gold 4.5 - 'products_map.php symb Parameter' Cross-Site Scripting
X-Cart Gold 4.5 - 'products_map.php' 'symb' Parameter Cross-Site Scripting
Symantec Web Gateway 5.0.2 - 'blocked.php id Parameter' Blind SQL Injection
Symantec Web Gateway 5.0.2 - 'blocked.php' 'id' Parameter Blind SQL Injection
Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid Parameter' Blind SQL Injection
Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php' 'groupid' Parameter Blind SQL Injection
Openconstructor CMS 3.12.0 - 'id' Parameter Multiple SQL Injection
Openconstructor CMS 3.12.0 - 'id' Parameter Multiple SQL Injections
YourArcadeScript 2.4 - 'index.php id Parameter' SQL Injection
YourArcadeScript 2.4 - 'index.php' 'id' Parameter SQL Injection
AV Arcade Free Edition - 'add_rating.php id Parameter' Blind SQL Injection
AV Arcade Free Edition - 'add_rating.php' 'id' Parameter Blind SQL Injection
QNAP Turbo NAS TS-1279U-RP - Multiple Path Injection
QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections
Blog Mod 0.1.9 - 'index.php month Parameter' SQL Injection
Blog Mod 0.1.9 - 'index.php' 'month' Parameter SQL Injection
Authoria HR Suite - AthCGI.exe Cross-Site Scripting
Authoria HR Suite - 'AthCGI.exe' Cross-Site Scripting
MyBB Profile Albums Plugin 0.9 - 'albums.php album Parameter' SQL Injection
MyBB Profile Albums Plugin 0.9 - 'albums.php' 'album' Parameter SQL Injection
M-TECH P-Synch 6.2.5 - nph-psf.exe css Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - nph-psa.exe css Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Remote File Inclusion
friendsinwar FAQ Manager - SQL Injection (Authentication Bypass)
friendsinwar FAQ Manager - SQL Injection / Authentication Bypass
friendsinwar FAQ Manager - 'view_faq.php question Parameter' SQL Injection
friendsinwar FAQ Manager - 'view_faq.php' 'question' Parameter SQL Injection
SmartCMS - 'index.php idx Parameter' SQL Injection
SmartCMS - 'index.php' 'idx' Parameter SQL Injection
SmartCMS - 'index.php menuitem Parameter' SQL Injection / Cross-Site Scripting
SmartCMS - 'index.php' 'menuitem' Parameter SQL Injection / Cross-Site Scripting
Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injection
Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injections
MyBB AwayList Plugin - 'index.php id Parameter' SQL Injection
MyBB AwayList Plugin - 'index.php' 'id' Parameter SQL Injection
PHP-Nuke Error Manager Module 2.1 - error.php language Variable Full Path Disclosure
PHP-Nuke Error Manager Module 2.1 - error.php Multiple Variables Cross-Site Scripting
PHP-Nuke Error Manager Module 2.1 - 'error.php' 'language' Parameter Full Path Disclosure
PHP-Nuke Error Manager Module 2.1 - 'error.php' Multiple Parameters Cross-Site Scripting
phpHeaven phpMyChat 0.14.5 - edituser.php3 do_not_login Variable Authentication Bypass
phpHeaven phpMyChat 0.14.5 - 'edituser.php3' 'do_not_login' Parameter Authentication Bypass
NConf 1.3 - 'detail.php detail_admin_items.php id Parameter' SQL Injection
NConf 1.3 - 'detail.php' 'detail_admin_items.php' 'id' Parameter SQL Injection
Gattaca Server 2003 - Language Variable Path Exposure
Gattaca Server 2003 - 'Language' Parameter Path Exposure
AntiBoard 0.6/0.7 - antiboard.php Multiple Parameter SQL Injection
AntiBoard 0.6/0.7 - antiboard.php Multiple Parameter SQL Injections
Scripts Genie Gallery Personals - 'gallery.php L Parameter' SQL Injection
Scripts Genie Gallery Personals - 'gallery.php' L' Parameter SQL Injection
AdaptCMS 2.0.4 - 'config.php question Parameter' SQL Injection
AdaptCMS 2.0.4 - 'config.php' 'question' Parameter SQL Injection
Scripts Genie Domain Trader - 'catalog.php id Parameter' SQL Injection
Scripts Genie Domain Trader - 'catalog.php' 'id' Parameter SQL Injection
Scripts Genie Games Site Script - 'index.php id Parameter' SQL Injection
Scripts Genie Games Site Script - 'index.php' 'id' Parameter SQL Injection
Scripts Genie Top Sites - 'out.php id Parameter' SQL Injection
Scripts Genie Top Sites - 'out.php' 'id' Parameter SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php cid Parameter' SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php' 'cid' Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id Parameter' SQL Injection
PHPMyRecipes 1.2.2 - 'viewrecipe.php' 'r_id' Parameter SQL Injection
MTP Image Gallery 1.0 - 'edit_photos.php title Parameter' Cross-Site Scripting
MTP Image Gallery 1.0 - 'edit_photos.php' 'title' Parameter Cross-Site Scripting
D-Link DSL-2740B (ADSL Router) - Authentication Bypass
D-Link DSL-2740B ADSL Router - Authentication Bypass
TIPS MailPost 5.1.1 - APPEND Variable Cross-Site Scripting
TIPS MailPost 5.1.1 - 'APPEND' Parameter Cross-Site Scripting
DUclassified 4.x - adDetail.asp Multiple Parameter SQL Injection
DUclassified 4.x - 'adDetail.asp' Multiple Parameter SQL Injections
Rebus:list - 'list.php list_id Parameter' SQL Injection
Rebus:list - 'list.php' 'list_id' Parameter SQL Injection
SynConnect Pms - 'index.php loginid Parameter' SQL Injection
SynConnect Pms - 'index.php' 'loginid' Parameter SQL Injection
AWS Xms 2.5 - 'importer.php what Parameter' Directory Traversal
Pollen CMS 0.6 - 'index.php p Parameter' Local File Disclosure
AWS Xms 2.5 - 'importer.php' 'what' Parameter Directory Traversal
Pollen CMS 0.6 - 'index.php' 'p' Paramete' Local File Disclosure
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash Parameter' SQL Injection
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php' 'hash Parameter SQL Injection
Kayako eSupport 2.x - Ticket System Multiple SQL Injection
Kayako eSupport 2.x - Ticket System Multiple SQL Injections
BibORB 1.3.2 Login Module - Multiple Parameter SQL Injection
BibORB 1.3.2 Login Module - Multiple Parameter SQL Injections
Active Auction House - default.asp Multiple SQL Injection
Active Auction House - 'default.asp' Multiple SQL Injections
CubeCart 2.0.x - 'index.php' Multiple Variable Full Path Disclosure
CubeCart 2.0.x - tellafriend.php product Variable Full Path Disclosure
CubeCart 2.0.x - view_cart.php add Variable Full Path Disclosure
CubeCart 2.0.x - view_product.php product Variable Full Path Disclosure
CubeCart 2.0.x - 'index.php' Multiple Parameter Full Path Disclosure
CubeCart 2.0.x - 'tellafriend.php' 'product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_cart.php' 'add' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_product.php' 'product' Parameter Full Path Disclosure
OneWorldStore - 'OWListProduct.asp' Multiple SQL Injection
OneWorldStore - 'OWListProduct.asp' Multiple SQL Injections
WHMCS 4.x - 'invoicefunctions.php id Parameter' SQL Injection
WHMCS 4.x - 'invoicefunctions.php' 'id' Parameter SQL Injection
DUportal Pro 3.4 - default.asp Multiple Parameter SQL Injection
DUportal Pro 3.4 - 'default.asp' Multiple Parameter SQL Injections
DUportal Pro 3.4 - inc_vote.asp Multiple Parameter SQL Injection
DUportal Pro 3.4 - result.asp Multiple Parameter SQL Injection
DUportal Pro 3.4 - cat.asp Multiple Parameter SQL Injection
DUportal Pro 3.4 - detail.asp Multiple Parameter SQL Injection
DUportal Pro 3.4 - 'inc_vote.asp' Multiple Parameter SQL Injections
DUportal Pro 3.4 - 'result.asp' Multiple Parameter SQL Injections
DUportal Pro 3.4 - 'cat.asp' Multiple Parameter SQL Injections
DUportal Pro 3.4 - 'detail.asp' Multiple Parameter SQL Injections
DUportal 3.1.2 - inc_rating.asp Multiple Parameter SQL Injection
DUportal 3.1.2 - 'inc_rating.asp' Multiple Parameter SQL Injections
StorePortal 2.63 - default.asp Multiple SQL Injection
StorePortal 2.63 - 'default.asp' Multiple SQL Injections
MetaCart2 - SearchAction.asp Multiple SQL Injection
MetaCart2 - 'SearchAction.asp' Multiple SQL Injections
Claroline E-Learning 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection
Claroline E-Learning 1.5/1.6 - 'userInfo.php' Multiple Parameter SQL Injections
JGS-Portal 3.0.1 - ID Variable SQL Injection
JGS-Portal 3.0.1 - 'ID' Parameter SQL Injection
AVE.CMS 2.09 - 'index.php module Parameter' Blind SQL Injection
AVE.CMS 2.09 - 'index.php' 'module' Parameter Blind SQL Injection
RadioCMS 2.2 - 'menager.php playlist_id Parameter' SQL Injection
RadioCMS 2.2 - 'menager.php' 'playlist_id' Parameter SQL Injection
NPDS 4.8 - /5.0 modules.php Lettre Parameter Cross-Site Scripting
NPDS 4.8 /5.0 - 'modules.php' Lettre Parameter Cross-Site Scripting
Ampache 3.4.3 - 'login.php' Multiple SQL Injection
Ampache 3.4.3 - 'login.php' Multiple SQL Injections
FlatNuke 2.5.x - 'index.php' where Variable Full Path Disclosure
FlatNuke 2.5.x - 'index.php' 'where' Parameter Full Path Disclosure
CarLine Forum Russian Board 4.2 - reply_in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - 'reply_in.php' Multiple Parameter SQL Injections
CarLine Forum Russian Board 4.2 - memory.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - line.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - enter.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - 'memory.php' Multiple Parameter SQL Injections
CarLine Forum Russian Board 4.2 - 'line.php' Multiple Parameter SQL Injections
CarLine Forum Russian Board 4.2 - 'in.php' Multiple Parameter SQL Injections
CarLine Forum Russian Board 4.2 - 'enter.php' Multiple Parameter SQL Injections
osTicket 1.2/1.3 - view.php inc Variable Arbitrary Local File Inclusion
osTicket 1.2/1.3 - 'view.php' 'inc' Parameter Arbitrary Local File Inclusion
Ruubikcms 1.1.1 - 'tinybrowser.php folder Parameter' Directory Traversal
Ruubikcms 1.1.1 - 'tinybrowser.php' 'folder' Parameter Directory Traversal
Simple PHP Agenda 2.2.8 - 'edit_event.php eventid Parameter' SQL Injection
Simple PHP Agenda 2.2.8 - 'edit_event.php' 'eventid' Parameter SQL Injection
PHPFreeNews 1.40 - searchresults.php Multiple SQL Injection
PHPFreeNews 1.40 - searchresults.php Multiple SQL Injections
Aenovo - /Password/default.asp Password Field SQL Injection
Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection
Aenovo - '/Password/default.asp' Password Field SQL Injection
Aenovo - '/incs/searchdisplay.asp' strSQL Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/user.php Multiple Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/usertitle.php usertitleid Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/usertools.php ids Parameter SQL Injection
NooToplist 1.0 - 'index.php' Multiple SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/css.php group Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/index.php Multiple Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/user.php email Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/language.php goto Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/modlog.php orderby Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/template.php Multiple Parameter Cross-Site Scripting
MX Shop 3.2 - 'index.php' Multiple SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' Multiple Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php' 'usertitleid' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php' 'ids' Parameter SQL Injection
NooToplist 1.0 - 'index.php' Multiple SQL Injections
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php' 'group' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/index.php' Multiple Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' 'email' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php' 'goto' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php' 'orderby' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/template.php' Multiple Parameter Cross-Site Scripting
MX Shop 3.2 - 'index.php' Multiple SQL Injections
Top Games Script 1.2 - 'play.php gid Parameter' SQL Injection
Top Games Script 1.2 - 'play.php' 'gid' Parameter SQL Injection
Elemata CMS RC3.0 - 'global.php id Parameter' SQL Injection
Elemata CMS RC3.0 - 'global.php' 'id' Parameter SQL Injection
Woltlab 1.1/2.x - Info-DB Info_db.php Multiple SQL Injection
Woltlab 1.1/2.x - 'Info-DB Info_db.php' Multiple SQL Injections
OaBoard 1.0 - forum.php Multiple SQL Injection
OaBoard 1.0 - 'forum.php' Multiple SQL Injections
Comersus Backoffice 4.x/5.0/6.0 - /comersus/database/comersus.mdb Direct Request Database Disclosure
Comersus Backoffice 4.x/5.0/6.0 - '/comersus/database/comersus.mdb' Direct Request Database Disclosure
PHP-Charts 1.0 - 'index.php type Parameter' Remote Code Execution
PHP-Charts 1.0 - 'index.php' 'type' Parameter Remote Code Execution
PHPList Mailing List Manager 2.x - /admin/admin.php id Parameter SQL Injection
PHPList Mailing List Manager 2.x - /admin/editattributes.php id Parameter SQL Injection
PHPList Mailing List Manager 2.x - /admin/eventlog.php Multiple Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - /admin/configure.php id Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - /admin/users.php find Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/admin.php' 'id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/editattributes.php' 'id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/eventlog.php' Multiple Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/configure.php' 'id' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/users.php' 'find' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - ts.exe tsurl Variable Arbitrary Article Access
Walla TeleSite 3.0 - ts.exe sug Parameter Cross-Site Scripting
Walla TeleSite 3.0 - ts.exe sug Parameter SQL Injection
Walla TeleSite 3.0 - 'ts.exe' 'tsurl' Parameter Arbitrary Article Access
Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter SQL Injection
Pearl Forums 2.0 - 'index.php' Multiple SQL Injection
Pearl Forums 2.0 - 'index.php' Multiple SQL Injections
Helpdesk Issue Manager 0.x - find.php Multiple Parameter SQL Injection
Helpdesk Issue Manager 0.x - 'find.php' Multiple Parameter SQL Injection
PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injection
Cars Portal 1.1 - 'index.php' Multiple SQL Injection
PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injections
Cars Portal 1.1 - 'index.php' Multiple SQL Injections
IceWarp Universal WebMail - /accounts/inc/include.php Multiple Parameter Remote File Inclusion
IceWarp Universal WebMail - /admin/inc/include.php Multiple Parameter Remote File Inclusion
IceWarp Universal WebMail - /dir/include.html lang Parameter Local File Inclusion
IceWarp Universal WebMail - /mail/settings.html Language Parameter Local File Inclusion
IceWarp Universal WebMail - /mail/index.html lang_settings Parameter Remote File Inclusion
IceWarp Universal WebMail - /mail/include.html Crafted HTTP_USER_AGENT Arbitrary File Access
IceWarp Universal WebMail - '/accounts/inc/include.php' Multiple Parameter Remote File Inclusion
IceWarp Universal WebMail - '/admin/inc/include.php' Multiple Parameter Remote File Inclusion
IceWarp Universal WebMail - '/dir/include.html' 'lang' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/settings.html' 'Language' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/index.html' 'lang_settings' Parameter Remote File Inclusion
IceWarp Universal WebMail - '/mail/include.html' Crafted HTTP_USER_AGENT Arbitrary File Access
PHPJournaler 1.0 - Readold Variable SQL Injection
PHPJournaler 1.0 - 'Readold' Parameter SQL Injection
ScozNet ScozBook 1.1 - AdminName Variable SQL Injection
ScozNet ScozBook 1.1 - 'AdminName' Parameter SQL Injection
OnePlug CMS - /press/details.asp Press_Release_ID Parameter SQL Injection
OnePlug CMS - /services/details.asp Service_ID Parameter SQL Injection
OnePlug CMS - /products/details.asp Product_ID Parameter SQL Injection
OnePlug CMS - '/press/details.asp' 'Press_Release_ID' Parameter SQL Injection
OnePlug CMS - '/services/details.asp' 'Service_ID' Parameter SQL Injection
OnePlug CMS - '/products/details.asp' 'Product_ID' Parameter SQL Injection
Venom Board - Post.php3 Multiple SQL Injection
Venom Board - 'Post.php3' Multiple SQL Injections
microBlog 2.0 - 'index.php' Multiple SQL Injection
microBlog 2.0 - 'index.php' Multiple SQL Injections
NewsPHP - 'index.php' Multiple SQL Injection
NewsPHP - 'index.php' Multiple SQL Injections
ZixForum 1.12 - forum.asp Multiple SQL Injection
ZixForum 1.12 - forum.asp Multiple SQL Injections
HiveMail 1.2.2/1.3 - addressbook.update.php contactgroupid Variable Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - folders.update.php folderid Variable Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'addressbook.update.php' 'contactgroupid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'folders.update.php' 'folderid' Parameter Arbitrary PHP Command Execution
ImageVue 0.16.1 - readfolder.php path Variable Arbitrary Directory Listing
ImageVue 0.16.1 - 'readfolder.php' 'path' Parameter Arbitrary Directory Listing
dotProject 2.0 - /modules/projects/gantt.php dPconfig[root_dir] Parameter Remote File Inclusion
dotProject 2.0 - /includes/db_connect.php baseDir Remote File Inclusion
dotProject 2.0 - /includes/session.php baseDir Parameter Remote File Inclusion
dotProject 2.0 - /modules/projects/gantt2.php dPconfig[root_dir] Parameter Remote File Inclusion
dotProject 2.0 - /modules/projects/vw_files.php dPconfig[root_dir] Parameter Remote File Inclusion
dotProject 2.0 - /modules/admin/vw_usr_roles.php baseDir Parameter Remote File Inclusion
dotProject 2.0 - /modules/public/calendar.php baseDir Parameter Remote File Inclusion
dotProject 2.0 - /modules/public/date_format.php baseDir Parameter Remote File Inclusion
dotProject 2.0 - /modules/tasks/gantt.php baseDir Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/db_connect.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/session.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt2.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/vw_files.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/admin/vw_usr_roles.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/calendar.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/date_format.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/tasks/gantt.php' 'baseDir' Parameter Remote File Inclusion
MyBB 1.0.3 - private.php Multiple SQL Injection
MyBB 1.0.3 - 'private.php' Multiple SQL Injections
Ginkgo CMS - 'index.php rang Parameter' SQL Injection
Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection
Telmanik CMS Press 1.01b - 'pages.php page_name Parameter' SQL Injection
Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection
DCI-Taskeen 1.03 - basket.php Multiple Parameter SQL Injection
DCI-Taskeen 1.03 - cat.php Multiple Parameter SQL Injection
DCI-Taskeen 1.03 - 'basket.php' Multiple Parameter SQL Injections
DCI-Taskeen 1.03 - 'cat.php' Multiple Parameter SQL Injections
sBlog 0.7.2 - search.php keyword Variable POST Method Cross-Site Scripting
sBlog 0.7.2 - comments_do.php Multiple Variable POST Method Cross-Site Scripting
sBlog 0.7.2 - 'search.php' 'keyword' Parameter POST Method Cross-Site Scripting
sBlog 0.7.2 - 'comments_do.php' Multiple Variable POST Method Cross-Site Scripting
PHPFox 3.6.0 (build3) - Multiple SQL Injection
PHPFox 3.6.0 (build3) - Multiple SQL Injections
Verisign MPKI 6.0 - Haydn.exe Cross-Site Scripting
Verisign MPKI 6.0 - 'Haydn.exe' Cross-Site Scripting
DSLogin 1.0 - 'index.php' Multiple SQL Injection
DSLogin 1.0 - 'index.php' Multiple SQL Injections
MLMAuction Script - 'gallery.php id Parameter' SQL Injection
MLMAuction Script - 'gallery.php' 'id' Parameter SQL Injection
PHPMyForum 4.0 - 'index.php' type Variable CRLF Injection
PHPMyForum 4.0 - 'index.php' 'type' Parameter CRLF Injection
APT-webshop 3.0/4.0 - modules.php Multiple SQL Injection
APT-webshop 3.0/4.0 - modules.php Multiple SQL Injections
Cisco CallManager 3.x/4.x - Web Interface ccmadmin/phonelist.asp pattern Parameter Cross-Site Scripting
Cisco CallManager 3.x/4.x - Web Interface ccmuser/logon.asp Cross-Site Scripting
Cisco CallManager 3.x/4.x - Web Interface 'ccmadmin/phonelist.asp' Pattern Parameter Cross-Site Scripting
Cisco CallManager 3.x/4.x - Web Interface 'ccmuser/logon.asp' Cross-Site Scripting
321soft PHP-Gallery 0.9 - 'index.php' path Variable Arbitrary Directory Listing
321soft PHP-Gallery 0.9 - 'index.php' 'path' Parameter Arbitrary Directory Listing
Pacheckbook 1.1 - 'index.php' Multiple SQL Injection
Pacheckbook 1.1 - 'index.php' Multiple SQL Injections
Creative Software UK Community Portal 1.1 - PollResults.php Multiple Parameter SQL Injection
Creative Software UK Community Portal 1.1 - 'PollResults.php' Multiple Parameter SQL Injections
EvoTopsite 2.0 - 'index.php' Multiple SQL Injection
timobraun Dynamic Galerie 1.0 - 'index.php' pfad Variable Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - galerie.php pfad Variable Arbitrary Directory Listing
EvoTopsite 2.0 - 'index.php' Multiple SQL Injections
timobraun Dynamic Galerie 1.0 - 'index.php' 'pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'galerie.php' 'pfad' Parameter Arbitrary Directory Listing
Gphotos 1.4/1.5 - 'index.php' rep Variable Traversal Arbitrary Directory Listing
Gphotos 1.4/1.5 - 'index.php' 'rep' Parameter Traversal Arbitrary Directory Listing
Mini-NUKE 2.3 - Your_Account.asp Multiple SQL Injection
Mini-NUKE 2.3 - 'Your_Account.asp' Multiple SQL Injections
Woltlab Burning Board FLVideo Addon - 'video.php value Parameter' SQL Injection
Woltlab Burning Board FLVideo Addon - 'video.php' 'value' Parameter SQL Injection
glFusion 1.3.0 - 'search.php cat_id Parameter' SQL Injection
glFusion 1.3.0 - 'search.php' 'cat_id' Parameter SQL Injection
Geodesic Solutions Multiple Products - 'index.php' b Parameter SQL Injection
Geodesic Solutions Multiple Products - 'index.php' 'b' Parameter SQL Injection
RadScripts - a_editpage.php Filename Variable Arbitrary File Overwrite
RadScripts - 'a_editpage.php' 'Filename' Parameter Arbitrary File Overwrite
Banex PHP MySQL Banner Exchange 2.21 - admin.php Multiple Parameter SQL Injection
Banex PHP MySQL Banner Exchange 2.21 - 'admin.php' Multiple Parameter SQL Injections
XennoBB 2.1 - profile.php Multiple SQL Injection
XennoBB 2.1 - 'profile.php' Multiple SQL Injections
Vtiger CRM 5.4.0 - 'index.php onlyforuser Parameter' SQL Injection
Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
CubeCart 3.0.x - /admin/print_order.php order_id Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/print_order.php' 'order_id' Parameter Cross-Site Scripting
CubeCart 3.0.x - /admin/nav.php Multiple Parameter Cross-Site Scripting
CubeCart 3.0.x - /admin/image.php image Parameter Cross-Site Scripting
CubeCart 3.0.x - /admin/header.inc.php Multiple Parameter Cross-Site Scripting
CubeCart 3.0.x - /footer.inc.php la_pow_by Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/nav.php' Multiple Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/image.php' 'image' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/header.inc.php' Multiple Parameter Cross-Site Scripting
CubeCart 3.0.x - '/footer.inc.php' 'la_pow_by' Parameter Cross-Site Scripting
AckerTodo 4.2 - 'login.php' Multiple SQL Injection
AckerTodo 4.2 - 'login.php' Multiple SQL Injections
Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage Parameter' SQL Injection
Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php' 'sondage' Parameter SQL Injection
INFINICART - browsesubcat.asp Multiple Parameter SQL Injection
INFINICART - 'browsesubcat.asp' Multiple Parameter SQL Injection
Car Site Manager - csm/asp/listings.asp Multiple Parameter SQL Injection
Car Site Manager - 'csm/asp/listings.asp' Multiple Parameter SQL Injections
Dragon Internet Events Listing 2.0.01 - admin_login.asp Multiple Field SQL Injection
ASPIntranet 2.1 - Multiple SQL Injection
Dragon Internet Events Listing 2.0.01 - 'admin_login.asp' Multiple Field SQL Injections
ASPIntranet 2.1 - Multiple SQL Injections
Image Gallery with Access Database - default.asp Multiple Parameter SQL Injection
Image Gallery with Access Database - 'default.asp' Multiple Parameter SQL Injection
20/20 Applications Data Shed 1.0 - listings.asp Multiple Parameter SQL Injection
20/20 Applications Data Shed 1.0 - 'listings.asp' Multiple Parameter SQL Injections
BestWebApp Dating Site Login Component - Multiple Field SQL Injection
BestWebApp Dating Site Login Component - Multiple Field SQL Injections
Enthrallweb eClassifieds - ad.asp Multiple Parameter SQL Injection
Enthrallweb eClassifieds - 'ad.asp' Multiple Parameter SQL Injection
BirdBlog 1.4 - /admin/admincore.php msg Parameter Cross-Site Scripting
BirdBlog 1.4 - /admin/comments.php month Parameter Cross-Site Scripting
BirdBlog 1.4 - /admin/entries.php month Parameter Cross-Site Scripting
BirdBlog 1.4 - /admin/logs.php page Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/admincore.php' 'msg' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/comments.php' 'month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/entries.php' 'month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/logs.php' 'page' Parameter Cross-Site Scripting
Grandora Rialto 1.6 - /admin/default.asp Multiple Field SQL Injection
Grandora Rialto 1.6 - '/admin/default.asp' Multiple Field SQL Injection
Grandora Rialto 1.6 - searchkey.asp Multiple Parameter SQL Injection
Grandora Rialto 1.6 - searchmain.asp Multiple Parameter SQL Injection
Grandora Rialto 1.6 - searchoption.asp Multiple Parameter SQL Injection
Grandora Rialto 1.6 - 'searchkey.asp' Multiple Parameter SQL Injection
Grandora Rialto 1.6 - 'searchmain.asp' Multiple Parameter SQL Injection
Grandora Rialto 1.6 - 'searchoption.asp' Multiple Parameter SQL Injection
Enthrallweb eHomes - compareHomes.asp Multiple Parameter SQL Injection
Enthrallweb eHomes - result.asp Multiple Parameter SQL Injection
Enthrallweb eHomes - 'compareHomes.asp' Multiple Parameter SQL Injection
Enthrallweb eHomes - 'result.asp' Multiple Parameter SQL Injection
DUdownload 1.0/1.1 - detail.asp Multiple Parameter SQL Injection
DUdownload 1.0/1.1 - 'detail.asp' Multiple Parameter SQL Injections
Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injection
Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injections
ClickContact - default.asp Multiple SQL Injection
ClickContact - 'default.asp' Multiple SQL Injections
Dol Storye - Dettaglio.asp Multiple SQL Injection
Dol Storye - 'Dettaglio.asp' Multiple SQL Injections
Efkan Forum 1.0 - Grup Variable SQL Injection
Efkan Forum 1.0 - 'Grup' Parameter SQL Injection
EditTag 1.2 - edittag.cgi file Variable Arbitrary File Disclosure
EditTag 1.2 - edittag.pl file Variable Arbitrary File Disclosure
EditTag 1.2 - edittag_mp.cgi file Variable Arbitrary File Disclosure
EditTag 1.2 - edittag_mp.pl file Variable Arbitrary File Disclosure
EditTag 1.2 - 'edittag.cgi' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.pl' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.cgi' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.pl' 'file' Parameter Arbitrary File Disclosure
Indexu 5.0/5.3 - mailing_list.php Multiple Variables Cross-Site Scripting
Indexu 5.0/5.3 - 'mailing_list.php' Multiple Parameters Cross-Site Scripting
Project'Or RIA 3.4.0 - 'objectDetail.php objectId Parameter' SQL Injection
Project'Or RIA 3.4.0 - 'objectDetail.php' 'objectId' Parameter SQL Injection
WordPress 2.1.1 - 'wp-includes/theme.php' iz Variable Arbitrary Command Execution
Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Variable SQL Injection
WordPress 2.1.1 - 'wp-includes/theme.php' 'iz' Parameter Arbitrary Command Execution
Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Parameter SQL Injection
aBitWhizzy - whizzylink.php d Variable Traversal Arbitrary Directory Listing
aBitWhizzy - 'whizzylink.php' 'd' Parameter Traversal Arbitrary Directory Listing
MyBloggie 2.1.x - 'index.php' Multiple SQL Injection
MyBloggie 2.1.x - 'index.php' Multiple SQL Injections
PHPLive! 3.2.2 - super/info.php BASE_URL Variable Parameter Cross-Site Scripting
PHPLive! 3.2.2 - 'super/info.php' 'BASE_URL' Parameter Parameter Cross-Site Scripting
JFFNms 0.8.3 - auth.php Multiple Parameter SQL Injection
JFFNms 0.8.3 - 'auth.php' Multiple Parameter SQL Injection
DotClear 1.2.x - /ecrire/trackback.php post_id Parameter Cross-Site Scripting
DotClear 1.2.x - /tools/thememng/index.php tool_url Parameter Cross-Site Scripting
DotClear 1.2.x - '/ecrire/trackback.php' 'post_id' Parameter Cross-Site Scripting
DotClear 1.2.x - '/tools/thememng/index.php' 'tool_url' Parameter Cross-Site Scripting
PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injection
PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injections
Exponent CMS 0.96.5/0.96.6 - iconspopup.php icodir Variable Traversal Arbitrary Directory Listing
Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php' 'icodir' Parameter Traversal Arbitrary Directory Listing
Phorum 5.1.20 - admin.php module[] Variable Full Path Disclosure
Phorum 5.1.20 - 'admin.php' 'module[]' Parameter Full Path Disclosure
Chamilo Lms 1.9.6 - 'profile.php password0 Parameter' SQL Injection
Dokeos 2.2 RC2 - 'index.php language Parameter' SQL Injection
Chamilo Lms 1.9.6 - 'profile.php' 'password0 Parameter SQL Injection
Dokeos 2.2 RC2 - 'index.php' 'language' Parameter SQL Injection
UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Variable Full Path Disclosure
UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Parameters Full Path Disclosure
PHPAccounts 0.5 - 'index.php' Multiple SQL Injection
PHPAccounts 0.5 - 'index.php' Multiple SQL Injections
NetFlow Analyzer 5 - /jspui/applicationList.jsp alpha Parameter Cross-Site Scripting
NetFlow Analyzer 5 - /jspui/appConfig.jsp task Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/applicationList.jsp' 'alpha' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/appConfig.jsp' 'task' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - /jspui/selectDevice.jsp rtype Parameter Cross-Site Scripting
NetFlow Analyzer 5 - /jspui/customReport.jsp rtype Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/selectDevice.jsp' 'rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/customReport.jsp' 'rtype' Parameter Cross-Site Scripting
geoBlog MOD_1.0 - deletecomment.php id Variable Arbitrary Comment Deletion
geoBlog MOD_1.0 - deleteblog.php id Variable Arbitrary Blog Deletion
geoBlog MOD_1.0 - 'deletecomment.php' 'id' Parameter Arbitrary Comment Deletion
geoBlog MOD_1.0 - 'deleteblog.php' 'id' Parameter Arbitrary Blog Deletion
Next Gen Portfolio Manager - default.asp Multiple SQL Injection
Next Gen Portfolio Manager - 'default.asp' Multiple SQL Injections
ACG News 1.0 - 'index.php' Multiple SQL Injection
Cisco CallManager 4.2 - / CUCM 4.2 Logon Page lang Parameter SQL Injection
ACG News 1.0 - 'index.php' Multiple SQL Injections
Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' Parameter SQL Injection
WebBatch - webbatch.exe URL Cross-Site Scripting
WebBatch - webbatch.exe dumpinputdata Variable Remote Information Disclosure
WebBatch - 'webbatch.exe' URL Cross-Site Scripting
WebBatch - 'webbatch.exe' 'dumpinputdata' Parameter Remote Information Disclosure
NetWin DNews - Dnewsweb.exe Multiple Cross-Site Scripting Vulnerabilities
NetWin DNews - 'Dnewsweb.exe' Multiple Cross-Site Scripting Vulnerabilities
Scott Manktelow Design Stride 1.0 - Courses detail.php Multiple SQL Injection
Scott Manktelow Design Stride 1.0 Courses - 'detail.php' Multiple SQL Injections
Article Dashboard - 'admin/login.php' Multiple SQL Injection
Article Dashboard - 'admin/login.php' Multiple SQL Injections
Multi-Forums - Directory.php Multiple SQL Injection
Multi-Forums - 'Directory.php' Multiple SQL Injections
JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injection
JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injections
Absolute News Manager .NET 5.1 - 'pages/default.aspx' template Variable Remote File Access
Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple Parameter SQL Injection
Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access
Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple Parameter SQL Injections
phpRPG 0.8 - /tmp Directory PHPSESSID Cookie Session Hijacking
phpRPG 0.8 - '/tmp' Directory PHPSESSID Cookie Session Hijacking
Web Sihirbazi 5.1.1 - 'default.asp' Multiple SQL Injection
Web Sihirbazi 5.1.1 - 'default.asp' Multiple SQL Injections
eTicket 1.5.5.2 - search.php Multiple Parameter SQL Injection
eTicket 1.5.5.2 - admin.php Multiple Parameter SQL Injection
eTicket 1.5.5.2 - 'search.php' Multiple Parameter SQL Injection
eTicket 1.5.5.2 - 'admin.php' Multiple Parameter SQL Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/login.jsp Multiple Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/account/findForSelect.jsp resultsForm Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/help/index.jsp helpUrl Variable Remote Frame Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/user/main.jsp activeControl Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/login.jsp' Multiple Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp' 'resultsForm' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp' 'helpUrl' Parameter Remote Frame Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp' 'activeControl' Parameter Cross-Site Scripting
MyBB 1.2.10 - 'moderation.php' Multiple SQL Injection
MyBB 1.2.10 - 'moderation.php' Multiple SQL Injections
PacerCMS 0.6 - 'id' Parameter Multiple SQL Injection
PacerCMS 0.6 - 'id' Parameter Multiple SQL Injections
Ipswitch WS_FTP Server 6 - /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass
Ipswitch WS_FTP Server 6 - '/WSFTPSVR/FTPLogServer/LogViewer.asp' Authentication Bypass
Cacti 0.8.7 - tree.php Multiple Parameter SQL Injection
Cacti 0.8.7 - 'tree.php' Multiple Parameter SQL Injections
Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injection
Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injections
WebcamXP 3.72.440/4.05.280 Beta - /pocketpc camnum Variable Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - /show_gallery_pic id Variable Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc' 'camnum' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic' 'id' Parameter Arbitrary Memory Disclosure
Elastic Path 4.1 - 'manager/FileManager.jsp' dir Variable Traversal Arbitrary Directory Listing
Elastic Path 4.1 - 'manager/FileManager.jsp' 'dir' Parameter Traversal Arbitrary Directory Listing
osCommerce 2.3.3.4 - 'geo_zones.php zID Parameter' SQL Injection
osCommerce 2.3.3.4 - 'geo_zones.php' 'zID' Parameter SQL Injection
D-Link DSL-2750B (ADSL Router) - Cross-Site Request Forgery
D-Link DSL-2750B ADSL Route) - Cross-Site Request Forgery
Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities
NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities
Concrete5 5.6.2.1 - 'index.php cID Parameter' SQL Injection
Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
TLM CMS 1.1 - 'index.php' Multiple SQL Injection
TLM CMS 1.1 - 'index.php' Multiple SQL Injections
RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injection
RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injections
IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injection
IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injections
WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php track Parameter' SQL Injection
WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php' 'track' Parameter SQL Injection
JustPORTAL 1.0 - 'site' Parameter Multiple SQL Injection
Proje ASP Portal 2.0 - 'id' Parameter Multiple SQL Injection
dvbbs 8.2 - 'login.asp' Multiple SQL Injection
JustPORTAL 1.0 - 'site' Parameter Multiple SQL Injections
Proje ASP Portal 2.0 - 'id' Parameter Multiple SQL Injections
dvbbs 8.2 - 'login.asp' Multiple SQL Injections
Te Ecard - 'id' Parameter Multiple SQL Injection
Te Ecard - 'id' Parameter Multiple SQL Injections
Benja CMS 0.1 - /admin/admin_edit_submenu.php URL Cross-Site Scripting
Benja CMS 0.1 - '/admin/admin_edit_submenu.php' URL Cross-Site Scripting
Benja CMS 0.1 - /admin/admin_edit_topmenu.php URL Cross-Site Scripting
Benja CMS 0.1 - '/admin/admin_edit_topmenu.php' URL Cross-Site Scripting
PHP Ticket System Beta 1 - 'get_all_created_by_user.php id Parameter' SQL Injection
PHP Ticket System Beta 1 - 'get_all_created_by_user.php' 'id' Parameter SQL Injection
webERP 4.11.3 - 'SalesInquiry.php SortBy Parameter' SQL Injection
webERP 4.11.3 - 'SalesInquiry.php' 'SortBy' Parameter SQL Injection
couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injection
couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injections
Claroline 1.8.9 - claroline/redirector.php url Variable Arbitrary Site Redirect
Claroline 1.8.9 - 'claroline/redirector.php' 'url' Parameter Arbitrary Site Redirect
EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection / Cross-Site Scripting
EasyPublish 3.0 - 'read' Parameter Multiple SQL Injections / Cross-Site Scripting
ownCloud 4.0.x/4.5.x - 'upload.php Filename Parameter' Remote Code Execution
ownCloud 4.0.x/4.5.x - 'upload.php' 'Filename' Parameter Remote Code Execution
Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injection
Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injections
ZYXEL Router P-660HN-T1A - Login Bypass
ZYXEL P-660HN-T1A Router - Login Bypass
PromoProducts - 'view_product.php' Multiple SQL Injection
PromoProducts - 'view_product.php' Multiple SQL Injections
EasyRealtorPRO 2008 - 'site_search.php' Multiple SQL Injection
EasyRealtorPRO 2008 - 'site_search.php' Multiple SQL Injections
OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injection
OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections
InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i Parameter' SQL Injection
InterWorx Control Panel 5.0.13 build 574 - 'xhr.php' 'i' Parameter SQL Injection
Tandis CMS 2.5 - 'index.php' Multiple SQL Injection
Tandis CMS 2.5 - 'index.php' Multiple SQL Injections
TWiki 4.x - SEARCH Variable Remote Command Execution
TWiki 4.x - URLPARAM Variable Cross-Site Scripting
TWiki 4.x - 'SEARCH' Parameter Remote Command Execution
TWiki 4.x - 'URLPARAM' Parameter Cross-Site Scripting
DO-CMS 3.0 - 'p' Parameter Multiple SQL Injection
DO-CMS 3.0 - 'p' Parameter Multiple SQL Injections
MKPortal 1.2.1 - /modules/blog/index.php Home Template Textarea SQL Injection
MKPortal 1.2.1 - /modules/rss/handler_image.php i Parameter Cross-Site Scripting
MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection
MKPortal 1.2.1 - '/modules/rss/handler_image.php' 'i' Parameter Cross-Site Scripting
Banking@Home 2.1 - 'login.asp' Multiple SQL Injection
Banking@Home 2.1 - 'login.asp' Multiple SQL Injections
kitForm CRM Extension 0.43 - 'sorter.php sorter_value Parameter' SQL Injection
kitForm CRM Extension 0.43 - 'sorter.ph' 'sorter_value' Parameter SQL Injection
dompdf 0.6.0 - 'dompdf.php read Parameter' Arbitrary File Read
dompdf 0.6.0 - 'dompdf.php' 'read' Parameter Arbitrary File Read
Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injection
Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injections
VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injection
VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injections
Pars CMS - 'RP' Parameter Multiple SQL Injection
Pars CMS - 'RP' Parameter Multiple SQL Injections
tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injection
tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injections
MODx 1.0.3 - 'index.php' Multiple SQL Injection
MODx 1.0.3 - 'index.php' Multiple SQL Injections
HuronCMS - 'index.php' Multiple SQL Injection
HuronCMS - 'index.php' Multiple SQL Injections
4x CMS - 'login.php' Multiple SQL Injection
4x CMS - 'login.php' Multiple SQL Injections
Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injection
Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injections
ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injection
ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections
GREEZLE - Global Real Estate Agent Login Multiple SQL Injection
(GREEZLE) Global Real Estate Agent Login - Multiple SQL Injections
SaffaTunes CMS - 'news.php' Multiple SQL Injection
SaffaTunes CMS - 'news.php' Multiple SQL Injections
pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injection
pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injections
DiamondList - /user/main/update_settings setting[site_title] Parameter Cross-Site Scripting
DiamondList - /user/main/update_category category[description] Parameter Cross-Site Scripting
DiamondList - '/user/main/update_settings' 'setting[site_title]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_category' 'category[description]' Parameter Cross-Site Scripting
vBulletin 4.0.x < 4.1.2 - 'search.php cat Parameter' SQL Injection
vBulletin 4.0.x < 4.1.2 - 'search.php' 'cat' Parameter SQL Injection
Mulitple WordPress Themes - 'admin-ajax.php img Parameter' Arbitrary File Download
Mulitple WordPress Themes - 'admin-ajax.php' 'img' Parameter Arbitrary File Download
tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injection
tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injections
APBook 1.3 - Admin Login Multiple SQL Injection
APBook 1.3 - Admin Login Multiple SQL Injections
MODx manager - /controllers/default/resource/tvs.php class_key Parameter Traversal Local File Inclusion
MODx manager - '/controllers/default/resource/tvs.php' 'class_key' Parameter Traversal Local File Inclusion
Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter' SQL Injection
Bacula-Web 5.2.10 - 'joblogs.php' 'jobid Parameter SQL Injection
PHP Scripts Now Riddles - /riddles/results.php searchQuery Parameter Cross-Site Scripting
PHP Scripts Now Riddles - /riddles/list.php catid Parameter SQL Injection
PHP Scripts Now Riddles - '/riddles/results.php' 'searchQuery' Parameter Cross-Site Scripting
PHP Scripts Now Riddles - '/riddles/list.php' 'catid' Parameter SQL Injection
Easy Banner 2009.05.18 - member.php Multiple Parameter SQL Injection Authentication Bypass
Easy Banner 2009.05.18 - 'member.php' Multiple Parameter SQL Injection / Authentication Bypass
E-lokaler CMS 2 - Admin Login Multiple SQL Injection
E-lokaler CMS 2 - Admin Login Multiple SQL Injections
Blog:CMS 4.2.1 e - Multiple HTML Injection / Cross-Site Scripting
Blog:CMS 4.2.1 e - Multiple HTML Injections / Cross-Site Scripting
Piwigo 2.6.0 - 'picture.php rate Parameter' SQL Injection
Piwigo 2.6.0 - 'picture.php' 'rate' Parameter SQL Injection
Eleanor CMS - Cross-Site Scripting / Multiple SQL Injection
Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections
Netgear WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit
NETGEAR WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit
PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter' SQL Injection
PHPMyRecipes 1.2.2 - 'dosearch.php' 'words_exact Parameter SQL Injection
Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injection
Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections
BoutikOne - search.php Multiple Parameter SQL Injection
BoutikOne - 'search.php' Multiple Parameter SQL Injections
Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injection
Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injections
Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injection
Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections
Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injection
Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injections
GuppY 4.6.14 - 'lng' Parameter Multiple SQL Injection
GuppY 4.6.14 - 'lng' Parameter Multiple SQL Injections
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection / Authentication Bypass
CIK Telecom VoIP router SVG6000RW - Privilege Escalation / Command Execution
CIK Telecom VoIP Router SVG6000RW - Privilege Escalation / Command Execution
PHPMyRecipes 1.2.2 - 'browse.php category Parameter' SQL Injection
PHPMyRecipes 1.2.2 - 'browse.php' 'category' Parameter SQL Injection
4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injection
4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injections
TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injection
TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injections
Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injection
Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injections
Mambo Component Docman 1.3.0 - Multiple SQL Injection
Mambo Component Docman 1.3.0 - Multiple SQL Injections
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injection
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injections
Paliz Portal - Cross-Site Scripting / Multiple SQL Injection
Paliz Portal - Cross-Site Scripting / Multiple SQL Injections
Sphider 1.3.x - Admin Panel Multiple SQL Injection
Sphider 1.3.x - Admin Panel Multiple SQL Injections
Code Widgets Online Job Application - 'admin.asp' Multiple SQL Injection
Code Widgets Online Job Application - 'admin.asp' Multiple SQL Injections
Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injection
Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injections
EasyGallery 5 - 'index.php' Multiple SQL Injection
EasyGallery 5 - 'index.php' Multiple SQL Injections
Xenon - 'id' Parameter Multiple SQL Injection
Xenon - 'id' Parameter Multiple SQL Injections
eFront 3.6.10 - 'professor.php' Script Multiple SQL Injection
eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections
eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injection
eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injections
Dolibarr ERP/CRM - /user/index.php Multiple Parameter SQL Injection
Dolibarr ERP/CRM - /user/info.php id Parameter SQL Injection
Dolibarr ERP/CRM - /admin/boxes.php rowid Parameter SQL Injection
Dolibarr ERP/CRM - '/user/index.php' Multiple Parameter SQL Injections
Dolibarr ERP/CRM - '/user/info.php' 'id' Parameter SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php' 'rowid' Parameter SQL Injection
PrestaShop 1.4.4.1 - /modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition Parameter Cross-Site Scripting
PrestaShop 1.4.4.1 - /admin/ajaxfilemanager/ajax_save_text.php Multiple Parameter Cross-Site Scripting
PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php' 'Expedition' Parameter Cross-Site Scripting
PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Parameter Cross-Site Scripting
Manx 1.0.1 - /admin/admin_blocks.php Filename Parameter Traversal Arbitrary File Access
Manx 1.0.1 - /admin/admin_pages.php Filename Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_blocks.php' 'Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_pages.php' 'Filename' Parameter Traversal Arbitrary File Access
SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injection
SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injections
Balero CMS 0.7.2 - Multiple Blind SQL Injection
Balero CMS 0.7.2 - Multiple Blind SQL Injections
WordPress Plugin'WP Mobile Edition 2.7 - Remote File Disclosure
WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure
CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injection
CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections
Dotclear 2.4.1.2 - /admin/auth.php login_data Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - /admin/blogs.php nb Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - /admin/comments.php Multiple Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - /admin/plugin.php page Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/auth.php' 'login_data' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/blogs.php' 'nb' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/comments.php' Multiple Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/plugin.php' 'page' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - /help/helpredir.aspx guide Parameter Cross-Site Scripting
SAP Business Objects InfoView System - /webi/webi_modify.aspx id Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/help/helpredir.aspx' 'guide' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/webi/webi_modify.aspx' 'id' Parameter Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 - /lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml() Method Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php' 'String::stripUnsafeHtml()' Method Cross-Site Scripting
PHP Designer 2007 - Personal Multiple SQL Injection
PHP Designer 2007 Personal - Multiple SQL Injections
WordPress Plugin All-in-One Event Calendar 1.4 agenda-widget.php Multiple Parameter Cross-Site Scripting
WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Parameter Cross-Site Scripting
XOOPS 2.5.4 - /modules/pm/pmlite.php to_userid Parameter Cross-Site Scripting
XOOPS 2.5.4 - /tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php Multiple Parameter Cross-Site Scripting
XOOPS 2.5.4 - '/modules/pm/pmlite.php' 'to_userid' Parameter Cross-Site Scripting
XOOPS 2.5.4 - '/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php' Multiple Parameter Cross-Site Scripting
XM Forum - 'id' Parameter Multiple SQL Injection
XM Forum - 'id' Parameter Multiple SQL Injections
AdaptCMS 2.0.2 TinyURL Plugin - admin.php Multiple Parameter SQL Injection
AdaptCMS 2.0.2 TinyURL Plugin - 'admin.php' Multiple Parameter SQL Injections
Classified Ads Script PHP - 'admin.php' Multiple SQL Injection
Classified Ads Script PHP - 'admin.php' Multiple SQL Injections
Limny - 'index.php' Multiple SQL Injection
Limny - 'index.php' Multiple SQL Injections
TCExam 11.2.x - /admin/code/tce_edit_answer.php Multiple Parameter SQL Injection
TCExam 11.2.x - /admin/code/tce_edit_question.php subject_module_id Parameter SQL Injection
TCExam 11.2.x - '/admin/code/tce_edit_answer.php' Multiple Parameter SQL Injection
TCExam 11.2.x - '/admin/code/tce_edit_question.php' 'subject_module_id' Parameter SQL Injection
jCore - /admin/index.php path Parameter Cross-Site Scripting
jCore - '/admin/index.php' 'path' Parameter Cross-Site Scripting
Netsweeper 4.0.8 - SQL Injection Authentication Bypass
Netsweeper 4.0.8 - SQL Injection / Authentication Bypass
dotProject 2.1.x - 'index.php' Multiple Parameter SQL Injection
dotProject 2.1.x - 'index.php' Multiple Parameter SQL Injections
MantisBT 1.2.19 - Host Header Attack
MantisBT 1.2.19 - Host Header Exploit
WordPress Plugin RokBox Plugin - /wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext Parameter Cross-Site Scripting
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf' 'abouttext' Parameter Cross-Site Scripting
cPanel WebHost Manager (WHM) - /webmail/x3/mail/clientconf.html acct Parameter Cross-Site Scripting
cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html' 'acct' Parameter Cross-Site Scripting
WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php reqID Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php reqID Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php' 'reqID' Parameter SQL Injection
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injection
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections
ezStats for Battlefield 3 - /ezStats2/compare.php Multiple Parameter Cross-Site Scripting
ezStats for Battlefield 3 - '/ezStats2/compare.php' Multiple Parameter Cross-Site Scripting
PHP Address Book - /addressbook/register/delete_user.php id Parameter SQL Injection
PHP Address Book - /addressbook/register/edit_user.php id Parameter SQL Injection
PHP Address Book - /addressbook/register/edit_user_save.php Multiple Parameter SQL Injection
PHP Address Book - /addressbook/register/linktick.php site Parameter SQL Injection
PHP Address Book - /addressbook/register/reset_password.php Multiple Parameter SQL Injection
PHP Address Book - /addressbook/register/reset_password_save.php Multiple Parameter SQL Injection
PHP Address Book - /addressbook/register/router.php BasicLogin Cookie Parameter SQL Injection
PHP Address Book - /addressbook/register/traffic.php var Parameter SQL Injection
PHP Address Book - /addressbook/register/user_add_save.php email Parameter SQL Injection
PHP Address Book - /addressbook/register/checklogin.php 'Username' Parameter SQL Injection
PHP Address Book - /addressbook/register/admin_index.php q Parameter SQL Injection
PHP Address Book - '/addressbook/register/delete_user.php' 'id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/edit_user.php' 'id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/edit_user_save.php' Multiple Parameter SQL Injection
PHP Address Book - '/addressbook/register/linktick.php' 'site' Parameter SQL Injection
PHP Address Book - '/addressbook/register/reset_password.php' Multiple Parameter SQL Injection
PHP Address Book - '/addressbook/register/reset_password_save.php' Multiple Parameter SQL Injection
PHP Address Book - '/addressbook/register/router.php' 'BasicLogin' Cookie Parameter SQL Injection
PHP Address Book - '/addressbook/register/traffic.php' 'var' Parameter SQL Injection
PHP Address Book - '/addressbook/register/user_add_save.php' 'email' Parameter SQL Injection
PHP Address Book - '/addressbook/register/checklogin.php' 'Username' Parameter SQL Injection
PHP Address Book - '/addressbook/register/admin_index.php' 'q' Parameter SQL Injection
Hero Framework - /users/login 'Username' Parameter Cross-Site Scripting
Hero Framework - /users/forgot_password error Parameter Cross-Site Scripting
Hero Framework - '/users/login' 'Username' Parameter Cross-Site Scripting
Hero Framework - '/users/forgot_password' 'error' Parameter Cross-Site Scripting
RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injection
RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injections
NetApp OnCommand System Manager - /zapiServlet CIFS Configuration Management Interface Multiple Parameter Cross-Site Scripting
NetApp OnCommand System Manager - /zapiServlet User Management Interface Multiple Parameter Cross-Site Scripting
NetApp OnCommand System Manager - '/zapiServlet' CIFS Configuration Management Interface Multiple Parameter Cross-Site Scripting
NetApp OnCommand System Manager - '/zapiServlet' User Management Interface Multiple Parameter Cross-Site Scripting
Jahia xCM - /engines/manager.jsp site Parameter Cross-Site Scripting
Jahia xCM - '/engines/manager.jsp' 'site' Parameter Cross-Site Scripting
D-Link DIR-816L (Wireless Router) - Cross-Site Request Forgery
D-Link DIR-816L Wireless Router - Cross-Site Request Forgery
Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Parameter Multiple SQL Injection
Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Parameter Multiple SQL Injections
NeoBill - /modules/nullregistrar/PHPwhois/example.php query Parameter Remote Code Execution
NeoBill - /install/include/solidstate.php Multiple Parameter SQL Injection
NeoBill - '/modules/nullregistrar/PHPwhois/example.php' 'query' Parameter Remote Code Execution
NeoBill - '/install/include/solidstate.php' Multiple Parameter SQL Injection
C2C Forward Auction Creator 2.0 - /auction/asp/list.asp pa Parameter SQL Injection
C2C Forward Auction Creator - /auction/casp/Admin.asp SQL Injection Admin Authentication Bypass
C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp' 'pa' Parameter SQL Injection
C2C Forward Auction Creator - '/auction/casp/Admin.asp' SQL Injection (Admin Authentication Bypass)
Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injection Authentication Bypass
Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injections / Authentication Bypass
Command School Student Management System - /sw/admin_grades.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_terms.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_school_years.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_sgrades.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_media_codes_1.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_infraction_codes.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_generations.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_relations.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_titles.php id Parameter SQL Injection
Command School Student Management System - /sw/health_allergies.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_school_names.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_subjects.php id Parameter SQL Injection
Command School Student Management System - /sw/backup/backup_ray2.php Database Backup Direct Request Information Disclosure
Command School Student Management System - /sw/Admin_change_Password.php Cross-Site Request Forgery (Admin Password Manipulation)
Command School Student Management System - /sw/add_topic.php Cross-Site Request Forgery (Topic Creation)
Command School Student Management System - '/sw/admin_grades.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_terms.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_years.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_sgrades.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_media_codes_1.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_infraction_codes.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_generations.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_relations.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_titles.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/health_allergies.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_names.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_subjects.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/backup/backup_ray2.php' Database Backup Direct Request Information Disclosure
Command School Student Management System - '/sw/Admin_change_Password.php' Cross-Site Request Forgery (Admin Password Manipulation)
Command School Student Management System - '/sw/add_topic.php' Cross-Site Request Forgery (Topic Creation)
Dredge School Administration System - /DSM/loader.php Id Parameter SQL Injection
Dredge School Administration System - /DSM/loader.php Account Information Disclosure
Dredge School Administration System - /DSM/loader.php Cross-Site Request Forgery (Admin Account Manipulation)
Dredge School Administration System - /DSM/Backup/processbackup.php Database Backup Information Disclosure
Dredge School Administration System - '/DSM/loader.php' 'Id' Parameter SQL Injection
Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure
Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Manipulation)
Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Disclosure
UAEPD Shopping Script - /products.php Multiple Parameter SQL Injection
UAEPD Shopping Script - /news.php id Parameter SQL Injection
UAEPD Shopping Script - '/products.php' Multiple Parameter SQL Injection
UAEPD Shopping Script - '/news.php' 'id' Parameter SQL Injection
BloofoxCMS - /bloofox/index.php 'Username' Parameter SQL Injection
BloofoxCMS - /bloofox/admin/index.php 'Username' Parameter SQL Injection
BloofoxCMS - /admin/index.php Cross-Site Request Forgery (Add Admin)
BloofoxCMS - '/bloofox/index.php' 'Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/admin/index.php' 'Username' Parameter SQL Injection
BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)
Professional Designer E-Store - 'id' Parameter Multiple SQL Injection
GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injection
Professional Designer E-Store - 'id' Parameter Multiple SQL Injections
GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injections
Xangati - /servlet/MGConfigData Multiple Parameter Directory Traversal
Xangati - /servlet/Installer file Parameter Directory Traversal
Xangati - '/servlet/MGConfigData' Multiple Parameter Directory Traversal
Xangati - '/servlet/Installer' 'file' Parameter Directory Traversal
Caldera - /costview2/jobs.php tr Parameter SQL Injection
Caldera - /costview2/printers.php tr Parameter SQL Injection
Caldera - '/costview2/jobs.php' 'tr' Parameter SQL Injection
Caldera - '/costview2/printers.php' 'tr' Parameter SQL Injection
WordPress Plugin BSK PDF Manager - 'wp-admin/admin.php' Multiple SQL Injection
WordPress Plugin BSK PDF Manager - 'wp-admin/admin.php' Multiple SQL Injections
ol-commerce - /OL-Commerce/affiliate_signup.php a_country Parameter SQL Injection
ol-commerce - /OL-Commerce/affiliate_show_banner.php affiliate_banner_id Parameter SQL Injection
ol-commerce - /OL-Commerce/create_account.php country Parameter SQL Injection
ol-commerce - /OL-Commerce/admin/create_account.php entry_country_id Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_signup.php' 'a_country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_show_banner.php' 'affiliate_banner_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/create_account.php' 'country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/admin/create_account.php' 'entry_country_id' Parameter SQL Injection
NUUO NVRmini 2 3.0.8 - Multiple OS Command Injection
NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections
Multiple Netgear Routers - Password Disclosure
Multiple NETGEAR Routers - Password Disclosure
WebKit - Stealing Variables via Page Navigation in FrameLoader::clear
WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear'
2017-06-23 05:01:28 +00:00
Offensive Security
df0343af6d
DB: 2017-06-22
...
13 new exploits
Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Pool Memory Disclosure
Microsoft Windows - 'IOCTL 0x390400_ operation code 0x00020000' Kernel KsecDD Pool Memory Disclosure
Microsoft Windows - 'IOCTL_MOUNTMGR_QUERY_POINTS' Kernel Mountmgr Pool Memory Disclosure
Microsoft Windows - '0x224000 IOCTL (WmiQueryAllData)' Kernel WMIDataDevice Pool Memory Disclosure
Microsoft Windows - 'win32k!NtGdiEnumFonts' Kernel Pool Memory Disclosure
Microsoft Windows - 'IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS' volmgr Pool Memory Disclosure
Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_GEOMETRY_EX' Kernel partmgr Pool Memory Disclosure
Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_LAYOUT_EX' Kernel partmgr Pool Memory Disclosure
Microsoft Windows - 'nt!NtQueryVolumeInformationFile (FileFsVolumeInformation)' Kernel Pool Memory Disclosure
Microsoft Windows - 'nt!NtNotifyChangeDirectoryFile' Kernel Pool Memory Disclosure
Microsoft Windows - 'nt!KiDispatchException' Kernel Stack Memory Disclosure in Exception Handling
sudo 1.8.0 < 1.8.3p1 (sudo_debug) - glibc FORTIFY_SOURCE Bypass + Privilege Escalation
sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation
Linux Kernel 3.14.5 (RHEL / CentOS 7) - 'libfutex' Privilege Escalation
Linux Kernel 3.14.5 (CentOS 7 / RHEL) - 'libfutex' Privilege Escalation
Sudo 1.8.14 - Unauthorized Privilege
Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - 'Sudoedit' Unauthorized Privilege Escalation
Linux/x86 - Reverse UDP Shellcode (668 bytes)
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
2017-06-22 05:01:27 +00:00
Offensive Security
b00ce2562c
DB: 2017-06-21
...
2 new exploits
Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service
Sudo - 'get_process_ttyname()' Privilege Escalation
Sudo 1.8.20 - 'get_process_ttyname()' Privilege Escalation
WonderCMS 2.1.0 - Cross-Site Request Forgery
2017-06-21 05:01:28 +00:00
Offensive Security
248f7e7480
DB: 2017-06-17
...
7 new exploits
WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions
WebKit JSC - arrayProtoFuncSplice does not Initialize all Indices
WebKit JSC - JIT Optimization Check Failed in IntegerCheckCombiningPhase::handleBlock
WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales
Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow (DEP Bypass)
KBVault MySQL 0.16a - Arbitrary File Upload
Joomla! Component JoomRecipe 1.0.3 - SQL Injection
2017-06-17 05:01:25 +00:00
Offensive Security