Offensive Security
f1e68e0b1d
DB: 2016-09-15
...
3 new exploits
Android - getpidcon Usage binder Service Replacement Race Condition
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
Apache Mina 2.0.13 - Remote Command Execution
2016-09-15 05:07:49 +00:00
Offensive Security
d5138d6962
DB: 2016-09-14
...
17 new exploits
Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script
Cherry Music 0.35.1 - Arbitrary File Disclosure
Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation
Windows x86 - Password Protected TCP Bind Shell (637 bytes)
wdCalendar 2 - SQL Injection
Zapya Desktop 1.803 - (ZapyaService.exe) Privilege Escalation
Exper EWM-01 ADSL/MODEM - Unauthenticated DNS Change
Open-Xchange App Suite 7.8.2 - Cross Site Scripting
Open-Xchange Guard 2.4.2 - Multiple Cross Site Scripting
Multiple Icecream Apps - Insecure File Permissions Privilege Escalation
WinSMS 3.43 - Insecure File Permissions Privilege Escalation
Microsoft Internet Explorer 11.0.9600.18482 - Use After Free
AIOCP 1.3.x - 'cp_dpage.php' Full Path Disclosure
AIOCP 1.3.x - Multiple Vulnerabilities
ASUS DSL-X11 ADSL Router - Unauthenticated DNS Change
COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change
Tenda ADSL2/2+ Modem 963281TAN - Unauthenticated DNS Change
PLANET VDR-300NU ADSL Router - Unauthenticated DNS Change
PIKATEL 96338WS_ 96338L-2M-8M - Unauthenticated DNS Change
Inteno EG101R1 VoIP Router - Unauthenticated DNS Change
2016-09-14 05:08:39 +00:00
Offensive Security
28e25eeea1
DB: 2016-09-13
...
1 new exploits
Too many to list!
2016-09-13 05:08:52 +00:00
Offensive Security
094f4ef355
DB: 2016-09-12
2016-09-12 05:08:21 +00:00
Offensive Security
b621d13801
DB: 2016-09-11
2016-09-11 05:08:43 +00:00
Offensive Security
7607be84a3
DB: 2016-09-10
...
3 new exploits
freeSSHd 1.2.1 - Remote Stack Overflow PoC (Authenticated)
freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
freeSSHd 1.2.1 - (Authenticated) Remote SEH Overflow
freeSSHd 1.2.1 - Authenticated Remote SEH Overflow
Debian OpenSSH - (Authenticated) Remote SELinux Privilege Elevation Exploit
Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit
AvailScript Jobs Portal Script - (Authenticated) (jid) SQL Injection
AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection
AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload
AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload
Serv-U 7.3 - (Authenticated) (stou con:1) Denial of Service
Serv-U 7.3 - (Authenticated) Remote FTP File Replacement
Serv-U 7.3 - Authenticated (stou con:1) Denial of Service
Serv-U 7.3 - Authenticated Remote FTP File Replacement
freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow PoC
freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC
LoudBlog 0.8.0a - (Authenticated) (ajax.php) SQL Injection
LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection
freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow PoC
freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC
Hannon Hill Cascade Server - (Authenticated) Command Execution
Hannon Hill Cascade Server - Authenticated Command Execution
Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities
Telnet-Ftp Service Server 1.x - Authenticated Multiple Vulnerabilities
Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities
Femitter FTP Server 1.x - Authenticated Multiple Vulnerabilities
Cpanel - (Authenticated) (lastvisit.html domain) Arbitrary File Disclosure
Cpanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure
MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String PoC
MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC
FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service
FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service
NetAccess IP3 - (Authenticated) (ping option) Command Injection
NetAccess IP3 - Authenticated (ping option) Command Injection
Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow
Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow
Apache Axis2 Administration console - (Authenticated) Cross-Site Scripting
Apache Axis2 Administration console - Authenticated Cross-Site Scripting
Easy FTP Server 1.7.0.11 - (Authenticated) 'MKD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'CWD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow (Metasploit)
Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit)
UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow
UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflow
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow
ActFax Server FTP - (Authenticated) Remote Buffer Overflow
ActFax Server FTP - Authenticated Remote Buffer Overflow
Oracle Database - Protocol Authentication Bypass
Oracle Database - Protocol Authentication Bypass
IRIS Citations Management Tool - (Authenticated) Remote Command Execution
IRIS Citations Management Tool - Authenticated Remote Command Execution
Airmail 3.0.2 - Cross-Site Scripting
LamaHub 0.0.6.2 - Buffer Overflow
Vodafone Mobile Wifi - Reset Admin Password
Zabbix 2.0 - 3.0.3 - SQL Injection
Zabbix 2.0 < 3.0.3 - SQL Injection
Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution
Acuity CMS 2.6.2 - (ASP) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution
GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution
GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution
Alfresco - /proxy endpoint Parameter Server Side Request Forgery (SSRF)
Alfresco - /cmisbrowser url Parameter Server Side Request Forgery (SSRF)
Alfresco - /proxy endpoint Parameter Server Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server Side Request Forgery
vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery (SSRF)
vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery
2016-09-10 05:08:39 +00:00
Offensive Security
0be1ea959a
DB: 2016-09-09
...
11 new exploits
Samba 3.0.4 - SWAT Authorization Buffer Overflow
Samba 3.0.4 SWAT - Authorisation Buffer Overflow
Apache OpenSSL - 'OpenFuckV2.c' Remote Exploit
Apache/mod_ssl (< 2.8.7) OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)
HP-UX FTP Server - Pre-Authentication Directory Listing Exploit (Metasploit)
HP-UX FTP Server - Unauthenticated Directory Listing Exploit (Metasploit)
WinEggDropShell 1.7 - Multiple Pre-Authentication Remote Stack Overflow (PoC)
WinEggDropShell 1.7 - Multiple Unauthenticated Remote Stack Overflow (PoC)
FileCOPA FTP Server 1.01 - (USER) Remote Pre-Authentication Denial of Service
FileCOPA FTP Server 1.01 - (USER) Remote Unauthenticated Denial of Service
Multiple Applications - Local Credentials Disclosure
Asterisk 1.2.15 / 1.4.0 - Pre-Authentication Remote Denial of Service
Asterisk 1.2.15 / 1.4.0 - Unauthenticated Remote Denial of Service
IBM Lotus Domino Server 6.5 - Pre-Authentication Remote Exploit
IBM Lotus Domino Server 6.5 - Unauthenticated Remote Exploit
Frontbase 4.2.7 - Post-Authentication Remote Buffer Overflow (2.2)
Frontbase 4.2.7 - Authenticated Remote Buffer Overflow (2.2)
IBM Tivoli Provisioning Manager - Pre-Authentication Remote Exploit
IBM Tivoli Provisioning Manager - Unauthenticated Remote Exploit
Mercury SMTPD - Remote Pre-Authentication Stack Based Overrun (PoC)
Mercury SMTPD - Remote Unauthenticated Stack Based Overrun (PoC)
Mercury/32 4.51 - SMTPD CRAM-MD5 Pre-Authentication Remote Overflow
Mercury/32 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow
SIDVault LDAP Server - Pre-Authentication Remote Buffer Overflow
Mercury/32 3.32-4.51 - SMTP Pre-Authentication EIP Overwrite
SIDVault LDAP Server - Unauthenticated Remote Buffer Overflow
Mercury/32 3.32-4.51 - SMTP Unauthenticated EIP Overwrite
Hexamail Server 3.0.0.001 - (pop3) Pre-Authentication Remote Overflow (PoC)
Hexamail Server 3.0.0.001 - (pop3) Unauthenticated Remote Overflow (PoC)
Airsensor M520 - HTTPD Remote Pre-Authentication Denial of Service / Buffer Overflow (PoC)
Airsensor M520 - HTTPD Remote Unauthenticated Denial of Service / Buffer Overflow (PoC)
Mercury/32 4.52 IMAPD - SEARCH command Post-Authentication Overflow
Mercury/32 4.52 IMAPD - SEARCH command Authenticated Overflow
SAP MaxDB 7.6.03.07 - Pre-Authentication Remote Command Execution
McAfee E-Business Server - Remote Pre-Authentication Code Execution / Denial of Service (PoC)
SAP MaxDB 7.6.03.07 - Unauthenticated Remote Command Execution
McAfee E-Business Server - Remote Unauthenticated Code Execution / Denial of Service (PoC)
MailEnable Pro/Ent 3.13 - (Fetch) Post-Authentication Remote Buffer Overflow
MailEnable Pro/Ent 3.13 - (Fetch) Authenticated Remote Buffer Overflow
NetWin Surgemail 3.8k4-4 - IMAP Post-Authentication Remote LIST Universal Exploit
NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal Exploit
HP OpenView NNM 7.5.1 - OVAS.exe SEH Pre-Authentication Overflow
HP OpenView NNM 7.5.1 - OVAS.exe SEH Unauthenticated Overflow
BigAnt Server 2.2 - Pre-Authentication Remote SEH Overflow
BigAnt Server 2.2 - Unauthenticated Remote SEH Overflow
Joomla Component JPad 1.0 - Post-Authentication SQL Injection
Joomla Component JPad 1.0 - Authenticated SQL Injection
CMS Made Simple 1.2.4 - (FileManager module) File Upload
CMS Made Simple 1.2.4 - (FileManager module) Arbitrary File Upload
freeSSHd 1.2.1 - Remote Stack Overflow PoC (Post-Authentication)
freeSSHd 1.2.1 - Remote Stack Overflow PoC (Authenticated)
freeSSHd 1.2.1 - (Post-Authentication) Remote SEH Overflow
freeSSHd 1.2.1 - (Authenticated) Remote SEH Overflow
vsftpd 2.0.5 - (CWD) Post-Authentication Remote Memory Consumption Exploit
vsftpd 2.0.5 - (CWD) Authenticated Remote Memory Consumption Exploit
Surgemail 39e-1 - Post-Authentication IMAP Remote Buffer Overflow Denial of Service
Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow Denial of Service
Debian OpenSSH - (Post-Authentication) Remote SELinux Privilege Elevation Exploit
Debian OpenSSH - (Authenticated) Remote SELinux Privilege Elevation Exploit
Oracle Internet Directory 10.1.4 - Remote Pre-Authentication Denial of Service
Oracle Internet Directory 10.1.4 - Remote Unauthenticated Denial of Service
AvailScript Jobs Portal Script - (Post-Authentication) (jid) SQL Injection
AvailScript Jobs Portal Script - (Authenticated) (jid) SQL Injection
AvailScript Jobs Portal Script - (Post-Authentication) File Upload
AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload
Serv-U 7.3 - (Post-Authentication) (stou con:1) Denial of Service
Serv-U 7.3 - (Post-Authentication) Remote FTP File Replacement
Serv-U 7.3 - (Authenticated) (stou con:1) Denial of Service
Serv-U 7.3 - (Authenticated) Remote FTP File Replacement
Microsoft PicturePusher - ActiveX Cross-Site File Upload Attack (PoC)
Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Attack (PoC)
Noticeware E-mail Server 5.1.2.2 - (POP3) Pre-Authentication Denial of Service
Noticeware E-mail Server 5.1.2.2 - (POP3) Unauthenticated Denial of Service
freeSSHd 1.2.1 - (Post-Authentication) SFTP rename Remote Buffer Overflow PoC
freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow PoC
LoudBlog 0.8.0a - (Post-Authentication) (ajax.php) SQL Injection
LoudBlog 0.8.0a - (Authenticated) (ajax.php) SQL Injection
freeSSHd 1.2.1 - (Post-Authentication) SFTP realpath Remote Buffer Overflow PoC
freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow PoC
AJ Auction Authentication - Bypass Exploit
AJ Auction - Authentication Bypass
Simple Directory Listing 2 - Cross-Site File Upload
Simple Directory Listing 2 - Cross-Site Arbitrary File Upload
Mini File Host 1.x - Arbitrary PHP File Upload
Mini File Host 1.x - Arbitrary .PHP File Upload
Memberkit 1.0 - Remote PHP File Upload
Memberkit 1.0 - Remote Arbitrary .PHP File Upload
WinFTP 2.3.0 - 'LIST' Post-Authentication Remote Buffer Overflow
WinFTP 2.3.0 - 'LIST' Authenticated Remote Buffer Overflow
Coppermine Photo Gallery 1.4.19 - Remote PHP File Upload
Coppermine Photo Gallery 1.4.19 - Remote Arbitrary .PHP File Upload
Free Download Manager 2.5/3.0 - (Authorization) Stack Buffer Overflow (PoC)
Free Download Manager 2.5/3.0 - Authorisation Stack Buffer Overflow (PoC)
WikkiTikkiTavi 1.11 - Remote PHP File Upload
WikkiTikkiTavi 1.11 - Remote Arbitrary.PHP File Upload
Baran CMS 1.0 - Arbitrary ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation
Baran CMS 1.0 - Arbitrary .ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation
zFeeder 1.6 - 'admin.php' Pre-Authentication
zFeeder 1.6 - 'admin.php' Unauthenticated
Addonics NAS Adapter - Post-Authentication Denial of Service
Addonics NAS Adapter - Authenticated Denial of Service
Serv-U 7.4.0.1 - (SMNT) Post-Authentication Denial of Service
Serv-U 7.4.0.1 - (SMNT) Authenticated Denial of Service
Hannon Hill Cascade Server - (Post-Authentication) Command Execution
Hannon Hill Cascade Server - (Authenticated) Command Execution
Telnet-Ftp Service Server 1.x - (Post-Authentication) Multiple Vulnerabilities
Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities
Femitter FTP Server 1.x - (Post-Authentication) Multiple Vulnerabilities
Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities
Gravity Board X 2.0b - SQL Injection / Post-Authentication Code Execution
Gravity Board X 2.0b - SQL Injection / Authenticated Code Execution
XRDP 0.4.1 - Pre-Authentication Remote Buffer Overflow (PoC)
XRDP 0.4.1 - Unauthenticated Remote Buffer Overflow (PoC)
Addonics NAS Adapter - 'bts.cgi' Post-Authentication Remote Denial of Service
Addonics NAS Adapter - 'bts.cgi' Authenticated Remote Denial of Service
Cpanel - (Post-Authentication) (lastvisit.html domain) Arbitrary File Disclosure
Cpanel - (Authenticated) (lastvisit.html domain) Arbitrary File Disclosure
MySQL 5.0.45 - (Post-Authentication) COM_CREATE_DB Format String PoC
MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String PoC
Adobe JRun 4 - (logfile) Post-Authentication Directory Traversal
Adobe JRun 4 - (logfile) Authenticated Directory Traversal
FtpXQ FTP Server 3.0 - (Post-Authentication) Remote Denial of Service
FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service
NetAccess IP3 - (Post-Authentication) (ping option) Command Injection
NetAccess IP3 - (Authenticated) (ping option) Command Injection
Joomla 1.5.12 - tinybrowser Arbitrary File Upload / Execute
Joomla 1.5.12 tinybrowser - Arbitrary File Upload /Execution
Cerberus FTP server 3.0.6 - Pre-Authentication Denial of Service
Cerberus FTP server 3.0.6 - Unauthenticated Denial of Service
HP NNM 7.53 - ovalarm.exe CGI Pre-Authentication Remote Buffer Overflow
HP NNM 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow
Novell eDirectory 8.8 SP5 - (Post-Authentication) Remote Buffer Overflow
Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow
httpdx 1.5.2 - Remote Pre-Authentication Denial of Service (PoC)
httpdx 1.5.2 - Remote Unauthenticated Denial of Service (PoC)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Crash (PoC)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Crash (PoC)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Remote Exploit
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Exploit
Easy~Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow
Easy~Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow (SEH) (PoC)
Easy~Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow (PoC)
Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow
Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow (SEH) (PoC)
Easy~Ftp Server 1.7.0.2 - Authenticated Buffer Overflow (PoC)
httpdx 1.5.3b - Multiple Remote Pre-Authentication Denial of Service (PoC)
httpdx 1.5.3b - Multiple Remote Unauthenticated Denial of Service (PoC)
Kerio MailServer 6.2.2 - Pre-Authentication Remote Denial of Service (PoC)
Kerio MailServer 6.2.2 - Unauthenticated Remote Denial of Service (PoC)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Buffer Overflow (Metasploit)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Buffer Overflow (Metasploit)
eDisplay Personal FTP server 1.0.0 - Pre-Authentication Denial of Service (PoC)
eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Crash SEH (PoC)
eDisplay Personal FTP server 1.0.0 - Unauthenticated Denial of Service (PoC)
eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Crash SEH (PoC)
eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack Buffer Overflow (1)
eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (1)
eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack Buffer Overflow (2)
eDisplay Personal FTP server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (2)
uTorrent WebUI 0.370 - Authorization header Denial of Service
uTorrent WebUI 0.370 - Authorisation Header Denial of Service
Easy Ftp Server 1.7.0.2 - MKD Remote Post-Authentication Buffer Overflow
Easy Ftp Server 1.7.0.2 - MKD Remote Authenticated Buffer Overflow
ProSSHD 1.2 - Remote Post-Authentication Exploit (ASLR + DEP Bypass)
ProSSHD 1.2 - Remote Authenticated Exploit (ASLR + DEP Bypass)
Apache Axis2 Administration console - (Post-Authentication) Cross-Site Scripting
Apache Axis2 Administration console - (Authenticated) Cross-Site Scripting
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Pre-Authentication Denial of Service
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Unauthenticated Denial of Service
BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ALSR + DEP Bypass)
BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass)
dotDefender 3.8-5 - Pre-Authentication Remote Code Execution (via Cross-Site Scripting)
dotDefender 3.8-5 - Unauthenticated Remote Code Execution (via Cross-Site Scripting)
Easy FTP Server 1.7.0.11 - (Post-Authentication) 'MKD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Post-Authentication) 'LIST' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'MKD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Post-Authentication) 'CWD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'CWD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Post-Authentication) 'LIST' Command Remote Buffer Overflow (Metasploit)
Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow (Metasploit)
UPlusFTP Server 1.7.1.01 - (Post-Authentication) HTTP Remote Buffer Overflow
UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Post-Authentication) Multiple Commands Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflow
Achievo 1.4.3 - Multiple Authorization Flaws
Achievo 1.4.3 - Multiple Authorisation Flaws
PHPMotion 1.62 - 'FCKeditor' File Upload
PHPMotion 1.62 - 'FCKeditor' Arbitrary File Upload
Home FTP Server 1.11.1.149 - Post-Authentication Directory Traversal
Home FTP Server 1.11.1.149 - Authenticated Directory Traversal
News Script PHP Pro - 'FCKeditor' File Upload
News Script PHP Pro - 'FCKeditor' Arbitrary File Upload
Microsoft Windows 2003 - AD Pre-Authentication BROWSER ELECTION Remote Heap Overflow
Microsoft Windows 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Post-Authentication) Remote Buffer Overflow
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow
Vtiger CRM 5.0.4 - Pre-Authentication Local File Inclusion
Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion
HP OpenView NNM 7.53/7.51 - OVAS.exe Pre-Authentication Stack Buffer Overflow
HP OpenView NNM 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow
MailEnable - Authorization Header Buffer Overflow
MailEnable - Authorisation Header Buffer Overflow
ColdFusion 8.0.1 - Arbitrary File Upload and Execution
Adobe RoboHelp Server 8 - Arbitrary File Upload and Execution
ColdFusion 8.0.1 - Arbitrary File Upload / Execution
Adobe RoboHelp Server 8 - Arbitrary File Upload / Execution
OpenX - banner-edit.php File Upload PHP Code Execution
OpenX - banner-edit.php Arbitrary File Upload / PHP Code Execution
Joomla 1.5.12 - tinybrowser File Upload Code Execution
Joomla 1.5.12 tinybrowser - Arbitrary File Upload / Code Execution
N_CMS 1.1E - Pre-Authentication Local File Inclusion / Remote Code Exploit
N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code Exploit
If-CMS 2.07 - Pre-Authentication Local File Inclusion (1)
If-CMS 2.07 - Unauthenticated Local File Inclusion (1)
IPComp - encapsulation Pre-Authentication kernel memory Corruption
IPComp - encapsulation Unauthenticated kernel memory Corruption
SQL-Ledger 2.8.33 - Post-Authentication Local File Inclusion / Edit
SQL-Ledger 2.8.33 - Authenticated Local File Inclusion / Edit
Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (DEP + ASLR Bypass)
Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (ASLR + DEP Bypass)
Easy Ftp Server 1.7.0.2 - Post-Authentication Buffer Overflow
Easy Ftp Server 1.7.0.2 - Authenticated Buffer Overflow
ActFax Server FTP - (Post-Authentication) Remote Buffer Overflow
ActFax Server FTP - (Authenticated) Remote Buffer Overflow
If-CMS 2.07 - Pre-Authentication Local File Inclusion (Metasploit) (2)
If-CMS 2.07 - Unauthenticated Local File Inclusion (Metasploit) (2)
DVD X Player 5.5.0 Pro / Standard - Universal Exploit (DEP + ASLR Bypass)
DVD X Player 5.5.0 Pro / Standard - Universal Exploit (ASLR + DEP Bypass)
DVD X Player 5.5 Pro - (SEH DEP + ASLR Bypass) Exploit
DVD X Player 5.5 Pro - (SEH + ASLR + DEP Bypass) Exploit
TomatoCart 1.1 - Post-Authentication Local File Inclusion
TomatoCart 1.1 - Authenticated Local File Inclusion
BlazeVideo HDTV Player 6.6 Professional - Universal DEP + ASLR Bypass
BlazeVideo HDTV Player 6.6 Professional - Universal ASLR + DEP Bypass
QuiXplorer 2.3 - Bugtraq File Upload
QuiXplorer 2.3 - Bugtraq Arbitrary File Upload
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR Bypass (Metasploit)
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit)
Avaya WinPDM UniteHostRouter 3.8.2 - Remote Pre-Authentication Command Execution
Avaya WinPDM UniteHostRouter 3.8.2 - Remote Unauthenticated Command Execution
Sysax Multi Server 5.53 - SFTP Post-Authentication SEH Exploit
Sysax 5.53 - SSH 'Username' Buffer Overflow Pre-Authentication Remote Code Execution (Egghunter)
Sysax Multi Server 5.53 - SFTP Authenticated SEH Exploit
Sysax 5.53 - SSH 'Username' Buffer Overflow Unauthenticated Remote Code Execution (Egghunter)
BlazeVideo HDTV Player 6.6 Professional - SEH & DEP & ASLR
BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass
Dolibarr ERP & CRM 3 - Post-Authentication OS Command Injection
Dolibarr ERP & CRM 3 - Authenticated OS Command Injection
V-CMS - PHP File Upload and Execution
V-CMS - Arbitrary .PHP File Upload / Execution
WebCalendar 1.2.4 - Pre-Authentication Remote Code Injection
WebCalendar 1.2.4 - Unauthenticated Remote Code Injection
appRain CMF - Arbitrary PHP File Upload
appRain CMF - Arbitrary .PHP File Upload
EGallery - PHP File Upload
EGallery - Arbitrary .PHP File Upload
SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Post-Authentication SQL Injection
SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Authenticated SQL Injection
WordPress Front End Upload 0.5.4.4 Plugin - Arbitrary PHP File Upload
WordPress Front End Upload 0.5.4.4 Plugin - Arbitrary .PHP File Upload
WebPageTest - Arbitrary PHP File Upload
WebPageTest - Arbitrary .PHP File Upload
XODA 0.4.5 - Arbitrary PHP File Upload
XODA 0.4.5 - Arbitrary .PHP File Upload
Elcom CMS 7.4.10 - Community Manager Insecure File Upload
Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload
Trend Micro Control Manager 5.5/6.0 AdHocQuery - Post-Authentication Blind SQL Injection
Trend Micro Control Manager 5.5/6.0 AdHocQuery - Authenticated Blind SQL Injection
Mod_SSL 2.8.x - Off-by-One HTAccess Buffer Overflow
Apache/mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow
Dropbox Desktop Client 9.4.49 (64bit) - Local Credentials Disclosure
OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow (1)
OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow (2)
Apache/mod_ssl (< 2.8.7) OpenSSL - 'OpenFuck.c' Remote Exploit (1)
Apache/mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit
qdPM 7.0 - Arbitrary PHP File Upload
qdPM 7.0 - Arbitrary .PHP File Upload
Oracle Database - Authentication Protocol Security Bypass
Oracle Database - Protocol Authentication Bypass
Mod_NTLM 0.x - Authorization Heap Overflow
Mod_NTLM 0.x - Authorisation Heap Overflow
Mod_NTLM 0.x - Authorization Format String
Mod_NTLM 0.x - Authorisation Format String
Geeklog 1.3.x - Authentication SQL Injection
Geeklog 1.3.x - Authenticated SQL Injection
NFR Agent FSFUI Record - Arbitrary File Upload Remote Code Execution
NFR Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution
PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload and Execution
PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload / Execution
MySQL - Remote Pre-Authentication User Enumeration
MySQL - Remote Unauthenticated User Enumeration
vbPortal 2.0 alpha 8.1 - Authentication SQL Injection
vbPortal 2.0 alpha 8.1 - Authenticated SQL Injection
DameWare Mini Remote Control Server 3.7x - Pre-Authentication Buffer Overflow (1)
DameWare Mini Remote Control Server 3.7x - Pre-Authentication Buffer Overflow (2)
DameWare Mini Remote Control Server 3.7x - Pre-Authentication Buffer Overflow (3)
DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (1)
DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (2)
DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (3)
WordPress WP-Property Plugin - PHP File Upload
WordPress Asset-Manager Plugin - PHP File Upload
WordPress WP-Property Plugin - Arbitrary .PHP File Upload
WordPress Asset-Manager Plugin - Arbitrary .PHP File Upload
Ubiquiti AirOS 5.5.2 - Remote Post-Authentication Root Command Execution
Ubiquiti AirOS 5.5.2 - Remote Authenticated Root Command Execution
RobotFTP Server 1.0/2.0 - Remote Pre-Authentication Command Denial of Service
RobotFTP Server 1.0/2.0 - Remote Unauthenticated Command Denial of Service
SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorization Request Denial of Service (1)
SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorization Request Denial of Service (2)
SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service (1)
SureCom EP-9510AX/EP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service (2)
Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload and Execution
Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload / Execution
Firebird 1.0 - Remote Pre-Authentication Database Name Buffer Overrun
Firebird 1.0 - Remote Unauthenticated Database Name Buffer Overrun
Novell NCP - Pre-Authentication Remote Root Exploit
Novell NCP - Unauthenticated Remote Root Exploit
Polar Helpdesk 3.0 - Cookie Based Authentication System Bypass
Polar Helpdesk 3.0 - Cookie Based Authentication Bypass
IRIS Citations Management Tool - (Post-Authentication) Remote Command Execution
IRIS Citations Management Tool - (Authenticated) Remote Command Execution
Polycom HDX - Telnet Authorization Bypass (Metasploit)
Polycom HDX - Telnet Authentication Bypass (Metasploit)
OpenEMR - PHP File Upload
OpenEMR - Arbitrary .PHP File Upload
PolarPearCMS - PHP File Upload
PolarPearCMS - Arbitrary .PHP File Upload
Apache 2.0.x - mod_ssl Remote Denial of Service
Apache/mod_ssl 2.0.x - Remote Denial of Service
phpWebSite 0.x - Image File Processing Arbitrary PHP File Upload
phpWebSite 0.x - Image File Processing Arbitrary .PHP File Upload
BetaParticle blog 2.0/3.0 - upload.asp Unauthenticated File Upload
BetaParticle blog 2.0/3.0 - upload.asp Unauthenticated Arbitrary File Upload
BlueSoleil 1.4 - Object Push Service BlueTooth File Upload Directory Traversal
BlueSoleil 1.4 - Object Push Service BlueTooth Arbitrary File Upload / Directory Traversal
MoinMoin - twikidraw Action Traversal File Upload
MoinMoin - twikidraw Action Traversal Arbitrary File Upload
Mikrotik RouterOS sshd (ROSSSH) - Remote Pre-Authentication Heap Corruption
Mikrotik RouterOS sshd (ROSSSH) - Remote Unauthenticated Heap Corruption
Alt-N MDaemon 2-8 - Remote Pre-Authentication IMAP Buffer Overflow
Alt-N MDaemon 2-8 - Remote Unauthenticated IMAP Buffer Overflow
FlexWATCH 3.0 - AIndex.asp Authorization Bypass
FlexWATCH 3.0 - AIndex.asp Authentication Bypass
HP ProCurve Manager - SNAC UpdateDomainControllerServlet File Upload
HP ProCurve Manager SNAC - UpdateCertificatesServlet File Upload
HP ProCurve Manager - SNAC UpdateDomainControllerServlet Arbitrary File Upload
HP ProCurve Manager SNAC - UpdateCertificatesServlet Arbitrary File Upload
WordPress Curvo Themes - Cross-Site Request Forgery File Upload
WordPress Curvo Themes - Cross-Site Request Forgery / Arbitrary File Upload
WordPress Highlight Premium Theme - Cross-Site Request Forgery / File Upload
WordPress Highlight Premium Theme - Cross-Site Request Forgery / Arbitrary File Upload
PHPBB2 - Admin_Ug_Auth.php Administrative Security Bypass
PHPBB2 - Admin_Ug_Auth.php Administrative Bypass
Adobe Acrobat Reader - ASLR + DEP Bypass with SANDBOX Bypass
Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass
Castripper 2.50.70 - '.pls' DEP Exploit
Castripper 2.50.70 - '.pls' DEP Bypass Exploit
Google Urchin 5.7.3 - Report.cgi Authorization Bypass
Google Urchin 5.7.3 - Report.cgi Authentication Bypass
Adobe Flash - Method Calls Use-After-Free
Adobe Flash - Transform.colorTranform Getter Info Leak
RSA Authentication Agent for Web 5.3 - URI redirection
RSA Authentication Agent for Web 5.3 - URI Redirection
Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
Zabbix 2.0 - 3.0.3 - SQL Injection
ClassSystem 2.0/2.3 - class/ApplyDB.php Unrestricted Arbitrary File Upload Arbitrary Code Execution
ClassSystem 2.0/2.3 - class/ApplyDB.php Unrestricted Arbitrary File Upload / Arbitrary Code Execution
Apple iCloud Desktop Client 5.2.1.0 - Local Credentials Disclosure
LogMeIn Client 1.3.2462 (64bit) - Local Credentials Disclosure
SpagoBI 4.0 - Arbitrary Cross-Site Scripting / File Upload
SpagoBI 4.0 - Arbitrary Cross-Site Scripting / Arbitrary File Upload
Katello (Red Hat Satellite) - users/update_roles Missing Authorization
Katello (Red Hat Satellite) - users/update_roles Missing Authorisation
Freepbx 13.0.x < 13.0.154 - Remote Command Execution
FreePBX 13.0.x < 13.0.154 - Unauthenticated Remote Command Execution
Jobberbase 2.0 - Multiple Vulnerabilities
Windows x86 - Bind Shell TCP Shellcode
WordPress MailPoet Newsletters 2.6.8 Plugin - (wysija-newsletters) Unauthenticated File Upload
WordPress MailPoet Newsletters 2.6.8 Plugin - (wysija-newsletters) Unauthenticated Arbitrary File Upload
Bits Video Script 2.04/2.05 - 'addvideo.php' File Upload / Arbitrary PHP Code Execution
Bits Video Script 2.04/2.05 - 'register.php' File Upload / Arbitrary PHP Code Execution
Bits Video Script 2.04/2.05 - 'addvideo.php' Arbitrary File Upload / Arbitrary PHP Code Execution
Bits Video Script 2.04/2.05 - 'register.php' Arbitrary File Upload / Arbitrary PHP Code Execution
Moab < 7.2.9 - Authorization Bypass
Moab < 7.2.9 - Authentication Bypass
Tapatalk for vBulletin 4.x - Pre-Authentication Blind SQL Injection
Tapatalk for vBulletin 4.x - Unauthenticated Blind SQL Injection
Drupal Core < 7.32 - Pre-Authentication SQL Injection
Drupal Core < 7.32 - Unauthenticated SQL Injection
Tincd - Post-Authentication Remote TCP Stack Buffer Overflow
Tincd - Authenticated Remote TCP Stack Buffer Overflow
PMB 4.1.3 - Post-Authentication SQL Injection
PMB 4.1.3 - Authenticated SQL Injection
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Pre-Authentication Remote Code Execution
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Unauthenticated Remote Code Execution
ManageEngine Multiple Products - Authenticated File Upload
ManageEngine Multiple Products - Authenticated Arbitrary File Upload
Chyrp 2.x - swfupload Extension upload_handler.php File Upload Arbitrary PHP Code Execution
X360 VideoPlayer ActiveX Control 2.6 - (Full ASLR + DEP Bypass)
Chyrp 2.x - swfupload Extension upload_handler.php Arbitrary File Upload / Arbitrary PHP Code Execution
X360 VideoPlayer ActiveX Control 2.6 - (ASLR + DEP Bypass)
Seagate Business NAS 2014.00319 - Pre-Authentication Remote Code Execution
Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution
Symantec Web Gateway 5 - restore.php Post-Authentication Command Injection
Symantec Web Gateway 5 - restore.php Authenticated Command Injection
JBoss Seam 2 - Arbitrary File Upload and Execution
JBoss Seam 2 - Arbitrary File Upload / Execution
Barracuda Firmware 5.0.0.012 - Post-Authentication Remote Root Exploit (Metasploit)
Barracuda Firmware 5.0.0.012 - Authenticated Remote Root Exploit (Metasploit)
Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted File Upload / Arbitrary Code Execution
Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted Arbitrary File Upload / Arbitrary Code Execution
WordPress RevSlider 3.0.95 Plugin - Arbitrary File Upload and Execution
WordPress RevSlider 3.0.95 Plugin - Arbitrary File Upload / Execution
JibberBook 2.3 - 'Login_form.php' Authentication Security Bypass
JibberBook 2.3 - 'Login_form.php' Authentication Bypass
Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter File Upload / Code Execution
Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution
Zenoss 3.2.1 - Remote Post-Authentication Command Execution
Zenoss 3.2.1 - Remote Authenticated Command Execution
Microweber 1.0.3 - Arbitrary File Upload Filter Bypass Remote PHP Code Execution
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / Remote PHP Code Execution
Magento CE < 1.9.0.1 - Post-Authentication Remote Code Execution
Magento CE < 1.9.0.1 - Authenticated Remote Code Execution
Netsweeper 4.0.9 - Arbitrary File Upload and Execution
Netsweeper 4.0.9 - Arbitrary File Upload / Execution
Netsweeper 4.0.8 - Arbitrary File Upload and Execution
Netsweeper 4.0.8 - Arbitrary File Upload / Execution
EasyITSP - 'customers_edit.php' Authentication Security Bypass
EasyITSP - 'customers_edit.php' Authentication Bypass
Wolf CMS - Arbitrary File Upload and Execution
Wolf CMS - Arbitrary File Upload / Execution
Konica Minolta FTP Utility 1.00 - Post-Authentication CWD Command SEH Overflow
Konica Minolta FTP Utility 1.00 - Authenticated CWD Command SEH Overflow
GLPI 0.85.5 - Remote Code Execution (via File Upload Filter Bypass)
GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution
Dream CMS 2.3.0 - Cross-Site Request Forgery Add Extension / Arbitrary File Upload PHP Code Execution
Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution
vBulletin 5.1.x - Pre-Authentication Remote Code Execution
vBulletin 5.1.x - Unauthenticated Remote Code Execution
WordPress Ninja Forms 2.7.7 Plugin - Authorization Bypass
WordPress WP to Twitter Plugin - Authorization Bypass
WordPress Ninja Forms 2.7.7 Plugin - Authentication Bypass
WordPress WP to Twitter Plugin - Authentication Bypass
Novell ServiceDesk - Authenticated File Upload
Novell ServiceDesk - Authenticated Arbitrary File Upload
Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated File Upload
Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated Arbitrary File Upload
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal DEP + ASLR Bypass)
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal ASLR + DEP Bypass)
phpATM 1.32 - Remote Command Execution (Arbitrary File Upload) on Windows Servers
phpATM 1.32 - Arbitrary File Upload / Remote Command Execution (Windows Servers)
vBulletin 5.x/4.x - Post-Authentication Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x - Post-Authentication SQL Injection in breadcrumbs via xmlrpc API
vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Post-Authentication Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Post-Authentication Remote Root Exploit (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Post-Authentication Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Root Exploit (Metasploit)
phpMyAdmin 4.6.2 - Post-Authentication Remote Code Execution
phpMyAdmin 4.6.2 - Authenticated Remote Code Execution
vBulletin 5.2.2 - Pre-Authentication Server Side Request Forgery (SSRF)
vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery (SSRF)
ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authorization Bypass
ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authentication Bypass
2016-09-09 05:09:09 +00:00
Offensive Security
2aa9d941de
DB: 2016-09-08
...
6 new exploits
Too many to list!
2016-09-08 05:08:29 +00:00
Offensive Security
d36011b4f9
DB: 2016-09-07
...
3 new exploits
Too many to list!
2016-09-07 05:09:19 +00:00
Offensive Security
479ae86249
DB: 2016-09-06
...
5 new exploits
ProFTPD 1.2.9RC1 - (mod_sql) SQL Injection
ProFTPd 1.2.9RC1 - (mod_sql) SQL Injection
PHPBB 2.0.4 - PHP Remote File Inclusion Exploit
phpBB 2.0.4 - PHP Remote File Inclusion Exploit
wu-ftpd 2.6.2 - Off-by-One Remote Root Exploit
WU-FTPD 2.6.2 - Off-by-One Remote Root Exploit
wu-ftpd 2.6.2 - Remote Root Exploit
WU-FTPD 2.6.2 - Remote Root Exploit
ProFTPD 1.2.9rc2 - ASCII File Remote Root Exploit
ProFTPd 1.2.9rc2 - ASCII File Remote Root Exploit
ProFTPD 1.2.7 < 1.2.9rc2 - Remote Root / brute-force Exploit
ProFTPd 1.2.7 < 1.2.9rc2 - Remote Root / brute-force Exploit
wu-ftpd 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service
WU-FTPD 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service
wu-ftpd 2.6.0 - Remote Root Exploit
WU-FTPD 2.6.0 - Remote Root Exploit
OpenBSD 2.6 / 2.7ftpd - Remote Exploit
OpenBSD 2.6 / 2.7 ftpd - Remote Exploit
wu-ftpd 2.6.0 - Remote Format Strings Exploit
WU-FTPD 2.6.0 - Remote Format Strings Exploit
ProFTPD 1.2.0 (rc2) - memory leakage example Exploit
ProFTPd 1.2.0 (rc2) - memory leakage example Exploit
ProFTPD 1.2.0pre10 - Remote Denial of Service
ProFTPd 1.2.0pre10 - Remote Denial of Service
wu-ftpd 2.6.1 - Remote Root Exploit
WU-FTPD 2.6.1 - Remote Root Exploit
OpenFTPD 0.30.2 - Remote Exploit
OpenFTPD 0.30.1 - (message system) Remote Shell Exploit
OpenFTPd 0.30.2 - Remote Exploit
OpenFTPd 0.30.1 - (message system) Remote Shell Exploit
PHP - (PHP-exec-dir) Patch Command Access Restriction Bypass
PHP - (php-exec-dir) Patch Command Access Restriction Bypass
ProFTPd (ftpdctl) - Local pr_ctrls_connect
ProFTPd - (ftpdctl) Local pr_ctrls_connect
ProFTPD 1.2.10 - Remote Users Enumeration Exploit
ProFTPd 1.2.10 - Remote Users Enumeration Exploit
PHPBB 1.0.0 / 2.0.10 - admin_cash.php Remote Exploit
phpBB 1.0.0 / 2.0.10 - admin_cash.php Remote Exploit
PHP 4.3.9 + PHPBB 2.x - unserialize() Remote Exploit (Compiled)
PHP 4.3.9 + phpBB 2.x - unserialize() Remote Exploit (Compiled)
Apple QuickTime 6.5.2.10 - '.qtif'Image Parsing
Apple QuickTime 6.5.2.10 - '.qtif' Image Parsing
wu-ftpd 2.6.2 - File Globbing Denial of Service
WU-FTPD 2.6.2 - File Globbing Denial of Service
RealPlayer 10 - '.smil'Local Buffer Overflow
RealPlayer 10 - '.smil' Local Buffer Overflow
PHPBB 2.0.13 - 'downloads.php' mod Remote Exploit
phpBB 2.0.13 - 'downloads.php' mod Remote Exploit
PHPPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting
phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting
Invision Power Board 2.0.3 - login.php SQL Injection
Invision Power Board 2.0.3 - login.php SQL Injection (tutorial)
Invision Power Board 2.0.3 - 'login.php' SQL Injection
Invision Power Board 2.0.3 - 'login.php' SQL Injection (tutorial)
PHPStat 1.5 - (setup.php) Authentication Bypass Exploit (Perl)
PHPStat 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (1)
PHPStat 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (2)
phpStat 1.5 - (setup.php) Authentication Bypass Exploit (Perl)
phpStat 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (1)
phpStat 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (2)
Invision Power Board 1.3.1 - login.php SQL Injection
Invision Power Board 1.3.1 - 'login.php' SQL Injection
PHPBB 2.0.15 - (highlight) Remote PHP Code Execution
phpBB 2.0.15 - (highlight) Remote PHP Code Execution
Solaris SPARC / x86 - Local Socket Hijack Exploit
Solaris (SPARC / x86) - Local Socket Hijack Exploit
PHPBB 2.0.15 - Remote PHP Code Execution Exploit (Metasploit)
phpBB 2.0.15 - Remote PHP Code Execution Exploit (Metasploit)
Microsoft Windows XP SP2 - 'rdpwd.sys'Remote Kernel Denial of Service
Microsoft Windows XP SP2 - 'rdpwd.sys' Remote Kernel Denial of Service
PHPBB 2.0.13 - (admin_styles.php) Remote Command Execution Exploit
phpBB 2.0.13 - (admin_styles.php) Remote Command Execution Exploit
FreeFTPD 1.0.8 - (USER) Remote Buffer Overflow
freeFTPd 1.0.8 - (USER) Remote Buffer Overflow
FreeFTPD 1.0.10 - (PORT Command) Denial of Service
freeFTPd 1.0.10 - (PORT Command) Denial of Service
Tftpd32 2.81 - (GET Request) Format String Denial of Service (PoC)
TFTPD32 2.81 - (GET Request) Format String Denial of Service (PoC)
Microsoft HTML Help Workshop - '.hhp'Denial of Service
Microsoft HTML Help Workshop - '.hhp' Denial of Service
PHPWebSite 0.10.0-full - (topics.php) SQL Injection
phpWebSite 0.10.0-full - (topics.php) SQL Injection
Microsoft Visual Studio 6.0 sp6 - '.dbp'Buffer Overflow
Microsoft Visual Studio 6.0 sp6 - '.dbp' Buffer Overflow
PHPBookingCalendar 1.0c - (details_view.php) SQL Injection
phpBookingCalendar 1.0c - (details_view.php) SQL Injection
Navicat Premium 11.2.11 (64bit) - Local Database Password Disclosure
Microsoft Internet Explorer 6 - 'Internet.HHCtrl'Heap Overflow
Microsoft Internet Explorer 6 - 'Internet.HHCtrl' Heap Overflow
PHPBB 3 - 'memberlist.php' SQL Injection
phpBB 3 - 'memberlist.php' SQL Injection
WoW Roster 1.70 - (/lib/PHPbb.php) Remote File Inclusion
WoW Roster 1.70 - (/lib/phpBB.php) Remote File Inclusion
PHPBB XS 0.58 - (functions.php) Remote File Inclusion
phpBB XS 0.58 - (functions.php) Remote File Inclusion
phpBB XS 0.58a - (phpbb_root_path) Remote File Inclusion
phpBB XS 0.58a - (phpBB_root_path) Remote File Inclusion
phpBB Static Topics 1.0 - phpbb_root_path File Include
phpBB Static Topics 1.0 - phpBB_root_path File Include
PHPBB Security Suite Mod 1.0.0 - (logger_engine.php) Remote File Inclusion
Dimension of phpBB 0.2.6 - (phpbb_root_path) Remote File Inclusions
phpBB Security Suite Mod 1.0.0 - (logger_engine.php) Remote File Inclusion
Dimension of phpBB 0.2.6 - (phpBB_root_path) Remote File Inclusions
PHP News Reader 2.6.4 - (PHPbb.inc.php) Remote File Inclusion Exploit
PHP News Reader 2.6.4 - (phpBB.inc.php) Remote File Inclusion Exploit
PHPBB PlusXL 2.0_272 - (constants.php) Remote File Inclusion Exploit
phpBB PlusXL 2.0_272 - (constants.php) Remote File Inclusion Exploit
PHPBB Amazonia Mod - 'zufallscodepart.php' Remote File Inclusion Exploit
phpBB Amazonia Mod - 'zufallscodepart.php' Remote File Inclusion Exploit
PHPBB lat2cyr Mod 1.0.1 - (lat2cyr.php) Remote File Inclusion Exploit
phpBB lat2cyr Mod 1.0.1 - (lat2cyr.php) Remote File Inclusion Exploit
PHPBB SearchIndexer Mod - 'archive_topic.php' Remote File Inclusion Exploit
phpBB SearchIndexer Mod - 'archive_topic.php' Remote File Inclusion Exploit
PHPBB Security 1.0.1 - (PHP_security.php) Remote File Inclusion Exploit
phpBB Security 1.0.1 - (PHP_security.php) Remote File Inclusion Exploit
PGOSD - 'misc/function.php3'Remote File Inclusion
PGOSD - 'misc/function.php3' Remote File Inclusion
HP-UX 11i - (LIBC TZ enviroment variable) Privilege Escalation
HP-UX 11i - (LIBC TZ enviroment Variable) Privilege Escalation
ProFTPD 1.3.0 - (sreplace) Remote Stack Overflow (Metasploit)
ProFTPd 1.3.0 - (sreplace) Remote Stack Overflow (Metasploit)
ProFTPD 1.3.0a - (mod_ctrls support) Local Buffer Overflow (PoC)
ProFTPd 1.3.0a - (mod_ctrls support) Local Buffer Overflow (PoC)
ProFTPD 1.2.9 rc2 - (ASCII File) Remote Root Exploit
ProFTPd 1.2.9 rc2 - (ASCII File) Remote Root Exploit
Yrch 1.0 - (plug.inc.php path variable) Remote File Inclusion Exploit
Yrch 1.0 - (plug.inc.php path Variable) Remote File Inclusion Exploit
Vizayn Haber - 'haberdetay.asp id variable'SQL Injection
Vizayn Haber - 'haberdetay.asp id Variable' SQL Injection
newsCMSlite - 'newsCMS.mdb'Remote Password Disclosure
newsCMSlite - 'newsCMS.mdb' Remote Password Disclosure
iG Calendar 1.0 - (user.php id variable) SQL Injection
iG Calendar 1.0 - (user.php id Variable) SQL Injection
uniForum 4 - 'wbsearch.aspx'SQL Injection
uniForum 4 - 'wbsearch.aspx' SQL Injection
MGB 0.5.4.5 - (email.php id variable) SQL Injection
MGB 0.5.4.5 - (email.php id Variable) SQL Injection
Microsoft Help Workshop 4.03.0002 - '.CNT'Buffer Overflow
Microsoft Help Workshop 4.03.0002 - '.cnt' Buffer Overflow
Microsoft Help Workshop 4.03.0002 - '.HPJ'Buffer Overflow
Microsoft Help Workshop 4.03.0002 - '.HPJ' Buffer Overflow
Microsoft Visual C++ - '.RC Resource Files'Local Buffer Overflow
Microsoft Visual C++ - '.RC Resource Files' Local Buffer Overflow
Phpbb Tweaked 3 - (phpbb_root_path) Remote File Inclusion
phpBB Tweaked 3 - (phpBB_root_path) Remote File Inclusion
phpBB++ Build 100 - (phpbb_root_path) Remote File Inclusion Exploit
phpBB++ Build 100 - (phpBB_root_path) Remote File Inclusion Exploit
Categories hierarchy phpBB Mod 2.1.2 - (phpbb_root_path) Remote File Inclusion Exploit
Categories hierarchy phpBB Mod 2.1.2 - (phpBB_root_path) Remote File Inclusion Exploit
ProFTPD 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (1)
ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (1)
ProFTPD 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (2)
ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (2)
News Bin Pro 5.33 - '.NBI'Local Buffer Overflow
News Bin Pro 5.33 - '.nbi' Local Buffer Overflow
Extreme PHPBB 3.0.1 - (functions.php) Remote File Inclusion Exploit
Extreme phpBB 3.0.1 - (functions.php) Remote File Inclusion Exploit
Plan 9 Kernel - 'devenv.c OTRUNC/pwrite'Local Exploit
Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local Exploit
Microsoft Windows - '.doc'Malformed Pointers Denial of Service
Microsoft Windows - '.doc' Malformed Pointers Denial of Service
GestArt Beta 1 - 'aide.php aide'Remote File Inclusion
GestArt Beta 1 - 'aide.php aide' Remote File Inclusion
ttCMS 4 - 'ez_sql.php lib_path'Remote File Inclusion
ttCMS 4 - 'ez_sql.php lib_path' Remote File Inclusion
Corel Wordperfect X3 13.0.0.565 - '.PRS'Local Buffer Overflow
Corel Wordperfect X3 13.0.0.565 - '.prs' Local Buffer Overflow
ProFTPD 1.3.0/1.3.0a - (mod_ctrls) Local Overflow (exec-shield)
ProFTPd 1.3.0/1.3.0a - (mod_ctrls) Local Overflow (exec-shield)
Winamp 5.3 - '.WMV'Remote Denial of Service
Winamp 5.3 - '.wmv' Remote Denial of Service
ACDSee 9.0 - '.XPM'Local Buffer Overflow
XnView 1.90.3 - '.XPM'Local Buffer Overflow
WEBInsta FM 0.1.4 - login.php absolute_path Remote File Inclusion Exploit
Corel Paint Shop Pro Photo 11.20 - '.CLP'Buffer Overflow
ACDSee 9.0 - '.xpm' Local Buffer Overflow
XnView 1.90.3 - '.xpm' Local Buffer Overflow
WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion Exploit
Corel Paint Shop Pro Photo 11.20 - '.clp' Buffer Overflow
ABC-View Manager 1.42 - '.PSP'Buffer Overflow
FreshView 7.15 - '.PSP'Buffer Overflow
ABC-View Manager 1.42 - '.psp' Buffer Overflow
FreshView 7.15 - '.psp' Buffer Overflow
Gimp 2.2.14 - '.ras'SUNRAS Plugin Buffer Overflow
Gimp 2.2.14 - '.ras' SUNRAS Plugin Buffer Overflow
IrfanView 4.00 - '.iff'Buffer Overflow
Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png'Buffer Overflow Exploit
IrfanView 4.00 - '.iff' Buffer Overflow
Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png' Buffer Overflow Exploit
RealPlayer 10 - '.ra'Remote Denial of Service
RealPlayer 10 - '.ra' Remote Denial of Service
Winamp 5.34 - '.mp4'Code Execution Exploit
Winamp 5.34 - '.mp4' Code Execution Exploit
Wikivi5 - 'show.php sous_rep'Remote File Inclusion
Wikivi5 - 'show.php sous_rep' Remote File Inclusion
LeadTools Raster Thumbnail Object Library - 'LTRTM14e.DLL'Buffer Overflow Exploit
LeadTools Raster Thumbnail Object Library - 'LTRTM14e.dll' Buffer Overflow Exploit
Scallywag - 'template.php path'Remote File Inclusion
Scallywag - 'template.php path' Remote File Inclusion
Simple Invoices 2007 05 25 - 'index.php submit'SQL Injection
Simple Invoices 2007 05 25 - 'index.php submit' SQL Injection
Traffic Stats - 'referralUrl.php offset'SQL Injection
Traffic Stats - 'referralUrl.php offset' SQL Injection
BBS E-Market - 'postscript.php p_mode'Remote File Inclusion
BBS E-Market - 'postscript.php p_mode' Remote File Inclusion
PHPBB Module SupaNav 1.0.0 - (link_main.php) Remote File Inclusion
phpBB Module SupaNav 1.0.0 - (link_main.php) Remote File Inclusion
bwired - 'index.php newsID'SQL Injection
bwired - 'index.php newsID' SQL Injection
CrystalPlayer 1.98 - '.mls'Local Buffer Overflow
CrystalPlayer 1.98 - '.mls' Local Buffer Overflow
PHP123 Top Sites - 'category.php cat'SQL Injection
PHP123 Top Sites - 'category.php cat' SQL Injection
Live for Speed S1/S2/Demo - '.mpr replay'Buffer Overflow
Live for Speed S1/S2/Demo - '.mpr replay' Buffer Overflow
Microsoft Visual 6 - 'VDT70.dll NotSafe'Stack Overflow
Microsoft Visual 6 - 'VDT70.dll NotSafe' Stack Overflow
Live for Speed S1/S2/Demo - '.ply'Buffer Overflow
Live for Speed S1/S2/Demo - '.spr'Buffer Overflow
CartWeaver - 'Details.cfm ProdID'SQL Injection
Prozilla Pub Site Directory - 'directory.php cat'SQL Injection
Live for Speed S1/S2/Demo - '.ply' Buffer Overflow
Live for Speed S1/S2/Demo - '.spr' Buffer Overflow
CartWeaver - 'Details.cfm ProdID' SQL Injection
Prozilla Pub Site Directory - 'directory.php cat' SQL Injection
Prozilla Webring Website Script - 'category.php cat'SQL Injection
Prozilla Webring Website Script - 'category.php cat' SQL Injection
GetMyOwnArcade - 'search.php query'SQL Injection
GetMyOwnArcade - 'search.php query' SQL Injection
ProFTPD 1.x (module mod_tls) - Remote Buffer Overflow
ProFTPd 1.x (module mod_tls) - Remote Buffer Overflow
Sisfo Kampus 2006 - 'dwoprn.php f'Remote File Download
Sisfo Kampus 2006 - 'dwoprn.php f' Remote File Download
Gelato - 'index.php post'SQL Injection
Gelato - 'index.php post' SQL Injection
modifyform - 'modifyform.html'Remote File Inclusion
modifyform - 'modifyform.html' Remote File Inclusion
phpBB Plus 1.53 - (phpbb_root_path) Remote File Inclusion
phpBB Plus 1.53 - (phpBB_root_path) Remote File Inclusion
Black Lily 2007 - 'products.php class'SQL Injection
Black Lily 2007 - 'products.php class' SQL Injection
PHPBB Mod OpenID 0.2.0 - BBStore.php Remote File Inclusion
phpBB Mod OpenID 0.2.0 - BBStore.php Remote File Inclusion
wzdftpd 0.8.0 - (USER) Remote Denial of Service
WzdFTPD 0.8.0 - (USER) Remote Denial of Service
Solaris 10 - x86/sparc sysinfo Kernel Memory Disclosure Exploit
Solaris - fifofs I_PEEK Kernel Memory Disclosure Exploit (x86/sparc)
Solaris 10 (sparc/x86) - sysinfo Kernel Memory Disclosure Exploit
Solaris (sparc/x86) - fifofs I_PEEK Kernel Memory Disclosure Exploit
Mcms Easy Web Make - 'index.php template'Local File Inclusion
Mcms Easy Web Make - 'index.php template' Local File Inclusion
MOG-WebShop - 'index.php group'SQL Injection
MOG-WebShop - 'index.php group' SQL Injection
ClipShare - 'uprofile.php UID'SQL Injection
ClipShare - 'uprofile.php UID' SQL Injection
samPHPweb - 'db.php commonpath'Remote File Inclusion
samPHPweb - 'db.php commonpath' Remote File Inclusion
RichStrong CMS - 'showproduct.asp cat'SQL Injection
RichStrong CMS - 'showproduct.asp cat' SQL Injection
Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.dsr'File Handling Buffer Overflow Exploit
Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.dsr' File Handling Buffer Overflow Exploit
IrfanView 4.10 - '.fpx'Memory Corruption Exploit
IrfanView 4.10 - '.fpx' Memory Corruption Exploit
Fully Modded PHPBB - 'kb.php' SQL Injection
Fully Modded phpBB - 'kb.php' SQL Injection
ASPapp - 'links.asp CatId'SQL Injection
ASPapp - 'links.asp CatId' SQL Injection
HIS-Webshop - 'his-webshop.pl t'Remote File Disclosure
HIS-Webshop - 'his-webshop.pl t' Remote File Disclosure
Easynet Forum Host - 'forum.php forum'SQL Injection
Easynet Forum Host - 'forum.php forum' SQL Injection
Blog PixelMotion - 'index.php categorie'SQL Injection
Blog PixelMotion - 'index.php categorie' SQL Injection
Prozilla Forum Service - 'forum.php forum'SQL Injection
Prozilla Forum Service - 'forum.php forum' SQL Injection
Ksemail - 'index.php language'Local File Inclusion
Ksemail - 'index.php language' Local File Inclusion
RX Maxsoft - 'popup_img.php fotoID'SQL Injection
RX Maxsoft - 'popup_img.php fotoID' SQL Injection
Apartment Search Script - 'listtest.php r'SQL Injection
Apartment Search Script - 'listtest.php r' SQL Injection
Jokes Site Script - 'jokes.php?catagorie'SQL Injection
Jokes Site Script - 'jokes.php?catagorie' SQL Injection
Anserv Auction XL - 'viewfaqs.php cat'SQL Injection
Anserv Auction XL - 'viewfaqs.php cat' SQL Injection
fipsCMS - 'print.asp lg'SQL Injection
fipsCMS - 'print.asp lg' SQL Injection
PostcardMentor - 'step1.asp cat_fldAuto'SQL Injection
PostcardMentor - 'step1.asp cat_fldAuto' SQL Injection
HispaH Model Search - 'cat.php cat'SQL Injection
HispaH Model Search - 'cat.php cat' SQL Injection
EMO Realty Manager - 'news.php ida'SQL Injection
The Real Estate Script - 'dpage.php docID'SQL Injection
EMO Realty Manager - 'news.php ida' SQL Injection
The Real Estate Script - 'dpage.php docID' SQL Injection
GLLCTS2 - 'listing.php sort'Blind SQL Injection
GLLCTS2 - 'listing.php sort' Blind SQL Injection
PHPMyCart - 'shop.php cat'SQL Injection
PHPMyCart - 'shop.php cat' SQL Injection
BaSiC-CMS - 'index.php r'SQL Injection
BaSiC-CMS - 'index.php r' SQL Injection
Mybizz-Classifieds - 'index.php cat'SQL Injection
Mybizz-Classifieds - 'index.php cat' SQL Injection
Carscripts Classifieds - 'index.php cat'SQL Injection
BoatScripts Classifieds - 'index.php type'SQL Injection
Carscripts Classifieds - 'index.php cat' SQL Injection
BoatScripts Classifieds - 'index.php type' SQL Injection
RSS-Aggregator - 'display.php path'Remote File Inclusion
RSS-Aggregator - 'display.php path' Remote File Inclusion
MyBlog: PHP and MySQL Blog/CMS software - SQL / Cross-Site Scripting
MyBlog: PHP and MySQL Blog/CMS software - SQL Injection / Cross-Site Scripting
CodeDB - 'list.php lang'Local File Inclusion
CodeDB - 'list.php lang' Local File Inclusion
HRS Multi - 'picture_pic_bv.asp key'Blind SQL Injection
HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection
MojoPersonals - 'mojoClassified.cgi mojo'Blind SQL Injection
MojoJobs - 'mojoJobs.cgi mojo'Blind SQL Injection
MojoAuto - 'mojoAuto.cgi mojo'Blind SQL Injection
MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection
MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection
MojoAuto - 'mojoAuto.cgi mojo' Blind SQL Injection
Youtuber Clone - 'ugroups.php UID'SQL Injection
Youtuber Clone - 'ugroups.php UID' SQL Injection
ZeeReviews - 'comments.php ItemID'SQL Injection
ZeeReviews - 'comments.php ItemID' SQL Injection
Acoustica Beatcraft 1.02 Build 19 - '.bcproj'Local Buffer Overflow Exploit
Acoustica Beatcraft 1.02 Build 19 - '.bcproj' Local Buffer Overflow Exploit
Living Local Website - 'listtest.php r'SQL Injection
Living Local Website - 'listtest.php r' SQL Injection
AWStats Totals - 'AWStatstotals.php sort'Remote Code Execution Exploit
AWStats Totals - 'AWStatstotals.php sort' Remote Code Execution Exploit
Pre Real Estate Listings - 'search.php c'SQL Injection
Pre Real Estate Listings - 'search.php c' SQL Injection
Hotel reservation System - 'city.asp city'Blind SQL Injection
Hotel reservation System - 'city.asp city' Blind SQL Injection
Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - '.forward'Local Denial of Service
Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - '.forward' Local Denial of Service
Availscript Article Script - 'view.php v'SQL Injection
Availscript Article Script - 'view.php v' SQL Injection
JETIK-WEB Software - 'sayfa.php kat'SQL Injection
JETIK-WEB Software - 'sayfa.php kat' SQL Injection
Microsoft Windows GDI+ - '.ico'Remote Division By Zero Exploit
Microsoft Windows GDI+ - '.ico' Remote Division By Zero Exploit
ArabCMS - 'rss.php rss'Local File Inclusion
ArabCMS - 'rss.php rss' Local File Inclusion
Easynet4u faq Host - 'faq.php faq'SQL Injection
Easynet4u faq Host - 'faq.php faq' SQL Injection
Real Estate Scripts 2008 - 'index.php cat'SQL Injection
Real Estate Scripts 2008 - 'index.php cat' SQL Injection
RaidenFTPD 2.4 build 3620 - Remote Denial of Service
RaidenFTPd 2.4 build 3620 - Remote Denial of Service
XOOPS Module xhresim - 'index.php no'SQL Injection
XOOPS Module xhresim - 'index.php no' SQL Injection
Solaris 9 - [UltraSPARC] sadmind Remote Root Exploit
Solaris 9 (UltraSPARC) - sadmind Remote Root Exploit
DorsaCMS - 'ShowPage.aspx'SQL Injection
YDC - 'kdlist.php cat'SQL Injection
DorsaCMS - 'ShowPage.aspx' SQL Injection
YDC - 'kdlist.php cat' SQL Injection
Aj RSS Reader - 'EditUrl.php url'SQL Injection
Aj RSS Reader - 'EditUrl.php url' SQL Injection
Aiocp 1.4 - (poll_id) SQL Injection
AIOCP 1.4 - 'poll_id' SQL Injection
SFS EZ Auction - 'viewfaqs.php cat'Blind SQL Injection
SFS EZ Career - 'content.php topic'SQL Injection
SFS EZ Top Sites - 'topsite.php ts'SQL Injection
SFS EZ Auction - 'viewfaqs.php cat' Blind SQL Injection
SFS EZ Career - 'content.php topic' SQL Injection
SFS EZ Top Sites - 'topsite.php ts' SQL Injection
SFS EZ Pub Site - 'directory.php cat'SQL Injection
SFS EZ Pub Site - 'directory.php cat' SQL Injection
AJ ARTICLE - 'featured_article.php mode'SQL Injection
AJ ARTICLE - 'featured_article.php mode' SQL Injection
YourFreeWorld Shopping Cart - 'index.php c'Blind SQL Injection
Maran PHP Shop - 'prod.php cat'SQL Injection
YourFreeWorld Shopping Cart - 'index.php c' Blind SQL Injection
Maran PHP Shop - 'prod.php cat' SQL Injection
PHP Auto Listings - 'moreinfo.php pg'SQL Injection
PHP Auto Listings - 'moreinfo.php pg' SQL Injection
VLC Media Player < 0.9.6 - '.rt'Stack Buffer Overflow
VLC Media Player < 0.9.6 - '.rt' Stack Buffer Overflow
Minigal b13 - 'index.php list'Remote File Disclosure Exploit
Minigal b13 - 'index.php list' Remote File Disclosure Exploit
VCalendar - 'VCalendar.mdb'Remote Database Disclosure
VCalendar - 'VCalendar.mdb' Remote Database Disclosure
VideoGirls BiZ - 'view_snaps.php type'Blind SQL Injection
VideoGirls BiZ - 'view_snaps.php type' Blind SQL Injection
ParsBlogger - 'blog.asp wr'SQL Injection
ParsBlogger - 'blog.asp wr' SQL Injection
BaSiC-CMS - 'acm2000.mdb'Remote Database Disclosure
BaSiC-CMS - 'acm2000.mdb' Remote Database Disclosure
cpCommerce 1.2.6 - (URL Rewrite) Input variable overwrite / Authentication Bypass
Cain & Abel 4.9.24 - '.rdp'Stack Overflow
cpCommerce 1.2.6 - (URL Rewrite) Input Variable overwrite / Authentication Bypass
Cain & Abel 4.9.24 - '.rdp' Stack Overflow
Ocean12 Mailing List Manager Gold - DD / SQL / Cross-Site Scripting
Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
Cain & Abel 4.9.23 - '.rdp'Buffer Overflow Exploit
Cain & Abel 4.9.23 - '.rdp' Buffer Overflow Exploit
User Engine Lite ASP - 'users.mdb'Database Disclosure
User Engine Lite ASP - 'users.mdb' Database Disclosure
Easy News Content Management - 'News.mdb'Database Disclosure
Easy News Content Management - 'News.mdb' Database Disclosure
RankEm - 'rankup.asp siteID'SQL Injection
RankEm - 'rankup.asp siteID' SQL Injection
Cold BBS - 'cforum.mdb'Remote Database Disclosure
Cold BBS - 'cforum.mdb' Remote Database Disclosure
ASP PORTAL - 'xportal.mdb'Remote Database Disclosure
ASP PORTAL - 'xportal.mdb' Remote Database Disclosure
Webmaster Marketplace - 'member.php u'SQL Injection
Webmaster Marketplace - 'member.php u' SQL Injection
CF_Calendar - 'calendarevent.cfm'SQL Injection
CF_Calendar - 'calendarevent.cfm' SQL Injection
CFMBLOG - 'index.cfm categorynbr'Blind SQL Injection
CFMBLOG - 'index.cfm categorynbr' Blind SQL Injection
MyCal Personal Events Calendar - 'mycal.mdb'Database Disclosure
MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure
ASPired2Quote - 'quote.mdb'Remote Database Disclosure
ASPired2Quote - 'quote.mdb' Remote Database Disclosure
CodeAvalanche FreeForum - 'CAForum.mdb'Database Disclosure
CodeAvalanche FreeForum - 'CAForum.mdb' Database Disclosure
CodeAvalanche Directory - 'CADirectory.mdb'Database Disclosure
CodeAvalanche FreeForAll - 'CAFFAPage.mdb'Database Disclosure
CodeAvalanche Directory - 'CADirectory.mdb' Database Disclosure
CodeAvalanche FreeForAll - 'CAFFAPage.mdb' Database Disclosure
CodeAvalanche Articles - 'CAArticles.mdb'Database Disclosure
CodeAvalanche RateMySite - 'CARateMySite.mdb'Database Disclosure
CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure
CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure
CFAGCMS 1 - 'right.php title'SQL Injection
CFAGCMS 1 - 'right.php title' SQL Injection
click&rank - SQL / Cross-Site Scripting
click&rank - SQL Injection / Cross-Site Scripting
Liberum Help Desk 0.97.3 - SQL / DD
Liberum Help Desk 0.97.3 - SQL Injection / File Disclosure
QuickerSite Easy CMS - 'QuickerSite.mdb'Database Disclosure
QuickerSite Easy CMS - 'QuickerSite.mdb' Database Disclosure
MyPHPsite - 'index.php mod'Local File Inclusion
MyPHPsite - 'index.php mod' Local File Inclusion
MyPBS - 'index.php seasonID'SQL Injection
MyPBS - 'index.php seasonID' SQL Injection
Extract Website - 'download.php filename'File Disclosure
Extract Website - 'download.php filename' File Disclosure
CoolPlayer 2.19 - '.Skin'Local Buffer Overflow
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
Sepcity Shopping Mall - 'shpdetails.asp ID'SQL Injection
Sepcity Lawyer Portal - 'deptdisplay.asp ID'SQL Injection
Sepcity Shopping Mall - 'shpdetails.asp ID' SQL Injection
Sepcity Lawyer Portal - 'deptdisplay.asp ID' SQL Injection
Sepcity Classified - 'classdis.asp ID'SQL Injection
Sepcity Classified - 'classdis.asp ID' SQL Injection
Ayemsis Emlak Pro - 'acc.mdb'Database Disclosure
Ayemsis Emlak Pro - 'acc.mdb' Database Disclosure
VUPlayer 2.49 - '.wax'Local Buffer Overflow
VUPlayer 2.49 - '.wax' Local Buffer Overflow
BlogHelper - 'common_db.inc'Remote Config File Disclosure
PollHelper - 'poll.inc'Remote Config File Disclosure
BlogHelper - 'common_db.inc' Remote Config File Disclosure
PollHelper - 'poll.inc' Remote Config File Disclosure
Audacity 1.6.2 - '.aup'Remote Off-by-One Crash Exploit
Audacity 1.6.2 - '.aup' Remote Off-by-One Crash Exploit
QuoteBook - 'poll.inc'Remote Config File Disclosure
QuoteBook - 'poll.inc' Remote Config File Disclosure
XOOPS Module tadbook2 - 'open_book.php book_sn'SQL Injection
XOOPS Module tadbook2 - 'open_book.php book_sn' SQL Injection
Social Engine - 'browse_classifieds.php s'SQL Injection
Social Engine - 'browse_classifieds.php s' SQL Injection
Realtor 747 - 'define.php INC_DIR'Remote File Inclusion
Realtor 747 - 'define.php INC_DIR' Remote File Inclusion
OTSTurntables 1.00.027 - '.ofl'Local Stack Overflow
OTSTurntables 1.00.027 - '.ofl' Local Stack Overflow
SCMS 1 - 'index.php p'Local File Inclusion
SCMS 1 - 'index.php p' Local File Inclusion
Graugon Gallery 1.0 - Cross-Site Scripting / SQL / Cookie Bypass
Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass
Baran CMS 1.0 - Arbitrary ASP File Upload / DB / SQL / Cross-Site Scripting / CM
Baran CMS 1.0 - Arbitrary ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / CM
pHNews Alpha 1 - 'header.php mod'SQL Injection
pHNews Alpha 1 - 'header.php mod' SQL Injection
i-dreams GB Server - 'admin.dat'File Disclosure
i-dreams GB Server - 'admin.dat' File Disclosure
VUplayer 2.49 - '.cue'Local Buffer Overflow
VUplayer 2.49 - '.cue' Local Buffer Overflow
VUPlayer 2.49 - '.cue'Universal Buffer Overflow
VUPlayer 2.49 - '.cue' Universal Buffer Overflow
Chasys Media Player 1.1 - '.cue'Stack Overflow
Chasys Media Player 1.1 - '.cue' Stack Overflow
Chasys Media Player - '.lst Playlist'Local Buffer Overflow
Chasys Media Player - '.lst Playlist' Local Buffer Overflow
BS.Player 2.34 - '.bsl'Universal SEH Overwrite
BS.Player 2.34 - '.bsl' Universal SEH Overwrite
POP Peeper 3.4.0.0 - '.eml'Universal SEH Overwrite
POP Peeper 3.4.0.0 - '.eml' Universal SEH Overwrite
Abee Chm Maker 1.9.5 - '.CMP'Stack Overflow
Abee Chm Maker 1.9.5 - '.CMP' Stack Overflow
ActiveKB Knowledgebase - 'loadpanel.php Panel'Local File Inclusion
ActiveKB Knowledgebase - 'loadpanel.php Panel' Local File Inclusion
ftpdmin 0.96 - RNFR Remote Buffer Overflow (xp sp3/case study)
FTPDMIN 0.96 - RNFR Remote Buffer Overflow (xp sp3/case study)
ftpdmin 0.96 - Arbitrary File Disclosure Exploit
FTPDMIN 0.96 - Arbitrary File Disclosure Exploit
Jamroom - 'index.php t'Local File Inclusion
Jamroom - 'index.php t' Local File Inclusion
W2B phpEmployment - 'conf.inc'File Disclosure
W2B phpEmployment - 'conf.inc' File Disclosure
phpAdBoard - 'conf.inc'Remote Config File Disclosure
phpGreetCards - 'conf.inc'Config File Disclosure
phpAdBoard - 'conf.inc' Remote Config File Disclosure
phpGreetCards - 'conf.inc' Config File Disclosure
phpAdBoardPro - 'config.inc'Config File Disclosure
phpDatingClub - 'conf.inc'File Disclosure
Job2C - 'conf.inc'Config File Disclosure
phpAdBoardPro - 'config.inc' Config File Disclosure
phpDatingClub - 'conf.inc' File Disclosure
Job2C - 'conf.inc' Config File Disclosure
Star Downloader Free 1.45 - '.dat'Universal SEH Overwrite
Star Downloader Free 1.45 - '.dat' Universal SEH Overwrite
Destiny Media Player 1.61 - '.rdl'Local Buffer Overflow
Destiny Media Player 1.61 - '.rdl' Local Buffer Overflow
Thickbox Gallery 2 - 'index.php ln'Local File Inclusion
Thickbox Gallery 2 - 'index.php ln' Local File Inclusion
Symantec Fax Viewer Control 10 - 'DCCFAXVW.DLL'Remote Buffer Overflow Exploit
Symantec Fax Viewer Control 10 - 'DCCFAXVW.dll' Remote Buffer Overflow Exploit
Mercury Audio Player 1.21 - '.b4s'Local Stack Overflow
Mercury Audio Player 1.21 - '.b4s' Local Stack Overflow
RM Downloader - '.smi'Local Stack Overflow
RM Downloader - '.smi' Local Stack Overflow
RM Downloader - '.smi'Universal Local Buffer Overflow
RM Downloader - '.smi' Universal Local Buffer Overflow
RM Downloader 3.0.0.9 - '.RAM'Local Buffer Overflow
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM'Buffer Overflow
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.asx HREF'Local Buffer Overflow Exploit
Mini-stream Ripper 3.0.1.1 - '.RAM'Local Buffer Overflow
RM Downloader 3.0.0.9 - '.RAM' Local Buffer Overflow
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM' Buffer Overflow
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.asx HREF' Local Buffer Overflow Exploit
Mini-stream Ripper 3.0.1.1 - '.RAM' Local Buffer Overflow
Mini-stream RM-MP3 Converter 3.0.0.7 - '.RAM'Local Buffer Overflow Exploit
Mini-stream RM-MP3 Converter 3.0.0.7 - '.RAM' Local Buffer Overflow Exploit
MPLAB IDE 8.30 - '.mcp'Universal Seh Overwrite
MPLAB IDE 8.30 - '.mcp' Universal Seh Overwrite
Pinnacle Studio 12 - '.hfz'Directory Traversal
Pinnacle Studio 12 - '.hfz' Directory Traversal
COWON America jetCast 2.0.4.1109 - '.mp3'Local Overflow
COWON America jetCast 2.0.4.1109 - '.mp3' Local Overflow
R2 Newsletter Lite/Pro/Stats - 'admin.mdb'Database Disclosure
R2 Newsletter Lite/Pro/Stats - 'admin.mdb' Database Disclosure
phpDatingClub 3.7 - SQL / Cross-Site Scripting Injection
phpDatingClub 3.7 - SQL Injection / Cross-Site Scripting Injection
ClearContent - 'image.php url'Remote File Inclusion / Local File Inclusion
ClearContent - 'image.php url' Remote File Inclusion / Local File Inclusion
DJ Calendar - 'DJcalendar.cgi TEMPLATE'File Disclosure
DJ Calendar - 'DJcalendar.cgi TEMPLATE' File Disclosure
Icarus 2.0 - '.ICP'Local Stack Overflow Exploit
Icarus 2.0 - '.ICP' Local Stack Overflow Exploit
MixSense 1.0.0.1 DJ Studio - '.mp3'Crash Exploit
MixSense 1.0.0.1 DJ Studio - '.mp3' Crash Exploit
htmldoc 1.8.27.1 - '.html'Universal Stack Overflow
htmldoc 1.8.27.1 - '.html' Universal Stack Overflow
Acoustica MP3 Audio Mixer 2.471 - '.sgp'Crash Exploit
Acoustica MP3 Audio Mixer 2.471 - '.sgp' Crash Exploit
PHP Paid 4 Mail Script - 'paidbanner.php ID'SQL Injection
PHP Paid 4 Mail Script - 'paidbanner.php ID' SQL Injection
Microsoft Windows XP - 'win32k.sys'Privilege Escalation
Microsoft Windows XP - 'win32k.sys' Privilege Escalation
Portel 2008 - 'decide.php patron'Blind SQL Injection
Portel 2008 - 'decide.php patron' Blind SQL Injection
Microsoft Windows 2003 - '.EOT'BSOD Crash Exploit
Microsoft Windows 2003 - '.EOT' BSOD Crash Exploit
THOMSON ST585 - 'user.ini'Arbitrary Download
THOMSON ST585 - 'user.ini' Arbitrary Download
PHP Email Manager - 'remove.php ID'SQL Injection
PHP Email Manager - 'remove.php ID' SQL Injection
WAR-FTPD 1.65 - (MKD/CD Requests) Denial of Service
War-FTPD 1.65 - (MKD/CD Requests) Denial of Service
EMO Breader Manager - 'video.php movie'SQL Injection
EMO Breader Manager - 'video.php movie' SQL Injection
Invisible Browsing 5.0.52 - '.ibkey'Local Buffer Overflow
Invisible Browsing 5.0.52 - '.ibkey' Local Buffer Overflow
HotWeb Rentals - 'details.asp PropId'Blind SQL Injection
HotWeb Rentals - 'details.asp PropId' Blind SQL Injection
Blender 2.34 / 2.35a / 2.4 / 2.49b - '.blend'Command Injection
Blender 2.34 / 2.35a / 2.4 / 2.49b - '.blend' Command Injection
Blender 2.49b - '.blend'Remote Command Execution
Blender 2.49b - '.blend' Remote Command Execution
Aiocp 1.4.001 - File Inclusion
AIOCP 1.4.001 - File Inclusion
BibTeX - '.bib'File Handling Memory Corruption
BibTeX - '.bib' File Handling Memory Corruption
PHP 5.0.0 - domxml_open_file() Local Denial of Service
PHP 5.0.0 - 'domxml_open_file()' Local Denial of Service
PHP 5.0.0 - simplexml_load_file() Local Denial of Service
PHP 5.0.0 - 'simplexml_load_file()' Local Denial of Service
MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack-Based Buffer Overflows
MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows
Audacity 1.2.6 - '.gro'Buffer Overflow
Audacity 1.2.6 - '.gro' Buffer Overflow
gAlan - '.galan'Universal Buffer Overflow
gAlan - '.galan' Universal Buffer Overflow
ASPGuest - 'edit.asp ID'Blind SQL Injection
Smart ASPad - 'campaignEdit.asp CCam'Blind SQL Injection
ASPGuest - 'edit.asp ID' Blind SQL Injection
Smart ASPad - 'campaignEdit.asp CCam' Blind SQL Injection
dblog - 'dblog.mdb'Remote Database Disclosure
dblog - 'dblog.mdb' Remote Database Disclosure
PHP 5.0.0 - xmldocfile() Local Denial of Service
PHP 5.0.0 - 'xmldocfile()' Local Denial of Service
Apollo Player 37.0.0.0 - '.aap'Buffer Overflow Denial of Service
Apollo Player 37.0.0.0 - '.aap' Buffer Overflow Denial of Service
OpenOffice - '.slk'Parsing Null Pointer
OpenOffice - '.slk' Parsing Null Pointer
crownweb - 'page.cfm'SQL Injection
crownweb - 'page.cfm' SQL Injection
OtsTurntables Free 1.00.047 - '.olf'Universal Buffer Overflow
OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow
Windows Media Player 11.0.5721.5145 - '.mpg'Buffer Overflow
Windows Media Player 11.0.5721.5145 - '.mpg' Buffer Overflow
Orbital Viewer 1.04 - '.orb'Local Universal SEH Overflow
Orbital Viewer 1.04 - '.orb' Local Universal SEH Overflow
iPhone / iTouch FTPDisc 1.0 3 - ExploitsInOne Buffer Overflow Denial of Service
iPhone / iTouch FtpDisc 1.0 3 - ExploitsInOne Buffer Overflow Denial of Service
JAD java decompiler 1.5.8g - '.class'Stack Overflow Denial of Service
JAD java decompiler 1.5.8g - '.class' Stack Overflow Denial of Service
Media Player 6.4.9.1 with K-Lite Codec Pack - Denial of Service/Crash '.avi'
Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' Denial of Service/Crash
no$gba 2.5c - '.nds'Local crash
no$gba 2.5c - '.nds' Local crash
Xilisoft Blackberry Ring Tone Maker - '.wma'Local Crash
Xilisoft Blackberry Ring Tone Maker - '.wma' Local Crash
Dualis 20.4 - '.bin'Local Daniel Of Service
Dualis 20.4 - '.bin' Local Daniel Of Service
DSEmu 0.4.10 - '.nds'Local Crash Exploit
DSEmu 0.4.10 - '.nds' Local Crash Exploit
MP3 Wav Editor 3.80 - '.mp3'Local Denial of Service
MP3 Wav Editor 3.80 - '.mp3' Local Denial of Service
FontForge - .BDF Font File Stack-Based Buffer Overflow
FontForge - .BDF Font File Stack Based Buffer Overflow
Dolphin 2.0 - '.elf'Local Daniel Of Service
Dolphin 2.0 - '.elf' Local Daniel Of Service
e-webtech - 'new.asp?id='SQL Injection
e-webtech - 'new.asp?id=' SQL Injection
SmallFTPD FTP Server 1.0.3 - DELE Command Denial of Service
SmallFTPd FTP Server 1.0.3 - DELE Command Denial of Service
RahnemaCo - page.php PageID Remote File Inclusion
RahnemaCo - 'page.php' PageID Remote File Inclusion
goffgrafix - Design's SQL Injection
goffgrafix - Design's - SQL Injection
Spaceacre - SQL / Cross-Site Scripting / HTML Injection
Spaceacre - SQL Injection / Cross-Site Scripting / HTML Injection
ZipExplorer 7.0 - '.zar'Denial of Service
ZipExplorer 7.0 - '.zar' Denial of Service
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation
iOS - Version-independent shellcode
iOS - Version-independent Shellcode
Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 shellcode
Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 Shellcode
Win32 - SEH omelet shellcode
Win32 - SEH omelet Shellcode
Win32 - Connectback_ receive_ save and execute shellcode
Win32 - Connectback_ receive_ save and execute Shellcode
Windows XP - download and exec source shellcode
Windows XP - download and exec source Shellcode
Win32 XP SP3 - ShellExecuteA shellcode
Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) shellcode
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 shellcode
Win32 XP SP3 - ShellExecuteA Shellcode
Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) Shellcode
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 Shellcode
Win32 - JITed stage-0 shellcode
Win32 - JITed stage-0 Shellcode
Windows - JITed egg-hunter stage-0 shellcode
Windows - JITed egg-hunter stage-0 Shellcode
Linux/x86 - nc -lvve/bin/sh -p13377 shellcode
Linux/x86 - nc -lvve/bin/sh -p13377 Shellcode
Corel VideoStudio Pro X3 - '.mp4'Buffer Overflow
Corel VideoStudio Pro X3 - '.mp4' Buffer Overflow
Boat Classifieds - 'printdetail.asp?Id'SQL Injection
Boat Classifieds - 'printdetail.asp?Id' SQL Injection
PHPBB MOD 2.0.19 - Invitation Only (PassCode Bypass)
phpBB MOD 2.0.19 - Invitation Only (PassCode Bypass)
SnoGrafx - 'cat.php?cat'SQL Injection
SnoGrafx - 'cat.php?cat' SQL Injection
Mediacoder 0.7.5.4710 - 'Universal' SEH Buffer Overflow
Mediacoder 0.7.5.4710 - ' Universal' SEH Buffer Overflow
PlayPad Music Player 1.12 - '.mp3'Denial of Service
PlayPad Music Player 1.12 - '.mp3' Denial of Service
Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscal'l Emulation Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscall' Emulation Privilege Escalation
xt:Commerce Gambio 2008 - 2010 - ERROR Based SQL Injection 'reviews.php'
xt:Commerce Gambio 2008 < 2010 - 'reviews.php' ERROR Based SQL Injection
CuteNews - 'index.php?page'Local File Inclusion
CuteNews - 'index.php?page' Local File Inclusion
Hanso Converter 1.4.0 - '.ogg'Denial of Service
Hanso Converter 1.4.0 - '.ogg' Denial of Service
ARM - Bindshell port 0x1337 shellcode
ARM - Bind Connect UDP Port 68 shellcode
ARM - Loader Port 0x1337 shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode
ARM - Bindshell port 0x1337 Shellcode
ARM - Bind Connect UDP Port 68 Shellcode
ARM - Loader Port 0x1337 Shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode
SmallFTPD 1.0.3 - Remote Directory Traversal
SmallFTPd 1.0.3 - Remote Directory Traversal
HtaEdit 3.2.3.0 - '.hta'Buffer Overflow
HtaEdit 3.2.3.0 - '.hta' Buffer Overflow
ProFTPD IAC 1.3.x - Remote Root Exploit
ProFTPd IAC 1.3.x - Remote Root Exploit
VbsEdit 4.7.2.0 - '.vbs'Buffer Overflow
Power Audio Editor 7.4.3.230 - '.cda'Denial of Service
VbsEdit 4.7.2.0 - '.vbs' Buffer Overflow
Power Audio Editor 7.4.3.230 - '.cda' Denial of Service
Sitefinity CMS - 'ASP.NET'Arbitrary File Upload
Sitefinity CMS - 'ASP.NET' Arbitrary File Upload
Native Instruments Traktor Pro 1.2.6 - Stack-based Buffer Overflow
Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow
ProFTPD 1.3.3c - Compromised Source Remote Root Trojan
ProFTPd 1.3.3c - Compromised Source Remote Root Trojan
Dejcom Market CMS - 'showbrand.aspx'SQL Injection
Dejcom Market CMS - 'showbrand.aspx' SQL Injection
Aesop GIF Creator 2.1 - '.aep'Buffer Overflow
Aesop GIF Creator 2.1 - '.aep' Buffer Overflow
Apple iPhone Safari - 'JS .'Remote Crash
Apple iPhone Safari - 'JS .' Remote Crash
Microsoft Windows Fax Services Cover Page Editor - '.cov'Memory Corruption
Microsoft Windows Fax Services Cover Page Editor - '.cov' Memory Corruption
Win32 - speaking shellcode
Win32 - speaking Shellcode
ProFTPD mod_sftp - Integer Overflow Denial of Service (PoC)
ProFTPd mod_sftp - Integer Overflow Denial of Service (PoC)
BWMeter 5.4.0 - '.csv'Denial of Service
BWMeter 5.4.0 - '.csv' Denial of Service
Magic Music Editor - '.cda'Denial of Service
Magic Music Editor - '.cda' Denial of Service
wu-ftpd - SITE EXEC/INDEX Format String
WU-FTPD - SITE EXEC/INDEX Format String
Samba - trans2open Overflow (Solaris SPARC)
Samba (Solaris SPARC) - trans2open Overflow
FreeFTPd 1.0.10 - Key Exchange Algorithm String Buffer Overflow
freeFTPd 1.0.10 - Key Exchange Algorithm String Buffer Overflow
Microsoft IIS 4.0 - '.htr'Path Overflow
Microsoft IIS 4.0 - '.htr' Path Overflow
VariCAD 2010-2.05 EN - '.DWB'Stack Buffer Overflow
VariCAD 2010-2.05 EN - '.DWB' Stack Buffer Overflow
AOL 9.5 - Phobos.Playlist Import() Stack-based Buffer Overflow
AOL 9.5 - Phobos.Playlist Import() Stack Based Buffer Overflow
ProFTPD 1.3.2rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow
ProFTPD 1.2 < 1.3.0 (Linux) - sreplace Buffer Overflow
ProFTPd 1.3.2rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow
ProFTPd 1.2 < 1.3.0 (Linux) - sreplace Buffer Overflow
ProFTPD 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow
ProFTPd 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow
PHPBB - viewtopic.php Arbitrary Code Execution
phpBB - viewtopic.php Arbitrary Code Execution
ProFTPD-1.3.3c - Backdoor Command Execution
ProFTPd-1.3.3c - Backdoor Command Execution
ABBS Electronic Flash Cards 2.1 - '.fcd'Buffer Overflow
ABBS Electronic Flash Cards 2.1 - '.fcd' Buffer Overflow
VeryTools Video Spirit Pro 1.70 - '.visprj'Buffer Overflow
VeryTools Video Spirit Pro 1.70 - '.visprj' Buffer Overflow
Wordtrainer 3.0 - '.ord'Buffer Overflow
Wordtrainer 3.0 - '.ord' Buffer Overflow
PlaylistMaker 1.5 - '.txt'Buffer Overflow
PlaylistMaker 1.5 - '.txt' Buffer Overflow
libmodplug 0.8.8.2 - (.abc) Stack-Based Buffer Overflow (PoC)
libmodplug 0.8.8.2 - (.abc) Stack Based Buffer Overflow (PoC)
MJM QuickPlayer 1.00 Beta 60a / QuickPlayer 2010 - '.s3m'Stack Buffer Overflow
MJM Core Player 2011 - '.s3m'Stack Buffer Overflow
MJM QuickPlayer 1.00 Beta 60a / QuickPlayer 2010 - '.s3m' Stack Buffer Overflow
MJM Core Player 2011 - '.s3m' Stack Buffer Overflow
Magix Musik Maker 16 - '.mmm'Stack Buffer Overflow
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow
Smallftpd 1.0.3 FTP Server - Denial of Service
SmallFTPd 1.0.3 FTP Server - Denial of Service
FreeAmp 2.0.7 - '.fat'Buffer Overflow
FreeAmp 2.0.7 - '.fat' Buffer Overflow
VSFTPD 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 - Backdoor Command Execution
OS-X - Universal ROP shellcode
OS-X - Universal ROP Shellcode
Citrix XenApp / XenDesktop - Stack-Based Buffer Overflow
Citrix XenApp / XenDesktop - Stack Based Buffer Overflow
World Of Warcraft - 'chat-cache.txt'Local Stack Overflow Denial of Service
World Of Warcraft - 'chat-cache.txt' Local Stack Overflow Denial of Service
Wav Player 1.1.3.6 - '.pll'Buffer Overflow
Wav Player 1.1.3.6 - '.pll' Buffer Overflow
Norman Security Suite 8 - 'nprosec.sys'Privilege Escalation
Norman Security Suite 8 - 'nprosec.sys' Privilege Escalation
Ashampoo Burning Studio Elements 10.0.9 - '.ashprj'Heap Overflow
Ashampoo Burning Studio Elements 10.0.9 - '.ashprj' Heap Overflow
Cytel Studio 9.0 - '.CY3'Stack Buffer Overflow
Cytel Studio 9.0 - '.CY3' Stack Buffer Overflow
Xion Audio Player 1.0.127 - '.aiff'Denial of Service
Xion Audio Player 1.0.127 - '.aiff' Denial of Service
SnackAmp 3.1.3 - '.aiff'Denial of Service
SnackAmp 3.1.3 - '.aiff' Denial of Service
PHP Ticket System Beta 1 - 'index.php p parameter'SQL Injection
PHP Ticket System Beta 1 - 'index.php p parameter' SQL Injection
Nokia PC Suite Video Manager 7.1.180.64 - '.mp4'Denial of Service
Nokia PC Suite Video Manager 7.1.180.64 - '.mp4' Denial of Service
Multimedia Builder 4.9.8 - '.mef'Denial of Service
Multimedia Builder 4.9.8 - '.mef' Denial of Service
Tftpd32 DNS Server 4.00 - Denial of Service
LibreOffice 3.5.3 - '.rtf'FileOpen Crash
TFTPD32 DNS Server 4.00 - Denial of Service
LibreOffice 3.5.3 - '.rtf' FileOpen Crash
Microsoft Wordpad 5.1 - '.doc'Null Pointer Dereference
Microsoft Wordpad 5.1 - '.doc' Null Pointer Dereference
Lattice Semiconductor PAC-Designer 6.21 - '.PAC'Exploit
Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Exploit
wu-ftpd 2.4.2 & SCO Open Server 5.0.5 & ProFTPD 1.2 pre1 - realpath Exploit (1)
wu-ftpd 2.4.2 & SCO Open Server 5.0.5 & ProFTPD 1.2 pre1 - realpath Exploit (2)
WU-FTPD 2.4.2 & SCO Open Server 5.0.5 & ProFTPd 1.2 pre1 - realpath Exploit (1)
WU-FTPD 2.4.2 & SCO Open Server 5.0.5 & ProFTPd 1.2 pre1 - realpath Exploit (2)
ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)
ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)
ProFTPD 1.2 pre6 - snprintf
ProFTPd 1.2 pre6 - snprintf
Washington University wu-ftpd 2.5.0 - message Buffer Overflow
Washington University WU-FTPD 2.5.0 - message Buffer Overflow
GlFtpd 1.17.2 - Exploit
glFTPd 1.17.2 - Exploit
Oracle Outside-In - .LWP File Parsing Stack-Based Buffer Overflow
Oracle Outside-In - .LWP File Parsing Stack Based Buffer Overflow
wu-ftpd 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (1)
wu-ftpd 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (2)
wu-ftpd 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3)
WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (1)
WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (2)
WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3)
Microsoft Indexing Services for Windows 2000/NT 4.0 - '.htw'Cross-Site Scripting
Microsoft Indexing Services for Windows 2000/NT 4.0 - '.htw' Cross-Site Scripting
Microsoft Windows Media Player 7.0 - '.wms'Arbitrary Script
Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script
Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE'
Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Exploit
ProFTPD 1.2 - SIZE Remote Denial of Service
ProFTPd 1.2 - SIZE Remote Denial of Service
Microsoft Windows Media Player 7.0 - '.wmz'Arbitrary Java Applet
Microsoft Windows Media Player 7.0 - '.wmz' Arbitrary Java Applet
wu-ftpd 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion
WU-FTPD 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion
Wu-Ftpd 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String
WU-FTPD 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String
Joe Text Editor 2.8 - '.joerc'Arbitrary Command Execution
Joe Text Editor 2.8 - '.joerc' Arbitrary Command Execution
whitsoft slimserve ftpd 1.0/2.0 - Directory Traversal
WhitSoft slimserve ftpd 1.0/2.0 - Directory Traversal
wu-ftpd 2.4/2.5/2.6 / Trolltech ftpd 1.2 / ProFTPD 1.2 / BeroFTPD 1.3.4 FTP - glob Expansion
WU-FTPD 2.4/2.5/2.6 / Trolltech ftpd 1.2 / ProFTPd 1.2 / BeroFTPD 1.3.4 FTP - glob Expansion
freebsd 4.2-stable ftpd - glob() Buffer Overflow Vulnerabilities
FreeBSD 4.2-stable ftpd - glob() Buffer Overflow Vulnerabilities
raidenftpd 2.1 - Directory Traversal
RaidenFTPd 2.1 - Directory Traversal
AV Arcade Free Edition - 'add_rating.php id parameter'Blind SQL Injection
AV Arcade Free Edition - 'add_rating.php id parameter' Blind SQL Injection
Solaris 2.6/7/8 - SPARC xlock Heap Overflow
Solaris 2.6/7/8 -(SPARC) xlock Heap Overflow
glFTPD 1.x - LIST Denial of Service
glFTPd 1.x - 'LIST' Denial of Service
Wu-Ftpd 2.6 - File Globbing Heap Corruption
WU-FTPD 2.6 - File Globbing Heap Corruption
Joomla RokModule Component - 'index.php module parameter'Blind SQL Injection
Joomla RokModule Component - 'index.php module parameter' Blind SQL Injection
PHPWebsite 0.8.2 - PHP File Include
phpWebSite 0.8.2 - PHP File Include
PHPWebSite 0.8.3 - News Message HTML Injection
phpWebSite 0.8.3 - News Message HTML Injection
PHPWebSite 0.8.3 - article.php Cross-Site Scripting
phpWebSite 0.8.3 - article.php Cross-Site Scripting
PHPBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion
phpBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion
PHPBB 2.0.3 - search.php Cross-Site Scripting
phpBB 2.0.3 - search.php Cross-Site Scripting
ProFTPD 1.2.x - STAT Command Denial of Service
ProFTPd 1.2.x - STAT Command Denial of Service
Joomla Tags - 'index.php tag parameter'SQL Injection
Joomla Tags - 'index.php tag parameter' SQL Injection
Joomla Commedia Plugin - 'index.php task parameter'SQL Injection
Joomla Kunena Component - 'index.php search parameter'SQL Injection
Joomla Commedia Plugin - 'index.php task parameter' SQL Injection
Joomla Kunena Component - 'index.php search parameter' SQL Injection
PHPBB 2.0.3 - privmsg.php SQL Injection
phpBB 2.0.3 - privmsg.php SQL Injection
Joomla Spider Catalog - 'index.php product_id parameter'SQL Injection
Joomla Spider Catalog - 'index.php product_id parameter' SQL Injection
Battleaxe Software BTTLXE Forum - login.asp SQL Injection
Battleaxe Software BTTLXE Forum - 'login.asp' SQL Injection
SudBox Boutique 1.2 - login.php Authentication Bypass
SudBox Boutique 1.2 - 'login.php' Authentication Bypass
friendsinwar FAQ Manager - 'view_faq.php question parameter'SQL Injection
friendsinwar FAQ Manager - 'view_faq.php question parameter' SQL Injection
GuildFTPD 0.999.8 - CWD Command Denial of Service
GuildFTPd 0.999.8 - CWD Command Denial of Service
ProductCart 1.5/1.6/2.0 - login.asp SQL Injection
ProductCart 1.5/1.6/2.0 - 'login.asp' SQL Injection
SmartCMS - 'index.php idx parameter'SQL Injection
SmartCMS - 'index.php idx parameter' SQL Injection
mcrypt 2.6.8 - stack-based Buffer Overflow (PoC)
mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC)
wu-ftpd 2.6.2 - realpath() Off-by-One Buffer Overflow
WU-FTPD 2.6.2 - realpath() Off-by-One Buffer Overflow
wu-ftpd 2.6.2 / 2.6.0 / 2.6.1 - realpath() Off-by-One Buffer Overflow
freeBSD 4.8 - realpath() Off-by-One Buffer Overflow
WU-FTPD 2.6.2 / 2.6.0 / 2.6.1 - realpath() Off-by-One Buffer Overflow
FreeBSD 4.8 - realpath() Off-by-One Buffer Overflow
SmartCMS - 'index.php menuitem parameter'SQL Injection / Cross-Site Scripting
SmartCMS - 'index.php menuitem parameter' SQL Injection / Cross-Site Scripting
FreeFTPD - Remote Authentication Bypass Exploit
freeFTPd - Remote Authentication Bypass Exploit
PHPBB 2.0.6 - URL BBCode HTML Injection
phpBB 2.0.6 - URL BBCode HTML Injection
wzdftpd 0.1 rc5 - Login Remote Denial of Service
ProFTPD 1.2.7/1.2.8 - ASCII File Transfer Buffer Overrun
WzdFTPD 0.1 rc5 - Login Remote Denial of Service
ProFTPd 1.2.7/1.2.8 - ASCII File Transfer Buffer Overrun
PHPBB 2.0.x - profile.php SQL Injection
phpBB 2.0.x - profile.php SQL Injection
PHPBB 2.0.6 - privmsg.php Cross-Site Scripting
phpBB 2.0.6 - privmsg.php Cross-Site Scripting
Sony PC Companion 2.1 - (DownloadURLToFile()) Stack-based Unicode Buffer Overflow
Sony PC Companion 2.1 - (DownloadURLToFile()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Load()) Stack-based Unicode Buffer Overflow
Sony PC Companion 2.1 - (CheckCompatibility()) Stack-based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack-based Unicode Buffer Overflow
SelectSurvey CMS - 'ASP.NET'Arbitrary File Upload
Sony PC Companion 2.1 - (Load()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (CheckCompatibility()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack Based Unicode Buffer Overflow
SelectSurvey CMS - 'ASP.NET' Arbitrary File Upload
MyBB AwayList Plugin - 'index.php id parameter'SQL Injection
MyBB AwayList Plugin - 'index.php id parameter' SQL Injection
SmallFTPD 1.0.3 - Remote Denial of Service
SmallFTPd 1.0.3 - Remote Denial of Service
MyBB - 'editpost.php posthash'SQL Injection
Joomla Spider Calendar - 'index.php date parameter'Blind SQL Injection
MyBB - 'editpost.php posthash' SQL Injection
Joomla Spider Calendar - 'index.php date parameter' Blind SQL Injection
Phorum 3.x - login.php HTTP_REFERER Cross-Site Scripting
Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting
PHPBB 1.x/2.0.x - search.php Search_Results Parameter SQL Injection
phpBB 1.x/2.0.x - search.php Search_Results Parameter SQL Injection
Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'Exploit
Inmatrix Ltd. Zoom Player 8.5 - '.jpeg' Exploit
PHPBB 2.0.x - album_portal.php Remote File Inclusion
phpBB 2.0.x - album_portal.php Remote File Inclusion
PHPBB 2.0.x - viewtopic.php PHP Script Injection
phpBB 2.0.x - viewtopic.php PHP Script Injection
JShop E-Commerce Suite 3.0 - page.php Cross-Site Scripting
JShop E-Commerce Suite 3.0 - 'page.php' Cross-Site Scripting
NullSoft Winamp 2-5 - '.wsz'Remote Code Execution
NullSoft Winamp 2-5 - '.wsz' Remote Code Execution
phpWebsite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting
phpWebSite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting
Scripts Genie Gallery Personals - 'gallery.php L parameter'SQL Injection
Scripts Genie Gallery Personals - 'gallery.php L parameter' SQL Injection
Scripts Genie Domain Trader - 'catalog.php id parameter'SQL Injection
Scripts Genie Domain Trader - 'catalog.php id parameter' SQL Injection
Scripts Genie Games Site Script - 'index.php id parameter'SQL Injection
Scripts Genie Games Site Script - 'index.php id parameter' SQL Injection
Photodex ProShow Producer 5.0.3297 - '.pxs'Memory Corruption Exploit
Photodex ProShow Producer 5.0.3297 - '.pxs' Memory Corruption Exploit
Scripts Genie Top Sites - 'out.php id parameter'SQL Injection
Scripts Genie Top Sites - 'out.php id parameter' SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php cid parameter'SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php cid parameter' SQL Injection
W-Agora 4.1.6 - a login.php loginuser Parameter Cross-Site Scripting
W-Agora 4.1.6 - a 'login.php' loginuser Parameter Cross-Site Scripting
PHPWebSite 0.7.3/0.8.x/0.9.3 - User Module HTTP Response Splitting
phpWebSite 0.7.3/0.8.x/0.9.3 - User Module HTTP Response Splitting
Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack-Based Buffer Overflow
Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow
PHPBB 2.0.x - admin_cash.php Remote PHP File Include
phpBB 2.0.x - admin_cash.php Remote PHP File Include
UBBCentral UBB.threads 6.2.3/6.5 - login.php Cat Parameter Cross-Site Scripting
UBBCentral UBB.threads 6.2.3/6.5 - 'login.php' Cat Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - login.php URL Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - login.php Username Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - login.php Newlanguage Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php' URL Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php' Username Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting
Rebus:list - 'list.php list_id parameter'SQL Injection
Rebus:list - 'list.php list_id parameter' SQL Injection
SynConnect Pms - 'index.php loginid parameter'SQL Injection
SynConnect Pms - 'index.php loginid parameter' SQL Injection
Groovy Media Player 3.2.0 - '.mp3'Buffer Overflow
Groovy Media Player 3.2.0 - '.mp3' Buffer Overflow
glFTPD 1.x/2.0 ZIP Plugins - Multiple Directory Traversal Vulnerabilities
glFTPd 1.x/2.0 'ZIP' Plugins - Multiple Directory Traversal Vulnerabilities
PHPWebSite 0.x - Image File Processing Arbitrary PHP File Upload
phpWebSite 0.x - Image File Processing Arbitrary PHP File Upload
PHPBB 2.0.x - Authentication Bypass (1)
PHPBB 2.0.x - Authentication Bypass (2)
PHPBB 2.0.x - Authentication Bypass (3)
phpBB 2.0.x - Authentication Bypass (1)
phpBB 2.0.x - Authentication Bypass (2)
phpBB 2.0.x - Authentication Bypass (3)
PHPCOIN 1.2 - login.php Multiple Parameter Cross-Site Scripting
PHPCOIN 1.2 - 'login.php' Multiple Parameter Cross-Site Scripting
Multiple Vendor Telnet Client - Env_opt_add Heap-Based Buffer Overflow
Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow
PHPBB 2.0.13 DLMan Pro Module - SQL Injection
PHPBB 2.0.13 Linkz Pro Module - SQL Injection
phpBB 2.0.13 DLMan Pro Module - SQL Injection
phpBB 2.0.13 Linkz Pro Module - SQL Injection
PHPBB Photo Album 2.0.53 Module - Album_Cat.php Cross-Site Scripting
PHPBB Photo Album Module 2.0.53 - Album_Comment.php Cross-Site Scripting
phpBB Photo Album 2.0.53 Module - Album_Cat.php Cross-Site Scripting
phpBB Photo Album Module 2.0.53 - Album_Comment.php Cross-Site Scripting
Joomla S5 Clan Roster com_s5clanroster - 'index.php id parameter'SQL Injection
Joomla S5 Clan Roster com_s5clanroster - 'index.php id parameter' SQL Injection
PHPBB Remote - mod.php SQL Injection
Datenbank Module For PHPBB - Remote mod.php Cross-Site Scripting
phpBB Remote - mod.php SQL Injection
Datenbank Module For phpBB - Remote mod.php Cross-Site Scripting
PHPBB 1.x/2.0.x - Knowledge Base Module KB.php SQL Injection
phpBB 1.x/2.0.x - Knowledge Base Module KB.php SQL Injection
PHPBB-Auction Module 1.0/1.2 - Auction_Rating.php SQL Injection
PHPBB-Auction Module 1.0/1.2 - Auction_Offer.php SQL Injection
phpBB-Auction Module 1.0/1.2 - Auction_Rating.php SQL Injection
phpBB-Auction Module 1.0/1.2 - Auction_Offer.php SQL Injection
RaidenFTPD 2.4 - Unauthorized File Access
RaidenFTPd 2.4 - Unauthorized File Access
CartWIZ 1.10 - login.asp Redirect Argument Cross-Site Scripting
CartWIZ 1.10 - 'login.asp' Redirect Argument Cross-Site Scripting
CartWIZ 1.10 - login.asp Message Argument Cross-Site Scripting
CartWIZ 1.10 - 'login.asp' Message Argument Cross-Site Scripting
PHPBB 2.0.x - profile.php Cross-Site Scripting
PHPBB 2.0.x - viewtopic.php Cross-Site Scripting
phpBB 2.0.x - profile.php Cross-Site Scripting
phpBB 2.0.x - viewtopic.php Cross-Site Scripting
Notes Module for PHPBB - SQL Injection
Notes Module for phpBB - SQL Injection
PHPCOIN 1.2 - login.php PHPcoinsessid Parameter SQL Injection
PHPCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection
CodetoSell ViArt Shop Enterprise 2.1.6 - page.php page Parameter Cross-Site Scripting
CodetoSell ViArt Shop Enterprise 2.1.6 - 'page.php' page Parameter Cross-Site Scripting
PHPBB 2.0.x - URL Tag BBCode.php
phpBB 2.0.x - URL Tag BBCode.php
Active News Manager - login.asp SQL Injection
Active News Manager - 'login.asp' SQL Injection
FunkyASP AD Systems 1.1 - login.asp SQL Injection
FunkyASP AD Systems 1.1 - 'login.asp' SQL Injection
SAS Integration Technologies Client 9.31_M1 (SASspk.dll) - Stack-Based Overflow
SAS Integration Technologies Client 9.31_M1 (SASspk.dll) - Stack Based Overflow
OS4E - login.asp SQL Injection
OS4E - 'login.asp' SQL Injection
JiRo's Upload System 1.0 - login.asp SQL Injection
NEXTWEB - (i)Site login.asp SQL Injection
JiRo's Upload System 1.0 - 'login.asp' SQL Injection
NEXTWEB - (i)Site 'login.asp' SQL Injection
Livingcolor Livingmailing 1.3 - login.asp SQL Injection
Livingcolor Livingmailing 1.3 - 'login.asp' SQL Injection
WWWeb Concepts Events System 1.0 - login.asp SQL Injection
WWWeb Concepts Events System 1.0 - 'login.asp' SQL Injection
Cool Cafe Chat 1.2.1 - login.asp SQL Injection
Cool Cafe Chat 1.2.1 - 'login.asp' SQL Injection
LaGarde StoreFront 5.0 Shopping Cart - login.asp SQL Injection
LaGarde StoreFront 5.0 Shopping Cart - 'login.asp' SQL Injection
Ipswitch WhatsUp Professional 2005 SP1 - login.asp SQL Injection
Ipswitch WhatsUp Professional 2005 SP1 - 'login.asp' SQL Injection
Dynamic Biz Website Builder (QuickWeb) 1.0 - login.asp SQL Injection
Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' SQL Injection
PHPWebsite 0.7.3/0.8.x/0.9.x - 'index.php' Directory Traversal
phpWebSite 0.7.3/0.8.x/0.9.x - 'index.php' Directory Traversal
Cuppa CMS - 'alertConfigField.php urlConfig parameter'Remote / Local File Inclusion
Cuppa CMS - 'alertConfigField.php urlConfig parameter' Remote / Local File Inclusion
VBZoom 1.0/1.11 - login.php UserID Parameter Cross-Site Scripting
VBZoom 1.0/1.11 - 'login.php' UserID Parameter Cross-Site Scripting
PHP Lite Calendar Express 2.2 - login.php cid Parameter SQL Injection
PHP Lite Calendar Express 2.2 - 'login.php' cid Parameter SQL Injection
ATutor 1.5.1 - login.php course Parameter Cross-Site Scripting
ATutor 1.5.1 - 'login.php' course Parameter Cross-Site Scripting
Adrenalin Player 2.2.5.3 - '.wax'SEH Buffer Overflow
Adrenalin Player 2.2.5.3 - '.wax' SEH Buffer Overflow
PHPwcms 1.2.5 -DEV - login.php form_lang Parameter Traversal Arbitrary File Access
PHPwcms 1.2.5 -DEV - 'login.php' form_lang Parameter Traversal Arbitrary File Access
AVS Media Player 4.1.11.100 - '.ac3'Denial of Service
AVS Media Player 4.1.11.100 - '.ac3' Denial of Service
Adrenalin Player 2.2.5.3 - '.wvx'SEH Buffer Overflow
Adrenalin Player 2.2.5.3 - '.wvx' SEH Buffer Overflow
WinAmp 5.63 - Stack-based Buffer Overflow
WinAmp 5.63 - Stack Based Buffer Overflow
PHPX 3.5.x - Admin login.php SQL Injection
PHPX 3.5.x - Admin 'login.php' SQL Injection
DRZES Hms 3.2 - login.php Cross-Site Scripting
DRZES Hms 3.2 - 'login.php' Cross-Site Scripting
PortalApp 3.3/4.0 - login.asp Cross-Site Scripting
SiteEnable 3.3 - login.asp Cross-Site Scripting
IntranetApp 3.3 - login.asp ret_page Parameter Cross-Site Scripting
PortalApp 3.3/4.0 - 'login.asp' Cross-Site Scripting
SiteEnable 3.3 - 'login.asp' Cross-Site Scripting
IntranetApp 3.3 - 'login.asp' ret_page Parameter Cross-Site Scripting
ProjectApp 3.3 - login.asp ret_page Parameter Cross-Site Scripting
ProjectApp 3.3 - 'login.asp' ret_page Parameter Cross-Site Scripting
VbsEdit 5.9.3 - '.smi'Buffer Overflow
VbsEdit 5.9.3 - '.smi' Buffer Overflow
Artweaver 3.1.5 - '.awd'Buffer Overflow
Artweaver 3.1.5 - '.awd' Buffer Overflow
XnView 2.03 - '.pct'Buffer Overflow
XnView 2.03 - '.pct' Buffer Overflow
aoblogger 2.3 - login.php username Field SQL Injection
aoblogger 2.3 - 'login.php' username Field SQL Injection
WebspotBlogging 3.0 - login.php SQL Injection
WebspotBlogging 3.0 - 'login.php' SQL Injection
miniBloggie 1.0 - login.php SQL Injection
miniBloggie 1.0 - 'login.php' SQL Injection
ASPThai Forums 8.0 - login.asp SQL Injection
ASPThai Forums 8.0 - 'login.asp' SQL Injection
Windows RT ARM - Bind Shell (Port 4444) shellcode
Windows RT ARM - Bind Shell (Port 4444) Shellcode
Virtual Hosting Control System 2.2/2.4 - login.php check_login() Function Authentication Bypass
Virtual Hosting Control System 2.2/2.4 - 'login.php' check_login() Function Authentication Bypass
Siteframe Beaumont 5.0.1/5.0.2 - page.php HTML Injection
Siteframe Beaumont 5.0.1/5.0.2 - 'page.php' HTML Injection
Ginkgo CMS - 'index.php rang parameter'SQL Injection
Ginkgo CMS - 'index.php rang parameter' SQL Injection
Game-Panel 2.6 - login.php Cross-Site Scripting
Game-Panel 2.6 - 'login.php' Cross-Site Scripting
QwikiWiki 1.4/1.5 - login.php Multiple Parameter Cross-Site Scripting
QwikiWiki 1.4/1.5 - 'login.php' Multiple Parameter Cross-Site Scripting
PHPWebsite 0.8.2/0.8.3 - friend.php sid Parameter SQL Injection
PHPWebsite 0.8.2/0.8.3 - article.php sid Parameter SQL Injection
phpWebSite 0.8.2/0.8.3 - friend.php sid Parameter SQL Injection
phpWebSite 0.8.2/0.8.3 - article.php sid Parameter SQL Injection
PhxContacts 0.93 - login.php Cross-Site Scripting
PhxContacts 0.93 - 'login.php' Cross-Site Scripting
MLMAuction Script - 'gallery.php id parameter'SQL Injection
MLMAuction Script - 'gallery.php id parameter' SQL Injection
RedCMS 0.1 - login.php Multiple Parameter SQL Injection
RedCMS 0.1 - 'login.php' Multiple Parameter SQL Injection
ShopWeezle 2.0 - login.php itemID Parameter SQL Injection
ShopWeezle 2.0 - 'login.php' itemID Parameter SQL Injection
ContentBoxx - login.php Cross-Site Scripting
ContentBoxx - 'login.php' Cross-Site Scripting
PHPBB Chart Mod 1.1 - charts.php id Parameter SQL Injection
phpBB Chart Mod 1.1 - charts.php id Parameter SQL Injection
PHPBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion
phpBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion
JSBoard 2.0.10/2.0.11 - login.php Cross-Site Scripting
JSBoard 2.0.10/2.0.11 - 'login.php' Cross-Site Scripting
CyberBuild - login.asp SessionID Parameter SQL Injection
CyberBuild - 'login.asp' SessionID Parameter SQL Injection
CyberBuild - login.asp SessionID Parameter Cross-Site Scripting
CyberBuild - 'login.asp' SessionID Parameter Cross-Site Scripting
PHPBB Chart Mod 1.1 - charts.php id Parameter Cross-Site Scripting
phpBB Chart Mod 1.1 - charts.php id Parameter Cross-Site Scripting
PHPBB 2.0.20 - Unauthorized HTTP Proxy
phpBB 2.0.20 - Unauthorized HTTP Proxy
PHPBB 2.0.x - template.php Remote File Inclusion
phpBB 2.0.x - template.php Remote File Inclusion
PHPBB - BBRSS.php Remote File Inclusion
RahnemaCo - page.php Remote File Inclusion
phpBB - BBRSS.php Remote File Inclusion
RahnemaCo - 'page.php' Remote File Inclusion
BlueDragon Server 6.2.1 - '.cfm'Denial of Service
BlueDragon Server 6.2.1 - '.cfm' Denial of Service
MyMail 1.0 - login.php Cross-Site Scripting
MyMail 1.0 - 'login.php' Cross-Site Scripting
Woltlab Burning Board FLVideo Addon - 'video.php value parameter'SQL Injection
Woltlab Burning Board FLVideo Addon - 'video.php value parameter' SQL Injection
PHPBB 1.2.4 For Mambo - Multiple Remote File Inclusion
phpBB 1.2.4 For Mambo - Multiple Remote File Inclusion
PHPbb-auction 1.x - auction_room.php ar Parameter SQL Injection
PHPbb-auction 1.x - auction_store.php u Parameter SQL Injection
phpBB-auction 1.x - auction_room.php ar Parameter SQL Injection
phpBB-auction 1.x - auction_store.php u Parameter SQL Injection
Linux/x86 - Multi-Egghunter shellcode
Linux/x86 - Multi-Egghunter Shellcode
Jamroom 3.0.16 - login.php Cross-Site Scripting
Jamroom 3.0.16 - 'login.php' Cross-Site Scripting
DCP-Portal 6.0 - login.php username Parameter SQL Injection
DCP-Portal 6.0 - 'login.php' username Parameter SQL Injection
PhpBB XS 0.58 - Multiple Remote File Inclusion
phpBB XS 0.58 - Multiple Remote File Inclusion
AckerTodo 4.2 - login.php Multiple SQL Injection
AckerTodo 4.2 - 'login.php' Multiple SQL Injection
PHPWebSite 0.10.2 - PHPWS_SOURemote Code Execution_DIR Parameter Multiple Remote File Inclusion
phpWebSite 0.10.2 - PHPWS_SOURemote Code Execution_DIR Parameter Multiple Remote File Inclusion
PHPBB Add Name Module - Not_Mem.php Remote File Inclusion
IcoFX 2.5.0.0 - '.ico'Buffer Overflow
phpBB Add Name Module - Not_Mem.php Remote File Inclusion
IcoFX 2.5.0.0 - '.ico' Buffer Overflow
Evandor Easy notesManager 0.0.1 - login.php username Parameter SQL Injection
Evandor Easy notesManager 0.0.1 - 'login.php' username Parameter SQL Injection
AIOCP 1.3.x - cp_forum_view.php Multiple Parameter Cross-Site Scripting
AIOCP 1.3.x - cp_dpage.php choosed_language Parameter Cross-Site Scripting
AIOCP 1.3.x - cp_show_ec_products.php order_field Parameter Cross-Site Scripting
AIOCP 1.3.x - cp_users_online.php order_field Parameter Cross-Site Scripting
AIOCP 1.3.x - cp_links_search.php orderdir Parameter Cross-Site Scripting
AIOCP 1.3.x - /admin/code/index.php load_page Parameter Remote File Inclusion
AIOCP 1.3.x - cp_dpage.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_news.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_forum_view.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_edit_user.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_newsletter.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_links.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_contact_us.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_show_ec_products.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_login.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_users_online.php order_field Parameter SQL Injection
AIOCP 1.3.x - cp_codice_fiscale.php choosed_language Parameter SQL Injection
AIOCP 1.3.x - cp_links_search.php orderdir Parameter SQL Injection
AIOCP 1.3.x - cp_dpage.php Full Path Disclosure
AIOCP 1.3.x - cp_show_ec_products.php Full Path Disclosure
AIOCP 1.3.x - cp_show_page_help.php Full Path Disclosure
AIOCP 1.3.x - 'cp_forum_view.php' Multiple Parameter Cross-Site Scripting
Windows x86 - Persistent Reverse Shell TCP (494 Bytes)
AIOCP 1.3.x - 'cp_dpage.php' choosed_language Parameter Cross-Site Scripting
AIOCP 1.3.x - 'cp_show_ec_products.php' order_field Parameter Cross-Site Scripting
AIOCP 1.3.x - 'cp_users_online.php order_field Parameter Cross-Site Scripting
AIOCP 1.3.x - 'cp_links_search.php' orderdir Parameter Cross-Site Scripting
AIOCP 1.3.x - '/admin/code/index.php' load_page Parameter Remote File Inclusion
AIOCP 1.3.x - 'cp_dpage.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_news.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_forum_view.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_edit_user.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_newsletter.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_links.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_contact_us.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_show_ec_products.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_login.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_users_online.php' order_field Parameter SQL Injection
AIOCP 1.3.x - 'cp_codice_fiscale.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_links_search.php' orderdir Parameter SQL Injection
AIOCP 1.3.x - 'cp_dpage.php' Full Path Disclosure
AIOCP 1.3.x - 'cp_show_ec_products.php' Full Path Disclosure
AIOCP 1.3.x - 'cp_show_page_help.php' Full Path Disclosure
INFINICART - login.asp Multiple Parameter Cross-Site Scripting
INFINICART - 'login.asp' Multiple Parameter Cross-Site Scripting
Active PHP Bookmarks 1.1.2 - APB_SETTINGS['apb_path'] Multiple Remote File Inclusion
Active PHP Bookmarks 1.1.2 - APB_SETTINGS['apb_path' ] Multiple Remote File Inclusion
SIAP CMS - login.asp SQL Injection
SIAP CMS - 'login.asp' SQL Injection
AppIntellect SpotLight CRM - login.asp SQL Injection
AppIntellect SpotLight CRM - 'login.asp' SQL Injection
DMXReady Secure Login Manager 1.0 - login.asp sent Parameter SQL Injection
DMXReady Secure Login Manager 1.0 - 'login.asp' sent Parameter SQL Injection
PHPBB 2.0.21 - privmsg.php HTML Injection
phpBB 2.0.21 - privmsg.php HTML Injection
Indexu 5.0/5.3 - login.php error_msg Parameter Cross-Site Scripting
Indexu 5.0/5.3 - 'login.php' error_msg Parameter Cross-Site Scripting
myBloggie 2.1.5 - login.php PATH_INFO Parameter Cross-Site Scripting
myBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting
Avira Secure Backup 1.0.0.1 Build 3616 - '.reg'Buffer Overflow
Avira Secure Backup 1.0.0.1 Build 3616 - '.reg' Buffer Overflow
Boilsoft RM TO MP3 Converter 1.72 - Crash PoC '.wav'
Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash PoC
Tyger Bug Tracking System 1.1.3 - login.php PATH_INFO Parameter Cross-Site Scripting
Tyger Bug Tracking System 1.1.3 - 'login.php' PATH_INFO Parameter Cross-Site Scripting
Horde Framework 3.1.3 - login.php Cross-Site Scripting
Horde Framework 3.1.3 - 'login.php' Cross-Site Scripting
PHPStats 0.1.9 - Multiple SQL Injections
PHPStats 0.1.9 - PHP-Stats-options.php Remote Code Execution
phpStats 0.1.9 - Multiple SQL Injections
phpStats 0.1.9 - PHP-Stats-options.php Remote Code Execution
Free File Hosting System 1.1 - login.php AD_BODY_TEMP Parameter Remote File Inclusion
Free File Hosting System 1.1 - 'login.php' AD_BODY_TEMP Parameter Remote File Inclusion
DeskPro 2.0.1 - login.php HTML Injection
DeskPro 2.0.1 - 'login.php' HTML Injection
plesk 8.1.1 - login.php3 Directory Traversal
plesk 8.1.1 - 'login.php3' Directory Traversal
Ahhp Portal - page.php Multiple Remote File Inclusion
Ahhp Portal - 'page.php' Multiple Remote File Inclusion
Campsite 2.6.1 - 'LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ' LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ' LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion
PHPPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting
phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting
Maia Mailguard 1.0.2 - login.php Multiple Local File Inclusion
Maia Mailguard 1.0.2 - 'login.php' Multiple Local File Inclusion
Nukedit 4.9.x - login.asp Cross-Site Scripting
Nukedit 4.9.x - 'login.asp' Cross-Site Scripting
Pay Roll Time Sheet and Punch Card Application With Web UI - login.asp SQL Injection
Pay Roll Time Sheet and Punch Card Application With Web UI - 'login.asp' SQL Injection
RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp'Version Attribute Buffer Overflow
RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp' Version Attribute Buffer Overflow
PHPGedView 4.1 - login.php Cross-Site Scripting
PHPGedView 4.1 - 'login.php' Cross-Site Scripting
E-Smart Cart 1.0 - login.asp SQL Injection
AkkyWareHOUSE 7-zip32.dll 4.42 - Heap-Based Buffer Overflow
E-Smart Cart 1.0 - 'login.asp' SQL Injection
AkkyWareHOUSE 7-zip32.dll 4.42 - Heap Based Buffer Overflow
SWSoft Plesk 8.2 - login.php3 PLESKSESSID Cookie SQL Injection
SWSoft Plesk 8.2 - 'login.php3' PLESKSESSID Cookie SQL Injection
AfterLogic MailBee WebMail Pro 3.x - login.php mode Parameter Cross-Site Scripting
AfterLogic MailBee WebMail Pro 3.x - 'login.php' mode Parameter Cross-Site Scripting
Miro Broadcast Machine 0.9.9 - login.php Cross-Site Scripting
Miro Broadcast Machine 0.9.9 - 'login.php' Cross-Site Scripting
JiRo's Banner System 2.0 - login.asp Multiple SQL Injection
JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injection
WinUAE 1.4.4 - 'zfile.c' Stack-Based Buffer Overflow
WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow
Toshiba Surveillance Surveillix DVR 'MeIpCamX.DLL' 1.0 - ActiveX Control Buffer Overflow
Toshiba Surveillance Surveillix DVR 'MeIpCamX.dll' 1.0 - ActiveX Control Buffer Overflow
MuPDF 1.3 - Stack-based Buffer Overflow in xps_parse_color()
MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color()
Android Web Browser - GIF File Heap-Based Buffer Overflow
Android Web Browser - GIF File Heap Based Buffer Overflow
NCH Software Express Burn Plus 4.68 - '.EBP'Project File Buffer Overflow
NCH Software Express Burn Plus 4.68 - '.EBP' Project File Buffer Overflow
PHPstats 0.1_alpha - 'PHPstats.php' Cross-Site Scripting
phpStats 0.1_alpha - 'phpStats.php' Cross-Site Scripting
Publish-It 3.6d - '.pui'SEH Buffer Overflow
Publish-It 3.6d - '.pui' SEH Buffer Overflow
LeadTools Multimedia 15 - 'LTMM15.DLL' ActiveX Control Arbitrary File Overwrite Vulnerabilities
PHPBB PJIRC Module 0.5 - 'irc.php' Local File Inclusion
LeadTools Multimedia 15 - 'LTMM15.dll' ActiveX Control Arbitrary File Overwrite Vulnerabilities
phpBB PJIRC Module 0.5 - 'irc.php' Local File Inclusion
PHPBB Fishing Cat Portal Addon - 'functions_portal.php' Remote File Inclusion
phpBB Fishing Cat Portal Addon - 'functions_portal.php' Remote File Inclusion
EsContacts 1.0 - login.php msg Parameter Cross-Site Scripting
EsContacts 1.0 - 'login.php' msg Parameter Cross-Site Scripting
NASA Ames Research Center BigView 1.8 - '.PNM'Stack-Based Buffer Overflow
NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow
PHP Ticket System Beta 1 - 'get_all_created_by_user.php id parameter'SQL Injection
PHP Ticket System Beta 1 - 'get_all_created_by_user.php id parameter' SQL Injection
VCDGear 3.50 - '.cue'Stack Buffer Overflow
VCDGear 3.50 - '.cue' Stack Buffer Overflow
FaName 1.0 - page.php name Parameter Cross-Site Scripting
FaName 1.0 - 'page.php' name Parameter Cross-Site Scripting
TGS Content Management 0.3.2r2 - login.php Multiple Parameter Cross-Site Scripting
TGS Content Management 0.3.2r2 - 'login.php' Multiple Parameter Cross-Site Scripting
Claroline 1.8.9 - PHPbb/newtopic.php URL Cross-Site Scripting
Claroline 1.8.9 - PHPbb/reply.php URL Cross-Site Scripting
Claroline 1.8.9 - PHPbb/viewtopic.php URL Cross-Site Scripting
Claroline 1.8.9 - phpBB/newtopic.php URL Cross-Site Scripting
Claroline 1.8.9 - phpBB/reply.php URL Cross-Site Scripting
Claroline 1.8.9 - phpBB/viewtopic.php URL Cross-Site Scripting
Trixbox - 'endpoint_aastra.php mac parameter'Remote Code Injection
Trixbox - 'endpoint_aastra.php mac parameter' Remote Code Injection
Free Download Manager - Stack-based Buffer Overflow
Free Download Manager - Stack Based Buffer Overflow
XRms 1.99.2 - login.php target Parameter Cross-Site Scripting
XRms 1.99.2 - 'login.php' target Parameter Cross-Site Scripting
Microsoft DebugDiag 1.0 - 'CrashHangExt.dll' ActiveX Control Remote Denial of Service
Microsoft DebugDiag 1.0 - ' CrashHangExt.dll' ActiveX Control Remote Denial of Service
PHPWebSite 0.9.3 - 'links.php' SQL Injection
phpWebSite 0.9.3 - 'links.php' SQL Injection
Easyedit CMS - page.php intPageID Parameter SQL Injection
Easyedit CMS - 'page.php' intPageID Parameter SQL Injection
aMSN - '.ctt'Remote Denial of Service
aMSN - '.ctt' Remote Denial of Service
68 Classifieds 4.1 - login.php goto Parameter Cross-Site Scripting
68 Classifieds 4.1 - 'login.php' goto Parameter Cross-Site Scripting
ProFTPD 1.3 - 'mod_sql' Username SQL Injection
ProFTPd 1.3 - 'mod_sql' Username SQL Injection
LinPHA 1.3.2/1.3.3 - login.php Cross-Site Scripting
LinPHA 1.3.2/1.3.3 - 'login.php' Cross-Site Scripting
Recover Data for Novell Netware 1.0 - '.sav'Remote Denial of Service
Recover Data for Novell Netware 1.0 - '.sav' Remote Denial of Service
J. River Media Jukebox 12 - '.mp3'Remote Heap Buffer Overflow
J. River Media Jukebox 12 - '.mp3' Remote Heap Buffer Overflow
Invision Power Board 3.0.3 - '.txt'MIME-Type Cross-Site Scripting
Invision Power Board 3.0.3 - '.txt' MIME-Type Cross-Site Scripting
OpenOffice 3.1 - '.csv'Remote Denial of Service
OpenOffice 3.1 - '.csv' Remote Denial of Service
OpenOffice 3.1 - '.slk'NULL Pointer Dereference Remote Denial of Service
OpenOffice 3.1 - '.slk' NULL Pointer Dereference Remote Denial of Service
BS.Player 2.51 - '.mp3'Buffer Overflow
BS.Player 2.51 - '.mp3' Buffer Overflow
netKar PRO 1.1 - '.nkuser'File Creation NULL Pointer Denial Of Service
netKar PRO 1.1 - '.nkuser' File Creation NULL Pointer Denial Of Service
Aqua Real Screensaver - '.ar'Buffer Overflow
Aqua Real Screensaver - '.ar' Buffer Overflow
Mthree Development MP3 to WAV Decoder - '.mp3'Remote Buffer Overflow
Mthree Development MP3 to WAV Decoder - '.mp3' Remote Buffer Overflow
Sonique 2.0 - '.xpl'Remote Stack-Based Buffer Overflow
Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow
Property Watch - login.php redirect Parameter Cross-Site Scripting
Property Watch - 'login.php' redirect Parameter Cross-Site Scripting
Xilisoft Video Converter 3.1.8.0720b - '.ogg'Buffer Overflow
Xilisoft Video Converter 3.1.8.0720b - '.ogg' Buffer Overflow
Mulitple Wordpress Themes - 'admin-ajax.php img parameter'Arbitrary File Download
Mulitple Wordpress Themes - 'admin-ajax.php img parameter' Arbitrary File Download
Crystal Player 1.98 - '.mls'Buffer Overflow
Crystal Player 1.98 - '.mls' Buffer Overflow
Wordpress Acento Theme - 'view-pdf.php file parameter'Arbitrary File Download
Wordpress Acento Theme - 'view-pdf.php file parameter' Arbitrary File Download
GreenBrowser - 'RSRC32.DLL' DLL Loading Arbitrary Code Execution
GreenBrowser - 'RSRC32.dll' DLL Loading Arbitrary Code Execution
DragDropCart - login.php redirect Parameter Cross-Site Scripting
DragDropCart - 'login.php' redirect Parameter Cross-Site Scripting
Microsoft Bluetooth Personal Area Networking - 'BthPan.sys'Privilege Escalation
Microsoft Bluetooth Personal Area Networking - 'BthPan.sys' Privilege Escalation
WordPress RB Agency Plugin 2.4.7 - Local File Disclosure
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax'Buffer Overflow/Denial of Service EIP Overwrite
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow/Denial of Service EIP Overwrite
Wireshark 1.4.3 - '.pcap'Memory Corruption
Wireshark 1.4.3 - '.pcap' Memory Corruption
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax'SEH Buffer Overflow
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' SEH Buffer Overflow
KMPlayer 2.9.3.1214 - '.ksf'Remote Buffer Overflow
DivX Player 6.x - '.dps'Remote Buffer Overflow
KMPlayer 2.9.3.1214 - '.ksf' Remote Buffer Overflow
DivX Player 6.x - '.dps' Remote Buffer Overflow
VLC Media Player 1.0.5 - '.ape'Denial of Service
VLC Media Player 1.0.5 - '.ape' Denial of Service
RealPlayer 11 - '.rmp'Remote Buffer Overflow
RealPlayer 11 - '.rmp' Remote Buffer Overflow
Advantech AdamView 4.30.003 - '.gni'SEH Buffer Overflow
Advantech AdamView 4.30.003 - '.gni' SEH Buffer Overflow
FLVPlayer4Free 2.9 - '.fp4f'Remote Buffer Overflow
FLVPlayer4Free 2.9 - '.fp4f' Remote Buffer Overflow
eXPert PDF 7.0.880.0 - '.pj'Heab-based Buffer Overflow
eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow
BlueVoda Website Builder 11 - '.bvp' File Stack-Based Buffer Overflow
BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow
PHPWebSite 1.7.1 - 'upload.php' Arbitrary File Upload
phpWebSite 1.7.1 - 'upload.php' Arbitrary File Upload
xAurora 10.00 - 'RSRC32.DLL' DLL Loading Arbitrary Code Execution
xAurora 10.00 - 'RSRC32.dll' DLL Loading Arbitrary Code Execution
PHPWebSite 1.7.1 - 'mod.php' SQL Injection
phpWebSite 1.7.1 - 'mod.php' SQL Injection
Linux/x86 - custom execve-shellcode Encoder/Decoder
Linux/x86 - custom execve-Shellcode Encoder/Decoder
ProFTPd 1.3.5 (mod_copy) - Remote Command Execution
ProFTPd 1.3.5 - (mod_copy) Remote Command Execution
ProFTPD 1.3.5 - Mod_Copy Command Execution
ProFTPd 1.3.5 - 'Mod_Copy' Command Execution
Linux/x86 - Download & Execute shellcode
Linux/x86 - Download & Execute Shellcode
Adobe Flash - Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash - Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash - Heap Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File
Valhala Honeypot 1.8 - Stack-Based Buffer Overflow
Valhala Honeypot 1.8 - Stack Based Buffer Overflow
Microsoft Office 2007 - Malformed Document Stack-Based Buffer Overflow
Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow
WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass
WebKit Cross-Site Scripting Filter - ' Cross-Site ScriptingAuditor.cpp' Security Bypass
Mpxplay Multimedia Commander 2.00a - .m3u Stack-Based Buffer Overflow
Mpxplay Multimedia Commander 2.00a - .m3u Stack Based Buffer Overflow
Linux/x86-64 - /bin/sh shellcode
Linux/x86-64 - /bin/sh Shellcode
Last PassBroker 3.2.16 - Stack-Based Buffer Overflow
Last PassBroker 3.2.16 - Stack Based Buffer Overflow
C2 WebResource - 'File' Parameter Cross-Site Scripting
C2 WebResource - ' File' Parameter Cross-Site Scripting
SmallFTPD - Unspecified Denial of Service
SmallFTPd - Unspecified Denial of Service
VLC 2.2.1 libvlccore - '.mp3'Stack Overflow
VLC 2.2.1 libvlccore - '.mp3' Stack Overflow
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap-Based Out-of-Bounds Reads
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads
FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap-Based Out-of-Bounds Read
FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read
FBZX 2.10 - Local Stack-Based Buffer Overflow
FBZX 2.10 - Local Stack Based Buffer Overflow
TACK 1.07 - Local Stack-Based Buffer Overflow
TACK 1.07 - Local Stack Based Buffer Overflow
Dynamic Biz Website Builder (QuickWeb) 1.0 - login.asp Multiple Field SQL Injection Authentication Bypass
Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injection Authentication Bypass
Wireshark - iseries_parse_packet Heap-Based Buffer Overflow
Wireshark - dissect_tds7_colmetadata_token Stack-Based Buffer Overflow
Wireshark - iseries_parse_packet Heap Based Buffer Overflow
Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow
Wireshark - file_read (wtap_read_bytes_or_eof/mp2t_find_next_pcr) Stack-Based Buffer Overflow
Wireshark - file_read (wtap_read_bytes_or_eof/mp2t_find_next_pcr) Stack Based Buffer Overflow
Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack-Based Buffer Overflow
Wireshark - find_signature Stack-Based Out-of-Bounds Read
Wireshark - AirPDcapPacketProcess Stack-Based Buffer Overflow
Wireshark - getRate Stack-Based Out-of-Bounds Read
Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow
Wireshark - find_signature Stack Based Out-of-Bounds Read
Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow
Wireshark - getRate Stack Based Out-of-Bounds Read
Adobe Flash TextField.variable Setter - Use-After-Free
Adobe Flash TextField.Variable Setter - Use-After-Free
Wireshark infer_pkt_encap - Heap-Based Out-of-Bounds Read
Wireshark AirPDcapDecryptWPABroadcastKey - Heap-Based Out-of-Bounds Read
Wireshark infer_pkt_encap - Heap Based Out-of-Bounds Read
Wireshark AirPDcapDecryptWPABroadcastKey - Heap Based Out-of-Bounds Read
eshtery CMS - 'FileManager.aspx' Local File Disclosure
eshtery CMS - ' FileManager.aspx' Local File Disclosure
pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap-Based Out-of-Bounds Read
pdfium CPDF_TextObject::CalcPositionData - Heap-Based Out-of-Bounds Read
pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap Based Out-of-Bounds Read
pdfium CPDF_TextObject::CalcPositionData - Heap Based Out-of-Bounds Read
pdfium CPDF_Function::Call - Stack-Based Buffer Overflow
pdfium CPDF_Function::Call - Stack Based Buffer Overflow
MySQL 5.5.45 (64bit) - Local Credentials Disclosure
pdfium - opj_jp2_apply_pclr (libopenjpeg) Heap-Based Out-of-Bounds Read
pdfium - opj_j2k_read_mcc (libopenjpeg) Heap-Based Out-of-Bounds Read
Wireshark - iseries_check_file_type Stack-Based Out-of-Bounds Read
Wireshark - dissect_nhdr_extopt Stack-Based Buffer Overflow
pdfium - opj_jp2_apply_pclr (libopenjpeg) Heap Based Out-of-Bounds Read
pdfium - opj_j2k_read_mcc (libopenjpeg) Heap Based Out-of-Bounds Read
Wireshark - iseries_check_file_type Stack Based Out-of-Bounds Read
Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow
Wireshark - nettrace_3gpp_32_423_file_open Stack-Based Out-of-Bounds Read
Wireshark - dissect_ber_constrained_bitstring Heap-Based Out-of-Bounds Read
Wireshark - nettrace_3gpp_32_423_file_open Stack Based Out-of-Bounds Read
Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read
Tftpd32 and Tftpd64 - Denial Of Service
TFTPD32 and Tftpd64 - Denial Of Service
glibc - getaddrinfo Stack-Based Buffer Overflow
glibc - getaddrinfo Stack Based Buffer Overflow
Wireshark - vwr_read_s2_s3_W_rec Heap-Based Buffer Overflow
libxml2 - xmlDictAddString Heap-Based Buffer Overread
libxml2 - xmlParseEndTag2 Heap-Based Buffer Overread
libxml2 - xmlParserPrintFileContextInternal Heap-Based Buffer Overread
libxml2 - htmlCurrentChar Heap-Based Buffer Overread
Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow
libxml2 - xmlDictAddString Heap Based Buffer Overread
libxml2 - xmlParseEndTag2 Heap Based Buffer Overread
libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread
libxml2 - htmlCurrentChar Heap Based Buffer Overread
Kamailio 4.3.4 - Heap-Based Buffer Overflow
Kamailio 4.3.4 - Heap Based Buffer Overflow
Wireshark - dissect_pktc_rekey Heap-based Out-of-Bounds Read
Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read
Wireshark - dissect_2008_16_security_4 Stack-Based Buffer Overflow
Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow
TRN Threaded USENET News Reader 3.6-23 - Local Stack-Based Overflow
TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow
NRSS Reader 0.3.9 - Local Stack-Based Overflow
NRSS Reader 0.3.9 - Local Stack Based Overflow
Wireshark - AirPDcapDecryptWPABroadcastKey Heap-Based Out-of-Bounds Read
Wireshark - AirPDcapDecryptWPABroadcastKey Heap Based Out-of-Bounds Read
Windows - gdi32.dll Heap-Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Windows - gdi32.dll Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Graphite2 - GlyphCache::GlyphCache Heap-Based Buffer Overflow
Graphite2 - GlyphCache::Loader Heap-Based Overreads
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap-Based Overread
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap-Based Overread
Graphite2 - NameTable::getName Multiple Heap-Based Out-of-Bounds Reads
Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow
Graphite2 - GlyphCache::Loader Heap Based Overreads
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread
Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads
Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap-Based Memory Corruption
Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption
Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap-Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)
Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)
Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap-Based Buffer Overflow (MS16-097)
Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
PHP 5.0.0 - imap_mail() Local Denial of Service
PHP 5.0.0 - 'imap_mail()' Local Denial of Service
PHP 5.0.0 - html_doc_file() Local Denial of Service
PHP 5.0.0 - 'html_doc_file()' Local Denial of Service
2016-09-06 05:08:08 +00:00
Offensive Security
51bcf38036
DB: 2016-09-05
...
1 new exploits
Too many to list!
2016-09-05 05:09:09 +00:00
Offensive Security
b2749125b0
DB: 2016-09-04
2016-09-04 05:08:08 +00:00
Offensive Security
31a21bb68d
DB: 2016-09-03
...
14 new exploits
Too many to list!
2016-09-03 05:08:42 +00:00
Offensive Security
f96ddba143
DB: 2016-09-02
...
2 new exploits
SAPID Blog beta 2 - (root_path) Remote File Inclusion
SAPID Gallery 1.0 - (root_path) Remote File Inclusion
SAPID Shop 1.2 - (root_path) Remote File Inclusion
SAPID Blog beta 2 - (root_path) Remote File Inclusion
SAPID Gallery 1.0 - (root_path) Remote File Inclusion
SAPID Shop 1.2 - (root_path) Remote File Inclusion
PHPCodeCabinet 0.5 - (Core.php) Remote File Inclusion
phNNTP 1.3 - (article-raw.php) Remote File Inclusion
Cwfm 0.9.1 - (Language) Remote File Inclusion
PHP 4.4.3 / 5.1.4 - (objIndex) Local Buffer Overflow PoC
Cwfm 0.9.1 - (Language) Remote File Inclusion
PHP 4.4.3 / 5.1.4 - (objIndex) Local Buffer Overflow PoC
PgMarket 2.2.3 - (CFG[libdir]) Remote File Inclusion
PHPMyRing 4.2.0 - (view_com.php) SQL Injection
SAPID CMS 1.2.3_rc3 - (rootpath) Remote Code Execution Exploit
phpwcms 1.1-RC4 - (spaw) Remote File Inclusion
Spaminator 1.7 - (page) Remote File Inclusion
Thatware 0.4.6 - (root_path) Remote File Inclusion
Spaminator 1.7 - (page) Remote File Inclusion
Thatware 0.4.6 - (root_path) Remote File Inclusion
phpPrintAnalyzer 1.2 - Remote File Inclusion
Wheatblog 1.1 - (session.php) Remote File Inclusion
phPay 2.02 - (nu_mail.inc.php) Remote mail() Injection Exploit
WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Dislcosure/Arbitrary File Upload
WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Disclosure/Arbitrary File Upload
FortiClient SSLVPN 5.4 - Credentials Disclosure
2016-09-02 05:08:35 +00:00
Offensive Security
3a2154afbd
DB: 2016-09-01
...
15 new exploits
WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Dislcosure/Arbitrary File Upload
PHP 5.0.0 - snmpwalkoid() Local Denial of Service
PHP 5.0.0 - fbird_[p]connect() Local Denial of Service
PHP 5.0.0 - snmpwalk() Local Denial of Service
PHP 5.0.0 - snmprealwalk() Local Denial of Service
PHP 5.0.0 - snmpset() Local Denial of Service
PHP 7.0 - AppendIterator::append Local Denial of Service
ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation
ZKTeco ZKBioSecurity 3.0 - Hardcoded Credentials Remote SYSTEM Code Execution
ZKTeco ZKBioSecurity 3.0 - (Add Superadmin) Cross-Site Request Forgery
ZKTeco ZKBioSecurity 3.0 - Directory Traversal
ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authorization Bypass
ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting
PHP 7.0 - JsonSerializable::jsonSerialize json_encode Local Denial of Service
2016-09-01 05:08:40 +00:00
Offensive Security
1f0c845486
DB: 2016-08-31
...
3 new exploits
Too many to list!
2016-08-31 05:07:37 +00:00
Offensive Security
760d823bc8
DB: 2016-08-30
...
18 new exploits
Too many to list!
2016-08-30 05:08:40 +00:00
Offensive Security
4011b4f053
DB: 2016-08-27
2016-08-27 05:08:40 +00:00
Offensive Security
9be5679994
DB: 2016-08-26
...
1 new exploits
Too many to list!
2016-08-26 05:06:52 +00:00
Offensive Security
8650c53f70
DB: 2016-08-25
2016-08-25 10:41:52 +00:00
Offensive Security
4c43b1da2b
DB: 2016-08-25
2016-08-25 05:07:18 +00:00
Offensive Security
6be90e9280
DB: 2016-08-24
...
5 new exploits
Too many to list!
2016-08-24 05:06:46 +00:00
Offensive Security
0be2139745
DB: 2016-08-23
...
7 new exploits
Too many to list!
2016-08-23 05:06:48 +00:00
Offensive Security
a1d85642d6
DB: 2016-08-22
2016-08-22 05:08:19 +00:00
Offensive Security
32bd251480
DB: 2016-08-20
...
17 new exploits
Too many to list!
2016-08-20 05:06:28 +00:00
Offensive Security
ae53a02150
DB: 2016-08-19
...
4 new exploits
Too many too list!
2016-08-19 05:06:41 +00:00
Offensive Security
5be2377b41
DB: 2016-08-18
...
4 new exploits
Apache 2.0.44 (Linux) - Remote Denial of Service Exploit
Apache 2.0.44 (Linux) - Remote Denial of Service
Chindi Server 1.0 - Denial of Service Exploit
Chindi Server 1.0 - Denial of Service
Xeneo Web Server 2.2.9.0 - Denial of Service Exploit
Xeneo Web Server 2.2.9.0 - Denial of Service
Microsoft Windows IIS 5.0 < 5.1 - Remote Denial of Service Exploit
Microsoft Windows IIS 5.0 < 5.1 - Remote Denial of Service
Cisco IOS - IPv4 Packets Denial of Service Exploit
Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service Exploit
Microsoft Windows 2000 - RPC DCOM Interface DoS Exploit
Cisco IOS - (using hping) Remote Denial of Service Exploit
Cisco IOS - IPv4 Packets Denial of Service
Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service
Microsoft Windows 2000 - RPC DCOM Interface Denial of Service
Cisco IOS - (using hping) Remote Denial of Service
Linux Kernel 2.4.20 - decode_fh Denial of Service Exploit
Linux Kernel 2.4.20 - decode_fh Denial of Service
Trillian 0.74 - Remote Denial of Service Exploit
Trillian 0.74 - Remote Denial of Service
Piolet Client 1.05 - Remote Denial of Service Exploit
Piolet Client 1.05 - Remote Denial of Service
Microsoft Windows Messenger Service - Denial of Service Exploit (MS03-043)
Microsoft Windows Messenger Service - Denial of Service (MS03-043)
wu-ftpd 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service Exploit
wu-ftpd 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service
Eznet 3.5.0 - Remote Stack Overflow / Denial of Service Exploit
Eznet 3.5.0 - Remote Stack Overflow / Denial of Service
Ethereal - EIGRP Dissector TLV_IP_INT Long IP Remote DoS Exploit
Ethereal - EIGRP Dissector TLV_IP_INT Long IP Remote Denial of Service
Microsoft Windows IIS - SSL Remote Denial of Service Exploit (MS04-011)
Microsoft Windows IIS - SSL Remote Denial of Service (MS04-011)
Microsoft Windows - 'Jolt2.c' Denial of Service Exploit
Microsoft Windows - 'Jolt2.c' Denial of Service
ProFTPD 1.2.0pre10 - Remote Denial of Service Exploit
ProFTPD 1.2.0pre10 - Remote Denial of Service
APC UPS 3.7.2 - (apcupsd) Local Denial of Service Exploit
APC UPS 3.7.2 - (apcupsd) Local Denial of Service
Novell BorderManager Enterprise Edition 3.5 - Denial of Service Exploit
Novell BorderManager Enterprise Edition 3.5 - Denial of Service
Linux Kernel 2.6.3 - 'setsockopt' Local Denial of Service Exploit
Linux Kernel 2.6.3 - 'setsockopt' Local Denial of Service
Emule 0.42e Remote Denial of Service Exploit
Emule 0.42e Remote Denial of Service
Linux Kernel 2.4.x / 2.6.x - Assembler Inline Function Local DoS Exploit
Linux Kernel 2.4.x / 2.6.x - Assembler Inline Function Local Denial of Service
Ping of Death Remote Denial of Service Exploit
Ping of Death Remote Denial of Service
Microsoft Windows NT Crash with an Extra Long Username DoS Exploit
Microsoft Windows NT Crash with an Extra Long Username Denial of Service
TCP SYN - 'bang.c' Denial of Service Exploit
UDP Stress Tester Denial of Service Exploit
TCP SYN - 'bang.c' Denial of Service
UDP Stress Tester Denial of Service
OverByte ICS FTP Server Remote Denial of Service Exploit
OverByte ICS FTP Server Remote Denial of Service
Xitami Web Server Denial of Service Exploit
Xitami Web Server Denial of Service
Microsoft Internet Explorer - Denial of Service Exploit (11 bytes)
Microsoft Windows SMS 2.0 - Denial of Service Exploit
Microsoft Internet Explorer - Denial of Service (11 bytes)
Microsoft Windows SMS 2.0 - Denial of Service
Citadel/UX Remote Denial of Service Exploit (PoC)
Citadel/UX Remote Denial of Service (PoC)
psyBNC 2.3 - Denial of Service Exploit
psyBNC 2.3 - Denial of Service
Microsoft Messenger - Denial of Service Exploit (MS03-043) (Linux)
Microsoft Messenger - Denial of Service (MS03-043) (Linux)
BadBlue 2.52 Web Server - Multiple Connections Denial of Service Exploit
BadBlue 2.52 Web Server - Multiple Connections Denial of Service
Painkiller 1.3.1 - Denial of Service Exploit
Easy File Sharing Webserver 1.25 - Denial of Service Exploit
Painkiller 1.3.1 - Denial of Service
Easy File Sharing Webserver 1.25 - Denial of Service
WFTPD Pro Server 3.21 MLST Remote Denial of Service Exploit
CesarFTP Server Long Command Denial of Service Exploit
Ground Control 1.0.0.7 - (Server/Client) Denial of Service Exploit
WFTPD Pro Server 3.21 MLST Remote Denial of Service
CesarFTP Server Long Command Denial of Service
Ground Control 1.0.0.7 - (Server/Client) Denial of Service
Call of Duty 1.4 - Denial of Service Exploit
Call of Duty 1.4 - Denial of Service
Serv-U < 5.2 - Remote Denial of Service Exploit
Serv-U < 5.2 - Remote Denial of Service
Pigeon Server 3.02.0143 - Denial of Service Exploit
Pigeon Server 3.02.0143 - Denial of Service
Emulive Server4 7560 - Remote Denial of Service Exploit
Emulive Server4 7560 - Remote Denial of Service
PopMessenger 1.60 - Remote Denial of Service Exploit
PopMessenger 1.60 - Remote Denial of Service
MyServer 0.7.1 - (POST) Denial of Service Exploit
MyServer 0.7.1 - (POST) Denial of Service
MSSQL 7.0 - Remote Denial of Service Exploit
MSSQL 7.0 - Remote Denial of Service
Microsoft Windows NNTP Service (XPAT) Denial of Service Exploit (MS04-036)
Microsoft Windows NNTP Service (XPAT) Denial of Service (MS04-036)
Microsoft Windows IIS - WebDAV XML Denial of Service Exploit (MS04-030)
Microsoft Windows IIS - WebDAV XML Denial of Service (MS04-030)
BaSoMail Server 1.24 POP3/SMTP Remote Denial of Service Exploit
BaSoMail Server 1.24 POP3/SMTP Remote Denial of Service
BaSoMail - Multiple Buffer Overflow Denial of Service Exploit
BaSoMail - Multiple Buffer Overflow Denial of Service
Master of Orion III 1.2.5 - Denial of Service Exploit
Master of Orion III 1.2.5 - Denial of Service
Alpha Black Zero 1.04 - Remote Denial of Service Exploit
Alpha Black Zero 1.04 - Remote Denial of Service
Flash Messaging 5.2.0g - Remote Denial of Service Exploit
Flash Messaging 5.2.0g - Remote Denial of Service
WinFTP Server 1.6 - Denial of Service Exploit
Kerio Personal Firewall 4.1.1 - Multiple IP Options DoS Exploit
WinFTP Server 1.6 - Denial of Service
Kerio Personal Firewall 4.1.1 - Multiple IP Options Denial of Service
NetNote Server 2.2 build 230 - Crafted String DoS Exploit
NetNote Server 2.2 build 230 - Crafted String Denial of Service
Secure Network Messenger 1.4.2 - Denial of Service Exploit
Secure Network Messenger 1.4.2 - Denial of Service
Soldier of Fortune II 1.3 Server/Client - Denial of Service Exploit
Soldier of Fortune II 1.3 Server/Client - Denial of Service
Star Wars Battlefront 1.1 - Fake Players Denial of Service Exploit
Star Wars Battlefront 1.1 - Fake Players Denial of Service
3Dmax 6.x backburner Manager 2.2 - Denial of Service Exploit
3Dmax 6.x backburner Manager 2.2 - Denial of Service
Jana Server 2.4.4 - (http/pna) Denial of Service Exploit
Jana Server 2.4.4 - (http/pna) Denial of Service
Neverwinter Nights special Fake Players Denial of Service Exploit
Kreed 1.05 - Format String / Denial of Service Exploit
Neverwinter Nights special Fake Players Denial of Service
Kreed 1.05 - Format String / Denial of Service
Codename Eagle 1.42 - Socket Unreacheable DoS Exploit
Codename Eagle 1.42 - Socket Unreacheable Denial of Service
Linux Kernel 2.4.28 / 2.6.9 - scm_send Local DoS Exploit
Linux Kernel 2.6.9 / 2.4.22-28 - 'igmp.c' Local Denial of Service Exploit
Linux Kernel 2.4.28 / 2.6.9 - scm_send Local Denial of Service
Linux Kernel 2.6.9 / 2.4.22-28 - 'igmp.c' Local Denial of Service
Ricoh Aficio 450/455 PCL 5e Printer ICMP Denial of Service Exploit
Ricoh Aficio 450/455 PCL 5e Printer ICMP Denial of Service
SOLDNER Secret Wars 30830 - Denial of Service Exploit
SOLDNER Secret Wars 30830 - Denial of Service
iWebNegar 1.1 - Configuration Nullification Denial of Service Exploit
iWebNegar 1.1 - Configuration Nullification Denial of Service
Gore 1.50 - Socket Unreacheable Denial of Service Exploit
Gore 1.50 - Socket Unreacheable Denial of Service
TinyWeb 1.9 - Denial of Service Exploit
TinyWeb 1.9 - Denial of Service
ngIRCd 0.8.1 - Remote Denial of Service Exploit (2)
ngIRCd 0.8.1 - Remote Denial of Service (2)
Foxmail 2.0 - (MAIL FROM:) Denial of Service Exploit
Foxmail 2.0 - (MAIL FROM:) Denial of Service
Mac OS X AppleFileServer Remote Denial of Service Exploit
Mac OS X AppleFileServer Remote Denial of Service
webconnect 6.4.4 < 6.5 - Directory Traversal / Denial of Service Exploit
webconnect 6.4.4 < 6.5 - Directory Traversal / Denial of Service
wu-ftpd 2.6.2 - File Globbing Denial of Service Exploit
Knet 1.04c - Buffer Overflow Denial of Service Exploit
wu-ftpd 2.6.2 - File Globbing Denial of Service
Knet 1.04c - Buffer Overflow Denial of Service
Scrapland 1.0 - Server Termination Denial of Service Exploit
Scrapland 1.0 - Server Termination Denial of Service
Apache 2.0.52 - HTTP GET request Denial of Service Exploit
Apache 2.0.52 - HTTP GET request Denial of Service
Microsoft Windows 2003/XP - Remote Denial of Service Exploit
Microsoft Windows 2003/XP - Remote Denial of Service
OpenBSD 2.0 - 3.6 TCP TIMESTAMP Remote Denial of Service Exploit
OpenBSD 2.0 - 3.6 TCP TIMESTAMP Remote Denial of Service
Freeciv Server 2.0.0beta8 - Denial of Service Exploit
Freeciv Server 2.0.0beta8 - Denial of Service
PlatinumFTP 1.0.18 - Multiple Remote Denial of Service Exploit
MailEnable 1.8 - Remote Format String Denial of Service Exploit
phpDEV5 - System-Call Local Denial of Service Exploit
PlatinumFTP 1.0.18 - Multiple Remote Denial of Service
MailEnable 1.8 - Remote Format String Denial of Service
phpDEV5 - System-Call Local Denial of Service
MCPWS Personal WebServer 1.3.21 - Denial of Service Exploit
MCPWS Personal WebServer 1.3.21 - Denial of Service
Ocean FTP Server 1.00 - Denial of Service Exploit
Ocean FTP Server 1.00 - Denial of Service
SPECTral Personal SMTP Server 0.4.2 - Denial of Service Exploit
SPECTral Personal SMTP Server 0.4.2 - Denial of Service
Linux Kernel 2.6.10 - Local Denial of Service Exploit
Linux Kernel 2.6.10 - Local Denial of Service
ArGoSoft FTP Server 1.4.2.8 - Denial of Service Exploit
ArGoSoft FTP Server 1.4.2.8 - Denial of Service
Linux Kernel PPC64/IA64 (AIO) - Local Denial of Service Exploit
Linux Kernel PPC64/IA64 (AIO) - Local Denial of Service
MailEnable Enterprise 1.x - SMTP Remote Denial of Service Exploit
MailEnable Enterprise 1.x - SMTP Remote Denial of Service
Yager 5.24 - Multiple Denial of Service Exploit
Microsoft Windows - Malformed IP Options DoS Exploit (MS05-019)
Yager 5.24 - Multiple Denial of Service
Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)
PostgreSQL 8.01 - Remote Reboot Denial of Service Exploit
PostgreSQL 8.01 - Remote Reboot Denial of Service
Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages DoS Exploit
Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service
Ethereal 0.10.10 / tcpdump 3.9.1 - (rsvp_print) Infinite Loop Denial of Service Exploit
Tcpdump 3.8.x - (ldp_print) Infinite Loop Denial of Service Exploit
Tcpdump 3.8.x - (rt_routing_info) Infinite Loop Denial of Service Exploit
Tcpdump 3.8.x/3.9.1 - (isis_print) Infinite Loop DoS Exploit
Ethereal 0.10.10 / tcpdump 3.9.1 - (rsvp_print) Infinite Loop Denial of Service
Tcpdump 3.8.x - (ldp_print) Infinite Loop Denial of Service
Tcpdump 3.8.x - (rt_routing_info) Infinite Loop Denial of Service
Tcpdump 3.8.x/3.9.1 - (isis_print) Infinite Loop Denial of Service
Ashley's Web Server Denial of Service Exploit
Ashley's Web Server Denial of Service
DataTrac Activity Console Denial of Service Exploit
Ethereal 0.10.10 - (dissect_ipc_state) Remote Denial of Service Exploit
DataTrac Activity Console Denial of Service
Ethereal 0.10.10 - (dissect_ipc_state) Remote Denial of Service
Remote File Manager 1.0 - Denial of Service Exploit
Remote File Manager 1.0 - Denial of Service
Linux Kernel 2.6.12-rc4 - (ioctl_by_bdev) Local Denial of Service Exploit
Linux Kernel 2.6.12-rc4 - (ioctl_by_bdev) Local Denial of Service
Microsoft Windows 2003/XP - IPv6 Remote Denial of Service Exploit
Microsoft Windows 2003/XP - IPv6 Remote Denial of Service
TCP TIMESTAMPS Denial of Service Exploit
TCP TIMESTAMPS Denial of Service
FutureSoft TFTP Server 2000 - Remote Denial of Service Exploit
FutureSoft TFTP Server 2000 - Remote Denial of Service
Tcpdump bgp_update_print Remote Denial of Service Exploit
Tcpdump bgp_update_print Remote Denial of Service
TCP-IP Datalook 1.3 - Local Denial of Service Exploit
TCP-IP Datalook 1.3 - Local Denial of Service
UBB Threads < 6.5.2 Beta (mailthread.php) SQL Injection Exploit
UBB Threads < 6.5.2 Beta - (mailthread.php) SQL Injection Exploit
TCP Chat (TCPX) 1.0 - Denial of Service Exploit
TCP Chat (TCPX) 1.0 - Denial of Service
PrivaShare 1.3 - Denial of Service Exploit
AnalogX SimpleServer:WWW 1.05 - Denial of Service Exploit
PrivaShare 1.3 - Denial of Service
AnalogX SimpleServer:WWW 1.05 - Denial of Service
Remote File Explorer 1.0 - Denial of Service Exploit
wMailServer 1.0 - Remote Denial of Service Exploit
Remote File Explorer 1.0 - Denial of Service
wMailServer 1.0 - Remote Denial of Service
Microsoft Windows Netman Service Local Denial of Service Exploit
NetPanzer 0.8 - Remote Denial of Service Exploit
Microsoft Windows Netman Service Local Denial of Service
NetPanzer 0.8 - Remote Denial of Service
Remote Control Server 1.6.2 - Denial of Service Exploit
Remote Control Server 1.6.2 - Denial of Service
DzSoft PHP Editor 3.1.2.8 - Denial of Service Exploit
DzSoft PHP Editor 3.1.2.8 - Denial of Service
Intruder Client 1.00 - Remote Command Execution & DoS Exploit
Intruder Client 1.00 - Remote Command Execution & Denial of Service
FTPshell Server 3.38 - Remote Denial of Service Exploit
FTPshell Server 3.38 - Remote Denial of Service
BusinessMail Server 4.60.00 - Remote Denial of Service Exploit
BusinessMail Server 4.60.00 - Remote Denial of Service
Quick 'n EasY 3.0 FTP Server Remote Denial of Service Exploit
Quick 'n EasY 3.0 FTP Server Remote Denial of Service
Acunetix HTTP Sniffer - Denial of Service Exploit
Acunetix HTTP Sniffer - Denial of Service
Microsoft Windows XP SP2 - (rdpwd.sys) Remote Kernel DoS Exploit
Microsoft Windows XP SP2 - (rdpwd.sys) Remote Kernel Denial of Service
Grandstream Budge Tone 101/102 VOIP Phone Denial of Service Exploit
Grandstream Budge Tone 101/102 VOIP Phone Denial of Service
Chris Moneymakers World Poker Championship 1.0 DoS Exploit
GTChat 0.95 Alpha - Remote Denial of Service Exploit
Chris Moneymakers World Poker Championship 1.0 Denial of Service
GTChat 0.95 Alpha - Remote Denial of Service
GoodTech SMTP Server 5.14 - Denial of Service Exploit
IA eMailServer Corporate Edition 5.2.2 - DoS Exploit
GoodTech SMTP Server 5.14 - Denial of Service
IA eMailServer Corporate Edition 5.2.2 - Denial of Service
GTChat 0.95 Alpha - (adduser) Remote Denial of Service Exploit
Ventrilo 2.3.0 - Remote Denial of Service Exploit (all platforms)
GTChat 0.95 Alpha - (adduser) Remote Denial of Service
Ventrilo 2.3.0 - Remote Denial of Service (all platforms)
Battlefield (BFCC/BFVCC/BF2CC) - Login Bypass/Pass Stealer/DoS Exploit
Battlefield (BFCC/BFVCC/BF2CC) - Login Bypass/Pass Stealer/Denial of Service
P2P Pro 1.0 - (command) Denial of Service Exploit
P2P Pro 1.0 - (command) Denial of Service
CUPS Server 1.1 - (Get Request) Denial of Service Exploit
CUPS Server 1.1 - (Get Request) Denial of Service
BNBT BitTorrent EasyTracker 7.7r3 - Denial of Service Exploit
BNBT BitTorrent EasyTracker 7.7r3 - Denial of Service
COOL! Remote Control 1.12 - Remote Denial of Service Exploit
Snort 2.4.0 SACK TCP Option Error Handling Denial of Service Exploit
COOL! Remote Control 1.12 - Remote Denial of Service
Snort 2.4.0 SACK TCP Option Error Handling Denial of Service
Stoney FTPd Denial of Service Exploit (rxBot mods ftpd)
Stoney FTPd Denial of Service (rxBot mods ftpd)
Fastream NETFile Web Server 7.1.2 - (HEAD) DoS Exploit
Fastream NETFile Web Server 7.1.2 - (HEAD) Denial of Service
MCCS (Multi-Computer Control Systems) Command DoS Exploit
MCCS (Multi-Computer Control Systems) Command Denial of Service
Mozilla Firefox 1.0.7 - Integer Overflow Denial of Service Exploit
Mozilla Firefox 1.0.7 - Integer Overflow Denial of Service
Virtools Web Player 3.0.0.100 - Buffer Overflow DoS Exploit
Virtools Web Player 3.0.0.100 - Buffer Overflow Denial of Service
RBExplorer 1.0 - (Hijacking Command) Denial of Service Exploit
RBExplorer 1.0 - (Hijacking Command) Denial of Service
Mozilla (Firefox 1.0.7) (Thunderbird 1.0.6) Denial of Service Exploit
Opera 8.02 - Remote Denial of Service Exploit (1)
Opera 8.02 - Remote Denial of Service Exploit (2)
Mozilla (Firefox 1.0.7) (Thunderbird 1.0.6) Denial of Service
Opera 8.02 - Remote Denial of Service (1)
Opera 8.02 - Remote Denial of Service (2)
Mozilla (Firefox 1.0.7) (Mozilla 1.7.12) Denial of Service Exploit
Mozilla (Firefox 1.0.7) (Mozilla 1.7.12) Denial of Service
Microsoft Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047)
Microsoft Windows Plug-and-Play (Umpnpmgr.dll) Denial of Service (MS05-047)
Microsoft Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) (2)
Microsoft Windows Plug-and-Play (Umpnpmgr.dll) Denial of Service (MS05-047) (2)
Microsoft Internet Explorer 6.0 - (mshtmled.dll) Denial of Service Exploit
Microsoft Internet Explorer 6.0 - (mshtmled.dll) Denial of Service
Battle Carry .005 Socket Termination Denial of Service Exploit
Blitzkrieg 2 <= 1.21 - (server/client) Denial of Service Exploit
FlatFrag 0.3 - Buffer Overflow / Denial of Service Exploit
Battle Carry .005 Socket Termination Denial of Service
Blitzkrieg 2 <= 1.21 - (server/client) Denial of Service
FlatFrag 0.3 - Buffer Overflow / Denial of Service
Microsoft Windows 2000 - UPNP (getdevicelist) Memory Leak DoS Exploit
Microsoft Windows 2000 - UPNP (getdevicelist) Memory Leak Denial of Service
Macromedia Flash Plugin 7.0.19.0 - (Action) Denial of Service Exploit
Macromedia Flash Plugin 7.0.19.0 - (Action) Denial of Service
Cisco PIX Spoofed TCP SYN Packets Remote Denial of Service Exploit
FreeFTPD 1.0.10 - (PORT Command) Denial of Service Exploit
Cisco PIX Spoofed TCP SYN Packets Remote Denial of Service
FreeFTPD 1.0.10 - (PORT Command) Denial of Service
Microsoft Windows Metafile (gdi32.dll) Denial of Service Exploit (MS05-053)
Xaraya 1.0.0 RC4 - create() Denial of Service Exploit
Microsoft Windows Metafile - (mtNoObjects) Denial of Service Exploit (MS05-053)
Microsoft Windows Metafile (gdi32.dll) Denial of Service (MS05-053)
Xaraya 1.0.0 RC4 - create() Denial of Service
Microsoft Windows Metafile - (mtNoObjects) Denial of Service (MS05-053)
SugarSuite Open Source 4.0beta Remote Code Execution Exploit
SugarSuite Open Source 4.0beta - Remote Code Execution Exploit
Macromedia Flash Media Server 2 - Remote Denial of Service Exploit
Macromedia Flash Media Server 2 - Remote Denial of Service
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (Perl)
Microsoft Windows IIS - Malformed HTTP Request Denial of Service
Microsoft Windows IIS - Malformed HTTP Request Denial of Service (Perl)
BZFlag 2.0.4 - (undelimited string) Denial of Service Exploit
BZFlag 2.0.4 - (undelimited string) Denial of Service
Microsoft Internet Explorer 6.0 - (mshtml.dll div) Denial of Service Exploit
Microsoft Internet Explorer 6.0 - (mshtml.dll div) Denial of Service
Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (cpp)
Microsoft Windows IIS - Malformed HTTP Request Denial of Service (cpp)
BlueCoat WinProxy 6.0 R1c (GET Request) Denial of Service Exploit
BlueCoat WinProxy 6.0 R1c (GET Request) Denial of Service
Cisco IP Phone 7940 - (Reboot) Denial of Service Exploit
Cisco IP Phone 7940 - (Reboot) Denial of Service
Cerberus FTP Server 2.32 - Denial of Service Exploit
Cerberus FTP Server 2.32 - Denial of Service
Arescom NetDSL-1000 - (telnetd) Remote Denial of Service Exploit
Arescom NetDSL-1000 - (telnetd) Remote Denial of Service
Sony/Ericsson Bluetooth (Reset Display) Denial of Service Exploit
Sony/Ericsson Bluetooth (Reset Display) Denial of Service
Half-Life CSTRIKE Server 1.6 (Non Steam) - Denial of Service Exploit
Half-Life CSTRIKE Server 1.6 (Non Steam) - Denial of Service
Invision Power Board 2.1.4 - (Register Users) Denial of Service Exploit
Invision Power Board 2.1.4 - (Register Users) Denial of Service
D-Link Wireless Access Point (Fragmented UDP) DoS Exploit
D-Link Wireless Access Point (Fragmented UDP) Denial of Service
PunBB 2.0.10 - (Register Multiple Users) Denial of Service Exploit
PunBB 2.0.10 - (Register Multiple Users) Denial of Service
Lansuite 2.1.0 Beta (fid) SQL Injection Exploit
Lansuite 2.1.0 Beta - (fid) SQL Injection Exploit
FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service Exploit
FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service
LieroX 0.62b Remote Server/Client Denial of Service Exploit
LieroX 0.62b Remote Server/Client Denial of Service
Guppy 4.5.11 - (Delete Databases) Remote Denial of Service Exploit
Guppy 4.5.11 - (Delete Databases) Remote Denial of Service
Mercur Mailserver 5.0 SP3 - (IMAP) Denial of Service Exploit
Mercur Mailserver 5.0 SP3 - (IMAP) Denial of Service
Microsoft Windows 2003/XP - (IGMP v3) Denial of Service Exploit (MS06-007)
Microsoft Windows 2003/XP - (IGMP v3) Denial of Service (MS06-007)
Microsoft Windows 2003/XP - (IGMP v3) Denial of Service Exploit (MS06-007) (2)
Microsoft Windows 2003/XP - (IGMP v3) Denial of Service (MS06-007) (2)
Vavoom 1.19.1 - Multiple Vulnerabilities/Denial of Service Exploit
csDoom 0.7 - Multiple Vulnerabilities/Denial of Service Exploit
Vavoom 1.19.1 - Multiple Vulnerabilities/Denial of Service
csDoom 0.7 - Multiple Vulnerabilities/Denial of Service
Plogger Beta 2.1 Administrative Credentials Disclosure Exploit
Plogger Beta 2.1 - Administrative Credentials Disclosure Exploit
Linux Kernel 2.6.x - sys_timer_create() Local Denial of Service Exploit
Linux Kernel 2.6.x - sys_timer_create() Local Denial of Service
Neon Responder 5.4 - (Clock Synchronization) Denial of Service Exploit
Neon Responder 5.4 - (Clock Synchronization) Denial of Service
Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure / Denial of Service Exploit
Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure / Denial of Service
OCE 3121/3122 Printer (parser.exe) Denial of Service Exploit
OCE 3121/3122 Printer (parser.exe) Denial of Service
phpMyAgenda 3.0 Final - (rootagenda) Remote Include
phpMyAgenda 3.0 Final - (rootagenda) Remote File Inclusion
Empire 4.3.2 - (strncat) Denial of Service Exploit
Genecys 0.2 - (BoF/NULL pointer) Denial of Service Exploit
Empire 4.3.2 - (strncat) Denial of Service
Genecys 0.2 - (BoF/NULL pointer) Denial of Service
GNUnet 0.7.0d - (Empty UDP Packet) Remote Denial of Service Exploit
GNUnet 0.7.0d - (Empty UDP Packet) Remote Denial of Service
Mozilla Firefox 1.5.0.3 - (Loop) Denial of Service Exploit
phpBazar 2.1.0 - Remote File Include / Auth Bypass
Mozilla Firefox 1.5.0.3 - (Loop) Denial of Service
phpBazar 2.1.0 - Remote File Inclusion / Auth Bypass
portmap 5 beta (Set/Dump) Local Denial of Service Exploit
portmap 5 beta - (Set/Dump) Local Denial of Service
Back-End CMS 0.7.2.2 - (BE_config.php) Remote Include
Back-End CMS 0.7.2.2 - (BE_config.php) Remote File Inclusion
tinyBB 0.3 - Remote File Include / SQL Injection
tinyBB 0.3 -Remote File Inclusion / SQL Injection
F@cile Interactive Web 0.8x - Remote File Include / XSS
F@cile Interactive Web 0.8x - Remote File Inclusion / XSS
PHP-Nuke 7.9 Final (phpbb_root_path) Remote File Inclusions
PHP-Nuke 7.9 Final - (phpbb_root_path) Remote File Inclusions
LifeType 1.0.4 - Multiple Vulnerabilities
LifeType 1.0.4 - SQL Injection
Back-End CMS 0.7.2.1 - (jpcache.php) Remote Include
Back-End CMS 0.7.2.1 - (jpcache.php) Remote File Inclusion
Opera Web Browser 9.00 - (iframe) Remote Denial of Service Exploit
Opera Web Browser 9.00 - (iframe) Remote Denial of Service
ImgSvr 0.6.5 - (long http post) Denial of Service Exploit
ImgSvr 0.6.5 - (long http post) Denial of Service
SimpleBoard Mambo Component 1.1.0 - Remote Include
com_forum Mambo Component 1.2.4RC3 - Remote Include
SimpleBoard Mambo Component 1.1.0 - Remote File Inclusion
com_forum Mambo Component 1.2.4RC3 - Remote File Inclusion
com_videodb Mambo Component 0.3en Remote Include
com_videodb Mambo Component 0.3en Remote File Inclusion
HTMLArea3 Mambo Module 1.5 - Remote Include
Sitemap Mambo Component 2.0.0 - Remote Include
pollxt Mambo Component 1.22.07 - Remote Include
HTMLArea3 Mambo Module 1.5 - Remote File Inclusion
Sitemap Mambo Component 2.0.0 - Remote File Inclusion
pollxt Mambo Component 1.22.07 - Remote File Inclusion
D-Link Router UPNP Stack Overflow Denial of Service Exploit (PoC)
D-Link Router UPNP Stack Overflow Denial of Service (PoC)
MoSpray Mambo Component 18RC1 - Remote Include
ArticlesOne 07232006 - (page) Remote Include
Mam-Moodle Mambo Component alpha Remote Inclusion
MoSpray Mambo Component 18RC1 - Remote File Inclusion
ArticlesOne 07232006 - (page) Remote File Inclusion
Mam-Moodle Mambo Component alpha - Remote Inclusion
Mambo User Home Pages Component 0.5 - Remote Include
Mambo User Home Pages Component 0.5 - Remote File Inclusion
Joomla LMO Component 1.0b2 - Remote Include
Joomla LMO Component 1.0b2 - Remote File Inclusion
SQLiteWebAdmin 0.1 - (tpl.inc.php) Remote Include
XChat 2.6.7 - (Windows) Remote Denial of Service Exploit (PHP)
Joomla JD-Wiki Component 1.0.2 - Remote Include
SQLiteWebAdmin 0.1 - (tpl.inc.php) Remote File Inclusion
XChat 2.6.7 - (Windows) Remote Denial of Service (PHP)
Joomla JD-Wiki Component 1.0.2 - Remote File Inclusion
phpCC 4.2 beta (base_dir) Remote File Inclusion
phpCC 4.2 beta - (base_dir) Remote File Inclusion
Visual Events Calendar 1.1 - (cfg_dir) Remote Include
Visual Events Calendar 1.1 - (cfg_dir) Remote File Inclusion
XChat 2.6.7 - (Windows) Remote Denial of Service Exploit (Perl)
XChat 2.6.7 - (Windows) Remote Denial of Service (Perl)
See-Commerce 1.0.625 - (owimg.php3) Remote Include
PocketPC Mms Composer (WAPPush) Denial of Service Exploit
See-Commerce 1.0.625 - (owimg.php3) Remote File Inclusion
PocketPC Mms Composer (WAPPush) Denial of Service
Mambo Remository Component 3.25 - Remote Include
Mambo Remository Component 3.25 - Remote File Inclusion
Joomla Webring Component 1.0 - Remote Include
Joomla Webring Component 1.0 - Remote File Inclusion
Opera 9 - IRC Client Remote Denial of Service Exploit
Opera 9 IRC Client - Remote Denial of Service Exploit (Python)
Opera 9 - IRC Client Remote Denial of Service
Opera 9 IRC Client - Remote Denial of Service (Python)
Microsoft Windows PNG File IHDR Block Denial of Service Exploit PoC
Microsoft Windows PNG File IHDR Block Denial of Service PoC
Mambo CopperminePhotoGalery Component Remote Include
Mambo CopperminePhotoGalery Component Remote File Inclusion
WTcom 0.2.4-alpha (torrents.php) SQL Injection
WTcom 0.2.4-alpha - (torrents.php) SQL Injection
Microsoft Windows - PNG File IHDR Block Denial of Service Exploit PoC (1)
Microsoft Windows - PNG File IHDR Block Denial of Service PoC (1)
Joomla Artlinks Component 1.0b4 - Remote Include
Microsoft Windows - PNG File IHDR Block Denial of Service Exploit PoC (2)
PHlyMail Lite 3.4.4 - (mod.listmail.php) Remote Include
Joomla Artlinks Component 1.0b4 - Remote File Inclusion
Microsoft Windows - PNG File IHDR Block Denial of Service PoC (2)
PHlyMail Lite 3.4.4 - (mod.listmail.php) Remote File Inclusion
Mambo MamboWiki Component 0.9.6 - Remote Include
Joomla Link Directory Component 1.0.3 - Remote Include
Mambo MamboWiki Component 0.9.6 - Remote File Inclusion
Joomla Link Directory Component 1.0.3 - Remote File Inclusion
PHlyMail Lite 3.4.4 - (folderprops.php) Remote Include (2)
PHlyMail Lite 3.4.4 - (folderprops.php) Remote File Inclusion (2)
Mozilla Firefox 1.5.0.6 - (FTP Request) Remote Denial of Service Exploit
Mozilla Firefox 1.5.0.6 - (FTP Request) Remote Denial of Service
2Wire Modems/Routers CRLF - Denial of Service Exploit
2Wire Modems/Routers CRLF - Denial of Service
Integramod Portal 2.x - (functions_portal.php) Remote Include Exploit
VistaBB 2.x - (functions_mod_user.php) Remote Include Exploit
Integramod Portal 2.x - (functions_portal.php) Remote File Inclusion Exploit
VistaBB 2.x - (functions_mod_user.php) Remote File Inclusion Exploit
phpCOIN 1.2.3 - (session_set.php) Remote Include
phpCOIN 1.2.3 - (session_set.php) Remote File Inclusion
Web3news 0.95 - (PHPSECURITYADMIN_PATH) Remote Include
Web3news 0.95 - (PHPSECURITYADMIN_PATH) Remote File Inclusion
PortailPHP mod_phpalbum 2.1.5 - (chemin) Remote Include
PortailPHP mod_phpalbum 2.1.5 - (chemin) Remote File Inclusion
Web Server Creator 0.1 - (l) Remote Include
Web Server Creator 0.1 - (l) Remote File Inclusion
Multithreaded TFTP 1.1 - (Long Get Request) Denial of Service Exploit
Multithreaded TFTP 1.1 - (Long Get Request) Denial of Service
mcGalleryPRO 2006 - (path_to_folder) Remote Include
MiniPort@l 0.1.5 beta (skiny) Remote File Inclusion
OPENi-CMS 1.0.1beta (config) Remote File Inclusion
mcGalleryPRO 2006 - (path_to_folder) Remote File Inclusion
MiniPort@l 0.1.5 beta - (skiny) Remote File Inclusion
OPENi-CMS 1.0.1beta - (config) Remote File Inclusion
Microsoft Internet Explorer (VML) Remote Denial of Service Exploit PoC
Microsoft Internet Explorer (VML) Remote Denial of Service PoC
OpenSSH 4.3 p1 - (Duplicated Block) Remote Denial of Service Exploit
OpenSSH 4.3 p1 - (Duplicated Block) Remote Denial of Service
VAMP Webmail 2.0beta1 - (yesno.phtml) Remote Include
VAMP Webmail 2.0beta1 - (yesno.phtml) Remote File Inclusion
TribunaLibre 3.12 Beta (ftag.php) Remote File Inclusion
TribunaLibre 3.12 Beta - (ftag.php) Remote File Inclusion
FreeBSD 5.4 / 6.0 - (ptrace PT_LWPINFO) Local Denial of Service Exploit
FreeBSD 5.4 / 6.0 - (ptrace PT_LWPINFO) Local Denial of Service
FreeBSD 6.1-RELEASE-p10 - (ftruncate) Local Denial of Service Exploit
FreeBSD 6.1-RELEASE-p10 - (scheduler) Local Denial of Service Exploit
FreeBSD 6.1-RELEASE-p10 - (ftruncate) Local Denial of Service
FreeBSD 6.1-RELEASE-p10 - (scheduler) Local Denial of Service
phpBB News Defilante Horizontale 4.1.1 - Remote Include Exploit
phpBB News Defilante Horizontale 4.1.1 - Remote File Inclusion Exploit
NuralStorm Webmail 0.98b (process.php) Remote Include
NuralStorm Webmail 0.98b (process.php) Remote File Inclusion
DigitalHive 2.0 RC2 - (base_include.php) Remote Include
DigitalHive 2.0 RC2 - (base_include.php) Remote File Inclusion
Xfire 1.6.4 - Remote Denial of Service Exploit (Perl)
Osprey 1.0 GetRecord.php Remote File Inclusion
Xfire 1.6.4 - Remote Denial of Service (Perl)
Osprey 1.0 - GetRecord.php Remote File Inclusion
MambWeather Mambo Module 1.8.1 - Remote Include
MambWeather Mambo Module 1.8.1 - Remote File Inclusion
QK SMTP 3.01 - (RCPT TO) Remote Denial of Service Exploit
QK SMTP 3.01 - (RCPT TO) Remote Denial of Service
FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service Exploit
FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service
RevilloC MailServer 1.x - (RCPT TO) Remote Denial of Service Exploit
RevilloC MailServer 1.x - (RCPT TO) Remote Denial of Service
PHPMyDesk 1.0beta (viewticket.php) Local File Inclusion Exploit
PHPMyDesk 1.0 beta - (viewticket.php) Local File Inclusion Exploit
Microsoft Windows NAT Helper Components (ipnathlp.dll) Remote DoS Exploit
Microsoft Windows NAT Helper Components (ipnathlp.dll) Remote Denial of Service
Microsoft Windows NAT Helper Components Remote DoS Exploit (perl)
Microsoft Windows NAT Helper Components Remote Denial of Service (perl)
GEPI 1.4.0 gestion/savebackup.php Remote File Inclusion
GEPI 1.4.0 - gestion/savebackup.php Remote File Inclusion
Mozilla Firefox 1.5.0.7/2.0 - (createRange) Remote DoS Exploit
Mozilla Firefox 1.5.0.7/2.0 - (createRange) Remote Denial of Service
Drake CMS < 0.2.3 ALPHA rev.916Remote File Inclusion
Drake CMS < 0.2.3 ALPHA rev.916 - Remote File Inclusion
XM Easy Personal FTP Server 5.2.1 - Remote Denial of Service Exploit
Essentia Web Server 2.15 - (GET Request) Remote DoS Exploit
XM Easy Personal FTP Server 5.2.1 - Remote Denial of Service
Essentia Web Server 2.15 - (GET Request) Remote Denial of Service
OpenLDAP 2.2.29 - Remote Denial of Service Exploit (Metasploit)
OpenLDAP 2.2.29 - Remote Denial of Service (Metasploit)
WarFTPd 1.82.00-RC11 - Remote Denial of Service Exploit
WarFTPd 1.82.00-RC11 - Remote Denial of Service
WORK System E-Commerce 3.0.1 - Remote Include
WORK System E-Commerce 3.0.1 - Remote File Inclusion
CMSmelborp Beta (user_standard.php) Remote File Inclusion Exploit
CMSmelborp Beta - (user_standard.php) Remote File Inclusion Exploit
phpPeanuts 1.3 Beta (Inspect.php) Remote File Inclusion
phpPeanuts 1.3 Beta - (Inspect.php) Remote File Inclusion
UniversalFTP 1.0.50 - (MKD) Remote Denial of Service Exploit
UniversalFTP 1.0.50 - (MKD) Remote Denial of Service
Microsoft Windows spoolss GetPrinterData() Remote DoS Exploit (0Day)
Microsoft Windows spoolss GetPrinterData() Remote Denial of Service (0Day)
awrate.com Message Board 1.0 - (search.php) Remote Include
awrate.com Message Board 1.0 - (search.php) Remote File Inclusion
F-Prot Antivirus 4.6.6 - (ACE) Denial of Service Exploit
F-Prot Antivirus 4.6.6 - (ACE) Denial of Service
Filezilla FTP Server 0.9.20b/0.9.21 - (STOR) Denial of Service Exploit
Filezilla FTP Server 0.9.20b/0.9.21 - (STOR) Denial of Service
Filezilla FTP Server 0.9.21 - (LIST/NLST) Denial of Service Exploit
D-Link DWL-2000AP 2.11 - (ARP Flood) Remote Denial of Service Exploit
Filezilla FTP Server 0.9.21 - (LIST/NLST) Denial of Service
D-Link DWL-2000AP 2.11 - (ARP Flood) Remote Denial of Service
Crob FTP Server 3.6.1 build 263 - (LIST/NLST) Denial of Service Exploit
Crob FTP Server 3.6.1 build 263 - (LIST/NLST) Denial of Service
Sambar FTP Server 6.4 - (SIZE) Remote Denial of Service Exploit
Windows Media Player 9/10 - (.MID) Denial of Service Exploit
Sambar FTP Server 6.4 - (SIZE) Remote Denial of Service
Windows Media Player 9/10 - (.MID) Denial of Service
Star FTP Server 1.10 - (RETR) Remote Denial of Service Exploit
Star FTP Server 1.10 - (RETR) Remote Denial of Service
Microsoft Office Outlook Recipient Control (ole32.dll) Denial of Service Exploit
wget 1.10.2 - (Unchecked Boundary Condition) Denial of Service Exploit
Microsoft Office Outlook Recipient Control (ole32.dll) Denial of Service
wget 1.10.2 - (Unchecked Boundary Condition) Denial of Service
WinFtp Server 2.0.2 - (PASV) Remote Denial of Service Exploit
WinFtp Server 2.0.2 - (PASV) Remote Denial of Service
RealPlayer 10.5 - (ActiveX Control) Denial of Service Exploit
RealPlayer 10.5 - (ActiveX Control) Denial of Service
DREAM FTP Server 1.0.2 - (PORT) Remote Denial of Service Exploit
DREAM FTP Server 1.0.2 - (PORT) Remote Denial of Service
inertianews 0.02b (inertianews_main.php) Remote Include
inertianews 0.02b (inertianews_main.php) Remote File Inclusion
XM Easy Personal FTP Server 5.2.1 - (USER) Format String DoS Exploit
XM Easy Personal FTP Server 5.2.1 - (USER) Format String Denial of Service
acFTP FTP Server 1.5 - (REST/PBSZ) Remote Denial of Service Exploit
acFTP FTP Server 1.5 - (REST/PBSZ) Remote Denial of Service
Microsoft Windows NetrWkstaUserEnum() Remote DoS Exploit (0Day)
Microsoft Windows NetrWkstaUserEnum() Remote Denial of Service (0Day)
RealPlayer 10.5 ierpplug.dll Internet Explorer 7 - Denial of Service Exploit
RealPlayer 10.5 ierpplug.dll Internet Explorer 7 - Denial of Service
Durian Web Application Server 3.02 - Denial of Service Exploit
Durian Web Application Server 3.02 - Denial of Service
Formbankserver 1.9 - (Name) Remote Denial of Service Exploit
Formbankserver 1.9 - (Name) Remote Denial of Service
Microsoft Windows - Explorer (WMF) CreateBrushIndirect DoS Exploit
Microsoft Windows - Explorer (WMF) CreateBrushIndirect Denial of Service
VLC Media Player 0.8.6a Unspecified Denial of Service Exploit
VLC Media Player 0.8.6a Unspecified Denial of Service
WFTPD Pro Server 3.25 SITE ADMN Remote Denial of Service Exploit
WFTPD Pro Server 3.25 SITE ADMN Remote Denial of Service
Twilight Webserver 1.3.3.0 - (GET) Remote Denial of Service Exploit
Colloquy 2.1.3545 - (INVITE) Format String Denial of Service Exploit
Twilight Webserver 1.3.3.0 - (GET) Remote Denial of Service
Colloquy 2.1.3545 - (INVITE) Format String Denial of Service
CCRP Folder Treeview Control (ccrpftv6.ocx) - IE Denial of Service Exploit
CCRP Folder Treeview Control (ccrpftv6.ocx) - IE Denial of Service
Sami HTTP Server 2.0.1 - (HTTP 404 Object not found) DoS Exploit
Sami HTTP Server 2.0.1 - (HTTP 404 Object not found) Denial of Service
Microsoft Windows - Explorer (AVI) Unspecified Denial of Service Exploit
Microsoft Windows - Explorer (AVI) Unspecified Denial of Service
Apple CFNetwork - HTTP Response Denial of Service Exploit (Ruby)
Apple CFNetwork - HTTP Response Denial of Service (Ruby)
CVSTrac 2.0.0 - Post-Attack Database Resurrection DoS Exploit
CVSTrac 2.0.0 - Post-Attack Database Resurrection Denial of Service
Apple iChat Bonjour 3.1.6.441 - Multiple Denial of Service Exploit
phpBB2 MODificat 0.2.0 - (functions.php) Remote Include
Apple iChat Bonjour 3.1.6.441 - Multiple Denial of Service
phpBB2 MODificat 0.2.0 - (functions.php) Remote File Inclusion
CA BrightStor ARCserve 11.5.2.0 - (catirpc.dll) RPC Server DoS Exploit
CA BrightStor ARCserve 11.5.2.0 - (catirpc.dll) RPC Server Denial of Service
Chicken of the VNC 2.0 - (NULL-pointer) Remote Denial of Service Exploit
Chicken of the VNC 2.0 - (NULL-pointer) Remote Denial of Service
FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow DoS Exploit
SmartFTP Client 2.0.1002 - Remote Heap Overflow DoS Exploit
FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow Denial of Service
SmartFTP Client 2.0.1002 - Remote Heap Overflow Denial of Service
Axigen 2.0.0b1 - Remote Denial of Service Exploit
Axigen 2.0.0b1 - Remote Denial of Service Exploit (2)
Axigen 2.0.0b1 - Remote Denial of Service
Axigen 2.0.0b1 - Remote Denial of Service (2)
phpCC 4.2 beta (nickpage.php npid) SQL Injection Exploit
phpCC 4.2 beta - (nickpage.php npid) SQL Injection Exploit
MiniWebsvr 0.0.6 - Remote Resource Consumption DoS Exploit
MiniWebsvr 0.0.6 - Remote Resource Consumption Denial of Service
MailEnable Professional/Enterprise 2.35 Out of Bounds DoS Exploit
MailEnable Professional/Enterprise 2.35 Out of Bounds Denial of Service
MailEnable Professional/Enterprise 2.37 - Denial of Service Exploit
MailEnable Professional/Enterprise 2.37 - Denial of Service
TurboFTP 5.30 Build 572 - (newline/LIST) Multiple Remote DoS Exploit
TurboFTP 5.30 Build 572 - (newline/LIST) Multiple Remote Denial of Service
PHP-Nuke 8.0 Final (INSERT) Blind SQL Injection Exploit (mysql)
PHP-Nuke 8.0 Final (INSERT) SQL Injection Exploit
PHP-Nuke 8.0 Final (HTTP Referers) SQL Injection Exploit
FTP Explorer 1.0.1 Build 047 - (CPU consumption) Remote DoS Exploit
PHP-Nuke 8.0 Final - (INSERT) Blind SQL Injection Exploit (mysql)
PHP-Nuke 8.0 Final - (INSERT) SQL Injection Exploit
PHP-Nuke 8.0 Final - (HTTP Referers) SQL Injection Exploit
FTP Explorer 1.0.1 Build 047 - (CPU consumption) Remote Denial of Service
BrowseDialog Class - (ccrpbds6.dll) Multiple Methods DoS Exploit
BrowseDialog Class - (ccrpbds6.dll) Multiple Methods Denial of Service
Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow DoS Exploit
Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow Denial of Service
XM Easy Personal FTP Server 5.30 - (ABOR) Format String DoS Exploit
XM Easy Personal FTP Server 5.30 - (ABOR) Format String Denial of Service
DivX Web Player 1.3.0 - (npdivx32.dll) Remote Denial of Service Exploit
DivX Web Player 1.3.0 - (npdivx32.dll) Remote Denial of Service
Asterisk 1.2.15 / 1.4.0 - pre-auth Remote Denial of Service Exploit
Asterisk 1.2.15 / 1.4.0 - pre-auth Remote Denial of Service
Konqueror 3.5.5 - (JavaScript Read of FTP Iframe) DoS Exploit
Konqueror 3.5.5 - (JavaScript Read of FTP Iframe) Denial of Service
Microsoft Windows - (.doc) Malformed Pointers Denial of Service Exploit
Microsoft Windows - (.doc) Malformed Pointers Denial of Service
TFTPDWIN Server 0.4.2 - (UDP) Denial of Service Exploit
Rediff Toolbar ActiveX Control Remote Denial of Service Exploit
Snort 2.6.1.1/2.6.1.2/2.7.0 - (fragementation) Remote DoS Exploit
TFTPDWIN Server 0.4.2 - (UDP) Denial of Service
Rediff Toolbar ActiveX Control Remote Denial of Service
Snort 2.6.1.1/2.6.1.2/2.7.0 - (fragementation) Remote Denial of Service
Microsoft Internet Explorer - (FTP Server Response) DoS Exploit (MS07-016)
Microsoft Internet Explorer - (FTP Server Response) Denial of Service (MS07-016)
TFTP Server 1.3 - Remote Buffer Overflow Denial of Service Exploit
TFTP Server 1.3 - Remote Buffer Overflow Denial of Service
MetaForum 0.513 Beta Remote File Upload Exploit
MetaForum 0.513 Beta - Remote File Upload Exploit
Cisco Phone 7940/7960 - (SIP INVITE) Remote Denial of Service Exploit
Mercur IMAPD 5.00.14 - Remote Denial of Service Exploit (Win32)
Cisco Phone 7940/7960 - (SIP INVITE) Remote Denial of Service
Mercur IMAPD 5.00.14 - Remote Denial of Service (Win32)
Grandstream Budge Tone-200 IP Phone (Digest domain) DoS Exploit
Grandstream Budge Tone-200 IP Phone (Digest domain) Denial of Service
0irc-client 1345 build20060823 - Denial of Service Exploit
0irc-client 1345 build20060823 - Denial of Service
Asterisk 1.2.16 / 1.4.1 - SIP INVITE Remote Denial of Service Exploit
Asterisk 1.2.16 / 1.4.1 - SIP INVITE Remote Denial of Service
sBLOG 0.7.3 Beta (inc/lang.php) Local File Inclusion Exploit
IBM Lotus Domino Server 6.5 - (username) Remote Denial of Service Exploit
sBLOG 0.7.3 Beta - (inc/lang.php) Local File Inclusion Exploit
IBM Lotus Domino Server 6.5 - (username) Remote Denial of Service
Wserve HTTP Server 4.6 - (Long Directory Name) Denial of Service Exploit
Wserve HTTP Server 4.6 - (Long Directory Name) Denial of Service
Microsoft Windows - Explorer Unspecified .ANI File Denial of Service Exploit
Microsoft Windows - Explorer Unspecified .ANI File Denial of Service
Gran Paradiso 3.0a3 non-existent applet Denial of Service Exploit
Gran Paradiso 3.0a3 non-existent applet Denial of Service
Sami HTTP Server 2.0.1 POST Request Denial of Service Exploit
Sami HTTP Server 2.0.1 POST Request Denial of Service
Ettercap-NG 0.7.3 - Remote Denial of Service Exploit
Ettercap-NG 0.7.3 - Remote Denial of Service
Mozzers SubSystem final (subs.php) Remote Code Execution
Mozzers SubSystem final - (subs.php) Remote Code Execution
Winamp 5.3 - (.WMV) Remote Denial of Service Exploit
Winamp 5.3 - (.WMV) Remote Denial of Service
Foxit Reader 2.0 - (PDF) Remote Denial of Service Exploit
Foxit Reader 2.0 - (PDF) Remote Denial of Service
Joomla 1.5.0 Beta (pcltar.php) Remote File Inclusion
Winamp 5.33 - (.AVI) Remote Denial of Service Exploit
Joomla 1.5.0 Beta - (pcltar.php) Remote File Inclusion
Winamp 5.33 - (.AVI) Remote Denial of Service
Opera 9.2 - (.torrent) Remote Denial of Service Exploit
Opera 9.2 - (.torrent) Remote Denial of Service
Linksys SPA941 \377 character Remote Denial of Service Exploit
Linksys SPA941 - (remote reboot) Remote Denial of Service Exploit
Linksys SPA941 \377 character Remote Denial of Service
Linksys SPA941 - (remote reboot) Remote Denial of Service
RealPlayer 10 - (.ra) Remote Denial of Service Exploit
RealPlayer 10 - (.ra) Remote Denial of Service
PowerPoint Viewer OCX 3.2 - (ActiveX Control) Denial of Service Exploit
PowerPoint Viewer OCX 3.2 - (ActiveX Control) Denial of Service
Excel Viewer OCX 3.1.0.6 - Multiple Methods Denial of Service Exploit
Excel Viewer OCX 3.1.0.6 - Multiple Methods Denial of Service
Word Viewer OCX 3.2 - Remote Denial of Service Exploit
Word Viewer OCX 3.2 - Remote Denial of Service
Office Viewer OCX 3.2.0.5 - Multiple Methods Denial of Service Exploit
Office Viewer OCX 3.2.0.5 - Multiple Methods Denial of Service
Versalsoft HTTP File Upload ActiveX 6.36 - (AddFile) Remote DoS Exploit
Versalsoft HTTP File Upload ActiveX 6.36 - (AddFile) Remote Denial of Service
Opera 9.10 alert() Remote Denial of Service Exploit
Opera 9.10 alert() Remote Denial of Service
SmartCode VNC Manager 3.6 - (scvncctrl.dll) Denial of Service Exploit
SmartCode VNC Manager 3.6 - (scvncctrl.dll) Denial of Service
SimpleNews 1.0.0 FINAL (print.php news_id) SQL Injection Exploit
SimpleNews 1.0.0 FINAL - (print.php news_id) SQL Injection Exploit
Remote Display Dev kit 1.2.1.0 RControl.dll Denial of Service Exploit
Remote Display Dev kit 1.2.1.0 RControl.dll Denial of Service
PrecisionID Barcode ActiveX 1.3 - Denial of Service Exploit
PrecisionID Barcode ActiveX 1.3 - Denial of Service
ID Automation Linear Barcode ActiveX Denial of Service Exploit
ID Automation Linear Barcode ActiveX Denial of Service
Microsoft Windows Vista - Forged ARP packet Network Stack DoS Exploit
Microsoft Windows Vista - Forged ARP packet Network Stack Denial of Service
BitsCast 0.13.0 - (invalid string) Remote Denial of Service Exploit
NewzCrawler 1.8 - (invalid string) Remote Denial of Service Exploit
BitsCast 0.13.0 - (invalid string) Remote Denial of Service
NewzCrawler 1.8 - (invalid string) Remote Denial of Service
PrecisionID Barcode ActiveX 1.9 - Remote Denial of Service Exploit
PrecisionID Barcode ActiveX 1.9 - Remote Denial of Service
CA BrightStor Backup 11.5.2.0 caloggderd.exe Denial of Service Exploit
CA BrightStor Backup 11.5.2.0 Mediasvr.exe Denial of Service Exploit
CA BrightStor Backup 11.5.2.0 caloggderd.exe Denial of Service
CA BrightStor Backup 11.5.2.0 Mediasvr.exe Denial of Service
Mambo com_yanc 1.4 beta (id) SQL Injection
Mambo com_yanc 1.4 beta - (id) SQL Injection
Microsoft IIS 6.0 - (/AUX/.aspx) Remote Denial of Service Exploit
Microsoft IIS 6.0 - (/AUX/.aspx) Remote Denial of Service
LeadTools ISIS Control - (ltisi14E.ocx v.14.5.0.44) Remote DoS Exploit
LeadTools ISIS Control - (ltisi14E.ocx v.14.5.0.44) Remote Denial of Service
Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote Denial of Service
EDraw Office Viewer Component Denial of Service Exploit
EDraw Office Viewer Component Denial of Service
SNMPc 7.0.18 - Remote Denial of Service Exploit (Metasploit)
SNMPc 7.0.18 - Remote Denial of Service (Metasploit)
Microsoft Windows GDI+ - ICO File Remote Denial of Service Exploit
Microsoft Windows GDI+ - ICO File Remote Denial of Service
MiniWeb Http Server 0.8.x - Remote Denial of Service Exploit
MiniWeb Http Server 0.8.x - Remote Denial of Service
Safari 3 for Windows Beta Remote Command Execution PoC
Safari 3 for Windows Beta - Remote Command Execution PoC
BitchX 1.1-final (EXEC) Remote Command Execution Exploit
BitchX 1.1-final - (EXEC) Remote Command Execution Exploit
PHP 5.2.3 - bz2 com_print_typeinfo() Denial of Service Exploit
PHP 5.2.3 - bz2 com_print_typeinfo() Denial of Service
PHP 5.2.3 - glob() Denial of Service Exploit
PHP 5.2.3 - glob() Denial of Service
TeamSpeak 2.0 - (Windows Release) Remote Denial of Service Exploit
TeamSpeak 2.0 - (Windows Release) Remote Denial of Service
Microsoft Windows - Explorer.exe Gif Image Denial of Service Exploit
Xserver 0.1 Alpha Post Request Remote Buffer Overflow Exploit
Microsoft Windows - Explorer.exe Gif Image Denial of Service
Xserver 0.1 Alpha - Post Request Remote Buffer Overflow Exploit
Microsoft Internet Explorer 6 DirectX Media Remote Overflow DoS Exploit
Microsoft Internet Explorer 6 DirectX Media Remote Overflow Denial of Service
Cisco IOS Next Hop Resolution Protocol (NHRP) Denial of Service Exploit
Cisco IOS Next Hop Resolution Protocol (NHRP) Denial of Service
WengoPhone 2.x - SIP Phone Remote Denial of Service Exploit
WengoPhone 2.x - SIP Phone Remote Denial of Service
CounterPath X-Lite 3.x - SIP phone Remote Denial of Service Exploit
CounterPath X-Lite 3.x - SIP phone Remote Denial of Service
WireShark < 0.99.6 Mms Remote Denial of Service Exploit
Easy Chat Server 2.2 - Remote Denial of Service Exploit
WireShark < 0.99.6 Mms Remote Denial of Service
Easy Chat Server 2.2 - Remote Denial of Service
Cisco IP Phone 7940 - (3 SIP messages) Remote Denial of Service Exploit
Cisco IP Phone 7940 - (10 SIP messages) Remote Denial of Service Exploit
eCentrex VOIP Client module (uacomx.ocx 2.0.1) Remote BoF Exploit
Cisco IP Phone 7940 - (3 SIP messages) Remote Denial of Service
Cisco IP Phone 7940 - (10 SIP messages) Remote Denial of Service
eCentrex VOIP Client module - (uacomx.ocx 2.0.1) Remote BoF Exploit
Thomson SIP phone ST 2030 - Remote Denial of Service Exploit
Thomson SIP phone ST 2030 - Remote Denial of Service
Microsoft Windows - (GDI32.DLL) Denial of Service Exploit (MS07-046)
Microsoft Windows - (GDI32.DLL) Denial of Service (MS07-046)
JetCast Server 2.0.0.4308 - Remote Denial of Service Exploit
JetCast Server 2.0.0.4308 - Remote Denial of Service
actSite 1.991 Beta (base.php) Remote File Inclusion
actSite 1.991 Beta - (base.php) Remote File Inclusion
wzdftpd 0.8.0 - (USER) Remote Denial of Service Exploit
wzdftpd 0.8.0 - (USER) Remote Denial of Service
LiveAlbum 0.9.0 common.php Remote File Inclusion
LiveAlbum 0.9.0 - common.php Remote File Inclusion
eXtremail 2.1.1 memmove() Remote Denial of Service Exploit
eXtremail 2.1.1 memmove() Remote Denial of Service
GCALDaemon 1.0-beta13 - Remote Denial of Service Exploit
GCALDaemon 1.0-beta13 - Remote Denial of Service
Mozilla Firefox 2.0.0.7 - Remote Denial of Service Exploit
Mozilla Firefox 2.0.0.7 - Remote Denial of Service
Firefly Media Server 0.2.4 - Remote Denial of Service Exploit
Ubuntu 6.06 DHCPd - Remote Denial of Service Exploit
Firefly Media Server 0.2.4 - Remote Denial of Service
Ubuntu 6.06 DHCPd - Remote Denial of Service
patBBcode 1.0 bbcodeSource.php Remote File Inclusion
patBBcode 1.0 - bbcodeSource.php Remote File Inclusion
RealPlayer 11 Malformed AU File Denial of Service Exploit
RealPlayer 11 Malformed AU File Denial of Service
Cisco Phone 7940 - Remote Denial of Service Exploit
Cisco Phone 7940 - Remote Denial of Service
Simple HTTPD 1.41 - (/aux) Remote Denial of Service Exploit
Simple HTTPD 1.41 - (/aux) Remote Denial of Service
SurgeMail 38k4 - webmail Host header Denial of Service Exploit
SurgeMail 38k4 - webmail Host header Denial of Service
Blakord Portal Beta 1.3.A (all modules) SQL Injection
Blakord Portal Beta 1.3.A - (all modules) SQL Injection
WebPortal CMS 0.6-beta Remote Password Change Exploit
WebPortal CMS 0.6-beta - Remote Password Change Exploit
Half-Life CSTRIKE Server 1.6 - Denial of Service Exploit (no-steam)
Half-Life CSTRIKE Server 1.6 - Denial of Service (no-steam)
Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote DoS Exploit
Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service
PHP-Nuke 8.0 Final (sid) SQL Injection Exploit
PHP-Nuke 8.0 Final - (sid) SQL Injection Exploit
Apple iPhone 1.1.2 - Remote Denial of Service Exploit
Apple iPhone 1.1.2 - Remote Denial of Service
MicroTik RouterOS 3.2 SNMPd snmp-set Denial of Service Exploit
MicroTik RouterOS 3.2 SNMPd snmp-set Denial of Service
Joomla Component MCQuiz 0.9 Final (tid) SQL Injection
Joomla Component MCQuiz 0.9 Final - (tid) SQL Injection
Apple iPhoto 4.0.3 DPAP Server Denial of Service Exploit
Apple iPhoto 4.0.3 DPAP Server Denial of Service
MyServer 0.8.11 - (204 No Content) error Remote Denial of Service Exploit
MyServer 0.8.11 - (204 No Content) error Remote Denial of Service
Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) DoS Exploit
Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial of Service
ICQ Toolbar 2.3 - ActiveX Remote Denial of Service Exploit
ICQ Toolbar 2.3 - ActiveX Remote Denial of Service
Apple Safari (webkit) Remote Denial of Service Exploit (iphone/osx/win)
Apple Safari (webkit) Remote Denial of Service (iphone/osx/win)
Home FTP Server 1.4.5 - Remote Denial of Service Exploit
Home FTP Server 1.4.5 - Remote Denial of Service
PacketTrap Networks pt360 2.0.39 TFTPD - Remote DoS Exploit
PacketTrap Networks pt360 2.0.39 TFTPD - Remote Denial of Service
mxBB Module mx_blogs 2.0.0-beta Remote File Inclusion Exploit
mxBB Module mx_blogs 2.0.0-beta - Remote File Inclusion Exploit
Microsoft Windows - Explorer Unspecified .DOC File Denial of Service Exploit
Microsoft Windows - Explorer Unspecified .DOC File Denial of Service
Noticeware Email Server 4.6.1.0 - Denial of Service Exploit
Noticeware Email Server 4.6.1.0 - Denial of Service
Mcafee EPO 4.0 - FrameworkService.exe Remote Denial of Service Exploit
Novel eDirectory HTTP - Denial of Service Exploit
Mcafee EPO 4.0 - FrameworkService.exe Remote Denial of Service
Novel eDirectory HTTP - Denial of Service
XM Easy Personal FTP Server 5.4.0 - (XCWD) Denial of Service Exploit
XM Easy Personal FTP Server 5.4.0 - (XCWD) Denial of Service
e-107 Plugin zogo-shop 1.16 Beta 13 SQL Injection
e-107 Plugin zogo-shop 1.16 Beta 13 - SQL Injection
AlkalinePHP 0.80.00 beta (thread.php id) SQL Injection Exploit
AlkalinePHP 0.80.00 beta - (thread.php id) SQL Injection Exploit
Mambo Component mambads 1.0 RC1 Beta SQL Injection
Mambo Component mambads 1.0 RC1 Beta - SQL Injection
I-Pos Internet Pay Online Store 1.3 Beta SQL Injection
I-Pos Internet Pay Online Store 1.3 Beta - SQL Injection
P2P Foxy Out of Memory Denial of Service Exploit
P2P Foxy Out of Memory Denial of Service
uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 Range header DoS Exploit
uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 Range header Denial of Service
Simple DNS Plus 5.0/4.1 - Remote Denial of Service Exploit
Simple DNS Plus 5.0/4.1 - Remote Denial of Service
Yahoo Messenger 8.1 - ActiveX Remote Denial of Service Exploit
Yahoo Messenger 8.1 - ActiveX Remote Denial of Service
WinRemotePC Full+Lite 2008 r.2server Denial of Service Exploit
WinRemotePC Full+Lite 2008 r.2server Denial of Service
Bea Weblogic Apache Connector - Code Execution / Denial of Service Exploit
Bea Weblogic Apache Connector - Code Execution / Denial of Service
Oracle Internet Directory 10.1.4 - Remote Preauth DoS Exploit
Oracle Internet Directory 10.1.4 - Remote Preauth Denial of Service
F-PROT antivirus 6.2.1.4252 - (malformed archive) Infinite Loop DoS Exploit
F-PROT antivirus 6.2.1.4252 - (malformed archive) Infinite Loop Denial of Service
Xerox Phaser 8400 - (reboot) Remote Denial of Service Exploit
Xerox Phaser 8400 - (reboot) Remote Denial of Service
HydraIrc 0.3.164 - (last) Remote Denial of Service Exploit
HydraIrc 0.3.164 - (last) Remote Denial of Service
txtSQL 2.2 Final (startup.php) Remote File Inclusion
txtSQL 2.2 Final - (startup.php) Remote File Inclusion
Ventrilo 3.0.2 - NULL pointer Remote DoS Exploit
Ventrilo 3.0.2 - NULL pointer Remote Denial of Service
Google Chrome Browser 0.2.149.27 A HREF Denial of Service Exploit
Google Chrome Browser 0.2.149.27 A HREF Denial of Service
Google Chrome Browser 0.2.149.27 Inspect Element DoS Exploit
Google Chrome Browser 0.2.149.27 Inspect Element Denial of Service
Flock Social Web Browser 1.2.5 - (loop) Remote Denial of Service Exploit
Flock Social Web Browser 1.2.5 - (loop) Remote Denial of Service
Adobe Acrobat 9 - ActiveX Remote Denial of Service Exploit
Adobe Acrobat 9 - ActiveX Remote Denial of Service
The Personal FTP Server 6.0f RETR Denial of Service Exploit
The Personal FTP Server 6.0f RETR Denial of Service
Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - (.forward) Local DoS Exploit
Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - (.forward) Local Denial of Service
WonderWare SuiteLink 2.0 - Remote Denial of Service Exploit (Metasploit)
WonderWare SuiteLink 2.0 - Remote Denial of Service (Metasploit)
Femitter FTP Server 1.03 - (RETR) Remote Denial of Service Exploit PoC
Femitter FTP Server 1.03 - (RETR) Remote Denial of Service PoC
fhttpd 0.4.2 un64() - Remote Denial of Service Exploit
fhttpd 0.4.2 un64() - Remote Denial of Service
DESlock+ 3.2.7 - (vdlptokn.sys) Local Denial of Service Exploit
DESlock+ 3.2.7 - (vdlptokn.sys) Local Denial of Service
Vikingboard 0.2 Beta (task) Local File Inclusion
Vikingboard 0.2 Beta - (task) Local File Inclusion
Vikingboard 0.2 Beta SQL Column Truncation
Vikingboard 0.2 Beta - SQL Column Truncation
WinFTP Server 2.3.0 - (NLST) Denial of Service Exploit
WinFTP Server 2.3.0 - (NLST) Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / IE DoS Exploit
Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Google Chrome 0.2.149.30 Window Object Suppressing DoS Exploit
Google Chrome 0.2.149.30 Window Object Suppressing Denial of Service
Opera 9.52 Window Object Suppressing Remote Denial of Service Exploit
Microsoft Windows Explorer - (.zip) Denial of Service Exploit
Opera 9.52 Window Object Suppressing Remote Denial of Service
Microsoft Windows Explorer - (.zip) Denial of Service
Autodesk DWF Viewer Control / LiveUpdate Module Remote Exploit
Autodesk DWF Viewer Control / LiveUpdate Module - Remote Exploit
VBA32 Personal Antivirus 3.12.8.x - (malformed archive) DoS Exploit
VBA32 Personal Antivirus 3.12.8.x - (malformed archive) Denial of Service
Skype extension for Firefox BETA 2.2.0.95 Clipboard Writing
Skype extension for Firefox BETA 2.2.0.95 - Clipboard Writing
WinFTP 2.3.0 - (PASV mode) Remote Denial of Service Exploit
WinFTP 2.3.0 - (PASV mode) Remote Denial of Service
NoticeWare E-mail Server 5.1.2.2 - (POP3) Pre-Auth DoS Exploit
NoticeWare E-mail Server 5.1.2.2 - (POP3) Pre-Auth Denial of Service
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption PoC/DoS Exploit
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption PoC/Denial of Service
XM Easy Personal FTP Server 5.6.0 - Remote Denial of Service Exploit
RaidenFTPD 2.4 build 3620 - Remote Denial of Service Exploit
XM Easy Personal FTP Server 5.6.0 - Remote Denial of Service
RaidenFTPD 2.4 build 3620 - Remote Denial of Service
Titan FTP server 6.26 build 630 - Remote Denial of Service Exploit
Titan FTP server 6.26 build 630 - Remote Denial of Service
Solaris 9 PortBind XDR-DECODE taddr2uaddr() Remote DoS Exploit
Solaris 9 PortBind XDR-DECODE taddr2uaddr() Remote Denial of Service
Dart Communications PowerTCP FTP module Remote BoF Exploit
Dart Communications PowerTCP FTP module - Remote BoF Exploit
SilverSHielD 1.0.2.34 - (opendir) Denial of Service Exploit
SilverSHielD 1.0.2.34 - (opendir) Denial of Service
vicFTP 5.0 - (LIST) Remote Denial of Service Exploit
vicFTP 5.0 - (LIST) Remote Denial of Service
PumpKIN TFTP Server 2.7.2.0 - Denial of Service Exploit (Metasploit)
PumpKIN TFTP Server 2.7.2.0 - Denial of Service (Metasploit)
PacketTrap TFTPD 2.2.5459.0 - Remote Denial of Service Exploit
PacketTrap TFTPD 2.2.5459.0 - Remote Denial of Service
Bloggie Lite 0.0.2 Beta SQL Injection by Insecure Cookie Handling
Bloggie Lite 0.0.2 Beta - SQL Injection by Insecure Cookie Handling
ExoPHPDesk 1.2 Final (Auth Bypass) SQL Injection
ExoPHPDesk 1.2 Final - (Auth Bypass) SQL Injection
Pi3Web 2.0.3 - (ISAPI) Remote Denial of Service Exploit
Pi3Web 2.0.3 - (ISAPI) Remote Denial of Service
LoveCMS 1.6.2 Final (Simple Forum 3.1d) Change Admin Password Exploit
LoveCMS 1.6.2 Final (Simple Forum 3.1d) - Change Admin Password Exploit
Microsoft Office Communicator (SIP) Remote Denial of Service Exploit
Microsoft Office Communicator (SIP) Remote Denial of Service
OpenForum 0.66 Beta Remote Reset Admin Password Exploit
OpenForum 0.66 Beta - Remote Reset Admin Password Exploit
Linux Kernel 2.6.27.8 - ATMSVC Local Denial of Service Exploit
Linux Kernel 2.6.27.8 - ATMSVC Local Denial of Service
Linux Kernel 2.6.27.7-generic / 2.6.18 / 2.6.24-1 - Local DoS Exploit
Linux Kernel 2.6.27.7-generic / 2.6.18 / 2.6.24-1 - Local Denial of Service
Avahi < 0.6.24 - (mDNS Daemon) Remote Denial of Service Exploit
Avahi < 0.6.24 - (mDNS Daemon) Remote Denial of Service
Linksys Wireless ADSL Router (WAG54G v2) - httpd DoS Exploit
Linksys Wireless ADSL Router (WAG54G v2) - httpd Denial of Service
Psi Jabber Client (8010/tcp) Remote Denial of Service Exploit (win/lin)
PGP Desktop 9.0.6 - (PGPwded.sys) Local Denial of Service Exploit
Psi Jabber Client (8010/tcp) Remote Denial of Service (win/lin)
PGP Desktop 9.0.6 - (PGPwded.sys) Local Denial of Service
VMware 2.5.1 - (Vmware-authd) Remote Denial of Service Exploit
VMware 2.5.1 - (Vmware-authd) Remote Denial of Service
SeaMonkey 1.1.14 - (marquee) Denial of Service Exploit
SeaMonkey 1.1.14 - (marquee) Denial of Service
Microsoft Internet Explorer - JavaScript screen[ ] Denial of Service Exploit
Microsoft Internet Explorer - JavaScript screen[ ] Denial of Service
Winamp 5.541 - (mp3/aiff) Multiple Denial of Service Exploits
Winamp 5.541 - (mp3/aiff) Multiple Denial of Services
Cisco VLAN Trunking Protocol Denial of Service Exploit
Cisco VLAN Trunking Protocol Denial of Service
Novell Netware 6.5 - (ICEbrowser) Remote System DoS Exploit
Novell Netware 6.5 - (ICEbrowser) Remote System Denial of Service
D-Bus Daemon < 1.2.4 - (libdbus) Denial of Service Exploit
D-Bus Daemon < 1.2.4 - (libdbus) Denial of Service
TxtBlog 1.0 Alpha Remote Command Execution Exploit
TxtBlog 1.0 Alpha - Remote Command Execution Exploit
GR Note 0.94 beta (Auth Bypass) Remote Database Backup
GR Note 0.94 beta - (Auth Bypass) Remote Database Backup
Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service Exploit
Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
BlueBird Pre-Release (Auth Bypass) SQL Injection
BlueBird Pre-Release - (Auth Bypass) SQL Injection
Got All Media 7.0.0.3 - (t00t) Remote Denial of Service Exploit
Got All Media 7.0.0.3 - (t00t) Remote Denial of Service
HTC Touch vCard over IP Denial of Service Exploit
HTC Touch vCard over IP Denial of Service
Yaws < 1.80 - (multiple headers) Remote Denial of Service Exploit
Yaws < 1.80 - (multiple headers) Remote Denial of Service
Multiple Vendors libc:fts_*() - Local Denial of Service Exploit
Multiple Vendors libc:fts_*() - Local Denial of Service
Addonics NAS Adapter Post-Auth Denial of Service Exploit
Addonics NAS Adapter Post-Auth Denial of Service
Serv-U 7.4.0.1 - (SMNT) Denial of Service Exploit (post auth)
VLC 0.9.8a Web UI (input) Remote Denial of Service Exploit
Serv-U 7.4.0.1 - (SMNT) Denial of Service (post auth)
VLC 0.9.8a Web UI (input) Remote Denial of Service
SW-HTTPD Server 0.x - Remote Denial of Service Exploit
SW-HTTPD Server 0.x - Remote Denial of Service
XM Easy Personal FTP Server 5.7.0 - (NLST) DoS Exploit
XM Easy Personal FTP Server 5.7.0 - (NLST) Denial of Service
Sami HTTP Server 2.x - (HEAD) Remote Denial of Service Exploit
Sami HTTP Server 2.x - (HEAD) Remote Denial of Service
IBM DB2 < 9.5 pack 3a - Connect Denial of Service Exploit
IBM DB2 < 9.5 pack 3a - Data Stream Denial of Service Exploit
IBM DB2 < 9.5 pack 3a - Connect Denial of Service
IBM DB2 < 9.5 pack 3a - Data Stream Denial of Service
Steamcast 0.9.75b Remote Denial of Service Exploit
OpenBSD 4.5 IP datagram Null Pointer Deref DoS Exploit
Steamcast 0.9.75b Remote Denial of Service
OpenBSD 4.5 IP datagram Null Pointer Deref Denial of Service
Microsoft Media Player - (quartz.dll .mid) Denial of Service Exploit
Microsoft Media Player - (quartz.dll .mid) Denial of Service
Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth)
Addonics NAS Adapter (bts.cgi) Remote Denial of Service (post-auth)
Zervit Web Server 0.3 - Remote Denial of Service Exploit
Zervit Web Server 0.3 - Remote Denial of Service
Xitami Web Server 5.0 - Remote Denial of Service Exploit
Xitami Web Server 5.0 - Remote Denial of Service
iodined 0.4.2-2 - (forged DNS packet) Denial of Service Exploit
iodined 0.4.2-2 - (forged DNS packet) Denial of Service
Addonics NAS Adapter FTP Remote Denial of Service Exploit
Addonics NAS Adapter FTP Remote Denial of Service
Mortbay Jetty 7.0.0-pre5 Dispatcher Servlet Denial of Service Exploit
Mortbay Jetty 7.0.0-pre5 Dispatcher Servlet Denial of Service
TYPSoft FTP Server 1.11 - (ABORT) Remote DoS Exploit
TYPSoft FTP Server 1.11 - (ABORT) Remote Denial of Service
Mereo 1.8.0 - (Get Request) Remote Denial of Service Exploit
Mereo 1.8.0 - (Get Request) Remote Denial of Service
DGNews 3.0 Beta (id) SQL Injection
DGNews 3.0 Beta - (id) SQL Injection
Mozilla Firefox (unclamped loop) Denial of Service Exploit
Mozilla Firefox (unclamped loop) Denial of Service
Mozilla Firefox 3.0.10 - (KEYGEN) Remote Denial of Service Exploit
Mozilla Firefox 3.0.10 - (KEYGEN) Remote Denial of Service
Apache mod_dav / svn Remote Denial of Service Exploit
Apache mod_dav / svn Remote Denial of Service
OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit
OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote Denial of Service
LinkLogger 2.4.10.15 - (syslog) Denial of Service Exploit
LinkLogger 2.4.10.15 - (syslog) Denial of Service
ARD-9808 DVR Card Security Camera (GET Request) Remote DoS Exploit
ARD-9808 DVR Card Security Camera (GET Request) Remote Denial of Service
FreeBSD 6/8 - (ata device) Local Denial of Service Exploit
FreeBSD 6/8 - (ata device) Local Denial of Service
Multiple Web Browsers Denial of Service Exploit (1 bug to rule them all)
Multiple Web Browsers Denial of Service (1 bug to rule them all)
FreeBSD 7.2 - (pecoff executable) Local Denial of Service Exploit
FreeBSD 7.2 - (pecoff executable) Local Denial of Service
E-Xoopport 3.1 Module MyAnnonces (lid) SQL Injection
E-Xoopport 3.1 Module MyAnnonces - (lid) SQL Injection
OpenH323 Opal SIP Protocol Remote Denial of Service Exploit
Ekiga 2.0.5 - (GetHostAddress) Remote Denial of Service Exploit
WzdFTPD 8.0 - Remote Denial of Service Exploit
OpenH323 Opal SIP Protocol Remote Denial of Service
Ekiga 2.0.5 - (GetHostAddress) Remote Denial of Service
WzdFTPD 8.0 - Remote Denial of Service
FreeBSD 7.2-RELEASE - SCTP Local Kernel Denial of Service Exploit
FreeBSD 7.2-RELEASE - SCTP Local Kernel Denial of Service
Linux Kernel < 2.6.30.5 cfg80211 - Remote Denial of Service Exploit
Linux Kernel < 2.6.30.5 cfg80211 - Remote Denial of Service
TheGreenBow VPN Client tgbvpn.sys Local DoS Exploit
TheGreenBow VPN Client tgbvpn.sys Local Denial of Service
HTTP SERVER (httpsv) 1.6.2 - (GET 404) Remote Denial of Service Exploit
HTTP SERVER (httpsv) 1.6.2 - (GET 404) Remote Denial of Service
KSP 2006 FINAL (.M3U) Universal Local Buffer Exploit (SEH)
KSP 2006 FINAL - (.M3U) Universal Local Buffer Exploit (SEH)
Xerox WorkCentre Multiple Models Denial of Service Exploit
Cerberus FTP 3.0.1 - (ALLO) Remote Overflow DoS Exploit (Metasploit)
Xerox WorkCentre Multiple Models Denial of Service
Cerberus FTP 3.0.1 - (ALLO) Remote Overflow Denial of Service (Metasploit)
TFTPUtil GUI 1.3.0 - Remote Denial of Service Exploit
TFTPUtil GUI 1.3.0 - Remote Denial of Service
SolarWinds TFTP Server 9.2.0.111 - Remote DoS Exploit
SolarWinds TFTP Server 9.2.0.111 - Remote Denial of Service
Re-Script 0.99 Beta (listings.php op) SQL Injection
Re-Script 0.99 Beta - (listings.php op) SQL Injection
Novell eDirectory 8.8 SP5 - Remote Denial of Service Exploit
Novell eDirectory 8.8 SP5 - Remote Denial of Service
Safari 3.2.3 - (Win32) JavaScript (eval) Remote DoS Exploit
Safari 3.2.3 - (Win32) JavaScript (eval) Remote Denial of Service
WarFTPd 1.82.00-RC12 - (LIST command) Format String DoS Exploit
WarFTPd 1.82.00-RC12 - (LIST command) Format String Denial of Service
FreeRadius < 1.1.8 - Zero-length Tunnel-Password DoS Exploit
FreeRadius < 1.1.8 - Zero-length Tunnel-Password Denial of Service
httpdx Web Server 1.4 - (Host Header) Remote Format String DoS Exploit
httpdx Web Server 1.4 - (Host Header) Remote Format String Denial of Service
FtpXQ FTP Server 3.0 - Remote Denial of Service Exploit (Auth)
FtpXQ FTP Server 3.0 - Remote Denial of Service (Auth)
Cerberus FTP Server 3.0.3 - Remote Denial of Service Exploit
Cerberus FTP Server 3.0.3 - Remote Denial of Service
FTPDMIN 0.96 - (LIST) Remote Denial of Service Exploit
FTPDMIN 0.96 - (LIST) Remote Denial of Service
Safari 4.0.3 - (Win32) CSS Remote Denial of Service Exploit
Safari 4.0.3 - (Win32) CSS Remote Denial of Service
PHP < 5.3.1 - 'multipart/form-data' Denial of Service Exploit (Python)
PHP < 5.3.1 - 'multipart/form-data' Denial of Service (Python)
Drupal Sections Module XSS
Drupal Sections Module - XSS
3Com OfficeConnect Routers - Remote DoS Exploit
3Com OfficeConnect Routers - Remote Denial of Service
TFTP Daemon 1.9 - Denial of Service Exploit
TFTP Daemon 1.9 - Denial of Service
SimplePlayer 0.2 - (.wav) Overflow DoS Exploit (0Day)
SimplePlayer 0.2 - (.wav) Overflow Denial of Service (0Day)
Joomla Component com_abbrev Local File Inclusion
Joomla Component com_abbrev - Local File Inclusion
iOS Udisk FTP Basic Edition - Remote DoS Exploit (0Day)
iOS Udisk FTP Basic Edition - Remote Denial of Service (0Day)
P2GChinchilla HTTP Server 1.1.1 - Denial of Service Exploit
P2GChinchilla HTTP Server 1.1.1 - Denial of Service
iOS Serversman 3.1.5 - HTTP Remote DoS Exploit
iOS Serversman 3.1.5 - HTTP Remote Denial of Service
Opera 10.10 - Remote Code Execution DoS Exploit
Opera 10.10 - Remote Code Execution Denial of Service
Mozilla Firefox 3.6 - (Multitudinous looping) Denial of Service Exploit
Mozilla Firefox 3.6 - (Multitudinous looping) Denial of Service
Microsoft Internet Explorer 8 - (Multitudinous looping) Denial of Service Exploit
Microsoft Internet Explorer 8 - (Multitudinous looping) Denial of Service
iOS My DBLite Edition - Remote DoS Exploit (0Day)
iOS My DBLite Edition - Remote Denial of Service (0Day)
iOS FileApp 1.7 - Remote DoS Exploit
iOS FileApp 1.7 - Remote Denial of Service
iOS iFTPStorage 1.2 - Remote DoS Exploit
iOS iFTPStorage 1.2 - Remote Denial of Service
Winamp 5.57 - (Browser) IE Denial of Service Exploit
Winamp 5.57 - (Browser) IE Denial of Service
VKPlayer 1.0 - (.mid) Denial of Service Exploit
VKPlayer 1.0 - (.mid) Denial of Service
iPhone FTP Server By Zhang Boyang Remote DoS Exploit
iPhone FTP Server By Zhang Boyang Remote Denial of Service
Mozilla Firefox 3.6 - Denial of Service Exploit
Mozilla Firefox 3.6 - Denial of Service
Fw-BofF (oolime-resurrection) 1.5.3beta - Multiple Remote Include
Fw-BofF (oolime-resurrection) 1.5.3beta - Multiple Remote File Inclusion
PowieSys 0.7.7 alpha index.php (shownews) SQL Injection
PowieSys 0.7.7 alpha - index.php (shownews) SQL Injection
BitComet 1.19 - Remote DoS Exploit
BitComet 1.19 - Remote Denial of Service
ALPHA CMS Local File Inclusion
ALPHA CMS - Local File Inclusion
uTorrent WebUI 0.370 - Authorization header DoS Exploit
uTorrent WebUI 0.370 - Authorization header Denial of Service
Microsoft Office (2010 beta) Communicator SIP Denial of Service Exploit
Foxit Reader 3.2.1.0401 - Denial of Service Exploit
Microsoft Office (2010 beta) Communicator SIP Denial of Service
Foxit Reader 3.2.1.0401 - Denial of Service
Joomla Component JTM Reseller 1.9 Beta SQL Injection
Joomla Component JTM Reseller 1.9 Beta - SQL Injection
EDraw Flowchart ActiveX Control 2.3 - (EDImage.ocx) Remote DoS Exploit (IE)
EDraw Flowchart ActiveX Control 2.3 - (EDImage.ocx) Remote Denial of Service (IE)
Webmoney Advisor ActiveX Remote DoS Exploit
Webmoney Advisor ActiveX Remote Denial of Service
Apple Safari 4.0.3 - (Win32) CSS Remote Denial of Service Exploit
Apple Safari 4.0.3 - (Win32) CSS Remote Denial of Service
Press Release Script (page.php id) SQL Injection
Press Release Script - (page.php id) SQL Injection
dotWidget for articles 2.0 admin/editconfig.php Multiple Parameter Remote File Inclusion
dotWidget for articles 2.0 - admin/editconfig.php Multiple Parameter Remote File Inclusion
HomeFTP Server r1.10.3 - (build 144) Denial of Service Exploit
HomeFTP Server r1.10.3 - (build 144) Denial of Service
Solarwinds 10.4.0.13 - Denial of Service Exploit
Solarwinds 10.4.0.13 - Denial of Service
EZPX Photoblog 1.2 beta Remote File Inclusion Exploit
EZPX Photoblog 1.2 beta - Remote File Inclusion Exploit
Drupal Sections 5.x-1.2/6.x-1.2 Module HTML Injection
Drupal Sections 5.x-1.2/6.x-1.2 Module - HTML Injection
MP3 Cutter 1.5 - DoS Exploit
MP3 Cutter 1.5 - Denial of Service
Really Simple IM 1.3beta DoS Proof of Concept
Really Simple IM 1.3beta - DoS Proof of Concept
QQ Computer Manager TSKsp.sys Local Denial of Service Exploit
QQ Computer Manager TSKsp.sys Local Denial of Service
SmartCode ServerX VNC Server ActiveX 1.1.5.0 - (scvncsrvx.dll) DoS Exploit
SmartCode ServerX VNC Server ActiveX 1.1.5.0 - (scvncsrvx.dll) Denial of Service
VMware Workstation 7.1.1 - VMkbd.sys Denial of Service Exploit
VMware Workstation 7.1.1 - VMkbd.sys Denial of Service
iOS FileApp < 2.0 - FTP Remote Denial of Service Exploit
iOS FileApp < 2.0 - FTP Remote Denial of Service
AVG Internet Security 9.0.851 - Local Denial of Service Exploit
AVG Internet Security 9.0.851 - Local Denial of Service
GSPlayer 1.83a Win32 Release Buffer Overflow
GSPlayer 1.83a Win32 Release - Buffer Overflow
Sami HTTP Server 2.0.1 - GET Request Denial of Service Exploit
Sami HTTP Server 2.0.1 - GET Request Denial of Service
PCSX2 0.9.7 beta Binary Denial of Service
PCSX2 0.9.7 beta - Binary Denial of Service
HttpBlitz Web Server Denial of Service Exploit
HttpBlitz Web Server Denial of Service
Xynph 1.0 USER Denial of Service Exploit
Xynph 1.0 USER Denial of Service
Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys 2011.1.13.89 - Local Kernel Mode DoS Exploit
Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys 2011.1.13.89 - Local Kernel Mode Denial of Service
Solar FTP 2.1 - Denial of Service Exploit
Solar FTP 2.1 - Denial of Service
Victory FTP Server 5.0 - Denial of Service Exploit
Victory FTP Server 5.0 - Denial of Service
TWiki History TWikiUsers rev Parameter Command Execution
TWiki History TWikiUsers - rev Parameter Command Execution
AVIPreview 0.26 Alpha Denial of Service
AVIPreview 0.26 Alpha - Denial of Service
Microsoft Windows XP - afd.sys Local Kernel DoS Exploit
Microsoft Windows XP - afd.sys Local Kernel Denial of Service
Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel DoS Exploit
Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel Denial of Service
Adobe Reader/Acrobat 10.0.1 DoS Exploit
Adobe Reader/Acrobat 10.0.1 Denial of Service
Omnicom Alpha 4.0e LPD Server DoS
Omnicom Alpha 4.0e LPD Server - DoS
OpenSLP 1.2.1 / < 1647 trunk - Denial of Service Exploit
OpenSLP 1.2.1 / < 1647 trunk - Denial of Service
World Of Warcraft Local Stack Overflow DoS Exploit (chat-cache.txt)
World Of Warcraft Local Stack Overflow Denial of Service (chat-cache.txt)
TOWeb 3.0 - Local Format String DoS Exploit (TOWeb.MO file corruption)
TOWeb 3.0 - Local Format String Denial of Service (TOWeb.MO file corruption)
1024 CMS 1.1.0 Beta force_download.php Local File Inclusion
1024 CMS 1.1.0 Beta - force_download.php Local File Inclusion
FleaHttpd Remote Denial of Service Exploit
FleaHttpd Remote Denial of Service
ComSndFTP Server 1.3.7 Beta Remote Format String Overflow
ComSndFTP Server 1.3.7 Beta - Remote Format String Overflow
Play [EX] 2.1 - Playlist File (M3U/PLS/LST) DoS Exploit
Play [EX] 2.1 - Playlist File (M3U/PLS/LST) Denial of Service
Windows OpenType Font - File Format DoS Exploit
Windows OpenType Font - File Format Denial of Service
HP JetAdmin 1.0.9 Rev. D symlink
HP JetAdmin 1.0.9 Rev. D - symlink
Microsoft Site Server Commerce Edition 3.0 alpha AdSamples
Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information
Daniel Beckham The Finger Server 0.82 BETA Pipe
Daniel Beckham The Finger Server 0.82 BETA - Pipe
Sambar Server 4.2 beta 7 Batch CGI
Sambar Server 4.2 beta 7 - Batch CGI
DomsHttpd 1.0 - Remote Denial of Service Exploit
DomsHttpd 1.0 - Remote Denial of Service
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta Mail Logging Buffer Overflow (1)
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta Mail Logging Buffer Overflow (2)
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta Mail Logging Buffer Overflow (3)
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta - Mail Logging Buffer Overflow (1)
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta - Mail Logging Buffer Overflow (2)
Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta - Mail Logging Buffer Overflow (3)
Ethereal 0.8.4/0.8.5/0.8.6_tcpdump 3.4/3.5 alpha DNS Decode (1)
Ethereal 0.8.4/0.8.5/0.8.6_tcpdump 3.4/3.5 alpha DNS Decode (2)
Ethereal 0.8.4/0.8.5/0.8.6_tcpdump 3.4/3.5 alpha - DNS Decode (1)
Ethereal 0.8.4/0.8.5/0.8.6_tcpdump 3.4/3.5 alpha - DNS Decode (2)
Real Networks Real Server 7.0/7.0.1/8.0 Beta View-Source DoS
Real Networks Real Server 7.0/7.0.1/8.0 Beta - View-Source DoS
Omnicron OmniHTTPD 1.1/2.0 Alpha 1 visiadmin.exe Denial of Service
Omnicron OmniHTTPD 1.1/2.0 Alpha 1 - visiadmin.exe Denial of Service
Sun Java Web Server 1.1 Beta Viewable .jhtml Source
Sun Java Web Server 1.1 Beta - Viewable .jhtml Source
HP JetDirect rev. G.08.x/rev. H.08.x/x.08.x/J3111A LCD Display Modification
HP JetDirect rev. G.08.x/rev. H.08.x/x.08.x/J3111A - LCD Display Modification
Sambar Server 4.1 beta Admin Access
Sambar Server 4.1 beta - Admin Access
Alpha Networks ADSL2/2+ Wireless Router ASL-26555 Password Disclosure
Alpha Networks ADSL2/2+ Wireless Router ASL-26555 - Password Disclosure
Cisco IOS 12 UDP Denial of Service
Cisco IOS 12 - UDP Denial of Service
XMB Forum 1.6 pre-beta Image Tag Script Injection
XMB Forum 1.6 pre-beta - Image Tag Script Injection
DCShop Beta 1.0 Form Manipulation
DCShop Beta 1.0 - Form Manipulation
Cisco IOS 11.x/12.0 ICMP Redirect Denial of Service
Cisco IOS 11.x/12.0 - ICMP Redirect Denial of Service
SmartMail Server 1.0 BETA 10 Oversized Request Denial of Service
SmartMail Server 1.0 BETA 10 - Oversized Request Denial of Service
Ultimate PHP Board 1.0 final beta ViewTopic.php Directory Contents Browsing
Ultimate PHP Board Board 1.0 final beta ViewTopic.php Cross-Site Scripting
Ultimate PHP Board 1.0 final beta - ViewTopic.php Directory Contents Browsing
Ultimate PHP Board Board 1.0 final beta - ViewTopic.php Cross-Site Scripting
N/X Web Content Management System 2002 Prerelease 1 datasets.php c_path Parameter LFI
N/X Web Content Management System 2002 Prerelease 1 - datasets.php c_path Parameter LFI
PHPOutsourcing Zorum 3.x - Remote Include Command Execution
PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution
Sage 1.0 beta 3 Content Management System Path Disclosure
Sage 1.0 beta 3 Content Management System Cross-Site Scripting
Sage 1.0 beta 3 - Content Management System Path Disclosure
Sage 1.0 beta 3 - Content Management System Cross-Site Scripting
E-theni Remote Include Command Execution
E-theni Remote File Inclusion Command Execution
BZFlag 1.7 g0 Reconnect Denial of Service
BZFlag 1.7 g0 - Reconnect Denial of Service
Apple QuickTime/Darwin Streaming Server 4.1.3 QTSSReflector Module Integer Overflow
Apple QuickTime/Darwin Streaming Server 4.1.3 QTSSReflector Module - Integer Overflow
PMachine 2.2.1 Lib.Inc.php Remote Include Command Execution
PMachine 2.2.1 Lib.Inc.php Remote File Inclusion Command Execution
PHPForum 2.0 RC1 Mainfile.php Remote File Inclusion
PHPForum 2.0 RC1 - Mainfile.php Remote File Inclusion
IdealBB 1.4.9 Beta HTML Injection
IdealBB 1.4.9 Beta - HTML Injection
Escapade 0.2.1 Beta Scripting Engine PAGE Parameter Cross-Site Scripting
Escapade 0.2.1 Beta Scripting Engine PAGE Parameter Path Disclosure
Escapade 0.2.1 Beta Scripting Engine - PAGE Parameter Cross-Site Scripting
Escapade 0.2.1 Beta Scripting Engine - PAGE Parameter Path Disclosure
Koch Roland Rolis Guestbook 1.0 $path Remote File Inclusion
Koch Roland Rolis Guestbook 1.0 - $path Remote File Inclusion
My_EGallery Module 3.1.1 - Remote Include Command Injection
My_EGallery Module 3.1.1 - Remote File Inclusion Command Injection
Apache 2.0.4x mod_php Module File Descriptor Leakage (1)
Apache 2.0.4x mod_php Module File Descriptor Leakage (2)
Apache 2.0.4x mod_php Module - File Descriptor Leakage (1)
Apache 2.0.4x mod_php Module - File Descriptor Leakage (2)
Apache 2.0.4x mod_perl Module File Descriptor Leakage
Apache 2.0.4x mod_perl Module - File Descriptor Leakage
Laurent Adda Les Commentaires 2.0 PHP Script fonctions.lib.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 PHP Script derniers_commentaires.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 PHP Script admin.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script fonctions.lib.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script derniers_commentaires.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion
NewsTraXor Website Management Script 2.9 beta Database Disclosure
NewsTraXor Website Management Script 2.9 beta - Database Disclosure
Adam Webb NukeJokes 1.7/2.0 Module modules.php jokeid Parameter SQL Injection
Adam Webb NukeJokes 1.7/2.0 Module - modules.php jokeid Parameter SQL Injection
PHP 4/5 Input/Output Wrapper Remote Include Function Command Execution Weakness
PHP 4/5 Input/Output Wrapper Remote File Inclusion Function Command Execution Weakness
Sambar Server 6.1 beta 2 show.asp show Parameter XSS
Sambar Server 6.1 beta 2 showperf.asp title Parameter XSS
Sambar Server 6.1 beta 2 showini.asp Arbitrary File Access
Sambar Server 6.1 beta 2 - show.asp show Parameter XSS
Sambar Server 6.1 beta 2 - showperf.asp title Parameter XSS
Sambar Server 6.1 beta 2 - showini.asp Arbitrary File Access
EasyWeb 1.0 FileManager Module Directory Traversal
EasyWeb 1.0 FileManager Module - Directory Traversal
EasyIns Stadtportal 4.0 Site Parameter Remote File Inclusion
EasyIns Stadtportal 4.0 - Site Parameter Remote File Inclusion
Free Web Chat Initial Release UserManager.java Null Pointer DoS
Free Web Chat Initial Release Connection Saturation DoS
Free Web Chat Initial Release - UserManager.java Null Pointer DoS
Free Web Chat Initial Release - Connection Saturation DoS
Cerulean Studios Trillian Client 0.74 MSN Module Remote Buffer Overflow
Cerulean Studios Trillian Client 0.74 MSN Module - Remote Buffer Overflow
TP-Link TL-WR740N Wireless Router - Denial of Service Exploit
TP-Link TL-WR740N Wireless Router - Denial of Service
Singapore 0.9.11 beta Image Gallery Index.php Cross-Site Scripting
Singapore 0.9.11 beta Image Gallery - Index.php Cross-Site Scripting
Datenbank Module For PHPBB Remote Mod.php Cross-Site Scripting
Datenbank Module For PHPBB - Remote Mod.php Cross-Site Scripting
Convert-UUlib 1.04/1.05 Perl Module Buffer Overflow
Convert-UUlib 1.04/1.05 Perl Module - Buffer Overflow
Atomic Photo Album 0.x/1.0 Apa_PHPInclude.INC.php Remote File Inclusion
Atomic Photo Album 0.x/1.0 - Apa_PHPInclude.INC.php Remote File Inclusion
Comdev ECommerce 3.0 Config.php Remote File Inclusion
Comdev ECommerce 3.0 - Config.php Remote File Inclusion
PHPTB Topic Board 2.0 admin_o.php absolutepath Parameter Remote File Inclusion
PHPTB Topic Board 2.0 board_o.php absolutepath Parameter Remote File Inclusion
PHPTB Topic Board 2.0 dev_o.php absolutepath Parameter Remote File Inclusion
PHPTB Topic Board 2.0 file_o.php absolutepath Parameter Remote File Inclusion
PHPTB Topic Board 2.0 tech_o.php absolutepath Parameter Remote File Inclusion
PHPTB Topic Board 2.0 - admin_o.php absolutepath Parameter Remote File Inclusion
PHPTB Topic Board 2.0 - board_o.php absolutepath Parameter Remote File Inclusion
PHPTB Topic Board 2.0 - dev_o.php absolutepath Parameter Remote File Inclusion
PHPTB Topic Board 2.0 - file_o.php absolutepath Parameter Remote File Inclusion
PHPTB Topic Board 2.0 - tech_o.php absolutepath Parameter Remote File Inclusion
PHPWebNotes 2.0 Api.php Remote File Inclusion
PHPWebNotes 2.0 - Api.php Remote File Inclusion
CMS Made Simple 0.10 Lang.php Remote File Inclusion
CMS Made Simple 0.10 - Lang.php Remote File Inclusion
MusicBee 2.0.4663 - (.m3u) Denial of Service Exploit
MusicBee 2.0.4663 - (.m3u) Denial of Service
Help Center Live 1.0/1.2/2.0 Module.php Local File Inclusion
Help Center Live 1.0/1.2/2.0 - Module.php Local File Inclusion
Edgewall Software Trac 0.9 Ticket Query Module SQL Injection
Edgewall Software Trac 0.9 Ticket Query Module - SQL Injection
Thwboard Beta 2.8 calendar.php year Parameter SQL Injection
Thwboard Beta 2.8 v_profile.php user Parameter SQL Injection
Thwboard Beta 2.8 misc.php userid Parameter SQL Injection
Thwboard Beta 2.8 - calendar.php year Parameter SQL Injection
Thwboard Beta 2.8 - v_profile.php user Parameter SQL Injection
Thwboard Beta 2.8 - misc.php userid Parameter SQL Injection
Bitweaver 1.1.1 beta list_galleries.php sort_mode Parameter XSS
Bitweaver 1.1.1 beta - list_galleries.php sort_mode Parameter XSS
OABoard 1.0 Forum Script Remote File Inclusion
OABoard 1.0 Forum - Script Remote File Inclusion
InTouch 0.5.1 Alpha User Variable SQL Injection
InTouch 0.5.1 Alpha - User Variable SQL Injection
LinPHA 0.9.x/1.0 install.php language Parameter Local File Inclusion
LinPHA 0.9.x/1.0 sec_stage_install.php language Parameter Local File Inclusion
LinPHA 0.9.x/1.0 forth_stage_install.php language Variable POST Method Local File Inclusion
LinPHA 0.9.x/1.0 - install.php language Parameter Local File Inclusion
LinPHA 0.9.x/1.0 - sec_stage_install.php language Parameter Local File Inclusion
LinPHA 0.9.x/1.0 - forth_stage_install.php language Variable POST Method Local File Inclusion
Dotproject 2.0 /includes/db_connect.php baseDir Remote File Inclusion
Dotproject 2.0 /includes/session.php baseDir Parameter Remote File Inclusion
Dotproject 2.0 - /includes/db_connect.php baseDir Remote File Inclusion
Dotproject 2.0 - /includes/session.php baseDir Parameter Remote File Inclusion
Dotproject 2.0 /modules/admin/vw_usr_roles.php baseDir Parameter Remote File Inclusion
Dotproject 2.0 /modules/public/calendar.php baseDir Parameter Remote File Inclusion
Dotproject 2.0 /modules/public/date_format.php baseDir Parameter Remote File Inclusion
Dotproject 2.0 /modules/tasks/gantt.php baseDir Parameter Remote File Inclusion
Dotproject 2.0 - /modules/admin/vw_usr_roles.php baseDir Parameter Remote File Inclusion
Dotproject 2.0 - /modules/public/calendar.php baseDir Parameter Remote File Inclusion
Dotproject 2.0 - /modules/public/date_format.php baseDir Parameter Remote File Inclusion
Dotproject 2.0 - /modules/tasks/gantt.php baseDir Parameter Remote File Inclusion
Web Host Automation Ltd. Helm 3.2.10 beta domains.asp txtDomainName Parameter XSS
Web Host Automation Ltd. Helm 3.2.10 beta default.asp Multiple Parameter XSS
Web Host Automation Ltd. Helm 3.2.10 beta - domains.asp txtDomainName Parameter XSS
Web Host Automation Ltd. Helm 3.2.10 beta - default.asp Multiple Parameter XSS
CutePHP CuteNews 1.4.1 Editnews Module Cross-Site Scripting
CutePHP CuteNews 1.4.1 Editnews Module - Cross-Site Scripting
RadScripts RadLance 7.0 Popup.php Local File Inclusion
RadScripts RadLance 7.0 - Popup.php Local File Inclusion
dotWidget for articles 2.0 showcatpicks.php file_path Parameter Remote File Inclusion
dotWidget for articles 2.0 showarticle.php file_path Parameter Remote File Inclusion
dotWidget for articles 2.0 admin/authors.php Multiple Parameter Remote File Inclusion
dotWidget for articles 2.0 admin/articles.php Multiple Parameter Remote File Inclusion
dotWidget for articles 2.0 admin/index.php Multiple Parameter Remote File Inclusion
dotWidget for articles 2.0 admin/categories.php Multiple Parameter Remote File Inclusion
dotWidget for articles 2.0 - showcatpicks.php file_path Parameter Remote File Inclusion
dotWidget for articles 2.0 - showarticle.php file_path Parameter Remote File Inclusion
dotWidget for articles 2.0 - admin/authors.php Multiple Parameter Remote File Inclusion
dotWidget for articles 2.0 - admin/articles.php Multiple Parameter Remote File Inclusion
dotWidget for articles 2.0 - admin/index.php Multiple Parameter Remote File Inclusion
dotWidget for articles 2.0 - admin/categories.php Multiple Parameter Remote File Inclusion
CrisoftRicette 1.0 Cookbook.php Remote File Inclusion
CrisoftRicette 1.0 - Cookbook.php Remote File Inclusion
MF Piadas 1.0 Admin.php Remote File Inclusion
MF Piadas 1.0 - Admin.php Remote File Inclusion
ExtCalendar 2.0 ExtCalendar.php Remote File Inclusion
ExtCalendar 2.0 - ExtCalendar.php Remote File Inclusion
Calendar Module 1.5.7 For Mambo Com_Calendar.php Remote File Inclusion
Calendar Module 1.5.7 For Mambo - Com_Calendar.php Remote File Inclusion
Lussumo Vanilla 1.0 RootDirectory Remote File Inclusion
Lussumo Vanilla 1.0 - RootDirectory Remote File Inclusion
Bosdates 3.x/4.0 Payment.php Remote File Inclusion
Bosdates 3.x/4.0 - Payment.php Remote File Inclusion
Liga Manager Online 2.0 Joomla! Component Remote File Inclusion
Liga Manager Online 2.0 Joomla! Component - Remote File Inclusion
Knusperleicht FAQ 1.0 Script Index.php Remote File Inclusion
Knusperleicht FAQ 1.0 Script - Index.php Remote File Inclusion
MyWebland miniBloggie 1.0 Fname Remote File Inclusion
MyWebland miniBloggie 1.0 - Fname Remote File Inclusion
PHP-Nuke 2.0 AutoHTML Module Local File Inclusion
PHP-Nuke 2.0 AutoHTML Module - Local File Inclusion
Reporter 1.0 Mambo Component Reporter.sql.php Remote File Inclusion
Reporter 1.0 Mambo Component - Reporter.sql.php Remote File Inclusion
Mambo Rssxt Component 1.0 MosConfig_absolute_path Multiple Remote File Inclusion
Mambo Rssxt Component 1.0 - MosConfig_absolute_path Multiple Remote File Inclusion
Headline Portal Engine 0.x/1.0 HPEInc Parameter Multiple Remote File Inclusion
Headline Portal Engine 0.x/1.0 - HPEInc Parameter Multiple Remote File Inclusion
Mambo/Joomla Com_comprofiler 1.0 Plugin.class.php Remote File Inclusion
Mambo/Joomla Com_comprofiler 1.0 Plugin.- class.php Remote File Inclusion
PHP-Proxima 6.0 BB_Smilies.php Local File Inclusion
PHP-Proxima 6.0 - BB_Smilies.php Local File Inclusion
Hitweb 3.0 REP_CLASS Multiple Remote File Inclusion
Hitweb 3.0 - REP_CLASS Multiple Remote File Inclusion
php_news 2.0 user_user.php language Parameter Remote File Inclusion
php_news 2.0 admin/news.php language Parameter Remote File Inclusion
php_news 2.0 admin/catagory.php language Parameter Remote File Inclusion
php_news 2.0 creat_news_all.php language Parameter Remote File Inclusion
php_news 2.0 - user_user.php language Parameter Remote File Inclusion
php_news 2.0 - admin/news.php language Parameter Remote File Inclusion
php_news 2.0 - admin/catagory.php language Parameter Remote File Inclusion
php_news 2.0 - creat_news_all.php language Parameter Remote File Inclusion
CommunityPortals 1.0 Bug.php Remote File Inclusion
CommunityPortals 1.0 - Bug.php Remote File Inclusion
PHPTreeView 1.0 TreeViewClass.php Remote File Inclusion
PHPTreeView 1.0 - TreeViewClass.php Remote File Inclusion
NewP News Publishing System 1.0 Class.Database.php Remote File Inclusion
NewP News Publishing System 1.0 - Class.Database.php Remote File Inclusion
Boonex 2.0 Dolphin Index.php Remote File Inclusion
Boonex 2.0 Dolphin - Index.php Remote File Inclusion
Apple Mac OS X 10.4.8 UDIF Disk Image Remote Denial of Service
Apple Mac OS X 10.4.8 -UDIF Disk Image Remote Denial of Service
Apple Mac OS X 10.4.8 UDTO Disk Image Remote Denial of Service
Apple Mac OS X 10.4.8 - UDTO Disk Image Remote Denial of Service
eCardMAX HotEditor 4.0 Keyboard.php Local File Inclusion
eCardMAX HotEditor 4.0 - Keyboard.php Local File Inclusion
Comus 2.0 Accept.php Remote File Inclusion
Comus 2.0 - Accept.php Remote File Inclusion
Active PHP Bookmarks 1.0 APB.php Remote File Inclusion
Active PHP Bookmarks 1.0 - APB.php Remote File Inclusion
ABC Excel Parser Pro 4.0 Parser_Path Remote File Inclusion
ABC Excel Parser Pro 4.0 - Parser_Path Remote File Inclusion
PHP-Nuke 8.0 autohtml.php Local File Inclusion
PHP-Nuke 8.0 - autohtml.php Local File Inclusion
Drupal Ajax Checklist 5.x-1.0 Module Multiple SQL Injection
Drupal Ajax Checklist 5.x-1.0 Module - Multiple SQL Injection
EagleGet 1.1.8.1 - Denial of Service Exploit
EagleGet 1.1.8.1 - Denial of Service
Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module SQL Injection
Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module - SQL Injection
Jeebles Technology Jeebles Directory 2.9.60 Download.php Local File Inclusion
Jeebles Technology Jeebles Directory 2.9.60 - Download.php Local File Inclusion
CodeWidgets Web Based Alpha Tabbed Address Book Index.ASP SQL Injection
Phpbasic basicFramework 1.0 Includes.php Remote File Inclusion
CodeWidgets Web Based Alpha Tabbed Address Book - Index.ASP SQL Injection
Phpbasic basicFramework 1.0 - Includes.php Remote File Inclusion
Download Management 1.00 for PHP-Fusion Multiple Local File Inclusion
Download Management 1.00 for PHP-Fusion - Multiple Local File Inclusion
PlutoStatus Locator 1.0pre alpha 'index.php' Local File Inclusion
PlutoStatus Locator 1.0pre alpha - 'index.php' Local File Inclusion
Microsoft Internet Explorer 7/8 Beta 1 Frame Location Cross Domain Security Bypass
Microsoft Internet Explorer 7/8 Beta 1 - Frame Location Cross Domain Security Bypass
miniBB RSS 2.0 Plugin Multiple Remote File Inclusion
miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion
phpKF-Portal 1.10 baslik.php tema_dizin Parameter Traversal Local File Inclusion
phpKF-Portal 1.10 anket_yonetim.php portal_ayarlarportal_dili Parameter Traversal Local File Inclusion
phpKF-Portal 1.10 - baslik.php tema_dizin Parameter Traversal Local File Inclusion
phpKF-Portal 1.10 - anket_yonetim.php portal_ayarlarportal_dili Parameter Traversal Local File Inclusion
Couchdb 1.5.0 - uuids DoS Exploit
Couchdb 1.5.0 - uuids Denial of Service
CuteNews 1.4.6 editnews Module doeditnews Action Admin Moderation Bypass
CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass
ZTE and TP-Link RomPager - DoS Exploit
ZTE and TP-Link RomPager - Denial of Service
C99Shell 1.0 pre-release buil 'Ch99.php' Cross-Site Scripting
C99Shell 1.0 pre-release build 16 - 'Ch99.php' Cross-Site Scripting
Percha Gallery Component 1.6 Beta for Joomla! index.php controller Parameter Traversal Arbitrary File Access
Percha Gallery Component 1.6 Beta for Joomla! - index.php controller Parameter Traversal Arbitrary File Access
log1 CMS 2.0 Session Handling Remote Security Bypass and Remote File Inclusion
log1 CMS 2.0 - Session Handling Remote Security Bypass / Remote File Inclusion
Miniwork Studio Canteen 1.0 Component for Joomla! SQL Injection and Local File Inclusion
Miniwork Studio Canteen 1.0 Component for Joomla! - SQL Injection / Local File Inclusion
CMS Made Simple Download Manager 1.4.1 Module Arbitrary File Upload
CMS Made Simple Download Manager 1.4.1 Module - Arbitrary File Upload
CMS Made Simple Antz Toolkit 1.02 Module Arbitrary File Upload
CMS Made Simple Antz Toolkit 1.02 Module - Arbitrary File Upload
TWiki 5.0 bin/view rev Parameter XSS
TWiki 5.0 - bin/view rev Parameter XSS
slickMsg 0.7-alpha 'top.php' Cross-Site Scripting
slickMsg 0.7-alpha - 'top.php' Cross-Site Scripting
Drupal CAPTCHA Module Security Bypass
Drupal CAPTCHA Module - Security Bypass
WordPress 4.0 - Denial of Service Exploit
WordPress 4.0 - Denial of Service
Cradlepoint MBR1400 and MBR1200 Local File Inclusion
Cradlepoint MBR1400 and MBR1200 - Local File Inclusion
mIRC 'projects.php' Cross-Site Scripting
mIRC - 'projects.php' Cross-Site Scripting
Apache 'mod_wsgi' Module Information Disclosure
Apache 'mod_wsgi' Module - Information Disclosure
Microsoft Windows 7 x64 - afd.sys Privilege Escalation (MS14-040)
Microsoft Windows 7 (x64) - afd.sys Privilege Escalation (MS14-040)
SIEMENS IP-Camera CVMS2025-IR_ CCMS2025 - Credentials Disclosure
Microsoft GDI+ - DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)
Microsoft GDI+ - ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap-Based Buffer Overflow (MS16-097)
2016-08-18 05:02:07 +00:00
Offensive Security
29076928d8
DB: 2016-08-17
...
10 new exploits
Mozilla Firefox 1.5.0.4 - (marquee) Denial of Service Exploit
Mozilla Firefox 1.5.0.4 - (marquee) Denial of Service
LifeType 1.0.4 - SQL Injection / Admin Credentials Disclosure Exploit
LifeType 1.0.4 - Multiple Vulnerabilities
Linux Kernel < 2.6.16.18 - (Netfilter NAT SNMP Module) Remote DoS Exploit
Linux Kernel < 2.6.16.18 - (Netfilter NAT SNMP Module) Remote Denial of Service
cms-bandits 2.5 - (spaw_root) Remote File Inclusion
Enterprise Payroll Systems 1.1 - (footer) Remote Include
CMS-Bandits 2.5 - (spaw_root) Remote File Inclusion
Enterprise Payroll Systems 1.1 - (footer) Remote File Inclusion
0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash Exploit
empris r20020923 - (phormationdir) Remote Include
aePartner 0.8.3 - (dir[data]) Remote Include
0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash PoC
empris r20020923 - (phormationdir) Remote File Inclusion
aePartner 0.8.3 - (dir[data]) Remote File Inclusion
SmartSiteCMS 1.0 - (root) Remote File Inclusion
Opera 9 - (long href) Remote Denial of Service Exploit
SmartSite CMS 1.0 - (root) Remote File Inclusion
Opera 9 - (long href) Remote Denial of Service
w-Agora 4.2.0 - (inc_dir) Remote File Inclusion Exploit
w-Agora 4.2.0 - (inc_dir) Remote File Inclusion
BitchX 1.1-final do_hook() Remote Denial of Service Exploit
BitchX 1.1-final - do_hook() Remote Denial of Service
BLOG:CMS 4.0.0k SQL Injection Exploit
BLOG:CMS 4.0.0k - SQL Injection
Sun Board 1.00.00 alpha Remote File Inclusion
Sun Board 1.00.00 alpha - Remote File Inclusion
Mailist 3.0 Insecure Backup/Local File Inclusion
Mailist 3.0 - Insecure Backup/Local File Inclusion
AdaptCMS 2.0.0 Beta (init.php) Remote File Inclusion
AdaptCMS 2.0.0 Beta - (init.php) Remote File Inclusion
VisualShapers ezContents 1.x/2.0 db.php Arbitrary File Inclusion
VisualShapers ezContents 1.x/2.0 archivednews.php Arbitrary File Inclusion
VisualShapers ezContents 1.x/2.0 - db.php Arbitrary File Inclusion
VisualShapers ezContents 1.x/2.0 - archivednews.php Arbitrary File Inclusion
VoteBox 2.0 Votebox.php Remote File Inclusion
VoteBox 2.0 - Votebox.php Remote File Inclusion
TRG News 3.0 Script Remote File Inclusion
TRG News 3.0 Script - Remote File Inclusion
Vortex Portal 2.0 content.php act Parameter Remote File Inclusion
Vortex Portal 2.0 - content.php act Parameter Remote File Inclusion
Shoutbox 1.0 Shoutbox.php Remote File Inclusion
Shoutbox 1.0 - Shoutbox.php Remote File Inclusion
Ajaxmint Gallery 1.0 Local File Inclusion
Ajaxmint Gallery 1.0 - Local File Inclusion
Zabbix 2.2.x_ 3.0.x - SQL Injection
Microsoft Office Word 2013_2016 - sprmSdyaTop Denial of Service (MS16-099)
Zabbix 2.2.x / 3.0.x - SQL Injection
Microsoft Office Word 2013/2016 - sprmSdyaTop Denial of Service (MS16-099)
Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use After Free PoC
Windows x86 - MessageBoxA Shellcode (242 bytes)
Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal
Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection
Pi-Hole Web Interface 2.8.1 - Stored XSS in Whitelist/Blacklist
Nagios Log Server 1.4.1 - Multiple Vulnerabilities
Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities
Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities
Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV
2016-08-17 05:02:47 +00:00
Offensive Security
24a0e1921a
DB: 2016-08-16
2016-08-16 20:39:41 +00:00
Offensive Security
8c28728c9f
DB: 2016-08-15
...
2 new exploits
Cacti 0.8.6d Remote Command Execution Exploit
Cacti 0.8.6d - Remote Command Execution Exploit
Cacti 0.8.6i (copy_cacti_user.php) SQL Injection Create Admin Exploit
Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin Exploit
PHP < 4.4.5 - / 5.2.1 - php_binary Session Deserialization Information Leak
PHP < 4.4.5 - / 5.2.1 - WDDX Session Deserialization Information Leak
PHP < 4.4.5 / 5.2.1 - php_binary Session Deserialization Information Leak
PHP < 4.4.5 / 5.2.1 - WDDX Session Deserialization Information Leak
PHP < 4.4.5 - / 5.2.1 - _SESSION unset() Local Exploit
PHP < 4.4.5 - / 5.2.1 - _SESSION Deserialization Overwrite Exploit
PHP < 4.4.5 / 5.2.1 - _SESSION unset() Local Exploit
PHP < 4.4.5 / 5.2.1 - _SESSION Deserialization Overwrite Exploit
Cacti 0.8.6-d graph_view.php Command Injection (Metasploit)
Cacti 0.8.6-d - graph_view.php Command Injection (Metasploit)
Samba 3.0.10 - 3.3.5 - Format String And Security Bypass
Samba 3.0.10 < 3.3.5 - Format String And Security Bypass
Allomani - E-Store 1.0 - CSRF Add Admin Account
Allomani - Super Multimedia 2.5 - CSRF Add Admin Account
Allomani - E-Store 1.0 - CSRF (Add Admin Account)
Allomani - Super Multimedia 2.5 - CSRF (Add Admin Account)
HP Data Protector Media Operations 6.11 HTTP Server Remote Integer Overflow DoS
HP Data Protector Media Operations 6.11 - HTTP Server Remote Integer Overflow DoS
HP Data Protector Media Operations NULL Pointer Dereference Remote DoS
HP Data Protector Media Operations - NULL Pointer Dereference Remote DoS
JBoss Application Server Remote Exploit
JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Exploit
EasyFTP Server 1.7.0.11 MKD Command Stack Buffer Overflow
EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow
EasyFTP Server 1.7.0.11 LIST Command Stack Buffer Overflow
EasyFTP Server 1.7.0.11 - LIST Command Stack Buffer Overflow
EasyFTP Server 1.7.0.11 CWD Command Stack Buffer Overflow
EasyFTP Server 1.7.0.11 - CWD Command Stack Buffer Overflow
EasyFTP Server 1.7.0.11 list.html path Stack Buffer Overflow
EasyFTP Server 1.7.0.11 - list.html path Stack Buffer Overflow
Cacti graph_view.php Remote Command Execution
Cacti - graph_view.php Remote Command Execution
Linux/SuperH (sh4) - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) shellcode (43 bytes)
Linux/SuperH (sh4) - setuid(0) / chmod(_/etc/shadow__ 0666) / exit(0) Shellcode (43 bytes)
HP Data Protector 6.20 EXEC_CMD Buffer Overflow
HP Data Protector 6.20 - EXEC_CMD Buffer Overflow
HP Data Protector Remote Shell for HP-UX
HP Data Protector - Remote Shell for HP-UX
WHMCompleteSolution (cart.php) 3.x.x < 4.0.x - Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - (cart.php) Local File Disclosure
hp data protector media operations 6.20 - Directory Traversal
HP Data Protector Media Operations 6.20 - Directory Traversal
HP Data Protector 6.1 EXEC_CMD Remote Code Execution
HP Data Protector 6.1 - EXEC_CMD Remote Code Execution
HP Data Protector Client EXEC_CMD Remote Code Execution
HP Data Protector Client - EXEC_CMD Remote Code Execution
HP Data Protector Create New Folder Buffer Overflow
HP Data Protector - Create New Folder Buffer Overflow
Irfanview JPEG2000 <= 4.3.2.0 - jp2 - Stack Buffer Overflow
Irfanview JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow
HP Data Protector DtbClsLogin Buffer Overflow
HP Data Protector - DtbClsLogin Buffer Overflow
RaXnet Cacti 0.5/0.6/0.8 Config_Settings.php Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 - Config_Settings.php Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 Top_Graph_Header.php Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 - Top_Graph_Header.php Remote File Inclusion
RaXnet Cacti 0.5/0.6.x/0.8.x Graph_Image.php Remote Command Execution Variant
RaXnet Cacti 0.5/0.6.x/0.8.x - Graph_Image.php Remote Command Execution Variant
TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) - Crash PoC
TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) Crash PoC
HP Data Protector Arbitrary Remote Command Execution
HP Data Protector - Arbitrary Remote Command Execution
Indusoft Thin Client 7.1 - ActiveX - Buffer Overflow
Indusoft Thin Client 7.1 - ActiveX Buffer Overflow
BlooMooWeb 1.0.9 - ActiveX Control - Multiple Vulnerabilities
BlooMooWeb 1.0.9 - ActiveX Control Multiple Vulnerabilities
HP Data Protector Cell Request Service Buffer Overflow
HP Data Protector - Cell Request Service Buffer Overflow
Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution
Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution
Cacti 0.8.7 graph_view.php graph_list Parameter SQL Injection
Cacti 0.8.7 graph.php view_type Parameter XSS
Cacti 0.8.7 graph_view.php filter Parameter XSS
Cacti 0.8.7 tree.php Multiple Parameter SQL Injection
Cacti 0.8.7 graph_xport.php local_graph_id Parameter SQL Injection
Cacti 0.8.7 index.php/sql.php Login Action login_username Parameter SQL Injection
Cacti 0.8.7 - graph_view.php graph_list Parameter SQL Injection
Cacti 0.8.7 - graph.php view_type Parameter XSS
Cacti 0.8.7 - graph_view.php filter Parameter XSS
Cacti 0.8.7 - tree.php Multiple Parameter SQL Injection
Cacti 0.8.7 - graph_xport.php local_graph_id Parameter SQL Injection
Cacti 0.8.7 - index.php/sql.php Login Action login_username Parameter SQL Injection
MG2 - 'list' Parameter - Cross-Site Scripting
MG2 - 'list' Parameter Cross-Site Scripting
HP Data Protector Backup Client Service - Directory Traversal
HP Data Protector - Backup Client Service Directory Traversal
HP Data Protector EXEC_BAR Remote Command Execution
HP Data Protector - EXEC_BAR Remote Command Execution
HP Data Protector Backup Client Service Remote Code Execution
HP Data Protector - Backup Client Service Remote Code Execution
Cacti 0.8.x graph.php Multiple Parameter XSS
Cacti 0.8.x - graph.php Multiple Parameter XSS
Jetty 6.1.x JSP Snoop Page Multiple Cross-Site Scripting Vulnerabilities
Jetty 6.1.x - JSP Snoop Page Multiple Cross-Site Scripting Vulnerabilities
Cacti 0.8.7 on Red Hat High Performance Computing (HPC) utilities.php filter Parameter XSS
Cacti 0.8.7 (Red Hat High Performance Computing - HPC) - utilities.php filter Parameter XSS
HP Data Protector EXEC_INTEGUTIL Remote Code Execution
HP Data Protector - EXEC_INTEGUTIL Remote Code Execution
HP Data Protector 8.10 Remote Command Execution
HP Data Protector 8.10 - Remote Command Execution
Blat.exe 2.7.6 SMTP / NNTP Mailer - Buffer Overflow
Blat 2.7.6 SMTP / NNTP Mailer - Buffer Overflow
Exim 4 (Debian / Ubuntu) - Spool Local Privilege Escalation
Exim 4 (Debian 8 / Ubuntu 16.04) - Spool Local Privilege Escalation
Wireshark 2.0.0 - 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service
Wireshark 2.0.0 - 2.0.4 - CORBA IDL Dissectors Denial of Service
Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - PacketBB Dissector Denial of Service
Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - WSP Dissector Denial of Service
Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - RLC Dissector Denial of Service
Wireshark 2.0.0 < 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service
Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service
Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - PacketBB Dissector Denial of Service
Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - WSP Dissector Denial of Service
Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - RLC Dissector Denial of Service
FreePBX 13 / 14 - Remote Code Execution
FreePBX 13 / 14 - Remote Command Execution With Privilege Escalation
Easy FTP Server - _APPE_ Command Buffer Overflow Remote Exploit
Easy FTP Server 1.7.0.11 - 'APPE' Command Buffer Overflow Remote Exploit
Samsung Smart Home Camera SNH-P-6410 - Command Injection
2016-08-15 05:09:55 +00:00
Offensive Security
52c4bb1e58
DB: 2016-08-14
...
5 new exploits
AWStats (5.0-6.3) Input Validation Hole in 'logfile'
AWStats 5.0-6.3 - Input Validation Hole in 'logfile'
Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross-Site Scripting
Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-Site Scripting
Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow
WorldMail imapd 3.0 SEH Overflow (egg hunter)
WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter)
e107 website system 0.7.5 contact.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 download.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 admin.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 fpw.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 news.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 - contact.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 - download.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 - admin.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 - fpw.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 - news.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 signup.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 submitnews.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 - signup.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 - submitnews.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 user.php Query String (PATH_INFO) Parameter XSS
e107 website system 0.7.5 - user.php Query String (PATH_INFO) Parameter XSS
Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner)
Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (1)
PHP-Nuke Sarkilar Module 'id' Parameter SQL Injection
PHP-Nuke Sarkilar Module - 'id' Parameter SQL Injection
PHP-Nuke Nuke League Module 'tid' Parameter Cross-Site Scripting
PHP-Nuke Nuke League Module - 'tid' Parameter Cross-Site Scripting
Kimson CMS 'id' Parameter Cross-Site Scripting
Kimson CMS - 'id' Parameter Cross-Site Scripting
Ocean12 FAQ Manager Pro 'Keyword' Parameter Cross-Site Scripting
Multiple Ocean12 Products 'Admin_ID' Parameter SQL Injection
Ocean12 FAQ Manager Pro - 'Keyword' Parameter Cross-Site Scripting
Multiple Ocean12 Products - 'Admin_ID' Parameter SQL Injection
LinksPro 'OrderDirection' Parameter SQL Injection
LinksPro - 'OrderDirection' Parameter SQL Injection
PHP-Nuke Downloads Module 'url' Parameter SQL Injection
PHP-Nuke Downloads Module - 'url' Parameter SQL Injection
PHP 5.2.9 cURL 'safe_mode' and 'open_basedir' Restriction-Bypass
PHP 5.2.9 cURL - 'safe_mode' and 'open_basedir' Restriction-Bypass
PuterJam\'s Blog PJBlog3 3.0.6 \'action.asp\' SQL Injection
PuterJam's Blog PJBlog3 3.0.6 - 'action.asp' SQL Injection
PHP-Nuke 8.0 Downloads Module 'query' Parameter Cross-Site Scripting
PHP-Nuke 8.0 Downloads Module - 'query' Parameter Cross-Site Scripting
Oracle 10g Secure Enterprise Search 'search_p_groups' Parameter Cross-Site Scripting
Oracle 10g Secure Enterprise Search - 'search_p_groups' Parameter Cross-Site Scripting
Scriptsez Easy Image Downloader 'id' Parameter Cross-Site Scripting
Scriptsez Easy Image Downloader - 'id' Parameter Cross-Site Scripting
XOOPS 2.3.3 \\\'op\\\' Parameter Multiple Cross-Site Scripting Vulnerabilities
XOOPS 2.3.3 - 'op' Parameter Multiple Cross-Site Scripting Vulnerabilities
Joomla! CB Resume Builder 'group_id' Parameter SQL Injection
X-Cart Email Subscription 'email' Parameter Cross-Site Scripting
Joomla! CB Resume Builder - 'group_id' Parameter SQL Injection
X-Cart Email Subscription - 'email' Parameter Cross-Site Scripting
RunCMS 'forum' Parameter SQL Injection
RunCMS - 'forum' Parameter SQL Injection
Multiple JiRo's Products 'files/login.asp' Multiple SQL Injection
Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injection
Elxis 'filename' Parameter Directory Traversal
Elxis - 'filename' Parameter Directory Traversal
Ez Cart 'sid' Parameter Cross-Site Scripting
Ez Cart - 'sid' Parameter Cross-Site Scripting
Joomla! iF Portfolio Nexus 'controller' Parameter Remote File Inclusion
Joomla! iF Portfolio Nexus - 'controller' Parameter Remote File Inclusion
Joomla! Jobads 'type' Parameter SQL Injection
Joomla! Jobads - 'type' Parameter SQL Injection
Jamit Job Board 'post_id' Parameter Cross-Site Scripting
Jamit Job Board - 'post_id' Parameter Cross-Site Scripting
Tribisur 'cat' Parameter Cross-Site Scripting
Tribisur - 'cat' Parameter Cross-Site Scripting
Extreme Mobster 'login' Parameter Cross-Site Scripting
Extreme Mobster - 'login' Parameter Cross-Site Scripting
Subex Nikira Fraud Management System GUI 'message' Parameter Cross-Site Scripting
Subex Nikira Fraud Management System GUI - 'message' Parameter Cross-Site Scripting
Softbiz Jobs 'sbad_type' Parameter Cross-Site Scripting
Softbiz Jobs - 'sbad_type' Parameter Cross-Site Scripting
HD FLV Player Component for Joomla! 'id' Parameter SQL Injection
HD FLV Player Component for Joomla! - 'id' Parameter SQL Injection
Spectrum Software WebManager CMS 'pojam' Parameter Cross-Site Scripting
Saskia's Shopsystem 'id' Parameter Local File Inclusion
Spectrum Software WebManager CMS - 'pojam' Parameter Cross-Site Scripting
Saskia's Shopsystem - 'id' Parameter Local File Inclusion
Pars CMS 'RP' Parameter Multiple SQL Injection
Pars CMS - 'RP' Parameter Multiple SQL Injection
Kasseler CMS News Module 'id' Parameter SQL Injection
Kasseler CMS News Module - 'id' Parameter SQL Injection
Ziggurat Farsi CMS 'id' Parameter Unspecified Cross-Site Scripting
Ziggurat Farsi CMS - 'id' Parameter Unspecified Cross-Site Scripting
Vana CMS 'filename' Parameter Remote File Download
Vana CMS - 'filename' Parameter Remote File Download
Ziggurrat Farsi CMS 'bck' Parameter Directory Traversal
Ziggurrat Farsi CMS - 'bck' Parameter Directory Traversal
Viennabux Beta! 'cat' Parameter SQL Injection
Viennabux Beta! - 'cat' Parameter SQL Injection
HP System Management Homepage 'RedirectUrl' Parameter URI Redirection
HP System Management Homepage - 'RedirectUrl' Parameter URI Redirection
Sterlite SAM300 AX Router 'Stat_Radio' Parameter Cross-Site Scripting
Sterlite SAM300 AX Router - 'Stat_Radio' Parameter Cross-Site Scripting
Last Wizardz 'id' Parameter SQL Injection
Last Wizardz - 'id' Parameter SQL Injection
Plesk Server Administrator (PSA) 'locale' Parameter Local File Inclusion
Plesk Server Administrator (PSA) - 'locale' Parameter Local File Inclusion
VideoWhisper PHP 2 Way Video Chat 'r' Parameter Cross-Site Scripting
VideoWhisper PHP 2 Way Video Chat - 'r' Parameter Cross-Site Scripting
KubeSupport 'lang' Parameter SQL Injection
KubeSupport - 'lang' Parameter SQL Injection
ReCMS 'users_lang' Parameter Directory Traversal
ReCMS - 'users_lang' Parameter Directory Traversal
jCore 'search' Parameter Cross-Site Scripting
jCore - 'search' Parameter Cross-Site Scripting
PHP168 Template Editor 'filename' Parameter Directory Traversal
PHP168 Template Editor - 'filename' Parameter Directory Traversal
uzbl \'uzbl-core\' \'@SELECTED_URI\' Mouse Button Bindings Command Injection
uzbl 'uzbl-core' - '@SELECTED_URI' Mouse Button Bindings Command Injection
SyntaxCMS 'rows_per_page' Parameter SQL Injection
Edit-X PHP CMS 'search_text' Parameter Cross-Site Scripting
SyntaxCMS - 'rows_per_page' Parameter SQL Injection
Edit-X PHP CMS - 'search_text' Parameter Cross-Site Scripting
Nasim Guest Book 'page' Parameter Cross-Site Scripting
Nasim Guest Book - 'page' Parameter Cross-Site Scripting
FreeSchool 'key_words' Parameter Cross-Site Scripting
FreeSchool - 'key_words' Parameter Cross-Site Scripting
tourismscripts HotelBook 'hotel_id' Parameter Multiple SQL Injection
tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injection
Spiceworks 'query' Parameter Cross-Site Scripting
Spiceworks - 'query' Parameter Cross-Site Scripting
NWS-Classifieds 'cmd' Parameter Local File Inclusion
NWS-Classifieds - 'cmd' Parameter Local File Inclusion
WebAsyst Shop-Script PREMIUM 'searchstring' Parameter Cross-Site Scripting
WebAsyst Shop-Script PREMIUM - 'searchstring' Parameter Cross-Site Scripting
Web TV 'chn' Parameter Cross-Site Scripting
Web TV - 'chn' Parameter Cross-Site Scripting
Honest Traffic 'msg' Parameter Cross-Site Scripting
Honest Traffic - 'msg' Parameter Cross-Site Scripting
PHP Photo Vote 1.3F 'page' Parameter Cross-Site Scripting
PHP Photo Vote 1.3F - 'page' Parameter Cross-Site Scripting
Wap-motor 'image' Parameter Directory Traversal
Wap-motor - 'image' Parameter Directory Traversal
QuarkMail 'tf' Parameter Directory Traversal
QuarkMail - 'tf' Parameter Directory Traversal
Microsoft Windows VISTA 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution
Microsoft Windows VISTA - 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution
LES PACKS 'ID' Parameter SQL Injection
LES PACKS - 'ID' Parameter SQL Injection
PHPShop 2.1 EE 'name_new' Parameter Cross-Site Scripting
PHPShop 2.1 EE - 'name_new' Parameter Cross-Site Scripting
IBM OmniFind 'command' Parameter Cross-Site Scripting
IBM OmniFind - 'command' Parameter Cross-Site Scripting
Joomla Store Directory 'id' Parameter SQL Injection
Joomla Store Directory - 'id' Parameter SQL Injection
PHP State 'id' Parameter SQL Injection
Joomla Jeformcr 'id' Parameter SQL Injection
JExtensions Property Finder Component for Joomla! 'sf_id' Parameter SQL Injection
PHP State - 'id' Parameter SQL Injection
Joomla Jeformcr - 'id' Parameter SQL Injection
JExtensions Property Finder Component for Joomla! - 'sf_id' Parameter SQL Injection
Social Share 'postid' Parameter SQL Injection
Social Share - 'postid' Parameter SQL Injection
Openfiler 'device' Parameter Cross-Site Scripting
Openfiler - 'device' Parameter Cross-Site Scripting
Social Share 'username' Parameter SQL Injection
Social Share - 'username' Parameter SQL Injection
Social Share 'search' Parameter Cross-Site Scripting
HotWeb Scripts HotWeb Rentals 'PageId' Parameter SQL Injection
Social Share - 'search' Parameter Cross-Site Scripting
HotWeb Scripts HotWeb Rentals - 'PageId' Parameter SQL Injection
SnapProof 'retPageID' Parameter Cross-Site Scripting
SnapProof - 'retPageID' Parameter Cross-Site Scripting
VidiScript 'vp' Parameter Cross-Site Scripting
VidiScript - 'vp' Parameter Cross-Site Scripting
PHP-Fusion 'article_id' Parameter SQL Injection
PHP-Fusion - 'article_id' Parameter SQL Injection
Qianbo Enterprise Web Site Management System 'Keyword' Parameter Cross-Site Scripting
RunCMS 'partners' Module 'id' Parameter SQL Injection
Qianbo Enterprise Web Site Management System - 'Keyword' Parameter Cross-Site Scripting
RunCMS 'partners' Module - 'id' Parameter SQL Injection
Technicolor THOMSON TG585v7 Wireless Router 'url' Parameter Cross-Site Scripting
Technicolor THOMSON TG585v7 Wireless Router - 'url' Parameter Cross-Site Scripting
SyCtel Design 'menu' Parameter Multiple Local File Inclusion
SyCtel Design - 'menu' Parameter Multiple Local File Inclusion
phpGraphy 0.9.13 b 'theme_dir' Parameter Cross-Site Scripting
phpGraphy 0.9.13 b - 'theme_dir' Parameter Cross-Site Scripting
Web Auction 0.3.6 'lang' Parameter Cross-Site Scripting
Web Auction 0.3.6 - 'lang' Parameter Cross-Site Scripting
Multiple GoT.MY Products 'theme_dir' Parameter Cross-Site Scripting
Multiple GoT.MY Products - 'theme_dir' Parameter Cross-Site Scripting
Flash Tag Cloud And MT-Cumulus Plugin 'tagcloud' Parameter Cross-Site Scripting
Flash Tag Cloud And MT-Cumulus Plugin - 'tagcloud' Parameter Cross-Site Scripting
Joomla! 'com_cbcontact' Component 'contact_id' Parameter SQL Injection
Joomla! 'com_cbcontact' Component - 'contact_id' Parameter SQL Injection
Joomla! 'com_maplocator' Component 'cid' Parameter SQL Injection
Joomla! 'com_maplocator' Component - 'cid' Parameter SQL Injection
Tolinet Agencia 'id' Parameter SQL Injection
Tolinet Agencia - 'id' Parameter SQL Injection
WebFileExplorer 3.6 'user' and 'pass' SQL Injection
WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection
Sitemagic CMS 'SMTpl' Parameter Directory Traversal
Sitemagic CMS - 'SMTpl' Parameter Directory Traversal
Nodesforum '_nodesforum_node' Parameter SQL Injection
Joomla! 'com_morfeoshow' Component 'idm' Parameter SQL Injection
Nodesforum - '_nodesforum_node' Parameter SQL Injection
Joomla! 'com_morfeoshow' Component - 'idm' Parameter SQL Injection
Joomla! 'com_jr_tfb' Component 'controller' Parameter Local File Inclusion
Joomla! 'com_jr_tfb' Component - 'controller' Parameter Local File Inclusion
eTAWASOL 'id' Parameter SQL Injection
eTAWASOL - 'id' Parameter SQL Injection
Prontus CMS 'page' Parameter Cross-Site Scripting
ICMusic '1.2 music_id' Parameter SQL Injection
Prontus CMS - 'page' Parameter Cross-Site Scripting
ICMusic 1.2 - 'music_id' Parameter SQL Injection
Flowplayer 3.2.7 linkUrl' Parameter Cross-Site Scripting
Flowplayer 3.2.7 - 'linkUrl' Parameter Cross-Site Scripting
Easy Estate Rental 's_location' Parameter SQL Injection
Joomla Foto Component 'id_categoria' Parameter SQL Injection
Easy Estate Rental - 's_location' Parameter SQL Injection
Joomla Foto Component - 'id_categoria' Parameter SQL Injection
Joomla Juicy Gallery Component 'picId' Parameter SQL Injection
Joomla Juicy Gallery Component - 'picId' Parameter SQL Injection
Joomla Controller Component 'Itemid' Parameter SQL Injection
Joomla Controller Component - 'Itemid' Parameter SQL Injection
Synergy Software 'id' Parameter SQL Injection
Godly Forums 'id' Parameter SQL Injection
Synergy Software - 'id' Parameter SQL Injection
Godly Forums - 'id' Parameter SQL Injection
MyBB MyTabs Plugin 'tab' Parameter SQL Injection
MyBB MyTabs Plugin - 'tab' Parameter SQL Injection
mt LinkDatenbank 'b' Parameter Cross-Site Scripting
mt LinkDatenbank - 'b' Parameter Cross-Site Scripting
Joomla! Slideshow Gallery Component 'id' Parameter SQL Injection
Joomla! Slideshow Gallery Component - 'id' Parameter SQL Injection
Joomla! 'com_community' Component 'userid' Parameter SQL Injection
Joomla! 'com_community' Component - 'userid' Parameter SQL Injection
phpWebSite 'page_id' Parameter Cross-Site Scripting
phpWebSite - 'page_id' Parameter Cross-Site Scripting
Tourismscripts Hotel Portal 'hotel_city' Parameter HTML Injection
VicBlog 'tag' Parameter SQL Injection
Tourismscripts Hotel Portal - 'hotel_city' Parameter HTML Injection
VicBlog - 'tag' Parameter SQL Injection
Kisanji 'gr' Parameter Cross-Site Scripting
Kisanji - 'gr' Parameter Cross-Site Scripting
Joomla! 'com_biitatemplateshop' Component 'groups' Parameter SQL Injection
Joomla! 'com_biitatemplateshop' Component - 'groups' Parameter SQL Injection
Vanira CMS 'vtpidshow' Parameter SQL Injection
Vanira CMS - 'vtpidshow' Parameter SQL Injection
Joomla! 'com_expedition' Component 'id' Parameter SQL Injection
Joomla! 'com_expedition' Component - 'id' Parameter SQL Injection
Joomla! 'com_tree' Component 'key' Parameter SQL Injection
Joomla! 'com_br' Component 'state_id' Parameter SQL Injection
Joomla! 'com_shop' Component 'id' Parameter SQL Injection
Joomla! 'com_tree' Component - 'key' Parameter SQL Injection
Joomla! 'com_br' Component - 'state_id' Parameter SQL Injection
Joomla! 'com_shop' Component - 'id' Parameter SQL Injection
Splunk 4.1.6 'segment' Parameter Cross-Site Scripting
Splunk 4.1.6 - 'segment' Parameter Cross-Site Scripting
Multiple Cisco Products 'file' Parameter Directory Traversal
Multiple Cisco Products - 'file' Parameter Directory Traversal
IBSng B1.34(T96) 'str' Parameter Cross-Site Scripting
IBSng B1.34(T96) - 'str' Parameter Cross-Site Scripting
SmartJobBoard 'keywords' Parameter Cross-Site Scripting
SmartJobBoard - 'keywords' Parameter Cross-Site Scripting
Joomla Content Component 'year' Parameter SQL Injection
Joomla Content Component - 'year' Parameter SQL Injection
Webistry 1.6 'pid' Parameter SQL Injection
Webistry 1.6 - 'pid' Parameter SQL Injection
WordPress Skysa App Bar Plugin 'idnews' Parameter Cross-Site Scripting
WordPress Skysa App Bar Plugin - 'idnews' Parameter Cross-Site Scripting
Video Community Portal 'userID' Parameter SQL Injection
Video Community Portal - 'userID' Parameter SQL Injection
PHP Booking Calendar 10e 'page_info_message' Parameter Cross-Site Scripting
Joomla! 'com_tsonymf' Component 'idofitem' Parameter SQL Injection
PHP Booking Calendar 10e - 'page_info_message' Parameter Cross-Site Scripting
Joomla! 'com_tsonymf' Component - 'idofitem' Parameter SQL Injection
Joomla! 'com_caproductprices' Component 'id' Parameter SQL Injection
Joomla! 'com_caproductprices' Component - 'id' Parameter SQL Injection
GraphicsClone Script 'term' parameter Cross-Site Scripting
GraphicsClone Script - 'term' parameter Cross-Site Scripting
PostNuke pnAddressbook Module 'id' Parameter SQL Injection
PostNuke pnAddressbook Module - 'id' Parameter SQL Injection
Joomla! 'com_br' Component 'controller' Parameter Local File Inclusion
Joomla! 'com_br' Component - 'controller' Parameter Local File Inclusion
Joomla! Full 'com_full' Component 'id' Parameter SQL Injection
Joomla! Full 'com_full' Component - 'id' Parameter SQL Injection
Joomla! 'com_xball' Component 'team_id' Parameter SQL Injection
Joomla! 'com_boss' Component 'controller' Parameter Local File Inclusion
Joomla! 'com_xball' Component - 'team_id' Parameter SQL Injection
Joomla! 'com_boss' Component - 'controller' Parameter Local File Inclusion
Joomla! 'com_some' Component 'controller' Parameter Local File Inclusion
Joomla! 'com_bulkenquery' Component 'controller' Parameter Local File Inclusion
Joomla! 'com_kp' Component 'controller' Parameter Local File Inclusion
Joomla! 'com_some' Component - 'controller' Parameter Local File Inclusion
Joomla! 'com_bulkenquery' Component - 'controller' Parameter Local File Inclusion
Joomla! 'com_kp' Component - 'controller' Parameter Local File Inclusion
Ultimate Locator 'radius' Parameter SQL Injection
Joomla! 'com_jesubmit' Component 'index.php' Arbitrary File Upload
Ultimate Locator - 'radius' Parameter SQL Injection
Joomla! 'com_jesubmit' Component - 'index.php' Arbitrary File Upload
Joomla! 'com_motor' Component 'cid' Parameter SQL Injection
Joomla! 'com_motor' Component - 'cid' Parameter SQL Injection
Joomla! 'com_firmy' Component 'Id' Parameter SQL Injection
Joomla! 'com_firmy' Component - 'Id' Parameter SQL Injection
Joomla! 'com_crhotels' Component 'catid' Parameter SQL Injection
Joomla! 'com_propertylab' Component 'id' Parameter SQL Injection
Joomla! 'com_crhotels' Component - 'catid' Parameter SQL Injection
Joomla! 'com_propertylab' Component - 'id' Parameter SQL Injection
Joomla! 'com_cmotour' Component 'id' Parameter SQL Injection
Joomla! 'com_cmotour' Component - 'id' Parameter SQL Injection
Joomla! 'com_bnf' Component 'seccion_id' Parameter SQL Injection
Joomla! 'com_bnf' Component - 'seccion_id' Parameter SQL Injection
Joomla! Currency Converter Component 'from' Parameter Cross-Site Scripting
Joomla! Currency Converter Component - 'from' Parameter Cross-Site Scripting
RabbitWiki 'title' Parameter Cross-Site Scripting
RabbitWiki - 'title' Parameter Cross-Site Scripting
Zimbra 'view' Parameter Cross-Site Scripting
Zimbra - 'view' Parameter Cross-Site Scripting
SMW+ 1.5.6 'target' Parameter HTML Injection
SMW+ 1.5.6 - 'target' Parameter HTML Injection
ProWiki 'id' Parameter Cross-Site Scripting
ProWiki - 'id' Parameter Cross-Site Scripting
Tiki Wiki CMS Groupware 'url' Parameter URI Redirection
Tiki Wiki CMS Groupware - 'url' Parameter URI Redirection
Impulsio CMS 'id' Parameter SQL Injection
Impulsio CMS - 'id' Parameter SQL Injection
Joomla! X-Shop Component 'idd' Parameter SQL Injection
Joomla! X-Shop Component - 'idd' Parameter SQL Injection
Joomla! 'com_xvs' Component 'controller' Parameter Local File Inclusion
Joomla! 'com_xvs' Component - 'controller' Parameter Local File Inclusion
starCMS 'q' Parameter URI Cross-Site Scripting
starCMS - 'q' Parameter URI Cross-Site Scripting
JPM Article Script 6 'page2' Parameter SQL Injection
JPM Article Script 6 - 'page2' Parameter SQL Injection
LeKommerce 'id' Parameter SQL Injection
LeKommerce - 'id' Parameter SQL Injection
Event Calendar PHP 'cal_year' Parameter Cross-Site Scripting
Event Calendar PHP - 'cal_year' Parameter Cross-Site Scripting
XM Forum 'id' Parameter Multiple SQL Injection
Uiga FanClub 'p' Parameter SQL Injection
XM Forum - 'id' Parameter Multiple SQL Injection
Uiga FanClub - 'p' Parameter SQL Injection
WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross-Site Scripting
WordPress WPsc MijnPress Plugin - 'rwflush' Parameter Cross-Site Scripting
Ramui Forum Script 'query' Parameter Cross-Site Scripting
Ramui Forum Script - 'query' Parameter Cross-Site Scripting
GD Star Rating 1.9.16 'tpl_section' Parameter Cross-Site Scripting
GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting
LongTail JW Player 'debug' Parameter Cross-Site Scripting
LongTail JW Player - 'debug' Parameter Cross-Site Scripting
Small-Cms 'hostname' Parameter Remote PHP Code Injection
Small-Cms - 'hostname' Parameter Remote PHP Code Injection
Joomla! Alphacontent Component 'limitstart' Parameter SQL Injection
Joomla! Alphacontent Component - 'limitstart' Parameter SQL Injection
Flogr 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities
Flogr - 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities
e107 Image Gallery Plugin 'name' Parameter Remote File Disclosure
e107 Image Gallery Plugin - 'name' Parameter Remote File Disclosure
Joomla! 'com_szallasok' Component 'id' Parameter SQL Injection
Joomla! 'com_szallasok' Component - 'id' Parameter SQL Injection
SWFUpload 'movieName' Parameter Cross-Site Scripting
SWFUpload - 'movieName' Parameter Cross-Site Scripting
WordPress SocialFit Plugin 'msg' Parameter Cross-Site Scripting
WordPress custom tables Plugin 'key' Parameter Cross-Site Scripting
WordPress church_admin Plugin 'id' parameter Cross-Site Scripting
WordPress SocialFit Plugin - 'msg' Parameter Cross-Site Scripting
WordPress custom tables Plugin - 'key' Parameter Cross-Site Scripting
WordPress church_admin Plugin - 'id' parameter Cross-Site Scripting
sflog! 'section' Parameter Local File Inclusion
sflog! - 'section' Parameter Local File Inclusion
WebsitePanel 'ReturnUrl' Parameter URI Redirection
WebsitePanel - 'ReturnUrl' Parameter URI Redirection
WordPress Post Recommendations Plugin 'abspath' Parameter Remote File Inclusion
web@all 'name' Parameter Cross-Site Scripting
WordPress Post Recommendations Plugin - 'abspath' Parameter Remote File Inclusion
web@all - 'name' Parameter Cross-Site Scripting
Joomla! 'com_hello' Component 'controller' Parameter Local File Inclusion
Joomla! 'com_hello' Component - 'controller' Parameter Local File Inclusion
REDAXO 'subpage' Parameter Cross-Site Scripting
Joomla Odudeprofile component 'profession' Parameter SQL Injection
REDAXO - 'subpage' Parameter Cross-Site Scripting
Joomla Odudeprofile component - 'profession' Parameter SQL Injection
BarCodeWiz 'BarcodeWiz.dll' ActiveX Control 'Barcode' Method Remote Buffer Overflow
BarCodeWiz 'BarcodeWiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow
JW Player 'playerready' Parameter Cross-Site Scripting
eNdonesia 'cid' Parameter SQL Injection
JW Player - 'playerready' Parameter Cross-Site Scripting
eNdonesia - 'cid' Parameter SQL Injection
ntop 'arbfile' Parameter Cross-Site Scripting
ntop - 'arbfile' Parameter Cross-Site Scripting
Elefant CMS 'id' Parameter Cross-Site Scripting
Elefant CMS - 'id' Parameter Cross-Site Scripting
YT-Videos Script 'id' Parameter SQL Injection
YT-Videos Script - 'id' Parameter SQL Injection
GetSimple 'path' Parameter Local File Inclusion
GetSimple - 'path' Parameter Local File Inclusion
LISTSERV 16 'SHOWTPL' Parameter Cross-Site Scripting
LISTSERV 16 - 'SHOWTPL' Parameter Cross-Site Scripting
JPM Article Blog Script 6 'tid' Parameter Cross-Site Scripting
JPM Article Blog Script 6 - 'tid' Parameter Cross-Site Scripting
KindEditor 'name' Parameter Cross-Site Scripting
KindEditor - 'name' Parameter Cross-Site Scripting
PHP Web Scripts Ad Manager Pro 'page' Parameter Local File Inclusion
PHP Web Scripts Ad Manager Pro - 'page' Parameter Local File Inclusion
JW Player 'logo.link' Parameter Cross-Site Scripting
JW Player - 'logo.link' Parameter Cross-Site Scripting
PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Inclusion
Joomla! Komento Component 'cid' Parameter SQL Injection
PHP Web Scripts Text Exchange Pro - 'page' Parameter Local File Inclusion
Joomla! Komento Component - 'cid' Parameter SQL Injection
WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure
WordPress Cloudsafe365 Plugin - 'file' Parameter Remote File Disclosure
Wiki Web Help 'configpath' Parameter Remote File Inclusion
Wiki Web Help - 'configpath' Parameter Remote File Inclusion
LiteSpeed Web Server 'gtitle' parameter Cross-Site Scripting
LiteSpeed Web Server - 'gtitle' parameter Cross-Site Scripting
WordPress Download Monitor Plugin 'dlsearch' Parameter Cross-Site Scripting
WordPress Download Monitor Plugin - 'dlsearch' Parameter Cross-Site Scripting
FBDj 'id' Parameter SQL Injection
FBDj - 'id' Parameter SQL Injection
vBSEO 'u' parameter Cross-Site Scripting
vBSEO - 'u' parameter Cross-Site Scripting
WordPress Crayon Syntax Highlighter Plugin 'wp_load' Parameter Remote File Inclusion
WordPress Crayon Syntax Highlighter Plugin - 'wp_load' Parameter Remote File Inclusion
TAGWORX.CMS 'cid' Parameter SQL Injection
TAGWORX.CMS - 'cid' Parameter SQL Injection
WordPress Video Lead Form Plugin 'errMsg' Parameter Cross-Site Scripting
WordPress Video Lead Form Plugin - 'errMsg' Parameter Cross-Site Scripting
WordPress Token Manager Plugin 'tid' Parameter Cross-Site Scripting
WordPress Token Manager Plugin - 'tid' Parameter Cross-Site Scripting
Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross-Site Scripting
Neturf eCommerce Shopping Cart - 'SearchFor' Parameter Cross-Site Scripting
WordPress ABC Test Plugin 'id' Parameter Cross-Site Scripting
WordPress ABC Test Plugin - 'id' Parameter Cross-Site Scripting
Open Realty 'select_users_lang' Parameter Local File Inclusion
Open Realty - 'select_users_lang' Parameter Local File Inclusion
FirePass 7.0 SSL VPN 'refreshURL' Parameter URI Redirection
FirePass 7.0 SSL VPN - 'refreshURL' Parameter URI Redirection
SMF 'view' Parameter Cross-Site Scripting
SMF - 'view' Parameter Cross-Site Scripting
Gramophone 'rs' Parameter Cross-Site Scripting
Gramophone - 'rs' Parameter Cross-Site Scripting
Joomla! com_parcoauto Component 'idVeicolo' Parameter SQL Injection
Joomla! com_parcoauto Component - 'idVeicolo' Parameter SQL Injection
OrangeHRM 'sortField' Parameter SQL Injection
WordPress FLV Player Plugin 'id' Parameter SQL Injection
OrangeHRM - 'sortField' Parameter SQL Injection
WordPress FLV Player Plugin - 'id' Parameter SQL Injection
WordPress Kakao Theme 'ID' Parameter SQL Injection
WordPress PHP Event Calendar Plugin 'cid' Parameter SQL Injection
WordPress Eco-annu Plugin 'eid' Parameter SQL Injection
WordPress Kakao Theme - 'ID' Parameter SQL Injection
WordPress PHP Event Calendar Plugin - 'cid' Parameter SQL Injection
WordPress Eco-annu Plugin - 'eid' Parameter SQL Injection
WordPress Dailyedition-mouss Theme 'id' Parameter SQL Injection
WordPress Tagged Albums Plugin 'id' Parameter SQL Injection
WordPress Dailyedition-mouss Theme - 'id' Parameter SQL Injection
WordPress Tagged Albums Plugin - 'id' Parameter SQL Injection
Omni-Secure 'dir' Parameter Multiple File Disclosure Vulnerabilities
Friends in War The FAQ Manager 'question' Parameter SQL Injection
Omni-Secure - 'dir' Parameter Multiple File Disclosure Vulnerabilities
Friends in War The FAQ Manager - 'question' Parameter SQL Injection
openSIS 'modname' Parameter Local File Inclusion
openSIS - 'modname' Parameter Local File Inclusion
WordPress Madebymilk Theme 'id' Parameter SQL Injection
WordPress Madebymilk Theme - 'id' Parameter SQL Injection
WordPress Zingiri Web Shop Plugin 'path' Parameter Arbitrary File Upload
WordPress Webplayer Plugin 'id' Parameter SQL Injection
WordPress Plg Novana Plugin 'id' Parameter SQL Injection
WordPress Zingiri Web Shop Plugin - 'path' Parameter Arbitrary File Upload
WordPress Webplayer Plugin - 'id' Parameter SQL Injection
WordPress Plg Novana Plugin - 'id' Parameter SQL Injection
WordPress Magazine Basic Theme 'id' Parameter SQL Injection
WordPress Magazine Basic Theme - 'id' Parameter SQL Injection
WordPress Ads Box Plugin 'count' Parameter SQL Injection
WordPress Ads Box Plugin - 'count' Parameter SQL Injection
Forescout CounterACT 'a' Parameter Open Redirection
WordPress Wp-ImageZoom Theme 'id' Parameter SQL Injection
Forescout CounterACT - 'a' Parameter Open Redirection
WordPress Wp-ImageZoom Theme - 'id' Parameter SQL Injection
WordPress Toolbox Theme 'mls' Parameter SQL Injection
Elastix 'page' Parameter Cross-Site Scripting
TinyMCPUK 'test' Parameter Cross-Site Scripting
WordPress Toolbox Theme - 'mls' Parameter SQL Injection
Elastix - 'page' Parameter Cross-Site Scripting
TinyMCPUK - 'test' Parameter Cross-Site Scripting
WordPress Zingiri Forums Plugin 'language' Parameter Local File Inclusion
WordPress Nest Theme 'codigo' Parameter SQL Injection
Sourcefabric Newscoop 'f_email' Parameter SQL Injection
WordPress Zingiri Forums Plugin - 'language' Parameter Local File Inclusion
WordPress Nest Theme - 'codigo' Parameter SQL Injection
Sourcefabric Newscoop - 'f_email' Parameter SQL Injection
FOOT Gestion 'id' Parameter SQL Injection
FOOT Gestion - 'id' Parameter SQL Injection
PHP Address Book 'group' Parameter Cross-Site Scripting
PHP Address Book - 'group' Parameter Cross-Site Scripting
Joomla! ZT Autolinks Component 'controller' Parameter Local File Inclusion
Joomla! Bit Component 'controller' Parameter Local File Inclusion
Joomla! ZT Autolinks Component - 'controller' Parameter Local File Inclusion
Joomla! Bit Component - 'controller' Parameter Local File Inclusion
MyBB Transactions Plugin 'transaction' Parameter SQL Injection
MyBB Transactions Plugin - 'transaction' Parameter SQL Injection
WHM 'filtername' Parameter Cross-Site Scripting
WHM - 'filtername' Parameter Cross-Site Scripting
Havalite CMS 'comment' Parameter HTML Injection
Havalite CMS - 'comment' Parameter HTML Injection
WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross-Site Scripting
WordPress NextGEN Gallery Plugin - 'test-head' Parameter Cross-Site Scripting
WordPress Gallery Plugin 'filename_1' Parameter Remote Arbitrary File Access
WordPress Gallery Plugin - 'filename_1' Parameter Remote Arbitrary File Access
phpLiteAdmin 'table' Parameter SQL Injection
IP.Gallery 'img' Parameter SQL Injection
phpLiteAdmin - 'table' Parameter SQL Injection
IP.Gallery - 'img' Parameter SQL Injection
gpEasy CMS 'section' Parameter Cross-Site Scripting
gpEasy CMS - 'section' Parameter Cross-Site Scripting
iCart Pro 'section' Parameter SQL Injection
iCart Pro - 'section' Parameter SQL Injection
WordPress WP-Table Reloaded Plugin 'id' Parameter Cross-Site Scripting
WordPress WP-Table Reloaded Plugin - 'id' Parameter Cross-Site Scripting
WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross-Site Scripting
WordPress CommentLuv Plugin - '_ajax_nonce' Parameter Cross-Site Scripting
WordPress Audio Player Plugin 'playerID' Parameter Cross-Site Scripting
WordPress Pinboard Theme 'tab' Parameter Cross-Site Scripting
WordPress Audio Player Plugin - 'playerID' Parameter Cross-Site Scripting
WordPress Pinboard Theme - 'tab' Parameter Cross-Site Scripting
Squirrelcart 'table' Parameter Cross-Site Scripting
Squirrelcart - 'table' Parameter Cross-Site Scripting
OpenEMR 'site' Parameter Cross-Site Scripting
OpenEMR - 'site' Parameter Cross-Site Scripting
WordPress Uploader Plugin 'blog' Parameter Cross-Site Scripting
WordPress Uploader Plugin - 'blog' Parameter Cross-Site Scripting
WordPress Count Per Day Plugin 'daytoshow' Parameter Cross-Site Scripting
WordPress Count Per Day Plugin - 'daytoshow' Parameter Cross-Site Scripting
WordPress podPress Plugin 'playerID' Parameter Cross-Site Scripting
WordPress podPress Plugin - 'playerID' Parameter Cross-Site Scripting
Jaow CMS 'add_ons' Parameter Cross-Site Scripting
Jaow CMS - 'add_ons' Parameter Cross-Site Scripting
WordPress Feedweb Plugin 'wp_post_id' Parameter Cross-Site Scripting
WordPress Feedweb Plugin - 'wp_post_id' Parameter Cross-Site Scripting
Symphony 'sort' Parameter SQL Injection
Symphony - 'sort' Parameter SQL Injection
WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross-Site Scripting
WordPress Traffic Analyzer Plugin - 'aoid' Parameter Cross-Site Scripting
WordPress Spiffy XSPF Player Plugin 'playlist_id' Parameter SQL Injection
WordPress Spiffy XSPF Player Plugin - 'playlist_id' Parameter SQL Injection
WordPress Spider Video Player Plugin 'theme' Parameter SQL Injection
Request Tracker 'ShowPending' Parameter SQL Injection
WordPress Spider Video Player Plugin - 'theme' Parameter SQL Injection
Request Tracker - 'ShowPending' Parameter SQL Injection
Fork CMS 'file' Parameter Local File Inclusion
Fork CMS - 'file' Parameter Local File Inclusion
WordPress wp-FileManager Plugin 'path' Parameter Arbitrary File Download
Open Flash Chart 'get-data' Parameter Cross-Site Scripting
WordPress wp-FileManager Plugin - 'path' Parameter Arbitrary File Download
Open Flash Chart - 'get-data' Parameter Cross-Site Scripting
Jojo CMS 'search' Parameter Cross-Site Scripting
Jojo CMS - 'search' Parameter Cross-Site Scripting
WordPress Ambience Theme 'src' Parameter Cross-Site Scripting
WordPress Ambience Theme - 'src' Parameter Cross-Site Scripting
TaxiMonger for Android 'name' Parameter HTML Injection
TaxiMonger for Android - 'name' Parameter HTML Injection
ZamFoo 'date' Parameter Remote Command Injection
ZamFoo - 'date' Parameter Remote Command Injection
Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross-Site Scripting
Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting
WordPress WP Feed Plugin 'nid' Parameter SQL Injection
WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross-Site Scripting
WordPress WP Feed Plugin - 'nid' Parameter SQL Injection
WordPress Category Grid View Gallery Plugin - 'ID' Parameter Cross-Site Scripting
WordPress FlagEm Plugin 'cID' Parameter Cross-Site Scripting
WordPress FlagEm Plugin - 'cID' Parameter Cross-Site Scripting
Xibo 'layout' Parameter HTML Injection
Xibo - 'layout' Parameter HTML Injection
Flo CMS 'archivem' Parameter SQL Injection
Flo CMS - 'archivem' Parameter SQL Injection
eTransfer Lite 'file name' Parameter HTML Injection
WordPress mukioplayer4wp Plugin 'cid' Parameter SQL Injection
eTransfer Lite - 'file name' Parameter HTML Injection
WordPress mukioplayer4wp Plugin - 'cid' Parameter SQL Injection
Monstra CMS 'login' Parameter SQL Injection
Monstra CMS - 'login' Parameter SQL Injection
Joomla! JVideoClip Component 'uid' Parameter SQL Injection
Joomla! JVideoClip Component - 'uid' Parameter SQL Injection
WordPress WP-Realty Plugin 'listing_id' Parameter SQL Injection
WordPress WP-Realty Plugin - 'listing_id' Parameter SQL Injection
Joomla! Maian15 Component 'name' Parameter Arbitrary Shell Upload
Joomla! Maian15 Component - 'name' Parameter Arbitrary Shell Upload
Nagios XI 'tfPassword' Parameter SQL Injection
Nagios XI - 'tfPassword' Parameter SQL Injection
Enorth Webpublisher CMS 'thisday' Parameter SQL Injection
Enorth Webpublisher CMS - 'thisday' Parameter SQL Injection
WordPress Easy Career Openings Plugin 'jobid' Parameter SQL Injection
WordPress Easy Career Openings Plugin - 'jobid' Parameter SQL Injection
eduTrac 'showmask' Parameter Directory Traversal
eduTrac - 'showmask' Parameter Directory Traversal
Veno File Manager 'q' Parameter Arbitrary File Download
Veno File Manager - 'q' Parameter Arbitrary File Download
Leed 'id' Parameter SQL Injection
Leed - 'id' Parameter SQL Injection
xBoard 'post' Parameter Local File Inclusion
xBoard - 'post' Parameter Local File Inclusion
i-doit Pro 'objID' Parameter SQL Injection
i-doit Pro - 'objID' Parameter SQL Injection
Joomla! Sexy Polling Extension 'answer_id' Parameter SQL Injection
Joomla! Sexy Polling Extension - 'answer_id' Parameter SQL Injection
XOS Shop 'goto' Parameter SQL Injection
XOS Shop - 'goto' Parameter SQL Injection
Eventum 'hostname' Parameter Remote Code Execution
Eventum - 'hostname' Parameter Remote Code Execution
WordPress Relevanssi Plugin 'category_name' Parameter SQL Injection
WordPress Relevanssi Plugin - 'category_name' Parameter SQL Injection
Professional Designer E-Store 'id' Parameter Multiple SQL Injection
Professional Designer E-Store - 'id' Parameter Multiple SQL Injection
MeiuPic 'ctl' Parameter Local File Inclusion
MeiuPic - 'ctl' Parameter Local File Inclusion
Jorjweb 'id' Parameter SQL Injection
qEngine 'run' Parameter Local File Inclusion
Jorjweb - 'id' Parameter SQL Injection
qEngine - 'run' Parameter Local File Inclusion
Seo Panel 'file' Parameter Directory Traversal
Seo Panel - 'file' Parameter Directory Traversal
ZeusCart 'prodid' Parameter SQL Injection
ZeusCart - 'prodid' Parameter SQL Injection
VoipSwitch 'action' Parameter Local File Inclusion
VoipSwitch - 'action' Parameter Local File Inclusion
Joomla! Spider Video Player Extension 'theme' Parameter SQL Injection
Joomla! Spider Video Player Extension - 'theme' Parameter SQL Injection
Microsoft Office Excel Out-of-Bounds Read Remote Code Execution (MS16-042)
Microsoft Office Excel - Out-of-Bounds Read Remote Code Execution (MS16-042)
Microsoft Office Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)
FreePBX 13 / 14 - Remote Code Execution
Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (2)
Easy FTP Server - _APPE_ Command Buffer Overflow Remote Exploit
2016-08-14 05:06:43 +00:00
Offensive Security
ad0d8229c3
DB: 2016-08-13
2016-08-13 05:12:02 +00:00
Offensive Security
27bb5a6384
DB: 2016-08-12
...
1 new exploits
WordPress Multiple Versions - Pwnpress Exploitation Tookit (0.2pub)
WordPress Core 1.5.1.1 <= 2.2.2 - Multiple Vulnerabilities
WordPress and Pyrmont 2.x - SQL Injection
WordPress Pyrmont 2.x Plugin - SQL Injection
WordPress Copperleaf Photolog 0.16 - SQL injection
WordPress Copperleaf Photolog 0.16 Plugin - SQL injection
WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities
WordPress 2.x - PHP_Self Cross-Site Scripting
WordPress Core 2.x - PHP_Self Cross-Site Scripting
WordPress 2.2 - Request_URI Parameter Cross-Site Scripting
WordPress Core 2.2 - Request_URI Parameter Cross-Site Scripting
WordPress MailPoet - (wysija-newsletters) Unauthenticated File Upload
WordPress MailPoet Newsletters 2.6.8 Plugin - (wysija-newsletters) Unauthenticated File Upload
Drupal Core 7.32 - SQL Injection (1)
Drupal Core 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (1)
Drupal Core 7.32 - SQL Injection (2)
Drupal Core 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (2)
Drupal < 7.32 Pre Auth SQL Injection
Drupal Core < 7.32 - Pre Auth SQL Injection
Live Wire 2.3.1 For WordPress - Multiple Security Vulnerabilities
Wordpress Live Wire 2.3.1 Theme - Multiple Security Vulnerabilities
The Gazette Edition 2.9.4 For WordPress - Multiple Security Vulnerabilities
WordPress The Gazette Edition 2.9.4 Theme - Multiple Security Vulnerabilities
WordPress Webdorado Spider Event Calendar 1.4.9 - SQL Injection
WordPress Webdorado Spider Event Calendar 1.4.9 Plugin - SQL Injection
WordPress Trending 0.1 - 'cpage' Parameter Cross-Site Scripting
WordPress Trending 0.1 Theme - 'cpage' Parameter Cross-Site Scripting
WordPress WPML - Multiple Vulnerabilities
WordPress WPML 3.1.9 Plugin - Multiple Vulnerabilities
WordPress 4.2 - Stored XSS
WordPress Core 4.2 - Stored XSS
WordPress RevSlider File Upload and Execute
WordPress RevSlider 3.0.95 Plugin - File Upload and Execute
WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution
WordPress MailChimp Subscribe Forms 1.1 - Remote Code Execution
WordPress Track That Stat 1.0.8 Cross-Site Scripting
WordPress Track That Stat 1.0.8 - Cross-Site Scripting
WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload
WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta - Shell Upload
WordPress Wp-ImageZoom 'file' Parameter Remote File Disclosure
WordPress Wp-ImageZoom - 'file' Parameter Remote File Disclosure
WordPress Flip Book 'php.php' Arbitrary File Upload
WordPress Flip Book - 'php.php' Arbitrary File Upload
WordPress PHPFreeChat 'url' Parameter Cross-Site Scripting
WordPress PHPFreeChat - 'url' Parameter Cross-Site Scripting
WordPress Finder 'order' Parameter Cross-Site Scripting
WordPress Finder - 'order' Parameter Cross-Site Scripting
WordPress Multiple Path Dislosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Dislosure Vulnerabilities
WordPress Video Gallery 2.7 SQL Injection
WordPress Video Gallery 2.7 - SQL Injection
WordPress Cross Site Request Forgery
WordPress - Cross Site Request Forgery
WordPress CStar Design 'id' Parameter SQL Injection
WordPress CStar Design Theme - 'id' Parameter SQL Injection
WordPress White-Label Framework 2.0.6 - XSS
WordPress White-Label Framework 2.0.6 Theme - XSS
WordPress NextGEN Gallery 'upload.php' Arbitrary File Upload
WordPress NextGEN Gallery - 'upload.php' Arbitrary File Upload
WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross-Site Scripting
WordPress Xorbin Digital Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting
WordPress Lead Octopus Power 'id' Parameter SQL Injection
WordPress Lead Octopus Power - 'id' Parameter SQL Injection
WordPress Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities
WordPress Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection
WordPress Booking Calendar Contact Form 1.1.24 Plugin - Multiple Vulnerabilities
WordPress Booking Calendar Contact Form 1.1.24 Plugin - addslashes SQL Injection
Wordpress Ultimate Product Catalog 3.9.8 - (do_shortcode via ajax) Blind SQL Injection
Wordpress Ultimate Product Catalog 3.9.8 Plugin - (do_shortcode via ajax) Blind SQL Injection
Wireshark 1.12.0 - 1.12.12 - NDS Dissector Denial of Service
Wireshark 2.0.0 to 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service
Wireshark 1.12.0-1.12.12 - NDS Dissector Denial of Service
Wireshark 2.0.0 - 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service
Microsoft Office Word 2007_2010_2013_2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)
Microsoft Office Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)
WebNMS Framework Server 5.2 and 5.2 SP1 - Multiple Vulnerabilities
WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities
ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal
2016-08-12 05:09:55 +00:00
Offensive Security
832f9cf8b5
DB: 2016-08-11
...
10 new exploits
Nagios Network Analyzer 2.2.1 - Multiple CSRF
Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)
Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)
Microsoft Office Word 2007_2010_2013_2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)
vBulletin 5.2.2 - Preauth Server Side Request Forgery (SSRF)
EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation
EyeLock nano NXT 3.5 - Local File Disclosure
EyeLock nano NXT 3.5 - Remote Root Exploit
WebNMS Framework Server 5.2 and 5.2 SP1 - Multiple Vulnerabilities
SAP SAPCAR - Multiple Vulnerabilities
2016-08-11 05:08:59 +00:00
Offensive Security
3b59d25c95
DB: 2016-08-10
2016-08-10 05:09:13 +00:00
Offensive Security
9821fd03b3
DB: 2016-08-09
...
4 new exploits
VMware 5.5.1 COM Object Arbitrary Partition Table Delete Exploit
VMware 5.5.1 - COM Object Arbitrary Partition Table Delete Exploit
VMware Inc 6.0.0 CreateProcess Remote Code Execution Exploit
VMware Inc 6.0.0 - CreateProcess Remote Code Execution Exploit
VMware Workstation (hcmon.sys 6.0.0.45731) Local DoS
VMware Workstation - (hcmon.sys 6.0.0.45731) Local DoS
VMware COM API ActiveX Remote Buffer Overflow PoC
VMware - COM API ActiveX Remote Buffer Overflow PoC
RoundCube Webmail 0.2-3 beta Code Execution
RoundCube Webmail 0.2-3 beta - Code Execution
VMWare Fusion 2.0.5 - vmx86 kext Kernel Local Root Exploit
VMware Fusion 2.0.5 - vmx86 kext Kernel Local Root Exploit
VMWare Fusion 2.0.5 vmx86 kext Local PoC
VMware Fusion 2.0.5 - vmx86 kext Local PoC
VMware Remote Console e.x.p build-158248 - format string
VMware Remote Console e.x.p build-158248 - Format String
VMware Workstation 7.1.1 VMkbd.sys Denial of Service Exploit
VMware Workstation 7.1.1 - VMkbd.sys Denial of Service Exploit
VMware Tools update OS Command Injection
VMware Tools - Update OS Command Injection
VMware Update Manager Directory Traversal
VMware - Update Manager Directory Traversal
VMWare 1.0.1 - Buffer Overflow
VMware 1.0.1 - Buffer Overflow
VMWare GSX Server 2.0 - Authentication Server Buffer Overflow
VMware GSX Server 2.0 - Authentication Server Buffer Overflow
VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload
VMware vCenter - Chargeback Manager ImageUploadServlet Arbitrary File Upload
VMware Player 1.0.1 Build 19317 Malformed VMX File Denial of Service
VMware Player 1.0.1 Build 19317 - Malformed VMX File Denial of Service
VMware 5.5.1 Partition Table Deletion Denial of Service
VMware 5.5.1 - Partition Table Deletion Denial of Service
VMware Server 2.0.1_ESXi Server 3.5 - Directory Traversal
VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal
VMware View 3.1.x URL Processing Cross-Site Scripting
VMware View 3.1.x - URL Processing Cross-Site Scripting
PHPCollab 2.5 - SQL Injection
PHPCollab 2.5 - (deletetopics.php) SQL Injection
phpCollab 2.5 Database Backup Information Disclosure
phpCollab 2.5 - Database Backup Information Disclosure
phpCollab 2.5 uploadfile.php Crafted Request Arbitrary Non-PHP File Upload
phpCollab 2.5 - uploadfile.php Crafted Request Arbitrary Non-PHP File Upload
phpCollab 2.5 Unauthenticated Direct Request Multiple Protected Page Access
phpCollab 2.5 - Unauthenticated Direct Request Multiple Protected Page Access
Wireshark 1.12.0 to 1.12.12 - NDS Dissector Denial of Service
Wireshark 1.12.0 - 1.12.12 - NDS Dissector Denial of Service
Wireshark 2.0.0 to 2.0.4 - CORBA IDL Dissectors Denial of Service
Wireshark 2.0.0 to 2.0.4_ 1.12.0 to 1.12.12 - PacketBB Dissector Denial of Service
Wireshark 2.0.0 to 2.0.4_ 1.12.0 to 1.12.12 - WSP Dissector Denial of Service
Wireshark 2.0.0 to 2.0.4_ 1.12.0 to 1.12.12 - RLC Dissector Denial of Service
Wireshark 2.0.0 - 2.0.4 - CORBA IDL Dissectors Denial of Service
Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - PacketBB Dissector Denial of Service
Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - WSP Dissector Denial of Service
Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - RLC Dissector Denial of Service
Navis WebAccess - SQL Injection
phpCollab CMS 2.5 - (emailusers.php) SQL Injection
Microsoft Windows Group Policy - Privilege Escalation (MS16-072)
WordPress Add From Server Plugin < 3.3.2 - (File Upload) CSRF
2016-08-09 05:02:52 +00:00
Offensive Security
dac3d3dad6
DB: 2016-08-08
...
2 new exploits
VMWare OVF Tools - Format String (1)
VMware OVF Tools - Format String (1)
VMWare OVF Tools - Format String (2)
VMware OVF Tools - Format String (2)
VMWare - Setuid vmware-mount Unsafe popen(3)
VMware - Setuid vmware-mount Unsafe popen(3)
Drupal Module Coder < 7.x-1.3 / 7.x-2.6 - Remote Code Execution Exploit (SA-CONTRIB-2016-039)
VMware Virtual Machine Communication Interface (VMCI) vmci.sys - Proof of Concept
VMWare - Setuid vmware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010)
VMware - Setuid vmware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010)
ntop 2.3 <= 2.5 - Multiple Vulnerabilities
ntop/nbox 2.3 <= 2.5 - Multiple Vulnerabilities
NUUO NVRmini 2 3.0.8 - ShellShock Remote Code Execution
NUUO NVRmini 2 3.0.8 - (ShellShock) Remote Code Execution
2016-08-08 05:05:38 +00:00
Offensive Security
e161127711
DB: 2016-08-07
...
8 new exploits
Kodi Web Server 16.1 - Denial of Service
NUUO NVRmini 2 3.0.8 - Remote Root Exploit
NUUO NVRmini 2 3.0.8 - (Add Admin) CSRF
NUUO NVRmini 2 3.0.8 - Local File Disclosure
NUUO NVRmini 2 3.0.8 - Multiple OS Command Injection
NUUO NVRmini 2 3.0.8 - ShellShock Remote Code Execution
NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion
NUUO NVRmini 2 3.0.8 - (strong_user.php) Backdoor Remote Shell Access
2016-08-07 05:06:35 +00:00
Offensive Security
428f25fc1c
DB: 2016-08-07
...
8 new exploits
NUUO NVRmini2 / NVRsolo / Crystal Devices and NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
ntop 2.3 <= 2.5 - Multiple Vulnerabilities
Subrion CMS 4.0.5 - SQL Injection
zFTP Client 20061220 - (Connection Name) Local Buffer Overflow
PHP Power Browse 1.2 - Directory Traversal
Davolink DV-2051 - Multiple Vulnerabilities
WordPress Count per Day Plugin 3.5.4 - Stored Cross-Site Scripting
NASdeluxe NDL-2400r 2.01.09 - OS Command Injection
2016-08-07 02:36:02 +00:00
Offensive Security
75085bf1d7
DB: 2016-08-03
...
7 new exploits
Real Server 7/8/9 - Remote Root Exploit (Windows & Linux)
Real Server 7/8/9 - Remote Root Exploit (Windows / Linux)
Apache mod_gzip (with debug_mode) <= 1.2.26.1a - Remote Exploit
Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Exploit
BSD & Linux - umount Local Root Exploit
BSD & Linux umount - Local Root Exploit
BSD & Linux - lpr Command Local Root Exploit
BSD & Linux lpr - Local Root Exploit
Battlefield 1942 <= 1.6.19 + Vietnam 1.2 - Broadcast Client Crash
Battlefield 1942 1.6.19 + Vietnam 1.2 - Broadcast Client Crash
PHP 4.3.9 & phpBB 2.x - unserialize() Remote Exploit (compiled)
PHP 4.3.9 + phpBB 2.x - unserialize() Remote Exploit (Compiled)
Soldier of Fortune 2 <= 1.03 - 'cl_guid' Server Crash
Soldier of Fortune 2 1.03 - 'cl_guid' Server Crash
Download Center Lite (DCL) <= 1.5 - Remote File Inclusion
Download Center Lite (DCL) 1.5 - Remote File Inclusion
Linux Mandrake 10.2 - cdrdao Local Root Exploit (unfixed)
cdrdao (Mandrake 10.2) - Local Root Exploit
MyBulletinBoard (MyBB) <= 1.00 RC4 - SQL Injection Exploit
MyBulletinBoard (MyBB) 1.00 RC4 - SQL Injection Exploit
e107 <= 0.617 - XSS Remote Cookie Disclosure Exploit
e107 0.617 - XSS Remote Cookie Disclosure Exploit
MyBulletinBoard (MyBB) <= 1.00 RC4 SQL Injection Exploit
MyBulletinBoard (MyBB) 1.00 RC4 SQL Injection Exploit
F-Secure Internet Gatekeeper for Linux < 2.15.484 - Local Root Exploit
F-Secure Internet Gatekeeper for Linux < 2.15.484 (and Gateway < 2.16) - Local Root Exploit
MyBulletinBoard (MyBB) <= 1.03 - Multiple SQL Injection Exploit
MyBulletinBoard (MyBB) 1.03 - Multiple SQL Injection Exploit
MyBulletinBoard (MyBB) <= 1.03 - (misc.php COMMA) SQL Injection
MyBulletinBoard (MyBB) 1.03 - (misc.php COMMA) SQL Injection
MyBulletinBoard (MyBB) <= 1.04 - (misc.php COMMA) SQL Injection (2)
MyBulletinBoard (MyBB) 1.04 - (misc.php COMMA) SQL Injection (2)
Content-Builder (CMS) <= 0.7.2 - Multiple Include Vulnerabilities
Content-Builder (CMS) 0.7.2 - Multiple Include Vulnerabilities
MyBulletinBoard (MyBB) <= 1.1.3 - (usercp.php) Create Admin Exploit
MyBulletinBoard (MyBB) 1.1.3 - (usercp.php) Create Admin Exploit
DZCP (deV!L_z Clanportal) <= 1.34 - (id) SQL Injection Exploit
DZCP (deV!L_z Clanportal) 1.34 - (id) SQL Injection Exploit
Invision Power Board 2.1 <= 2.1.6 - SQL Injection Exploit
Invision Power Board 2.1 <= 2.1.6 - SQL Injection Exploit (1)
MyBulletinBoard (MyBB) <= 1.1.5 - (CLIENT-IP) SQL Injection Exploit
MyBulletinBoard (MyBB) 1.1.5 - (CLIENT-IP) SQL Injection Exploit
PHP Live! <= 3.2.1 - (help.php) Remote Inclusion
PHP Live! 3.2.1 - (help.php) Remote Inclusion
Les Visiteurs (Visitors) <= 2.0 - (config.inc.php) File Include
Les Visiteurs (Visitors) 2.0 - (config.inc.php) File Include
Electronic Engineering Tool (EE TOOL) <= 0.4.1 File Include
Electronic Engineering Tool (EE TOOL) 0.4.1 File Include
DZCP (deV!L_z Clanportal) <= 1.3.6 - Arbitrary File Upload
DZCP (deV!L_z Clanportal) 1.3.6 - Arbitrary File Upload
Tucows Client Code Suite (CSS) <= 1.2.1015 File Include
Tucows Client Code Suite (CSS) 1.2.1015 File Include
KDE 3.5 - (libkhtml) <= 4.2.0 / Unhandled HTML Parse Exception Exploit
KDE 3.5 - (libkhtml) 4.2.0 / Unhandled HTML Parse Exception Exploit
DZCP (deV!L_z Clanportal) <= 1.4.5 - Remote File Disclosure
DZCP (deV!L_z Clanportal) 1.4.5 - Remote File Disclosure
McAfee VirusScan for Mac (Virex) <= 7.7 - Local Root Exploit
McAfee VirusScan for Mac (Virex) 7.7 - Local Root Exploit
WEBO (Web Organizer) <= 1.0 - (baseDir) Remote File Inclusion
WEBO (Web Organizer) 1.0 - (baseDir) Remote File Inclusion
Net Portal Dynamic System (NPDS) <= 5.10 - Remote Code Execution
Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution
Katalog Plyt Audio (pl) <= 1.0 - SQL Injection Exploit
Katalog Plyt Audio (pl) 1.0 - SQL Injection Exploit
study planner (studiewijzer) <= 0.15 - Remote File Inclusion
study planner (studiewijzer) 0.15 - Remote File Inclusion
MyBulletinBoard (MyBB) <= 1.2.3 - Remote Code Execution Exploit
MyBulletinBoard (MyBB) 1.2.3 - Remote Code Execution Exploit
MyBulletinBoard (MyBB) <= 1.2.2 - (CLIENT-IP) SQL Injection Exploit
MyBulletinBoard (MyBB) 1.2.2 - (CLIENT-IP) SQL Injection Exploit
MyBulletinBoard (MyBB) <= 1.2.5 calendar.php Blind SQL Injection Exploit
MyBulletinBoard (MyBB) 1.2.5 calendar.php Blind SQL Injection Exploit
Net Portal Dynamic System (NPDS) <= 5.10 - Remote Code Execution (2)
Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution (2)
LAN Management System (LMS) <= 1.9.6 - Remote File Inclusion Exploit
LAN Management System (LMS) 1.9.6 - Remote File Inclusion Exploit
Ripe Website Manager (CMS) <= 0.8.9 - Remote File Inclusion
Ripe Website Manager (CMS) 0.8.9 - Remote File Inclusion
Simple PHP Blog (sphpblog) <= 0.5.1 - Multiple Vulnerabilities
Simple PHP Blog (sphpblog) 0.5.1 - Multiple Vulnerabilities
TaskFreak! <= 0.6.1 - SQL Injection
TaskFreak! 0.6.1 - SQL Injection
MyBulletinBoard (MyBB) <= 1.2.10 - Remote Code Execution Exploit
mybulletinboard (mybb) <= 1.2.10 - Multiple Vulnerabilities
MyBulletinBoard (MyBB) 1.2.10 - Remote Code Execution Exploit
mybulletinboard (mybb) 1.2.10 - Multiple Vulnerabilities
MyBulletinBoard (MyBB) <= 1.2.11 - private.php SQL Injection Exploit
MyBulletinBoard (MyBB) 1.2.11 - private.php SQL Injection Exploit
PHP Live! <= 3.2.2 - (questid) SQL Injection (1)
PHP Live! 3.2.2 - (questid) SQL Injection (1)
Web Group Communication Center (WGCC) <= 1.0.3 - SQL Injection
Web Group Communication Center (WGCC) 1.0.3 - SQL Injection
C6 Messenger ActiveX Remote Download & Execute Exploit
C6 Messenger ActiveX - Remote Download & Execute Exploit
eLineStudio Site Composer (ESC) <= 2.6 - Multiple Vulnerabilities
eLineStudio Site Composer (ESC) 2.6 - Multiple Vulnerabilities
Simple PHP Blog (SPHPBlog) <= 0.5.1 Code Execution Exploit
Simple PHP Blog (SPHPBlog) 0.5.1 Code Execution Exploit
MyBulletinBoard (MyBB) <= 1.2.11 - private.php SQL Injection Exploit (2)
MyBulletinBoard (MyBB) 1.2.11 - private.php SQL Injection Exploit (2)
DZCP (deV!L_z Clanportal) <= 1.4.9.6 - Blind SQL Injection Exploit
DZCP (deV!L_z Clanportal) 1.4.9.6 - Blind SQL Injection Exploit
Amaya Web Editor XML and HTML parser Vulnerabilities
Amaya Web Editor - XML and HTML parser Vulnerabilities
CMS WEBjump! Multiple SQL Injection
CMS WEBjump! - Multiple SQL Injection
RQms (Rash) <= 1.2.2 - Multiple SQL Injection
RQms (Rash) 1.2.2 - Multiple SQL Injection
Online Grades & Attendance 3.2.6 Credentials Changer SQL Exploit
Online Grades & Attendance 3.2.6 - Credentials Changer SQL Exploit
Apple Safari & Quicktime Denial of Service
Apple Safari & Quicktime - Denial of Service
AudioPLUS 2.00.215 - (.lst & .m3u) Local Buffer Overflow (SEH)
AudioPLUS 2.00.215 - (.lst / .m3u) Local Buffer Overflow (SEH)
PHP Live! <= 3.2.2 - (questid) SQL Injection (2)
PHP Live! 3.2.2 - (questid) SQL Injection (2)
TwonkyMedia Server 4.4.17 & <= 5.0.65 - XSS
TwonkyMedia Server 4.4.17 / 5.0.65 - XSS
Adobe Shockwave 11.5.1.601 Player Multiple Code Execution
Adobe Shockwave 11.5.1.601 Player - Multiple Code Execution
NAS Uploader 1.0 & 1.5 - Remote File Upload
NAS Uploader 1.0 / 1.5 - Remote File Upload
PlayMeNow 7.3 & 7.4 - Buffer Overflow (Metasploit)
PlayMeNow 7.3 / 7.4 - Buffer Overflow (Metasploit)
Nuked KLan 1.7.7 & <= SP4 DoS
Nuked KLan 1.7.7 & SP4 DoS
Aqua Real 1.0 & 2.0 - Local Crash PoC
Aqua Real 1.0 / 2.0 - Local Crash PoC
FreePBX 2.5.x < 2.6.0 - Permanent Cross-Site Scripting (XSS)
FreePBX 2.5.x < 2.6.0 - Permanent Cross-Site Scripting
Ipswitch IMAIL 11.01 reversible encryption + weak ACL
Ipswitch IMAIL 11.01 - reversible encryption + weak ACL
justVisual 2.0 - (index.php) <= LFI
justVisual 2.0 - (index.php) LFI
Simple Machines Forum (SMF) <= 1.1.8 - (avatar) Remote PHP File Execute PoC
Simple Machines Forum (SMF) 1.1.8 - (avatar) Remote PHP File Execute PoC
SafeSHOP 1.5.6 - Cross-Site Scripting & Multiple Cross-Site Request Forgery
SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery
McAfee Email Gateway (formerly IronMail) - Cross-Site Scripting (XSS)
McAfee Email Gateway (formerly IronMail) - Cross-Site Scripting
Local Glibc shared library (.so) <= 2.11.1 Exploit
Local Glibc shared library (.so) 2.11.1 Exploit
Safari 4.0.3 & 4.0.4 - Stack Exhaustion
Safari 4.0.3 / 4.0.4 - Stack Exhaustion
Apache Axis2 administration console - Cross-Site Scripting (XSS) (Authenticated)
Apache Axis2 administration console - (Authenticated) Cross-Site Scripting
CubeCart PHP (shipkey parameter) <= 4.3.x - SQL Injection
CubeCart PHP (shipkey parameter) 4.3.x - SQL Injection
Joomla Health & Fitness Stats Persistent XSS
Joomla Health & Fitness Stats - Persistent XSS
PunBB 1.3.4 & Pun_PM 1.2.6 - Remote Blind SQL Injection Exploit
PunBB 1.3.4 / Pun_PM 1.2.6 - Remote Blind SQL Injection Exploit
MyIT CRM - Multiple Cross-Site Scripting (XSS)
MyIT CRM - Multiple Cross-Site Scripting
Adobe Dreamweaver CS5 <= 11.0 build 4909 - DLL Hijacking Exploit (mfc90loc.dll)
Adobe Dreamweaver CS5 11.0 build 4909 - DLL Hijacking Exploit (mfc90loc.dll)
Avast! <= 5.0.594 - license files DLL Hijacking Exploit (mfc90loc.dll)
Avast! 5.0.594 - (mfc90loc.dll) License Files DLL Hijacking Exploit
BlogBird Platform Multiple XSS Vulnerabilities
BlogBird Platform - Multiple XSS Vulnerabilities
Joomla Component (btg_oglas) HTML & XSS Injection
Joomla Component (btg_oglas) - HTML / XSS Injection
Lotus CMS Fraise 3.0 - LFI & Remote Code Execution Exploit
Lotus CMS Fraise 3.0 - LFI / Remote Code Execution Exploit
Novell ZenWorks 10 & 11 - TFTPD Remote Code Execution
Novell ZenWorks 10 / 11 - TFTPD Remote Code Execution
CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow (1)
CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (1)
CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow (2)
CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (2)
CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow (3)
CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (3)
CA BrightStor ARCserve for Laptops & Desktops LGServer Multiple Commands Buffer Overflow
CA BrightStor ARCserve for Laptops & Desktops LGServer - Multiple Commands Buffer Overflow
SmarterMail 7.3 & 7.4 - Multiple Vulnerabilities
SmarterMail 7.3 / 7.4 - Multiple Vulnerabilities
OpenSLP 1.2.1 & < 1647 trunk - Denial of Service Exploit
OpenSLP 1.2.1 / < 1647 trunk - Denial of Service Exploit
ScadaTEC ModbusTagServer & ScadaPhone (.zip) Buffer Overflow Exploit (0Day)
ScadaTEC ModbusTagServer & ScadaPhone - (.zip) Buffer Overflow Exploit (0Day)
MARINET CMS (room.php) <= Blind SQL
MARINET CMS (room.php) Blind SQL
phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection (Metasploit)
phpMyAdmin 3.3.x / 3.4.x - Local File Inclusion via XXE Injection (Metasploit)
ContaoCMS (aka TYPOlight) <= 2.11 - CSRF (Delete Admin & Delete Article)
ContaoCMS (aka TYPOlight) 2.11 - CSRF (Delete Admin / Delete Article)
Ricoh DC Software DL-10 FTP Server (SR10.exe) <= 1.1.0.6 - Remote Buffer Overflow
Ricoh DC Software DL-10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow
Simple PHP Agenda 2.2.8 - CSRF (Add Admin & Add Event)
Simple PHP Agenda 2.2.8 - CSRF (Add Admin / Add Event)
SumatraPDF 2.0.1 - (.chm) & (.mobi) Memory Corruption
SumatraPDF 2.0.1 - (.chm / .mobi) Memory Corruption
Dolibarr ERP & CRM 3 Post-Auth OS Command Injection
Dolibarr ERP & CRM OS Command Injection
Dolibarr ERP & CRM 3 - Post-Auth OS Command Injection
Dolibarr ERP & CRM - OS Command Injection
Microsoft Data Access Components (MDAC) <= 2.1_Microsoft IIS 3.0/4.0_Microsoft Index Server 2.0_Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS (1)
Microsoft Data Access Components (MDAC) <= 2.1_Microsoft IIS 3.0/4.0_Microsoft Index Server 2.0_Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS (2)
Microsoft Data Access Components (MDAC) 2.1_Microsoft IIS 3.0/4.0_Microsoft Index Server 2.0_Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS (1)
Microsoft Data Access Components (MDAC) 2.1_Microsoft IIS 3.0/4.0_Microsoft Index Server 2.0_Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS (2)
sflog! <= 1.00 - Multiple Vulnerabilities
sflog! 1.00 - Multiple Vulnerabilities
Inter7 vpopmail (vchkpw) <= 3.4.11 - Buffer Overflow
Inter7 vpopmail (vchkpw) 3.4.11 - Buffer Overflow
White Label CMS 1.5 - CSRF & Persistent XSS
White Label CMS 1.5 - CSRF / Persistent XSS
AIX 3.x/4.x & Windows 95/98/2000/NT 4 & SunOS 5 gethostbyname() - Buffer Overflow
AIX 3.x/4.x / Windows 95/98/2000/NT 4 / SunOS 5 gethostbyname() - Buffer Overflow
gdb (GNU debugger) <= 7.5.1NULL Pointer Dereference
gdb (GNU debugger) 7.5.1NULL Pointer Dereference
Adam Webb NukeJokes 1.7/2.0 Module Multiple Parameter XSS
Adam Webb NukeJokes 1.7/2.0 - Module Multiple Parameter XSS
Polycom HDX Telnet Authorization Bypass (Metasploit)
Polycom HDX - Telnet Authorization Bypass (Metasploit)
Joomla! <= 3.0.2 - (highlight.php) PHP Object Injection
Joomla! 3.0.2 - (highlight.php) PHP Object Injection
Joomla! <= 3.0.3 (remember.php) - PHP Object Injection
Joomla! 3.0.3 (remember.php) - PHP Object Injection
Active Auction House Default.ASP Multiple SQL Injection
Active Auction House - Default.ASP Multiple SQL Injection
Aenovo Multiple Unspecified Cross-Site Scripting Vulnerabilities
Aenovo - Multiple Unspecified Cross-Site Scripting Vulnerabilities
Alisveristr E-commerce Login Multiple SQL Injection
Alisveristr E-commerce Login - Multiple SQL Injection
Cline Communications Multiple SQL Injection
Cline Communications - Multiple SQL Injection
Andy Mack 35mm Slide Gallery 6.0 popup.php Multiple Parameter XSS
Andy Mack 35mm Slide Gallery 6.0 - popup.php Multiple Parameter XSS
Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8 - Heap Buffer Overflow
Apple Safari 6.0.1 for iOS 6.0 / OS X 10.7/8 - Heap Buffer Overflow
AIOCP 1.3.x cp_forum_view.php Multiple Parameter XSS
AIOCP 1.3.x - cp_forum_view.php Multiple Parameter XSS
AIOCP 1.3.x cp_news.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_news.php Multiple Parameter SQL Injection
AIOCP 1.3.x cp_newsletter.php Multiple Parameter SQL Injection
AIOCP 1.3.x cp_links.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_newsletter.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_links.php Multiple Parameter SQL Injection
AIOCP 1.3.x cp_show_ec_products.php Multiple Parameter SQL Injection
AIOCP 1.3.x - cp_show_ec_products.php Multiple Parameter SQL Injection
20/20 Applications Data Shed 1.0 listings.asp Multiple Parameter SQL Injection
20/20 Applications Data Shed 1.0 - listings.asp Multiple Parameter SQL Injection
ClickContact Default.ASP Multiple SQL Injection
ClickContact - Default.ASP Multiple SQL Injection
Onpub CMS 1.4 & 1.5 - Multiple SQL Injection
Onpub CMS 1.4 / 1.5 - Multiple SQL Injection
Apache + PHP < 5.3.12 & < 5.4.2 - cgi-bin Remote Code Execution Exploit
Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution Exploit
Apache + PHP < 5.3.12 & < 5.4.2 - Remote Code Execution (Multithreaded Scanner)
Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner)
ClientExec 3.0 Index.php Multiple Cross-Site Scripting Vulnerabilities
ClientExec 3.0 - Index.php Multiple Cross-Site Scripting Vulnerabilities
AbleDesign MyCalendar 2.20.3 Index.php Multiple Cross-Site Scripting Vulnerabilities
AbleDesign MyCalendar 2.20.3 - Index.php Multiple Cross-Site Scripting Vulnerabilities
AlstraSoft Affiliate Network Pro 8.0 merchants/index.php Multiple Parameter XSS
AlstraSoft Affiliate Network Pro 8.0 - merchants/index.php Multiple Parameter XSS
File(1) <= 4.13 Command File_PrintF Integer Underflow
File(1) 4.13 Command File_PrintF Integer Underflow
ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
ACDSee 9.0 Photo Manager - Multiple BMP Denial of Service Vulnerabilities
Ahhp Portal Page.php Multiple Remote File Inclusion
Ahhp Portal - Page.php Multiple Remote File Inclusion
Apple QuickTime 7.1.5 Information Disclosure and Multiple Code Execution Vulnerabilities
Apple QuickTime 7.1.5 - Information Disclosure / Multiple Code Execution Vulnerabilities
OpenBase 10.0.x - (Buffer Overflow & Remote Command Execution) Multiple Vulnerabilities
OpenBase 10.0.x - Buffer Overflow / Remote Command Execution
AIDA Web Frame.HTML Multiple Unauthorized Access Vulnerabilities
AIDA Web - Frame.HTML Multiple Unauthorized Access Vulnerabilities
Absolute News Manager .NET 5.1 xlaabsolutenm.aspx Multiple Parameter SQL Injection
Absolute News Manager .NET 5.1 - xlaabsolutenm.aspx Multiple Parameter SQL Injection
Adobe Acrobat and Reader 8.1.1 - Multiple Arbitrary Code Execution and Security Vulnerabilities
Adobe Acrobat and Reader 8.1.1 - Multiple Arbitrary Code Execution / Security Vulnerabilities
Apple iPhone and iPod Touch < 2.0 - Multiple Remote Vulnerabilities
Apple iPhone / Apple iPod Touch < 2.0 - Multiple Remote Vulnerabilities
HPSystem Management Homepage (SMH) <= 2.1.12 - 'message.php' Cross-Site Scripting
HPSystem Management Homepage (SMH) 2.1.12 - 'message.php' Cross-Site Scripting
Apple iPhone 1.1.4/2.0 and iPod 1.1.4/2.0 touch Safari WebKit 'alert()' Function Remote Denial of Service
Apple iPhone 1.1.4/2.0 and iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Function Remote Denial of Service
3Com Wireless 8760 Dual-Radio 11a/b/g PoE Multiple Security Vulnerabilities
3Com Wireless 8760 Dual-Radio 11a/b/g PoE - Multiple Security Vulnerabilities
AlmondSoft Multiple Classifieds Products index.php replid Parameter SQL Injection
AlmondSoft Multiple Classifieds Products index.php Multiple Parameter XSS
AlmondSoft Multiple Classifieds Products - index.php replid Parameter SQL Injection
AlmondSoft Multiple Classifieds Products - index.php Multiple Parameter XSS
Linux Kernel 2.6.x (2.6.0 <= 2.6.31) - 'pipe.c' Local Privilege Escalation (1)
Linux Kernel 2.6.0 <= 2.6.31 - 'pipe.c' Local Privilege Escalation (1)
CMS Source Multiple Input Validation Vulnerabilities
CMS Source - Multiple Input Validation Vulnerabilities
123 Flash Chat = Multiple Security Vulnerabilities
123 Flash Chat - Multiple Security Vulnerabilities
Pimcore 3.0 & 2.3.0 CMS - SQL Injection
Pimcore 3.0 / 2.3.0 CMS - SQL Injection
Apple Mac OS X 10.6.5 And iOS 4.3.3 Mail Denial of Service
Apple Mac OS X 10.6.5 / iOS 4.3.3 Mail - Denial of Service
CmyDocument Multiple Cross-Site Scripting Vulnerabilities
CmyDocument - Multiple Cross-Site Scripting Vulnerabilities
OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS)
OTRS < 3.1.x / < 3.2.x / < 3.3.x - Stored Cross-Site Scripting
OYO File Manager 1.1 (iOS & Android) - Multiple Vulnerabilities
OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities
Airdroid iOS_ Android & Win 3.1.3 - Persistent
Airdroid iOS / Android / Win 3.1.3 - Persistent
SMF (Simple Machine Forum) <= 2.0.10 - Remote Memory Exfiltration Exploit
SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration Exploit
Air Drive Plus Multiple Input Vallidation Vulnerabilities
Air Drive Plus - Multiple Input Vallidation Vulnerabilities
Collabtive Multiple Security Vulnerabilities
Collabtive - Multiple Security Vulnerabilities
Open Upload 0.4.2 - (Add Admin) CSRF
Wireshark 1.12.0 to 1.12.12 - NDS Dissector Denial of Service
Wireshark 2.0.0 to 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service
Wireshark 2.0.0 to 2.0.4 - CORBA IDL Dissectors Denial of Service
Wireshark 2.0.0 to 2.0.4_ 1.12.0 to 1.12.12 - PacketBB Dissector Denial of Service
Wireshark 2.0.0 to 2.0.4_ 1.12.0 to 1.12.12 - WSP Dissector Denial of Service
Wireshark 2.0.0 to 2.0.4_ 1.12.0 to 1.12.12 - RLC Dissector Denial of Service
2016-08-03 05:06:13 +00:00
Offensive Security
1b40ae09d7
DB: 2016-08-02
...
4 new exploits
ProFTPD 1.2.7 < 1.2.9rc2 - Remote Root & brute-force Exploit
ProFTPD 1.2.7 < 1.2.9rc2 - Remote Root / brute-force Exploit
Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1)
Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2)
Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3)
Linux Kernel 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Validator (Proof of Concept) (1)
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (Proof of Concept) (1)
Linux Kernel 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Root Exploit (2)
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Local Root Exploit (2)
Symantec Multiple Firewall DNS Response Denial of Service
Symantec Multiple Firewall - DNS Response Denial of Service
Lexmark Multiple HTTP Servers Denial of Service
Lexmark Multiple HTTP Servers - Denial of Service
BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit
BadBlue 2.52 Web Server - Multiple Connections Denial of Service Exploit
Linux Kernel 2.4.28 / <= 2.6.9 - scm_send Local DoS Exploit
Linux Kernel 2.4.28 / 2.6.9 - scm_send Local DoS Exploit
Linux Kernel 2.6.9 / <= 2.4.28 - vc_resize int Local Overflow Exploit
Linux Kernel 2.6.9 / <= 2.4.28 - Memory Leak Local DoS
Linux Kernel 2.6.9 / <= 2.4.28 - ip_options_get Local Overflow
Linux Kernel 2.4.28 / 2.6.9 - vc_resize int Local Overflow Exploit
Linux Kernel 2.4.28 / 2.6.9 - Memory Leak Local DoS
Linux Kernel 2.4.28 / 2.6.9 - ip_options_get Local Overflow
Linux Kernel 2.6.9 / <= 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Local Root Exploit
Linux Kernel 2.6.9 / 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Local Root Exploit
WebWiz Products 1.0 / <= 3.06 - Login Bypass SQL Injection Exploits
WebWiz Products 1.0 / 3.06 - Login Bypass SQL Injection Exploits
Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit
Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure / Denial of Service Exploit
Fast Click 1.1.3 / <= 2.3.8 - (show.php) Remote File Inclusion Exploit
Fast Click 1.1.3 / 2.3.8 - (show.php) Remote File Inclusion Exploit
Newsscript 0.5 - Remote and Local File Inclusion
Newsscript 0.5 - Remote File Inclusion / Local File Inclusion
Invision Gallery 2.0.7 ReadFile() & SQL Injection Exploit (linux)
Invision Gallery 2.0.7 ReadFile() & SQL Injection Exploit (Linux)
X-Cart ? Multiple Remote File Inclusion
X-Cart - Multiple Remote File Inclusion
Rayzz Script 2.0 - Remote / Local File Inclusion
Rayzz Script 2.0 - Remote File Inclusion / Local File Inclusion
QuickTime 7.4.1 QTPlugin.ocx Multiple Stack Overflow Vulnerabilities
QuickTime 7.4.1 - QTPlugin.ocx Multiple Stack Overflow Vulnerabilities
LookStrike Lan Manager 0.9 - Remote / Local File Inclusion
LookStrike Lan Manager 0.9 - Remote File Inclusion / Local File Inclusion
CMS WebManager-Pro Multiple SQL Injection
CMS WebManager-Pro - Multiple SQL Injection
Facil-CMS 0.1RC Multiple Local File Inclusion
Facil-CMS 0.1RC - Multiple Local File Inclusion
Bea Weblogic Apache Connector - Code Execution and Denial of Service Exploit
Bea Weblogic Apache Connector - Code Execution / Denial of Service Exploit
Nuked-klaN 1.7.7 / <= SP4.4 - Multiple Vulnerabilities
Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities
CafeEngine Multiple SQL Injection
CafeEngine - Multiple SQL Injection
A-Link WL54AP3 and WL54AP2 - CSRF + XSS
A-Link WL54AP3 and WL54AP2 - CSRF / XSS
GS Real Estate Portal Multiple SQL Injection
GS Real Estate Portal - Multiple SQL Injection
FloSites Blog Multiple SQL Injection
FloSites Blog - Multiple SQL Injection
ASP PORTAL Multiple SQL Injection
ASP PORTAL - Multiple SQL Injection
Simple Machines Forum 1.0.13 / <= 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
Simple Machines Forum 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
Pligg 9.9.5 - CSRF Protection Bypass and Captcha Bypass
Pligg 9.9.5 - CSRF Protection Bypass / Captcha Bypass
Demium CMS 0.2.1b - Multiple Vulnerabilities and Exploit
Demium CMS 0.2.1b - Multiple Vulnerabilities
Linux Kernel 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit
Linux Kernel 2.6.20 / 2.6.24 / 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit
AudioPLUS 2.00.215 - (.lst & .m3u) Local Buffer Overflow (seh)
AudioPLUS 2.00.215 - (.lst & .m3u) Local Buffer Overflow (SEH)
Linux Kernel 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit
Linux Kernel 2.6.24_16-23 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit
jetty 6.x < 7.x - XSS & Information Disclosure & Injection
jetty 6.x < 7.x - XSS / Information Disclosure / Injection
OpenDocMan 1.2.5 - XSS & SQL injection
OpenDocMan 1.2.5 - XSS / SQL injection
Alteon OS BBI (Nortell) - (XSS and CSR) Multiple Vulnerabilities
Alteon OS BBI (Nortell) - XSS / CSR
Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection
Micronet SP1910 Data Access Controller UI - XSS / HTML Code Injection
Kide Shoutbox 0.4.6 - XSS & AXFR
Kide Shoutbox 0.4.6 - XSS / AXFR
PHP-Nuke 8.0 - XSS & HTML Code Injection in News Module
PHP-Nuke 8.0 - XSS / HTML Code Injection in News Module
Invision Power Board 3.0.4 / <= 3.0.4 / <= 2.3.6 - LFI / SQL Injection
Invision Power Board 3.0.4 / 3.0.4 / 2.3.6 - LFI / SQL Injection
oBlog - Persistant XSS & CSRF & Admin Bruteforce
oBlog - Persistant XSS / CSRF / Admin Bruteforce
WP-Forum 2.3 - SQL Injection & Blind SQL Injection
WP-Forum 2.3 - SQL Injection / Blind SQL Injection
QuickEStore 7.9 - SQL Injection and Path Diclosure Download
QuickEStore 7.9 - SQL Injection / Path Diclosure Download
dotProject 2.1.3 - XSS and Improper Permissions
dotProject 2.1.3 - XSS / Improper Permissions
MOJO's IWms 7 SQL Injection & Cross-Site Scripting
MOJO's IWms 7 - SQL Injection / Cross-Site Scripting
Cisco Collaboration Server 5 - XSS & Source Code Disclosure
Cisco Collaboration Server 5 - XSS / Source Code Disclosure
cPanel Multiple CSRF Vulnerabilities
cPanel - Multiple CSRF Vulnerabilities
(Tod Miller's) Sudo/SudoEdit <= 1.6.9p21 / <= 1.7.2p4 - Local Root Exploit
(Tod Miller's) Sudo/SudoEdit 1.6.9p21 / 1.7.2p4 - Local Root Exploit
SiteDone Custom Edition 2.0 - SQL Injection & XSS
SiteDone Custom Edition 2.0 - SQL Injection / XSS
TSOKA:CMS 1.1 & 1.9 & 2.0 - SQL Injection & XSS
TSOKA:CMS 1.1 & 1.9 & 2.0 - SQL Injection / XSS
Centreon IT & Network Monitoring 2.1.5 - Injection SQL
Centreon IT & Network Monitoring 2.1.5 - SQL Injection
ilchClan 1.0.5 - (cid) SQL Injection & Exploit
ilchClan 1.0.5 - (cid) SQL Injection
joelz bulletin board 0.9.9rc3 - Multiple SQL Injection & Exploit
joelz bulletin board 0.9.9rc3 - Multiple SQL Injection
2DayBiz Advanced Poll Script - XSS and Authentication Bypass
2DayBiz Advanced Poll Script - XSS / Authentication Bypass
Socialware 2.2 - Upload and XSS
Socialware 2.2 - Upload / XSS
Waibrasil Remote / Local File Inclusion
Waibrasil - Remote File Inclusion / Local File Inclusion
I-Vision CMS - XSS & SQL Injection
I-Vision CMS - XSS / SQL Injection
phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting and Full Path
phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path
3Com* iMC (Intelligent Management Center) - Various XSS and Information Disclosure Flaws
3Com* iMC (Intelligent Management Center) - XSS / Information Disclosure Flaws
WmsCMS - XSS & SQL Injection
iScripts eSwap 2.0 - SQLi and XSS
WmsCMS - XSS / SQL Injection
iScripts eSwap 2.0 - SQLi / XSS
reVou Twitter Clone 2.0 Beta - SQL Injection and XSS
JForum 2.1.8 bookmarks CSRF & XSS
reVou Twitter Clone 2.0 Beta - SQL Injection / XSS
JForum 2.1.8 bookmarks CSRF / XSS
eLms Pro - SQLi and XSS
PGAUTOPro - SQLi and XSS
eLms Pro - SQLi / XSS
PGAUTOPro - SQLi / XSS
Joomla 1.5 Jreservation Component - SQLi And XSS
Joomla 1.5 Jreservation Component - SQLi / XSS
Science Fair In A Box - SQLi & XSS
Science Fair In A Box - SQLi / XSS
PHP Property Rental Script - SQLi & XSS
PHP Property Rental Script - SQLi / XSS
SchoolMation 2.3 - SQLi and XSS
SchoolMation 2.3 - SQLi / XSS
UTStats - XSS & SQL Injection & Full path disclosure
UTStats - XSS / SQL Injection / Full path disclosure
SimpleAssets Authentication Bypass & XSS
SimpleAssets Authentication Bypass / XSS
InterScan Web Security 5.0 - Arbitrary File Upload & Local Privilege Escalation
InterScan Web Security 5.0 - Arbitrary File Upload / Local Privilege Escalation
ARSC Really Simple Chat 3.3 - Remote File Inclusion & XSS
ARSC Really Simple Chat 3.3 - Remote File Inclusion / XSS
Pre Multi-Vendor Shopping Malls SQL Injection & Auth Bypass
Pre Multi-Vendor Shopping Malls SQL Injection / Auth Bypass
Zylone IT Multiple Blind SQL Injection
Zylone IT - Multiple Blind SQL Injection
vBulletin 3.8.4 & 3.8.5 Registration Bypass
vBulletin 3.8.4 / 3.8.5 Registration Bypass
JaWiki 'versionNo' Parameter Cross Site Scripting
JaWiki 'versionNo' Parameter Cross-Site Scripting
411cc Multiple SQL Injection
411cc - Multiple SQL Injection
MantisBT 1.2.3 (db_type) - Cross-Site Scripting & Path Disclosure
MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Path Disclosure
OpenEMR 3.2.0 - SQL Injection and XSS
OpenEMR 3.2.0 - SQL Injection / XSS
F3Site 2011 alfa 1 - (XSS & CSRF) Multiple Vulnerabilities
phpMySport 1.4 - (SQLi & Auth Bypass & Path Disclosure) Multiple Vulnerabilities
F3Site 2011 alfa 1 - (XSS / CSRF) Multiple Vulnerabilities
phpMySport 1.4 - SQLi / Auth Bypass / Path Disclosure
WordPress Plugin BackWPup - Remote and Local Code Execution
WordPress Plugin BackWPup - Remote Code Execution /Local Code Execution
Planex Mini-300PU & Mini100s Cross-Site Scripting
Planex Mini-300PU & Mini100s - Cross-Site Scripting
TinyBB 1.4 - Blind SQL Injection and Path Disclosure
TinyBB 1.4 - Blind SQL Injection / Path Disclosure
Linux Kernel 2.6.28 / <= 3.0 (DEC Alpha Linux) - Local Root Exploit
Linux Kernel 2.6.28 / 3.0 (DEC Alpha Linux) - Local Root Exploit
If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (Metasploit) (2)
If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (Metasploit) (2)
Webcat Multiple Blind SQL Injection
Webcat - Multiple Blind SQL Injection
Banana Dance CMS and Wiki SQL Injection
Banana Dance CMS and Wiki - SQL Injection
SMF 2.0.1 - SQL Injection & Privilege Escalation
SMF 2.0.1 - SQL Injection / Privilege Escalation
Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd
Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd
Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities
phpList 2.10.17 - SQL Injection and XSS
phpList 2.10.17 - SQL Injection / XSS
vBshop Multiple Persistent XSS Vulnerabilities
vBshop - Multiple Persistent XSS Vulnerabilities
ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injection
Serendipity 1.6 - Backend XSS And SQLi
Serendipity 1.6 - Backend XSS / SQLi
Wireshark Multiple Dissector Denial of Service Vulnerabilities
Wireshark - Multiple Dissector Denial of Service Vulnerabilities
Useresponse 1.0.2 - Privilege Escalation & RCE Exploit
Useresponse 1.0.2 - Privilege Escalation / RCE Exploit
Linux Kernel 2.2/2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options
Linux Kernel 2.2 / 2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options
AlienVault OSSIM 3.1 - Reflected XSS and Blind SQL Injection
Spiceworks 5.3.75941 - Stored XSS and Post-Auth SQL Injection
AlienVault OSSIM 3.1 - Reflected XSS / Blind SQL Injection
Spiceworks 5.3.75941 - Stored XSS / Post-Auth SQL Injection
T-dah Webmail CSRF & Stored XSS
T-dah Webmail - CSRF / Stored XSS
XODA Document Management System 0.4.5 - XSS & Arbitrary File Upload
XODA Document Management System 0.4.5 - XSS / Arbitrary File Upload
WireShark 1.8.2 & 1.6.0 - Buffer Overflow PoC (0Day)
WireShark 1.8.2 / 1.6.0 - Buffer Overflow PoC (0Day)
businesswiki 2.5rc3 - Stored XSS & arbitrary file upload
businesswiki 2.5rc3 - Stored XSS / arbitrary file upload
SpyNet 6.5 Chat Server Multiple Connection Denial of Service
SpyNet 6.5 Chat Server - Multiple Connection Denial of Service
Exploit: NCMedia Sound Editor Pro 7.5.1 - (SEH + DEP Bypass)
NCMedia Sound Editor Pro 7.5.1 - (SEH + DEP Bypass)
Mozilla Bonsai Multiple Cross-Site Scripting Vulnerabilities
Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities
airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection
airVisionNVR 1.1.13 - readfile() Disclosure / SQL Injection
BRS WebWeaver 1.0 4 POST and HEAD Denial of Service
BRS WebWeaver 1.0 4 - POST and HEAD Denial of Service
Caucho Resin 2.0/2.1 - Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
Caucho Resin 2.0/2.1 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
MyDms 1.4 - SQL Injection And Directory Traversal
MyDms 1.4 - SQL Injection / Directory Traversal
D-Link DIR-600 and DIR-300 - (rev B) Multiple Vulnerabilities
D-Link DIR-600 and DIR-300 (rev B) - Multiple Vulnerabilities
D'Link DIR-615 Hardware rev D3 / DIR-300 - Hardware rev A Multiple Vulnerabilities
D'Link DIR-615 Hardware rev D3 / DIR-300 Hardware rev A - Multiple Vulnerabilities
Linux Kernel 2.6.x (RHEL4 <= 2.6.9 / <= 2.6.11) - SYS_EPoll_Wait Local Integer Overflow Local Root (2)
Linux Kernel 2.6.9 /2.6.11 (RHEL4) - SYS_EPoll_Wait Local Integer Overflow Local Root (2)
Linux Kernel 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root
Linux Kernel 2.4.30 / 2.6.11.5 - Bluetooth bluez_sock_create Local Root
CKEditor < 4.1 - Persistent XSS WYSIWYG module Drupal 6.x & 7.x
CKEditor < 4.1WYSIWYG module Drupal 6.x & 7.x - Persistent XSS
OSTicket 1.2/1.3 - Multiple Input Validation and Remote Code Injection Vulnerabilities
OSTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities
Calendarix 0.8.20071118 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
MyBB - Multiple Cross-Site Scripting and SQL Injection
Calendarix 0.8.20071118 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
MyBB - Multiple Cross-Site Scripting / SQL Injection
YaPiG 0.9x - Remote and Local File Inclusion
YaPiG 0.9x - Remote File Inclusion / Local File Inclusion
ATutor 1.4.3 tile.php Multiple Parameter XSS
ATutor 1.4.3 - tile.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 menu_footer.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - menu_footer.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 menu_header.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 menu_tema.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - menu_header.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - menu_tema.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 reply.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - reply.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 new.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 edit_msg.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - new.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - edit_msg.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 reply_in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - reply_in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 memory.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 line.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 enter.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - memory.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - line.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - enter.php Multiple Parameter SQL Injection
ASPNuke 0.80 register.asp Multiple Parameter XSS
ASPNuke 0.80 - register.asp Multiple Parameter XSS
Binary Board System 0.2.5 reply.pl Multiple Parameter XSS
Binary Board System 0.2.5 stats.pl Multiple Parameter XSS
Binary Board System 0.2.5 - reply.pl Multiple Parameter XSS
Binary Board System 0.2.5 - stats.pl Multiple Parameter XSS
ZixForum 1.12 Forum.ASP Multiple SQL Injection
ZixForum 1.12 - Forum.ASP Multiple SQL Injection
QNX 6.2/6.3 - Multiple Local Privilege Escalation and Denial of Service Vulnerabilities
QNX 6.2/6.3 - Multiple Local Privilege Escalation / Denial of Service Vulnerabilities
Web-APP.net WebAPP 0.9.x index.cgi Multiple Parameter XSS
Web-APP.net WebAPP 0.9.x - index.cgi Multiple Parameter XSS
IntelliLink Pro 5.06 edit.cgi Multiple Parameter XSS
IntelliLink Pro 5.06 - edit.cgi Multiple Parameter XSS
xFlow 5.46.11 index.cgi Multiple Parameter SQL Injection
xFlow 5.46.11 index.cgi Multiple Parameter XSS
xFlow 5.46.11 - index.cgi Multiple Parameter SQL Injection
xFlow 5.46.11 - index.cgi Multiple Parameter XSS
zenphoto 0.9/1.0 index.php Multiple Parameter XSS
zenphoto 0.9/1.0 - index.php Multiple Parameter XSS
ATutor 1.5.x create_course.php Multiple Parameter XSS
ATutor 1.5.x - create_course.php Multiple Parameter XSS
BlaBla 4U Multiple Cross-Site Scripting Vulnerabilities
BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities
Apache HTTP Server 1.3.35 / <= 2.0.58 / <= 2.2.2 - Arbitrary HTTP Request Headers Security Weakness
Apache HTTP Server 1.3.35 / 2.0.58 / 2.2.2 - Arbitrary HTTP Request Headers Security Weakness
WWWThreads 5.4 Cat Parameter Multiple Cross-Site Scripting Vulnerabilities
WWWThreads 5.4 - Cat Parameter Multiple Cross-Site Scripting Vulnerabilities
AckerTodo 4.2 Login.php Multiple SQL Injection
AckerTodo 4.2 - Login.php Multiple SQL Injection
ac4p Mobile index.php Multiple Parameter XSS
ac4p Mobile MobileNews.php Multiple Parameter XSS
ac4p Mobile - index.php Multiple Parameter XSS
ac4p Mobile - MobileNews.php Multiple Parameter XSS
ac4p Mobile up.php Multiple Parameter XSS
ac4p Mobile - up.php Multiple Parameter XSS
AShop Deluxe 4.5 ashop/catalogue.php Multiple Parameter XSS
AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter XSS
AShop Deluxe 4.5 shipping.php Multiple Parameter XSS
AShop Deluxe 4.5 - shipping.php Multiple Parameter XSS
212cafeBoard Multiple Cross-Site Scripting Vulnerabilities
212cafeBoard - Multiple Cross-Site Scripting Vulnerabilities
Coppermine Photo Gallery 1.4.10 - Multiple Remote And Local File Inclusion
Coppermine Photo Gallery 1.4.10 - Multiple Remote File Inclusion / Local File Inclusion
Atom PhotoBlog 1.0.1/1.0.9AtomPhotoBlog.php Multiple Input Validation Vulnerabilities
Atom PhotoBlog 1.0.1/1.0.9 - AtomPhotoBlog.php Multiple Input Validation Vulnerabilities
PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass and Multiple SQL Injection
PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injection
WordPress Plugin DZS Video Gallery 3.1.3 - Remote and Local File Disclosure
WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure
ACG News 1.0 index.php Multiple SQL Injection
ACG News 1.0 - index.php Multiple SQL Injection
Add a link 4 - Security Bypass and SQL Injection
Add a link 4 - Security Bypass / SQL Injection
AlienVault OSSIM SQL Injection and Remote Code Execution
AlienVault OSSIM - SQL Injection / Remote Code Execution
bttlxe Forum 2.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
bttlxe Forum 2.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
Neuron News 1.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
Neuron News 1.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
Clever Copy 3.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
Clever Copy 3.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
Cells Blog 3.3 - XSS Reflected & Blind SQLite Injection
Cells Blog 3.3 - XSS Reflected / Blind SQLite Injection
ProjectPier 0.8 - Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
MyBlog 1.x - SQL Injection and Remote File Inclusion
MyBlog 1.x - SQL Injection / Remote File Inclusion
PHP Classifieds 6.20 - Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities
PHP Classifieds 6.20 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities
Kloxo - SQL Injection and Remote Code Execution
Kloxo - SQL Injection / Remote Code Execution
PHP Address Book 3.1.5 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
PHP Address Book 3.1.5 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
GL-SH Deaf Forum 6.5.5 - Cross-Site Scripting and Arbitrary File Upload
GL-SH Deaf Forum 6.5.5 - Cross-Site Scripting / Arbitrary File Upload
couponPHP CMS 1.0 - Multiple Stored XSS and SQL Injection
couponPHP CMS 1.0 - Multiple Stored XSS / SQL Injection
EasyDynamicPages 3.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection and Cross-Site Vulnerabilities
EasyDynamicPages 3.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection / Cross-Site Scripting
EasyE-Cards 3.10 - (SQL Injection and Cross-Site Scripting) Multiple Vulnerabilities
EasyE-Cards 3.10 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
dotProject 2.1.2 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
dotProject 2.1.2 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities
@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting
DHCart 3.84 - Multiple Cross-Site Scripting And HTML Injection Vulnerabilities
DHCart 3.84 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
KDE Konqueror 4.1 - Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities
4CMS - SQL Injection and Local File Inclusion
4CMS - SQL Injection / Local File Inclusion
PTCeffect 4.6 - LFI & SQL Injection
PTCeffect 4.6 - LFI / SQL Injection
010 Editor 3.0.4 File Parsing Multiple Buffer Overflow Vulnerabilities
010 Editor 3.0.4 - File Parsing Multiple Buffer Overflow Vulnerabilities
DWebPro 6.8.26 - Directory Traversal and Arbitrary File Disclosure
DWebPro 6.8.26 - Directory Traversal / Arbitrary File Disclosure
Kingsoft Webshield 1.1.0.62 - Cross-Site scripting and Remote Command Execution
Kingsoft Webshield 1.1.0.62 - Cross-Site scripting / Remote Command Execution
LxBlog Multiple Cross-Site Scripting and SQL Injection
LxBlog Multiple Cross-Site Scripting / SQL Injection
Joomla! < 1.5.11 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Joomla! < 1.5.11 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
PhotoPost PHP 3.3.1 - 'cat' Parameter Cross-Site Scripting and SQL Injection
PhotoPost PHP 3.3.1 - 'cat' Parameter Cross-Site Scripting / SQL Injection
Natychmiast CMS - Multiple Cross-Site Scripting and SQL Injection
Natychmiast CMS - Multiple Cross-Site Scripting / SQL Injection
e107 0.7.x - ('CAPTCHA' Security Bypass and Cross-Site Scripting) Multiple Vulnerabilities
e107 0.7.x - ('CAPTCHA' Security Bypass / Cross-Site Scripting) Multiple Vulnerabilities
Achievo 1.x - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Dream Poll 3.1 - 'index.php' Cross-Site Scripting and SQL Injection
Achievo 1.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
Dream Poll 3.1 - 'index.php' Cross-Site Scripting / SQL Injection
Pentaho BI 1.x - Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities
Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities
Oracle E-Business Suite 11i Multiple Remote Vulnerabilities
Oracle E-Business Suite 11i - Multiple Remote Vulnerabilities
Photokorn 1.542 - Cross-Site Scripting and Remote File Inclusion
Photokorn 1.542 - Cross-Site Scripting / Remote File Inclusion
dotProject 2.1.3 - Multiple SQL Injection and HTML Injection Vulnerabilities
dotProject 2.1.3 - Multiple SQL Injection / HTML Injection Vulnerabilities
Linux Kernel 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3)
Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3)
Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting and SQL Injection
Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting / SQL Injection
Lunar CMS 3.3 - CSRF And Stored XSS
Lunar CMS 3.3 - CSRF / Stored XSS
NovaSTOR NovaNET 11.0 - Remote DoS and arbitrary memory read
NovaSTOR NovaNET 11.0 - Remote DoS / arbitrary memory read
NolaPro Enterprise 4.0.5538 - Cross-Site Scripting and SQL Injection
NolaPro Enterprise 4.0.5538 - Cross-Site Scripting / SQL Injection
Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting and SQL Injection
Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting / SQL Injection
Omeka 2.2 - CSRF And Stored XSS
Omeka 2.2 - CSRF / Stored XSS
Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities
Oxwall 1.7.0 - Multiple CSRF / HTML Injection Vulnerabilities
SkaDate Lite 2.0 - Multiple CSRF And Persistent XSS Vulnerabilities
SkaDate Lite 2.0 - Multiple CSRF / Persistent XSS Vulnerabilities
Disqus for WordPress 2.7.5 - Admin Stored CSRF and XSS
Disqus for WordPress 2.7.5 - Admin Stored CSRF / XSS
PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting and HTML Injection Vulnerabilities
PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection Vulnerabilities
Cetera eCommerce Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Cetera eCommerce - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
Allinta CMS 22.07.2010 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
Allinta CMS 22.07.2010 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
Nagios XI Multiple Cross-Site Request Forgery Vulnerabilities
Nagios XI 0 Multiple Cross-Site Request Forgery Vulnerabilities
JBoard Multiple Cross-Site Scripting and SQL Injection
JBoard Multiple Cross-Site Scripting / SQL Injection
ServletExec - (Directory Traversal and Authentication-Bypass) Multiple Vulnerabilities
ServletExec - (Directory Traversal / Authentication-Bypass) Multiple Vulnerabilities
123 Flash Chat Multiple Security Vulnerabilities
123 Flash Chat = Multiple Security Vulnerabilities
CompuCMS - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
CompuCMS - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
Briefcase 4.0 iOS - Code Execution & File Include
Briefcase 4.0 iOS - Code Execution / File Include
Million Dollar Pixel Ads Cross-Site Scripting and SQL Injection
Million Dollar Pixel Ads Cross-Site Scripting / SQL Injection
PluXml 5.0.1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
AdvertisementManager 3.1 - 'req' Parameter Local and Remote File Inclusion
AdvertisementManager 3.1 - 'req' Parameter Local File Inclusion / Remote File Inclusion
CMS WebManager-Pro 7.4.3 - Cross-Site Scripting and SQL Injection
CMS WebManager-Pro 7.4.3 - Cross-Site Scripting / SQL Injection
Centreon SQL and Command Injection
Centreon - SQL Injection / Command Injection
net2ftp 0.98 - (stable) 'admin1.template.php' Local and Remote File Inclusion
net2ftp 0.98 - (stable) 'admin1.template.php' Local File Inclusion / Remote File Inclusion
PHP TopSites 2.1 - 'rate.php' Cross-Site Scripting and SQL Injection
PHP TopSites 2.1 - 'rate.php' Cross-Site Scripting / SQL Injection
BLOG:CMS 4.2.1 e Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
BLOG:CMS 4.2.1 e - Multiple HTML Injection / Cross-Site Scripting
Modx CMS 2.2.14 - CSRF Bypass & Reflected XSS & Stored XSS
Modx CMS 2.2.14 - CSRF Bypass / Reflected XSS / Stored XSS
BlogEngine.NET 1.6 - Directory Traversal and Information Disclosure
BlogEngine.NET 1.6 - Directory Traversal / Information Disclosure
TinyWebGallery 1.8.3 - Cross-Site Scripting and Local File Inclusion
TinyWebGallery 1.8.3 - Cross-Site Scripting / Local File Inclusion
Batavi 1.0 - Multiple Local File Inclusion and Cross-Site Scripting Vulnerabilities
Batavi 1.0 - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities
1 Flash Gallery WordPress Plugin 0.2.5 - Cross-Site Scripting and SQL Injection
1 Flash Gallery WordPress Plugin 0.2.5 - Cross-Site Scripting / SQL Injection
CosmoShop 10.05.00 - Multiple Cross-Site Scripting and SQL Injection
CosmoShop 10.05.00 - Multiple Cross-Site Scripting / SQL Injection
Anantasoft Gazelle CMS 1.0 - Cross-Site Scripting and SQL Injection
Anantasoft Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection
Online store php script Multiple Cross-Site Scripting and SQL Injection
Online store php script Multiple Cross-Site Scripting / SQL Injection
Ripe Website Manager 1.1 - Cross-Site Scripting and Multiple SQL Injection
Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injection
Cetera eCommerce Multiple Cross-Site Scripting and SQL Injection
Cetera eCommerce Multiple Cross-Site Scripting / SQL Injection
osCSS 2.1 - Cross-Site Scripting and Multiple Local File Inclusion
osCSS 2.1 - Cross-Site Scripting / Multiple Local File Inclusion
CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution
CIK Telecom VoIP router SVG6000RW - Privilege Escalation / Command Execution
Spellchecker Plugin 3.1 for WordPress - 'general.php' Local and Remote File Inclusion
Spellchecker Plugin 3.1 for WordPress - 'general.php' Local File Inclusion / Remote File Inclusion
PhoenixCMS 1.7 - Local File Inclusion and SQL Injection
PhoenixCMS 1.7 - Local File Inclusion / SQL Injection
4Images 1.7.9 - Multiple Remote File Inclusion and SQL Injection
4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injection
Sermon Browser WordPress Plugin 0.43 - Cross-Site Scripting and SQL Injection
Sermon Browser WordPress Plugin 0.43 - Cross-Site Scripting / SQL Injection
Nuke Evolution Xtreme 2.0 - Local File Inclusion and SQL Injection
Nuke Evolution Xtreme 2.0 - Local File Inclusion / SQL Injection
Tine 2.0 - 'vbook.php' Cross Site Scripting
LANSA aXes Web Terminal TN5250 - 'axes_default.css' Cross Site Scripting
LDAP Account Manager 3.4.0 selfserviceSaveOk Parameter Cross Site Scripting
Tine 2.0 - 'vbook.php' Cross-Site Scripting
LANSA aXes Web Terminal TN5250 - 'axes_default.css' Cross-Site Scripting
LDAP Account Manager 3.4.0 selfserviceSaveOk Parameter Cross-Site Scripting
E2 Photo Gallery 0.9 - 'index.php' Cross Site Scripting
YaPIG 0.95 Multiple Cross Site Scripting Vulnerabilities
Web Auction 0.3.6 'lang' Parameter Cross Site Scripting
Proofpoint Protection Server 5.5.5 - 'process.cgi' Cross Site Scripting
E2 Photo Gallery 0.9 - 'index.php' Cross-Site Scripting
YaPIG 0.95 - Multiple Cross-Site Scripting Vulnerabilities
Web Auction 0.3.6 'lang' Parameter Cross-Site Scripting
Proofpoint Protection Server 5.5.5 - 'process.cgi' Cross-Site Scripting
SelectaPix 1.4.1 - 'uploadername' Parameter Cross Site Scripting
Multiple GoT.MY Products 'theme_dir' Parameter Cross Site Scripting
SelectaPix 1.4.1 - 'uploadername' Parameter Cross-Site Scripting
Multiple GoT.MY Products 'theme_dir' Parameter Cross-Site Scripting
WP Ajax Calendar 1.0 - 'example.php' Cross Site Scripting
PHP Directory Listing Script 3.1 - 'index.php' Cross Site Scripting
BMC Remedy Knowledge Management 7.5.00 Default Account and Multiple Cross Site Scripting Vulnerabilities
BMC Dashboards 7.6.01 - Cross Site Scripting / Information Disclosure
PHPDug 2.0 Multiple Cross Site Scripting Vulnerabilities
WP Ajax Calendar 1.0 - 'example.php' Cross-Site Scripting
PHP Directory Listing Script 3.1 - 'index.php' Cross-Site Scripting
BMC Remedy Knowledge Management 7.5.00 Default Account and Multiple Cross-Site Scripting Vulnerabilities
BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure
PHPDug 2.0 - Multiple Cross-Site Scripting Vulnerabilities
encoder 0.4.10 - 'edit.php' Cross Site Scripting
Ampache 3.5.4 - 'login.php' Cross Site Scripting
encoder 0.4.10 - 'edit.php' Cross-Site Scripting
Ampache 3.5.4 - 'login.php' Cross-Site Scripting
Gelsheet 1.02 - 'index.php' Cross Site Scripting
Gelsheet 1.02 - 'index.php' Cross-Site Scripting
Perl 5.10 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
Perl 5.10 - Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
Keyfax Customer Response Management 3.2.2.6 Multiple Cross Site Scripting Vulnerabilities
Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities
Pandora 3.1 - Auth Bypass and Arbitrary File Upload
Pandora 3.1 - Auth Bypass / Arbitrary File Upload
Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross Site Scripting
poMMo Aardvark PR16.1 Multiple Cross Site Scripting Vulnerabilities
Calendarix 0.8.20080808 Multiple Cross Site Scripting and SQL Injection
Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting
poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities
Calendarix 0.8.20080808 - Multiple Cross-Site Scripting and SQL Injection
Argyle Social Multiple Cross Site Scripting Vulnerabilities
Argyle Social - Multiple Cross-Site Scripting Vulnerabilities
Mitel Audio and Web Conferencing 4.4.3.0 Multiple Cross Site Scripting Vulnerabilities
Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities
allocPSA 1.7.4 - 'login/login.php' Cross Site Scripting
DocMGR 1.1.2 - 'history.php' Cross Site Scripting
openQRM 4.8 - 'source_tab' Parameter Cross Site Scripting
allocPSA 1.7.4 - 'login/login.php' Cross-Site Scripting
DocMGR 1.1.2 - 'history.php' Cross-Site Scripting
openQRM 4.8 - 'source_tab' Parameter Cross-Site Scripting
eFront 3.6.9 - 'submitScore.php' Cross Site Scripting
PHP Calendar Basic 2.3 Multiple Cross Site Scripting Vulnerabilities
TWiki 5.0.1 - 'origurl' Parameter Cross Site Scripting
eFront 3.6.9 - 'submitScore.php' Cross-Site Scripting
PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities
TWiki 5.0.1 - 'origurl' Parameter Cross-Site Scripting
CiscoWorks Common Services Framework 3.1.1 Help Servlet Cross Site Scripting
Cisco Unified Operations Manager 8.5 Common Services Device Center Cross Site Scripting
CiscoWorks Common Services Framework 3.1.1 Help Servlet Cross-Site Scripting
Cisco Unified Operations Manager 8.5 Common Services Device Center Cross-Site Scripting
Room Juice 0.3.3 - 'display.php' Cross Site Scripting
Room Juice 0.3.3 - 'display.php' Cross-Site Scripting
LimeSurvey 1.85+ 'admin.php' Cross Site Scripting
LimeSurvey 1.85+ 'admin.php' Cross-Site Scripting
phpScheduleIt 1.2.12 Multiple Cross Site Scripting Vulnerabilities
phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities
Ajax Chat 1.0 - 'ajax-chat.php' Cross Site Scripting
Gadu-Gadu Instant Messenger 6.0 File Transfer Cross Site Scripting
Ajax Chat 1.0 - 'ajax-chat.php' Cross-Site Scripting
Gadu-Gadu Instant Messenger 6.0 File Transfer Cross-Site Scripting
Cotonti 0.9.2 Multiple SQL Injection
Cotonti 0.9.2 - Multiple SQL Injection
Kryn.cms 0.9 - '_kurl' Parameter Cross Site Scripting
Kryn.cms 0.9 - '_kurl' Parameter Cross-Site Scripting
Blackboard Learn 8.0 - 'keywordraw' Parameter Cross Site Scripting
Blackboard Learn 8.0 - 'keywordraw' Parameter Cross-Site Scripting
Kentico CMS 5.5R2.23 - 'userContextMenu_parameter' Parameter Cross Site Scripting
Serendipity Freetag-plugin 3.21 - 'index.php' Cross Site Scripting
Kentico CMS 5.5R2.23 - 'userContextMenu_parameter' Parameter Cross-Site Scripting
Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting
ARSC Really Simple Chat 3.3-rc2 - Cross Site Scripting and Multiple SQL Injection
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injection
Nagios 3.2.3 - 'expand' Parameter Cross Site Scripting
Nagios 3.2.3 - 'expand' Parameter Cross-Site Scripting
vBulletin vBExperience 3 - 'sortorder' Parameter Cross Site Scripting
vBulletin vBExperience 3 - 'sortorder' Parameter Cross-Site Scripting
Nakid CMS 1.0.2 - 'CKEditorFuncNum' Parameter Cross Site Scripting
Multiple WordPress WooThemes - 'test.php' Cross Site Scripting
Nakid CMS 1.0.2 - 'CKEditorFuncNum' Parameter Cross-Site Scripting
Multiple WordPress WooThemes - 'test.php' Cross-Site Scripting
Squiz Matrix 4 - 'colour_picker.php' Cross Site Scripting
Squiz Matrix 4 - 'colour_picker.php' Cross-Site Scripting
BLOG:CMS 4.2 Multiple Cross Site Scripting Vulnerabilities
BLOG:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities
The Pacer Edition CMS 2.1 - 'email' Parameter Cross Site Scripting
The Pacer Edition CMS 2.1 - 'email' Parameter Cross-Site Scripting
vBTube 1.2.9 - 'vBTube.php' Multiple Cross Site Scripting Vulnerabilities
miniblog 1.0 Multiple Cross Site Scripting Vulnerabilities
vBTube 1.2.9 - 'vBTube.php' Multiple Cross-Site Scripting Vulnerabilities
miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities
Sunway ForceControl 6.1 Multiple Heap Based Buffer Overflow Vulnerabilities
Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities
Immophp 1.1.1 Cross Site Scripting and SQL Injection
Taha Portal 3.2 - 'sitemap.php' Cross Site Scripting
Immophp 1.1.1 Cross-Site Scripting and SQL Injection
Taha Portal 3.2 - 'sitemap.php' Cross-Site Scripting
Sitemagic CMS 2010.04.17 - 'SMExt' Parameter Cross Site Scripting
Sitemagic CMS 2010.04.17 - 'SMExt' Parameter Cross-Site Scripting
FanUpdate 3.0 - 'pageTitle' Parameter Cross Site Scripting
FanUpdate 3.0 - 'pageTitle' Parameter Cross-Site Scripting
ecommerceMajor - SQL Injection And Authentication bypass
ecommerceMajor - SQL Injection / Authentication bypass
Mambo CMS 4.6.x Multiple Cross Site Scripting Vulnerabilities
Mambo CMS 4.6.x Multiple Cross-Site Scripting Vulnerabilities
Joomla! CMS 1.6.3 Multiple Cross Site Scripting Vulnerabilities
Joomla! CMS 1.6.3 - Multiple Cross-Site Scripting Vulnerabilities
FlatPress 0.1010.1 Multiple Cross Site Scripting Vulnerabilities
FlatPress 0.1010.1 - Multiple Cross-Site Scripting Vulnerabilities
webERP 4.3.8 Multiple Script URI XSS
webERP 4.3.8 - Multiple Script URI XSS
PHPJunkYard GBook 1.6/1.7 Multiple Cross Site Scripting Vulnerabilities
PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities
WebCalendar 1.2.3 Multiple Cross Site Scripting Vulnerabilities
WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities
Paliz Portal Cross Site Scripting and Multiple SQL Injection
Paliz Portal Cross-Site Scripting and Multiple SQL Injection
Classified Script c-BrowseClassified URL Cross Site Scripting
Classified Script c-BrowseClassified URL Cross-Site Scripting
Prontus CMS 'page' Parameter Cross Site Scripting
Prontus CMS 'page' Parameter Cross-Site Scripting
Alice Modem 1111 - 'rulename' Parameter Cross Site Scripting / Denial of Service
Alice Modem 1111 - 'rulename' Parameter Cross-Site Scripting / Denial of Service
Flowplayer 3.2.7 linkUrl' Parameter Cross Site Scripting
TCExam 11.2.x Multiple Cross Site Scripting Vulnerabilities
Flowplayer 3.2.7 linkUrl' Parameter Cross-Site Scripting
TCExam 11.2.x Multiple Cross-Site Scripting Vulnerabilities
Joomla! 'com_resman' Component Cross Site Scripting
Joomla! 'com_resman' Component Cross-Site Scripting
Joomla! 1.6.5 and Prior Multiple Cross Site Scripting Vulnerabilities
Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross Site Scripting
Cyberoam UTM Multiple Cross Site Scripting Vulnerabilities
Joomla! 1.6.5 and Prior Multiple Cross-Site Scripting Vulnerabilities
Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross-Site Scripting
Cyberoam UTM Multiple Cross-Site Scripting Vulnerabilities
Online Grades 3.2.5 Multiple Cross Site Scripting Vulnerabilities
Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities
Curverider Elgg 1.7.9 Multiple Cross Site Scripting Vulnerabilities
Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities
mt LinkDatenbank 'b' Parameter Cross Site Scripting
BESNI OKUL PORTAL 'sayfa.asp' Cross Site Scripting
mt LinkDatenbank 'b' Parameter Cross-Site Scripting
BESNI OKUL PORTAL 'sayfa.asp' Cross-Site Scripting
HESK 2.2 Multiple Cross Site Scripting Vulnerabilities
WordPress WP e-Commerce Plugin 3.8.6 - 'cart_messages[]' Parameter Cross Site Scripting
Community Server 2007/2008 - 'TagSelector.aspx' Cross Site Scripting
Microsoft Visual Studio Report Viewer 2005 Control Multiple Cross Site Scripting Vulnerabilities
HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities
WordPress WP e-Commerce Plugin 3.8.6 - 'cart_messages[]' Parameter Cross-Site Scripting
Community Server 2007/2008 - 'TagSelector.aspx' Cross-Site Scripting
Microsoft Visual Studio Report Viewer 2005 Control Multiple Cross-Site Scripting Vulnerabilities
u5CMS 3.9.3 - Multiple Stored And Reflected XSS Vulnerabilities
u5CMS 3.9.3 - Multiple Stored XSS / Reflected XSS Vulnerabilities
Softbiz Recipes Portal Script Multiple Cross Site Scripting Vulnerabilities
Search Network 2.0 - 'query' Parameter Cross Site Scripting
OpenEMR 4.0 Multiple Cross Site Scripting Vulnerabilities
Softbiz Recipes Portal Script Multiple Cross-Site Scripting Vulnerabilities
Search Network 2.0 - 'query' Parameter Cross-Site Scripting
OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities
WordPress eShop Plugin 6.2.8 - Multiple Cross Site Scripting Vulnerabilities
WordPress eShop Plugin 6.2.8 - Multiple Cross-Site Scripting Vulnerabilities
SurgeFTP 23b6 Multiple Cross Site Scripting Vulnerabilities
phpWebSite 'page_id' Parameter Cross Site Scripting
awiki 20100125 Multiple Local File Inclusion
SurgeFTP 23b6 - Multiple Cross-Site Scripting Vulnerabilities
phpWebSite 'page_id' Parameter Cross-Site Scripting
awiki 20100125 - Multiple Local File Inclusion
WordPress Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross Site Scripting
WordPress WP-Stats-Dashboard Plugin 2.6.5.1 - Multiple Cross Site Scripting Vulnerabilities
WordPress Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross-Site Scripting
WordPress WP-Stats-Dashboard Plugin 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities
PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
PHP Prior to 5.3.7 - Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
Adobe ColdFusion - 'probe.cfm' Cross Site Scripting
MantisBT 1.1.8 Cross Site Scripting and SQL Injection
Adobe ColdFusion - 'probe.cfm' Cross-Site Scripting
MantisBT 1.1.8 Cross-Site Scripting and SQL Injection
OneFileCMS 1.1.1 - 'onefilecms.php' Cross Site Scripting
Pandora FMS 3.x - 'index.php' Cross Site Scripting
OneFileCMS 1.1.1 - 'onefilecms.php' Cross-Site Scripting
Pandora FMS 3.x - 'index.php' Cross-Site Scripting
Concrete 5.4.1 1 - 'rcID' Parameter Cross Site Scripting
Open Classifieds 1.7.2 Multiple Cross Site Scripting Vulnerabilities
Concrete 5.4.1 1 - 'rcID' Parameter Cross-Site Scripting
Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities
WonderPlugin Audio Player 2.0 - Blind SQL Injection and XSS
WonderPlugin Audio Player 2.0 - Blind SQL Injection / XSS
IBM Open Admin Tool 2.71 Multiple Cross Site Scripting Vulnerabilities
IBM Open Admin Tool 2.71 - Multiple Cross-Site Scripting Vulnerabilities
Mambo CMS N-Skyrslur Cross Site Scripting
Mambo CMS N-Skyrslur Cross-Site Scripting
GuppY CMS 5.0.9 & 5.00.10 Multiple CSRF Vulnerabilities
GuppY CMS 5.0.9 & 5.00.10 - Multiple CSRF Vulnerabilities
ACal 2.2.6 'calendar.php' Cross Site Scripting
ACal 2.2.6 'calendar.php' Cross-Site Scripting
YABSoft Advanced Image Hosting Script 2.3 - 'report.php' Cross Site Scripting
YABSoft Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting
Kisanji 'gr' Parameter Cross Site Scripting
GeoClassifieds Lite 2.0.x Multiple Cross Site Scripting and SQL Injection
Kisanji 'gr' Parameter Cross-Site Scripting
GeoClassifieds Lite 2.0.x Multiple Cross-Site Scripting and SQL Injection
Zikula Application Framework 1.2.7/1.3 - 'themename' Parameter Cross Site Scripting
SkaDate 'blogs.php' Cross Site Scripting
Zikula Application Framework 1.2.7/1.3 - 'themename' Parameter Cross-Site Scripting
SkaDate 'blogs.php' Cross-Site Scripting
Pluck 4.7 Multiple Local File Inclusion and File Disclosure Vulnerabilities
Pluck 4.7 - Multiple Local File Inclusion and File Disclosure Vulnerabilities
Papoo CMS Light 4.0 Multiple Cross Site Scripting Vulnerabilities
Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities
Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross Site Scripting
Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross-Site Scripting
PunBB 1.3.5 Multiple Cross-Site Scripting Vulnerabilities
PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
Toko LiteCMS 1.5.2 - HTTP Response Splitting / Cross Site Scripting
Aspgwy Access 1.0 - 'matchword' Parameter Cross Site Scripting
net4visions Multiple Products - 'dir' parameters Multiple Cross Site Scripting Vulnerabilities
Toko LiteCMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting
Aspgwy Access 1.0 - 'matchword' Parameter Cross-Site Scripting
net4visions Multiple Products - 'dir' parameters Multiple Cross-Site Scripting Vulnerabilities
Card sharj 1.0 Multiple SQL Injection
Card sharj 1.0 - Multiple SQL Injection
i-Gallery 3.4 - 'd' Parameter Cross Site Scripting
Free Help Desk 1.1b Multiple Input Validation Vulnerabilities
phpRS 2.8.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities
OneCMS 2.6.4 Multiple SQL Injection
Zyncro 3.0.1.20 Multiple HTML Injection Vulnerabilities
i-Gallery 3.4 - 'd' Parameter Cross-Site Scripting
Free Help Desk 1.1b - Multiple Input Validation Vulnerabilities
phpRS 2.8.1 - Multiple SQL Injection / Cross-Site Scripting
OneCMS 2.6.4 - Multiple SQL Injection
Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities
AdaptCMS 2.0.1 - Cross Site Scripting / Information Disclosure
Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross Site Scripting
AdaptCMS 2.0.1 - Cross-Site Scripting / Information Disclosure
Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting
Adobe ColdFusion 7 - Multiple Cross Site Scripting Vulnerabilities
Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities
Traq 2.2 Multiple SQL Injection and Cross Site Scripting Vulnerabilities
Joomla! 1.7.0 and Prior Multiple Cross Site Scripting Vulnerabilities
Bitweaver 2.8.1 Multiple Cross-Site Scripting Vulnerabilities
WordPress Atahualpa Theme 3.6.7 - 's' Parameter Cross Site Scripting
WordPress Hybrid Theme 0.9 - 'cpage' Parameter Cross Site Scripting
WordPress F8 Lite Theme 4.2.1 - 's' Parameter Cross Site Scripting
WordPress Elegant Grunge Theme 1.0.3 - 's' Parameter Cross Site Scripting
WordPress EvoLve Theme 1.2.5 - 's' Parameter Cross Site Scripting
WordPress Cover WP Theme 1.6.5 - 's' Parameter Cross Site Scripting
WordPress Web Minimalist Theme 1.1 - 'index.php' Cross Site Scripting
WordPress Pixiv Custom Theme 2.1.5 - 'cpage' Parameter Cross Site Scripting
WordPress Morning Coffee Theme 3.5 - 'index.php' Cross Site Scripting
WordPress Black-LetterHead Theme 1.5 - 'index.php' Cross Site Scripting
Traq 2.2 - Multiple SQL Injection / Cross-Site Scripting
Joomla! 1.7.0 and Prior Multiple Cross-Site Scripting Vulnerabilities
Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Atahualpa Theme 3.6.7 - 's' Parameter Cross-Site Scripting
WordPress Hybrid Theme 0.9 - 'cpage' Parameter Cross-Site Scripting
WordPress F8 Lite Theme 4.2.1 - 's' Parameter Cross-Site Scripting
WordPress Elegant Grunge Theme 1.0.3 - 's' Parameter Cross-Site Scripting
WordPress EvoLve Theme 1.2.5 - 's' Parameter Cross-Site Scripting
WordPress Cover WP Theme 1.6.5 - 's' Parameter Cross-Site Scripting
WordPress Web Minimalist Theme 1.1 - 'index.php' Cross-Site Scripting
WordPress Pixiv Custom Theme 2.1.5 - 'cpage' Parameter Cross-Site Scripting
WordPress Morning Coffee Theme 3.5 - 'index.php' Cross-Site Scripting
WordPress Black-LetterHead Theme 1.5 - 'index.php' Cross-Site Scripting
WordPress RedLine Theme 1.65 - 's' Parameter Cross Site Scripting
WordPress RedLine Theme 1.65 - 's' Parameter Cross-Site Scripting
WordPress Trending 0.1 - 'cpage' Parameter Cross Site Scripting
WordPress Trending 0.1 - 'cpage' Parameter Cross-Site Scripting
Innovate Portal 2.0 - 'cat' Parameter Cross Site Scripting
Active CMS 1.2 - 'mod' Parameter Cross Site Scripting
Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting
Active CMS 1.2 - 'mod' Parameter Cross-Site Scripting
Jaws 0.8.14 Multiple Remote File Inclusion
Jaws 0.8.14 - Multiple Remote File Inclusion
6KBBS 8.0 build 20101201 - Cross Site Scripting / Information Disclosure
6KBBS 8.0 build 20101201 - Cross-Site Scripting / Information Disclosure
SilverStripe 2.4.5 Multiple Cross-Site Scripting Vulnerabilities
SilverStripe 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
BugFree 2.1.3 Multiple Cross Site Scripting Vulnerabilities
BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Pretty Link Plugin 1.4.56 - Multiple Cross Site Scripting Vulnerabilities
WordPress Pretty Link Plugin 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities
PROMOTIC 8.1.3 Multiple Security Vulnerabilities
Xenon 'id' Parameter Multiple SQL Injection
asgbookphp 1.9 - 'index.php' Cross Site Scripting
PROMOTIC 8.1.3 - Multiple Security Vulnerabilities
Xenon - 'id' Parameter Multiple SQL Injection
asgbookphp 1.9 - 'index.php' Cross-Site Scripting
Check Point UTM-1 Edge and Safe 8.2.43 Multiple Security Vulnerabilities
Site@School 2.4.10 - 'index.php' Cross Site Scripting and SQL Injection
Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Security Vulnerabilities
Site@School 2.4.10 - 'index.php' Cross-Site Scripting / SQL Injection
WordPress Theme Photocrati 4.x.x - SQL Injection & XSS
WordPress Theme Photocrati 4.x.x - SQL Injection / XSS
Splunk 4.1.6 'segment' Parameter Cross Site Scripting
Splunk 4.1.6 'segment' Parameter Cross-Site Scripting
osCommerce - Remote File Upload and File Disclosure
Tine 2.0 Multiple Cross Site Scripting Vulnerabilities
osCommerce - Remote File Upload / File Disclosure
Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities
InverseFlow 2.4 Multiple Cross Site Scripting Vulnerabilities
Alsbtain Bulletin 1.5/1.6 Multiple Local File Inclusion
vtiger CRM 5.2.1 - 'index.php' Multiple Cross Site Scripting Vulnerabilities
InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities
Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusion
vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
XAMPP 1.7.4 Multiple Cross Site Scripting Vulnerabilities
XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities
Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross Site Scripting
Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting
Domain Shop 'index.php' Cross Site Scripting
vBulletin 4.1.7 Multiple Remote File Inclusion
Domain Shop 'index.php' Cross-Site Scripting
vBulletin 4.1.7 - Multiple Remote File Inclusion
Hyperic HQ Enterprise 4.5.1 Cross Site Scripting and Multiple Unspecified Security Vulnerabilities
Hyperic HQ Enterprise 4.5.1 Cross-Site Scripting and Multiple Unspecified Security Vulnerabilities
IBSng B1.34(T96) 'str' Parameter Cross Site Scripting
eFront 3.6.10 Build 11944 Multiple Cross Site Scripting Vulnerabilities
eFront 3.6.x Multiple Cross Site Scripting and SQL Injection
Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross Site Scripting
IBSng B1.34(T96) 'str' Parameter Cross-Site Scripting
eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities
eFront 3.6.x Multiple Cross-Site Scripting and SQL Injection
Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting
CmyDocument Multiple Cross Site Scripting Vulnerabilities
CmyDocument Multiple Cross-Site Scripting Vulnerabilities
WordPress Bonus Theme 1.0 - 's' Parameter Cross Site Scripting
WordPress Bonus Theme 1.0 - 's' Parameter Cross-Site Scripting
SmartJobBoard 'keywords' Parameter Cross Site Scripting
SmartJobBoard 'keywords' Parameter Cross-Site Scripting
XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross Site Scripting Vulnerabilities
XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross-Site Scripting Vulnerabilities
AShop - Open-Redirection / Cross Site Scripting
Joomla! 1.9.3 - 'com_alfcontact' Extension Multiple Cross Site Scripting Vulnerabilities
Infoblox NetMRI 6.2.1 Admin Login Page Multiple Cross Site Scripting Vulnerabilities
AShop - Open-Redirection / Cross-Site Scripting
Joomla! 1.9.3 - 'com_alfcontact' Extension Multiple Cross-Site Scripting Vulnerabilities
Infoblox NetMRI 6.2.1 Admin Login Page Multiple Cross-Site Scripting Vulnerabilities
PHP Betoffice (Betster) 1.0.4 - Authentication Bypass And SQL Injection
PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection
ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Cross Site Scripting
WordPress Flexible Custom Post Type plugin - 'id' Parameter Cross Site Scripting
ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Cross-Site Scripting
WordPress Flexible Custom Post Type plugin - 'id' Parameter Cross-Site Scripting
GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross Site Scripting Vulnerabilities
GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities
WordPress Alert Before Your Post Plugin - 'name' Parameter Cross Site Scripting
WordPress Advanced Text Widget Plugin 2.0 - 'page' Parameter Cross Site Scripting
WordPress Adminimize Plugin 1.7.21 - 'page' Parameter Cross Site Scripting
WordPress Lanoba Social Plugin 1.0 - 'action' Parameter Cross Site Scripting
WordPress Alert Before Your Post Plugin - 'name' Parameter Cross-Site Scripting
WordPress Advanced Text Widget Plugin 2.0 - 'page' Parameter Cross-Site Scripting
WordPress Adminimize Plugin 1.7.21 - 'page' Parameter Cross-Site Scripting
WordPress Lanoba Social Plugin 1.0 - 'action' Parameter Cross-Site Scripting
WordPress ClickDesk Live Support Plugin 2.0 - 'cdwidget' Parameter Cross Site Scripting
WordPress Featurific For WordPress Plugin 1.6.2 - 'snum' Parameter Cross Site Scripting
WordPress Newsletter Meenews Plugin 5.1 - 'idnews' Parameter Cross Site Scripting
WordPress ClickDesk Live Support Plugin 2.0 - 'cdwidget' Parameter Cross-Site Scripting
WordPress Featurific For WordPress Plugin 1.6.2 - 'snum' Parameter Cross-Site Scripting
WordPress Newsletter Meenews Plugin 5.1 - 'idnews' Parameter Cross-Site Scripting
Zen Cart CMS 1.3.9h Multiple Cross Site Scripting Vulnerabilities
Hastymail2 - 'rs' Parameter Cross Site Scripting
Zen Cart CMS 1.3.9h Multiple Cross-Site Scripting Vulnerabilities
Hastymail2 - 'rs' Parameter Cross-Site Scripting
eSyndiCat Pro 2.3.5 Multiple Cross Site Scripting Vulnerabilities
WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting
eSyndiCat Pro 2.3.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Skysa App Bar Plugin 'idnews' Parameter Cross-Site Scripting
WordPress 1-jquery-photo-gallery-slideshow-flash Plugin 1.01 Cross Site Scripting
WordPress flash-album-gallery Plugin 'facebook.php' Cross Site Scripting
WordPress 1-jquery-photo-gallery-slideshow-flash Plugin 1.01 Cross-Site Scripting
WordPress flash-album-gallery Plugin 'facebook.php' Cross-Site Scripting
WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross Site Scripting
WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross-Site Scripting
WordPress Pretty Link Plugin 1.5.2 - 'pretty-bar.php' Cross Site Scripting
WordPress Pretty Link Plugin 1.5.2 - 'pretty-bar.php' Cross-Site Scripting
Hero 3.69 - 'month' Parameter Cross Site Scripting
Hero 3.69 - 'month' Parameter Cross-Site Scripting
Siena CMS 1.242 - 'err' Parameter Cross Site Scripting
WordPress WP Live.php 1.2.1 - 's' Parameter Cross Site Scripting
PHPB2B 4.1 - 'q' Parameter Cross Site Scripting
FuseTalk Forums 3.2 - 'windowed' Parameter Cross Site Scripting
Siena CMS 1.242 - 'err' Parameter Cross-Site Scripting
WordPress WP Live.php 1.2.1 - 's' Parameter Cross-Site Scripting
PHPB2B 4.1 - 'q' Parameter Cross-Site Scripting
FuseTalk Forums 3.2 - 'windowed' Parameter Cross-Site Scripting
Axis M10 Series Network Cameras Cross Site Scripting
Axis M10 Series Network Cameras Cross-Site Scripting
Pet Listing 'preview.php' Cross Site Scripting
Pet Listing 'preview.php' Cross-Site Scripting
WordPress GRAND FlAGallery Plugin 1.57 - 'flagshow.php' Cross Site Scripting
WordPress GRAND FlAGallery Plugin 1.57 - 'flagshow.php' Cross-Site Scripting
WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting
WordPress The Welcomizer Plugin 1.3.9.4 - 'twiz-index.php' Cross Site Scripting
Fork CMS 3.1.5 Multiple Cross Site Scripting Vulnerabilities
Pulse Pro 1.7.2 Multiple Cross Site Scripting Vulnerabilities
WordPress flash-album-gallery Plugin 'flagshow.php' Cross-Site Scripting
WordPress The Welcomizer Plugin 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting
Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities
Pulse Pro 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities
BrowserCRM 5.100.1 Multiple Script URI XSS
BrowserCRM 5.100.1 - Multiple Script URI XSS
Nagios XI Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Nagios XI - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
Websense 7.6 Triton Report Management Interface Cross Site Scripting
Websense 7.6 Triton Report Management Interface Cross-Site Scripting
PHP Booking Calendar 10e 'page_info_message' Parameter Cross Site Scripting
PHP Booking Calendar 10e 'page_info_message' Parameter Cross-Site Scripting
PHPShop CMS 3.4 Multiple Cross Site Scripting and SQL Injection
PHPShop CMS 3.4 - Multiple Cross-Site Scripting and SQL Injection
epesi BIM 1.2 rev 8154 Multiple Cross-Site Scripting Vulnerabilities
Barracuda Control Center 620 - Cross Site Scripting / HTML Injection
epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities
Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection
WordPress Comment Rating Plugin 2.9.20 - 'path' Parameter Cross Site Scripting
WordPress WHOIS Plugin 1.4.2 3 - 'domain' Parameter Cross Site Scripting
TextPattern 4.4.1 - 'ddb' Parameter Cross Site Scripting
WordPress Comment Rating Plugin 2.9.20 - 'path' Parameter Cross-Site Scripting
WordPress WHOIS Plugin 1.4.2 3 - 'domain' Parameter Cross-Site Scripting
TextPattern 4.4.1 - 'ddb' Parameter Cross-Site Scripting
Limny 3.0.1 - 'login.php' Script Cross Site Scripting
Limny 3.0.1 - 'login.php' Script Cross-Site Scripting
Pligg CMS 1.1.4 - 'SERVER[php_self]' Cross Site Scripting
UBB.threads 7.5.6 'Username' Field Cross Site Scripting
Yaws 1.88 - Multiple Cross Site Scripting / HTML Injection Vulnerabilities
StatIt 4 - 'statistik.php' Multiple Cross Site Scripting Vulnerabilities
Pligg CMS 1.1.4 - 'SERVER[php_self]' Cross-Site Scripting
UBB.threads 7.5.6 'Username' Field Cross-Site Scripting
Yaws 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
StatIt 4 - 'statistik.php' Multiple Cross-Site Scripting Vulnerabilities
VertrigoServ 2.25 - 'extensions.php' Script Cross Site Scripting
VertrigoServ 2.25 - 'extensions.php' Script Cross-Site Scripting
DIGIT CMS 1.0.7 Cross Site Scripting and SQL Injection
DIGIT CMS 1.0.7 Cross-Site Scripting and SQL Injection
SonicWall AntiSpam & EMail 7.3.1 Multiple Security vulnerabilities
Gregarius 0.6.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities
Advanced File Management 1.4 - 'users.php' Cross Site Scripting
SonicWall AntiSpam & EMail 7.3.1 - Multiple Security vulnerabilities
Gregarius 0.6.1 - Multiple SQL Injection / Cross-Site Scripting
Advanced File Management 1.4 - 'users.php' Cross-Site Scripting
PHP-Fusion 7.2.4 - 'downloads.php' Cross Site Scripting
PHP-Fusion 7.2.4 - 'downloads.php' Cross-Site Scripting
KnowledgeTree 3.x Multiple Cross Site Scripting Vulnerabilities
KnowledgeTree 3.x Multiple Cross-Site Scripting Vulnerabilities
MailEnable 6.02 - 'ForgottonPassword.aspx' Cross Site Scripting
MailEnable 6.02 - 'ForgottonPassword.aspx' Cross-Site Scripting
PHP Membership Site Manager Script 2.1 - 'index.php' Cross Site Scripting
PHP Ringtone Website 'ringtones.php' Multiple Cross Site Scripting Vulnerabilities
BoltWire 3.4.16 Multiple 'index.php' Cross Site Scripting Vulnerabilities
PHP Membership Site Manager Script 2.1 - 'index.php' Cross-Site Scripting
PHP Ringtone Website 'ringtones.php' Multiple Cross-Site Scripting Vulnerabilities
BoltWire 3.4.16 - Multiple 'index.php' Cross-Site Scripting Vulnerabilities
ATutor 2.0.3 Multiple Cross Site Scripting Vulnerabilities
Beehive Forum 101 Multiple Cross Site Scripting Vulnerabilities
phpVideoPro 0.8.x/0.9.7 Multiple Cross Site Scripting Vulnerabilities
Giveaway Manager 'members.php' Cross Site Scripting
Annuaire PHP 'sites_inscription.php' Multiple Cross Site Scripting Vulnerabilities
ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities
Beehive Forum 101 - Multiple Cross-Site Scripting Vulnerabilities
phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities
Giveaway Manager 'members.php' Cross-Site Scripting
Annuaire PHP 'sites_inscription.php' Multiple Cross-Site Scripting Vulnerabilities
OneOrZero AIMS 'index.php' Cross Site Scripting
OneOrZero AIMS 'index.php' Cross-Site Scripting
Syneto Unified Threat Management 1.3.3/1.4.2 Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Acidcat ASP CMS 3.5 Multiple Cross Site Scripting Vulnerabilities
Acidcat ASP CMS 3.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress YouSayToo auto-publishing Plugin 1.0 - 'submit' Parameter Cross Site Scripting
WordPress YouSayToo auto-publishing Plugin 1.0 - 'submit' Parameter Cross-Site Scripting
WordPress Slideshow Gallery Plugin 1.1.x - 'border' Parameter Cross Site Scripting
xClick Cart 1.0.x - 'shopping_url' Parameter Cross Site Scripting
WordPress Slideshow Gallery Plugin 1.1.x - 'border' Parameter Cross-Site Scripting
xClick Cart 1.0.x - 'shopping_url' Parameter Cross-Site Scripting
Lead Capture 'login.php' Script Cross Site Scripting
Lead Capture 'login.php' Script Cross-Site Scripting
phpLDAPadmin 1.2.2 - 'base' Parameter Cross Site Scripting
phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross Site Scripting
GForge 5.7.1 Multiple Cross Site Scripting Vulnerabilities
phpLDAPadmin 1.2.2 - 'base' Parameter Cross-Site Scripting
phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross-Site Scripting
GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities
iknSupport 'search' Module Cross Site Scripting
iknSupport 'search' Module Cross-Site Scripting
project-open 3.4.x - 'account-closed.tcl' Cross Site Scripting
project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting
Simple Groupware 0.742 - 'export' Parameter Cross Site Scripting
Simple Groupware 0.742 - 'export' Parameter Cross-Site Scripting
eFront 3.6.10 - 'administrator.php' Cross Site Scripting
eFront 3.6.10 - 'administrator.php' Cross-Site Scripting
LxCenter Kloxo 6.1.10 Multiple HTML Injection Vulnerabilities
CubeCart 3.0.20 Multiple Script redir Parameter Arbitrary Site Redirect
LxCenter Kloxo 6.1.10 - Multiple HTML Injection Vulnerabilities
CubeCart 3.0.20 - Multiple Script redir Parameter Arbitrary Site Redirect
RabbitWiki 'title' Parameter Cross Site Scripting
RabbitWiki 'title' Parameter Cross-Site Scripting
Zimbra 'view' Parameter Cross Site Scripting
Zimbra 'view' Parameter Cross-Site Scripting
Basic Analysis and Security Engine (BASE) 1.4.5 base_db_setup.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_display.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_form.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_local_rules.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_logout.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_maintenance.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_payload.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 help/base_setup_help.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_action.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_cache.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_db.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_include.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_html.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_query.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_criteria.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_query.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 setup/base_conf_contents.php Multiple Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_db_setup.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_display.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_form.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_local_rules.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_logout.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_maintenance.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_payload.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - help/base_setup_help.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_action.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_cache.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_db.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_include.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_output_html.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_output_query.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_criteria.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_query.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - setup/base_conf_contents.php Multiple Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 setup/setup2.php ado_inc_php Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_alert.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_alerts.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_class.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ipaddr.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_iplink.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ports.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - setup/setup2.php ado_inc_php Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_qry_alert.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_qry_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_alerts.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_class.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_ipaddr.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_iplink.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_ports.php BASE_path Parameter Remote File Inclusion
WordPress Duplicator 0.5.14 - SQL Injection & CSRF
WordPress Duplicator 0.5.14 - SQL Injection / CSRF
Linux Kernel 3.13 / <= 3.14 (Ubuntu) - splice() System Call Local DoS
Linux Kernel 3.13 / 3.14 (Ubuntu) - splice() System Call Local DoS
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_sensor.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_time.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_uaddr.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_sensor.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_time.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_uaddr.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_user.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_user.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 index.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 admin/base_useradmin.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 admin/index.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php Crafted File Upload Arbitrary Code Execution
Basic Analysis and Security Engine (BASE) 1.4.5 - index.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - admin/base_useradmin.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - admin/index.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted File Upload Arbitrary Code Execution
ProWiki 'id' Parameter Cross Site Scripting
ProWiki 'id' Parameter Cross-Site Scripting
LEPTON 1.1.3 - Cross Site Scripting
LEPTON 1.1.3 - Cross-Site Scripting
Tube Ace - 'q' Parameter Cross Site Scripting
Tube Ace - 'q' Parameter Cross-Site Scripting
ButorWiki 3.0 - 'service' Parameter Cross Site Scripting
ButorWiki 3.0 - 'service' Parameter Cross-Site Scripting
F*EX 20100208/20111129-2 Multiple Cross Site Scripting Vulnerabilities
F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities
CPG Dragonfly CMS 9.3.3.0 Multiple Multiple Cross Site Scripting Vulnerabilities
CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities
ContentLion Alpha 1.3 - 'login.php' Cross Site Scripting
Dolibarr 3.2 Alpha Multiple Directory Traversal Vulnerabilities
ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting
Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Oxwall 1.1.1 - 'plugin' Parameter Cross Site Scripting
Oxwall 1.1.1 - 'plugin' Parameter Cross-Site Scripting
Webglimpse 2.x Multiple Cross Site Scripting Vulnerabilities
Webglimpse 2.x Multiple Cross-Site Scripting Vulnerabilities
Bontq 'user/' URI Cross Site Scripting
Bontq 'user/' URI Cross-Site Scripting
starCMS 'q' Parameter URI Cross Site Scripting
starCMS 'q' Parameter URI Cross-Site Scripting
Fork CMS 3.2.x Multiple Cross Site Scripting and HTML Injection Vulnerabilities
NetDecision 4.6.1 Multiple Directory Traversal Vulnerabilities
Fork CMS 3.2.x Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
NetDecision 4.6.1 - Multiple Directory Traversal Vulnerabilities
WordPress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS & CSRF & File Upload
WordPress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS / CSRF / File Upload
Omnistar Live Cross Site Scripting and SQL Injection
Omnistar Live Cross-Site Scripting and SQL Injection
Max's Guestbook 1.0 Multiple Remote Vulnerabilities
Max's Guestbook 1.0 - Multiple Remote Vulnerabilities
JavaBB 0.99 - 'userId' Parameter Cross Site Scripting
JavaBB 0.99 - 'userId' Parameter Cross-Site Scripting
Ilient SysAid 8.5.5 Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Barracuda CudaTel Communication Server 2.0.029.1 Multiple HTML Injection Vulnerabilities
Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities
phpMyVisites 2.4 phpmv2/index.php Multiple Cross Site Scripting Vulnerabilities
singapore 0.10.1 - 'gallery' Parameter Cross Site Scripting
EJBCA 4.0.7 - 'issuer' Parameter Cross Site Scripting
phpMyVisites 2.4 phpmv2/index.php Multiple Cross-Site Scripting Vulnerabilities
singapore 0.10.1 - 'gallery' Parameter Cross-Site Scripting
EJBCA 4.0.7 - 'issuer' Parameter Cross-Site Scripting
Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross Site Scripting
Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross-Site Scripting
VFront 0.99.2 CSRF & Persistent XSS
VFront 0.99.2 - CSRF / Persistent XSS
Minify 2.1.x - 'g' Parameter Cross Site Scripting
Minify 2.1.x - 'g' Parameter Cross-Site Scripting
CMSimple 3.3 - 'index.php' Cross Site Scripting
CMSimple 3.3 - 'index.php' Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 Multiple Script Arbitrary File Upload
Open Journal Systems (OJS) 2.3.6 - Multiple Script Arbitrary File Upload
AtMail 1.04 Multiple Security Vulnerabilities
Event Calendar PHP 'cal_year' Parameter Cross Site Scripting
AtMail 1.04 - Multiple Security Vulnerabilities
Event Calendar PHP 'cal_year' Parameter Cross-Site Scripting
Zumset.com FbiLike 1.00 - 'id' Parameter Cross Site Scripting
Zumset.com FbiLike 1.00 - 'id' Parameter Cross-Site Scripting
Matthew1471 BlogX Multiple Cross Site Scripting Vulnerabilities
WordPress Integrator 1.32 - 'redirect_to' Parameter Cross Site Scripting
Invision Power Board 4.2.1 - 'searchText' Parameter Cross Site Scripting
Matthew1471 BlogX Multiple Cross-Site Scripting Vulnerabilities
WordPress Integrator 1.32 - 'redirect_to' Parameter Cross-Site Scripting
Invision Power Board 4.2.1 - 'searchText' Parameter Cross-Site Scripting
eZ Publish 4.x - 'ezjscore' Module Cross Site Scripting
eZ Publish 4.x - 'ezjscore' Module Cross-Site Scripting
JamWiki 1.1.5 - 'num' Parameter Cross Site Scripting
JamWiki 1.1.5 - 'num' Parameter Cross-Site Scripting
JBMC Software DirectAdmin 1.403 - 'domain' Parameter Cross Site Scripting
JBMC Software DirectAdmin 1.403 - 'domain' Parameter Cross-Site Scripting
Arbor Networks Peakflow SP 3.6.1 - 'index/' Cross Site Scripting
Arbor Networks Peakflow SP 3.6.1 - 'index/' Cross-Site Scripting
Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities
Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities
WordPress Uploadify Integration Plugin 0.9.6 Multiple Cross Site Scripting Vulnerabilities
CitrusDB 2.4.1 - Local File Inclusion and SQL Injection
Matterdaddy Market 1.1 Multiple SQL Injection
BGS CMS 2.2.1 Multiple Cross Site Scripting and HTML Injection Vulnerabilities
WordPress Uploadify Integration Plugin 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities
CitrusDB 2.4.1 - Local File Inclusion / SQL Injection
Matterdaddy Market 1.1 - Multiple SQL Injection
BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
Forma LMS 1.3 Multiple SQL Injection
Forma LMS 1.3 - Multiple SQL Injection
Bioly 1.3 - 'index.php' Cross Site Scripting and SQL Injection
Joomla! Beatz Plugin 1.1 Multiple Cross Site Scripting Vulnerabilities
Bioly 1.3 - 'index.php' Cross-Site Scripting / SQL Injection
Joomla! Beatz Plugin 1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Yahoo Answer Plugin Multiple Cross Site Scripting Vulnerabilities
WordPress Yahoo Answer Plugin Multiple Cross-Site Scripting Vulnerabilities
Acuity CMS 2.6.2 - 'UserName' Parameter Cross Site Scripting
Acuity CMS 2.6.2 - 'UserName' Parameter Cross-Site Scripting
Pendulab ChatBlazer 8.5 - 'username' Parameter Cross Site Scripting
Pendulab ChatBlazer 8.5 - 'username' Parameter Cross-Site Scripting
concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross Site Scripting
gpEasy 2.3.3 - 'jsoncallback' Parameter Cross Site Scripting
Quick.CMS 4.0 - 'p' Parameter Cross Site Scripting
concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting
gpEasy 2.3.3 - 'jsoncallback' Parameter Cross-Site Scripting
Quick.CMS 4.0 - 'p' Parameter Cross-Site Scripting
Croogo CMS 1.3.4 Multiple HTML Injection Vulnerabilities
SKYUC 3.2.1 - 'encode' Parameter Cross Site Scripting
Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities
SKYUC 3.2.1 - 'encode' Parameter Cross-Site Scripting
WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross Site Scripting
WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross-Site Scripting
MySQLDumper 1.24.4 Multiple Script Direct Request Information Disclosure
MySQLDumper 1.24.4 - Multiple Script Direct Request Information Disclosure
iGuard Security Access Control Device Firmware 3.6.7427A Cross Site Scripting
iGuard Security Access Control Device Firmware 3.6.7427A Cross-Site Scripting
Ramui Forum Script 'query' Parameter Cross Site Scripting
Ramui Forum Script 'query' Parameter Cross-Site Scripting
PivotX 2.3.2 - 'ajaxhelper.php' Cross Site Scripting
PivotX 2.3.2 - 'ajaxhelper.php' Cross-Site Scripting
WordPress WP-FaceThumb 0.1 - 'pagination_wp_facethum' Parameter Cross Site Scripting
WordPress WP-FaceThumb 0.1 - 'pagination_wp_facethum' Parameter Cross-Site Scripting
WordPress GRAND Flash Album Gallery 1.71 - 'admin.php' Cross Site Scripting
Dynamic Widgets WordPress Plugin 1.5.1 - 'themes.php' Cross Site Scripting
WordPress GRAND Flash Album Gallery 1.71 - 'admin.php' Cross-Site Scripting
Dynamic Widgets WordPress Plugin 1.5.1 - 'themes.php' Cross-Site Scripting
Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross Site Scripting Vulnerabilities
WordPress Network Publisher 5.0.1 - 'networkpub_key' Cross Site Scripting
Download Manager 2.2.2 - 'cid' Parameter Cross Site Scripting
PDF & Print Button Joliprint 1.3.0 Multiple Cross Site Scripting Vulnerabilities
CataBlog WordPress Plugin 1.6 'admin.php' Cross Site Scripting
2 Click Social Media Buttons 0.32.2 Multiple Cross Site Scripting Vulnerabilities
iFrame Admin Pages 0.1 - 'main_page.php' Cross Site Scripting
WordPress Newsletter Manager Plugin 1.0 Multiple Cross Site Scripting Vulnerabilities
Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Network Publisher 5.0.1 - 'networkpub_key' Cross-Site Scripting
Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting
PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities
CataBlog WordPress Plugin 1.6 'admin.php' Cross-Site Scripting
2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities
iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting
WordPress Newsletter Manager Plugin 1.0 - Multiple Cross-Site Scripting Vulnerabilities
Media Library Categories Multiple Cross Site Scripting Vulnerabilities
LeagueManager 3.7 Multiple Cross Site Scripting Vulnerabilities
Media Library Categories Multiple Cross-Site Scripting Vulnerabilities
LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
GD Star Rating 1.9.16 'tpl_section' Parameter Cross Site Scripting
Mingle Forum 1.0.33 - 'admin.php' Multiple Cross Site Scripting Vulnerabilities
GD Star Rating 1.9.16 'tpl_section' Parameter Cross-Site Scripting
Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
Pretty Link Lite WordPress Plugin 1.5.2 - SQL Injection / Cross Site Scripting
Pretty Link Lite WordPress Plugin 1.5.2 - SQL Injection / Cross-Site Scripting
WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion
WordPress Sharebar Plugin 1.2.1 - SQL Injection / Cross Site Scripting
Share and Follow 1.80.3 - 'admin.php' Cross Site Scripting
WordPress Soundcloud Is Gold 2.1 - 'width' Parameter Cross Site Scripting
WordPress Track That Stat 1.0.8 Cross Site Scripting
LongTail JW Player 'debug' Parameter Cross Site Scripting
WordPress zM Ajax Login & Register Plugin 1.0.9 - Local File Inclusion
WordPress Sharebar Plugin 1.2.1 - SQL Injection / Cross-Site Scripting
Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting
WordPress Soundcloud Is Gold 2.1 - 'width' Parameter Cross-Site Scripting
WordPress Track That Stat 1.0.8 Cross-Site Scripting
LongTail JW Player 'debug' Parameter Cross-Site Scripting
backupDB() 1.2.7a 'onlyDB' Parameter Cross Site Scripting
backupDB() 1.2.7a 'onlyDB' Parameter Cross-Site Scripting
Unijimpe Captcha 'captchademo.php' Cross Site Scripting
Artiphp 5.5.0 Neo - 'index.php' Multiple Cross Site Scripting Vulnerabilities
Unijimpe Captcha 'captchademo.php' Cross-Site Scripting
Artiphp 5.5.0 Neo - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
PHP Address Book 7.0 Multiple Cross Site Scripting Vulnerabilities
PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities
Yandex.Server 2010 9.0 - 'text' Parameter Cross Site Scripting
Yandex.Server 2010 9.0 - 'text' Parameter Cross-Site Scripting
phphq.Net phAlbum 1.5.1 - 'index.php' Cross Site Scripting
RuubikCMS 1.1.x - Cross Site Scripting / Information Disclosure / Directory Traversal
phphq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting
RuubikCMS 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal
AZ Photo Album - Cross Site Scripting / Arbitrary File Upload
AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload
Nilehoster Topics Viewer 2.3 Multiple SQL Injection and Local File Inclusion
Nilehoster Topics Viewer 2.3 - Multiple SQL Injection and Local File Inclusion
AzDGDatingMedium 1.9.3 Multiple Remote Vulnerabilities
AzDGDatingMedium 1.9.3 - Multiple Remote Vulnerabilities
WHMCompleteSolution (WHMCS) 5.0 Multiple Application Function CSRF
WHMCompleteSolution (WHMCS) 5.0 - Multiple Application Function CSRF
VoipNow Professional 2.5.3 - 'nsextt' Parameter Cross Site Scripting
VoipNow Professional 2.5.3 - 'nsextt' Parameter Cross-Site Scripting
WeBid Multiple Cross Site Scripting And LDAP Injection Vulnerabilities
WeBid Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities
Koha 3.20.1 - Multiple XSS and XSRF Vulnerabilities
Koha 3.20.1 - Multiple XSS / XSRF Vulnerabilities
XAMPP for Windows 1.7.7 - Multiple Cross Site Scripting / SQL Injection
SPIP 2.x Multiple Cross Site Scripting Vulnerabilities
XAMPP for Windows 1.7.7 - Multiple Cross-Site Scripting / SQL Injection
SPIP 2.x Multiple Cross-Site Scripting Vulnerabilities
Juniper Networks Mobility System Software 'aaa/wba_login.html' Cross Site Scripting
Juniper Networks Mobility System Software 'aaa/wba_login.html' Cross-Site Scripting
MediaWiki 1.x - 'uselang' Parameter Cross Site Scripting
MediaWiki 1.x - 'uselang' Parameter Cross-Site Scripting
Simple Document Management System 1.1.5 Multiple SQL Injection
Webify Multiple Products - Multiple HTML Injection and Local File Inclusion
Squiz CMS Multiple Cross Site Scripting and XML External Entity Injection Vulnerabilities
Simple Document Management System 1.1.5 - Multiple SQL Injection
Webify Multiple Products - Multiple HTML Injection / Local File Inclusion
Squiz CMS Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities
Mahara 1.4.1 Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Mahara 1.4.1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Flogr 'tag' Parameter Multiple Cross Site Scripting Vulnerabilities
Flogr 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities
CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities
CMS Balitbang - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
AdaptCMS 2.0.2 - 'index.php' Script Cross Site Scripting
AdaptCMS 2.0.2 - 'index.php' Script Cross-Site Scripting
web@all Cross Site Scripting
Commentics 'index.php' Cross Site Scripting
web@all Cross-Site Scripting
Commentics 'index.php' Cross-Site Scripting
Adiscan LogAnalyzer 3.4.3 Cross Site Scripting
Adiscan LogAnalyzer 3.4.3 Cross-Site Scripting
CMS Lokomedia Multiple Cross Site Scripting and HTML Injection Vulnerabilities
CMS Lokomedia - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
Phonalisa Multiple HTML-Injection Cross-Site Scripting
Phonalisa - Multiple HTML-Injection Cross-Site Scripting
FCKEditor Core - (Editor 'spellchecker.php') Cross Site Scripting
FCKEditor Core - (Editor 'spellchecker.php') Cross-Site Scripting
TEMENOS T24 Multiple Cross Site Scripting Vulnerabilities
TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities
SWFUpload 'movieName' Parameter Cross Site Scripting
SWFUpload 'movieName' Parameter Cross-Site Scripting
Joomla 2.5.x Language Switcher ModuleMultiple Cross Site Scripting Vulnerabilities
Joomla 2.5.x Language Switcher ModuleMultiple Cross-Site Scripting Vulnerabilities
php MBB Cross Site Scripting and SQL Injection
php MBB Cross-Site Scripting and SQL Injection
WordPress SocialFit Plugin 'msg' Parameter Cross Site Scripting
WordPress custom tables Plugin 'key' Parameter Cross Site Scripting
WordPress SocialFit Plugin 'msg' Parameter Cross-Site Scripting
WordPress custom tables Plugin 'key' Parameter Cross-Site Scripting
WordPress Knews Multilingual Newsletters Plugin Cross Site Scripting
WordPress PHPFreeChat 'url' Parameter Cross Site Scripting
WordPress Knews Multilingual Newsletters Plugin Cross-Site Scripting
WordPress PHPFreeChat 'url' Parameter Cross-Site Scripting
MGB Multiple Cross Site Scripting and SQL Injection
MGB - Multiple Cross-Site Scripting / SQL Injection
Funeral Script PHP Cross Site Scripting and SQL Injection
Funeral Script PHP Cross-Site Scripting and SQL Injection
Simple Machines 2.0.2 Multiple HTML Injection Vulnerabilities
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities
web@all 'name' Parameter Cross Site Scripting
web@all 'name' Parameter Cross-Site Scripting
REDAXO 'subpage' Parameter Cross Site Scripting
REDAXO 'subpage' Parameter Cross-Site Scripting
Scrutinizer 9.0.1.19899 Multiple Cross Site Scripting Vulnerabilities
Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities
phpBB Multiple SQL Injection
JW Player 'playerready' Parameter Cross Site Scripting
phpBB - Multiple SQL Injection
JW Player 'playerready' Parameter Cross-Site Scripting
Distimo Monitor Multiple Cross Site Scripting Vulnerabilities
ManageEngine Applications Manager Multiple Cross Site Scripting and SQL Injection
Distimo Monitor Multiple Cross-Site Scripting Vulnerabilities
ManageEngine Applications Manager Multiple Cross-Site Scripting and SQL Injection
ntop 'arbfile' Parameter Cross Site Scripting
ntop 'arbfile' Parameter Cross-Site Scripting
Zenoss 3.2.1 Multiple Security Vulnerabilities
Elefant CMS 'id' Parameter Cross Site Scripting
Worksforweb iAuto - Multiple Cross Site Scripting / HTML Injection Vulnerabilities
Zenoss 3.2.1 - Multiple Security Vulnerabilities
Elefant CMS 'id' Parameter Cross-Site Scripting
Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
PolarisCMS 'WebForm_OnSubmit()' Function Cross Site Scripting
PolarisCMS 'WebForm_OnSubmit()' Function Cross-Site Scripting
ConcourseSuite Multiple Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
ConcourseSuite Multiple Cross-Site Scripting and Cross Site Request Forgery Vulnerabilities
Hotel Booking Portal 0.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities
Hotel Booking Portal 0.1 - Multiple SQL Injection / Cross-Site Scripting
Total Shop UK eCommerce CodeIgniter Multiple Cross Site Scripting Vulnerabilities
mIRC 'projects.php' Cross Site Scripting
MindTouch DekiWiki Multiple Remote and Local File Inclusion
Total Shop UK eCommerce CodeIgniter Multiple Cross-Site Scripting Vulnerabilities
mIRC 'projects.php' Cross-Site Scripting
MindTouch DekiWiki - Multiple Remote File Inclusion / Local File Inclusion
ShopperPress WordPress Theme - SQL Injection / Cross Site Scripting
ShopperPress WordPress Theme - SQL Injection / Cross-Site Scripting
LISTSERV 16 'SHOWTPL' Parameter Cross Site Scripting
LISTSERV 16 'SHOWTPL' Parameter Cross-Site Scripting
JPM Article Blog Script 6 'tid' Parameter Cross Site Scripting
SaltOS 'download.php' Cross Site Scripting
IBM Rational ClearQuest 8.0 Multiple Security Vulnerabilities
Jara 1.6 Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
OrderSys 1.6.4 Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
Banana Dance Cross Site Scripting and SQL Injection
JPM Article Blog Script 6 'tid' Parameter Cross-Site Scripting
SaltOS 'download.php' Cross-Site Scripting
IBM Rational ClearQuest 8.0 - Multiple Security Vulnerabilities
Jara 1.6 - Multiple SQL Injection and Multiple Cross-Site Scripting Vulnerabilities
OrderSys 1.6.4 - Multiple SQL Injection and Multiple Cross-Site Scripting Vulnerabilities
Banana Dance - Cross-Site Scripting / SQL Injection
SiNG cms 'password.php' Cross Site Scripting
SiNG cms 'password.php' Cross-Site Scripting
Monstra Multiple HTML Injection Vulnerabilities
KindEditor 'name' Parameter Cross Site Scripting
Monstra - Multiple HTML Injection Vulnerabilities
KindEditor 'name' Parameter Cross-Site Scripting
Websense Content Gateway Multiple Cross Site Scripting Vulnerabilities
JW Player 'logo.link' Parameter Cross Site Scripting
Websense Content Gateway Multiple Cross-Site Scripting Vulnerabilities
JW Player 'logo.link' Parameter Cross-Site Scripting
Power-eCommerce Multiple Cross Site Scripting Vulnerabilities
WordPress Finder 'order' Parameter Cross Site Scripting
Power-eCommerce Multiple Cross-Site Scripting Vulnerabilities
WordPress Finder 'order' Parameter Cross-Site Scripting
LibGuides Multiple Cross Site Scripting Vulnerabilities
Mihalism Multi Host 'users.php' Cross Site Scripting
LibGuides Multiple Cross-Site Scripting Vulnerabilities
Mihalism Multi Host 'users.php' Cross-Site Scripting
Phorum 5.2.18 Multiple Cross Site Scripting Vulnerabilities
PrestaShop 1.4.7 Multiple Cross Site Scripting Vulnerabilities
Phorum 5.2.18 - Multiple Cross-Site Scripting Vulnerabilities
PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities
TomatoCart 'example_form.ajax.php' Cross Site Scripting
TomatoCart 'example_form.ajax.php' Cross-Site Scripting
Crowbar 'file' Parameter Multiple Cross Site Scripting Vulnerabilities
Crowbar 'file' Parameter Multiple Cross-Site Scripting Vulnerabilities
phpFox 3.0.1 - 'ajax.php' Multiple Cross Site Scripting Vulnerabilities
Kayako Fusion 'download.php' Cross Site Scripting
phpFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities
Kayako Fusion 'download.php' Cross-Site Scripting
Hawkeye-G 3.0.1.4912 - Persistent XSS & Information Leakage
Hawkeye-G 3.0.1.4912 - Persistent XSS / Information Leakage
LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting
WordPress Slideshow Plugin Multiple Cross Site Scripting Vulnerabilities
LiteSpeed Web Server 'gtitle' parameter Cross-Site Scripting
WordPress Slideshow Plugin Multiple Cross-Site Scripting Vulnerabilities
Printer Pro 5.4.3 IOS - Persistent Cross Site Scripting
Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting
Flogr 'index.php' Multiple Cross Site Scripting Vulnerabilities
Flogr 'index.php' Multiple Cross-Site Scripting Vulnerabilities
ExtCalendar 2.0 Multiple SQL Injection and HTML Injection Vulnerabilities
ExtCalendar 2.0 - Multiple SQL Injection and HTML Injection Vulnerabilities
WordPress Download Monitor Plugin 'dlsearch' Parameter Cross Site Scripting
WordPress Download Monitor Plugin 'dlsearch' Parameter Cross-Site Scripting
Openfiler 2.3 Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
Openfiler 2.3 - Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities
Atlassian Confluence 3.4.x Error Page Cross Site Scripting
Atlassian Confluence 3.4.x Error Page Cross-Site Scripting
vBSEO 'u' parameter Cross Site Scripting
vBSEO 'u' parameter Cross-Site Scripting
minimal Gallery 'index.php' Multiple Cross Site Scripting Vulnerabilities
minimal Gallery 'index.php' Multiple Cross-Site Scripting Vulnerabilities
AxisInternet VoIP Manager Multiple Cross Site Scripting Vulnerabilities
AxisInternet VoIP Manager Multiple Cross-Site Scripting Vulnerabilities
WordPress Purity Theme Multiple Cross Site Scripting Vulnerabilities
Poweradmin 'index.php' Cross Site Scripting
WordPress MF Gig Calendar Plugin Cross Site Scripting
WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities
Poweradmin 'index.php' Cross-Site Scripting
WordPress MF Gig Calendar Plugin Cross-Site Scripting
WordPress Video Lead Form Plugin 'errMsg' Parameter Cross Site Scripting
WordPress Video Lead Form Plugin 'errMsg' Parameter Cross-Site Scripting
YCommerce Multiple SQL Injection
YCommerce - Multiple SQL Injection
WordPress Token Manager Plugin 'tid' Parameter Cross Site Scripting
WordPress Token Manager Plugin 'tid' Parameter Cross-Site Scripting
Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross Site Scripting
Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross-Site Scripting
WordPress ABC Test Plugin 'id' Parameter Cross Site Scripting
WordPress ABC Test Plugin 'id' Parameter Cross-Site Scripting
WordPress Akismet Plugin Multiple Cross Site Scripting Vulnerabilities
Zenphoto 'admin-news-articles.php' Cross Site Scripting
WordPress Akismet Plugin Multiple Cross-Site Scripting Vulnerabilities
Zenphoto 'admin-news-articles.php' Cross-Site Scripting
Interspire Email Marketer - (Cross Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities
Interspire Email Marketer - (Cross-Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities
CMS Mini 0.2.2 - 'index.php' Script Cross Site Scripting
CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting
WordPress Wordfence Security Plugin Cross Site Scripting
WordPress Wordfence Security Plugin Cross-Site Scripting
SMF 'view' Parameter Cross Site Scripting
Inventory Multiple Cross Site Scripting and SQL Injection
SMF 'view' Parameter Cross-Site Scripting
Inventory Multiple Cross-Site Scripting and SQL Injection
Gramophone 'rs' Parameter Cross Site Scripting
Gramophone 'rs' Parameter Cross-Site Scripting
WANem Multiple Cross Site Scripting Vulnerabilities
CorePlayer 'callback' Parameter Cross Site Scripting
WANem Multiple Cross-Site Scripting Vulnerabilities
CorePlayer 'callback' Parameter Cross-Site Scripting
NetCat CMS Multiple Cross Site Scripting Vulnerabilities
SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross Site Scripting
NetCat CMS Multiple Cross-Site Scripting Vulnerabilities
SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross-Site Scripting
bloofoxCMS 0.3.5 Multiple Cross Site Scripting Vulnerabilities
bloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities
WebKit Cross Site Scripting Filter 'XSSAuditor.cpp' Security Bypass
WebKit Cross-Site Scripting Filter 'XSSAuditor.cpp' Security Bypass
Elastix 'page' Parameter Cross Site Scripting
TinyMCPUK 'test' Parameter Cross Site Scripting
Elastix 'page' Parameter Cross-Site Scripting
TinyMCPUK 'test' Parameter Cross-Site Scripting
Multiple Fortinet FortiWeb Appliances Multiple Cross Site Scripting Vulnerabilities
Multiple Fortinet FortiWeb Appliances Multiple Cross-Site Scripting Vulnerabilities
PHP Address Book 'group' Parameter Cross Site Scripting
PHP Address Book 'group' Parameter Cross-Site Scripting
cPanel 'account' Parameter Cross Site Scripting
cPanel 'account' Parameter Cross-Site Scripting
WHM 'filtername' Parameter Cross Site Scripting
cPanel 'dir' Parameter Cross Site Scripting
WHM 'filtername' Parameter Cross-Site Scripting
cPanel 'dir' Parameter Cross-Site Scripting
Joomla! Incapsula Component Multiple Cross Site Scripting Vulnerabilities
WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross Site Scripting
Joomla! Incapsula Component Multiple Cross-Site Scripting Vulnerabilities
WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross-Site Scripting
Dell OpenManage Server Administrator Cross Site Scripting
Dell OpenManage Server Administrator Cross-Site Scripting
Quick.Cms/Quick.Cart Cross Site Scripting
Quick.Cms/Quick.Cart Cross-Site Scripting
Apache OFBiz 10.4.x Multiple Cross Site Scripting Vulnerabilities
Scripts Genie Classified Ultra - SQL Injection / Cross Site Scripting
Apache OFBiz 10.4.x Multiple Cross-Site Scripting Vulnerabilities
Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting
Perforce P4Web Multiple Cross Site Scripting Vulnerabilities
gpEasy CMS 'section' Parameter Cross Site Scripting
Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities
gpEasy CMS 'section' Parameter Cross-Site Scripting
Novell Groupwise Client 8.0 Multiple Remote Code Execution Vulnerabilities
WordPress WP-Table Reloaded Plugin 'id' Parameter Cross Site Scripting
Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities
WordPress WP-Table Reloaded Plugin 'id' Parameter Cross-Site Scripting
WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross Site Scripting
WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross-Site Scripting
WordPress Audio Player Plugin 'playerID' Parameter Cross Site Scripting
WordPress Pinboard Theme 'tab' Parameter Cross Site Scripting
WordPress Audio Player Plugin 'playerID' Parameter Cross-Site Scripting
WordPress Pinboard Theme 'tab' Parameter Cross-Site Scripting
AbanteCart 'index.php' Multiple Cross Site Scripting Vulnerabilities
AbanteCart 'index.php' Multiple Cross-Site Scripting Vulnerabilities
Sonar Multiple Cross Site Scripting Vulnerabilities
Sonar Multiple Cross-Site Scripting Vulnerabilities
MIMEsweeper For SMTP Multiple Cross Site Scripting Vulnerabilities
MIMEsweeper For SMTP Multiple Cross-Site Scripting Vulnerabilities
Squirrelcart 'table' Parameter Cross Site Scripting
Squirrelcart 'table' Parameter Cross-Site Scripting
CKEditor 'posteddata.php' Cross Site Scripting
CKEditor 'posteddata.php' Cross-Site Scripting
WordPress Pretty Link Plugin Cross Site Scripting
WordPress Pretty Link Plugin Cross-Site Scripting
Zenphoto 'index.php' SQL Injection
PHPmyGallery 1.5 - Local File Disclosure / Cross Site Scripting
OpenEMR 'site' Parameter Cross Site Scripting
ZeroClipboard 1.9.x - 'id' Parameter Cross Site Scripting
Zenphoto - 'index.php' SQL Injection
PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting
OpenEMR 'site' Parameter Cross-Site Scripting
ZeroClipboard 1.9.x - 'id' Parameter Cross-Site Scripting
WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross Site Scripting Vulnerabilities
Batavi 'index.php' Cross Site Scripting
WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities
Batavi 'index.php' Cross-Site Scripting
JForum 'jforum.page' Multiple Cross Site Scripting Vulnerabilities
Geeklog Cross Site Scripting
JForum 'jforum.page' Multiple Cross-Site Scripting Vulnerabilities
Geeklog Cross-Site Scripting
WordPress Uploader Plugin 'blog' Parameter Cross Site Scripting
WordPress Uploader Plugin 'blog' Parameter Cross-Site Scripting
HP Intelligent Management Center 'topoContent.jsf' Cross Site Scripting
WordPress Count Per Day Plugin 'daytoshow' Parameter Cross Site Scripting
HP Intelligent Management Center 'topoContent.jsf' Cross-Site Scripting
WordPress Count Per Day Plugin 'daytoshow' Parameter Cross-Site Scripting
Your Own Classifieds Cross Site Scripting
McAfee Vulnerability Manager - 'cert_cn' Parameter Cross Site Scripting
Your Own Classifieds Cross-Site Scripting
McAfee Vulnerability Manager - 'cert_cn' Parameter Cross-Site Scripting
SWFUpload Multiple Content Spoofing And Cross Site Scripting Vulnerabilities
Asteriskguru Queue Statistics 'warning' Parameter Cross Site Scripting
WordPress podPress Plugin 'playerID' Parameter Cross Site Scripting
SWFUpload Multiple Content Spoofing And Cross-Site Scripting Vulnerabilities
Asteriskguru Queue Statistics 'warning' Parameter Cross-Site Scripting
WordPress podPress Plugin 'playerID' Parameter Cross-Site Scripting
Petite Annonce Cross Site Scripting
Petite Annonce Cross-Site Scripting
WordPress ADIF Log Search Widget Plugin 'logbook_search.php' Cross Site Scripting
WordPress ADIF Log Search Widget Plugin 'logbook_search.php' Cross-Site Scripting
Jaow CMS 'add_ons' Parameter Cross Site Scripting
Jaow CMS 'add_ons' Parameter Cross-Site Scripting
IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross Site Scripting Vulnerabilities
OrionDB Web Directory Multiple Cross Site Scripting Vulnerabilities
WordPress Feedweb Plugin 'wp_post_id' Parameter Cross Site Scripting
C2 WebResource 'File' Parameter Cross Site Scripting
e107 - 'content_preset.php' Cross Site Scripting
IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross-Site Scripting Vulnerabilities
OrionDB Web Directory Multiple Cross-Site Scripting Vulnerabilities
WordPress Feedweb Plugin 'wp_post_id' Parameter Cross-Site Scripting
C2 WebResource 'File' Parameter Cross-Site Scripting
e107 - 'content_preset.php' Cross-Site Scripting
Zimbra 'aspell.php' Cross Site Scripting
Zimbra 'aspell.php' Cross-Site Scripting
WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross Site Scripting
phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross Site Scripting Vulnerabilities
WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross-Site Scripting
phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities
Dream CMS 2.3.0 - CSRF Add Extension And File Upload PHP Code Execution
Dream CMS 2.3.0 - CSRF Add Extension / File Upload PHP Code Execution
jPlayer 'Jplayer.swf' Script Cross Site Scripting
jPlayer 'Jplayer.swf' Script Cross-Site Scripting
Matrix42 Service Store 'default.aspx' Cross Site Scripting
Matrix42 Service Store 'default.aspx' Cross-Site Scripting
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion and Path Disclosure
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Path Disclosure
RealtyScript 4.0.2 - Multiple CSRF And Persistent XSS Vulnerabilities
RealtyScript 4.0.2 - Multiple CSRF / Persistent XSS Vulnerabilities
Cisco Linksys E4200 /apply.cgi Multiple Parameter XSS
Cisco Linksys E4200 /apply.cgi - Multiple Parameter XSS
MyBB Game Section Plugin 'games.php' Multiple Cross Site Scripting Vulnerabilities
Securimage 'example_form.php' Cross Site Scripting
WordPress Securimage-WP Plugin 'siwp_test.php' Cross Site Scripting
MyBB Game Section Plugin 'games.php' Multiple Cross-Site Scripting Vulnerabilities
Securimage 'example_form.php' Cross-Site Scripting
WordPress Securimage-WP Plugin 'siwp_test.php' Cross-Site Scripting
Jojo CMS 'search' Parameter Cross Site Scripting
Jojo CMS 'search' Parameter Cross-Site Scripting
Elastix Multiple Cross Site Scripting Vulnerabilities
Telaen 2.7.x Cross Site Scripting
Elastix Multiple Cross-Site Scripting Vulnerabilities
Telaen 2.7.x Cross-Site Scripting
WordPress Ambience Theme 'src' Parameter Cross Site Scripting
WordPress Ambience Theme 'src' Parameter Cross-Site Scripting
Xaraya Multiple Cross Site Scripting Vulnerabilities
Xaraya - Multiple Cross-Site Scripting Vulnerabilities
Nameko 'nameko.php' Cross Site Scripting
Nameko 'nameko.php' Cross-Site Scripting
Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross Site Scripting
Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross-Site Scripting
WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross Site Scripting
WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross-Site Scripting
WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross Site Scripting
WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross-Site Scripting
Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross Site Scripting
Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting
Mintboard Multiple Cross Site Scripting Vulnerabilities
miniBB SQL Injection and Multiple Cross Site Scripting Vulnerabilities
Mintboard Multiple Cross-Site Scripting Vulnerabilities
miniBB SQL Injection and Multiple Cross-Site Scripting Vulnerabilities
WordPress Pie Register Plugin 'wp-login.php' Multiple Cross Site Scripting Vulnerabilities
WordPress Pie Register Plugin 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
Corda .NET Redirector 'redirector.corda' Cross Site Scripting
Corda .NET Redirector 'redirector.corda' Cross-Site Scripting
Apache Struts 2.2.3 Multiple Open Redirection Vulnerabilities
Apache Struts 2.2.3 - Multiple Open Redirection Vulnerabilities
YardRadius Multiple Local Format String Vulnerabilities
YardRadius - Multiple Local Format String Vulnerabilities
WordPress FlagEm Plugin 'cID' Parameter Cross Site Scripting
Magnolia CMS Multiple Cross Site Scripting Vulnerabilities
WordPress Duplicator Plugin Cross Site Scripting
WordPress FlagEm Plugin 'cID' Parameter Cross-Site Scripting
Magnolia CMS Multiple Cross-Site Scripting Vulnerabilities
WordPress Duplicator Plugin Cross-Site Scripting
AlienVault Open Source SIEM (OSSIM) - Multiple Cross Site Scripting Vulnerabilities
AlienVault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities
AlgoSec Firewall Analyzer Cross Site Scripting
AlgoSec Firewall Analyzer Cross-Site Scripting
DotNetNuke 6.1.x Cross Site Scripting
DotNetNuke 6.1.x Cross-Site Scripting
Bo-Blog 2.1.1 Cross Site Scripting and SQL Injection
Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection
Netwin SurgeFTP Sever 23d6 - Stored Cross Site Scripting
Netwin SurgeFTP Sever 23d6 - Stored Cross-Site Scripting
Oracle Glassfish Server 2.1.1/3.0.1 Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access
Oracle Glassfish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access
Bugzilla 'editflagtypes.cgi' Multiple Cross Site Scripting Vulnerabilities
Bugzilla 'editflagtypes.cgi' Multiple Cross-Site Scripting Vulnerabilities
Course Registration Management System Cross Site Scripting and SQL Injection
Course Registration Management System Cross-Site Scripting and SQL Injection
WordPress Plugin WP Easy Poll 1.1.3 - XSS and CSRF
WordPress Plugin WP Easy Poll 1.1.3 - XSS / CSRF
Dell Kace 1000 Systems Management Appliance DS-2014-001 Multiple SQL Injection
Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injection
Rhino Cross Site Scripting and Password Reset Security Bypass Vulnerabilities
Rhino Cross-Site Scripting and Password Reset Security Bypass Vulnerabilities
Maian Uploader 4.0 Multiple Security Vulnerabilities
Maian Uploader 4.0 - Multiple Security Vulnerabilities
Singapore 0.9.9 b beta - Image Gallery Remote File Inclusion / Cross Site Scripting
Singapore 0.9.9 b beta - Image Gallery Remote File Inclusion / Cross-Site Scripting
ATutor Multiple Cross Site Scripting and HTML Injection Vulnerabilities
ATutor - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
Xangati /servlet/MGConfigData Multiple Parameter Remote Path Traversal File Access
Xangati /servlet/MGConfigData - Multiple Parameter Remote Path Traversal File Access
ZamFoo Multiple Remote Command Execution Vulnerabilities
ZamFoo - Multiple Remote Command Execution Vulnerabilities
WordPress DZS-VideoGallery Plugin - Cross Site Scripting / Command Injection
WordPress DZS-VideoGallery Plugin - Cross-Site Scripting / Command Injection
Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption
Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2
Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption (1)
Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption (2)
Chamilo LMS - Persistent Cross Site Scripting
Chamilo LMS - Persistent Cross-Site Scripting
WordPress Site Import Plugin 1.0.1 - Local and Remote File Inclusion
WordPress Site Import Plugin 1.0.1 - Local File Inclusion / Remote File Inclusion
PHP 5.5.33 / <= 7.0.4 - SNMP Format String Exploit
PHP 5.5.33 / 7.0.4 - SNMP Format String Exploit
CMS Made Simple < 2.1.3 & < 1.12.1 - Web Server Cache Poisoning
CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning
ImageMagick 6.9.3-9 / <= 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
ImageMagick 6.9.3-9 / <= 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)
ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)
Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)
iBilling 3.7.0 - Stored and Reflected XSS
iBilling 3.7.0 - Stored XSS / Reflected XSS
CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter + ASLR bypass)
CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter + ASLR Bypass)
WordPress Booking Calendar Plugin 6.2 - SQL Injection
WordPress WP Live Chat Support Plugin 6.2.03 - Stored XSS
WordPress ALO EasyMail Newsletter Plugin 2.9.2 - (Add/Import Arbitrary Subscribers) CSRF
Halliburton LogView Pro 9.7.5 - (.cgm/.tif/.tiff/.tifh) Crash PoC
2016-08-02 05:08:00 +00:00
Offensive Security
fb1d85bff8
DB: 2016-08-01
2016-08-01 05:02:17 +00:00
Offensive Security
3729a0e02d
DB: 2016-07-31
2016-07-31 05:06:32 +00:00
Offensive Security
d1e88dd6d0
DB: 2016-07-30
2016-07-30 07:05:01 +00:00
Offensive Security
70d97f91c1
DB: 2016-07-28
...
2 new exploits
Multiple AntiVirus (zip file) Detection Bypass Exploit
Multiple AntiVirus - .zip Detection Bypass Exploit
RealPlayer 10 - (.smil File) Local Buffer Overflow Exploit
RealPlayer 10 - (.smil) Local Buffer Overflow Exploit
Veritas Backup Exec - Remote File Access Exploit (Windows)
Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit)
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow
ZENworks 6.5 Desktop/Server Management - Remote Stack Overflow (Metasploit)
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit (Metasploit)
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit)
WebAdmin <= 2.0.4 - USER Buffer Overflow Exploit
WebAdmin <= 2.0.4 - USER Buffer Overflow Exploit (Metasploit)
Opera <= 8.02 - Remote Denial of Service Exploit
Opera <= 8.02 - Remote Denial of Service Exploit (1)
MailEnable 1.54 Pro - Universal IMAPD W3C Logging BoF Exploit
Google Search Appliance - proxystylesheet XSLT Java Code Execution
MailEnable 1.54 Pro - Universal IMAPD W3C Logging BoF Exploit (Metasploit)
Google Search Appliance - proxystylesheet XSLT Java Code Execution (Metasploit)
Oracle 9.2.0.1 - Universal XDB HTTP Pass Overflow Exploit
Lyris ListManager - Read Message Attachment SQL Injection Exploit
Oracle 9.2.0.1 - Universal XDB HTTP Pass Overflow Exploit (Metasploit)
Lyris ListManager - Read Message Attachment SQL Injection Exploit (Metasploit)
Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (Linux)
Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (Linux) (Metasploit)
Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (OSX)
Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (OSX) (Metasploit)
Mac OS X Safari Browser - (Safe File) Remote Code Execution Exploit
Mac OS X Safari Browser - (Safe File) Remote Code Execution Exploit (Metasploit)
Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote Exploit
Kerio Personal Firewall <= 2.1.4 - Remote Authentication Packet Overflow
Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote Exploit (Metasploit)
Kerio Personal Firewall <= 2.1.4 - Remote Authentication Packet Overflow (Metasploit)
Microsoft Visual Studio 6.0 sp6 - (Malformed .dbp File) Buffer Overflow Exploit
Microsoft Visual Studio 6.0 sp6 - (.dbp) Buffer Overflow Exploit
Novell Messenger Server 2.0 - (Accept-Language) Remote Overflow Exploit
Symantec Sygate Management Server - (login) SQL Injection Exploit
Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow Exploit
Novell Messenger Server 2.0 - (Accept-Language) Remote Overflow Exploit (Metasploit)
Symantec Sygate Management Server - (login) SQL Injection Exploit (Metasploit)
Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow Exploit (Metasploit)
Microsoft Windows RRAS - Remote Stack Overflow Exploit (MS06-025)
Microsoft Windows RRAS - Remote Stack Overflow Exploit (MS06-025) (Metasploit)
Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025)
Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025) (Metasploit)
eIQnetworks License Manager Remote Buffer Overflow Exploit (1262)
eIQnetworks License Manager Remote Buffer Overflow Exploit (494)
eIQnetworks License Manager - Remote Buffer Overflow Exploit (Metasploit)
eIQnetworks License Manager - Remote Buffer Overflow Exploit (multi) (2)
eIQnetworks License Manager - Remote Buffer Overflow Exploit (Metasploit) (2)
Microsoft Windows - NetpIsRemote() Remote Overflow Exploit (MS06-040)
Microsoft Windows - NetpIsRemote() Remote Overflow Exploit (MS06-040) (Metasploit)
Microsoft Internet Explorer - (MDAC) Remote Code Execution Exploit (MS06-014) (2)
Microsoft Internet Explorer - (MDAC) Remote Code Execution Exploit (MS06-014) (Metasploit) (2)
IBM eGatherer <= 3.20.0284.0 - (ActiveX) Remote Code Execution Exploit
IBM eGatherer <= 3.20.0284.0 - (ActiveX) Remote Code Execution Exploit (Metasploit)
Microsoft Windows 2003 - NetpIsRemote() Remote Overflow Exploit (MS06-040)
Microsoft Windows 2003 - NetpIsRemote() Remote Overflow Exploit (MS06-040) (Metasploit)
Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow Exploit
Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow Exploit (Metasploit)
McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit
McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit (Metasploit)
PrivateWire Gateway 3.7 - Remote Buffer Overflow Exploit (Win32)
PrivateWire Gateway 3.7 - Remote Buffer Overflow Exploit (Win32) (Metasploit)
Apple Airport - 802.11 Probe Response Kernel Memory Corruption Proof of Concept
Apple Airport - 802.11 Probe Response Kernel Memory Corruption Proof of Concept (Metasploit)
VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (Metasploit)
VUPlayer 2.44 - (.m3u UNC Name) Buffer Overflow Exploit (Metasploit)
VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit
VUPlayer 2.44 - (.m3u UNC Name) Buffer Overflow Exploit
Windows Media Player 9/10 - (MID File) Denial of Service Exploit
Windows Media Player 9/10 - (.MID) Denial of Service Exploit
NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow Exploit
NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow Exploit (Metasploit)
Oreon <= 1.2.3 RC4 - (lang/index.php file) Remote Inclusion
Oreon <= 1.2.3 RC4 - (lang/index.php) Remote Inclusion
Magic CMS 4.2.747 - (mysave.php file) Remote File Include
Magic CMS 4.2.747 - (mysave.php) Remote File Include
WebLog (index.php file) Remote File Disclosure
WebLog (index.php) Remote File Disclosure
Pathos CMS 0.92-2 - (warn.php file) Remote File Inclusion
Pathos CMS 0.92-2 - (warn.php) Remote File Inclusion
Zomplog 3.8 - (force_download.php file) Remote File Disclosure
Zomplog 3.8 - (force_download.php) Remote File Disclosure
Winamp <= 5.3 - (WMV File) Remote Denial of Service Exploit
Winamp <= 5.3 - (.WMV) Remote Denial of Service Exploit
Opera 9.2 - (torrent File) Remote Denial of Service Exploit
Opera 9.2 - (.torrent) Remote Denial of Service Exploit
JulmaCMS 1.4 - (file.php file) Remote File Disclosure
JulmaCMS 1.4 - (file.php) Remote File Disclosure
PStruh-CZ 1.3/1.5 - (download.asp File) File Disclosure
PStruh-CZ 1.3/1.5 - (download.asp) File Disclosure
Virtual DJ 5.0 - (m3u File) Local Buffer OverFlow Exploit
OTSTurntables 1.00 - (m3u File) Local Buffer Overflow Exploit
Virtual DJ 5.0 - (.m3u) Local Buffer OverFlow Exploit
OTSTurntables 1.00 - (.m3u) Local Buffer Overflow Exploit
AtomixMP3 2.3 - (pls File) Local Buffer OverFlow Exploit
AtomixMP3 2.3 - (.pls) Local Buffer OverFlow Exploit
helplink 0.1.0 - (show.php file) Remote File Inclusion
helplink 0.1.0 - (show.php) Remote File Inclusion
jetAudio 7.x - (m3u File) Local SEH Overwrite Exploit
jetAudio 7.x - (m3u) Local SEH Overwrite Exploit
FireConfig 0.5 - (dl.php file) Remote File Disclosure
FireConfig 0.5 - (dl.php) Remote File Disclosure
Sony CONNECT Player 4.x - (m3u File) Local Stack Overflow Exploit
Sony CONNECT Player 4.x - (.m3u) Local Stack Overflow Exploit
phpCMS 1.2.2 - (parser.php file) Remote File Disclosure
phpCMS 1.2.2 - (parser.php) Remote File Disclosure
ChartDirector 4.1 - (viewsource.php file) File Disclosure
ChartDirector 4.1 - (viewsource.php) File Disclosure
IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (Perl)
IntelliTamper 2.07 - (.map) Local Arbitrary Code Execution Exploit (Perl)
Acoustica Mixcraft <= 4.2 Build 98 - (mx4 file) Local BoF Exploit
Acoustica Mixcraft <= 4.2 Build 98 - (mx4) Local BoF Exploit
Acoustica MP3 CD Burner 4.51 Build 147 - (asx file) Local BoF Exploit
Acoustica MP3 CD Burner 4.51 Build 147 - (.asx) Local BoF Exploit
Acoustica Beatcraft 1.02 Build 19 - (bcproj file) Local BoF Exploit
Acoustica Beatcraft 1.02 Build 19 - (.bcproj) Local BoF Exploit
Microsoft Windows Explorer - (.zip File) Denial of Service Exploit
Microsoft Windows Explorer - (.zip) Denial of Service Exploit
Kusaba <= 1.0.4 - Remote Code Execution Exploit
Kusaba <= 1.0.4 - Remote Code Execution Exploit (1)
Cain & Abel 4.9.23 - (rdp file) Buffer Overflow PoC
Cain & Abel 4.9.23 - (.rdp) Buffer Overflow PoC
Electronics Workbench (EWB File) Local Stack Overflow PoC
Electronics Workbench (.EWB) Local Stack Overflow PoC
Cain & Abel 4.9.23 - (rdp file) Buffer Overflow Exploit
Cain & Abel 4.9.23 - (.rdp) Buffer Overflow Exploit
autositephp 2.0.3 - (LFI/CSRF/edit file) Multiple Vulnerabilities
autositephp 2.0.3 - (LFI/CSRF/Edit file) Multiple Vulnerabilities
CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit
CoolPlayer 2.19 - (.Skin) Local Buffer Overflow Exploit
CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (Python)
CoolPlayer 2.19 - (.Skin) Local Buffer Overflow Exploit (Python)
SAWStudio 3.9i (prf File) Local Buffer Overflow PoC
SAWStudio 3.9i - (.prf) Local Buffer Overflow PoC
IntelliTamper 2.07/2.08 - (MAP File) Local SEH Overwrite Exploit
IntelliTamper 2.07/2.08 - (.MAP) Local SEH Overwrite Exploit
Hex Workshop 5.1.4 - (Color Mapping File) Local Buffer Overflow PoC
Hex Workshop 5.1.4 - Color Mapping File Local Buffer Overflow PoC
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow PoC
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow PoC
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (2)
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (3)
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (2)
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (3)
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (4)
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (5)
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (4)
Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (5)
VUPlayer <= 2.49 - (.PLS) Universal Buffer Overflow Exploit
VUPlayer 2.49 - (.pls) Universal Buffer Overflow Exploit
ExcelOCX ActiveX 3.2 - (Download File) Insecure Method Exploit
ExcelOCX ActiveX 3.2 - Download File Insecure Method Exploit
Zinf Audio Player 2.2.1 - (PLS File) Stack Overflow PoC
Zinf Audio Player 2.2.1 - (PLS File) Local Buffer Overflow Exploit (univ)
Zinf Audio Player 2.2.1 - (M3U FILE) Local Heap Overflow PoC
Zinf Audio Player 2.2.1 - (gqmpeg File) Buffer Overflow PoC
Zinf Audio Player 2.2.1 - (.pls) Stack Overflow PoC
Zinf Audio Player 2.2.1 - (.pls) Local Buffer Overflow Exploit (univ)
Zinf Audio Player 2.2.1 - (.M3U) Local Heap Overflow PoC
Zinf Audio Player 2.2.1 - (.gqmpeg) Buffer Overflow PoC
Thomson mp3PRO Player/Encoder (M3U File) Crash PoC
Thomson mp3PRO Player/Encoder - (.M3U) Crash PoC
Spider Player 2.3.9.5 - (asx File) off by one Crash Exploit
Spider Player 2.3.9.5 - (.asx) off by one Crash Exploit
Elecard AVC HD PLAYER (m3u/xpl file) Local Stack Overflow PoC
Elecard AVC HD PLAYER - (.m3u/.xpl) Local Stack Overflow PoC
Nokia N95-8 - (.JPG File) Remote Crash PoC
Nokia N95-8 - (.JPG) Remote Crash PoC
Media Commands (m3u File) Local SEH Overwrite Exploit
Media Commands (.m3u) Local SEH Overwrite Exploit
Media Commands (m3u File) Universal SEH Overwrite Exploit
Media Commands (.m3u) Universal SEH Overwrite Exploit
MediaCoder 0.6.2.4275 - (m3u File) Universal Stack Overflow Exploit
MediaCoder 0.6.2.4275 - (.m3u) Universal Stack Overflow Exploit
VUPlayer <= 2.49 - (.cue) Universal Buffer Overflow Exploit
VUPlayer 2.49 - (.cue) Universal Buffer Overflow Exploit
Gretech GOM Encoder 1.0.0.11 - (Subtitle File) Buffer Overflow PoC
Gretech GOM Encoder 1.0.0.11 - (.Subtitle) Buffer Overflow PoC
Abee Chm Maker 1.9.5 - (CMP File) Stack Overflow Exploit
PowerCHM 5.7 - (hhp File) Stack Overflow poC
Abee Chm Maker 1.9.5 - (.CMP) Stack Overflow Exploit
PowerCHM 5.7 - (.hhp) Stack Overflow poC
Apollo 37zz (M3u File) Local Heap Overflow PoC
Apollo 37zz - (.m3u) Local Heap Overflow PoC
mpegable Player 2.12 - (YUV File) Local Stack Overflow PoC
mpegable Player 2.12 - (.YUV) Local Stack Overflow PoC
Rama CMS <= 0.9.8 - (download.php file) File Disclosure
Rama CMS <= 0.9.8 - (download.php) File Disclosure
compface <= 1.5.2 - (XBM File) Local Buffer Overflow PoC
compface <= 1.5.2 - (.XBM) Local Buffer Overflow PoC
MP3-Nator 2.0 - (plf File) Universal Buffer Overflow Exploit (SEH)
MP3-Nator 2.0 - (.plf) Universal Buffer Overflow Exploit (SEH)
PatPlayer 3.9 - (M3U File) Local Heap Overflow PoC
PatPlayer 3.9 - (.M3U) Local Heap Overflow PoC
QuickDev 4 - (download.php file) File Disclosure
QuickDev 4 - (download.php) File Disclosure
FoxPlayer 1.1.0 - (m3u File) Local Buffer Overflow PoC
FoxPlayer 1.1.0 - (.m3u) Local Buffer Overflow PoC
Microsoft Windows 2003 - (EOT File) BSOD Crash Exploit
Microsoft Windows 2003 - (.EOT) BSOD Crash Exploit
VUPlayer <= 2.49 - (.m3u) Universal Buffer Overflow Exploit
VUPlayer 2.49 - (.m3u) Universal Buffer Overflow Exploit
Audio Lib Player (m3u File) Buffer Overflow Exploit (SEH)
Audio Lib Player (.m3u) Buffer Overflow Exploit (SEH)
MP3 Collector 2.3 - (m3u File) Local Crash PoC
MP3 Collector 2.3 - (.m3u) Local Crash PoC
BigAnt Server 2.50 SP1 - (ZIP File) Local Buffer Overflow PoC
BigAnt Server 2.50 SP1 - (.ZIP) Local Buffer Overflow PoC
BigAnt Server <= 2.50 SP6 - Local (ZIP File) Buffer Overflow PoC (2)
BigAnt Server <= 2.50 SP6 - (.ZIP) Local Buffer Overflow PoC (2)
XM Easy Personal FTP Server <= 5.8.0 DoS
XM Easy Personal FTP Server <= 5.8.0 DoS (Metasploit)
Symantec ConsoleUtilities ActiveX Buffer Overflow
Symantec ConsoleUtilities ActiveX Buffer Overflow (Metasploit)
Nagios3 statuswml.cgi Command Injection
Nagios3 statuswml.cgi Command Injection (Metasploit)
httpdx 1.4 - h_handlepeer BoF
httpdx 1.4 - h_handlepeer BoF (Metasploit)
Mambo 4.6.4 - Cache Lite Output Remote File Inclusion
Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit)
BASE <= 1.2.4 - base_qry_common.php Remote File Inclusion
AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection
Cacti 0.8.6-d graph_view.php Command Injection
AWStats 6.2-6.1 - configdir Command Injection
ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution
SpamAssassin spamd <= 3.1.3 - Command Injection
DistCC Daemon - Command Execution
ContentKeeper Web Appliance < 125.10 Command Execution
Solaris in.telnetd TTYPROMPT - Buffer Overflow
Solaris 10 / 11 Telnet - Remote Authentication Bypass
Solaris sadmind adm_build_path - Buffer Overflow
Solaris <= 8.0 - LPD Command Execution
BASE <= 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit)
AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit)
Cacti 0.8.6-d graph_view.php Command Injection (Metasploit)
AWStats 6.2-6.1 - configdir Command Injection (Metasploit)
ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution (Metasploit)
SpamAssassin spamd <= 3.1.3 - Command Injection (Metasploit)
DistCC Daemon - Command Execution (Metasploit)
ContentKeeper Web Appliance < 125.10 Command Execution (Metasploit)
Solaris in.telnetd TTYPROMPT - Buffer Overflow (Metasploit)
Solaris 10 / 11 Telnet - Remote Authentication Bypass (Metasploit)
Solaris sadmind adm_build_path - Buffer Overflow (Metasploit)
Solaris <= 8.0 - LPD Command Execution (Metasploit)
Solaris 8 dtspcd - Heap Overflow
Samba 2.2.0 < 2.2.8 - trans2open Overflow (OS X)
Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X)
Solaris 8 dtspcd - Heap Overflow (Metasploit)
Samba 2.2.0 < 2.2.8 - trans2open Overflow (OS X) (Metasploit)
Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X) (Metasploit)
mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X)
WebSTAR FTP Server <= 5.3.2 - USER Overflow (OS X)
Mail.App 10.5.0 - Image Attachment Command Execution (OS X)
Arkeia Backup Client <= 5.3.3 - Type 77 Overflow (OS X)
AppleFileServer 10.3.3 - LoginEXT PathName Overflow (OS X)
Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow
mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X) (Metasploit)
WebSTAR FTP Server <= 5.3.2 - USER Overflow (OS X) (Metasploit)
Mail.App 10.5.0 - Image Attachment Command Execution (OS X) (Metasploit)
Arkeia Backup Client <= 5.3.3 - Type 77 Overflow (OS X) (Metasploit)
AppleFileServer 10.3.3 - LoginEXT PathName Overflow (OS X) (Metasploit)
Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow (Metasploit)
Wyse Rapport Hagent Fake Hserver - Command Execution
Subversion 1.0.2 - Date Overflow
Samba 2.2.x - nttrans Overflow
RealServer 7-9 Describe Buffer Overflow
PHP < 4.5.0 - unserialize Overflow
ntpd 4.0.99j-k readvar - Buffer Overflow
Veritas NetBackup - Remote Command Execution
HP OpenView OmniBack II A.03.50 - Command Executino
Apple Quicktime for Java 7 - Memory Access
Opera 9.50 / 9.61 historysearch - Command Execution
Opera <= 9.10 Configuration Overwrite
Mozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution
Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution
Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit
Firefox 3.5 - escape Memory Corruption Exploit
Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow
Squid 2.5.x / 3.x - NTLM Buffer Overflow
Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow
MySQL <= 6.0 yaSSL <= 1.7.5 - Hello Message Buffer Overflow
Borland InterBase 2007 - PWD_db_aliased Buffer Overflow
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit)
Subversion 1.0.2 - Date Overflow (Metasploit)
Samba 2.2.x - nttrans Overflow (Metasploit)
RealServer 7-9 Describe Buffer Overflow (Metasploit)
PHP < 4.5.0 - unserialize Overflow (Metasploit)
ntpd 4.0.99j-k readvar - Buffer Overflow (Metasploit)
Veritas NetBackup - Remote Command Execution (Metasploit)
HP OpenView OmniBack II A.03.50 - Command Execution (Metasploit)
Apple Quicktime for Java 7 - Memory Access (Metasploit)
Opera 9.50 / 9.61 historysearch - Command Execution (Metasploit)
Opera <= 9.10 Configuration Overwrite (Metasploit)
Mozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution (Metasploit)
Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution (Metasploit)
Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit (Metasploit)
Firefox 3.5 - escape Memory Corruption Exploit (Metasploit)
Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow (Metasploit)
Squid 2.5.x / 3.x - NTLM Buffer Overflow (Metasploit)
Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit)
MySQL <= 6.0 yaSSL <= 1.7.5 - Hello Message Buffer Overflow (Metasploit)
Borland InterBase 2007 - PWD_db_aliased Buffer Overflow (Metasploit)
HP Release Control Authenticated XXE
HP Release Control Authenticated XXE (Metasploit)
Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow
Borland InterBase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow
Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow
Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow (Metasploit)
Borland InterBase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow (Metasploit)
Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow (Metasploit)
Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow
Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow
University of Washington - imap LSUB Buffer Overflow
Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit
PeerCast <= 0.1216
Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow
Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit)
Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow (Metasploit)
University of Washington - imap LSUB Buffer Overflow (Metasploit)
Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit (Metasploit)
PeerCast <= 0.1216 (Metasploit)
Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow (Metasploit)
Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 - masterCGI Command Injection
Unreal Tournament 2004 - 'Secure' Overflow
Irix LPD tagprinter - Command Execution
HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution
Xtacacsd <= 4.1.2 - report Buffer Overflow
System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based)
Mercantec SoftCart 4.00b - CGI Overflow
Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 - masterCGI Command Injection (Metasploit)
Unreal Tournament 2004 - 'Secure' Overflow (Metasploit)
Irix LPD tagprinter - Command Execution (Metasploit)
HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution (Metasploit)
Xtacacsd <= 4.1.2 - report Buffer Overflow (Metasploit)
System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based) (Metasploit)
Mercantec SoftCart 4.00b - CGI Overflow (Metasploit)
Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution
Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution (Metasploit)
M3U To ASX-WPL 1.1 - (m3u Playlist file) Buffer Overflow Exploit
HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit
Audacity 1.2.6 - (gro File) Buffer Overflow Exploit
M3U To ASX-WPL 1.1 - (.m3u) Buffer Overflow Exploit
HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit
Audacity 1.2.6 - (.gro) Buffer Overflow Exploit
HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (Metasploit)
HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (Metasploit)
Millenium MP3 Studio 2.0 - (PLS File) Universal Stack Overflow (Metasploit)
Millenium MP3 Studio 2.0 - (.pls) Universal Stack Overflow (Metasploit)
Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (1)
Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (Metasploit) (1)
Audiotran 1.4.1 - (PLS File) Stack Overflow (Metasploit)
Audiotran 1.4.1 - (.pls) Stack Overflow (Metasploit)
OpenOffice - (.slk File) Parsing Null Pointer
OpenOffice - (.slk) Parsing Null Pointer
MediaCoder - (.lst file) Local Buffer Overflow Exploit
MediaCoder - (.lst) Local Buffer Overflow Exploit
VUPlayer <= 2.49 - (.m3u) Universal Buffer Overflow Exploit (DEP bypass)
VUPlayer 2.49 - (.m3u) Universal Buffer Overflow Exploit (DEP bypass)
ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS DEP and ASLR Bypass)
ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS DEP and ASLR Bypass) (Metasploit)
Mediacoder 0.7.3.4682 - (.m3u File) Universal Buffer Overflow Exploit
Mediacoder 0.7.3.4682 - (.m3u) Universal Buffer Overflow Exploit
Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass
Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit)
Novell iPrint Client ActiveX Control 'debug' Buffer Overflow Exploit
Novell iPrint Client ActiveX Control 'debug' Buffer Overflow Exploit (Metasploit)
VUPlayer - M3U Buffer Overflow
VUPlayer - (.m3u) Buffer Overflow (Metasploit)
Audiotran 1.4.1 - (PLS File) Stack Buffer Overflow
Audiotran 1.4.1 - (.pls) Stack Buffer Overflow
HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (1)
HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (1)
Millenium MP3 Studio 2.0 - (PLS File) Stack Buffer Overflow
Millenium MP3 Studio 2.0 - (.pls) Stack Buffer Overflow
VariCAD 2010-2.05 EN (DWB File) Stack Buffer Overflow
VariCAD 2010-2.05 EN - (.DWB) Stack Buffer Overflow
HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (2)
HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (2)
ProShow Gold 4.0.2549 - (PSH File) Stack Buffer Overflow
ProShow Gold 4.0.2549 - (.PSH) Stack Buffer Overflow
VUPlayer - CUE Buffer Overflow
VUPlayer - (.cue) Buffer Overflow (Metasploit)
AstonSoft DeepBurner (DBR File) Path Buffer Overflow
AstonSoft DeepBurner - (.DBR) Path Buffer Overflow
HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (3)
HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (3)
Zinf Audio Player 2.2.1 - (PLS File) Stack Buffer Overflow
Zinf Audio Player 2.2.1 - (.pls) Stack Buffer Overflow
MikeyZip 1.1 - (.zip File) Buffer Overflow
MikeyZip 1.1 - (.zip) Buffer Overflow
Windows - DNS Reverse Download and Exec Shellcode
Windows - DNS Reverse Download and Exec Shellcode (Metasploit)
Magix Musik Maker 16 - (.mmm) Stack Buffer Overflow (without egg-hunter)
Magix Musik Maker 16 - (.mmm) Stack Buffer Overflow (without egg-hunter) (Metasploit)
Black Ice Cover Page SDK insecure method DownloadImageFileURL() Exploit
Black Ice Cover Page SDK insecure method DownloadImageFileURL() Exploit (Metasploit)
If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (2)
If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (Metasploit) (2)
Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS (MS09-053)
Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS (MS09-053) (Metasploit)
MicroP 0.1.1.1600 - (MPPL File) Stack Buffer Overflow
MicroP 0.1.1.1600 - (.MPPL) Stack Buffer Overflow
Firefox 3.6.16 - OBJECT mChannel Remote Code Execution Exploit (DEP Bypass)
Firefox 3.6.16 - OBJECT mChannel Remote Code Execution Exploit (DEP Bypass) (Metasploit)
HP JetDirect PJL Interface Universal Path Traversal
HP JetDirect PJL Query Execution
HP JetDirect PJL Interface Universal Path Traversal (Metasploit)
HP JetDirect PJL Query Execution (Metasploit)
Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution
Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution (Metasploit)
LifeSize Room - Command Injection
LifeSize Room - Command Injection (Metasploit)
Opera 10/11 - (bad nesting with frameset tag) Memory Corruption
Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit)
Opera Browser 10/11/12 - (SVG layout) Memory Corruption (0Day)
Opera Browser 10/11/12 - (SVG layout) Memory Corruption (0Day) (Metasploit)
Cytel Studio 9.0 - (CY3 File) Stack Buffer Overflow
Cytel Studio 9.0 - (.CY3) Stack Buffer Overflow
NJStar Communicator 3.00 MiniSMTP Server Remote Exploit
NJStar Communicator 3.00 MiniSMTP Server Remote Exploit (Metasploit)
KnFTP 1.0 - Buffer Overflow Exploit (DEP Bypass)
KnFTP 1.0 - Buffer Overflow Exploit (DEP Bypass) (Metasploit)
AbsoluteFTP 1.9.6 < 2.2.10 - Remote Buffer Overflow (LIST)
AbsoluteFTP 1.9.6 < 2.2.10 - Remote Buffer Overflow (LIST) (Metasploit)
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS (Metasploit)
Free MP3 CD Ripper 1.1 - (WAV File) Stack Buffer Overflow
Free MP3 CD Ripper 1.1 - (.WAV) Stack Buffer Overflow
CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit (.m3u)
CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit (.m3u) (Metasploit)
AVID Media Composer Phonetic Indexer Remote Stack BoF
Final Draft 8 - Multiple Stack Buffer Overflows
AVID Media Composer Phonetic Indexer Remote Stack BoF (Metasploit)
Final Draft 8 - Multiple Stack Buffer Overflows (Metasploit)
StoryBoard Quick 6 - Stack Buffer Overflow
StoryBoard Quick 6 - Stack Buffer Overflow (Metasploit)
phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection
phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection (Metasploit)
vBSEO <= 3.6.0 - 'proc_deutf()' Remote PHP Code Injection Exploit
vBSEO <= 3.6.0 - 'proc_deutf()' Remote PHP Code Injection Exploit (Metasploit)
The Uploader 2.0.4 - (Eng/Ita) Remote File Upload Remote Code Execution
The Uploader 2.0.4 - (Eng/Ita) Remote File Upload Remote Code Execution (Metasploit)
Liferay XSL - Command Execution
Liferay XSL - Command Execution (Metasploit)
CPE17 Autorun Killer <= 1.7.1 - Stack Buffer Overflow Exploit
CPE17 Autorun Killer <= 1.7.1 - Stack Buffer Overflow Exploit (Metasploit)
Wyse - Machine Remote Power off (DOS) without any privilege
Wyse - Machine Remote Power off (DOS) without any privilege (Metasploit)
TFM MMPlayer (m3u/ppl File) Buffer Overflow
TFM MMPlayer (.m3u/.ppl) Buffer Overflow
Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow
Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow (Metasploit)
WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal
WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal (Metasploit)
ALLMediaServer 0.8 SEH Overflow Exploit
ALLMediaServer 0.8 - SEH Overflow Exploit
Siemens Simatic S7-300/400 CPU START/STOP Module
Siemens Simatic S7-300 PLC Remote Memory Viewer
Siemens Simatic S7-1200 CPU START/STOP Module
Siemens Simatic S7-300/400 CPU START/STOP Module (Metasploit)
Siemens Simatic S7-300 PLC Remote Memory Viewer (Metasploit)
Siemens Simatic S7-1200 CPU START/STOP Module (Metasploit)
Sysax Multi Server 5.64 - Create Folder Buffer Overflow
Sysax Multi Server 5.64 - Create Folder Buffer Overflow (Metasploit)
Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit
Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit (Metasploit)
Jira Scriptrunner 2.0.7 - CSRF/RCE Exploit
Jira Scriptrunner 2.0.7 - CSRF/RCE Exploit (Metasploit)
NetWin SurgeFTP Authenticated Admin Command Injection
NetWin SurgeFTP Authenticated Admin Command Injection (Metasploit)
ActFax 5.01 - RAW Server Exploit
ActFax 5.01 - RAW Server Exploit (Metasploit)
Polycom HDX Telnet Authorization Bypass
Polycom HDX Telnet Authorization Bypass (Metasploit)
Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009)
Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009) (Metasploit)
Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution
Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit)
Mikrotik Syslog Server for Windows 1.15 - Denial of Service
Mikrotik Syslog Server for Windows 1.15 - Denial of Service (Metasploit)
SAP ConfigServlet OS Command Execution
SAP ConfigServlet OS Command Execution (Metasploit)
SAP ConfigServlet Remote Unauthenticated Payload Execution
SAP ConfigServlet Remote Unauthenticated Payload Execution (Metasploit)
Microsoft Internet Explorer textNode Use-After-Free
Microsoft Internet Explorer textNode Use-After-Free (Metasploit)
Java Web Start Double Quote Injection Remote Code Execution
Java Web Start Double Quote Injection Remote Code Execution (Metasploit)
OpenEMR 4.1.1 Patch 14 - SQLi Privilege Escalation Remote Code Execution
OpenEMR 4.1.1 Patch 14 - SQLi Privilege Escalation Remote Code Execution (Metasploit)
Zabbix 2.0.8 - SQL Injection / Remote Code Execution
Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit)
SikaBoom - Remote Buffer Overflow
SikaBoom - Remote Buffer Overflow (Metasploit)
Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass
Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass (Metasploit)
VUPlayer 2.49 - (.M3U) Universal Buffer Overflow (DEP Bypass)
VUPlayer 2.49 - (.m3u) Universal Buffer Overflow (DEP Bypass)
Netgear WNR1000v3 - Password Recovery Credential Disclosure
Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)
Easy CD-DA Recorder - (PLS File) Buffer Overflow
Easy CD-DA Recorder - (.pls) Buffer Overflow
Fitnesse Wiki - Remote Command Execution
Fitnesse Wiki - Remote Command Execution (Metasploit)
EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read
EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read (Metasploit)
AlienVault 4.5.0 - Authenticated SQL Injection
AlienVault 4.5.0 - Authenticated SQL Injection (Metasploit)
Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE
Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE (Metasploit)
F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation
F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation (Metasploit)
AlienVault OSSIM 4.6.1 - Authenticated SQL Injection
AlienVault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit)
Raritan PowerIQ 4.1.0 - SQL Injection
Raritan PowerIQ 4.1.0 - SQL Injection (Metasploit)
Mthree Development MP3 to WAV Decoder - (.mp3 File) Remote Buffer Overflow
Mthree Development MP3 to WAV Decoder - (.mp3) Remote Buffer Overflow
ManageEngine Password Manager MetadataServlet.dat SQL Injection
ManageEngine Password Manager MetadataServlet.dat SQL Injection (Metasploit)
Ammyy Admin 3.5 - RCE
Ammyy Admin 3.5 - RCE (Metasploit)
Microsoft Exchange IIS HTTP Internal IP Address Disclosure
Microsoft Exchange IIS HTTP Internal IP Address Disclosure (Metasploit)
ManageEngine OpManager / Social IT Arbitrary File Upload
ManageEngine OpManager / Social IT Arbitrary File Upload (Metasploit)
DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload
DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload (Metasploit)
Device42 WAN Emulator 2.3 - Traceroute Command Injection
Device42 WAN Emulator 2.3 - Ping Command Injection
Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit)
Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)
Microsoft Windows Media Player 11.0.5721.5145 - (.avi File) Buffer Overflow
Microsoft Windows Media Player 11.0.5721.5145 - (.avi) Buffer Overflow
Varnish Cache CLI Interface - Remote Code Execution
Varnish Cache CLI Interface - Remote Code Execution (Metasploit)
Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE
Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE (Metasploit)
OpenMyZip 0.1 - (.zip File) Buffer Overflow
OpenMyZip 0.1 - (.zip) Buffer Overflow
Persistent Systems Client Automation - Command Injection RCE
Persistent Systems Client Automation - Command Injection RCE (Metasploit)
Metasploit Project < 4.11.1 - Initial User Creation CSRF
Metasploit Project < 4.11.1 - Initial User Creation CSRF (Metasploit)
Exim GHOST (glibc gethostbyname) Buffer Overflow
Exim GHOST (glibc gethostbyname) Buffer Overflow (Metasploit)
QNAP - Admin Shell via Bash Environment Variable Code Injection
QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection
QNAP - Admin Shell via Bash Environment Variable Code Injection (Metasploit)
QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit)
WordPress Business Intelligence Plugin - SQL injection
WordPress Business Intelligence Plugin - SQL injection (Metasploit)
Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit
Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit (Metasploit)
PDF Shaper 3.5 - Buffer Overflow
PDF Shaper 3.5 - Buffer Overflow (Metasploit)
Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection
Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit)
Centreon <= 2.5.3 - Remote Command Execution
Centreon 2.5.3 - Remote Command Execution
Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure
Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure (Metasploit)
Meteocontrol WEB’log - Admin Password Disclosure
Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)
VUPlayer 2.49 - .m3u Buffer Overflow Exploit (Win 7 DEP Bypass)
VUPlayer 2.49 - (.m3u) Buffer Overflow Exploit (Win 7 DEP Bypass)
VMWare - Setuid vmware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010)
Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)
2016-07-28 05:03:16 +00:00
Offensive Security
9680c9c2cb
DB: 2016-07-27
...
6 new exploits
Invision Power Board <= 3.0.4_ <= 3.0.4_ <= 2.3.6 - LFI and SQL Injection
Invision Power Board <= 3.0.4 / <= 3.0.4 / <= 2.3.6 - LFI and SQL Injection
Linux/x86 - connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes)
Linux/x86 - Connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes)
Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Connectback_ receive_ save and execute shellcode
DVD X Player 5.5 Professional (.plf) Universal Buffer Overflow
DVD X Player 5.5 Professional - (.plf) Universal Buffer Overflow
DVD X Player 5.5.0 Pro / Standard - Universal Exploit (DEP+ASLR Bypass)
DVD X Player 5.5.0 Pro / Standard - Universal Exploit (DEP + ASLR Bypass)
ISC BIND <= 8.2.2_IRIX <= 6.5.17_Solaris 7.0 - (NXT Overflow and Denial of Service) Vulnerabilities
ISC BIND <= 8.2.2 / IRIX <= 6.5.17 / Solaris 7.0 - (NXT Overflow and Denial of Service) Vulnerabilities
LedgerSMB1.0/1.1_SQL-Ledger 2.6.x Login Parameter Local File Include And Authentication Bypass Vulnerabilities
LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - Login Parameter Local File Include And Authentication Bypass Vulnerabilities
Lighttpd <= 1.4.15 - Multiple Code Execution_ Denial of Service and Information Disclosure Vulnerabilities
Lighttpd <= 1.4.15 - Multiple Code Execution + Denial of Service + Information Disclosure Vulnerabilities
Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow
Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow Privilege Escalation
Windows TrackPopupMenu Win32k NULL Pointer Dereference
Windows - TrackPopupMenu Win32k NULL Pointer Dereference
ManageEngine OpManager_ Social IT Plus and IT360 - Multiple Vulnerabilities
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
Wikipad 1.6.0 - Cross-Site Scripting_ HTML Injection and Information Disclosure Vulnerabilities
Wikipad 1.6.0 - Cross-Site Scripting + HTML Injection + Information Disclosure Vulnerabilities
concrete5 5.5.2.1 Information Disclosure_ SQL Injection and Cross Site Scripting Vulnerabilities
concrete5 5.5.2.1 - Information Disclosure + SQL Injection + Cross Site Scripting Vulnerabilities
RuubikCMS 1.1.x Cross Site Scripting_ Information Disclosure and Directory Traversal Vulnerabilities
RuubikCMS 1.1.x - Cross Site Scripting + Information Disclosure + Directory Traversal Vulnerabilities
Windows Kernel Win32k.sys Privilege Escalation Exploit (MS14-058)
Windows Kernel - Win32k.sys Privilege Escalation Exploit (MS14-058)
Tiki-Wiki CMS Calendar 14.2_ 12.5 LTS_ 9.11 LTS_ and 6.15 - Remote Code Execution
Tiki-Wiki CMS Calendar 14.2 / 12.5 LTS / 9.11 LTS / 6.15 - Remote Code Execution
PHP 7.0.8_ 5.6.23 and 5.5.37 - bzread() Out-of-Bounds Write
PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Post Auth Remote Root Exploit (Metasploit)
PHP File Vault 0.9 - Directory Traversal
Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities
Iris ID IrisAccess ICU 7000-2 - Remote Root Command Execution
Iris ID IrisAccess iCAM4000/iCAM7000 - Hardcoded Credentials Remote Shell Access
2016-07-27 05:06:35 +00:00
Offensive Security
d06dff59f9
DB: 2016-07-26
...
16 new exploits
Ubuntu Breezy 5.10 - Installer Password Disclosure
Ubuntu 5.10 - Installer Password Disclosure
BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes)
BSD/x86 - setuid/portbind 31337/TCP shellcode (94 bytes)
Linux/x86 - shellcode that forks a HTTP Server on port tcp/8800 (166 bytes)
Linux/x86 - listens for shellcode on tcp/5555 and jumps to it (83 bytes)
Linux/x86 - Forks a HTTP Server on port 8800/TCP shellcode (166 bytes)
Linux/x86 - Listens for shellcode on 5555/TCP and jumps to it (83 bytes)
Linux/x86 - Shellcode Polymorphic chmod(_/etc/shadow__666) (54 bytes)
Linux/x86 - Polymorphic chmod(_/etc/shadow__666) Shellcode (54 bytes)
Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes)
Linux/x86 - Add root user 'r00t' with no password to /etc/passwd shellcode (69 bytes)
Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes)
Linux/x86 - SET_PORT() portbind 31337/TCP shellcode (100 bytes)
Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - Add User 'xtz' without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP + fork() shellcode (98 bytes)
Linux/x86 - connect-back shellcode 127.0.0.1:31337/tcp (74 bytes)
Linux/x86 - Connect-back shellcode 127.0.0.1:31337/TCP (74 bytes)
Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes)
Linux/x86 - Add user 't00r' encrypt shellcode (116 bytes)
Linux/x86 - Add user _t00r_ shellcode (82 bytes)
Linux/x86 - Add user 't00r' shellcode (82 bytes)
Linux/x86 - Add user _z_ shellcode (70 bytes)
Linux/x86 - Add User 'z' shellcode (70 bytes)
Solaris/x86 - portbind/tcp shellcode (Generator)
Solaris/x86 - portbind/TCP shellcode (Generator)
Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)
Linux/x86 - append '/etc/passwd' & exit() shellcode (107 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes)
Linux/x86 - sends 'Phuck3d!' to all terminals shellcode (60 bytes)
Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall shellcode (39 bytes)
Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes)
Linux/ARM - Add root user 'shell-storm' with password 'toor' shellcode (151 bytes)
OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes)
OS-X/Intel (x86_64) - reverse_tcp shell shellcode (131 bytes)
Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes)
Linux/SuperH (sh4) - Add root user 'shell-storm' with password 'toor' shellcode (143 bytes)
Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes)
Linux/MIPS - Add user(UID 0) 'rOOt' with password 'pwn3d' shellcode (164 bytes)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes)
Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)
OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes)
OS-X/x86-64 - 4444/TPC port bind Nullfree shellcode (144 bytes)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes)
Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bindshell 4444/TCP with Password Prompt shellcode (162 bytes)
Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes)
Linux/x86-64 - Bind 1472/TCP shellcode (IPv6) (199 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes)
Linux/x86 - Bind Shell Port 4444/TCP shellcode (656 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes)
Linux/x86 - Bind Shell Port 4444/TCP shellcode (98 bytes)
Rapid7 AppSpider 6.12 - Local Privilege Escalation
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)
Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)
MediaCoder 0.8.43.5852 - .m3u SEH Exploit
Drupal CODER Module 2.5 - Remote Command Execution (Metasploit)
CodoForum 3.2.1 - SQL Injection
CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter+ASLR bypass)
GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload
PHP gettext (gettext.php) 1.0.12 - Unauthenticated Code Execution
PHP 7.0.8_ 5.6.23 and 5.5.37 - bzread() Out-of-Bounds Write
Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities
Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities
Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities
Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities
2016-07-26 05:04:05 +00:00
Offensive Security
2a57bee5c6
DB: 2016-07-25
...
12 new exploits
Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit
Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation Exploit
Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service
FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)
Linux/x86 - execve shellcode null byte free (Generator)
Linux/x86 - execve Null Free shellcode (Generator)
Linux/x86 - cmd shellcode null free (Generator)
Linux/x86 - cmd Null Free shellcode (Generator)
iOS - Version-independent shellcode
Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86-64 - bindshell port 4444 shellcode (132 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free shellcode (39 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell shellcode
Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 shellcode
Win32 - telnetbind by Winexec shellcode (111 bytes)
Win32 - telnetbind by Winexec 23 port shellcode (111 bytes)
Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes)
Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)
Windows XP Pro SP2 English - _Message-Box_ Shellcode Null-Free (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Shellcode Null Free (12 bytes)
Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)
Linux/x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes)
Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)
Win32 - Add new local administrator shellcode _secuid0_ (326 bytes)
Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)
ARM - Bindshell port 0x1337shellcode
ARM - Bindshell port 0x1337 shellcode
Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite
Linux Kernel <= 2.4.0 - Stack Infoleaks
bsd/x86 - connect back Shellcode (81 bytes)
FreeBSD/x86 - connect back Shellcode (81 bytes)
Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit
Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Privilege Boundary Crossing Local Root Exploit
Linux Kernel 2.0 / 2.1 - SIGIO
Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process
Linux Kernel 2.2 - 'ldd core' Force Reboot
Debian 2.1_ Linux Kernel 2.0.x_ RedHat 5.2 - Packet Length with Options
Linux Kernel 2.0.x (Debian 2.1 / RedHat 5.2) - Packet Length with Options
Linux Kernel 2.2.x - Non-Readable File Ptrace
Linux Kernel 2.2.x - Non-Readable File Ptrace Local Information Leak
OS X 10.x_ FreeBSD 4.x_OpenBSD 2.x_Solaris 2.5/2.6/7.0/8 exec C Library Standard I/O File Descriptor Closure
OS X 10.x_ FreeBSD 4.x_ OpenBSD 2.x_ Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure
Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (1)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (2)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (1)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (2)
Linux Kernel 2.4 - suid execve() System Call Race Condition PoC
Linux Kernel 2.4 - suid execve() System Call Race Condition Executable File Read Proof of Concept
Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling
Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read
Linux Kernel <= 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure
Microsoft Internet Explorer 6.0_ Firefox 0.x_Netscape 7.x - IMG Tag Multiple Vulnerabilities
Microsoft Internet Explorer 6.0 / Firefox 0.x / Netscape 7.x - IMG Tag Multiple Vulnerabilities
Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)
Linux/x86 - Reverse TCP Bind Shellcode (92 bytes)
Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes)
Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow
Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86 - TCP Bind Shel shellcode l (96 bytes)
Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes)
Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation
Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Privilege Escalation
Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)
OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes)
OS-X/x86-64 - /bin/sh Null Free Shellcode (34 bytes)
Mainframe/System Z - Bind Shell shellcode (2488 bytes)
Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes)
OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes)
OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes)
Ubuntu Apport - Local Privilege Escalation
Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation
Linux/x86-64 - Bindshell with Password shellcode (92 bytes)
Linux/x86-64 - Bindshell 31173 port with Password shellcode (92 bytes)
Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator)
Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)
Linux/x86-64 - bind TCP port shellcode (103 bytes)
Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes)
Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes)
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)
Linux Kernel 3.10_ 3.18 + 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption
Linux Kernel 3.10 / 3.18 / 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption
Windows - Null-Free Shellcode Primitive Keylogger to File (431 (0x01AF) bytes)
Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)
Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)
Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow)
Windows - Null-Free Shellcode Functional Keylogger to File (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)
Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes)
Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes)
Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes)
Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)
2016-07-25 05:06:19 +00:00
Offensive Security
be496c36bc
DB: 2016-07-23
...
3 new exploits
Mandrake Linux 8.2 - /usr/mail Local Exploit
/usr/mail (Mandrake Linux 8.2) - Local Exploit
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3)
Linux Kernel 2.2 - (TCP/IP Weakness) Exploit
Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Exploit
CDRecord's ReadCD - Local Root Privileges
CDRecord's ReadCD - Local Root Exploit
NetBSD FTPd / tnftpd Remote Stack Overflow PoC
NetBSD FTPd / Tnftpd - Remote Stack Overflow PoC
Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit
Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit (1)
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' ring0 Root Exploit (1)
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (1)
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1)
SimpNews 2.16.2 and Below Multiple SQL Injection Vulnerabilities
SimpNews <= 2.16.2 - Multiple SQL Injection Vulnerabilities
NetBSD 5.0 and below Hack GENOCIDE Environment Overflow proof of concept
NetBSD 5.0 and below Hack PATH Environment Overflow proof of concept
NetBSD <= 5.0 - Hack GENOCIDE Environment Overflow proof of concept
NetBSD <= 5.0 - Hack PATH Environment Overflow proof of concept
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (2)
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)
Linux Kernel < 2.6.34 (Ubuntu 10.10) - CAP_SYS_ADMIN x86 Local Privilege Escalation Exploit (1)
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (1)
Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86/x64) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (2)
Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Info Leak Exploit
Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Information Leak Exploit
NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1)
NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1) - Exploit
NetBSD <= 1.4_OpenBSD <= 2.5_Solaris <= 7.0 profil(2)
NetBSD <= 1.4 / OpenBSD <= 2.5 /Solaris <= 7.0 profil(2) - Exploit
FreeBSD 3.4/4.0/5.0_NetBSD 1.4 Unaligned IP Option Denial of Service
FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service
FreeBSD 2.2-4.2_NetBSD 1.2-4.5_OpenBSD 2.x ftpd glob() Buffer Overflow
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - glob() Buffer Overflow
NetBSD 1.x TalkD User Validation
NetBSD 1.x TalkD - User Validation
FreeBSD 4.x_NetBSD 1.4.x/1.5.x/1.6_OpenBSD 3 pppd Arbitrary File Permission Modification Race Condition
FreeBSD 4.x / NetBSD 1.4.x/1.5.x/1.6 / OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition
Linux Kernel 2.4 - execve() System Call Race Condition PoC
Linux Kernel 2.4 - suid execve() System Call Race Condition PoC
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC (1)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)
Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit (2)
Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Local Root Exploit (2)
NetBSD 3.1 Ftpd and Tnftpd Port Remote Buffer Overflow
NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow
OpenBSD 4.6 and NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service
OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service
Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.0/1/2 x64) - perf_swevent_init Local Root Exploit (3)
Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3)
Mozilla Firefox SeaMonkey <= 3.6.10 and Thunderbird <= 3.1.4 - 'document.write' Memory Corruption
Mozilla Firefox SeaMonkey <= 3.6.10 / Thunderbird <= 3.1.4 - 'document.write' Memory Corruption
Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities
Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities
Linux Kernel <= 3.14.5 (RHEL/CentOS 7) - libfutex Local Root
Linux Kernel <= 3.14.5 (RHEL / CentOS 7) - 'libfutex' Local Root Exploit
NetBSD 5.1 Multiple 'libc/net' Functions Stack Buffer Overflow
NetBSD 5.1 - Multiple 'libc/net' Functions Stack Buffer Overflow
VSAT Sailor 900 - Remote Exploit
Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept)
Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - rootpipe Local Privilege Escalation
Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation
Apple OS X Entitlements Rootpipe Privilege Escalation
Apple OS X Entitlements - 'Rootpipe' Privilege Escalation
OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes)
OS X Install.framework suid root Runner Binary Privilege Escalation
OS X Install.framework - suid root Runner Binary Privilege Escalation
Linux/MIPS Kernel 2.6.36 NetUSB - Remote Code Execution Exploit
Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution Exploit
Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes)
Linux/x86-64 - bindshell (Port 5600) shellcode (81 bytes)
Linux Kernel 4.4.x (Ubuntu 16.04) - double-fdput() in bpf(BPF_PROG_LOAD) Local Root Exploit
Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Local Root Exploit
Exim 4 (Debian/Ubuntu) - Spool Local Root Privilege Escalation
Exim 4 (Debian / Ubuntu) - Spool Local Privilege Escalation
Windows 7-10 and 2k8-2k12 x86/x64 - Secondary Logon Handle Privilege Escalation (MS16-032)
Windows 7-10 and 2008-2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032)
Internet Explorer 11 (on Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)
Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)
Linux/x86-64 - Syscall Persistent Bind Shell + (Multi-terminal) + Password + Daemon (83_ 148_ 177 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes)
mail.local(8) (NetBSD) - Local Root Exploit (NetBSD-SA2016-006)
Apache 2.4.7 & PHP <= 7.0.2 - openssl_seal() Uninitialized Memory Code Execution
2016-07-23 05:07:15 +00:00
Offensive Security
789febc361
DB: 2016-07-22
...
4 new exploits
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (1)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (2)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit (3)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3)
Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Proof of Concept (2)
Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Validator (Proof of Concept) (1)
Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit (1)
Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Root Exploit (2)
Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Elevation (1)
Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Escalation (1)
Linux Kernel 2.4 - 'uselib()' Privilege Elevation Exploit (2)
Linux Kernel 2.4 - 'uselib()' Privilege Escalation Exploit (2)
Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit
Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Local Root Exploit
TFTP Server 1.4 - ST Buffer Overflow Exploit (0Day)
TFTP Server 1.4 - ST Buffer Overflow Exploit
Linux Kernel < 2.6.22 - ftruncate()/open() Local Exploit
Linux Kernel < 2.6.22 - ftruncate()/open() Local Root Exploit
MuPDF pdf_shade4.c Multiple Stack-Based Buffer Overflows
MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack-Based Buffer Overflows
(Linux Kernel <= 2.6.34-rc3) ReiserFS xattr (Redhat/Ubuntu 9.10) - Privilege Escalation
ReiserFS xattr (Linux Kernel <= 2.6.34-rc3) (Redhat / Ubuntu 9.10) - Privilege Escalation
Microsoft ASN.1 Library Bitstring Heap Overflow
Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007)
Linux Kernel 2.0 / 2.1 / 2.2 - autofs
Linux Kernel 2.2 - ldd core Force Reboot
Linux Kernel 2.2 - 'ldd core' Force Reboot
OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
OpenSSH 3.x - Challenge-Response Buffer Overflow Vulnerabilities (1)
OpenSSH 3.x - Challenge-Response Buffer Overflow Vulnerabilities (2)
Linux Kernel Samba 2.2.8 (Debian/Mandrake) - Share Local Privilege Elevation
Linux Kernel Samba 2.2.8 (Debian / Mandrake) - Share Local Privilege Escalation
Linux Kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition Local Privilege Escalation (x64)
Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Local Privilege Escalation
Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow Proof of Concept
Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept)
Apport/Abrt - Local Root Exploit
Apport/Abrt (Ubuntu / Fedora) - Local Root Exploit
Ubuntu usb-creator 0.2.x - Local Privilege Escalation
usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Local Privilege Escalation
Apport/Ubuntu - Local Root Race Condition
Apport (Ubuntu 14.04/14.10/15.04) - Local Root Race Condition
Linux Kernel 4.4.0-2 (Ubuntu 16.04) - netfilter target_offset OOB Local Root Exploit
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - netfilter target_offset OOB Local Root Exploit
TFTP Server 1.4 - WRQ Buffer Overflow Exploit (Egghunter)
Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes)
TeamPass Passwords Management System 2.1.26 - Arbitrary File Download
2016-07-22 05:05:29 +00:00
Offensive Security