exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	f589361686	DB: 2018-01-13 1949 changes to exploits/shellcodes Bird Chat 1.61 - Denial of Service Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service PHP 5.2.0 (Windows x86) - 'PHP_win32sti' Local Buffer Overflow PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC) Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1) Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2) HP Data Protector Media Operations - Null Pointer Dereference Remote Denial of Service AnyDVD 6.7.1.0 - Denial of Service Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098) Apple Safari - GdiDrawStream Blue Screen of Death Oracle VM VirtualBox 4.1 - Local Denial of Service Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035) VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read Linux Kernel 3.17.5 - IRET Instruction #SS Fault Handling Crash (PoC) Samba < 3.6.2 (x86) - Denial of Service (PoC) Adobe Flash (Linux x64) - Bad Dereference at 0x23c Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Shared Object Type Confusion Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Shared Object Type Confusion ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073) Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073) Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061) Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061) Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073) Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073) Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061) Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061) Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061) Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097) Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097) Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097) Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061) Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097) Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097) Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097) Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097) Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service) Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow win32k Desktop and Clipboard - Null Pointer Dereference win32k Clipboard Bitmap - Use-After-Free win32k Desktop and Clipboard - Null Pointer Dereference win32k Clipboard Bitmap - Use-After-Free Adobe Flash Selection.SetSelection - Use-After-Free Adobe Flash Sound.setTransform - Use-After-Free Adobe Flash - Use-After-Free When Setting Stage Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039) Core FTP Server 32-bit Build 587 - Heap Overflow Microsoft Windows - Custom Font Disable Policy Bypass Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service Evostream Media Server 1.7.1 (x64) - Denial of Service Kentico CMS 11.0 - Buffer Overflow PyroBatchFTP < 3.19 - Buffer Overflow Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure Oracle 10g (Windows x86) - 'PROCESS_DUP_HANDLE' Local Privilege Escalation GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation PHP 5.2.9 (Windows x86) - Local Safemod Bypass Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1) HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow RadASM - '.rap' file Local Buffer Overflow Mini-stream RM-MP3 Converter 3.1.2.1 - '.pls' Local Stack Buffer Overflow Universal Audiotran 1.4.2.4 - Local Overflow (SEH) Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation (1) Linux Kernel 4.6.3 (x86) - 'Netfilter' Local Privilege Escalation (Metasploit) VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit) QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit) PHP 5.4.3 (Windows x86 Polish) - Code Execution Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure Linux Kernel 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Local Privilege Escalation (1) Linux Kernel 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Local Privilege Escalation (2) Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Local Privilege Escalation (2) Novell Client 2 SP3 - 'nicm.sys' Local Privilege Escalation (Metasploit) Solaris Recommended Patch Cluster 6/19 (x86) - Local Privilege Escalation Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation (Metasploit) Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Local Privilege Escalation (3) LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit) Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Privilege Escalation (3) TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) Microsoft Bluetooth Personal Area Networking - 'BthPan.sys' Local Privilege Escalation (Metasploit) Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit) Offset2lib - Bypassing Full ASLR On 64 bit Linux Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058) Linux espfix64 - Nested NMIs Interrupting Privilege Escalation Linux (x86) - Memory Sinkhole Privilege Escalation Linux espfix64 - Nested NMIs Interrupting Privilege Escalation Linux (x86) - Memory Sinkhole Privilege Escalation Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002) Microsoft Windows - Font Driver Buffer Overflow (MS15-078) (Metasploit) TrueCrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation Microsoft Windows 8.1 - 'win32k' Local Privilege Escalation (MS15-010) MySQL 5.5.45 (x64) - Local Credentials Disclosure Microsoft Windows 7 SP1 (x86) - 'WebDAV' Local Privilege Escalation (MS16-016) (1) Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032) ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014) Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation Street Fighter 5 - 'Capcom.sys' Kernel Execution (Metasploit) Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046) Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062) Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098) PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation Linux Kernel - 'offset2lib' Stack Clash Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Linux Kernel - 'offset2lib' Stack Clash Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit) Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2) Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032) Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Command Execution gpsdrive 2.09 (x86) - 'friendsd2' Remote Format String PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit) dproxy-nexgen (Linux x86) - Remote Buffer Overflow Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow 3proxy 0.5.3g (Windows x86) - 'proxy.c logurl()' Remote Buffer Overflow 3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl) SapLPD 6.28 (Windows x86) - Remote Buffer Overflow Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe MsgBox()' Remote Code Execution Integard Home and Pro 2 - Remote HTTP Buffer Overflow Knox Arkeia Backup Client Type 77 (Windows x86) - Remote Overflow (Metasploit) Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit) Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit) AASync 2.2.1.0 (Windows x86) - Remote Stack Buffer Overflow 'LIST' (Metasploit) 32bit FTP Client - Remote Stack Buffer Overflow (Metasploit) SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow (Metasploit) SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit) Icecast 2.0.1 (Windows x86) - Header Overwrite (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit) PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit) Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit) CA CAM (Windows x86) - 'log_security()' Remote Stack Buffer Overflow (Metasploit) Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit) Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit) WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3) Nginx 1.3.9/1.4.0 (x86) - Brute Force Nginx 1.4.0 (Generic Linux x64) - Remote Overflow Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit) Symantec Endpoint Protection Manager - Authentication Bypass / Code Execution (Metasploit) Symantec pcAnywhere 12.5.0 (Windows x86) - Remote Code Execution PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit) ALLMediaServer 0.95 - Buffer Overflow Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007) Rancher Server - Docker Daemon Code Execution (Metasploit) Unitrends UEB 9 - http api/storage Remote Root (Metasploit) Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) Unitrends UEB 9 - http api/storage Remote Root (Metasploit) Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007) PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion Joomla! Component Elite Experts - SQL Injection Traidnt UP - Cross-Site Request Forgery (Add Admin) Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting Infoblox 6.8.2.11 - OS Command Injection Xnami 1.0 - Cross-Site Scripting Taxi Booking Script 1.0 - Cross-site Scripting FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - Reverse Connection (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - setuid(0) + execve(ipf -Fa) Shellcode (57 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes) Linux/MIPS - execve /bin/sh Shellcode (56 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]) Shellcode (60 bytes) Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes) Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes) Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - File Unlinker Shellcode (18+ bytes) Linux/x86 - Perl Script Execution Shellcode (99+ bytes) Linux/x86 - Read /etc/passwd Shellcode (65+ bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - killall5 Shellcode (34 bytes) Linux/x86 - PUSH reboot() Shellcode (30 bytes) Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes) Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - File Unlinker Shellcode (18+ bytes) Linux/x86 - Perl Script Execution Shellcode (99+ bytes) Linux/x86 - Read /etc/passwd Shellcode (65+ bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - killall5 Shellcode (34 bytes) Linux/x86 - PUSH reboot() Shellcode (30 bytes) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes) Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - iopl(3); asm(cli); while(1){} Shellcode (12 bytes) Linux/x86 - System Beep Shellcode (45 bytes) Linux/x86 - ConnectBack (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - Kill All Processes Shellcode (11 bytes) Linux/x86 - execve read Shellcode (92 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes) Linux/x86 - Fork Bomb Shellcode (7 bytes) Linux/x86 - execve(rm -rf /) Shellcode (45 bytes) Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes) Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes) Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes) Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - iopl(3) + asm(cli) + while(1){} Shellcode (12 bytes) Linux/x86 - System Beep Shellcode (45 bytes) Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - Kill All Processes Shellcode (11 bytes) Linux/x86 - execve read Shellcode (92 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes) Linux/x86 - Fork Bomb Shellcode (7 bytes) Linux/x86 - execve(rm -rf /) Shellcode (45 bytes) Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes) Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes) Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes) Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes) Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes) Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes) Linux/x86 - reboot() Shellcode (20 bytes) Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes) Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes) Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes) Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes) Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes) Linux/x86 - reboot() Shellcode (20 bytes) Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes) Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes) Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes) Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); Shellcode (15 bytes) Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); Shellcode (29 bytes) Linux/x86 - _exit(1); Shellcode (7 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - upload + exec Shellcode (189 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Self-Modifying Radical Shellcode (70 bytes) Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes) Linux/x86 - execve code Shellcode (23 bytes) Linux/x86 - execve(_/bin/ash__0_0); Shellcode (21 bytes) Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes) Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - symlink . /bin/sh Shellcode (32 bytes) Linux/x86 - Kill Snort Shellcode (151 bytes) Linux/x86 - Execute At Shared Memory Shellcode (50 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes) Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes) Linux/x86 - execve /bin/sh Shellcode (29 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3) Linux/x86 - execve /bin/sh Shellcode (38 bytes) Linux/x86 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux/x86-64 - execve /bin/sh Shellcode (33 bytes) Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes) Linux/x86 - dup2(0_0) + dup2(0_1) + dup2(0_2) Shellcode (15 bytes) Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf() Shellcode (29 bytes) Linux/x86 - _exit(1) Shellcode (7 bytes) Linux/x86 - read(0_buf_2541) + chmod(buf_4755) Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12) + Exit Shellcode (36/43 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - upload + exec Shellcode (189 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Self-Modifying Radical Shellcode (70 bytes) Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes) Linux/x86 - execve code Shellcode (23 bytes) Linux/x86 - execve(_/bin/ash__0_0) Shellcode (21 bytes) Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes) Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - symlink . /bin/sh Shellcode (32 bytes) Linux/x86 - Kill Snort Shellcode (151 bytes) Linux/x86 - Execute At Shared Memory Shellcode (50 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes) Linux/x86 - cp /bin/sh /tmp/katy + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes) Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes) Linux/x86 - execve /bin/sh Shellcode (29 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3) Linux/x86 - execve /bin/sh Shellcode (38 bytes) Linux/x86 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux/x86-64 - execve /bin/sh Shellcode (33 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) SCO/x86 - execve(_/bin/sh__ ..._ NULL); Shellcode (43 bytes) SCO/x86 - execve(_/bin/sh__ ..._ NULL) Shellcode (43 bytes) Solaris/x86 - setuid(0) + execve(//bin/sh); + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - Egg Omelet SEH Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - Egg Omelet SEH Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - MessageBox Shellcode (110 bytes) Windows x86 - Command WinExec() Shellcode (104+ bytes) Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - MessageBox Shellcode (110 bytes) Windows x86 - Command WinExec() Shellcode (104+ bytes) Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes) Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Windows - DCOM RPC2 Universal Shellcode Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - Kill All Processes Shellcode (9 bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve Shellcode (51 bytes) Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Windows - DCOM RPC2 Universal Shellcode Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - Kill All Processes Shellcode (9 bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve Shellcode (51 bytes) Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Linux/x86 - Disable modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Linux/x86 - Disable modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2) Linux/x86 - DoS Badger Game Shellcode (6 bytes) Linux/x86 - DoS SLoc Shellcode (55 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2) Linux/x86 - DoS Badger Game Shellcode (6 bytes) Linux/x86 - DoS SLoc Shellcode (55 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (2) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x86-64 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); Shellcode (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (2) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x86-64 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode Linux/x86 - execve(_/usr/bin/wget__ _aaaa_) Shellcode (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - Disable ASLR Security Shellcode (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - Kill All Running Process Shellcode (11 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes) Linux/x86 - Hard Reboot Shellcode (29 bytes) Linux/x86 - Hard Reboot Shellcode (33 bytes) Linux/x86 - Disable ASLR Security Shellcode (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - Kill All Running Process Shellcode (11 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes) Linux/x86 - Hard Reboot Shellcode (29 bytes) Linux/x86 - Hard Reboot Shellcode (33 bytes) Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes) Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes) Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Linux/ARM - Bind UDP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode Windows x86 - Eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) Windows x86 - Eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/SuperH (sh4) - setuid(0) + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/x86-64 - execve /bin/sh Shellcode (52 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/x86 - execve /bin/dash Shellcode (42 bytes) Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/x86 - execve /bin/dash Shellcode (42 bytes) Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes) Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes) MIPS (Little Endian) - system() Shellcode (80 bytes) Linux/MIPS (Little Endian) - system() Shellcode (80 bytes) Linux/x86 - Egghunter Shellcode (31 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Linux/x86 - Egghunter Shellcode (31 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes) Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir Shellcode (37 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) Position Independent Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir Shellcode (37 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes) Linux/x86 - execve /bin/sh Shellcode (35 bytes) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Shellcode (57 bytes) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes) Linux/x86 - execve /bin/sh Shellcode (35 bytes) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Shellcode (57 bytes) Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes) Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - exit(0) Shellcode (6 bytes) Linux/x86 - execve /bin/sh Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - Shutdown(init 0) Shellcode (30 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 bytes) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes) Linux/x86 - Download File + Execute Shellcode Linux/x86 - Reboot Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (23 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec /bin/dash Shellcode (45 bytes) Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode Windows 2003 x64 - Token Stealing Shellcode (59 bytes) Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes) Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - exit(0) Shellcode (6 bytes) Linux/x86 - execve /bin/sh Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - Shutdown(init 0) Shellcode (30 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 bytes) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes) Linux/x86 - Download File + Execute Shellcode Linux/x86 - Reboot Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (23 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec /bin/dash Shellcode (45 bytes) Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode Windows 2003 x64 - Token Stealing Shellcode (59 bytes) Linux/x86 - execve /bin/bash Shellcode (31 bytes) Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Linux/x86-64 - execve Shellcode (22 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - execve Shellcode (22 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/x86 - Download File + Execute Shellcode (135 bytes) Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/x86 - Download File + Execute Shellcode (135 bytes) Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes) Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86-64 - execve /bin/sh Shellcode (26 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1) Linux/x86-64 - execve /bin/bash Shellcode (33 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86-64 - execve /bin/sh Shellcode (26 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1) Linux/x86-64 - execve /bin/bash Shellcode (33 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/x86 - execve /bin/sh Shellcode (19 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes) Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x86 - MessageBoxA Shellcode (242 bytes) Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir Shellcode (25 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux/x86-64 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - execve /bin/sh Shellcode (19 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes) Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x86 - MessageBoxA Shellcode (242 bytes) Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir Shellcode (25 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux/x86-64 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Windows x86 - Hide Console Window Shellcode (182 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes) Linux/x86 - execve /bin/dash Shellcode (30 bytes) Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Windows x86 - Hide Console Window Shellcode (182 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes) Linux/x86 - execve /bin/dash Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Windows 10 x64 - Egghunter Shellcode (45 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes) Linux/ARM - creat(_/root/pwned__ 0777) Shellcode (39 bytes) Linux/ARM - execve(_/bin/sh__ []_ [0 vars]) Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__NULL_0) Shellcode (31 bytes) Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes) Linux/StrongARM - setuid() Shellcode (20 bytes) Linux/StrongARM - execve(/bin/sh) Shellcode (47 bytes) Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes) Linux/SPARC - setreuid(0_0) + execve(/bin/sh) Shellcode (64 bytes) Linux/SuperH (sh4) - execve(_/bin/sh__ 0_ 0) Shellcode (19 bytes) Linux/SuperH (sh4) - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (132 bytes) Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Windows 10 x64 - Egghunter Shellcode (45 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1) Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (24 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x86 - Fork Bomb Shellcode (9 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1) Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (24 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x86 - Fork Bomb Shellcode (9 bytes) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) Windows x64 - API Hooking Shellcode (117 bytes) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) Windows x64 - API Hooking Shellcode (117 bytes)	2018-01-13 05:02:13 +00:00
Offensive Security	81d6f781ab	DB: 2018-01-12 31 changes to exploits/shellcodes MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation macOS - 'process_policy' Stack Leak Through Uninitialized Field Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read Jungo Windriver 12.5.1 - Privilege Escalation Jungo Windriver 12.5.1 - Local Privilege Escalation Parity Browser < 1.6.10 - Bypass Same Origin Policy Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution Granding MA300 - Traffic Sniffing MitM Fingerprint PIN Disclosure Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit) phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit) eVestigator Forensic PenTester - MITM Remote Code Execution eVestigator Forensic PenTester - Man In The Middle Remote Code Execution BestSafe Browser - MITM Remote Code Execution BestSafe Browser - Man In The Middle Remote Code Execution SKILLS.com.au Industry App - MITM Remote Code Execution Virtual Postage (VPA) - MITM Remote Code Execution SKILLS.com.au Industry App - Man In The Middle Remote Code Execution Virtual Postage (VPA) - Man In The Middle Remote Code Execution Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution SAP NetWeaver J2EE Engine 7.40 - SQL Injection D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes) BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes) FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes) FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes) Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode HPUX - execve /bin/sh Shellcode (58 bytes) Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode HP-UX - execve /bin/sh Shellcode (58 bytes) OpenBSD/x86 - execve /bin/sh Shellcode (23 Bytes) OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes) ARM - Bind TCP Shell (0x1337/TCP) Shellcode ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes) Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 Bytes) Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 Bytes) Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes) FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes) FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes) FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes) FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes) FreeBSD - reboot() Shellcode (15 Bytes) IRIX - execve(/bin/sh -c) Shellcode (72 bytes) IRIX - execve(/bin/sh) Shellcode (43 bytes) IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes) IRIX - execve(/bin/sh) Shellcode (68 bytes) IRIX - stdin-read Shellcode (40 bytes) Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 Bytes) Linux/x86 - Read /etc/passwd Shellcode (54 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)	2018-01-12 05:02:17 +00:00
Offensive Security	a7ddd8282b	DB: 2018-01-11 28 changes to exploits/shellcodes Multiple CPUs - Information Leak Using Speculative Execution Microsoft Edge Chakra JIT - 'Lowerer::LowerSetConcatStrMultiItem' Missing Integer Overflow Check Jungo Windriver 12.5.1 - Privilege Escalation DiskBoss Enterprise 8.8.16 - Buffer Overflow HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit) HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit) Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit) Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure Muviko 1.1 - SQL Injection WordPress Plugin Events Calendar - 'event_id' SQL Injection WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery / Privilege Escalation WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind TCP Shell (31337/TCP) Shellcode (94 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes) BSD/x86 - execve(/bin/cat /etc/master.passwd) \| mail root@localhost Shellcode (92 bytes) FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes) FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes) Linux/x86 - execve /bin/dash Shellcode (30 bytes) Alpha - /bin/sh Shellcode (80 bytes) Alpha - execve() Shellcode (112 bytes) Alpha - setuid() Shellcode (156 bytes) BSD/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh_) Shellcode (36 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)	2018-01-11 05:02:24 +00:00
Offensive Security	ffa8e63e25	DB: 2018-01-10 10 changes to exploits/shellcodes Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined JavaScript Functions Microsoft Edge Chakra JIT - BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert Branches Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read Microsoft Windows - 'nt!NtQuerySystemInformation (information class 138_ QueryMemoryTopologyInformation)' Kernel Pool Memory Disclosure Android - Inter-Process munmap due to Race Condition in ashmem Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76_ QueryProcessEnergyValues)' Kernel Stack Memory Disclosure Microsoft Edge Chakra JIT - Escape Analysis Bug Microsoft Windows - Local XPS Print Spooler Sandbox Escape Commvault Communications Service (cvd) - Command Injection (Metasploit) osCommerce 2.2 - SQL Injection	2018-01-10 05:02:14 +00:00
Offensive Security	2d8b561a5d	DB: 2018-01-09 26 changes to exploits/shellcodes Need for Speed 2 - Remote Client Buffer Overflow Need for Speed 2 - Remote Client Buffer Overflow (PoC) Red Faction 1.20 - Server Reply Remote Buffer Overflow Red Faction 1.20 - Server Reply Remote Buffer Overflow (PoC) Medal of Honor - Remote Buffer Overflow Medal of Honor - Remote Buffer Overflow (PoC) Monolith Games - Local Buffer Overflow Monolith Games - Local Buffer Overflow (PoC) BaSoMail - Multiple Buffer Overflow Denial of Service Vulnerabilities BaSoMail - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities Orbz Game 2.10 - Remote Buffer Overflow Orbz Game 2.10 - Remote Buffer Overflow (PoC) Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow (PoC) KNet Web Server 1.04c - Buffer Overflow Denial of Service KNet Web Server 1.04c - Buffer Overflow (Denial of Service) (PoC) ProRat Server 1.9 (Fix-2) - Buffer Overflow Crash ProRat Server 1.9 (Fix-2) - Buffer Overflow / Crash (PoC) Mozilla Products - 'Host:' Buffer Overflow Denial of Service String Mozilla Products - 'Host:' Buffer Overflow (Denial of Service) (PoC) String Virtools Web Player 3.0.0.100 - Buffer Overflow Denial of Service Virtools Web Player 3.0.0.100 - Buffer Overflow (Denial of Service) (PoC) FlatFrag 0.3 - Buffer Overflow / Denial of Service FlatFrag 0.3 - Buffer Overflow (Denial of Service) (PoC) zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC) TinyFTPD 1.4 - 'USER' Remote Buffer Overflow Denial of Service TinyFTPD 1.4 - 'USER' Remote Buffer Overflow (Denial of Service) (PoC) Genecys 0.2 - Buffer Overflow / NULL pointer Denial of Service Genecys 0.2 - Buffer Overflow / NULL Pointer (Denial of Service) PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow Denial of Service PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC) FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow Denial of Service FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow (Denial of Service) (PoC) Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow Denial of Service Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC) TFTP Server 1.3 - Remote Buffer Overflow Denial of Service TFTP Server 1.3 - Remote Buffer Overflow (Denial of Service) (PoC) LeadTools Raster - Dialog File_D Object Remote Buffer Overflow LeadTools Raster - Dialog File_D Object Remote Buffer Overflow (PoC) LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow (PoC) Xserver 0.1 Alpha - POST Remote Buffer Overflow Xserver 0.1 Alpha - 'POST' Remote Buffer Overflow (PoC) Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC) Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow / Denial of Service Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC) Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow Denial of Service Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC) Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) (PoC) Printoxx - Local Buffer Overflow Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC) Printoxx - Local Buffer Overflow (PoC) Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC) Apollo Player 37.0.0.0 - '.aap' Buffer Overflow Denial of Service Apollo Player 37.0.0.0 - '.aap' Buffer Overflow (Denial of Service) (PoC) Switch Sound File Converter - '.mpga' Buffer Overflow Denial of Service Switch Sound File Converter - '.mpga' Buffer Overflow (Denial of Service) (PoC) Wireshark 1.2.5 - LWRES getaddrbyname Stack Buffer Overflow Xerox Workcenter 4150 - Remote Buffer Overflow Wireshark 1.2.5 - 'LWRES getaddrbyname' Stack Buffer Overflow (PoC) Xerox Workcenter 4150 - Remote Buffer Overflow (PoC) iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service iPhone / iTouch FtpDisc 1.0 - Buffer Overflow (Denial of Service) (PoC) Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow (PoC) Mocha LPD 1.9 - Remote Buffer Overflow Denial of Service (PoC) FontForge - '.BDF' Font File Stack Buffer Overflow Mocha LPD 1.9 - Remote Buffer Overflow (Denial of Service) (PoC) FontForge - '.BDF' Font File Stack Buffer Overflow (PoC) Multiple Vendor AgentX++ - Stack Buffer Overflow Multiple Vendor AgentX++ - Stack Buffer Overflow (PoC) Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow (PoC) Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow (PoC) FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow (PoC) LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC) Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow (PoC) Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow (PoC) Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow (PoC) Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service) Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service) Real player 14.0.2.633 - Buffer Overflow / Denial of Service GOM Media Player 2.1.6.3499 - Buffer Overflow / Denial of Service Real player 14.0.2.633 - Buffer Overflow (Denial of Service) (PoC) GOM Media Player 2.1.6.3499 - Buffer Overflow (Denial of Service) (PoC) BulletProof FTP Client 2010 - Buffer Overflow BulletProof FTP Client 2010 - Buffer Overflow (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC) Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows (PoC) CSF Firewall - Buffer Overflow CSF Firewall - Buffer Overflow (PoC) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) (PoC) Edraw Diagram Component 5 - ActiveX Buffer Overflow Denial of Service Edraw Diagram Component 5 - ActiveX Buffer Overflow (Denial of Service) (PoC) Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow (PoC) Asterisk - 'ast_parse_digest()' Stack Buffer Overflow Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC) GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow (PoC) Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC) Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow Denial of Service Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC) Lattice Diamond Programmer 1.4.2 - Buffer Overflow Lattice Diamond Programmer 1.4.2 - Buffer Overflow (PoC) Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow Denial of Service Ipswitch IMail 5.0 - Imapd Buffer Overflow Denial of Service Ipswitch IMail 5.0 - LDAP Buffer Overflow Denial of Service Ipswitch IMail 5.0 - IMonitor Buffer Overflow Denial of Service Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow Denial of Service Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - Imapd Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - LDAP Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - IMonitor Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow (Denial of Service) (PoC) Netscape Enterprise Server 3.6 - SSL Buffer Overflow Denial of Service Netscape Enterprise Server 3.6 - SSL Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow (PoC) Gene6 G6 FTP Server 2.0 - Buffer Overflow Denial of Service Gene6 G6 FTP Server 2.0 - Buffer Overflow (Denial of Service) (PoC) RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow RedHat Linux 6.x - X Font Server Buffer Overflow (Denial of Service) Computalynx CProxy Server 3.3 SP2 - Buffer Overflow Denial of Service Computalynx CProxy Server 3.3 SP2 - Buffer Overflow (Denial of Service) (PoC) Cerberus FTP Server 1.x - Buffer Overflow Denial of Service Cerberus FTP Server 1.x - Buffer Overflow (Denial of Service) (PoC) Microsoft SQL Server 2000 - SQLXML Buffer Overflow Microsoft SQL Server 2000 - 'SQLXML' Buffer Overflow (PoC) Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC) Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow (PoC) Hotfoon Dialer 4.0 - Buffer Overflow Hotfoon Dialer 4.0 - Buffer Overflow (PoC) IISPop 1.161/1.181 - Remote Buffer Overflow Denial of Service IISPop 1.161/1.181 - Remote Buffer Overflow (Denial of Service) (PoC) Linksys Devices 1.42/1.43 - GET Buffer Overflow Linksys Devices 1.42/1.43 - 'GET' Buffer Overflow (PoC) iCal 3.7 - Remote Buffer Overflow iCal 3.7 - Remote Buffer Overflow (PoC) Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow (PoC) Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow (PoC) Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow (PoC) Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow (PoC) Zoner Photo Studio 15 b3 - Buffer Overflow Zoner Photo Studio 15 b3 - Buffer Overflow (PoC) Novell Netware Enterprise Web Server 5.1/6.0 - CGI2Perl.NLM Buffer Overflow Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC) IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow IBM U2 UniVerse 10.0.0.9 - 'uvrestore' Buffer Overflow (PoC) Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow (PoC) NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC) myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow (PoC) EffectOffice Server 2.6 - Remote Service Buffer Overflow EffectOffice Server 2.6 - Remote Service Buffer Overflow (PoC) Surfboard HTTPd 1.1.9 - Remote Buffer Overflow Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC) 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow (PoC) Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow (PoC) Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow (PoC) Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow (PoC) DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow (PoC) VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC) aGSM 2.35 Half-Life Server - Info Response Buffer Overflow aGSM 2.35 Half-Life Server - Info Response Buffer Overflow (PoC) cURL - Buffer Overflow cURL - Buffer Overflow (PoC) TagScanner 5.1 - Stack Buffer Overflow TagScanner 5.1 - Stack Buffer Overflow (PoC) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow (PoC) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC) QwikMail 0.3 - HELO Command Buffer Overflow QwikMail 0.3 - 'HELO' Buffer Overflow (PoC) NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow (PoC) Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities (PoC) Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow (PoC) AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow (PoC) Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of Service Serva 32 TFTP 2.1.0 - Buffer Overflow (Denial of Service) (PoC) Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow (PoC) Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow (PoC) PlanetDNS PlanetFileServer - Remote Buffer Overflow PlanetDNS PlanetFileServer - Remote Buffer Overflow (PoC) Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC) Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC) LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow (PoC) VbsEdit 5.9.3 - '.smi' Buffer Overflow VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC) Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC) AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow (PoC) DSocks 1.3 - 'Name' Buffer Overflow DSocks 1.3 - 'Name' Buffer Overflow (PoC) IcoFX 2.5.0.0 - '.ico' Buffer Overflow IcoFX 2.5.0.0 - '.ico' Buffer Overflow (PoC) Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow Microsoft Windows XP - 'cmd.exe' Buffer Overflow Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow (PoC) Microsoft Windows XP - 'cmd.exe' Buffer Overflow (PoC) Packeteer PacketShaper 8.0 - Multiple Buffer Overflow Denial of Service Vulnerabilities Packeteer PacketShaper 8.0 - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities Bochs 2.3 - Buffer Overflow / Denial of Service Bochs 2.3 - Buffer Overflow (Denial of Service) (PoC) Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow (PoC) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (1) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (2) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2) T1lib - intT1_Env_GetCompletePath Buffer Overflow T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC) Foxmail Email Client 6.5 - 'mailto' Buffer Overflow Foxmail Email Client 6.5 - 'mailto' Buffer Overflow (PoC) Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow Denial of Service Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow (PoC) Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow (Denial of Service) (PoC) Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow (PoC) Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow (PoC) MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow (PoC) MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow (PoC) Trend Micro OfficeScan - Buffer Overflow / Denial of Service Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC) ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow (PoC) Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow (PoC) Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow (PoC) ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC) A10 Networks ACOS 2.7.0-P2 (build: 53) - Buffer Overflow A10 Networks ACOS 2.7.0-P2 (Build 53) - Buffer Overflow (PoC) Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow (PoC) Jzip - Buffer Overflow (SEH Unicode) (Denial of Service) Jzip - Buffer Overflow (Denial of Service) (SEH Unicode) Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow (PoC) BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow (PoC) Adobe Flash Player 10.0.22 and AIR - URI Parsing Heap Buffer Overflow Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC) Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow (PoC) Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow (PoC) Xerox WorkCentre - PJL Daemon Buffer Overflow Xerox WorkCentre - PJL Daemon Buffer Overflow (PoC) Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow (PoC) Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow (PoC) Mocha W32 LPD 1.9 - Remote Buffer Overflow Mocha W32 LPD 1.9 - Remote Buffer Overflow (PoC) Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC) BulletProof FTP Client 2010 - Buffer Overflow (SEH) BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC) Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC) D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow D-Link WBR-2310 1.0.4 - 'GET' Remote Buffer Overflow (PoC) HTML Help Workshop 1.4 - Buffer Overflow (SEH) HTML Help Workshop 1.4 - Buffer Overflow (SEH) (PoC) Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow (Denial of Service) (PoC) EIP Overwrite TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC) G-WAN 2.10.6 - Buffer Overflow / Denial of Service G-WAN 2.10.6 - Buffer Overflow (Denial of Service) (PoC) Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow Denial of Service Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC) TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC) ZOC SSH Client - Buffer Overflow (SEH) ZOC SSH Client - Buffer Overflow (SEH) (PoC) WebDrive 12.2 (B4172) - Buffer Overflow WebDrive 12.2 (B4172) - Buffer Overflow (PoC) PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC) Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow (PoC) IKEView.exe Fox Beta 1 - Stack Buffer Overflow IKEView.exe R60 - Stack Buffer Overflow IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC) IKEView.exe R60 - Stack Buffer Overflow (PoC) Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow (PoC) Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow (PoC) LanSpy 2.0.0.155 - Buffer Overflow LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow LanSpy 2.0.0.155 - Buffer Overflow (PoC) LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow (PoC) Last PassBroker 3.2.16 - Stack Buffer Overflow (PoC) Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC) TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) TECO TP3-PCLINK 2.1 - '.tpc' File Handling Buffer Overflow TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) (PoC) TECO TP3-PCLINK 2.1 - '.tpc' Handling Buffer Overflow (PoC) TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow (PoC) IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_SetConfFileChunk Stack Buffer Overflow IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_SetConfFileChunk' Stack Buffer Overflow (PoC) IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_GetConfFileChunk' Stack Buffer Overflow (PoC) Advanced Encryption Package Buffer Overflow - Denial of Service Advanced Encryption Package - Buffer Overflow (Denial of Service) (PoC) InfraRecorder - '.m3u' File Buffer Overflow InfraRecorder - '.m3u' File Buffer Overflow (PoC) Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution (PoC) Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow yTree 1.94-1.1 - Local Buffer Overflow Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC) yTree 1.94-1.1 - Local Buffer Overflow (PoC) NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow (PoC) CyberCop Scanner Smbgrind 5.5 - Buffer Overflow CyberCop Scanner Smbgrind 5.5 - Buffer Overflow (PoC) STIMS Buffer 1.1.20 - Buffer Overflow (SEH) (Denial of Service) STIMS Cutter 1.1.3.20 - Buffer Overflow Denial of Service STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC) STIMS Cutter 1.1.3.20 - Buffer Overflow (Denial of Service) (PoC) 4digits 1.1.4 - Local Buffer Overflow 4digits 1.1.4 - Local Buffer Overflow (PoC) Websockify (C Implementation) 0.8.0 - Buffer Overflow Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC) Google Android - '/system/bin/sdcard' Stack Buffer Overflow Google Android - '/system/bin/sdcard' Stack Buffer Overflow (PoC) Oracle Orakill.exe 11.2.0 - Buffer Overflow Oracle Orakill.exe 11.2.0 - Buffer Overflow (PoC) Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow (PoC) Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow Core FTP LE 2.2 - Path Field Local Buffer Overflow Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow (PoC) Core FTP LE 2.2 - Path Field Local Buffer Overflow (PoC) Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC) ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow ConQuest DICOM Server 1.4.17d - Stack Buffer (PoC) QNAP NVR/NAS - Buffer Overflow QNAP NVR/NAS - Buffer Overflow (PoC) Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow CDex 1.96 - Buffer Overflow Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC) CDex 1.96 - Buffer Overflow (PoC) Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC) D3DGear 5.00 Build 2175 - Buffer Overflow D3DGear 5.00 Build 2175 - Buffer Overflow (PoC) VX Search Enterprise 10.1.12 - Denial of Service Disk Pulse Enterprise 10.1.18 - Denial of Service Sync Breeze Enterprise 10.1.16 - Denial of Service DiskBoss Enterprise 8.5.12 - Denial of Service BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC) APNGDis 2.8 - 'filename' Stack Buffer Overflow APNGDis 2.8 - 'filename' Stack Buffer Overflow (PoC) wifirxpower - Local Buffer Overflow wifirxpower - Local Buffer Overflow (PoC) pinfo 0.6.9 - Local Buffer Overflow Dmitry 1.3a - Local Buffer Overflow pinfo 0.6.9 - Local Buffer Overflow (PoC) Dmitry 1.3a - Local Buffer Overflow (PoC) Mapscrn 2.03 - Local Buffer Overflow Mapscrn 2.03 - Local Buffer Overflow (PoC) Stunnel 3.24/4.00 - Daemon Hijacking (PoC) Stunnel 3.24/4.00 - Daemon Hijacking Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (PoC) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (2) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator WinZip - MIME Parsing Overflow (PoC) WinZip - MIME Parsing Overflow glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow (PoC) GNU Sharutils 4.2.1 - Local Format String (PoC) glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow GNU Sharutils 4.2.1 - Local Format String GD Graphics Library - Local Heap Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) GD Graphics Library - Local Heap Overflow libxml 2.6.12 nanoftp - Buffer Overflow WinRAR 3.4.1 - Corrupt '.ZIP' File (PoC) WinRAR 3.4.1 - Corrupt '.ZIP' File Exim 4.41 - 'dns_build_reverse' Local (PoC) Exim 4.41 - 'dns_build_reverse' Local tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow (PoC) Microsoft Windows - NtClose DeadLock (PoC) (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (PoC) (MS06-030) tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow Microsoft Windows - NtClose DeadLock (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030) Microsoft Word 2000/2003 - Hlink Local Buffer Overflow (PoC) Microsoft Word 2000/2003 - Hlink Local Buffer Overflow Cheese Tracker 0.9.9 - Local Buffer Overflow (PoC) Cheese Tracker 0.9.9 - Local Buffer Overflow PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC) PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow (PoC) BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST (PoC) Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC) PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC) PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC) PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation (PoC) Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak (PoC) WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak Kodak Image Viewer - TIF/TIFF Code Execution (PoC) (MS07-055) Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055) Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow (PoC) Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow (PoC) Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC) DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak XnView 1.93.6 - '.taac' Local Buffer Overflow (PoC) XnView 1.93.6 - '.taac' Local Buffer Overflow OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow (PoC) Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution (PoC) OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution Microsoft Windows Server 2003 - Token Kidnapping Local (PoC) Microsoft Windows Server 2003 - Token Kidnapping Local Debian - Symlink In Login Arbitrary File Ownership (PoC) Debian - Symlink In Login Arbitrary File Ownership Trend Micro Internet Security Pro 2009 - Priviliege Escalation (PoC) Trend Micro Internet Security Pro 2009 - Priviliege Escalation Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (PoC) (SEH) Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH) Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure (PoC) Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow (PoC) Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow GPG2/Kleopatra 2.0.11 - Malformed Certificate (PoC) GPG2/Kleopatra 2.0.11 - Malformed Certificate Alleycode 2.21 - Local Overflow (SEH) (PoC) Alleycode 2.21 - Local Overflow (SEH) GPG4Win GNU - Privacy Assistant (PoC) GPG4Win GNU - Privacy Assistant VMware Fusion 2.0.5 - vmx86 kext Local (PoC) VMware Fusion 2.0.5 - vmx86 kext Local Mozilla Codesighs - Memory Corruption (PoC) Mozilla Codesighs - Memory Corruption Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow LDAP - Injection (PoC) LDAP - Injection QuickZip 4.x - '.zip' Local Universal Buffer Overflow (PoC) QuickZip 4.x - '.zip' Local Universal Buffer Overflow ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow (PoC) Crimson Editor r3.70 - Overwrite (SEH) (PoC) Kenward Zipper 1.4 - Local Stack Buffer Overflow (PoC) ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow Crimson Editor r3.70 - Overwrite (SEH) Kenward Zipper 1.4 - Local Stack Buffer Overflow Stud_PE 2.6.05 - Local Stack Overflow (PoC) Stud_PE 2.6.05 - Local Stack Overflow Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow (PoC) Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow (PoC) Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow PhotoFiltre Studio X - '.tif' Local Buffer Overflow (PoC) Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow (PoC) PhotoFiltre Studio X - '.tif' Local Buffer Overflow Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow (PoC) Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) Audio Converter 8.1 - Local Stack Buffer Overflow Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) ROP/WPM SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC) Audio Converter 8.1 - Local Stack Buffer Overflow ROP/WPM SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (PoC) (ASLR + DEP Bypass) BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (ASLR + DEP Bypass) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow (PoC) Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow PHP 5.3.6 - Local Buffer Overflow (ROP) (PoC) PHP 5.3.6 - Local Buffer Overflow (ROP) Xorg 1.4 < 1.11.2 - File Permission Change (PoC) Xorg 1.4 < 1.11.2 - File Permission Change Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 - LSA Secrets Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC) Linux Kernel 2.2.x - 'sysctl()' Memory Reading Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) (PoC) Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation HT Editor 2.0.20 - Local Buffer Overflow (ROP) (PoC) HT Editor 2.0.20 - Local Buffer Overflow (ROP) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read (PoC) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read Linux Kernel 2.6 - Console Keymap Local Command Injection (PoC) Linux Kernel 2.6 - Console Keymap Local Command Injection ACE Stream Media 2.1 - 'acestream://' Format String (PoC) ACE Stream Media 2.1 - 'acestream://' Format String Linux Kernel 3.13 - SGID Privilege Escalation (PoC) Linux Kernel 3.13 - SGID Privilege Escalation Comodo Internet Security - HIPS/Sandbox Escape (PoC) Comodo Internet Security - HIPS/Sandbox Escape Palringo 2.8.1 - Local Stack Buffer Overflow (PoC) Palringo 2.8.1 - Local Stack Buffer Overflow Linux Kernel (x86-64) - Rowhammer Privilege Escalation (PoC) Rowhammer - NaCl Sandbox Escape (PoC) Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation (PoC) Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (MS15-052) Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) Linux (x86) - Memory Sinkhole Privilege Escalation Core FTP Server 1.2 - Local Buffer Overflow (PoC) Core FTP Server 1.2 - Local Buffer Overflow Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051) Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method) GNU Screen 4.5.0 - Local Privilege Escalation (PoC) GNU Screen 4.5.0 - Local Privilege Escalation Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation (PoC) Man-db 2.6.7.1 - Local Privilege Escalation Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation (PoC) Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC) TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change Multiple CPUs - 'Spectre' Information Disclosure (PoC) Multiple CPUs - 'Spectre' Information Disclosure Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation glibc ld.so - Memory Leak / Buffer Overflow GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow Microsoft IIS 5.0 - WebDAV Remote (PoC) Microsoft IIS 5.0 - WebDAV Remote Microsoft Windows Server 2000 - RSVP Server Authority Hijacking (PoC) Microsoft Windows Server 2000 - RSVP Server Authority Hijacking ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow (4) Titan FTP Server - Long Command Heap Overflow (PoC) Titan FTP Server - Long Command Heap Overflow SLX Server 6.1 - Arbitrary File Creation (PoC) SLX Server 6.1 - Arbitrary File Creation zgv 5.5 - Multiple Arbitrary Code Executions (PoC) zgv 5.5 - Multiple Arbitrary Code Executions Microsoft Internet Explorer - Remote Code Execution (PoC) Microsoft Internet Explorer - Remote Code Execution Exim 4.43 - 'auth_spa_server()' Remote (PoC) Exim 4.43 - 'auth_spa_server()' Remote Microsoft Windows - DTC Remote (PoC) (MS05-051) (2) Microsoft Windows - DTC Remote (MS05-051) (2) Watchfire AppScan QA 5.0.x - Remote Code Execution (PoC) Watchfire AppScan QA 5.0.x - Remote Code Execution KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (MS06-005) (2) RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow (PoC) RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow (PoC) AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution (PoC) Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution Easy File Sharing FTP Server 2.0 - 'PASS' Remote (PoC) Easy File Sharing FTP Server 2.0 - 'PASS' Remote BulletProof FTP Client 2.45 - Remote Buffer Overflow (PoC) BulletProof FTP Client 2.45 - Remote Buffer Overflow Intel Centrino ipw2200BG - Wireless Driver Remote Overflow (PoC) Intel Centrino ipw2200BG - Wireless Driver Remote Overflow WebMod 0.48 - Content-Length Remote Buffer Overflow (PoC) WebMod 0.48 - Content-Length Remote Buffer Overflow OpenBSD - ICMPv6 Fragment Remote Execution (PoC) OpenBSD - ICMPv6 Fragment Remote Execution Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027) Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027) Apple Safari 3 for Windows Beta - Remote Command Execution (PoC) Apple Safari 3 for Windows Beta - Remote Command Execution Flash Player/Plugin Video - File Parsing Remote Code Execution (PoC) Flash Player/Plugin Video - File Parsing Remote Code Execution Apple QuickTime (Multiple Browsers) - Command Execution (PoC) Apple QuickTime (Multiple Browsers) - Command Execution Apple QuickTime /w IE .qtl Version XAS - Remote (PoC) Apple QuickTime /w IE .qtl Version XAS - Remote QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod (PoC) ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method (PoC) HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting (PoC) Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal MicroTik RouterOS 3.13 - SNMP write (Set request) (PoC) MicroTik RouterOS 3.13 - SNMP write (Set request) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution (PoC) Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution Opera 9.61 - 'opera:historysearch' Code Execution (PoC) Opera 9.61 - 'opera:historysearch' Code Execution Chilkat Crypt - ActiveX Arbitrary File Creation/Execution (PoC) Chilkat Crypt - ActiveX Arbitrary File Creation/Execution Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069) Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069) Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection (PoC) Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption (PoC) GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002) Zervit Web Server 0.4 - Directory Traversal / Memory Corruption (PoC) Zervit Web Server 0.4 - Directory Traversal / Memory Corruption Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2) Apple Mac OSX - Java applet Remote Deserialization Remote (2) VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow (PoC) VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) (MS09-054) Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054) Pegasus Mail Client 4.51 - Remote Buffer Overflow (PoC) Pegasus Mail Client 4.51 - Remote Buffer Overflow TLS - Renegotiation (PoC) TLS - Renegotiation Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC) Trend Micro Web-Deployment - ActiveX Remote Execution (PoC) Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution Trend Micro Web-Deployment - ActiveX Remote Execution MX Simulator Server - Remote Buffer Overflow (PoC) MX Simulator Server - Remote Buffer Overflow Apache OFBiz - Remote Execution (via SQL Execution) (PoC) Apache OFBiz - Admin Creator (PoC) Apache OFBiz - Remote Execution (via SQL Execution) Apache OFBiz - Admin Creator Adobe Flash / Reader - Live Malware (PoC) Adobe Flash / Reader - Live Malware Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow (PoC) Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow KingView 6.5.3 - SCADA HMI Heap Overflow (PoC) KingView 6.5.3 - SCADA HMI Heap Overflow Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002) Microsoft Data Access Components - Remote Overflow (MS11-002) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution Solar FTP Server 2.1.1 - PASV Buffer Overflow (PoC) Solar FTP Server 2.1.1 - PASV Buffer Overflow Apache mod_proxy - Reverse Proxy Exposure (PoC) Apache mod_proxy - Reverse Proxy Exposure Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite (PoC) Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC) Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution (PoC) Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution OpenVAS Manager 4.0 - Authentication Bypass (PoC) OpenVAS Manager 4.0 - Authentication Bypass w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution (PoC) w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution Legend Perl IRC Bot - Remote Code Execution (PoC) Legend Perl IRC Bot - Remote Code Execution dhclient 4.1 - Bash Environment Variable Command Injection (PoC) (Shellshock) dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow (PoC) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow Endian Firewall < 3.0.0 - OS Command Injection (Python) (PoC) Endian Firewall < 3.0.0 - OS Command Injection (Python) Fortigate OS 4.x < 5.0.7 - SSH Backdoor Access OpenSSHd 7.2p2 - Username Enumeration (PoC) OpenSSHd 7.2p2 - Username Enumeration Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution Intel Active Management Technology - System Privileges Xplico - Remote Code Execution (Metasploit) Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution S9Y Serendipity 0.7-beta1 - SQL Injection (PoC) S9Y Serendipity 0.7-beta1 - SQL Injection AWStats 5.7 < 6.2 - Multiple Remote (PoC) AWStats 5.7 < 6.2 - Multiple Remote WoltLab Burning Book 1.1.2 - SQL Injection (PoC) WoltLab Burning Book 1.1.2 - SQL Injection Invision Power Board 2.1.7 - ACTIVE Cross-Site Scripting / SQL Injection Invision Power Board (IP.Board) 2.1.7 - 'ACTIVE' Cross-Site Scripting / SQL Injection EQdkp 1.3.2f - 'user_id' Authentication Bypass (PoC) EQdkp 1.3.2f - 'user_id' Authentication Bypass Invision Power Board 2.3.5 - Multiple Vulnerabilities (2) Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2) FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC) FOSS Gallery Public 1.0 - Arbitrary File Upload Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC) Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation (PoC) Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation Invision Power Board 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure Invision Power Board (IP.Board) 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption (PoC) Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption IPB (nv2) Awards < 1.1.0 - SQL Injection (PoC) IPB (nv2) Awards < 1.1.0 - SQL Injection X-Cart Pro 4.0.13 - SQL Injection (PoC) X-Cart Pro 4.0.13 - SQL Injection Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute (PoC) Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute IPB 3.0.1 - SQL Injection Invision Power Board 3.0.1 - SQL Injection WebsiteBaker 2.8.1 - Cross-Site Request Forgery (PoC) WebsiteBaker 2.8.1 - Cross-Site Request Forgery BS Auto Classifieds - 'info.php' SQL Injection (PoC) BS Business Directory - 'articlesdetails.php' SQL Injection (PoC) BS Classifieds Ads - 'articlesdetails.php' SQL Injection (PoC) BS Events Directory - 'articlesdetails.php' SQL Injection (PoC) BS Auto Classifieds - 'info.php' SQL Injection BS Business Directory - 'articlesdetails.php' SQL Injection BS Classifieds Ads - 'articlesdetails.php' SQL Injection BS Events Directory - 'articlesdetails.php' SQL Injection BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC) BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) (PoC) Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) SWAT Samba Web Administration Tool - Cross-Site Request Forgery (PoC) SWAT Samba Web Administration Tool - Cross-Site Request Forgery Plone and Zope - Remote Command Execution (PoC) Plone and Zope - Remote Command Execution Invision Power Board 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting Invision Power Board (IP.Board) 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting Invision Power Board 1.x - 'index.php' showtopic Cross-Site Scripting Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.3 - 'Pop' Cross-Site Scripting Invision Power Board (IP.Board) 1.3 - 'Pop' Cross-Site Scripting Invision Power Board 1.3 - 'SSI.php' Cross-Site Scripting Invision Power Board (IP.Board) 1.3 - 'SSI.php' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.x/2.0.3 - SML Code Script Injection Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 2.0.3/2.1 - 'Act' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.3/2.1 - 'Act' Cross-Site Scripting Invision Power Board 1.0.3 - Attached File Cross-Site Scripting Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting Invision Power Services Invision Board 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Invision Power Services Invision Board 2.0.4 - 'index.php?st' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - 'index.php?st' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Services Invision Board 2.0.4 - Print Action 't' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Mail Action 'MID' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Help Action 'HID' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Print Action 't' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Mail Action 'MID' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Help Action 'HID' Cross-Site Scripting Invision Power Board 1.x/2.x - Multiple SQL Injections Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections Invision Power Board 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities Invision Power Board 3.0.3 - '.txt' MIME-Type Cross-Site Scripting Invision Power Board (IP.Board) 3.0.3 - '.txt' MIME-Type Cross-Site Scripting IP Board 3.x - Cross-Site Request Forgery / Token Hjiacking Invision Power Board (IP.Board) 3.x - Cross-Site Request Forgery / Token Hjiacking Invision Power Board 4.2.1 - 'searchText' Cross-Site Scripting Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting TOTOLINK Routers - Backdoor / Remote Code Execution (PoC) TOTOLINK Routers - Backdoor / Remote Code Execution IP.Board 4.x - Persistent Cross-Site Scripting Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting IP.Board 4.1.4.x - Persistent Cross-Site Scripting Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting NETGEAR R7000 - Command Injection (PoC) NETGEAR R7000 - Command Injection WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration Photos in Wifi 1.0.1 - Path Traversal SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities FiberHome LM53Q1 - Multiple Vulnerabilities WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload Vanilla < 2.1.5 - Cross-Site Request Forgery Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE (PoC) Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC) Joomla! 3.7.0 - 'com_fields' SQL Injection Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) Apache Struts 2.3.x Showcase - Remote Code Execution AIX - execve /bin/sh Shellcode (88 bytes) Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)	2018-01-09 05:02:30 +00:00
Offensive Security	3d73ec60b6	DB: 2018-01-06 23 changes to exploits/shellcodes Emulive Server4 7560 - Remote Denial of Service Emulive Server4 Build 7560 - Remote Denial of Service ShareCenter D-Link DNS-320 - Remote reboot/shutdown/reset (Denial of Service) D-Link DNS-320 ShareCenter - Remote Reboot/Shutdown/Reset (Denial of Service) DNS4Me 3.0 - Denial of Service / Cross-Site Scripting EmuLive Server4 - Authentication Bypass / Denial of Service GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit) keene digital media server 1.0.2 - Directory Traversal variant Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - Traversal Arbitrary File Access Keene Digital Media Server 1.0.2 - Directory Traversal Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - Traversal Arbitrary File Access D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access WDMyCloud < 2.30.165 - Multiple Vulnerabilities Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit) Cisco IOS - Remote Code Execution Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection WordPress 1.5.1.2 - xmlrpc Interface SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection MySQL Eventum 1.5.5 - 'login.php' SQL Injection PHP live helper 2.0.1 - Multiple Vulnerabilities PHP Live Helper 2.0.1 - Multiple Vulnerabilities Zen Cart 1.3.9f (typefilter) - Local File Inclusion Zen Cart 1.3.9f - 'typefilter' Local File Inclusion phpWebSite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting phpWebSite 0.7.3/0.8.x/0.9.x Comment Module - 'CM_pid' Cross-Site Scripting YaBB 1.x/9.1.2000 - YaBB.pl IMSend Cross-Site Scripting YaBB 1.x/9.1.2000 - 'YaBB.pl IMSend' Cross-Site Scripting SugarCRM 1.x/2.0 Module - 'record' SQL Injection SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access SugarCRM 1.x/2.0 Module - 'record' SQL Injection SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting Kayako eSupport 2.x - Ticket System Multiple SQL Injections Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting Kayako eSupport 2.x - Ticket System Multiple SQL Injections Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution PHPCOIN 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access phpCoin 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Notes Module for phpBB - SQL Injection phpBB Notes Module - SQL Injection osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities Help Center Live 1.0/1.2.x - Multiple Input Validation Vulnerabilities HelpCenter Live! 1.0/1.2.x - Multiple Input Validation Vulnerabilities FusionBB 0.x - Multiple Input Validation Vulnerabilities Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities osCommerce 2.1/2.2 - Multiple HTTP Response Splitting Vulnerabilities PAFaq - Question Cross-Site Scripting PAFaq - Administrator 'Username' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection Kayako LiveResponse 2.0 - 'index.php?Username' Cross-Site Scripting Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple SQL Injections Kayako Live Response 2.0 - 'index.php?Username' Cross-Site Scripting Kayako Live Response 2.0 - 'index.php' Calendar Feature Multiple SQL Injections MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection EyeOS 0.8.x - Session Remote Command Execution eyeOS 0.8.x - Session Remote Command Execution CPAINT 1.3/2.0 - 'TYPE.php' Cross-Site Scripting CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting XMB Forum 1.8/1.9 - 'u2u.php?Username' Cross-Site Scripting Zen Cart Web Shopping Cart 1.x - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion Zen Cart Web Shopping Cart 1.3.0.2 - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion osCommerce 2.1/2.2 - 'product_info.php' SQL Injection CakePHP 1.1.7.3363 - 'Vendors.php' Directory Traversal HAMweather 3.9.8 - 'template.php' Script Code Injection Kayako SupportSuite 3.0.32 - PHP_SELF Trigger_Error Function Cross-Site Scripting Kayako SupportSuite 3.0.32 - 'PHP_SELF Trigger_Error' Function Cross-Site Scripting Jamroom 3.3.8 - Cookie Authentication Bypass Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection Vanilla 1.1.4 - HTML Injection / Cross-Site Scripting UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities Zen Cart < 1.3.8a - SQL Injection PHP Topsites < 2.2 - Multiple Vulnerabilities phpLinks < 2.1.2 - Multiple Vulnerabilities P-Synch < 6.2.5 - Multiple Vulnerabilities WinMX < 2.6 - Design Error FTP Service < 1.2 - Multiple Vulnerabilities MegaBrowser < 0.71b - Multiple Vulnerabilities Max Web Portal < 1.30 - Multiple Vulnerabilities Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities Gespage 7.4.8 - SQL Injection Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)	2018-01-06 05:02:14 +00:00
Offensive Security	b768a6ef6c	DB: 2018-01-05 5 changes to exploits/shellcodes Multiple CPUs - 'Spectre' Information Disclosure (PoC) Iopsys Router - 'dhcp' Remote Code Execution Linksys WVBR0-25 - User-Agent Command Execution (Metasploit) Xplico - Remote Code Execution (Metasploit)	2018-01-05 05:02:22 +00:00
Offensive Security	3eec0e4999	DB: 2018-01-04 4 changes to exploits/shellcodes Kingsoft Antivirus/Internet Security 9+ - Privilege Escalation WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection	2018-01-04 05:02:14 +00:00
Offensive Security	c03d2a3ba2	DB: 2018-01-03 3 changes to exploits/shellcodes Acoustica Audio Converter Pro 1.1 (build 25) - Local Heap Overflow (.mp3 / .wav / .ogg / .wma) (PoC) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC) Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP) AWStats 5.7 < 6.2 - Multiple Remote s (PoC) AWStats 5.7 < 6.2 - Multiple Remote (PoC) Auto Dealer - SQL Injection (PoC) Auto Dealer - SQL Injection Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Windows (2000/XP/7 x64/x86) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode	2018-01-03 05:02:14 +00:00
Offensive Security	f6c5c427c3	DB: 2018-01-02 5 changes to exploits/shellcodes Apple macOS - IOHIDSystem Kernel Read/Write HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit) Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit) Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit) Huawei Router HG532 - Arbitrary Command Execution	2018-01-02 05:02:10 +00:00
Offensive Security	07e51f4126	DB: 2018-01-01 2 changes to exploits/shellcodes D3DGear 5.00 Build 2175 - Buffer Overflow PHP Melody 2.7.1 - 'playlist' SQL Injection	2018-01-01 05:02:13 +00:00
Offensive Security	26a51e4657	DB: 2017-12-31 2 changes to exploits/shellcodes COMTREND ADSL Router CT-5367 - Remote Code Execution	2017-12-31 05:02:21 +00:00
Offensive Security	b3eb5f7be0	DB: 2017-12-30 1 changes to exploits/shellcodes NetTransport 2.96L - Buffer Overflow (DEP Bypass)	2017-12-30 05:02:21 +00:00
Offensive Security	be0fb79789	DB: 2017-12-29 2 changes to exploits/shellcodes ALLMediaServer 0.95 - Buffer Overflow ALLMediaServer 0.95 - Buffer Overflow (PoC) ALLMediaServer 0.95 - Buffer Overflow (Metasploit) DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit)	2017-12-29 05:02:21 +00:00
Offensive Security	267f841bd8	DB: 2017-12-28 9 changes to exploits/shellcodes Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service SysGauge Server 3.6.18 - Denial of Service ALLMediaServer 0.95 - Buffer Overflow Sony Playstation 4 4.05 FW - Local Kernel Loader Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure Easy!Appointments 1.2.1 - Cross-Site Scripting Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download	2017-12-28 05:02:19 +00:00
Offensive Security	b91055c9da	DB: 2017-12-27 8 changes to exploits/shellcodes GetGo Download Manager 5.3.0.2712 - Buffer Overflow Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation COMTREND ADSL Router CT-5367 - Remote Code Execution Joomla! Component JEXTN FAQ Pro 4.0.0 - 'id' SQL Injection Biometric Shift Employee Management System 3.0 - Local File Disclosure Sendroid < 6.5.0 - SQL Injection SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Cells Blog 3.5 - 'bgid' / 'fmid' / 'fnid' SQL Injection	2017-12-27 05:02:31 +00:00
Offensive Security	0fcc4af85c	DB: 2017-12-23 5 changes to exploits/shellcodes Mini-stream RM-MP3 Converter - '.m3u' Local Stack Overflow (PoC) Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow (PoC) Broadcom BCM4325 and BCM4329 Devices - Denial of Service Broadcom BCM4325 / BCM4329 Devices - Denial of Service Armadito Antimalware - Backdoor/Bypass Armadito Antimalware - Backdoor Access/Bypass Mini-stream RM-MP3 Converter/WMDownloader/ASX to MP3 Cnvrtr - Local Stack Buffer Overflow Mini-stream RM-MP3 Converter/WMDownloader/ASX to MP3 Converter - Local Stack Buffer Overflow Apple macOS 10.12 16A323 XNU Kernel / iOS 10.1.1 - 'set_dp_control_port' Lack of Locking Use-After-Free Apple macOS 10.12 16A323 XNU Kernel / iOS 10.1.1 - 'set_dp_control_port' Lack of Locking Use-After-Free PHPMailer < 5.2.21 - Local File Disclosure MODACOM URoad-5000 1450 - Remote Command Execution/Backdoor MODACOM URoad-5000 1450 - Remote Command Execution / Backdoor Access Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Netcore / Netis Routers - UDP Backdoor Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Access Netcore / Netis Routers - UDP Backdoor Access Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution (Metasploit) Alienvault OSSIM av-centerd - Util.pm sync_rserver Command Execution (Metasploit) Joomla! Component com_rsgallery2 1.14.x/2.x - Remote Backdoor Joomla! Component com_rsgallery2 1.14.x/2.x - Remote Backdoor Access MyBB 1.6.4 - Backdoor (Metasploit) MyBB 1.6.4 - Backdoor Access (Metasploit) 8 TOTOLINK Router Models - Backdoor / Remote Code Execution 8 TOTOLINK Router Models - Backdoor Access / Remote Code Execution PHPMailer < 5.2.21 - Local File Disclosure	2017-12-23 05:02:17 +00:00
Offensive Security	f0d075a5de	DB: 2017-12-22 6 changes to exploits/shellcodes Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection Zabbix Agent 3.0.1 - mysql.size Shell Command Injection Zabbix Agent 3.0.1 - 'mysql.size' Shell Command Injection Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory Technicolor DPC3928SL - SNMP Authentication Bypass Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Netcore / Netis Routers - UDP Backdoor NETGEAR R7000 - Command Injection NETGEAR R7000 - Command Injection (PoC) Conarc iChannel - Improper Access Restrictions	2017-12-22 05:02:19 +00:00
Offensive Security	307f5f46af	DB: 2017-12-21 4 changes to exploits/shellcodes Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' Double-Write Ring-0 Address Leak Samsung Internet Browser - SOP Bypass (Metasploit) Ability Mail Server 3.3.2 - Cross-Site Scripting BEIMS ContractorWeb 5.18.0.0 - SQL Injection	2017-12-21 05:02:15 +00:00
Offensive Security	f93f05e46f	DB: 2017-12-20 12 changes to exploits/shellcodes Microsoft Windows - 'jscript!NameTbl::GetValDef' Use-After-Free Microsoft Internet Explorer 11 - 'jscript!JSONStringifyObject' Use-After-Free Microsoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE or Local Network via WPAD Microsoft Windows - jscript.dll 'Array.sort' Heap Overflow Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable Microsoft Windows - 'jscript!RegExpFncObj::LastParen' Out-of-Bounds Read Intel Content Protection HECI Service - Type Confusion Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC) Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit) Jenkins - XStream Groovy classpath Deserialization (Metasploit) BrightSign Digital Signage - Multiple Vulnerablities Joomla! Component NextGen Editor 2.1.0 - 'plname' SQL Injection	2017-12-20 05:02:22 +00:00
Offensive Security	f76fbb1072	DB: 2017-12-19 19 changes to exploits/shellcodes CDex 1.96 - Buffer Overflow Zoom Linux Client 2.0.106600.0904 - Command Injection Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow Firejail - Local Privilege Escalation Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape Linux kernel < 4.10.15 - Race Condition Privilege Escalation Outlook for Android - Attachment Download Directory Traversal Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit) GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution Joomla! Component Guru Pro - SQL Injection Joomla! Component Guru Pro - 'Itemid' SQL Injection Joomla! Component User Bench 1.0 - 'userid' SQL Injection Joomla! Component My Projects 2.0 - SQL Injection vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion Linksys WVBR0 - 'User-Agent' Remote Command Injection Joomla! Component JB Visa 1.0 - 'visatype' SQL Injection Joomla! Component Guru Pro - 'promocode' SQL Injection Monstra CMS 3.0.4 - Arbitrary File Upload / Remote Code Execution	2017-12-19 05:02:17 +00:00
Offensive Security	729a1a8bbf	DB: 2017-12-17	2017-12-17 05:02:30 +00:00
g0tmi1k	a81d8f13b3	Create LICENSE.md (GPL-2+)	2017-12-16 18:23:00 +00:00
Offensive Security	cfef56c321	DB: 2017-12-16 5 changes to exploits/shellcodes MikroTik RouterBoard 6.39.2 / 6.40.5 DNS - Denial of Service Sync Breeze 10.2.12 - Denial of Service ITGuard-Manager 0.0.0.1 - Remote Code Execution Movie Guide 2.0 - SQL Injection	2017-12-16 05:02:18 +00:00
Offensive Security	ed1c4edf3e	DB: 2017-12-15 13 changes to exploits/shellcodes Dup Scout Enterprise 10.0.18 - 'Input Directory' Local Buffer Overflow (SEH) Microsoft Office - DDE Payload Delivery (Metasploit) Dup Scout Enterprise - Login Buffer Overflow (Metasploit) pfSense 2.4.1 - CSRF Error Page Clickjacking (Metasploit) Palo Alto Networks Firewalls - Remote root Code Execution Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection Joomla! Component JEXTN Video Gallery 3.0.5 - 'id' SQL Injection Readymade Video Sharing Script 3.2 - HTML Injection Paid To Read Script 2.0.5 - 'uid' / 'fnum' / 'fn' SQL Injection FS Lynda Clone 1.0 - SQL Injection Bus Booking Script 1.0 - 'txtname' SQL Injection Piwigo 2.9.1 - 'cat_true' / 'cat_false' SQL Injection Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit)	2017-12-15 05:02:23 +00:00
Offensive Security	0f0a6efff9	DB: 2017-12-14 2 changes to exploits/shellcodes glibc ld.so - Memory Leak / Buffer Overflow Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read	2017-12-14 05:02:14 +00:00
Offensive Security	d07aa0ed2a	DB: 2017-12-13 6 changes to exploits/shellcodes Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling Joomla! Component JBuildozer 1.4.1 - 'appid' SQL Injection Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload	2017-12-13 05:02:40 +00:00
Offensive Security	9cea53a35b	DB: 2017-12-12 35 changes to exploits/shellcodes MikroTik RouterBoard 6.39.2 / 6.40.5 DNS - Denial of Service MikroTik 6.40.5 ICMP - Denial of Service iOS/macOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures macOS - 'getrusage' Stack Leak Through struct Padding macOS - 'necp_get_socket_attributes' so_pcb Type Confusion LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow Entrepreneur Dating Script 2.0.1 - 'marital' / 'gender' / 'country' / 'profileid' SQL Injection Secure E-commerce Script 2.0.1 - 'searchcat' / 'searchmain' SQL Injection Laundry Booking Script 1.0 - 'list?city' SQL Injection Lawyer Search Script 1.1 - 'lawyer-list?city' SQL Injection Multivendor Penny Auction Clone Script 1.0 - SQL Injection Online Exam Test Application Script 1.6 - 'exams.php?sort' SQL Injection Opensource Classified Ads Script 3.2 - SQL Injection PHP Multivendor Ecommerce 1.0 - 'sid' / 'searchcat' / 'chid1' SQL Injection Professional Service Script 1.0 - 'service-list?city' SQL Injection Readymade PHP Classified Script 3.3 - 'subctid' / 'mctid' SQL Injection Readymade Video Sharing Script 3.2 - SQL Injection Responsive Realestate Script 3.2 - 'property-list?tbud' SQL Injection Multireligion Responsive Matrimonial 4.7.2 - 'succid' SQL Injection Responsive Events & Movie Ticket Booking Script 3.2.1 - 'findcity.php?q' SQL Injection Multiplex Movie Theater Booking Script 3.1.5 - 'moid' / 'eid' SQL Injection Single Theater Booking Script 3.2.1 - 'findcity.php?q' SQL Injection Advanced Real Estate Script 4.0.7 - SQL Injection Entrepreneur Bus Booking Script 3.0.4 - 'sourcebus' SQL Injection MLM Forex Market Plan Script 2.0.4 - 'newid' / 'eventid' SQL Injection MLM Forced Matrix 2.0.9 - 'newid' SQL Injection Car Rental Script 2.0.4 - 'val' SQL Injection Groupon Clone Script 3.01 - 'state_id' / 'search' SQL Injection Muslim Matrimonial Script 3.02 - 'succid' SQL Injection Advanced World Database 2.0.5 - SQL Injection Resume Clone Script 2.0.5 - SQL Injection Basic Job Site Script 2.0.5 - SQL Injection Vanguard 1.4 - Arbitrary File Upload Vanguard 1.4 - SQL Injection	2017-12-12 05:02:17 +00:00
Offensive Security	e37fd2bae3	DB: 2017-12-11 18 changes to exploits/shellcodes Nearbuy Clone Script 3.2 - 'search' SQL Injection Cab Booking Script 1.0 - 'city' SQL Injection Chartered Accountant Booking Script 1.0 - 'city' SQL Injection Child Care Script 1.0 - 'city' SQL Injection CMS Auditor Website 1.0 - SQL Injection Co-work Space Search Script 1.0 - 'city' SQL Injection Yoga Class Script 1.0 - 'list?city' SQL Injection Consumer Complaints Clone Script 1.0 - 'id' SQL Injection Entrepreneur Job Portal Script 2.0.6 - 'jobsearch_all.php?rid1' SQL Injection Doctor Search Script 1.0 - 'city' SQL Injection Food Order Script 1.0 - 'list?city' SQL Injection E-commerce MLM Software 1.0 - SQL Injection Facebook Clone Script 1.0 - 'id' / 'send' SQL Injection Event Calendar Category Script 1.0 - 'city' SQL Injection Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection Hot Scripts Clone 3.1 - 'subctid' / 'mctid' SQL Injection Foodspotting Clone Script 1.0 - 'quicksearch.php?q' SQL Injection Kickstarter Clone Acript 2.0 - 'projid' SQL Injection	2017-12-11 05:02:14 +00:00
Offensive Security	97b5f8cc5b	DB: 2017-12-10 20 changes to exploits/shellcodes FS Makemytrip Clone 1.0 - 'fl_orig' / 'fl_dest' SQL Injection FS Linkedin Clone 1.0 - 'grid' / 'fid' / 'id' SQL Injection FS Indiamart Clone 1.0 - 'token' / 'id' / 'c' SQL Injection FS IMDB Clone 1.0 - 'f' / 's' / 'id' SQL Injection FS Grubhub Clone 1.0 - 'keywords' SQL Injection FS Groupon Clone 1.0 - 'id' SQL Injection FS Gigs Script 1.0 - 'cat' / 'sc' SQL Injection FS Freelancer Clone 1.0 - 'profile.php?u' SQL Injection FS Ebay Clone 1.0 - 'id' / 'sub_category_id' / 'category_id' SQL Injection FS Crowdfunding Script 1.0 - 'latest_news_details.php?id' SQL Injection FS Care Clone 1.0 - 'jobFrequency' / 'jobType' SQL Injection FS Amazon Clone 1.0 - SQL Injection FS Trademe Clone 1.0 - 'search' / 'id' SQL Injection FS Expedia Clone 1.0 - 'fl_orig' / 'fl_dest' / 'id' SQL Injection FS Foodpanda Clone 1.0 - SQL Injection Advance B2B Script 2.1.3 - 'show_id' / 'pid' SQL Injection Advance Online Learning Management Script 3.1 - 'subcatid' / 'popcourseid' SQL Injection Affiliate MLM Script 1.0 - 'product-category.php?key' SQL Injection Basic B2B Script 2.0.8 - 'product_details.php?id' SQL Injection Beauty Parlour Booking Script 1.0 - 'gender' / 'city' SQL Injection	2017-12-10 05:02:21 +00:00
Offensive Security	c35d9b35f7	DB: 2017-12-09 14 changes to exploits/shellcodes macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement Apple macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free Apple macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement Apple macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free Apple macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption Apple macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free Apple macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash Linux Kernel - DCCP Socket Use-After-Free Wireshark 2.4.0 < 2.4.2 / 2.2.0 < 2.2.10 - CIP Safety Dissector Crash Linux Kernel 4.10.5 / < 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free Apple iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation Apple macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation Apple iOS/macOS - 'xpc_data' Objects Sandbox Escape Privilege Escalation macOS High Sierra - Local Privilege Escalation (Metasploit) Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation (Metasploit) Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation LabF nfsAxe FTP Client 3.7 - Buffer Overflow (DEP Bypass) DomainSale PHP Script 1.0 - 'id' SQL Injection Simple Chatting System 1.0.0 - Arbitrary File Upload Website Auction Marketplace 2.0.5 - 'cat_id' SQL Injection Realestate Crowdfunding Script 2.7.2 - 'pid' SQL Injection FS Thumbtack Clone 1.0 - 'cat' / 'sc' SQL Injection FS Stackoverflow Clone 1.0 - 'keywords' SQL Injection FS Shutterstock Clone 1.0 - 'keywords' SQL Injection FS Quibids Clone 1.0 - SQL Injection FS Olx Clone 1.0 - 'scat' / 'pid' SQL Injection FS Monster Clone 1.0 - 'Employer_Details.php?id' SQL Injection	2017-12-09 05:02:21 +00:00
Offensive Security	b546191ef2	DB: 2017-12-08 9 changes to exploits/shellcodes Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash Linux Kernel - DCCP Socket Use-After-Free LaCie 5big Network 2.2.8 - Command Injection Polycom Shell HDX Series - Traceroute Command Execution (Metasploit) Claymore Dual ETH + DCR/SC/LBC/PASC GPU Miner - Stack Buffer Overflow / Path Traversal FS IMDB Clone - 'id' SQL Injection FS Facebook Clone - 'token' SQL Injection OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting	2017-12-08 05:02:13 +00:00
Offensive Security	08d2346400	DB: 2017-12-07 13 changes to exploits/shellcodes Arq 5.9.7 - Local Privilege Escalation Murus 1.4.11 - Local Privilege Escalation Arq 5.9.6 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation Sera 1.2 - Local Privilege Escalation / Password Disclosure Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation Proxifier for Mac 2.19 - Local Privilege Escalation FS Makemytrip Clone - 'id' SQL Injection WinduCMS 3.1 - Local File Disclosure FS Shaadi Clone - 'token' SQL Injection	2017-12-07 05:02:26 +00:00
Offensive Security	5e7ce1be28	DB: 2017-12-06 4 changes to exploits/shellcodes Microsoft Internet Explorer 6 - Aurora Microsoft Internet Explorer 6 - 'Aurora' Memory Corruption (MS10-002) VX Search 10.2.14 - 'command_name' Buffer Overflow Perspective ICM Investigation & Case 5.1.1.16 - Privilege Escalation Techno Portfolio Management Panel - 'id' SQL Injection Readymade Classifieds Script 1.0 - SQL Injection	2017-12-06 05:02:21 +00:00
Offensive Security	5c6fd52e87	DB: 2017-12-05	2017-12-05 05:01:59 +00:00
Offensive Security	a595878586	DB: 2017-12-04	2017-12-04 05:02:28 +00:00
Offensive Security	bb8b231f69	DB: 2017-12-02 8 changes to exploits/shellcodes 6 new exploits/shellcodes Abyss Web Server < 2.11.6 - Heap Memory Corruption HP iMC Plat 7.2 - Remote Code Execution HP iMC Plat 7.2 - Remote Code Execution (2) Kodi 15 - Web Interface Arbitrary File Access ( Kodi 15 - Web Interface Arbitrary File Access Jobs2Careers / Coroflot Clone - SQL Injection MistServer 2.12 - Cross-Site Scripting Artica Web Proxy 3.06 - Remote Code Execution	2017-12-02 05:02:32 +00:00
Offensive Security	a24ecf72c3	DB: 2017-12-01 82 changes to exploits/shellcodes 32 new exploits/shellcodes Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC) CA BrightStor HSM r11.5 - Remote Stack Based Overflow / Denial of Service CA BrightStor HSM r11.5 - Remote Stack Overflow / Denial of Service Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC) Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC) Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow FontForge - '.BDF' Font File Stack Based Buffer Overflow FontForge - '.BDF' Font File Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC) Libmodplug 0.8.8.2 - '.abc' Stack Buffer Overflow (PoC) Citrix XenApp / XenDesktop - Stack Based Buffer Overflow Citrix XenApp / XenDesktop - Stack Buffer Overflow Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC) Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC) IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow Oracle Outside-In - '.LWP' File Parsing Stack Buffer Overflow mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC) mcrypt 2.6.8 - Stack Buffer Overflow (PoC) MySQL (Linux) - Stack Based Buffer Overrun (PoC) MySQL (Linux) - Heap Based Overrun (PoC) MySQL (Linux) - Stack Buffer Overrun (PoC) MySQL (Linux) - Heap Overrun (PoC) Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (1) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow Winamp 5.63 - Stack Based Buffer Overflow Winamp 5.63 - Stack Buffer Overflow Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap-Based Buffer Overflow (MS14-056) Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap Buffer Overflow (MS14-056) MPlayer 1.0 - AVIHeader.C Heap Based Buffer Overflow MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Based Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow Google Android Web Browser - '.GIF' File Heap Buffer Overflow Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC) Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow OpenVms 8.3 Finger Service - Stack Based Buffer Overflow OpenVms 8.3 Finger Service - Stack Buffer Overflow Free Download Manager - Stack Based Buffer Overflow Free Download Manager - Stack Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Valhala Honeypot 1.8 - Stack Based Buffer Overflow Valhala Honeypot 1.8 - Stack Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Based Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Based Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Based Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read FBZX 2.10 - Local Stack Based Buffer Overflow TACK 1.07 - Local Stack Based Buffer Overflow FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read FBZX 2.10 - Local Stack Buffer Overflow TACK 1.07 - Local Stack Buffer Overflow Gnome Nautilus 3.16 - Denial of Service Wireshark - iseries_parse_packet Heap Based Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow Wireshark - iseries_parse_packet Heap Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Buffer Overflow Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow Wireshark - find_signature Stack Based Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow Wireshark - getRate Stack Based Out-of-Bounds Read Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow Wireshark - find_signature Stack Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Buffer Overflow Wireshark - getRate Stack Out-of-Bounds Read Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1) Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1) pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read pdfium - CPDF_Function::Call Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Buffer Overflow Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC) glibc - 'getaddrinfo' Stack Buffer Overflow (PoC) Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow libxml2 - xmlDictAddString Heap Based Buffer Overread libxml2 - xmlParseEndTag2 Heap Based Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread libxml2 - htmlCurrentChar Heap Based Buffer Overread Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow libxml2 - xmlDictAddString Heap Buffer Overread libxml2 - xmlParseEndTag2 Heap Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread libxml2 - htmlCurrentChar Heap Buffer Overread Kamailio 4.3.4 - Heap Based Buffer Overflow Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read Kamailio 4.3.4 - Heap Buffer Overflow Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2) Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2) Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow Graphite2 - GlyphCache::Loader Heap Based Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow Graphite2 - GlyphCache::Loader Heap Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097) Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) SAP SAPCAR 721.510 - Heap-Based Buffer Overflow SAP SAPCAR 721.510 - Heap Buffer Overflow Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow OpenJPEG - 'mqc.c' Heap Buffer Overflow tcprewrite - Heap-Based Buffer Overflow tcprewrite - Heap Buffer Overflow Dnsmasq < 2.78 - 2-byte Heap-Based Overflow Dnsmasq < 2.78 - Heap-Based Overflow Dnsmasq < 2.78 - Stack-Based Overflow Dnsmasq < 2.78 - 2-byte Heap Overflow Dnsmasq < 2.78 - Heap Overflow Dnsmasq < 2.78 - Stack Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow PHP 7.1.8 - Heap-Based Buffer Overflow PHP 7.1.8 - Heap Buffer Overflow QEMU - NBD Server Long Export Name Stack Buffer Overflow Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page TerminatorX 3.81 - Local Stack Overflow / Privilege Escalation TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Local Privilege Escalation AIX lquerylv - Local Buffer Overflow / Privilege Escalation AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Local Privilege Escalation libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Privilege Escalation Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation Gopher 3.0.9 - '+VIEWS' Remote Client-Side Buffer Overflow Gopher 3.0.9 - '+VIEWS' Client-Side Buffer Overflow XMail 1.21 - '-t' Command Line Option Buffer Overflow / Privilege Escalation XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation Microsoft Excel - Remote Code Execution Microsoft Excel - Code Execution HP-UX 11i - 'swpackage' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation News Rover 12.1 Rev 1 - Remote Stack Overflow (1) News Rover 12.1 Rev 1 - Stack Overflow (1) News Rover 12.1 Rev 1 - Remote Stack Overflow (2) News Rover 12.1 Rev 1 - Stack Overflow (2) FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit) MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Buffer Overflows Libmodplug - 's3m' Remote Buffer Overflow Libmodplug - 's3m' Buffer Overflow Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin) Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) Microsoft Visio 2002 - '.DXF' File Stack based Overflow Microsoft Visio 2002 - '.DXF' Local Stack Overflow AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit) AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit) Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Local Privilege Escalation BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3) S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Local Privilege Escalation Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation Internet Download Manager - Stack Based Buffer Overflow Internet Download Manager - Local Stack Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow / Privilege Escalation AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation mcrypt 2.5.8 - Stack Based Overflow mcrypt 2.5.8 - Local Stack Overflow Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow / Privilege Escalation (MS04-020) Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation (1) Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1) Winamp 5.12 - '.m3u' Stack Based Buffer Overflow Winamp 5.12 - '.m3u' Local Stack Buffer Overflow RealNetworks RealOne Player/RealPlayer - '.RM' Local Stack Buffer Overflow KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow Super Player 3500 - '.m3u' Local Stack Based Buffer Overflow Super Player 3500 - '.m3u' Local Stack Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Based Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Based Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Local Privilege Escalation BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Privilege Escalation Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow Sim Editor 6.6 - Stack Based Buffer Overflow Sim Editor 6.6 - Local Stack Buffer Overflow Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022) Microsoft Word - Local Machine Zone Code Execution (MS15-022) Symantec Encryption Desktop 10 - Local Buffer Overflow / Privilege Escalation Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (2) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2) Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042) TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow NRSS Reader 0.3.9 - Local Stack Based Overflow NRSS Reader 0.3.9 - Local Stack Overflow Linux - ecryptfs and /proc/$pid/environ Privilege Escalation Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099) Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099) NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow Callback / Privilege Escalation NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout) Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit) PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution PDF-XChange Viewer 2.5 Build 314.0 - Code Execution Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (2) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2) UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation macOS High Sierra - Root Privilege Escalation (Metasploit) lftp 2.6.9 - Remote Stack based Overflow lftp 2.6.9 - Remote Stack Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack/SEH Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack Overflow (SEH) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit) Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit) Citrix Gateway - ActiveX Control Stack Based Buffer Overflow (Metasploit) Citrix Gateway - ActiveX Control Stack Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack Buffer Overflow (Metasploit) Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (3) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (2) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities RealNetworks RealOne Player/RealPlayer - '.RM' File Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Buffer Overflow Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow Vim - 'mch_expand_wildcards()' Heap Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Based Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Based Buffer Overflow Stub TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub glibc - 'getaddrinfo' Stack Based Buffer Overflow glibc - 'getaddrinfo' Remote Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal R2/Extreme 1.65 - Stack Buffer Overflow / Directory Traversal Alligra Calligra - Heap Based Buffer Overflow Alligra Calligra - Heap Buffer Overflow Aloaha PDF Suite - Stack Based Buffer Overflow Aloaha PDF Suite - Remote Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit) ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit) pfSense - Authenticated Group Member Remote Command Execution (Metasploit) Almnzm - 'COOKIE: customer' SQL Injection Tutorialms 1.4 (show) - SQL Injection Tutorialms 1.4 - 'show' SQL Injection osCommerce 2.3.4.1 - Arbitrary File Upload Knowledge Base Enterprise Edition 4.62.00 - SQL Injection Knowledge Base Enterprise Edition 4.62.0 - SQL Injection WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload phpDolphin 2.0.5 - Multiple Vulnerabilities OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities AbanteCart 1.2.7 - Cross-Site Scripting MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection Synology StorageManager 5.2 - Remote Root Command Execution Synology StorageManager 5.2 - Root Remote Command Execution WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal	2017-12-01 10:57:46 +00:00
Offensive Security	cc349de5d3	DB: 2017-11-29 4 changes to exploits/shellcodes Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) YaBB 1 Gold - SP 1 YaBB.pl Cross-Site Scripting YaBB 1 Gold SP 1 - 'YaBB.pl' Cross-Site Scripting NetPilot/Soho Blue Router 6.1.15 - Privilege Escalation Synology StorageManager 5.2 - Remote Root Command Execution	2017-11-29 10:22:56 +00:00
g0tmi1k	dc5ab6ac54	Merge pull request #108 from g0tmi1k/searchsploit Support multiple CSV & Fix JSON	2017-11-28 19:54:27 +00:00
Offensive Security	f52bbcb598	DB: 2017-11-28 15 new exploits	2017-11-28 19:14:29 +00:00
g0tmi1k	d509b5196d	Support multiple CSV & Fix JSON	2017-11-28 19:09:33 +00:00
g0tmi1k	c00f565cd2	Merge pull request #106 from g0tmi1k/searchsploit Update SearchSploit for: platorms/ -> {exploits,shellcodes}/	2017-11-27 11:55:08 +00:00
g0tmi1k	a832be6ebb	Update SearchSploit for: platorms/ -> {exploits,shellcodes}/	2017-11-27 10:38:54 +00:00
Offensive Security	1eca65f43e	DB: 2017-11-27 1 new exploits i.Scribe SMTP Client 2.00b - wscanf Remote Format String (PoC) i.Scribe SMTP Client 2.00b - 'wscanf' Remote Format String (PoC) MemHT Portal 4.0.1 - user agent Persistent Cross-Site Scripting MemHT Portal 4.0.1 - 'User Agent' Persistent Cross-Site Scripting	2017-11-27 10:06:43 +00:00
Offensive Security	2126b71b1f	DB: 2017-11-27 1 new exploits Avaya OfficeScan (IPO) < 10.1 - ActiveX Buffer Overflow Avaya IP Office (IPO) < 10.1 - ActiveX Buffer Overflow Avaya OfficeScan (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH) Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)	2017-11-27 05:02:18 +00:00
Offensive Security	c62b253bde	DB: 2017-11-26 2 new exploits ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)	2017-11-26 05:02:31 +00:00
Offensive Security	66dc3007b7	DB: 2017-11-25 1 new exploits Linksys SPA941 - \377 Character Remote Denial of Service Linksys SPA941 - '\377' Character Remote Denial of Service Caucho Resin 3.1 - \web-inf Traversal Arbitrary File Access Caucho Resin 3.1 - '/web-inf' Traversal Arbitrary File Access Google Urchin 5.7.3 - \Report.cgi' Authentication Bypass Google Urchin 5.7.3 - 'Report.cgi' Authentication Bypass Dojo Toolkit 1.4.1 - '\dijit\tests\_testCommon.js?theme' Cross-Site Scripting Dojo Toolkit 1.4.1 - 'doh\runner.html' Multiple Cross-Site Scripting Vulnerabilities Dojo Toolkit 1.4.1 - '/dijit/tests/_testCommon.js?theme' Cross-Site Scripting Dojo Toolkit 1.4.1 - '/doh/runner.html' Multiple Cross-Site Scripting Vulnerabilities	2017-11-25 05:02:11 +00:00
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00
Offensive Security	68825c6583	DB: 2017-11-24 2 new exploits Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow (PoC) Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow Sun SUNWlldap Library Hostname - Buffer Overflow Sun SUNWlldap Library Hostname - Local Buffer Overflow Microsoft Windows XP - 'explorer.exe' Buffer Overflow Microsoft Windows XP - 'explorer.exe' Local Buffer Overflow Solaris Runtime Linker (SPARC) - 'ld.so.1' Buffer Overflow Solaris Runtime Linker (SPARC) - 'ld.so.1' Local Buffer Overflow FirstClass Desktop 7.1 - Buffer Overflow FirstClass Desktop 7.1 - Local Buffer Overflow xsplumber - 'strcpy()' Buffer Overflow xsplumber - 'strcpy()' Local Buffer Overflow BSDi 3.0 inc - Buffer Overflow Privilege Escalation BSDi 3.0 inc - Local Buffer OverflowPrivilege Escalation expect (/usr/bin/expect) - Buffer Overflow expect (/usr/bin/expect) - Local Buffer Overflow xsoldier 0.96 (RedHat 6.2) - Buffer Overflow xsoldier 0.96 (RedHat 6.2) - Local Buffer Overflow Seyon 2.1 rev. 4b i586-Linux (RedHat 4.0/5.1) - Overflow Seyon 2.1 rev. 4b i586-Linux (RedHat 4.0/5.1) - Local Overflow splitvt < 1.6.5 - Overflow splitvt < 1.6.5 - Local Overflow SquirrelMail - 'chpasswd' Buffer Overflow SquirrelMail - 'chpasswd' Local Buffer Overflow AIX lquerylv - Buffer Overflow Privilege Escalation AIX lquerylv - Local Buffer OverflowPrivilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Buffer Overflow Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow Privilege Escalation zgv - '$HOME' Buffer Overflow Solaris 2.4 passwd / yppasswd / nispasswd - Overflows zgv - '$HOME' Local Buffer Overflow Solaris 2.4 passwd / yppasswd / nispasswd - Local Overflows htpasswd Apache 1.3.31 - Overflow htpasswd Apache 1.3.31 - Local Overflow Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Buffer Overflow Privilege Escalation Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow Privilege Escalation Oracle Database Server 10.1.0.2 - Buffer Overflow Oracle Database Server 10.1.0.2 - Local Buffer Overflow WinRAR 3.30 - 'Filename' Buffer Overflow (1) WinRAR 3.30 - 'Filename' Buffer Overflow (2) WinRAR 3.30 - 'Filename' Local Buffer Overflow (1) WinRAR 3.30 - 'Filename' Local Buffer Overflow (2) Oracle Database Server 9i/10g - 'XML' Buffer Overflow Oracle Database Server 9i/10g - 'XML' Local Buffer Overflow Microsoft HTML Help Workshop - '.hhp' Buffer Overflow (1) Microsoft HTML Help Workshop - '.hhp' Local Buffer Overflow (1) Microsoft HTML Help Workshop - '.hhp' Buffer Overflow (2) Microsoft HTML Help Workshop - '.hhp' Buffer Overflow (3) Microsoft HTML Help Workshop - '.hhp' Local Buffer Overflow (2) Microsoft HTML Help Workshop - '.hhp' Local Buffer Overflow (3) Microsoft Visual Studio 6.0 sp6 - '.dbp' Buffer Overflow Microsoft Visual Studio 6.0 sp6 - '.dbp' Local Buffer Overflow Pico Zip 4.01 - 'Filename' Buffer Overflow Pico Zip 4.01 - 'Filename' Local Buffer Overflow PowerZip 7.06.38950 - 'Filename Handling' Buffer Overflow PowerZip 7.06.38950 - 'Filename Handling' Local Buffer Overflow AtomixMP3 < 2.3 - '.m3u' Buffer Overflow BlazeVideo HDTV Player 2.1 - '.PLF' Buffer Overflow (PoC) AtomixMP3 < 2.3 - '.m3u' Local Buffer Overflow BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow (PoC) Microsoft Help Workshop 4.03.0002 - '.cnt' Buffer Overflow Microsoft Help Workshop 4.03.0002 - '.cnt' Local Buffer Overflow Microsoft Help Workshop 4.03.0002 - '.HPJ' Buffer Overflow Microsoft Help Workshop 4.03.0002 - '.HPJ' Local Buffer Overflow FreeBSD mcweject 0.9 'Eject' - Buffer Overflow Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Local Buffer OverflowPrivilege Escalation Corel Paint Shop Pro Photo 11.20 - '.clp' Buffer Overflow Adobe Photoshop CS2 / CS3 - '.bmp' Buffer Overflow ABC-View Manager 1.42 - '.psp' Buffer Overflow FreshView 7.15 - '.psp' Buffer Overflow Corel Paint Shop Pro Photo 11.20 - '.clp' Local Buffer Overflow Adobe Photoshop CS2 / CS3 - '.bmp' Local Buffer Overflow ABC-View Manager 1.42 - '.psp' Local Buffer Overflow FreshView 7.15 - '.psp' Local Buffer Overflow IrfanView 4.00 - '.iff' Buffer Overflow Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png' Buffer Overflow IrfanView 4.00 - '.iff' Local Buffer Overflow Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png' Local Buffer Overflow Live for Speed S1/S2/Demo - '.mpr replay' Buffer Overflow Live for Speed S1/S2/Demo - '.mpr replay' Local Buffer Overflow Live for Speed S1/S2/Demo - '.ply' Buffer Overflow Live for Speed S1/S2/Demo - '.spr' Buffer Overflow Live for Speed S1/S2/Demo - '.ply' Local Buffer Overflow Live for Speed S1/S2/Demo - '.spr' Local Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.ty' Buffer Overflow (SEH) VideoLAN VLC Media Player 0.9.4 - '.ty' Local Buffer Overflow (SEH) Cain & Abel 4.9.23 - '.rdp' Buffer Overflow Cain & Abel 4.9.23 - '.rdp' Local Buffer Overflow CoolPlayer 2.19 - 'PlaylistSkin' Buffer Overflow CoolPlayer 2.19 - 'PlaylistSkin' Local Buffer Overflow Free Download Manager 3.0 Build 844 - '.torrent' Buffer Overflow Free Download Manager 3.0 Build 844 - '.torrent' Local Buffer Overflow BulletProof FTP Client 2009 - '.bps' Buffer Overflow (SEH) BulletProof FTP Client 2009 - '.bps' Local Buffer Overflow (SEH) cTorrent/DTorrent - '.torrent' Buffer Overflow cTorrent/DTorrent - '.torrent' Local Buffer Overflow CoolPlayer Portable 2.19.1 - '.m3u' Buffer Overflow (1) CoolPlayer Portable 2.19.1 - '.m3u' Buffer Overflow (2) CoolPlayer Portable 2.19.1 - 'Skin' Buffer Overflow CoolPlayer Portable 2.19.1 - '.m3u' Local Buffer Overflow (1) CoolPlayer Portable 2.19.1 - '.m3u' Local Buffer Overflow (2) CoolPlayer Portable 2.19.1 - 'Skin' Local Buffer Overflow Zoom Player Pro 3.30 - '.m3u' Buffer Overflow (SEH) Zoom Player Pro 3.30 - '.m3u' Local Buffer Overflow (SEH) Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM' Buffer Overflow Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM' Local Buffer Overflow Live For Speed 2 Version Z - '.mpr' Buffer Overflow (SEH) Live For Speed 2 Version Z - '.mpr' Local Buffer Overflow (SEH) NScan 0.9.1 - 'Target' Buffer Overflow NScan 0.9.1 - 'Target' Local Buffer Overflow Audio Lib Player - '.m3u' Buffer Overflow (SEH) Audio Lib Player - '.m3u' Local Buffer Overflow (SEH) Alleycode HTML Editor 2.2.1 - Buffer Overflow Alleycode HTML Editor 2.2.1 - Local Buffer Overflow Millenium MP3 Studio 2.0 - '.m3u' Buffer Overflow Millenium MP3 Studio 2.0 - 'mpf' Buffer Overflow Millenium MP3 Studio 2.0 - '.m3u' Local Buffer Overflow Millenium MP3 Studio 2.0 - 'mpf' Local Buffer Overflow Xion Audio Player 1.0 121 - '.m3u' Buffer Overflow (2) Xion Audio Player 1.0 121 - '.m3u' Local Buffer Overflow (2) Alleycode 2.21 - Overflow (SEH) (PoC) Alleycode 2.21 - Local Overflow (SEH) (PoC) Serenity Audio Player Playlist - '.m3u' Buffer Overflow Millenium MP3 Studio 2.0 - 'pls' Buffer Overflow Serenity Audio Player Playlist - '.m3u' Local Buffer Overflow Millenium MP3 Studio 2.0 - 'pls' Local Buffer Overflow Adobe Illustrator CS4 14.0.0 - Encapsulated Postscript '.eps' Buffer Overflow Adobe Illustrator CS4 14.0.0 - Encapsulated Postscript '.eps' Local Buffer Overflow M3U To ASX-WPL 1.1 - '.m3u' Buffer Overflow Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (1) Audacity 1.2.6 - '.gro' Buffer Overflow M3U To ASX-WPL 1.1 - '.m3u' Local Buffer Overflow Microsoft HTML Help Workshop 4.74 - '.hhp' Local Buffer Overflow (1) Audacity 1.2.6 - '.gro' Local Buffer Overflow Ghostscript < 8.64 - 'gdevpdtb.c' Buffer Overflow PointDev IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) gAlan 0.2.1 - Buffer Overflow (1) Ghostscript < 8.64 - 'gdevpdtb.c' Local Buffer Overflow PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow (Metasploit) HTML Help Workshop 4.74 - '.hhp' Local Buffer Overflow (Metasploit) gAlan 0.2.1 - Local Buffer Overflow (1) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Local Buffer Overflow (Metasploit) Easy RM to MP3 Converter 2.7.3.700 - Buffer Overflow Easy RM to MP3 Converter 2.7.3.700 - Local Buffer Overflow Easy RM to MP3 27.3.700 (Windows XP SP3) - Overflow Easy RM to MP3 27.3.700 (Windows XP SP3) - Local Overflow Easy RM to MP3 2.7.3.700 - Buffer Overflow Easy RM to MP3 2.7.3.700 - Local Buffer Overflow Mini-stream RM-MP3 Converter 3.1.2.1 - '.m3u' Buffer Overflow Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit) Mini-stream RM-MP3 Converter 3.1.2.1 - '.m3u' Local Buffer Overflow Media Jukebox 8.0.400 - Local Buffer Overflow (SEH) (Metasploit) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) Mini-stream 3.0.1.1 - Local Buffer Overflow (Metasploit) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) DJ Studio Pro 5.1.6.5.2 - Local Overflow (SEH) PlayMeNow 7.3/7.4 - Buffer Overflow (Metasploit) PlayMeNow 7.3/7.4 - Local Buffer Overflow (Metasploit) Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Buffer Overflow Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Local Buffer Overflow Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (1) Rosoft Media Player 4.4.4 - Local Buffer Overflow (SEH) (1) VideoLAN VLC Media Player 0.8.6 a/b/c/d (Win32 Universal) - '.ass' Buffer Overflow VideoLAN VLC Media Player 0.8.6 a/b/c/d (Win32 Universal) - '.ass' Local Buffer Overflow RM Downloader - '.m3u' Buffer Overflow (SEH) RM Downloader - '.m3u' Local Buffer Overflow (SEH) SOMPL Player 1.0 - Buffer Overflow SOMPL Player 1.0 - Local Buffer Overflow Winamp 5.572 - Overflow (SEH) Winamp 5.572 - Local Overflow (SEH) Yahoo Player 1.0 - '.m3u' / '.pls' / '.ypl' Buffer Overflow (SEH) Yahoo Player 1.0 - '.m3u' / '.pls' / '.ypl' Local Buffer Overflow (SEH) Yahoo Player 1.0 - '.m3u' Buffer Overflow Yahoo Player 1.0 - '.m3u' Local Buffer Overflow KenWard's Zipper 1.400 - Buffer Overflow (2) KenWard's Zipper 1.400 - Local Buffer Overflow (2) ZipScan 2.2c - Overflow (SEH) PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow ZipScan 2.2c - Local Overflow (SEH) PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow (NX + ASLR Bypass) PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow (NX + ASLR Bypass) WM Downloader 3.0.0.9 - Buffer Overflow (Metasploit) WM Downloader 3.0.0.9 - Local Buffer Overflow (Metasploit) AVCON H323Call - Buffer Overflow IDEAL Migration 4.5.1 - Buffer Overflow (Metasploit) AVCON H323Call - Local Buffer Overflow IDEAL Migration 4.5.1 - Local Buffer Overflow (Metasploit) SyncBack Freeware 3.2.20.0 - Overflow (SEH) SyncBack Freeware 3.2.20.0 - Local Overflow (SEH) Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - 'OpenSession()' Buffer Overflow Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - 'OpenSession()' Local Buffer Overflow IP2location.dll 1.0.0.1 - Function 'Initialize()' Buffer Overflow Mediacoder 0.7.3.4672 - Overflow (SEH) IP2location.dll 1.0.0.1 - Function 'Initialize()' Local Buffer Overflow Mediacoder 0.7.3.4672 - Local Overflow (SEH) Free WMA MP3 Converter 1.1 - Buffer Overflow (SEH) Free WMA MP3 Converter 1.1 - Local Buffer Overflow (SEH) Easy CD-DA Recorder 2007 - Buffer Overflow (SEH) Easy CD-DA Recorder 2007 - Local Buffer Overflow (SEH) ActivePerl 5.8.8.817 - Buffer Overflow Power Tab Editor 1.7 (Build 80) - Buffer Overflow Rosoft Audio Converter 4.4.4 - Buffer Overflow ActivePerl 5.8.8.817 - Local Buffer Overflow Power Tab Editor 1.7 (Build 80) - Local Buffer Overflow Rosoft Audio Converter 4.4.4 - Local Buffer Overflow FieldNotes 32 5.0 - Buffer Overflow (SEH) FieldNotes 32 5.0 - Local Buffer Overflow (SEH) BlazeDVD 6.0 - Buffer Overflow (Metasploit) RM Downloader 3.1.3 - Buffer Overflow (SEH) BlazeDVD 6.0 - Local Buffer Overflow (Metasploit) RM Downloader 3.1.3 - Local Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovwebsnmpsrv.exe' Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovwebsnmpsrv.exe' Local Buffer Overflow (SEH) MoreAmp - Buffer Overflow (SEH) (Metasploit) MoreAmp - Local Buffer Overflow (SEH) (Metasploit) ZipCentral - '.zip' Buffer Overflow (SEH) ZipCentral - '.zip' Local Buffer Overflow (SEH) WM Downloader 3.1.2.2 2010.04.15 - Buffer Overflow (SEH) HTML Email Creator 2.42 build 718 - Buffer Overflow (SEH) WM Downloader 3.1.2.2 - Buffer Overflow (1) WM Downloader 3.1.2.2 2010.04.15 - Local Buffer Overflow (SEH) HTML Email Creator 2.42 build 718 - Local Buffer Overflow (SEH) WM Downloader 3.1.2.2 - Local Buffer Overflow (1) Microsoft Windows - 'win32k.sys' Driver 'CreateDIBPalette()' Buffer Overflow Mini-stream Ripper 3.1.2.1 - Buffer Overflow (DEP Bypass) myMP3-Player 3.0 - Buffer Overflow Microsoft Windows - 'win32k.sys' Driver 'CreateDIBPalette()' Local Buffer Overflow Mini-stream Ripper 3.1.2.1 - Local Buffer Overflow (DEP Bypass) myMP3-Player 3.0 - Local Buffer Overflow Mediacoder 0.7.5.4710 - Buffer Overflow Mediacoder 0.7.5.4710 - 'Universal' Buffer Overflow (SEH) Mediacoder 0.7.5.4710 - Local Buffer Overflow Mediacoder 0.7.5.4710 - 'Universal' Local Buffer Overflow (SEH) Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (2) Rosoft Media Player 4.4.4 - Local Buffer Overflow (SEH) (2) MicroP 0.1.1.1600 - 'mppl' Buffer Overflow MicroP 0.1.1.1600 - 'mppl' Local Buffer Overflow Audiotran 1.4.2.4 - Overflow (SEH) Audiotran 1.4.2.4 - Local Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Local Overflow (SEH) BACnet OPC Client - Buffer Overflow (1) DJ Studio Pro 8.1.3.2.1 - Overflow (SEH) BACnet OPC Client - Local Buffer Overflow (1) DJ Studio Pro 8.1.3.2.1 - Local Overflow (SEH) Audiotran 1.4.2.4 - Overflow (SEH) (DEP Bypass) Audiotran 1.4.2.4 - Local Overflow (SEH) (DEP Bypass) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) (Metasploit) MP3 Workstation 9.2.1.1.2 - Local Overflow (SEH) (Metasploit) iworkstation 9.3.2.1.4 - Overflow (SEH) Digital Music Pad 8.2.3.3.4 - Overflow (SEH) (Metasploit) iworkstation 9.3.2.1.4 - Local Overflow (SEH) Digital Music Pad 8.2.3.3.4 - Local Overflow (SEH) (Metasploit) Xion Audio Player 1.0.127 - '.m3u' Buffer Overflow Xion Audio Player 1.0.127 - '.m3u' Local Buffer Overflow Fat Player 0.6b - '.wav' Buffer Overflow (SEH) Fat Player 0.6b - '.wav' Local Buffer Overflow (SEH) MiniShare 1.4.0 < 1.5.5 - 'users.txt' Buffer Overflow MiniShare 1.5.5 - Buffer Overflow (SEH) GSPlayer 1.83a Win32 Release - Buffer Overflow MiniShare 1.4.0 < 1.5.5 - 'users.txt' Local Buffer Overflow MiniShare 1.5.5 - Local Buffer Overflow (SEH) GSPlayer 1.83a Win32 Release - Local Buffer Overflow Free CD to MP3 Converter 3.1 - Buffer Overflow Free CD to MP3 Converter 3.1 - Local Buffer Overflow Free CD to MP3 Converter 3.1 - Buffer Overflow (SEH) MP3-Nator 2.0 - Buffer Overflow (SEH) Free CD to MP3 Converter 3.1 - Local Buffer Overflow (SEH) MP3-Nator 2.0 - Local Buffer Overflow (SEH) Realtek Audio Control Panel 1.0.1.65 - Buffer Overflow Realtek Audio Microphone Calibration 1.1.1.6 - Buffer Overflow Realtek HD Audio Control Panel 2.1.3.2 - Buffer Overflow Realtek Audio Control Panel 1.0.1.65 - Local Buffer Overflow Realtek Audio Microphone Calibration 1.1.1.6 - Local Buffer Overflow Realtek HD Audio Control Panel 2.1.3.2 - Local Buffer Overflow MP3-Nator - Buffer Overflow (SEH) (DEP Bypass) MiniShare 1.5.5 - 'users.txt' Buffer Overflow (Egghunter) MP3-Nator - Local Buffer Overflow (SEH) (DEP Bypass) MiniShare 1.5.5 - 'users.txt' Local Buffer Overflow (Egghunter) Mediacoder 0.7.5.4792 - Buffer Overflow (SEH) Mediacoder 0.7.5.4797 - '.m3u' Buffer Overflow (SEH) Video Charge Studio 2.9.5.643 - '.vsc' Buffer Overflow (SEH) Mediacoder 0.7.5.4792 - Local Buffer Overflow (SEH) Mediacoder 0.7.5.4797 - '.m3u' Local Buffer Overflow (SEH) Video Charge Studio 2.9.5.643 - '.vsc' Local Buffer Overflow (SEH) FreeAmp 2.0.7 - '.m3u' Buffer Overflow PowerShell XP 3.0.1 - Buffer Overflow FreeAmp 2.0.7 - '.m3u' Local Buffer Overflow PowerShell XP 3.0.1 - Local Buffer Overflow Aesop GIF Creator 2.1 - '.aep' Buffer Overflow Altarsoft Audio Converter 1.1 - Buffer Overflow (SEH) Aesop GIF Creator 2.1 - '.aep' Local Buffer Overflow Altarsoft Audio Converter 1.1 - Local Buffer Overflow (SEH) Word Splash Pro 9.5 - Buffer Overflow MP3 CD Converter Professional - Buffer Overflow (SEH) Word Splash Pro 9.5 - Local Buffer Overflow MP3 CD Converter Professional - Local Buffer Overflow (SEH) Music Animation Machine MIDI Player - Buffer Overflow (SEH) Music Animation Machine MIDI Player - Local Buffer Overflow (SEH) Enzip 3.00 - Buffer Overflow BS.Player 2.57 - Buffer Overflow (SEH Unicode) Enzip 3.00 - Local Buffer Overflow BS.Player 2.57 - Local Buffer Overflow (SEH Unicode) Magic Music Editor - Buffer Overflow Nokia MultiMedia Player 1.0 - Overflow (SEH Unicode) Magic Music Editor - Local Buffer Overflow Nokia MultiMedia Player 1.0 - Local Overflow (SEH Unicode) eXtremeMP3 Player - Buffer Overflow (SEH) A-PDF All to MP3 Converter 2.0.0 - '.wav' Buffer Overflow eXtremeMP3 Player - Local Buffer Overflow (SEH) A-PDF All to MP3 Converter 2.0.0 - '.wav' Local Buffer Overflow A-PDF All to MP3 Converter 2.0.0 - '.wav' Buffer Overflow (SEH) A-PDF All to MP3 Converter 2.0.0 - '.wav' Local Buffer Overflow (SEH) CodeBlocks 8.02 - 'cbp' Buffer Overflow CodeBlocks 8.02 - 'cbp' Local Buffer Overflow AOL Desktop 9.6 - '.rtx' Buffer Overflow AOL Desktop 9.6 - '.rtx' Local Buffer Overflow MoviePlay 4.82 - '.lst' Buffer Overflow CuteZip 2.1 - Buffer Overflow MoviePlay 4.82 - '.lst' Local Buffer Overflow CuteZip 2.1 - Local Buffer Overflow Elecard AVC_HD/MPEG Player 5.7 - Buffer Overflow Elecard AVC_HD/MPEG Player 5.7 - Local Buffer Overflow Adobe - 'util.printf()' Buffer Overflow (Metasploit) (1) Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (1) Adobe - 'Collab.getIcon()' Buffer Overflow (Metasploit) (1) Adobe - 'Collab.getIcon()' Local Buffer Overflow (Metasploit) (1) VUPlayer - '.m3u' Buffer Overflow (Metasploit) VUPlayer - '.m3u' Local Buffer Overflow (Metasploit) Adobe - 'util.printf()' Buffer Overflow (Metasploit) (2) Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (2) Fat Player Media Player 0.6b0 - Buffer Overflow (Metasploit) Fat Player Media Player 0.6b0 - Local Buffer Overflow (Metasploit) Steinberg MyMP3Player 3.0 - Buffer Overflow (Metasploit) Steinberg MyMP3Player 3.0 - Local Buffer Overflow (Metasploit) WM Downloader 3.1.2.2 - Buffer Overflow (Metasploit) (2) WM Downloader 3.1.2.2 - Local Buffer Overflow (Metasploit) (2) Altap Salamander 2.5 PE Viewer - Buffer Overflow (Metasploit) VUPlayer - '.cue' Buffer Overflow (Metasploit) Altap Salamander 2.5 PE Viewer - Local Buffer Overflow (Metasploit) VUPlayer - '.cue' Local Buffer Overflow (Metasploit) A-PDF WAV to MP3 1.0.0 - Buffer Overflow (Metasploit) S.O.M.P.L 1.0 Player - Buffer Overflow (Metasploit) gAlan 0.2.1 - Buffer Overflow (Metasploit) (2) A-PDF WAV to MP3 1.0.0 - Local Buffer Overflow (Metasploit) S.O.M.P.L 1.0 Player - Local Buffer Overflow (Metasploit) gAlan 0.2.1 - Local Buffer Overflow (Metasploit) (2) BACnet OPC Client - Buffer Overflow (Metasploit) (2) BACnet OPC Client - Local Buffer Overflow (Metasploit) (2) Adobe - 'Collab.collectEmailInfo()' Buffer Overflow (Metasploit) Adobe - 'Collab.collectEmailInfo()' Local Buffer Overflow (Metasploit) Microsoft Visual Basic - '.VBP' Buffer Overflow (Metasploit) Adobe - 'Collab.getIcon()' Buffer Overflow (Metasploit) (2) Microsoft Visual Basic - '.VBP' Local Buffer Overflow (Metasploit) Adobe - 'Collab.getIcon()' Local Buffer Overflow (Metasploit) (2) Movavi VideoSuite 8.0 MediaPlayer - '.m3u' Buffer Overflow Movavi VideoSuite 8.0 MediaPlayer - '.m3u' Local Buffer Overflow ABBS Audio Media Player - '.m3u' / '.LST' Buffer Overflow ABBS Audio Media Player 3.0 - '.lst' Buffer Overflow (SEH) ABBS Electronic Flash Cards 2.1 - '.fcd' Buffer Overflow ABBS Audio Media Player - '.m3u' / '.LST' Local Buffer Overflow ABBS Audio Media Player 3.0 - '.lst' Local Buffer Overflow (SEH) ABBS Electronic Flash Cards 2.1 - '.fcd' Local Buffer Overflow POP Peeper 3.7 - Overflow (SEH) CORE MultiMedia Suite 2011 CORE Player 2.4 - '.m3u' Buffer Overflow Mediacoder 2011 RC3 - '.m3u' Buffer Overflow POP Peeper 3.7 - Local Overflow (SEH) CORE MultiMedia Suite 2011 CORE Player 2.4 - '.m3u' Local Buffer Overflow Mediacoder 2011 RC3 - '.m3u' Local Buffer Overflow Word List Builder - Buffer Overflow (SEH) MPlayer (r33064 Lite) - Buffer Overflow + ROP Word List Builder - Local Buffer Overflow (SEH) MPlayer (r33064 Lite) - Local Buffer Overflow+ ROP MikeyZip 1.1 - '.zip' Buffer Overflow MikeyZip 1.1 - '.zip' Local Buffer Overflow VeryTools VideoSpirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) Wordtrainer 3.0 - '.ord' Buffer Overflow VeryTools VideoSpirit Pro 1.70 - '.visprj' Local Buffer Overflow (Metasploit) Wordtrainer 3.0 - '.ord' Local Buffer Overflow PlaylistMaker 1.5 - '.txt' Buffer Overflow PlaylistMaker 1.5 - '.txt' Local Buffer Overflow SimplyPlay 66 - '.pls' Buffer Overflow SimplyPlay 66 - '.pls' Local Buffer Overflow Wireshark 1.4.1 < 1.4.4 - Overflow (SEH) Wireshark 1.4.1 < 1.4.4 - Local Overflow (SEH) Subtitle Processor 7.7.1 - Buffer Overflow (SEH Unicode) NetOp Remote Control 8.0/9.1/9.2/9.5 - Buffer Overflow Subtitle Processor 7.7.1 - Local Buffer Overflow (SEH Unicode) NetOp Remote Control 8.0/9.1/9.2/9.5 - Local Buffer Overflow PHP 5.3.5 - 'socket_connect()' Buffer Overflow Chasys Media Player 2.0 - Buffer Overflow (SEH) PHP 5.3.5 - 'socket_connect()' Local Buffer Overflow Chasys Media Player 2.0 - Local Buffer Overflow (SEH) CoolPlayer Portable 2.19.2 - Buffer Overflow Sonique 1.96 - '.m3u' Buffer Overflow SpongeBob SquarePants Typing - Buffer Overflow (SEH) CoolPlayer Portable 2.19.2 - Local Buffer Overflow Sonique 1.96 - '.m3u' Local Buffer Overflow SpongeBob SquarePants Typing - Local Buffer Overflow (SEH) The KMPlayer 3.0.0.1440 (Windows 7) - '.mp3' Buffer Overflow (ASLR Bypass) The KMPlayer 3.0.0.1440 (Windows 7) - '.mp3' Local Buffer Overflow (ASLR Bypass) FreeAmp 2.0.7 - '.fat' Buffer Overflow FreeAmp 2.0.7 - '.pls' Buffer Overflow FreeAmp 2.0.7 - '.fat' Local Buffer Overflow FreeAmp 2.0.7 - '.pls' Local Buffer Overflow PHP 5.3.6 - Buffer Overflow (ROP) (PoC) PHP 5.3.6 - Local Buffer Overflow (ROP) (PoC) Word List Builder 1.0 - Buffer Overflow (Metasploit) Wordtrainer 3.0 - '.ord' Buffer Overflow (Metasploit) CoolPlayer Portable 2.19.2 - Buffer Overflow (Metasploit) Word List Builder 1.0 - Local Buffer Overflow (Metasploit) Wordtrainer 3.0 - '.ord' Local Buffer Overflow (Metasploit) CoolPlayer Portable 2.19.2 - Local Buffer Overflow (Metasploit) ZipGenius 6.3.2.3000 - '.zip' Buffer Overflow ZipGenius 6.3.2.3000 - '.zip' Local Buffer Overflow MPlayer Lite r33064 - '.m3u' Buffer Overflow (DEP Bypass) Zinf Audio Player 2.2.1 - '.pls' Buffer Overflow (DEP Bypass) ABBS Audio Media Player 3.0 - Buffer Overflow (Metasploit) ABBS Electronic Flashcards 2.1 - Buffer Overflow (Metasploit) FreeAmp 2.0.7 - '.fat' Buffer Overflow (Metasploit) MPlayer Lite r33064 - '.m3u' Local Buffer Overflow (DEP Bypass) Zinf Audio Player 2.2.1 - '.pls' Local Buffer Overflow (DEP Bypass) ABBS Audio Media Player 3.0 - Local Buffer Overflow (Metasploit) ABBS Electronic Flashcards 2.1 - Local Buffer Overflow (Metasploit) FreeAmp 2.0.7 - '.fat' Local Buffer Overflow (Metasploit) CoolPlayer Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (1) CoolPlayer Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) (1) DVD X Player 5.5 Pro - Overflow (SEH + ASLR + DEP Bypass) ScadaTEC ModbusTagServer & ScadaPhone - '.zip' Buffer Overflow DVD X Player 5.5 Pro - Local Overflow (SEH + ASLR + DEP Bypass) ScadaTEC ModbusTagServer & ScadaPhone - '.zip' Local Buffer Overflow Wav Player 1.1.3.6 - '.pll' Buffer Overflow Wav Player 1.1.3.6 - '.pll' Local Buffer Overflow Muse Music All-in-One 1.5.0.001 - '.pls' Buffer Overflow (DEP Bypass) Muse Music All-in-One 1.5.0.001 - '.pls' Local Buffer Overflow (DEP Bypass) GTA SA-MP - 'server.cfg' Buffer Overflow (Metasploit) GTA SA-MP - 'server.cfg' Local Buffer Overflow (Metasploit) Mini-stream Ripper 3.0.1.1 - Buffer Overflow (Metasploit) (3) Mini-stream Ripper 3.0.1.1 - Local Buffer Overflow (Metasploit) (3) Microsoft Excel 2007 - '.xlb' Buffer Overflow (MS11-021) (Metasploit) Microsoft Excel 2007 - '.xlb' Local Buffer Overflow (MS11-021) (Metasploit) BS.Player 2.57 - Buffer Overflow (SEH Unicode) (Metasploit) BS.Player 2.57 - Local Buffer Overflow (SEH Unicode) (Metasploit) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) (Metasploit) DJ Studio Pro 5.1.6.5.2 - Local Overflow (SEH) (Metasploit) Socusoft Photo 2 Video 8.05 - Buffer Overflow Socusoft Photo 2 Video 8.05 - Local Buffer Overflow RM Downloader 3.1.3.3.2010.06.26 - '.m3u' Buffer Overflow (Metasploit) RM Downloader 3.1.3.3.2010.06.26 - '.m3u' Local Buffer Overflow (Metasploit) Bitsmith PS Knowbase 3.2.3 - Buffer Overflow BlazeVideo HDTV Player 6.6 Professional - Overflow (SEH + ASLR + DEP Bypass) Bitsmith PS Knowbase 3.2.3 - Local Buffer Overflow BlazeVideo HDTV Player 6.6 Professional - Local Overflow (SEH + ASLR + DEP Bypass) GSM SIM Editor 5.15 - Buffer Overflow (Metasploit) xRadio 0.95b - Buffer Overflow (Metasploit) Shadow Stream Recorder 3.0.1.7 - Buffer Overflow (Metasploit) GSM SIM Editor 5.15 - Local Buffer Overflow (Metasploit) xRadio 0.95b - Local Buffer Overflow (Metasploit) Shadow Stream Recorder 3.0.1.7 - Local Buffer Overflow (Metasploit) SkinCrafter ActiveX Control 3.0 - Buffer Overflow SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow Fred N. van Kempen dip 3.3.7 - Buffer Overflow (1) Fred N. van Kempen dip 3.3.7 - Buffer Overflow (2) Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow (1) Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow (2) TFM MMPlayer - '.m3u' / '.ppl' Buffer Overflow (Metasploit) TFM MMPlayer - '.m3u' / '.ppl' Local Buffer Overflow (Metasploit) Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Buffer Overflow Sun Solaris 7.0 - '/usr/bin/lpset' Buffer Overflow Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Local Buffer Overflow Sun Solaris 7.0 - '/usr/bin/lpset' Local Buffer Overflow Xcmail 0.99.6 - Buffer Overflow Xcmail 0.99.6 - Local Buffer Overflow Slackware Linux 3.1 - '/usr/X11/bin/SuperProbe' Buffer Overflow Armidale Software Yapp Conferencing System 2.2 - Buffer Overflow Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (1) Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (2) Slackware Linux 3.1 - '/usr/X11/bin/SuperProbe' Local Buffer Overflow Armidale Software Yapp Conferencing System 2.2 - Local Buffer Overflow Slackware Linux 3.1/3.2 - 'color_xterm' Local Buffer Overflow (1) Slackware Linux 3.1/3.2 - 'color_xterm' Local Buffer Overflow (2) IBM AIX 4.2.1 - '/usr/bin/portmir' Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 - 'ping' Buffer Overflow IBM AIX 4.2 - '/usr/sbin/lchangelv' Buffer Overflow IBM AIX 4.2.1 - '/usr/bin/portmir' Local Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 - 'ping' Local Buffer Overflow IBM AIX 4.2 - '/usr/sbin/lchangelv' Local Buffer Overflow RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Buffer Overflow (1) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Buffer Overflow (2) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Local Buffer Overflow (1) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Local Buffer Overflow (2) URL Hunter - Buffer Overflow DEP Bypass Solaris 2.5.1 - 'kcms' Buffer Overflow (1) Solaris 2.5.1 - 'kcms' Buffer Overflow (2) URL Hunter - Local Buffer OverflowDEP Bypass Solaris 2.5.1 - 'kcms' Local Buffer Overflow (1) Solaris 2.5.1 - 'kcms' Local Buffer Overflow (2) Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Buffer Overflow Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Local Buffer Overflow Xi Graphics Accelerated X 4.0.x/5.0 - Buffer Overflow VMware 1.0.1 - Buffer Overflow Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (2) Xi Graphics Accelerated X 4.0.x/5.0 - Local Buffer Overflow VMware 1.0.1 - Local Buffer Overflow Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Local Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Local Buffer Overflow (2) Samba < 2.0.5 - Overflow Samba < 2.0.5 - Local Overflow RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (1) RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (2) RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Local Buffer Overflow (1) RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Local Buffer Overflow (2) Martin Stover Mars NWE 0.99 - Buffer Overflow DIGITAL UNIX 4.0 d/e/f / AIX 4.3.2 / CDE 2.1 / IRIX 6.5.14 / Solaris 7.0 - Buffer Overflow Martin Stover Mars NWE 0.99 - Local Buffer Overflow DIGITAL UNIX 4.0 d/e/f / AIX 4.3.2 / CDE 2.1 / IRIX 6.5.14 / Solaris 7.0 - Local Buffer Overflow DIGITAL UNIX 4.0 d/f / AIX 4.3.2 / CDE 2.1 / IRIX 6.5.14 / Solaris 7.0 / SunOS 4.1.4 - Buffer Overflow DIGITAL UNIX 4.0 d/f / AIX 4.3.2 / CDE 2.1 / IRIX 6.5.14 / Solaris 7.0 / SunOS 4.1.4 - Local Buffer Overflow BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow (1) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow (2) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Local Overflow (1) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Local Overflow (2) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (1) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (2) IRIX 6.5 / Solaris 7.0 / Turbolinux 4.2 - 'uum' Buffer Overflow Turbolinux 3.5 b2 - 'canuum' Buffer Overflow Yamaha MidiPlug 1.1 b-j MidiPlug - Buffer Overflow Hylafax Hylafax 4.0.2 - Buffer Overflow xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (1) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (2) IRIX 6.5 / Solaris 7.0 / Turbolinux 4.2 - 'uum' Local Buffer Overflow Turbolinux 3.5 b2 - 'canuum' Local Buffer Overflow Yamaha MidiPlug 1.1 b-j MidiPlug - Local Buffer Overflow Hylafax Hylafax 4.0.2 - Local Buffer Overflow SCO Unixware 7.0 - 'xlock(1)' 'Username' Buffer Overflow SCO Unixware 7.0 - 'xlock(1)' 'Username' Local Buffer Overflow FreeBSD 3.3 - 'gdc' Buffer Overflow FreeBSD 3.3 - 'gdc' Local Buffer Overflow FreeBSD 3.3 - 'xmindpath' Buffer Overflow FreeBSD 3.3 - 'angband' Buffer Overflow FreeBSD 3.3 - 'xmindpath' Local Buffer Overflow FreeBSD 3.3 - 'angband' Local Buffer Overflow RSA Security RSAREF 2.0 - Buffer Overflow SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'xauto' Buffer Overflow RSA Security RSAREF 2.0 - Local Buffer Overflow SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'xauto' Local Buffer Overflow SCO Unixware 7.1 pkgcat - Buffer Overflow SCO Unixware 7.1 pkginstall - Buffer Overflow SCO Unixware 7.1 pkgcat - Local Buffer Overflow SCO Unixware 7.1 pkginstall - Local Buffer Overflow VDOLive Player 3.0.2 - Buffer Overflow VDOLive Player 3.0.2 - Local Buffer Overflow SCO Open Server 5.0.5 / IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library - Buffer Overflows SCO Open Server 5.0.5 / IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library - Local Buffer Overflows Inter7 vpopmail (vchkpw) 3.4.11 - Buffer Overflow Inter7 vpopmail (vchkpw) 3.4.11 - Local Buffer Overflow Microsoft Clip Art Gallery 5.0 - Buffer Overflow Microsoft Clip Art Gallery 5.0 - Local Buffer Overflow Sam Hawker wmcdplay 1.0 beta1-2 - Buffer Overflow (1) Sam Hawker wmcdplay 1.0 beta1-2 - Buffer Overflow (2) Sam Hawker wmcdplay 1.0 beta1-2 - Local Buffer Overflow (1) Sam Hawker wmcdplay 1.0 beta1-2 - Local Buffer Overflow (2) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (1) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (2) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (3) Solaris 2.6/7.0 - 'lpset -r' Local Buffer Overflow (1) Solaris 2.6/7.0 - 'lpset -r' Local Buffer Overflow (2) Solaris 2.6/7.0 - 'lpset -r' Local Buffer Overflow (3) SuSE Linux 6.3/6.4 Gnomelib - Buffer Overflow SuSE Linux 6.3/6.4 Gnomelib - Local Buffer Overflow Solaris 2.6/7.0/8 - 'netpr' Buffer Overflow (1) Solaris 2.6/7.0/8 - 'netpr' Buffer Overflow (2) Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (1) Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (2) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (2) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Local Buffer Overflow (2) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (1) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (2) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (3) Mandriva Linux Mandrake 7.0 - Buffer Overflow Mandriva Linux Mandrake 7.0 - Local Buffer Overflow BSD 'mailx' 8.1.1-10 - Buffer Overflow (1) mailx 8.1.1-10 (BSD/Slackware) - Buffer Overflow (2) BSD 'mailx' 8.1.1-10 - Local Buffer Overflow (1) mailx 8.1.1-10 (BSD/Slackware) - Local Buffer Overflow (2) Sam Lantinga splitvt 1.6.3 - Buffer Overflow Solaris 2.5/2.6/7.0/8 ufsrestore - Buffer Overflow Sam Lantinga splitvt 1.6.3 - Local Buffer Overflow Solaris 2.5/2.6/7.0/8 ufsrestore - Local Buffer Overflow Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - Buffer Overflow (ASLR + DEP Bypass) IRIX 6.5.x - '/usr/sbin/gr_osview' Buffer Overflow SGI IRIX 6.2 - 'libgl.so' Buffer Overflow IRIX 6.5.x - '/usr/sbin/dmplay' Buffer Overflow IRIX 6.2/6.3 - '/bin/lpstat' Buffer Overflow Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - Local Buffer Overflow (ASLR + DEP Bypass) IRIX 6.5.x - '/usr/sbin/gr_osview' Local Buffer Overflow SGI IRIX 6.2 - 'libgl.so' Local Buffer Overflow IRIX 6.5.x - '/usr/sbin/dmplay' Local Buffer Overflow IRIX 6.2/6.3 - '/bin/lpstat' Local Buffer Overflow IRIX 5.3/6.x - '/usr/bin/mail' Buffer Overflow IRIX 5.3/6.x - '/usr/bin/mail' Local Buffer Overflow CoolPlayer Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (2) CoolPlayer Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) (2) CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) CoolPlayer+ Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) Exim Buffer 1.6.2/1.6.51 - Overflow Exim Buffer 1.6.2/1.6.51 - Local Overflow Jan Hubicka Koules 1.4 - 'Svgalib' Buffer Overflow Jan Hubicka Koules 1.4 - 'Svgalib' Local Buffer Overflow aSc Timetables 2017 - Buffer Overflow aSc Timetables 2017 - Local Buffer Overflow IBM AIX 4.x - '/usr/bin/setsenv' Buffer Overflow IBM AIX 4.3 - '/usr/lib/lpd/digest' Buffer Overflow IBM AIX 4.x - 'enq' Buffer Overflow IBM AIX 4.3.x - '/usr/lib/lpd/piobe' Buffer Overflow IBM AIX 4.x - '/usr/bin/setsenv' Local Buffer Overflow IBM AIX 4.3 - '/usr/lib/lpd/digest' Local Buffer Overflow IBM AIX 4.x - 'enq' Local Buffer Overflow IBM AIX 4.3.x - '/usr/lib/lpd/piobe' Local Buffer Overflow Rob Malda ASCDC 0.3 - Buffer Overflow (1) Rob Malda ASCDC 0.3 - Buffer Overflow (2) Rob Malda ASCDC 0.3 - Local Buffer Overflow (1) Rob Malda ASCDC 0.3 - Local Buffer Overflow (2) Solaris 2.5/2.6/7.0/8 tip - Buffer Overflow Solaris 2.5/2.6/7.0/8 tip - Local Buffer Overflow DG/UX 4.20 lpsched - 'Error Message' Buffer Overflow DG/UX 4.20 lpsched - 'Error Message' Local Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Local Buffer Overflow Solaris 2.5/2.6/7.0/8 - 'mailx -F' Buffer Overflow (1) Solaris 2.5/2.6/7.0/8 - 'mailx -F' Buffer Overflow (2) Solaris 2.5/2.6/7.0/8 - 'mailx -F' Local Buffer Overflow (1) Solaris 2.5/2.6/7.0/8 - 'mailx -F' Local Buffer Overflow (2) Solaris 8 mailtool - Buffer Overflow Solaris 8 mailtool - Local Buffer Overflow kosch suid wrapper 1.1.1 - Buffer Overflow kosch suid wrapper 1.1.1 - Local Buffer Overflow Rxvt 2.6.1/2.6.2 - Buffer Overflow Rxvt 2.6.1/2.6.2 - Local Buffer Overflow cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Buffer Overflow (1) cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Buffer Overflow (2) cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Buffer Overflow (3) cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (1) cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (2) cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (3) Solaris 8 libsldap - Buffer Overflow (1) Solaris 8 libsldap - Buffer Overflow (2) Solaris 2.6/2.6/7.0/8 whodo - Buffer Overflow Solaris 8 libsldap - Local Buffer Overflow (1) Solaris 8 libsldap - Local Buffer Overflow (2) Solaris 2.6/2.6/7.0/8 whodo - Local Buffer Overflow Xvt 2.1 - Buffer Overflow Xvt 2.1 - Local Buffer Overflow AIX 4.2/4.3 - '/usr/lib/lpd/pio/etc/piomkapqd' Buffer Overflow AIX 4.2/4.3 - '/usr/lib/lpd/pio/etc/piomkapqd' Local Buffer Overflow SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Buffer Overflow SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Local Buffer Overflow Internet Download Manager - Buffer Overflow (SEH) Internet Download Manager - Local Buffer Overflow (SEH) GNU Screen 3.9.x Braille Module - Buffer Overflow GNU Screen 3.9.x Braille Module - Local Buffer Overflow IBM Informix SE 7.25 sqlexec - Buffer Overflow (1) IBM Informix SE 7.25 sqlexec - Buffer Overflow (2) IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1) IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (2) QNX RTOS 6.1 - 'PKG-Installer' Buffer Overflow QNX RTOS 6.1 - 'PKG-Installer' Local Buffer Overflow HP CIFS/9000 Server A.01.05/A.01.06 - Buffer Overflow HP CIFS/9000 Server A.01.05/A.01.06 - Local Buffer Overflow NCMedia Sound Editor Pro 7.5.1 - Overflow (SEH + DEP Bypass) NCMedia Sound Editor Pro 7.5.1 - Local Overflow (SEH + DEP Bypass) HP Tru64/OSF1 DXTerm - Buffer Overflow HP Tru64/OSF1 DXTerm - Local Buffer Overflow PLIB 1.8.5 - 'ssg/ssgParser.cxx' Buffer Overflow PLIB 1.8.5 - 'ssg/ssgParser.cxx' Local Buffer Overflow HPUX 10.20/11 Wall Message - Buffer Overflow HPUX 10.20/11 Wall Message - Local Buffer Overflow HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC) HT Editor 2.0.20 - Local Buffer Overflow (ROP) (PoC) Microsoft Windows XP/2000 - 'RunDLL32.exe' Buffer Overflow Microsoft Windows XP/2000 - 'RunDLL32.exe' Local Buffer Overflow XBlast 2.6.1 - 'HOME Environment' Buffer Overflow XBlast 2.6.1 - 'HOME Environment' Local Buffer Overflow ViRobot Linux Server 2.0 - Overflow ViRobot Linux Server 2.0 - Local Overflow Nvidia Display Driver Service (Nsvr) - Buffer Overflow Nvidia Display Driver Service (Nsvr) - Local Buffer Overflow VirtualDJ Pro/Home 7.3 - Buffer Overflow HexChat 2.9.4 - Overflow VirtualDJ Pro/Home 7.3 - Local Buffer Overflow HexChat 2.9.4 - Local Overflow FuzeZip 1.0.0.131625 - Buffer Overflow (SEH) WinArchiver 3.2 - Buffer Overflow (SEH) FuzeZip 1.0.0.131625 - Local Buffer Overflow (SEH) WinArchiver 3.2 - Local Buffer Overflow (SEH) AudioCoder 0.8.18 - Buffer Overflow (SEH) AudioCoder 0.8.18 - Local Buffer Overflow (SEH) ABBS Audio Media Player 3.1 - '.lst' Buffer Overflow ABBS Audio Media Player 3.1 - '.lst' Local Buffer Overflow AudioCoder - '.m3u' Buffer Overflow (Metasploit) AudioCoder - '.m3u' Local Buffer Overflow (Metasploit) Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) Adrenalin Player 2.2.5.3 - '.m3u' Local Buffer Overflow (SEH) AdobeCollabSync - Buffer Overflow Adobe Reader X Sandbox Bypass (Metasploit) AdobeCollabSync - Local Buffer OverflowAdobe Reader X Sandbox Bypass (Metasploit) PHP 5.0.0 - 'tidy_parse_file()' Buffer Overflow PHP 5.0.0 - 'tidy_parse_file()' Local Buffer Overflow Adrenalin Player 2.2.5.3 - '.wax' Buffer Overflow (SEH) Adrenalin Player 2.2.5.3 - '.wax' Local Buffer Overflow (SEH) Adrenalin Player 2.2.5.3 - '.asx' Buffer Overflow (SEH) Adrenalin Player 2.2.5.3 - '.asx' Local Buffer Overflow (SEH) Mediacoder (.lst) - Buffer Overflow (SEH) Mediacoder - '.m3u' Buffer Overflow (SEH) Mediacoder PMP Edition 0.8.17 - '.m3u' Buffer Overflow Mediacoder (.lst) - Local Buffer Overflow (SEH) Mediacoder - '.m3u' Local Buffer Overflow (SEH) Mediacoder PMP Edition 0.8.17 - '.m3u' Local Buffer Overflow Static HTTP Server 1.0 - Overflow (SEH) AudioCoder (.lst) - Buffer Overflow (Metasploit) Adrenalin Player 2.2.5.3 - '.wvx' Buffer Overflow (SEH) Static HTTP Server 1.0 - Local Overflow (SEH) AudioCoder (.lst) - Local Buffer Overflow (Metasploit) Adrenalin Player 2.2.5.3 - '.wvx' Local Buffer Overflow (SEH) ABBS Audio Media Player - '.LST' Buffer Overflow (Metasploit) ABBS Audio Media Player - '.LST' Local Buffer Overflow (Metasploit) Easy LAN Folder Share 3.2.0.100 - Buffer Overflow (SEH) Easy LAN Folder Share 3.2.0.100 - Local Buffer Overflow (SEH) Chasys Draw IES - Buffer Overflow (Metasploit) Chasys Draw IES - Local Buffer Overflow (Metasploit) glibc and eglibc 2.5/2.7/2.13 - Buffer Overflow glibc and eglibc 2.5/2.7/2.13 - Local Buffer Overflow Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow (SEH) Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow (SEH) Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Local Buffer Overflow (SEH) Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Local Buffer Overflow (SEH) BlazeDVD Pro Player 7.0 - '.plf' Buffer Overflow (SEH) BlazeDVD Pro Player 7.0 - '.plf' Local Buffer Overflow (SEH) VideoCharge Studio 2.12.3.685 - Buffer Overflow (SEH) VideoCharge Studio 2.12.3.685 - Local Buffer Overflow (SEH) Watermark Master 2.2.23 - Buffer Overflow (SEH) BlazeDVD 6.2 - '.plf' Buffer Overflow (SEH) AudioCoder 0.8.22 - '.m3u' Buffer Overflow (SEH) Watermark Master 2.2.23 - Local Buffer Overflow (SEH) BlazeDVD 6.2 - '.plf' Local Buffer Overflow (SEH) AudioCoder 0.8.22 - '.m3u' Local Buffer Overflow (SEH) Steinberg MyMp3PRO 5.0 - Buffer Overflow (SEH) (DEP Bypass + ROP) Steinberg MyMp3PRO 5.0 - Local Buffer Overflow (SEH) (DEP Bypass + ROP) VideoSpirit Pro 1.90 - Buffer Overflow (SEH) VideoSpirit Pro 1.90 - Local Buffer Overflow (SEH) VideoSpirit Lite 1.77 - Buffer Overflow (SEH) VideoSpirit Lite 1.77 - Local Buffer Overflow (SEH) Watermark Master 2.2.23 - '.wstyle' Buffer Overflow (SEH) Watermark Master 2.2.23 - '.wstyle' Local Buffer Overflow (SEH) Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH Unicode) Light Alloy 4.7.3 - '.m3u' Local Buffer Overflow (SEH Unicode) GOM Player 2.2.53.5169 - '.reg' Buffer Overflow (SEH) GOM Player 2.2.53.5169 - '.reg' Local Buffer Overflow (SEH) Total Video Player 1.3.1 (Settings.ini) - Buffer Overflow (SEH) Total Video Player 1.3.1 (Settings.ini) - Local Buffer Overflow (SEH) Kingsoft Office Writer 2012 8.1.0.3385 - '.wps' Buffer Overflow (SEH) Kingsoft Office Writer 2012 8.1.0.3385 - '.wps' Local Buffer Overflow (SEH) Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) (ASLR + DEP Bypass) Adrenalin Player 2.2.5.3 - '.m3u' Local Buffer Overflow (SEH) (ASLR + DEP Bypass) Publish-It 3.6d - '.pui' Buffer Overflow (SEH) Publish-It 3.6d - '.pui' Local Buffer Overflow (SEH) Easy CD-DA Recorder - '.pls' Buffer Overflow (Metasploit) Easy CD-DA Recorder - '.pls' Local Buffer Overflow (Metasploit) Gold MP4 Player 3.3 - Buffer Overflow (SEH) Total Video Player 1.3.1 - 'Settings.ini' Buffer Overflow (SEH) (Metasploit) Gold MP4 Player 3.3 - Local Buffer Overflow (SEH) Total Video Player 1.3.1 - 'Settings.ini' Local Buffer Overflow (SEH) (Metasploit) ALLPlayer 5.8.1 - '.m3u' Buffer Overflow (SEH) Calavera UpLoader 3.5 - Buffer Overflow (SEH) ALLPlayer 5.8.1 - '.m3u' Local Buffer Overflow (SEH) Calavera UpLoader 3.5 - Local Buffer Overflow (SEH) ALLPlayer - '.m3u' Buffer Overflow (Metasploit) KMPlayer 3.8.0.117 - Buffer Overflow ALLPlayer - '.m3u' Local Buffer Overflow (Metasploit) KMPlayer 3.8.0.117 - Local Buffer Overflow MP3Info 0.8.5a - Buffer Overflow (SEH) MP3Info 0.8.5a - Local Buffer Overflow (SEH) Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation Free WMA MP3 Converter 1.8 - '.wav' Buffer Overflow Free WMA MP3 Converter 1.8 - '.wav' Local Buffer Overflow i-FTP 2.20 - Buffer Overflow (SEH) i-FTP 2.20 - Local Buffer Overflow (SEH) Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow (SEH) Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Local Buffer Overflow (SEH) BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Ruby) VFU 4.10-1.1 - Buffer Overflow BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby) VFU 4.10-1.1 - Local Buffer Overflow Advantech AdamView 4.30.003 - '.gni' Buffer Overflow (SEH) Advantech AdamView 4.30.003 - '.gni' Local Buffer Overflow (SEH) i-FTP Schedule - Buffer Overflow (Metasploit) i-FTP Schedule - Local Buffer Overflow (Metasploit) T-Mobile Internet Manager - Buffer Overflow (SEH) Congstar Internet Manager - Buffer Overflow (SEH) T-Mobile Internet Manager - Local Buffer Overflow (SEH) Congstar Internet Manager - Local Buffer Overflow (SEH) MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (1) MooPlayer 1.3.0 - 'm3u' Local Buffer Overflow (SEH) (1) Publish-It 3.6d - Buffer Overflow (SEH) Publish-It 3.6d - Local Buffer Overflow (SEH) Publish-It - '.PUI' Buffer Overflow (SEH) (Metasploit) Publish-It - '.PUI' Local Buffer Overflow (SEH) (Metasploit) MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (2) MooPlayer 1.3.0 - 'm3u' Local Buffer Overflow (SEH) (2) Mediacoder 0.8.34.5716 - '.m3u' Buffer Overflow (SEH) Mediacoder 0.8.34.5716 - '.m3u' Local Buffer Overflow (SEH) VideoCharge Express 3.16.3.04 - Buffer Overflow VideoCharge Professional + Express Vanilla 3.18.4.04 - Buffer Overflow VideoCharge Vanilla 3.16.4.06 - Buffer Overflow VideoCharge Express 3.16.3.04 - Local Buffer Overflow VideoCharge Professional + Express Vanilla 3.18.4.04 - Local Buffer Overflow VideoCharge Vanilla 3.16.4.06 - Local Buffer Overflow BulletProof FTP Client 2010 - Buffer Overflow (DEP Bypass) BulletProof FTP Client 2010 - Local Buffer Overflow (DEP Bypass) Jildi FTP Client 1.5.6 - Buffer Overflow (SEH) Jildi FTP Client 1.5.6 - Local Buffer Overflow (SEH) 1 Click Audio Converter 2.3.6 - Activex Buffer Overflow 1 Click Audio Converter 2.3.6 - Activex Local Buffer Overflow Blueberry Express 5.9.0.3678 - Buffer Overflow (SEH) Blueberry Express 5.9.0.3678 - Local Buffer Overflow (SEH) Tomabo MP4 Player 3.11.3 - '.m3u' Buffer Overflow (SEH) Tomabo MP4 Player 3.11.3 - '.m3u' Local Buffer Overflow (SEH) PDF Shaper 3.5 - Buffer Overflow (Metasploit) PDF Shaper 3.5 - Local Buffer Overflow (Metasploit) Microsoft HTML Help Compiler 4.74.8702.0 - Overflow (SEH) Microsoft HTML Help Compiler 4.74.8702.0 - Local Overflow (SEH) VideoCharge Studio - Buffer Overflow (SEH) (Metasploit) VideoCharge Studio - Local Buffer Overflow (SEH) (Metasploit) Multiple ChiefPDF Software 2.0 - Buffer Overflow Multiple ChiefPDF Software 2.0 - Local Buffer Overflow ZSNES 1.51 - Buffer Overflow FENIX 0.92 - Buffer Overflow BSIGN 0.4.5 - Buffer Overflow Boxoft WAV to MP3 Converter - 'convert' Buffer Overflow ZSNES 1.51 - Local Buffer Overflow FENIX 0.92 - Local Buffer Overflow BSIGN 0.4.5 - Local Buffer Overflow Boxoft WAV to MP3 Converter - 'convert' Local Buffer Overflow AutoCAD DWG and DXF To PDF Converter 2.2 - Buffer Overflow AutoCAD DWG and DXF To PDF Converter 2.2 - Local Buffer Overflow VeryPDF HTML Converter 2.0 - Buffer Overflow (SEH/ToLower() Bypass) VeryPDF HTML Converter 2.0 - Local Buffer Overflow (SEH/ToLower() Bypass) Logitech Webcam Software 1.1 - 'eReg.exe' Buffer Overflow (SEH Unicode) Logitech Webcam Software 1.1 - 'eReg.exe' Local Buffer Overflow (SEH Unicode) ZTE PC UI USB Modem Software - Buffer Overflow IKEView R60 - Buffer Overflow Local (SEH) ZTE PC UI USB Modem Software - Local Buffer Overflow IKEView R60 - Local Buffer OverflowLocal (SEH) GNU Coreutils 'sort' Text Utility - Buffer Overflow Total Commander 8.52 (Windows 10) - Buffer Overflow Total Commander 8.52 - Buffer Overflow GNU Coreutils 'sort' Text Utility - Local Buffer Overflow Total Commander 8.52 (Windows 10) - Local Buffer Overflow Total Commander 8.52 - Local Buffer Overflow Symantec Encryption Desktop 10 - Buffer Overflow Privilege Escalation Symantec Encryption Desktop 10 - Local Buffer OverflowPrivilege Escalation VeryPDF Image2PDF Converter - Buffer Overflow (SEH) Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (SEH) VeryPDF Image2PDF Converter - Local Buffer Overflow (SEH) Boxoft WAV to MP3 Converter 1.1 - Local Buffer Overflow (SEH) Blat 2.7.6 SMTP / NNTP Mailer - Buffer Overflow Blat 2.7.6 SMTP / NNTP Mailer - Local Buffer Overflow TCPing 2.1.0 - Buffer Overflow TCPing 2.1.0 - Local Buffer Overflow IBM i Access 7.1 - Buffer Overflow Code Execution IBM i Access 7.1 - Local Buffer OverflowCode Execution FTPShell Client 5.24 - Buffer Overflow FTPShell Client 5.24 - Local Buffer Overflow Oracle - 'HtmlConverter.exe' Buffer Overflow Oracle - 'HtmlConverter.exe' Local Buffer Overflow Core FTP Server 1.2 - Buffer Overflow (PoC) Core FTP Server 1.2 - Local Buffer Overflow (PoC) MP3 WAV to CD Burner 1.4.24 - Buffer Overflow (SEH) MP3 WAV to CD Burner 1.4.24 - Local Buffer Overflow (SEH) Mediacoder 0.8.43.5830 - '.m3u' Buffer Overflow (SEH) VUPlayer 2.49 (Windows 7) - '.m3u' Buffer Overflow (DEP Bypass) Mediacoder 0.8.43.5830 - '.m3u' Local Buffer Overflow (SEH) VUPlayer 2.49 (Windows 7) - '.m3u' Local Buffer Overflow (DEP Bypass) My Video Converter 1.5.24 - Buffer Overflow (SEH) My Video Converter 1.5.24 - Local Buffer Overflow (SEH) VirusChaser 8.0 - Buffer Overflow (SEH) VirusChaser 8.0 - Local Buffer Overflow (SEH) Disk Sorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow DiskBoss Enterprise 7.8.16 - 'Import Command' Buffer Overflow Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow Disk Sorter Enterprise 9.5.12 - 'Import Command' Local Buffer Overflow DiskBoss Enterprise 7.8.16 - 'Import Command' Local Buffer Overflow Sync Breeze Enterprise 9.5.16 - 'Import Command' Local Buffer Overflow Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Buffer Overflow (SEH) Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Local Buffer Overflow (SEH) Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH) Gemalto SmartDiag Diagnosis Tool < 2.5 - Local Buffer Overflow (SEH) Easy MOV Converter 1.4.24 - 'Enter User Name' Buffer Overflow (SEH) Easy MOV Converter 1.4.24 - 'Enter User Name' Local Buffer Overflow (SEH) JAD Java Decompiler 1.5.8e - Buffer Overflow Flat Assembler 1.7.21 - Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow Flat Assembler 1.7.21 - Local Buffer Overflow Easy AVI DivX Converter 1.2.24 - Buffer Overflow (SEH) Easy AVI DivX Converter 1.2.24 - Local Buffer Overflow (SEH) DNSTracer 1.9 - Buffer Overflow DNSTracer 1.9 - Local Buffer Overflow ALLPlayer 7.4 - Buffer Overflow (SEH Unicode) Internet Download Manager 6.28 Build 17 - Buffer Overflow (SEH Unicode) ALLPlayer 7.4 - Local Buffer Overflow (SEH Unicode) Internet Download Manager 6.28 Build 17 - Local Buffer Overflow (SEH Unicode) Easy DVD Creater 2.5.11 - Buffer Overflow (SEH) Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Easy DVD Creater 2.5.11 - Local Buffer Overflow (SEH) Disk Pulse Enterprise 9.9.16 - 'Import Command' Local Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Local Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Local Buffer Overflow Easy DVD Creator 2.5.11 - Buffer Overflow (SEH) Easy WMV/ASF/ASX to DVD Burner 2.3.11 - Buffer Overflow (SEH) Easy RM RMVB to DVD Burner 1.8.11 - Buffer Overflow (SEH) Easy Vedio to PSP Converter 1.6.20 - Buffer Overflow (SEH) Easy DVD Creator 2.5.11 - Local Buffer Overflow (SEH) Easy WMV/ASF/ASX to DVD Burner 2.3.11 - Local Buffer Overflow (SEH) Easy RM RMVB to DVD Burner 1.8.11 - Local Buffer Overflow (SEH) Easy Vedio to PSP Converter 1.6.20 - Local Buffer Overflow (SEH) CyberLink LabelPrint < 2.5 - Buffer Overflow (SEH Unicode) CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode) DiskBoss Enterprise 8.4.16 - 'Import Command' Buffer Overflow Dup Scout Enterprise 10.0.18 - 'Import Command' Buffer Overflow DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow Dup Scout Enterprise 10.0.18 - 'Import Command' Local Buffer Overflow ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow ASX to MP3 3.1.3.7 - '.m3u' Local Buffer Overflow Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Buffer Overflow (SEH) Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Local Buffer Overflow (SEH) VX Search 10.2.14 - 'Proxy' Buffer Overflow (SEH) VX Search 10.2.14 - 'Proxy' Local Buffer Overflow (SEH) Samba 2.2.x - Buffer Overflow SETI@home Clients - Buffer Overflow Samba 2.2.x - Remote Buffer Overflow SETI@home Clients - Remote Buffer Overflow GtkFtpd 1.0.4 - Buffer Overflow GtkFtpd 1.0.4 - Remote Buffer Overflow IPSwitch IMail LDAP Daemon/Service - Buffer Overflow IPSwitch IMail LDAP Daemon/Service - Remote Buffer Overflow Monit 4.1 - Buffer Overflow Monit 4.2 - Buffer Overflow Monit 4.1 - Remote Buffer Overflow Monit 4.2 - Remote Buffer Overflow PHF (Linux/x86) - Buffer Overflow PHF (Linux/x86) - Remote Buffer Overflow Ability Server 2.34 - FTP 'STOR' Buffer Overflow Ability Server 2.34 - FTP 'STOR' Remote Buffer Overflow TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Buffer Overflow TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Remote Buffer Overflow Ability Server 2.34 (Unix) - FTP 'STOR' Buffer Overflow Ability Server 2.34 (Unix) - FTP 'STOR' Remote Buffer Overflow DMS POP3 Server 1.5.3 build 37 - Buffer Overflow CoffeeCup FTP Clients (Direct 6.2.0.62) (Free 3.0.0.10) - Buffer Overflow DMS POP3 Server 1.5.3 build 37 - Remote Buffer Overflow CoffeeCup FTP Clients (Direct 6.2.0.62) (Free 3.0.0.10) - Remote Buffer Overflow Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Buffer Overflow Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Remote Buffer Overflow PHP 4.3.7 - 'openlog()' Buffer Overflow PHP 4.3.7 - 'openlog()' Remote Buffer Overflow NodeManager Professional 2.00 - Buffer Overflow NodeManager Professional 2.00 - Remote Buffer Overflow GlobalScape Secure FTP Server 3.0 - Buffer Overflow GlobalScape Secure FTP Server 3.0 - Remote Buffer Overflow Microsoft Windows Message Queuing - Buffer Overflow Universal (MS05-017) (v.0.3) Microsoft Windows Message Queuing - Remote Buffer Overflow Universal (MS05-017) (v.0.3) CA BrightStor ARCserve Backup - 'dsconfig.exe' Buffer Overflow CA BrightStor ARCserve Backup - 'dsconfig.exe' Remote Buffer Overflow Mirabilis ICQ 2003a - Buffer Overflow Download Shellcode Mirabilis ICQ 2003a - Remote Buffer Overflow Download Shellcode MailEnable Enterprise Edition 1.1 - 'EXAMINE' Buffer Overflow MailEnable Enterprise Edition 1.1 - 'EXAMINE' Remote Buffer Overflow Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Remote Buffer Overflow Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow Evince Document Viewer - 'DocumentMedia' Buffer Overflow Evince Document Viewer - 'DocumentMedia' Remote Buffer Overflow Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Buffer Overflow Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Remote Buffer Overflow dproxy-nexgen (Linux x86) - Buffer Overflow dproxy-nexgen (Linux x86) - Remote Buffer Overflow IPIX Image Well - ActiveX 'iPIX-ImageWell-ipix.dll' Buffer Overflow IPIX Image Well - ActiveX 'iPIX-ImageWell-ipix.dll' Remote Buffer Overflow LeadTools Raster Thumbnail Object Library - 'LTRTM14e.dll' Buffer Overflow LeadTools Raster Thumbnail Object Library - 'LTRTM14e.dll' Remote Buffer Overflow AMX Corp. VNC ActiveX Control - 'AmxVnc.dll 1.0.13.0' Buffer Overflow AXIS Camera Control (AxisCamControl.ocx 1.0.2.15) - Buffer Overflow AMX Corp. VNC ActiveX Control - 'AmxVnc.dll 1.0.13.0' Remote Buffer Overflow AXIS Camera Control (AxisCamControl.ocx 1.0.2.15) - Remote Buffer Overflow Postcast Server Pro 3.0.61 / Quiksoft EasyMail - 'emsmtp.dll 6.0.1' Buffer Overflow Postcast Server Pro 3.0.61 / Quiksoft EasyMail - 'emsmtp.dll 6.0.1' Remote Buffer Overflow EasyMail MessagePrinter Object - 'emprint.dll 6.0.1.0' Buffer Overflow EasyMail MessagePrinter Object - 'emprint.dll 6.0.1.0' Remote Buffer Overflow Persits Software XUpload Control - 'AddFolder()' Buffer Overflow IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Buffer Overflow Persits Software XUpload Control - 'AddFolder()' Remote Buffer Overflow IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Remote Buffer Overflow IBM Domino Web Access Upload Module - 'dwa7w.dll' Buffer Overflow IBM Domino Web Access Upload Module - 'dwa7w.dll' Remote Buffer Overflow StreamAudio ChainCast ProxyManager - 'ccpm_0237.dll' Buffer Overflow NUVICO DVR NVDV4 / PdvrAtl Module 'PdvrAtl.DLL 1.0.1.25' - Buffer Overflow StreamAudio ChainCast ProxyManager - 'ccpm_0237.dll' Remote Buffer Overflow NUVICO DVR NVDV4 / PdvrAtl Module 'PdvrAtl.DLL 1.0.1.25' - Remote Buffer Overflow RTS Sentry Digital Surveillance - 'CamPanel.dll 2.1.0.2' Buffer Overflow RTS Sentry Digital Surveillance - 'CamPanel.dll 2.1.0.2' Remote Buffer Overflow HP Virtual Rooms WebHPVCInstall Control - Buffer Overflow HP Virtual Rooms WebHPVCInstall Control - Remote Buffer Overflow Move Networks Upgrade Manager Control - Buffer Overflow Move Networks Upgrade Manager Control - Remote Buffer Overflow MySpace Uploader - 'MySpaceUploader.ocx 1.0.0.4' Buffer Overflow MySpace Uploader - 'MySpaceUploader.ocx 1.0.0.4' Remote Buffer Overflow FaceBook PhotoUploader - 'ImageUploader4.ocx 4.5.57.0' Buffer Overflow FaceBook PhotoUploader - 'ImageUploader4.ocx 4.5.57.0' Remote Buffer Overflow dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow dBpowerAMP Audio Player 2 - '.m3u' Remote Buffer Overflow Move Networks Quantum Streaming Player Control - Buffer Overflow D-Link MPEG4 SHM Audio Control - 'VAPGDecoder.dll 1.7.0.5' Buffer Overflow Symantec BackupExec Calendar Control - 'PVCalendar.ocx' Buffer Overflow Move Networks Quantum Streaming Player Control - Remote Buffer Overflow D-Link MPEG4 SHM Audio Control - 'VAPGDecoder.dll 1.7.0.5' Remote Buffer Overflow Symantec BackupExec Calendar Control - 'PVCalendar.ocx' Remote Buffer Overflow Black Ice Software Annotation Plugin - 'BiAnno.ocx' Buffer Overflow (2) Black Ice Software Annotation Plugin - 'BiAnno.ocx' Remote Buffer Overflow (2) FlashGet 1.9.0.1012 - 'FTP PWD Response' Buffer Overflow (SafeSEH) FlashGet 1.9.0.1012 - 'FTP PWD Response' Remote Buffer Overflow (SafeSEH) EasyMail - ActiveX 'emmailstore.dll 6.5.0.3' Buffer Overflow EasyMail - ActiveX 'emmailstore.dll 6.5.0.3' Remote Buffer Overflow NaviCOPA Web Server 3.0.1 - Buffer Overflow / Script Source Disclosure NaviCOPA Web Server 3.0.1 - Remote Buffer Overflow / Script Source Disclosure Serv-U Web Client 9.0.0.5 - Buffer Overflow (2) Serv-U Web Client 9.0.0.5 - Remote Buffer Overflow (2) Xion Audio Player 1.0 121 - '.m3u' Buffer Overflow (1) Xion Audio Player 1.0 121 - '.m3u' Remote Buffer Overflow (1) Novell eDirectory 8.8sp5 - Buffer Overflow Novell eDirectory 8.8sp5 - Remote Buffer Overflow Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (1) (Metasploit) Solaris TelnetD - 'TTYPROMPT' Remote Buffer Overflow (1) (Metasploit) Solaris sadmind adm_build_path - Buffer Overflow (Metasploit) Solaris sadmind adm_build_path - Remote Buffer Overflow (Metasploit) NTPd 4.0.99j-k readvar - Buffer Overflow (Metasploit) NTPd 4.0.99j-k readvar - Remote Buffer Overflow (Metasploit) Borland Interbase 2007 - 'PWD_db_aliased' Buffer Overflow (Metasploit) Pegasus Mail Client 4.51 - Buffer Overflow (PoC) Serv-U Web Client 9.0.0.5 - Buffer Overflow (1) Borland Interbase 2007 - 'PWD_db_aliased' Remote Buffer Overflow (Metasploit) Pegasus Mail Client 4.51 - Remote Buffer Overflow (PoC) Serv-U Web Client 9.0.0.5 - Remote Buffer Overflow (1) Borland Interbase 2007/2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'jrd8_create_database' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'open_marker_file' Remote Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'jrd8_create_database' Remote Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'INET_connect' Remote Buffer Overflow (Metasploit) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - 'apply.cgi' Buffer Overflow (Metasploit) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - 'apply.cgi' Remote Buffer Overflow (Metasploit) Xtacacsd 4.1.2 - 'report()' Buffer Overflow (Metasploit) Xtacacsd 4.1.2 - 'report()' Remote Buffer Overflow (Metasploit) SAP GUI VSFlexGrid.VSFlexGridL sp 14 - Buffer Overflow SAP GUI VSFlexGrid.VSFlexGridL sp 14 - Remote Buffer Overflow Ada Image Server 0.6.7 - 'imgsrv.exe' Buffer Overflow Ada Image Server 0.6.7 - 'imgsrv.exe' Remote Buffer Overflow Hero DVD Remote 1.0 - Buffer Overflow HP Application Recovery Manager - 'OmniInet.exe' Buffer Overflow Hero DVD Remote 1.0 - Remote Buffer Overflow HP Application Recovery Manager - 'OmniInet.exe' Remote Buffer Overflow EFS Software Easy Chat Server 2.2 - Buffer Overflow EFS Software Easy Chat Server 2.2 - Remote Buffer Overflow AOL 9.5 - Phobos.Playlist 'Import()' Buffer Overflow (Metasploit) AOL 9.5 - Phobos.Playlist 'Import()' Remote Buffer Overflow (Metasploit) ProSSHD 1.2 20090726 - Buffer Overflow ProSSHD 1.2 20090726 - Remote Buffer Overflow Image22 ActiveX 1.1.1 - Buffer Overflow Image22 ActiveX 1.1.1 - Remote Buffer Overflow XFTP 3.0 Build 0239 - 'Filename' Buffer Overflow XFTP 3.0 Build 0239 - 'Filename' Remote Buffer Overflow Apple Mac OSX EvoCam Web Server 3.6.6/3.6.7 - Buffer Overflow Apple Mac OSX EvoCam Web Server 3.6.6/3.6.7 - Remote Buffer Overflow UFO: Alien Invasion 2.2.1 (Windows 7) - Buffer Overflow (ASLR + DEP Bypass) UFO: Alien Invasion 2.2.1 (Windows 7) - Remote Buffer Overflow (ASLR + DEP Bypass) Hero DVD - Buffer Overflow (Metasploit) Hero DVD - Remote Buffer Overflow (Metasploit) Barcodewiz Barcode ActiveX Control 3.29 - Buffer Overflow (SEH) Barcodewiz Barcode ActiveX Control 3.29 - Remote Buffer Overflow (SEH) Easy FTP 1.7.0.11 - 'NLST' / 'NLST -al' / 'APPE' / 'RETR' / 'SIZE' / 'XCWD' Buffer Overflow Easy FTP 1.7.0.11 - 'NLST' / 'NLST -al' / 'APPE' / 'RETR' / 'SIZE' / 'XCWD' Remote Buffer Overflow Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Buffer Overflow (PoC) Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow (PoC) Novell iPrint Client - ActiveX Control 'debug' Buffer Overflow (Metasploit) Novell iPrint Client - ActiveX Control 'debug' Remote Buffer Overflow (Metasploit) Oracle Java 6 - OBJECT tag 'launchjnlp'/'docbase' Buffer Overflow Oracle Java 6 - OBJECT tag 'launchjnlp'/'docbase' Remote Buffer Overflow DATAC RealWin SCADA Server 1.06 - Buffer Overflow XBMC 9.04.1r20672 - 'soap_action_name' POST UPnP 'sscanf' Buffer Overflow DATAC RealWin SCADA Server 1.06 - Remote Buffer Overflow XBMC 9.04.1r20672 - 'soap_action_name' POST UPnP 'sscanf' Remote Buffer Overflow Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Remote Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 6 - ActiveX 'TifMergeMultiFiles()' Buffer Overflow Freefloat FTP Server - Buffer Overflow Viscom Image Viewer CP Gold 6 - ActiveX 'TifMergeMultiFiles()' Remote Buffer Overflow Freefloat FTP Server - Remote Buffer Overflow Kolibri 2.0 - 'HEAD' Buffer Overflow RET (SEH) Kolibri 2.0 - 'HEAD' Remote Buffer Overflow RET (SEH) FTPGetter 3.58.0.21 - 'PASV' Buffer Overflow FTPGetter 3.58.0.21 - 'PASV' Remote Buffer Overflow NTP daemon readvar - Buffer Overflow (Metasploit) NTP daemon readvar - Remote Buffer Overflow (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) Samba 2.2.2 < 2.2.6 - 'nttrans' Remote Buffer Overflow (Metasploit) (1) Sun Solaris sadmind - 'adm_build_path()' Buffer Overflow (Metasploit) Sun Solaris sadmind - 'adm_build_path()' Remote Buffer Overflow (Metasploit) Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (2) (Metasploit) Solaris TelnetD - 'TTYPROMPT' Remote Buffer Overflow (2) (Metasploit) WinComLPD 3.0.2 - Buffer Overflow (Metasploit) WinComLPD 3.0.2 - Remote Buffer Overflow (Metasploit) SapLPD 6.28 - Buffer Overflow (Metasploit) SapLPD 6.28 - Remote Buffer Overflow (Metasploit) Oracle 8i - TNS Listener 'ARGUMENTS' Buffer Overflow (Metasploit) Oracle 8i - TNS Listener 'ARGUMENTS' Remote Buffer Overflow (Metasploit) D-Link TFTP 1.0 - 'Filename' Buffer Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - 'Filename' Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - 'Mode' Buffer Overflow (Metasploit) D-Link TFTP 1.0 - 'Filename' Remote Buffer Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - 'Filename' Remote Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - 'Mode' Remote Buffer Overflow (Metasploit) TFTPD32 < 2.21 - 'Filename' Buffer Overflow (Metasploit) TFTPD32 < 2.21 - 'Filename' Remote Buffer Overflow (Metasploit) CitectSCADA/CitectFacilities ODBC - Buffer Overflow (Metasploit) MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit) CitectSCADA/CitectFacilities ODBC - Remote Buffer Overflow (Metasploit) MOXA Device Manager Tool 2.1 - Remote Buffer Overflow (Metasploit) DATAC RealWin SCADA Server - Buffer Overflow (Metasploit) DATAC RealWin SCADA Server - Remote Buffer Overflow (Metasploit) Omni-NFS Server - Buffer Overflow (Metasploit) Omni-NFS Server - Remote Buffer Overflow (Metasploit) EMC AlphaStor Agent - Buffer Overflow (Metasploit) EMC AlphaStor Agent - Remote Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (1) CA BrightStor ARCserve for Laptops & Desktops LGServer - Remote Buffer Overflow (Metasploit) (1) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (2) CA BrightStor ARCserve for Laptops & Desktops LGServer - Remote Buffer Overflow (Metasploit) (2) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (3) CA BrightStor ARCserve Message Engine 0x72 - Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - Remote Buffer Overflow (Metasploit) (3) CA BrightStor ARCserve Message Engine 0x72 - Remote Buffer Overflow (Metasploit) CA BrightStor ARCserve License Service - 'GCR NETWORK' Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - 'rxsSetDataGrowthScheduleAndFilter' Buffer Overflow (Metasploit) CA BrightStor ARCserve License Service - 'GCR NETWORK' Remote Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - 'rxsSetDataGrowthScheduleAndFilter' Remote Buffer Overflow (Metasploit) Firebird Relational Database - 'SVC_attach()' Buffer Overflow (Metasploit) IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (Metasploit) (1) Firebird Relational Database - 'SVC_attach()' Remote Buffer Overflow (Metasploit) IBM Tivoli Storage Manager Express CAD Service - Remote Buffer Overflow (Metasploit) (1) SAP Business One License Manager 2005 - Buffer Overflow (Metasploit) SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit) Asus Dpcproxy - Buffer Overflow (Metasploit) Asus Dpcproxy - Remote Buffer Overflow (Metasploit) Microsoft Windows RSH daemon - Buffer Overflow (Metasploit) IBM Tivoli Storage Manager Express RCA Service - Buffer Overflow (Metasploit) Microsoft Windows RSH daemon - Remote Buffer Overflow (Metasploit) IBM Tivoli Storage Manager Express RCA Service - Remote Buffer Overflow (Metasploit) BigAnt Server 2.2 - Buffer Overflow (Metasploit) BigAnt Server 2.50 SP1 - Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_create_database()' Buffer Overflow (Metasploit) BomberClone 0.11.6 - Buffer Overflow (Metasploit) BigAnt Server 2.2 - Remote Buffer Overflow (Metasploit) BigAnt Server 2.50 SP1 - Remote Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_create_database()' Remote Buffer Overflow (Metasploit) BomberClone 0.11.6 - Remote Buffer Overflow (Metasploit) Borland Interbase - 'isc_create_database()' Buffer Overflow (Metasploit) Borland Interbase - 'isc_create_database()' Remote Buffer Overflow (Metasploit) NetTransport Download Manager 2.90.510 - Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_attach_database()' Buffer Overflow (Metasploit) NetTransport Download Manager 2.90.510 - Remote Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_attach_database()' Remote Buffer Overflow (Metasploit) Bopup Communications Server - Buffer Overflow (Metasploit) UFO: Alien Invasion IRC Client (Windows) - Buffer Overflow (Metasploit) Borland Interbase - 'isc_attach_database()' Buffer Overflow (Metasploit) Bopup Communications Server - Remote Buffer Overflow (Metasploit) UFO: Alien Invasion IRC Client (Windows) - Remote Buffer Overflow (Metasploit) Borland Interbase - 'isc_attach_database()' Remote Buffer Overflow (Metasploit) Borland Interbase - 'SVC_attach()' Buffer Overflow (Metasploit) Borland Interbase - 'SVC_attach()' Remote Buffer Overflow (Metasploit) Borland Interbase - 'Create-Request' Buffer Overflow (Metasploit) Borland Interbase - 'Create-Request' Remote Buffer Overflow (Metasploit) Realtek Media Player Playlist - Buffer Overflow (Metasploit) Realtek Media Player Playlist - Remote Buffer Overflow (Metasploit) SecureCRT 4.0 Beta 2 SSH1 - Buffer Overflow (Metasploit) SecureCRT 4.0 Beta 2 SSH1 - Remote Buffer Overflow (Metasploit) PuTTy.exe 0.53 - Buffer Overflow (Metasploit) PuTTy.exe 0.53 - Remote Buffer Overflow (Metasploit) Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Buffer Overflow (Metasploit) Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Remote Buffer Overflow (Metasploit) IBM Lotus Domino Web Access Upload Module - Buffer Overflow (Metasploit) IBM Lotus Domino Web Access Upload Module - Remote Buffer Overflow (Metasploit) Macrovision Installshield Update Service - Buffer Overflow (Metasploit) Macrovision Installshield Update Service - Remote Buffer Overflow (Metasploit) SAP AG SAPgui EAI WebViewer3D - Buffer Overflow (Metasploit) SAP AG SAPgui EAI WebViewer3D - Remote Buffer Overflow (Metasploit) Symantec BackupExec Calendar Control - Buffer Overflow (Metasploit) Symantec BackupExec Calendar Control - Remote Buffer Overflow (Metasploit) RealNetworks RealPlayer - '.SMIL' Buffer Overflow (Metasploit) RealNetworks RealPlayer - '.SMIL' Remote Buffer Overflow (Metasploit) AOL Radio AmpX - ActiveX Control 'ConvertFile()' Buffer Overflow (Metasploit) AOL Radio AmpX - ActiveX Control 'ConvertFile()' Remote Buffer Overflow (Metasploit) NCTAudioFile2 2.x - ActiveX Control 'SetFormatLikeSample()' Buffer Overflow (Metasploit) NCTAudioFile2 2.x - ActiveX Control 'SetFormatLikeSample()' Remote Buffer Overflow (Metasploit) Winamp Ultravox Streaming Metadata 'in_mp3.dll' - Buffer Overflow (Metasploit) Winamp Ultravox Streaming Metadata 'in_mp3.dll' - Remote Buffer Overflow (Metasploit) Racer 0.5.3 Beta 5 - Buffer Overflow (Metasploit) Racer 0.5.3 Beta 5 - Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) Xlink FTP Server - Buffer Overflow (Metasploit) Xlink FTP Server - Remote Buffer Overflow (Metasploit) Xlink FTP Client - Buffer Overflow (Metasploit) Xlink FTP Client - Remote Buffer Overflow (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - 'LIST' Buffer Overflow (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - 'LIST' Remote Buffer Overflow (Metasploit) NetTerm NetFTPD - 'USER' Buffer Overflow (Metasploit) NetTerm NetFTPD - 'USER' Remote Buffer Overflow (Metasploit) MiniShare 1.4.1 - Buffer Overflow (Metasploit) MiniShare 1.4.1 - Remote Buffer Overflow (Metasploit) Private Wire Gateway - Buffer Overflow (Metasploit) BadBlue 2.5 - 'ext.dll' Buffer Overflow (Metasploit) Private Wire Gateway - Remote Buffer Overflow (Metasploit) BadBlue 2.5 - 'ext.dll' Remote Buffer Overflow (Metasploit) IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (Metasploit) (2) IBM Tivoli Storage Manager Express CAD Service - Remote Buffer Overflow (Metasploit) (2) IA WebMail Server 3.x - Buffer Overflow (Metasploit) IA WebMail Server 3.x - Remote Buffer Overflow (Metasploit) Now SMS/Mms Gateway - Buffer Overflow (Metasploit) Now SMS/Mms Gateway - Remote Buffer Overflow (Metasploit) Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit) Hewlett-Packard (HP) Power Manager Administration - Remote Buffer Overflow (Metasploit) IPSwitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) IPSwitch WhatsUp Gold 8.03 - Remote Buffer Overflow (Metasploit) Apache Tomcat mod_jk 1.2.20 - Buffer Overflow (Metasploit) httpdx - 'h_handlepeer()' Buffer Overflow (Metasploit) Apache Tomcat mod_jk 1.2.20 - Remote Buffer Overflow (Metasploit) httpdx - 'h_handlepeer()' Remote Buffer Overflow (Metasploit) Alt-N SecurityGateway 1.0.1 - 'Username' Buffer Overflow (Metasploit) Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (Metasploit) IBM TPM for OS Deployment 5.1.0.x - 'rembo.exe' Buffer Overflow (Metasploit) IBM TPM for OS Deployment 5.1.0.x - 'rembo.exe' Remote Buffer Overflow (Metasploit) Novell Groupwise Messenger Client - Buffer Overflow (Metasploit) Novell Groupwise Messenger Client - Remote Buffer Overflow (Metasploit) GAMSoft TelSrv 1.5 - 'Username' Buffer Overflow (Metasploit) GoodTech Telnet Server 5.0.6 - Buffer Overflow (Metasploit) YahooPOPs (YPOPS) 0.6 - Buffer Overflow (Metasploit) SoftiaCom wMailServer 1.0 - Buffer Overflow (Metasploit) GAMSoft TelSrv 1.5 - 'Username' Remote Buffer Overflow (Metasploit) GoodTech Telnet Server 5.0.6 - Remote Buffer Overflow (Metasploit) YahooPOPs (YPOPS) 0.6 - Remote Buffer Overflow (Metasploit) SoftiaCom wMailServer 1.0 - Remote Buffer Overflow (Metasploit) IPSwitch IMail LDAP Daemon/Service - Buffer Overflow (Metasploit) IPSwitch IMail LDAP Daemon/Service - Remote Buffer Overflow (Metasploit) Symantec Alert Management System Intel Alert Originator Service - Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'CreateBinding()' Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Buffer Overflow (Metasploit) Symantec Remote Management - Buffer Overflow (Metasploit) Symantec Alert Management System Intel Alert Originator Service - Remote Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - Remote Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'CreateBinding()' Remote Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Remote Buffer Overflow (Metasploit) Symantec Remote Management - Remote Buffer Overflow (Metasploit) Borland Interbase - 'PWD_db_aliased()' Buffer Overflow (Metasploit) Borland Interbase - 'open_marker_file()' Buffer Overflow (Metasploit) Borland Interbase - 'PWD_db_aliased()' Remote Buffer Overflow (Metasploit) Borland Interbase - 'open_marker_file()' Remote Buffer Overflow (Metasploit) Borland Interbase - 'jrd8_create_database()' Buffer Overflow (Metasploit) Borland Interbase - 'INET_connect()' Buffer Overflow (Metasploit) Borland Interbase - 'jrd8_create_database()' Remote Buffer Overflow (Metasploit) Borland Interbase - 'INET_connect()' Remote Buffer Overflow (Metasploit) ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Buffer Overflow (Metasploit) ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Remote Buffer Overflow (Metasploit) Linksys WRT54 Access Point - 'apply.cgi' Buffer Overflow (Metasploit) Linksys WRT54 Access Point - 'apply.cgi' Remote Buffer Overflow (Metasploit) Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (Metasploit) (1) Apple iPhone MobileSafari LibTIFF - 'browser' Remote Buffer Overflow (Metasploit) (1) UFO: Alien Invasion IRC Client (OSX) - Buffer Overflow (Metasploit) UFO: Alien Invasion IRC Client (OSX) - Remote Buffer Overflow (Metasploit) Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (Metasploit) (2) Apple iPhone MobileSafari LibTIFF - 'email' Remote Buffer Overflow (Metasploit) (2) HP Network Node Manager (NMM) - CGI 'webappmon.exe OvJavaLocale' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe OvJavaLocale' Remote Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Remote Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe schdParams' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe schdParams' Remote Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Remote Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe main' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe main' Remote Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe ovutil' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe ovutil' Remote Buffer Overflow (Metasploit) SPlayer 3.7 (build 2055) - Buffer Overflow SPlayer 3.7 (build 2055) - Remote Buffer Overflow Citrix Provisioning Services 5.6 - 'streamprocess.exe' Buffer Overflow (Metasploit) Citrix Provisioning Services 5.6 - 'streamprocess.exe' Remote Buffer Overflow (Metasploit) Sielco Sistemi Winlog - Buffer Overflow (Metasploit) Sielco Sistemi Winlog - Remote Buffer Overflow (Metasploit) HP OmniInet.exe Opcode 20 - Buffer Overflow (Metasploit) HP OmniInet.exe Opcode 20 - Remote Buffer Overflow (Metasploit) Freefloat FTP Server - Buffer Overflow (Metasploit) Freefloat FTP Server - Remote Buffer Overflow (Metasploit) Blue Coat Authentication and Authorization Agent (BCAAA) 5 - Buffer Overflow (Metasploit) Blue Coat Authentication and Authorization Agent (BCAAA) 5 - Remote Buffer Overflow (Metasploit) Freefloat FTP Server - 'LIST' Buffer Overflow Freefloat FTP Server - 'LIST' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'MKD' Buffer Overflow Freefloat FTP Server - 'MKD' Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - 'MKD' Remote Buffer Overflow Freefloat FTP Server - 'MKD' Remote Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - 'REST' / 'PASV' Buffer Overflow Freefloat FTP Server - 'REST' Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - 'ACCL' Buffer Overflow Freefloat FTP Server 1.0 - 'REST' / 'PASV' Remote Buffer Overflow Freefloat FTP Server - 'REST' Remote Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - 'ACCL' Remote Buffer Overflow KnFTP Server - Buffer Overflow KnFTP Server - Remote Buffer Overflow Freefloat FTP Server - Buffer Overflow (DEP Bypass) Freefloat FTP Server - Remote Buffer Overflow (DEP Bypass) HP Power Manager - 'formExportDataLogs' Buffer Overflow (Metasploit) HP Power Manager - 'formExportDataLogs' Remote Buffer Overflow (Metasploit) KnFTP 1.0 - Buffer Overflow (DEP Bypass) (Metasploit) KnFTP 1.0 - Remote Buffer Overflow (DEP Bypass) (Metasploit) RhinoSoft Serv-U FTPd Server < 4.2 - Buffer Overflow (Metasploit) RhinoSoft Serv-U FTPd Server < 4.2 - Remote Buffer Overflow (Metasploit) TFTP Server 1.4 - ST 'RRQ' Buffer Overflow TFTP Server 1.4 - ST 'RRQ' Remote Buffer Overflow Linux BSD-derived Telnet Service Encryption Key ID - Buffer Overflow (Metasploit) Linux BSD-derived Telnet Service Encryption Key ID - Remote Buffer Overflow (Metasploit) Savant Web Server 3.1 - Buffer Overflow (Egghunter) NetOp Remote Control Client 9.5 - Buffer Overflow (Metasploit) Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter) NetOp Remote Control Client 9.5 - Remote Buffer Overflow (Metasploit) Sysax 5.53 - SSH 'Username' Buffer Overflow Unauthenticated Remote Code Execution (Egghunter) Sysax 5.53 - SSH 'Username' Remote Buffer Overflow Unauthenticated Remote Code Execution (Egghunter) FlashFXP 4.1.8.1701 - Buffer Overflow Sysax 5.53 - SSH 'Username' Buffer Overflow (Metasploit) FlashFXP 4.1.8.1701 - Remote Buffer Overflow Sysax 5.53 - SSH 'Username' Remote Buffer Overflow (Metasploit) Netmechanica NetDecision HTTP Server 4.5.1 - Buffer Overflow (Metasploit) Netmechanica NetDecision HTTP Server 4.5.1 - Remote Buffer Overflow (Metasploit) UltraVNC 1.0.2 Client - 'vncviewer.exe' Buffer Overflow (Metasploit) UltraVNC 1.0.2 Client - 'vncviewer.exe' Remote Buffer Overflow (Metasploit) RabidHamster R4 - Log Entry 'sprintf()' Buffer Overflow (Metasploit) RabidHamster R4 - Log Entry 'sprintf()' Remote Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.14 - Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.14 - Remote Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.16 - Buffer Overflow Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow BSD 4.2 - 'fingerd' Buffer Overflow BSD 4.2 - 'fingerd' Remote Buffer Overflow Stalker Internet Mail Server 1.6 - Buffer Overflow Stalker Internet Mail Server 1.6 - Remote Buffer Overflow Qualcomm Eudora Internet Mail Server 1.2 - Buffer Overflow Qualcomm Eudora Internet Mail Server 1.2 - Remote Buffer Overflow Lynx 2.8 - Buffer Overflow Lynx 2.8 - Remote Buffer Overflow WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Buffer Overflow (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Buffer Overflow (2) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Remote Buffer Overflow (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Remote Buffer Overflow (2) Muhammad A. Muquit wwwcount 2.3 - 'Count.cgi' Buffer Overflow Netscape Messaging Server 3.55 & University of Washington imapd 10.234 - Buffer Overflow Muhammad A. Muquit wwwcount 2.3 - 'Count.cgi' Remote Buffer Overflow Netscape Messaging Server 3.55 & University of Washington imapd 10.234 - Remote Buffer Overflow ISC BIND (Linux/BSD) - Buffer Overflow (1) ISC BIND (Multiple OSes) - Buffer Overflow (2) ISC BIND (Linux/BSD) - Remote Buffer Overflow (1) ISC BIND (Multiple OSes) - Remote Buffer Overflow (2) Cat Soft Serv-U FTP Server 2.5 - Buffer Overflow Cat Soft Serv-U FTP Server 2.5 - Remote Buffer Overflow SmartDesk WebSuite 2.1 - Buffer Overflow SmartDesk WebSuite 2.1 - Remote Buffer Overflow University of Washington pop2d 4.4 - Buffer Overflow University of Washington pop2d 4.4 - Remote Buffer Overflow Microsoft IIS 4.0 - Buffer Overflow (1) Microsoft IIS 4.0 - Buffer Overflow (2) Microsoft IIS 4.0 - Buffer Overflow (3) Microsoft IIS 4.0 - Buffer Overflow (4) Microsoft IIS 4.0 - Remote Buffer Overflow (1) Microsoft IIS 4.0 - Remote Buffer Overflow (2) Microsoft IIS 4.0 - Remote Buffer Overflow (3) Microsoft IIS 4.0 - Remote Buffer Overflow (4) Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Remote Buffer Overflow ToxSoft NextFTP 1.82 - Buffer Overflow Fujitsu Chocoa 1.0 beta7R - 'Topic' Buffer Overflow CREAR ALMail32 1.10 - Buffer Overflow ToxSoft NextFTP 1.82 - Remote Buffer Overflow Fujitsu Chocoa 1.0 beta7R - 'Topic' Remote Buffer Overflow CREAR ALMail32 1.10 - Remote Buffer Overflow Hybrid Ircd 5.0.3 p7 - Buffer Overflow Hybrid Ircd 5.0.3 p7 - Remote Buffer Overflow BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (1) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (2) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Remote Buffer Overflow (1) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Remote Buffer Overflow (2) Washington University WU-FTPD 2.5.0 - 'message' Buffer Overflow Washington University WU-FTPD 2.5.0 - 'message' Remote Buffer Overflow Omnicron OmniHTTPd 1.1/2.4 Pro - Buffer Overflow Omnicron OmniHTTPd 1.1/2.4 Pro - Remote Buffer Overflow BTD Studio Zom-Mail 1.0.9 - Buffer Overflow BTD Studio Zom-Mail 1.0.9 - Remote Buffer Overflow IBM HomePagePrint 1.0 7 - Buffer Overflow IBM HomePagePrint 1.0 7 - Remote Buffer Overflow Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (1) Poison Ivy 2.3.2 (C2 Server) - Buffer Overflow (Metasploit) Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (2) Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Remote Buffer Overflow (1) Poison Ivy 2.3.2 (C2 Server) - Remote Buffer Overflow (Metasploit) Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Remote Buffer Overflow (2) Admiral Systems EmailClub 1.0.0.5 - Buffer Overflow Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Buffer Overflow Admiral Systems EmailClub 1.0.0.5 - Remote Buffer Overflow Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Remote Buffer Overflow ETL Delegate 5.9.x/6.0.x - Buffer Overflow ETL Delegate 5.9.x/6.0.x - Remote Buffer Overflow Solaris 2.3/2.4/2.5/2.5.1/2.6/7.0 snoop - 'print_domain_name' Buffer Overflow WolfPack Development XSHIPWARS 1.0/1.2.4 - Buffer Overflow Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (1) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (2) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (3) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (4) Solaris 2.3/2.4/2.5/2.5.1/2.6/7.0 snoop - 'print_domain_name' Remote Buffer Overflow WolfPack Development XSHIPWARS 1.0/1.2.4 - Remote Buffer Overflow Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (1) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (2) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (3) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (4) ZBServer Pro 1.5 - Buffer Overflow (1) ZBServer Pro 1.5 - Buffer Overflow (2) ZBServer Pro 1.5 - Remote Buffer Overflow (1) ZBServer Pro 1.5 - Remote Buffer Overflow (2) Hughes Technologies Mini SQL (mSQL) 2.0.11 - 'w3-msql' Buffer Overflow Hughes Technologies Mini SQL (mSQL) 2.0.11 - 'w3-msql' Remote Buffer Overflow Qualcomm qpopper 3.0 - 'LIST' Buffer Overflow Qualcomm qpopper 3.0 - 'LIST' Remote Buffer Overflow Michael Sandrof IrcII 4.4-7 - Buffer Overflow Michael Sandrof IrcII 4.4-7 - Remote Buffer Overflow Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Buffer Overflow UoW IMAPd Server 10.234/12.264 - Buffer Overflow Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Remote Buffer Overflow UoW IMAPd Server 10.234/12.264 - Remote Buffer Overflow ALLMediaServer 0.8 - Buffer Overflow (Metasploit) ALLMediaServer 0.8 - Remote Buffer Overflow (Metasploit) LCDProc 0.4 - Buffer Overflow LCDProc 0.4 - Remote Buffer Overflow NetWin DNews 5.3 Server - Buffer Overflow NetWin DNews 5.3 Server - Remote Buffer Overflow Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (1) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (3) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Remote Buffer Overflow (1) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Remote Buffer Overflow (3) Novell ZENworks Configuration Management Preboot Service 0x06 - Buffer Overflow (Metasploit) Novell ZENworks Configuration Management Preboot Service 0x21 - Buffer Overflow (Metasploit) Novell ZENworks Configuration Management Preboot Service 0x06 - Remote Buffer Overflow (Metasploit) Novell ZENworks Configuration Management Preboot Service 0x21 - Remote Buffer Overflow (Metasploit) Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3 / Mail Server 5.0.1/5.0.2/5.0.3 - Buffer Overflow Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3 / Mail Server 5.0.1/5.0.2/5.0.3 - Remote Buffer Overflow Concatus IMate Web Mail Server 2.5 - Buffer Overflow Concatus IMate Web Mail Server 2.5 - Remote Buffer Overflow SapporoWorks WinProxy 2.0/2.0.1 - Buffer Overflow SapporoWorks WinProxy 2.0/2.0.1 - Remote Buffer Overflow DALnet Bahamut IRCd 4.6.5 - 'SUMMON' Buffer Overflow DALnet Bahamut IRCd 4.6.5 - 'SUMMON' Remote Buffer Overflow Michael Lamont Savant Web Server 2.1/3.0 - Buffer Overflow Michael Lamont Savant Web Server 2.1/3.0 - Remote Buffer Overflow Infopulse GateKeeper 3.5 - Buffer Overflow Infopulse GateKeeper 3.5 - Remote Buffer Overflow OReilly Software WebSite Professional 2.3.18/2.4/2.4.9 - 'webfind.exe' Buffer Overflow OReilly Software WebSite Professional 2.3.18/2.4/2.4.9 - 'webfind.exe' Remote Buffer Overflow NAI Net Tools PKI Server 1.0 - 'strong.exe' Buffer Overflow NAI Net Tools PKI Server 1.0 - 'strong.exe' Remote Buffer Overflow MediaHouse Software Statistics Server LiveStats 5.2 - Buffer Overflow MediaHouse Software Statistics Server LiveStats 5.2 - Remote Buffer Overflow Luca Deri ntop 1.2 a7-9/1.3.1 - Buffer Overflow Luca Deri ntop 1.2 a7-9/1.3.1 - Remote Buffer Overflow RobTex Viking Server 1.0.6 Build 355 - Buffer Overflow RobTex Viking Server 1.0.6 Build 355 - Remote Buffer Overflow eEye Digital Security IRIS 1.0.1 / SpyNet CaptureNet 3.0.12 - Buffer Overflow eEye Digital Security IRIS 1.0.1 / SpyNet CaptureNet 3.0.12 - Remote Buffer Overflow Mobius DocumentDirect for the Internet 1.2 - Buffer Overflow Mobius DocumentDirect for the Internet 1.2 - Remote Buffer Overflow Cisco Secure ACS for Windows NT 2.42 - Buffer Overflow Cisco Secure ACS for Windows NT 2.42 - Remote Buffer Overflow UoW Pine 4.0.4/4.10/4.21 - 'From:' Buffer Overflow UoW Pine 4.0.4/4.10/4.21 - 'From:' Remote Buffer Overflow Nevis Systems All-Mail 1.1 - Buffer Overflow Nevis Systems All-Mail 1.1 - Remote Buffer Overflow Samba 1.9.19 - 'Password' Buffer Overflow Samba 1.9.19 - 'Password' Remote Buffer Overflow Joe Kloss RobinHood 1.1 - Buffer Overflow Joe Kloss RobinHood 1.1 - Remote Buffer Overflow Microsoft Windows Media Player 7.0 - '.asx' Buffer Overflow Microsoft Windows Media Player 7.0 - '.asx' Remote Buffer Overflow Oops Proxy Server 1.4.22 - Buffer Overflow (1) Oops Proxy Server 1.4.22 - Buffer Overflow (2) Oops Proxy Server 1.4.22 - Remote Buffer Overflow (1) Oops Proxy Server 1.4.22 - Remote Buffer Overflow (2) AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Buffer Overflow AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Remote Buffer Overflow SWSoft ASPSeek 1.0 - 's.cgi' Buffer Overflow SWSoft ASPSeek 1.0 - 's.cgi' Remote Buffer Overflow FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Buffer Overflow FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow OpenBSD 2.x < 2.8 FTPd - 'glob()' Buffer Overflow FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Remote Buffer Overflow FreeBSD 4.2-stable - FTPd 'glob()' Remote Buffer Overflow OpenBSD 2.x < 2.8 FTPd - 'glob()' Remote Buffer Overflow Netscape SmartDownload 1.3 - Buffer Overflow Netscape SmartDownload 1.3 - Remote Buffer Overflow WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow WFTPD 3.0 - 'RETR' / 'CWD' Remote Buffer Overflow Xinetd 2.1.8 - Buffer Overflow Xinetd 2.1.8 - Remote Buffer Overflow Microsoft Visual Studio RAD Support - Buffer Overflow Microsoft Visual Studio RAD Support - Buffer Overflow (MS03-051) (Metasploit) Microsoft Visual Studio RAD Support - Remote Buffer Overflow Microsoft Visual Studio RAD Support - Remote Buffer Overflow (MS03-051) (Metasploit) Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Buffer Overflow Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Remote Buffer Overflow xloadimage 4.1 - Buffer Overflow xloadimage 4.1 - Remote Buffer Overflow NCSA HTTPd 1.x - Buffer Overflow (1) NCSA HTTPd 1.x - Buffer Overflow (2) NCSA HTTPd 1.x - Remote Buffer Overflow (1) NCSA HTTPd 1.x - Remote Buffer Overflow (2) AOLServer 3 - 'Authentication String' Buffer Overflow (1) AOLServer 3 - 'Authentication String' Buffer Overflow (2) AIX 4.1/4.2 - 'pdnsd' Buffer Overflow AOLServer 3 - 'Authentication String' Remote Buffer Overflow (1) AOLServer 3 - 'Authentication String' Remote Buffer Overflow (2) AIX 4.1/4.2 - 'pdnsd' Remote Buffer Overflow EFTP 2.0.7 337 - Buffer Overflow Code Execution / Denial of Service EFTP 2.0.7 337 - Remote Buffer Overflow Code Execution / Denial of Service Oracle9iAS Web Cache 2.0 - Buffer Overflow Oracle9iAS Web Cache 2.0 - Remote Buffer Overflow Ipswitch WS_FTP Server 1.0.x/2.0.x - 'STAT' Buffer Overflow Ipswitch WS_FTP Server 1.0.x/2.0.x - 'STAT' Remote Buffer Overflow ActivePerl 5.6.1 - 'perlIIS.dll' Buffer Overflow (1) ActivePerl 5.6.1 - 'perlIIS.dll' Buffer Overflow (2) ActivePerl 5.6.1 - 'perlIIS.dll' Buffer Overflow (3) ActivePerl 5.6.1 - 'perlIIS.dll' Remote Buffer Overflow (1) ActivePerl 5.6.1 - 'perlIIS.dll' Remote Buffer Overflow (2) ActivePerl 5.6.1 - 'perlIIS.dll' Remote Buffer Overflow (3) Solaris 2.x/7.0/8 - Derived 'login' Buffer Overflow Solaris 2.x/7.0/8 - Derived 'login' Remote Buffer Overflow BrowseFTP Client 1.62 - Buffer Overflow BrowseFTP Client 1.62 - Remote Buffer Overflow Boozt 0.9.8 - Buffer Overflow Boozt 0.9.8 - Remote Buffer Overflow John Roy Pi3Web 2.0 For Windows - Buffer Overflow John Roy Pi3Web 2.0 For Windows - Remote Buffer Overflow Phusion WebServer 1.0 - 'URL' Buffer Overflow Phusion WebServer 1.0 - 'URL' Remote Buffer Overflow Essentia Web Server 2.1 - 'URL' Buffer Overflow Essentia Web Server 2.1 - 'URL' Remote Buffer Overflow Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (1) Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (2) Matu FTP Server 1.13 - Buffer Overflow Youngzsoft CMailServer 3.30/4.0 - Remote Buffer Overflow (1) Youngzsoft CMailServer 3.30/4.0 - Remote Buffer Overflow (2) Matu FTP Server 1.13 - Remote Buffer Overflow Microsoft Internet Explorer 5/6 / Microsoft ISA Server 2000 / Microsoft Proxy Server 2.0 Gopher Client - Buffer Overflow Microsoft Internet Explorer 5/6 / Microsoft ISA Server 2000 / Microsoft Proxy Server 2.0 Gopher Client - Remote Buffer Overflow ATPhttpd 0.4b - Buffer Overflow ATPhttpd 0.4b - Remote Buffer Overflow Trillian 0.x IRC Module - Buffer Overflow Trillian 0.x IRC Module - Remote Buffer Overflow Avaya WinPMD UniteHostRouter - Buffer Overflow (Metasploit) Avaya WinPMD UniteHostRouter - Remote Buffer Overflow (Metasploit) ghttpd 1.4.x - 'Log()' Buffer Overflow ghttpd 1.4.x - 'Log()' Remote Buffer Overflow TFTPD32 2.50 - 'Filename' Buffer Overflow TFTPD32 2.50 - 'Filename' Remote Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Remote Buffer Overflow PGP4Pine 1.75.6/1.76 - 'Message Line' Buffer Overflow PGP4Pine 1.75.6/1.76 - 'Message Line' Remote Buffer Overflow Freefloat FTP Server - 'PUT' Buffer Overflow Freefloat FTP Server - 'PUT' Remote Buffer Overflow Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (4) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Remote Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Remote Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Remote Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Remote Buffer Overflow (4) Aladdin Knowledge System Ltd - 'ChooseFilePath' Buffer Overflow (Metasploit) Aladdin Knowledge System Ltd - 'ChooseFilePath' Remote Buffer Overflow (Metasploit) HP Intelligent Management Center UAM - Buffer Overflow (Metasploit) HP Intelligent Management Center UAM - Remote Buffer Overflow (Metasploit) Microsoft Internet Explorer 5 - Remote 'URLMON.dll' Buffer Overflow Microsoft Internet Explorer 5 - Remote 'URLMON.dll' Remote Buffer Overflow Yahoo! Voice Chat ActiveX Control 1.0.0.43 - Buffer Overflow Yahoo! Voice Chat ActiveX Control 1.0.0.43 - Remote Buffer Overflow MNOGoSearch 3.1.20 - 'search.cgi?UL' Buffer Overflow (1) MNOGoSearch 3.1.20 - 'search.cgi?UL' Buffer Overflow (2) MNOGoSearch 3.1.20 - 'search.cgi?UL' Remote Buffer Overflow (1) MNOGoSearch 3.1.20 - 'search.cgi?UL' Remote Buffer Overflow (2) Alt-N WebAdmin 2.0.x - 'USER' Buffer Overflow (1) Alt-N WebAdmin 2.0.x - 'USER' Buffer Overflow (2) Alt-N WebAdmin 2.0.x - 'USER' Remote Buffer Overflow (1) Alt-N WebAdmin 2.0.x - 'USER' Remote Buffer Overflow (2) Freefloat FTP Server - 'USER' Buffer Overflow Freefloat FTP Server - 'USER' Remote Buffer Overflow PLD Software Ebola 0.1.4 - Buffer Overflow PLD Software Ebola 0.1.4 - Remote Buffer Overflow Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server - Buffer Overflow Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server - Remote Buffer Overflow Metamail 2.7 - Multiple Buffer Overflow/Format String Handling Vulnerabilities Metamail 2.7 - Multiple Buffer Overflow / Format String Handling Vulnerabilities Enterasys NetSight - 'nssyslogd.exe' Buffer Overflow (Metasploit) Enterasys NetSight - 'nssyslogd.exe' Remote Buffer Overflow (Metasploit) LHA 1.x - Buffer Overflow / Directory Traversal LHA 1.x - Remote Buffer Overflow / Directory Traversal Novell eDirectory 8 - Buffer Overflow (Metasploit) Novell eDirectory 8 - Remote Buffer Overflow (Metasploit) Citadel/UX 5.9/6.x - 'Username' Buffer Overflow (1) Citadel/UX 5.9/6.x - 'Username' Buffer Overflow (2) Citadel/UX 5.9/6.x - 'Username' Remote Buffer Overflow (1) Citadel/UX 5.9/6.x - 'Username' Remote Buffer Overflow (2) Freefloat FTP Server 1.0 - 'Raw' Buffer Overflow Freefloat FTP Server 1.0 - 'Raw' Remote Buffer Overflow Raven Software Soldier Of Fortune 2 - Buffer Overflow Raven Software Soldier Of Fortune 2 - Remote Buffer Overflow Cool PDF Image Stream - Buffer Overflow (Metasploit) Cool PDF Image Stream - Remote Buffer Overflow (Metasploit) KNet Web Server 1.04b - Buffer Overflow (SEH) BigAnt Server 2.97 - DDNF 'Username' Buffer Overflow KNet Web Server 1.04b - Remote Buffer Overflow (SEH) BigAnt Server 2.97 - DDNF 'Username' Remote Buffer Overflow MinaliC WebServer 2.0.0 - Buffer Overflow MinaliC WebServer 2.0.0 - Remote Buffer Overflow 2Fax 3.0 Tab Expansion - Buffer Overflow 2Fax 3.0 Tab Expansion - Remote Buffer Overflow Light HTTPD 0.1 (Windows) - Buffer Overflow Light HTTPD 0.1 (Windows) - Remote Buffer Overflow PGN2WEB 0.3 - Buffer Overflow PGN2WEB 0.3 - Remote Buffer Overflow Mesh Viewer 0.2.2 - Buffer Overflow Mesh Viewer 0.2.2 - Remote Buffer Overflow CSV2XML 0.5.1 - Buffer Overflow CSV2XML 0.5.1 - Remote Buffer Overflow PCAL 4.x - Calendar File 'getline' Buffer Overflow PCAL 4.x - Calendar File 'get_holiday' Buffer Overflow PCAL 4.x - Calendar File 'getline' Remote Buffer Overflow PCAL 4.x - Calendar File 'get_holiday' Remote Buffer Overflow Microsoft MSN Messenger 6.2.0137 - '.png' Buffer Overflow Microsoft MSN Messenger 6.2.0137 - '.png' Remote Buffer Overflow Convert-UUlib 1.04/1.05 Perl Module - Buffer Overflow Convert-UUlib 1.04/1.05 Perl Module - Remote Buffer Overflow Clever's Games Terminator 3: War of the Machines 1.16 Server - Buffer Overflow Clever's Games Terminator 3: War of the Machines 1.16 Server - Remote Buffer Overflow PCMan FTP Server 2.0.7 - Buffer Overflow PCMan FTP Server 2.0.7 - Remote Buffer Overflow PCMan FTP Server 2.07 - 'PASS' Buffer Overflow PCMan FTP Server 2.07 - 'PASS' Remote Buffer Overflow MinaliC WebServer 2.0.0 - Buffer Overflow (Egghunter) MinaliC WebServer 2.0.0 - Remote Buffer Overflow (Egghunter) Intrasrv 1.0 - Buffer Overflow (Metasploit) Intrasrv 1.0 - Remote Buffer Overflow (Metasploit) PCMan FTP Server 2.07 - 'STOR' Buffer Overflow PCMan FTP Server 2.07 - 'STOR' Remote Buffer Overflow freeFTPd 1.0.10 - 'PASS' Buffer Overflow (SEH) freeFTPd 1.0.10 - 'PASS' Remote Buffer Overflow (SEH) freeFTPd 1.0.10 - 'PASS' Buffer Overflow (SEH) (Metasploit) freeFTPd 1.0.10 - 'PASS' Remote Buffer Overflow (SEH) (Metasploit) freeFTPd 1.0.10 - 'PASS' Buffer Overflow (Metasploit) freeFTPd 1.0.10 - 'PASS' Remote Buffer Overflow (Metasploit) NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Buffer Overflow NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow Supermicro Onboard IPMI - 'close_window.cgi' Buffer Overflow (Metasploit) Supermicro Onboard IPMI - 'close_window.cgi' Remote Buffer Overflow (Metasploit) PHP 5.1.6 - 'Imap_Mail_Compose()' Buffer Overflow PHP 5.1.6 - 'Imap_Mail_Compose()' Remote Buffer Overflow LANDesk Management Suite 8.7 Alert Service - 'AOLSRVR.exe' Buffer Overflow LANDesk Management Suite 8.7 Alert Service - 'AOLSRVR.exe' Remote Buffer Overflow BlueSkyChat ActiveX Control 8.1.2 - Buffer Overflow BlueSkyChat ActiveX Control 8.1.2 - Remote Buffer Overflow OpenBase 10.0.x - Buffer Overflow / Remote Command Execution OpenBase 10.0.x - Remote Buffer Overflow / Remote Command Execution GlobalLink 'GLChat.ocx' 2.5.1 - ActiveX Control 'ChatRoom()' Buffer Overflow GlobalLink 'GLChat.ocx' 2.5.1 - ActiveX Control 'ChatRoom()' Remote Buffer Overflow LamaHub 0.0.6.2 - Buffer Overflow LamaHub 0.0.6.2 - Remote Buffer Overflow WinComLPD Total 3.0.2.623 - Buffer Overflow / Authentication Bypass WinComLPD Total 3.0.2.623 - Remote Buffer Overflow / Authentication Bypass PCMan FTP Server 2.07 - 'ABOR' Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Buffer Overflow PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow haneWIN DNS Server 1.5.3 - Buffer Overflow (SEH) haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (SEH) Ghostscript 8.0.1/8.15 - 'zseticcspace()' Buffer Overflow Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow PECL 3.0.x - Alternative PHP Cache Extension 'apc_search_paths()' Buffer Overflow PECL 3.0.x - Alternative PHP Cache Extension 'apc_search_paths()' Remote Buffer Overflow PCMan FTP Server 2.07 - Buffer Overflow PCMan FTP Server 2.07 - Remote Buffer Overflow Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Remote Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Remote Buffer Overflow (Metasploit) Novell ZENworks Desktop Management 6.5 - ActiveX Control 'CanUninstall()' Buffer Overflow Novell ZENworks Desktop Management 6.5 - ActiveX Control 'CanUninstall()' Remote Buffer Overflow Hummingbird HostExplorer 6.2/8.0 - ActiveX Control 'PlainTextPassword()' Buffer Overflow Hummingbird HostExplorer 6.2/8.0 - ActiveX Control 'PlainTextPassword()' Remote Buffer Overflow PyCrypto ARC2 Module - Buffer Overflow PyCrypto ARC2 Module - Remote Buffer Overflow Novell eDirectory 8.8 - '/dhost/modules?I:' Buffer Overflow Novell eDirectory 8.8 - '/dhost/modules?I:' Remote Buffer Overflow SmartVMD 1.3 - ActiveX Control 'VideoMovementDetection.dll' Buffer Overflow SmartVMD 1.3 - ActiveX Control 'VideoMovementDetection.dll' Remote Buffer Overflow Yokogawa CS3000 - 'BKESimmgr.exe' Buffer Overflow (Metasploit) Yokogawa CS3000 - 'BKESimmgr.exe' Remote Buffer Overflow (Metasploit) Xfig and Transfig 3.2.5 - '.fig' Buffer Overflow Xfig and Transfig 3.2.5 - '.fig' Remote Buffer Overflow Ericom AccessNow Server - Buffer Overflow (Metasploit) Ericom AccessNow Server - Remote Buffer Overflow (Metasploit) WinSoftMagic Photo Editor - '.png' Buffer Overflow WinSoftMagic Photo Editor - '.png' Remote Buffer Overflow D-Link Devices - 'Authentication.cgi' Buffer Overflow (Metasploit) D-Link Devices - 'hedwig.cgi' Buffer Overflow in Cookie Header (Metasploit) D-Link Devices - 'Authentication.cgi' Remote Buffer Overflow (Metasploit) D-Link Devices - 'hedwig.cgi' Remote Buffer Overflow in Cookie Header (Metasploit) Serenity Audio Player 3.2.3 - '.m3u' Buffer Overflow Serenity Audio Player 3.2.3 - '.m3u' Buffer Overflow (Metasploit) Serenity Audio Player 3.2.3 - '.m3u' Remote Buffer Overflow Serenity Audio Player 3.2.3 - '.m3u' Remote Buffer Overflow (Metasploit) X-Motor Racing 1.26 - Buffer Overflow / Multiple Denial of Service Vulnerabilities X-Motor Racing 1.26 - Remote Buffer Overflow / Multiple Denial of Service Vulnerabilities Yokogawa CS3000 - 'BKFSim_vhfd.exe' Buffer Overflow (Metasploit) Yokogawa CS3000 - 'BKFSim_vhfd.exe' Remote Buffer Overflow (Metasploit) Enemy Territory: Quake Wars 1.5.12642.33243 - Buffer Overflow Enemy Territory: Quake Wars 1.5.12642.33243 - Remote Buffer Overflow Mozilla Firefox and SeaMonkey Plugin Parameters - Buffer Overflow Mozilla Firefox and SeaMonkey Plugin Parameters - Remote Buffer Overflow Kolibri WebServer 2.0 - Buffer Overflow (EMET 5.0 / EMET 4.1 Partial Bypass) Kolibri WebServer 2.0 - Remote Buffer Overflow (EMET 5.0 / EMET 4.1 Partial Bypass) Belkin N750 - 'jump?login' Buffer Overflow Belkin N750 - 'jump?login' Remote Buffer Overflow ESTsoft ALZip 8.12.0.3 - '.zip' Buffer Overflow ESTsoft ALZip 8.12.0.3 - '.zip' Remote Buffer Overflow Monkey's Audio - '.ape' Buffer Overflow Monkey's Audio - '.ape' Remote Buffer Overflow Microsoft Excel - Buffer Overflow Microsoft Excel - Remote Buffer Overflow OpenMyZip 0.1 - '.zip' Buffer Overflow OpenMyZip 0.1 - '.zip' Remote Buffer Overflow Achat 0.150 beta7 - Buffer Overflow (Metasploit) Achat 0.150 beta7 - Remote Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'MKD' Buffer Overflow PCMan FTP Server 2.0.7 - 'MKD' Remote Buffer Overflow WebDrive 12.2 (Build #4172) - Buffer Overflow (PoC) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow (PoC) FileZilla Client 2.2.x - Buffer Overflow (SEH) PCMan FTP Server 2.0.7 - 'PUT' Buffer Overflow FileZilla Client 2.2.x - Remote Buffer Overflow (SEH) PCMan FTP Server 2.0.7 - 'PUT' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow Achat 0.150 beta7 - Buffer Overflow Achat 0.150 beta7 - Remote Buffer Overflow AVM FRITZ!Box < 6.30 - Buffer Overflow AVM FRITZ!Box < 6.30 - Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit) Poison Ivy 2.1.x (C2 Server) - Buffer Overflow (Metasploit) Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit) TFTP Server 1.4 - 'WRQ' Buffer Overflow (Egghunter) TFTP Server 1.4 - 'WRQ' Remote Buffer Overflow (Egghunter) Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow VX Search Enterprise 9.0.26 - 'Login' Buffer Overflow Sync Breeze Enterprise 8.9.24 - 'Login' Buffer Overflow Dup Scout Enterprise 9.0.28 - 'Login' Buffer Overflow Disk Sorter Enterprise 9.0.24 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.0.32 - 'Login' Buffer Overflow Disk Pulse Enterprise 9.0.34 - 'Login' Remote Buffer Overflow VX Search Enterprise 9.0.26 - 'Login' Remote Buffer Overflow Sync Breeze Enterprise 8.9.24 - 'Login' Remote Buffer Overflow Dup Scout Enterprise 9.0.28 - 'Login' Remote Buffer Overflow Disk Sorter Enterprise 9.0.24 - 'Login' Remote Buffer Overflow Disk Savvy Enterprise 9.0.32 - 'Login' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Buffer Overflow Freefloat FTP Server 1.0 - 'ABOR' Buffer Overflow Freefloat FTP Server 1.0 - 'RMD' Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'ABOR' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'RMD' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'RENAME' Buffer Overflow PCMan FTP Server 2.0.7 - 'UMASK' Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Buffer Overflow Freefloat FTP Server 1.0 - 'RENAME' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'UMASK' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'ACCT' Buffer Overflow Freefloat FTP Server 1.0 - 'SITE ZONE' Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Buffer Overflow PCMan FTP Server 2.0.7 - 'ACCT' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'SITE ZONE' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Remote Buffer Overflow Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow' (Metasploit) Disk Pulse Enterprise 9.0.34 - 'Login' Remote Buffer Overflow (Metasploit) VX Search Enterprise 9.1.12 - 'Login' Buffer Overflow Sync Breeze Enterprise 9.1.16 - 'Login' Buffer Overflow Disk Sorter Enterprise 9.1.12 - 'Login' Buffer Overflow Dup Scout Enterprise 9.1.14 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'Login' Buffer Overflow Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow VX Search Enterprise 9.1.12 - 'Login' Remote Buffer Overflow Sync Breeze Enterprise 9.1.16 - 'Login' Remote Buffer Overflow Disk Sorter Enterprise 9.1.12 - 'Login' Remote Buffer Overflow Dup Scout Enterprise 9.1.14 - 'Login' Remote Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'Login' Remote Buffer Overflow Disk Pulse Enterprise 9.1.16 - 'Login' Remote Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'GET' Remote Buffer Overflow Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH) DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow Dup Scout Enterprise 9.1.14 - Remote Buffer Overflow (SEH) DiskBoss Enterprise 7.4.28 - 'GET' Remote Buffer Overflow DiskBoss Enterprise 7.5.12 - 'POST' Buffer Overflow (SEH) DiskBoss Enterprise 7.5.12 - 'POST' Remote Buffer Overflow (SEH) WinaXe Plus 8.7 - Buffer Overflow WinaXe Plus 8.7 - Remote Buffer Overflow Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH) Disk Savvy Enterprise 9.4.18 - Remote Buffer Overflow (SEH) SysGauge 1.5.18 - Buffer Overflow SysGauge 1.5.18 - Remote Buffer Overflow FTPShell Client 6.53 - Buffer Overflow Azure Data Expert Ultimate 2.2.16 - Buffer Overflow FTPShell Client 6.53 - Remote Buffer Overflow Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow Disk Sorter Enterprise 9.5.12 - 'GET' Buffer Overflow (SEH) Disk Sorter Enterprise 9.5.12 - 'GET' Remote Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET 'PassWD' Remote Buffer Overflow (SEH) Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Buffer Overflow Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH) Sync Breeze Enterprise 9.5.16 - 'GET' Remote Buffer Overflow (SEH) LabF nfsAxe 3.7 FTP Client - Buffer Overflow (SEH) LabF nfsAxe 3.7 FTP Client - Remote Buffer Overflow (SEH) EFS Easy Chat Server 3.1 - Buffer Overflow (SEH) EFS Easy Chat Server 3.1 - Remote Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow Easy File Sharing Web Server 7.2 - 'POST' Remote Buffer Overflow Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow (DEP Bypass) SpyCamLizard 1.230 - Buffer Overflow Easy File Sharing Web Server 7.2 - 'POST' Remote Buffer Overflow (DEP Bypass) SpyCamLizard 1.230 - Remote Buffer Overflow Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (DEP Bypass) Easy File Sharing Web Server 7.2 - GET 'PassWD' Remote Buffer Overflow (DEP Bypass) FTPGetter 5.89.0.85 - Buffer Overflow (SEH) FTPGetter 5.89.0.85 - Remote Buffer Overflow (SEH) DiskBoss Enterprise 8.2.14 - Buffer Overflow DiskBoss Enterprise 8.2.14 - Remote Buffer Overflow Dup Scout Enterprise 9.9.14 - Buffer Overflow (SEH) Disk Savvy Enterprise 9.9.14 - Buffer Overflow (SEH) Sync Breeze Enterprise 9.9.16 - Buffer Overflow (SEH) Disk Pulse Enterprise 9.9.16 - Buffer Overflow (SEH) Dup Scout Enterprise 9.9.14 - Remote Buffer Overflow (SEH) Disk Savvy Enterprise 9.9.14 - Remote Buffer Overflow (SEH) Sync Breeze Enterprise 9.9.16 - Remote Buffer Overflow (SEH) Disk Pulse Enterprise 9.9.16 - Remote Buffer Overflow (SEH) Gh0st Client (C2 Server) - Buffer Overflow (Metasploit) Gh0st Client (C2 Server) - Remote Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow (Metasploit) Lockstep Backup for Workgroups 4.0.3 - Buffer Overflow (Metasploit) Disk Pulse Server 2.2.34 - 'GetServerInfo' Buffer Overflow (Metasploit) haneWIN DNS Server 1.5.3 - Buffer Overflow (Metasploit) Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow (Metasploit) Disk Pulse Server 2.2.34 - 'GetServerInfo' Remote Buffer Overflow (Metasploit) haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (Metasploit) Sync Breeze Enterprise 10.0.28 - Buffer Overflow Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow VX Search Enterprise 10.1.12 - Buffer Overflow Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit) VX Search Enterprise 10.1.12 - Remote Buffer Overflow Sync Breeze Enterprise 10.1.16 - Remote Buffer Overflow (SEH) (Metasploit) Ayukov NFTP FTP Client < 2.0 - Buffer Overflow Ayukov NFTP FTP Client < 2.0 - Remote Buffer Overflow Avaya OfficeScan (IPO) < 10.1 - 'SoftConsole' Buffer Overflow (SEH) Avaya OfficeScan (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH) Dup Scout Enterprise 10.0.18 - 'Login' Buffer Overflow Sync Breeze Enterprise 10.1.16 - 'POST' Buffer Overflow Dup Scout Enterprise 10.0.18 - 'Login' Remote Buffer Overflow Sync Breeze Enterprise 10.1.16 - 'POST' Remote Buffer Overflow	2017-11-24 05:02:25 +00:00

... 3 4 5 6 7 ...

1656 commits